Financial Crime & AML Consultants

The FCA expects a risk-based approach to anti-money laundering under the Money Laundering Regulations 2017 (MLR 2017). This includes a documented business-wide risk assessment, customer due diligence (CDD) proportionate to risk, ongoing monitoring of business relationships and transactions, suspicious activity reporting (SARs) to the NCA, staff training and awareness programmes, and independent audit of AML systems and controls. The FCA assesses firms against these requirements during supervisory visits and through its financial crime data returns.

Regulation 18 of MLR 2017 requires firms to carry out a documented assessment of the money laundering and terrorist financing risks they face. The business-wide risk assessment (BWRA) must consider customer types, countries of operation, products and services offered, delivery channels, and transaction volumes. It must be kept up to date (reviewed at least annually), approved by senior management, and made available to the FCA on request. The BWRA forms the foundation of a firm's entire AML programme and informs the level of CDD applied to different customer segments.

All firms subject to the Money Laundering Regulations must appoint a nominated officer (commonly known as the Money Laundering Reporting Officer, or MLRO) to receive internal suspicious activity reports and decide whether to submit SARs to the National Crime Agency. Under SM&CR, the MLRO role is designated as SMF17 and requires FCA pre-approval. The MLRO must have sufficient seniority, resources, and authority to fulfil the role effectively. For smaller firms, the MLRO role can be combined with other senior management functions.

Regulation 24 of MLR 2017 requires firms to provide regular training to all relevant employees. The FCA expects AML training to be delivered at induction for new staff and refreshed at least annually for all employees. Training should be tailored to the specific risks and typologies relevant to the firm's business, cover current regulatory expectations and emerging threats, and include practical case studies. Records of training delivery and attendance must be maintained and made available to the FCA on request.

A financial crime consultant designs, reviews and implements the controls firms need to prevent and detect money laundering, fraud, bribery and sanctions breaches. Day-to-day work includes drafting and updating the business-wide risk assessment, customer due diligence policies, transaction monitoring rules and MLRO procedures. Financial crime consultants also deliver staff training, conduct gap assessments against FCA expectations, assist with supervisory visits, and provide expert input when the FCA or NCA makes enquiries. MEMA's financial crime consultants are ex-regulators who have seen financial crime controls from both sides of the supervisory relationship.

Any FCA-authorised firm subject to the Money Laundering Regulations 2017 needs robust financial crime controls — the question is whether to build them in-house or use a financial crime consultant. Consultants are particularly valuable when a firm is setting up its AML framework for the first time, preparing for an FCA supervisory visit, responding to a skilled person review, or needs a gap assessment against current FCA expectations. Ongoing consultancy retainers are cost-effective for smaller firms that cannot justify a full-time financial crime specialist but still face the same regulatory obligations as larger institutions.

The MLRO (SMF17) is a regulated individual within the firm who is personally accountable for the firm's AML programme and responsible for submitting SARs to the National Crime Agency. A financial crime consultant is an external adviser who supports the MLRO with the design, implementation and ongoing operation of the firm's controls. Many smaller firms appoint a senior manager as MLRO and engage a financial crime consultant to do the substantive work: drafting policies, running training, conducting monitoring and advising on complex CDD cases. The MLRO retains accountability; the consultant provides expertise and capacity.