Who handles suspicious activity or transaction reporting in a firm?

Suspicious activity or transaction reporting in a regulated firm runs through a single named individual. The role goes by different names depending on where you are:

• MLRO and Nominated Officer are common across the UK and Commonwealth jurisdictions.
• Compliance Officer or AML Compliance Officer is more typical in the US and parts of Asia.
• Other jurisdictions use variations such as Designated Person or Anti-Money Laundering Officer.

The role reflects FATF Recommendation 20, which requires countries to compel regulated firms to report suspicion of criminal proceeds promptly to a financial intelligence unit. Almost every major jurisdiction implements this through some form of nominated officer role.

Where staff identify a concern, the MLRO (or equivalent in your jurisdiction) is the person responsible for deciding what happens next, including answering these questions and documenting their reasoning:

• Does the concern amount to suspicion of money laundering, terrorist financing or proliferation financing?

• Is an external report to the relevant financial intelligence unit required?

• How should the firm manage the relationship while that decision is being made?

Where do they sit in the firm?

The MLRO is appointed by senior management. They need to be someone with the seniority to put reporting processes in place and be trusted by staff, and have the authority to stop a transaction, decline a client or pause work where suspicion arises.

The MLRO is the first port of call for any member of staff who identifies a concern in the course of their work, regardless of seniority or department. Staff across the firm need to know who the MLRO is and the process of reporting suspicious activity to them.

How does the MLRO report suspicious activity or transactions?

The MLRO’s role in the SAR / STR process begins when a member of staff identifies a concern and submits an internal escalation report. The MLRO must acknowledge the report and consider it on its merits. This acknowledgement is important legally as well as procedurally: it confirms the employee has discharged their statutory obligation by escalating the concern.

Assessing whether suspicion meets the threshold

The decision the MLRO has to make is whether the information now in their hands amounts to knowledge or suspicion that another person is engaged in money laundering. That decision is theirs alone. They cannot delegate it and they cannot avoid making it.

It’s important to remember that the threshold for reporting is suspicion, not certainty. In practice, the MLRO will:

• review the information in the internal report alongside the client file, due diligence records and any transaction information available;
• consider whether there’s a plausible legitimate explanation for the activity that hasn’t been adequately explored;
• form a documented view on whether the suspicion threshold is met.

If the threshold is met, an external SAR / STR must be submitted to the relevant financial intelligence unit. If it isn’t met, the reasoning behind that conclusion must be recorded clearly. Documenting the decision not to report is just as important as the decision to report, and both need to be defensible.

Deciding whether consent to proceed is needed

Where the suspicious activity relates to a transaction the firm is involved in, proceeding with that transaction could itself constitute a money laundering offence. The MLRO must consider whether to seek consent from the authorities before continuing. 

In the UK this is called a Defence Against Money Laundering (DAML). Other jurisdictions use different terms but the underlying principle is the same: consent from the relevant authority to proceed with an act that would otherwise be an offence.

Managing tipping-off risk during the process

Once a SAR / STR is submitted or being considered, disclosing information likely to prejudice an investigation is generally a criminal offence. The MLRO has to manage this carefully.

This usually means they need to control how the matter is discussed internally and how any unavoidable interactions with the client during the process are handled. 

Where the firm needs to delay or pause work, communications with the client need to be carefully worded and need the involvement of the MLRO. 

Record-keeping and the audit trail

Every step the MLRO takes needs to be documented. This should include:

• the receipt and acknowledgement of internal reports;
• the analysis they’ve applied to the situation;
• the decision reached, with reasoning documented;
• the SAR / STR itself, if submitted;
• any consent request and the authority’s response;
• records of how the relationship was handled through any waiting period;
• the final outcome.

The audit trail protects the MLRO personally as well as the firm. Where an MLRO’s decision is later scrutinised, what matters is whether the reasoning was sound at the time the decision was made, on the information then available. Clear documentation is the only way to evidence that.

Final thoughts

The person who deals with suspicious activity reporting in your business makes decisions that carry real legal weight. Choosing who fills the role is a key decision in your AML programme. 

The right person combines technical knowledge of AML with the seniority to act on reports both internally and externally. They also need to have the experience to put a structured, effective reporting process in place, and be able to empower staff to use it.

When this is done well, your suspicious activity or transaction reporting process works as it should: suspicion gets recognised, assessed and acted upon.