For MLROs

AML compliance software for Money Laundering Reporting Officers

As MLRO, you are responsible for everything: client onboarding, evidence quality, risk decisions, audit readiness, and escalation. Certivus gives you the workflow structure and evidence trail to manage it — and the visibility to know exactly where every case stands.

Trusted by 100+ UK accounting practices

TL;DR — Quick Summary

  • Case-level visibility across all clients — see who is onboarding, who is outstanding, and who is overdue for a refresh
  • Structured evidence trail for every compliance decision — no more reconstructing records after the fact
  • Escalation and risk workflow built in — EDD cases, high-risk clients, and SAR records are tracked and documented
  • Compliance guardrail built into the product — your team follows the same standard every time

Answer-first summary

How does Certivus help MLROs manage AML compliance?

Certivus gives MLROs a structured, evidenced AML workflow across their entire client base. Every client onboarding case follows the same sequence — KYC request, document collection, PEP and sanctions screening, risk assessment, and evidence storage — so you are not dependent on individual team members applying the right standard. The MLRO gets visibility across all active cases, a dashboard of what is outstanding, and an evidence vault that is ready to export before any supervision visit.

  • Structured case workflow ensures consistent standards across the whole team
  • Risk ratings are documented with rationale — no undocumented overrides
  • Evidence vault is exportable in one click for HMRC or professional body reviews
MLRO responsibilities

Your MLRO responsibilities

As the nominated officer, three things sit entirely with you. Certivus is built to support each one.

Oversight

Know the status of every client onboarding at any given moment — who owns the case, what verification steps are outstanding, and which clients are overdue for a refresh. Certivus gives you a dashboard view across all active cases so you can intervene before a gap becomes a risk.

Evidence

Every compliance decision must have a documented evidence trail — who verified what, when, using which document, and what risk rating was applied. Certivus captures all of this automatically so you are not relying on shared drives, emails, or memory when auditors ask.

Escalation

High-risk cases, EDD clients, and potential SARs require a clear chain of decisions with dates and rationale. Certivus structures the escalation workflow so the audit record is built as the case progresses — not reconstructed afterwards.

Where things go wrong

The risks MLROs face

These are the three scenarios that create the most exposure for MLROs. Each one is manageable — but only if you have the right systems in place before they occur.

HMRC supervision visits

When HMRC inspectors visit, they do not want explanations — they want evidence. They will ask to see specific client files, risk assessments, and screening records on demand. If your evidence is scattered across spreadsheets, email threads, and shared folders, you are exposed.

Team inconsistency

Without a structured workflow, different staff members apply different standards. One person collects a passport; another accepts an expired driving licence. One person documents a risk rationale; another doesn't bother. As MLRO, the inconsistency is your liability.

Missing refresh dates

Clients whose KYC records have lapsed — expired documents, outdated addresses, unchanged risk ratings from three years ago — create silent exposure. You will not catch this until something goes wrong, or until an inspector does. Certivus tracks refresh dates and alerts you before they lapse.

How Certivus works

How Certivus solves this

Four steps. Every client. Every time.

1

Every client gets a structured onboarding case

When a new client is added to Certivus, a case is created with an assigned owner, a status, and a checklist of required steps. Nothing falls through the cracks because the system tracks what is outstanding — not a person's memory.

2

AML checklist tracks every verification step with evidence

The checklist guides the staff member through identity verification, address confirmation, beneficial ownership, PEP and sanctions screening, and risk assessment. Each step is logged with a timestamp and the supporting evidence.

3

Risk review assigns Low, Medium, High, or EDD with documented rationale

Certivus applies a structured risk score based on the client's profile. The assigned team member can override the score, but must record a rationale. You — as MLRO — have a clear audit trail for every risk decision made in your name.

4

Evidence vault stores everything — exportable in one click for HMRC

All documents, screening results, risk ratings, decision notes, and timestamps are stored securely in the Certivus vault. Before a supervision visit, export a clean PDF audit report for any client file in under a minute.

Compliance guardrail

Certivus supports AML workflows. Final compliance decisions — including SAR filings, risk ratings, and escalation judgements — remain with the MLRO and their firm. Certivus is workflow software, not a substitute for professional judgement or a qualified nominated officer.

Common questions

Questions from MLROs

What are an MLRO's responsibilities?

The Money Laundering Reporting Officer (MLRO) — also called the nominated officer — is the individual responsible for overseeing the firm's AML compliance programme. Their responsibilities include: overseeing customer due diligence and KYC processes; ensuring the firm maintains adequate AML policies and controls; reviewing and making decisions on suspicious activity reports (SARs) before submission to the National Crime Agency; maintaining the firm's risk assessment; and responding to supervisory body enquiries and visits. In smaller practices, the MLRO is typically the managing partner or principal. In larger firms, a dedicated compliance director may hold the role.

Can Certivus replace an MLRO?

No. Certivus is compliance workflow software — it cannot replace the MLRO's legal role or professional judgement. Final compliance decisions, including SAR filing decisions and risk ratings, remain with the MLRO and the firm. What Certivus does is give the MLRO a structured, evidenced workflow that reduces the risk of gaps, inconsistencies, and documentation failures — and makes it significantly easier to demonstrate compliance during a supervision visit.

How does Certivus help with HMRC supervision visits?

HMRC supervision visits typically involve a review of client files, risk assessments, screening records, and evidence of ongoing monitoring. Certivus stores all of this in a single, structured vault. Before a visit, the MLRO can export an audit-ready PDF for any client file in under a minute. During a visit, the case timeline and evidence trail are immediately available for any client the inspector selects. This removes the scramble to locate documents that would otherwise be scattered across email, shared drives, or paper files.

Does Certivus support SAR filing?

Certivus supports the internal escalation and evidence-gathering process that precedes a SAR decision. It does not file SARs directly with the National Crime Agency — that remains a manual process via the NCA's ELMER system. The MLRO retains full responsibility for deciding whether to file a SAR. Certivus ensures the case file and evidence trail are ready to support that decision and to evidence it retrospectively.

What is the MLRO liable for?

The MLRO carries personal liability for failures in the firm's AML programme where those failures result from negligence or deliberate non-compliance. This can include civil penalties from the supervisory authority, regulatory sanctions from a professional body, and — in the most serious cases — criminal prosecution. Liability typically arises from systemic failures: no documented risk assessments, no evidence of CDD, no screening records, or a pattern of ignoring known risk indicators. A well-evidenced compliance workflow does not eliminate risk, but it demonstrates that the MLRO took their obligations seriously.

For a full overview of AML obligations, see What is AML compliance?

Useful resources for MLROs

Risk assessment workflow

Structured Low/Medium/High/EDD ratings with a documented rationale for every decision.

CDD and KYC workflows

Every CDD step tracked with status, owner, and evidence — all in one place.

AML compliance guide

The full legal framework — what MLROs are responsible for and how to evidence it.

HMRC audit checklist

Prepare for HMRC supervision visits with a step-by-step evidence checklist.

Give your AML workflow the structure it needs

Certivus gives MLROs case-level visibility, consistent workflows, and an evidence trail that holds up under inspection — without the admin burden.

Free plan availableNo credit card requiredHMRC-ready evidence