Economic Crime Supervision Handbook

ECSH33112 - Compliance Officer

The role of the compliance officer 

A business must appoint one individual who is a member of the board of directors (or if there is no board, of its equivalent management body) or of its senior management as the officer responsible for the relevant person's compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) and update the rest of the board as appropriate in accordance with Regulation 21(1)(a) MLR 2017. 

This role is known as the Senior Responsible Officer (SRO), or often, the compliance officer.

You should always establish who the SRO, or compliance officer, is within the business to determine who is ultimately responsible for compliance with MLR 2017. 

Once you have established who the SRO or compliance officer is, you should consider: 

• What does their role involve? 
• What experience do they have? 
• Have they received sufficient anti money laundering, counter terrorist financing and counter proliferation financing (AML/CFT/CPF) training to undertake their role as compliance officer?
  

Businesses must, within 14 days of the appointment, inform EC-S of the identity of the individual first appointed under regulation 21(1)(a) MLR 2017 and of any subsequent appointments.

Regulation 21(1) MLR 2017 does not apply to sole traders.

Responsibilities of the compliance officer 

The legal responsibilities of the compliance officer are set out in regulation 21(1)(b) and 21(1)(c), but may also include: 

• Identifying and assessing the money laundering, terrorist financing and/or proliferation financing(ML/TF/PF) risks specific to the business.
• Maintaining the business’s written AML/CFT/CFP risk assessment.
• Establishing and maintaining policies, controls and procedures to mitigate the risks identified and assessed in the business’s risk assessment. 
• Maintaining a record in writing of the business’s AML/CFT/CFP policies, controls and procedures. 
• Screening of relevant staff (both new staff and current staff on an ongoing basis). 
• Ensuring that all AML/CFT/CFP training is completed by relevant staff members and that staff are kept up to date with any changes.
• Ensuring that all relevant staff members understand their responsibilities under MLR 2017 including reporting suspicious activity. 
• Ensuring that staff follow the business’s policies, controls and procedures. 
• Carrying out internal audits.  
• Ensuring that records are kept in line with general data protection regulations (GDPR) and the requirements of the MLR 2017.
• Renewing or updating the business’s registration for anti-money laundering supervision. 
• Establishing and maintaining systems which enable the business to respond “fully and rapidly” to enquiries from law enforcement agencies.  

Sometimes the compliance officer may have additional responsibilities such as receiving internal reports of suspicion. See ECSH33111.

Alternatively, the responsibilities of receiving internal reports of suspicion and the business’ compliance with MLR 2017 may be held by different individuals depending on the size and nature of the business.

Testing compliance 

During the compliance check, you should test compliance and obtain evidence as detailed in ECSH63405.