Becoming a Money Laundering Reporting Officer (MLRO) is one of the most significant responsibilities in any regulated firm. The first 100 days set the tone for how compliance will operate, not just as a function, but as a culture.
These early months are about understanding the firm’s risks, building relationships, and ensuring the right systems and controls are in place.
Days 1–30: Understand the Landscape
The first month is about learning before acting.
- Know your business: Understand the products, clients, and jurisdictions the firm operates in.
- Review documentation: Read the existing AML policies, procedures, and risk assessments.
- Identify key risks: Assess the firm’s inherent risks and how controls are currently mitigating them.
- Map reporting lines: Understand how issues flow from staff to compliance to senior management.
- Meet stakeholders: Build early trust with leadership, front office, operations, and internal audit.
The FCA expects MLROs to have “a clear understanding of the firm’s exposure to financial crime risks” and to ensure systems are proportionate to the nature, scale, and complexity of the business (SYSC 6.3).
Days 31–60: Review and Strengthen the Framework
Once you understand the environment, begin testing and refining it.
- Perform a control gap analysis: Review customer due diligence, EDD, transaction monitoring, and training processes.
- Check escalation pathways: Test whether staff know how and when to raise internal SARs.
- Validate data quality: Ensure KYC and screening data are reliable and up to date.
- Evaluate governance: Confirm that AML oversight and MI reach senior management effectively.
- Assess resources: Determine if compliance has sufficient staff and tools to meet obligations.
This is also the right time to begin planning your Compliance Monitoring Plan (CMP), a structured schedule of reviews aligned to risk priorities.
Days 61–100: Deliver Confidence and Embed Culture
By the third month, you should begin demonstrating visible leadership.
- Report findings: Prepare a summary for senior management highlighting key risks and remedial plans.
- Update key documents: Refresh the AML Policy, Business-Wide Risk Assessment, and training plan.
- Lead engagement: Hold short awareness sessions with business units, focus on red flags and real-world examples.
- Prepare your first annual MLRO Report: Even if it’s early, begin gathering data and observations now.
- Establish rhythm: Set clear cycles for MI reporting, SAR reviews, and monitoring follow-ups.
An effective MLRO builds both systems and credibility. Regulators expect assurance that the MLRO has influence, independence, and an active role in shaping risk management.
Adapt and Prioritise
Every firm is different, risk profile, size, business model, and culture all vary.
What defines a great MLRO isn’t rigid adherence to a checklist, but the flexibility to adapt and prioritise based on where your attention and resources need to be.
A useful mindset here is Observe, Orient, Decide, Act (OODA).
Observe your environment objectively, orient yourself using context and data, decide where intervention matters most, and act decisively.
This disciplined adaptability helps MLROs maintain control in fast-changing environments without losing sight of proportionality or purpose.
You can download an “MLRO First 100 Days Checklist” in our Resources section, a structured guide to help you get started and prioritise your workflow across the first three months.
