A money laundering reporting officer (MLRO) is the senior person responsible for a firm’s anti-money laundering compliance. The MLRO receives internal reports of suspicion, decides whether to file with the authorities, and answers to the regulator. The role is required for regulated firms in the UK.
Key takeaways
- The MLRO is the named person accountable for a firm’s AML program.
- The role is a legal requirement for regulated firms in the UK under the 2017 rules.
- The MLRO receives internal reports and decides whether to file a suspicious activity report.
- The US equivalent is the BSA or AML compliance officer.
- The role needs seniority, independence, and direct access to the board.
- The UK receives hundreds of thousands of suspicious activity reports each year.
On this page
What it isIs it required?What an MLRO doesMLRO vs BSA officerWho can be oneThe MLRO and SARsChallenges and liabilityFAQsRead more
Hundreds of thousands
Suspicious activity reports filed in the UK each year
Source: UK National Crime Agency
$3B
Paid by TD Bank in 2024 after AML failures
Source: US Department of Justice
1989
Year the FATF set the standard MLROs work within
Source: FATF
What is a money laundering reporting officer (MLRO)?
A money laundering reporting officer is the senior individual a regulated firm names to lead its anti-money laundering effort. The MLRO is the point where suspicion turns into action, deciding whether an internal concern becomes a formal report.
The title is most common in the UK and other jurisdictions that follow its model. The person carries real accountability, not just a job description, and the regulator can hold them responsible for failures.
The role sits at the top of the AML compliance program. Read more: our guide to filing a suspicious activity report covers the process the MLRO oversees.
Is an MLRO legally required?
In the UK, yes. The Money Laundering Regulations 2017 require most regulated firms to appoint an MLRO, sometimes alongside a nominated officer who receives internal reports.
Other countries have equivalents under different names. The United States requires a designated BSA or AML compliance officer under the Bank Secrecy Act, and the concept appears across FATF-aligned regimes.
The exact title matters less than the function. Every regulated firm needs a named, senior person who owns AML compliance and can be held to account.
Start your AML policy in minutes
Answer a short set of questions and generate a tailored AML policy draft your MLRO can adapt and keep on file.
What does an MLRO do?
The MLRO holds a broad remit that runs from daily oversight to formal reporting. The core duties are consistent across firms.
- Receive internal reports. Staff escalate concerns to the MLRO, who assesses each one.
- Decide on filings. The MLRO judges whether a concern meets the threshold for a suspicious activity report and files it.
- Own the program. They maintain policies, oversee customer due diligence, and keep the risk assessment current.
- Lead training. They make sure staff can recognize and escalate warning signs.
- Report to the board. They give senior management a clear view of AML risk and issues.
- Liaise with regulators. They act as the firm’s main AML contact for the authorities.
Use the tool: give your team a shared reference for warning signs with our red flags checklist.
Give your team a shared reference
Use our red flags checklist so front-line staff know which warning signs to escalate to the MLRO.
MLRO vs BSA officer vs compliance officer
The same role carries different names across countries, which causes confusion. The table lines them up.
| Term | Where used | Notes |
|---|---|---|
| MLRO | UK and aligned regimes | Owns AML compliance and reporting decisions |
| Nominated officer | UK | Receives internal reports; often the same person as the MLRO |
| BSA or AML officer | United States | Designated under the Bank Secrecy Act as a program pillar |
| Compliance officer | General | Broader role that may include AML among other duties |
A small firm may combine these into one person. A large bank may split them across a team, with the MLRO at the top.
Who can be a money laundering reporting officer?
Not just anyone can hold the role. Regulators expect the person to have the standing and independence to act on difficult decisions.
- Seniority. Enough authority to challenge the business and be heard by the board.
- Independence. Freedom to file a report even when it is commercially inconvenient.
- Knowledge. A sound grasp of AML law, the firm’s risks, and its customers.
- Time and resources. The capacity to do the job properly, not as an afterthought.
The MLRO and suspicious activity reports
Filing suspicious activity reports is the MLRO’s most visible duty. The process follows a clear path.
- A concern is raised. A staff member notices a warning sign and escalates it internally.
- The MLRO reviews it. They gather context and judge whether suspicion is reasonable.
- A report is filed. If the threshold is met, the MLRO files with the financial intelligence unit.
- Records are kept. The firm documents the decision, whether or not it reported.
The scale is large. The UK receives hundreds of thousands of suspicious activity reports each year (UK National Crime Agency), and each one starts with a decision like this.
Challenges and personal liability
The MLRO role carries pressure that other compliance jobs do not. The person can be held personally responsible for failures, which raises the stakes of every decision.
Common challenges include high alert volumes, thin resources, and tension between compliance and commercial goals. A firm that under-supports its MLRO is exposing both the person and itself.
The most common pressures on an MLRO include:
- High alert volumes with too few people to review them properly.
- Commercial pressure to keep a profitable client the checks would flag.
- Thin resources, where the role is bolted onto an already full job.
- Personal liability for decisions made under all of the above.
Regulators increasingly ask a sharper question. Not just whether a firm has an MLRO, but whether that person has the time, the tools, and the standing to act on what they find.
Do this: before an audit, get an indicative read on your firm’s exposure with the AML Risk Assessment.
Screen a name against global watchlists
Run one search across sanctions, PEP, and adverse media data to support your MLRO’s due diligence and reporting decisions.
Frequently asked questions
What is a money laundering reporting officer (MLRO)?
An MLRO is the senior person a regulated firm names to lead its anti-money laundering compliance. They receive internal reports of suspicion, decide whether to file a suspicious activity report with the authorities, oversee the AML program, and answer to the regulator. The role is a legal requirement for regulated firms in the UK.
Is an MLRO legally required?
In the UK, yes. The Money Laundering Regulations 2017 require most regulated firms to appoint an MLRO. Other countries have equivalents under different names, such as the designated BSA or AML compliance officer required in the United States. Every regulated firm needs a named, senior person accountable for AML.
What does an MLRO do?
An MLRO receives internal reports of suspicion, decides whether to file a suspicious activity report, and oversees the firm’s AML program. They maintain policies, oversee customer due diligence, lead training, report to the board, and act as the main AML contact for regulators. The role combines daily oversight with formal reporting decisions.
What is the difference between an MLRO and a BSA officer?
They are the same role under different names. MLRO is the UK term, while BSA or AML compliance officer is the US term, designated under the Bank Secrecy Act. Both own a firm’s AML compliance and reporting. The title depends on the country and the regime the firm operates under.
Who can be an MLRO?
An MLRO should be senior enough to challenge the business, independent enough to file a report even when it is commercially awkward, and knowledgeable about AML law and the firm’s risks. They also need the time and resources to do the job properly. Regulators expect the person to have real standing and board access.
What is a nominated officer?
A nominated officer is the UK term for the person who receives internal reports of suspicion from staff. In many firms the nominated officer and the MLRO are the same person. The nominated officer decides whether an internal concern should become a formal suspicious activity report to the authorities.
Can an MLRO be held personally liable?
Yes. In the UK and similar regimes, an MLRO can be held personally responsible for failures in a firm’s AML compliance, including a failure to report suspicion. This personal accountability is why the role needs independence, seniority, and enough support from the firm to do the job properly.
Does a small firm need an MLRO?
Most regulated firms do, regardless of size. A small firm may combine the MLRO role with other duties in one person, while a large bank may split the functions across a team. What matters is that a named, senior person owns AML compliance and can be held accountable for it.
What is the role of the MLRO in filing SARs?
The MLRO is the decision point for suspicious activity reports. Staff escalate concerns internally, the MLRO reviews the context and judges whether suspicion is reasonable, and if the threshold is met, they file with the financial intelligence unit. They also keep records of the decision, whether or not a report is made.
How many suspicious activity reports are filed each year?
The UK receives hundreds of thousands of suspicious activity reports each year, according to the UK National Crime Agency. Each report begins with an internal concern that an MLRO or nominated officer assesses. The volume reflects how central suspicious activity reporting is to the AML system.
What is the difference between an MLRO and a compliance officer?
An MLRO is focused on anti-money laundering compliance and reporting. A compliance officer often has a broader role that covers many areas of regulation, which may include AML among them. In smaller firms one person may hold both roles, while larger firms usually separate them.
What powers does an MLRO need to do the job?
An MLRO needs the authority to challenge the business, direct access to the board, and independence to file a report even against commercial pressure. They also need enough time, staff, and tools to review alerts and maintain the program. Without these, the role becomes a title rather than an effective control.
Read more: our ultimate guides, whitepapers and templates
Related guides and resources to help you act on what you just read.
Last reviewed July 12, 2026 · 10 min read · Written for compliance and risk professionals · By the WhoWiki editorial team
Key takeaway: the MLRO is the senior person accountable for a firm’s AML compliance and for deciding when to report suspicion to the authorities.