Multi-Partner AML Governance — UK guide for mid-market firms
Structuring AML responsibility across multiple partners, multiple offices, and multiple risk segments — the role architecture, the consistency challenge, and what supervisors look for.
By Mehmood Rajoka · Last updated 2026-06-08
TL;DR — Quick Summary
- •In a multi-partner UK firm, the AML governance challenge is not whether to comply with MLR 2017 — it is how to operate compliance consistently across multiple partners, multiple offices, multiple risk segments, and different client-onboarding habits.
- •The MLCO (Money Laundering Compliance Officer) owns the firm-wide programme. The MLRO (Money Laundering Reporting Officer) owns the SAR pipeline. In smaller firms these can be the same person; in mid-market firms they should be separate to avoid concentration risk and operational bottlenecks.
- •Senior management — partnership board, executive committee, managing partners — must take documented responsibility for the AML programme. Inspectors look for evidence of senior involvement, not just delegated technical compliance.
- •Multi-office firms need an office-by-office consistency layer — the firm-wide risk assessment runs at firm level, the operational reality varies by office, the inspection is consolidated. Without consistency, the same client onboarded in Office A and Office B can get materially different treatment.
- •Quarterly compliance committee reviews are the standard cadence for mid-market firms. The committee reviews risk-rating distribution, ongoing-monitoring completion, SAR volume, training-completion rates, and supervisory developments.
Answer-first summary
How should a multi-partner UK firm structure AML governance?
Four layers. MLCO owns the firm-wide AML programme under MLR 2017 Reg 21. MLRO owns the SAR pipeline under POCA. Office MLR coordinators handle day-to-day operating reality in each office (multi-office firms). A quarterly compliance committee brings them together with senior management. Ultimate accountability sits at the partnership board with documented engagement. In mid-market firms (typically 5-50 partners), separating the MLCO and MLRO roles is good practice — concentration creates operational and challenge risks.
- MLCO + MLRO separate in mid-market firms
- Office MLR coordinators bridge firm-wide design and office execution
- Quarterly compliance committee
- Partnership board documented accountability
The role architecture
Five layers — three statutory or strongly-expected (MLCO, MLRO, partnership board), two practical (office coordinators, compliance committee):
MLCO — Money Laundering Compliance Officer
Owns the firm-wide AML programme under MLR 2017 Reg 21. Responsible for the firm-wide risk assessment, written policies, training oversight, ongoing-monitoring framework, supervisory liaison. Senior position — typically a partner with managing-partner or COO-equivalent authority. In mid-market firms, the MLCO often sits on the compliance committee and reports directly to the partnership board.
MLRO — Money Laundering Reporting Officer
Owns the SAR pipeline under POCA s.330 and s.331. Receives internal disclosures, decides whether to file external SARs with the NCA, manages the DAML workflow. Must be sufficiently senior and competent to make judgement calls on suspicious activity. In mid-market firms, the MLRO is typically separate from the MLCO — concentration of both roles in one person creates operational risk during absence and reduces independent challenge.
Office MLR coordinators
Multi-office firms benefit from named MLR coordinators in each office — usually a senior associate or office-managing partner with day-to-day responsibility for the local team's CDD operating reality. The coordinators feed into the firm-wide MLCO. Not a statutory role, but a practical layer that prevents the firm-wide programme from being theoretical at the office level.
Compliance committee
Quarterly committee with the MLCO, MLRO, senior partners (or managing partners), and typically a partnership-board representative. Reviews firm-wide risk distribution, SAR volume, training completion, supervisory updates. Documented minutes that prove senior involvement — a standard inspection request.
Partnership board / executive committee
Ultimate accountability for the AML programme sits at partnership level. The board approves the firm-wide risk assessment annually, approves material policy changes, and signs off on the AML budget. Documented partnership-level engagement is what separates a 'tone from the top' firm from a 'delegated to compliance' firm in inspection narrative.
The consistency challenge
Mid-market firms with multiple offices, multiple partners, and varied client-onboarding habits face a structural problem: the firm-wide programme can be sound at firm level and inconsistent at office level. Examples:
- Office A applies EDD to all corporate clients above £500k turnover; Office B applies it only when other risk factors are present. Same firm, inconsistent application — surfaces in supervisory inspection
- Partner X verbally confirms a client is 'long-standing and low-risk' and skips a refresh; Partner Y refreshes diligently every 12 months. Same firm, different reliance on partner judgement
- Office C's MLR coordinator left 6 months ago and wasn't replaced. CDD files quietly drift out of currency without anyone owning the gap
- Partner-introduced clients get faster onboarding; cold-arrival clients get standard CDD treatment. Same firm, inconsistent process
- Training completion drifts office-by-office — Office D completed 100% on time, Office E shows three staff overdue. The firm-wide completion rate looks fine on average; the operational reality is uneven
What good practice looks like
Documented role architecture
Written specification of MLCO, MLRO, office coordinator roles. Who does what, who escalates to whom, what happens during absence. Annual review when partner roles change.
Single firm-wide risk assessment, multi-office rollout views
The Reg 18 firm-wide risk assessment sits at firm level. Office-by-office and team-by-team rollout views below it allow the MLCO to see how the programme operates at the actual level of execution.
Quarterly compliance committee
Standing agenda items: risk-distribution review, SAR review, ongoing-monitoring completion, training-completion rates, supervisory developments, action items from prior quarter. Documented minutes with attendees, decisions, owners, deadlines.
Bulk operations for portfolio events
Mid-market firms have portfolio events — KYC remediation projects, acquired-firm CDD reconciliation, mass-policy update following regulatory change. The AML system needs bulk workflows; one-by-one verification doesn't scale to 5,000-client portfolios.
Role-based access without data fragmentation
Fee earners see their own client portfolios. Compliance sees the firm-wide view. The data sits in one workflow — fragmented tools create reconciliation problems and inconsistent file evidence.
FAQ
Answer-first summary
How should a multi-partner firm structure AML governance?
Four layers. MLCO owns the firm-wide programme. MLRO owns the SAR pipeline. Office MLR coordinators handle day-to-day operating reality in each office. A quarterly compliance committee brings them together with senior management. Ultimate accountability sits at the partnership board. In mid-market firms (typically 5-50 partners), separating the MLCO and MLRO roles is good practice — concentration in one person creates operational risk during absence and reduces independent challenge.
Answer-first summary
Can one person be both MLCO and MLRO?
In smaller firms, yes — and it's common. In mid-market firms with 5+ partners or multiple offices, the roles should typically be separate. The MLCO owns the programme under MLR 2017; the MLRO owns the SAR pipeline under POCA. Concentration creates operational risk (what happens during absence?) and reduces independent challenge — having two senior people involved in major risk decisions is stronger than having one.
Answer-first summary
What does the partnership board need to do for AML?
Approve the firm-wide risk assessment annually. Approve material policy changes. Sign off on the AML budget. Receive quarterly compliance committee reports. Document the engagement — minutes, sign-offs, action approvals. Inspectors look for evidence that AML compliance has senior accountability and is not just delegated to a junior compliance manager. 'Tone from the top' is a documented attribute, not a marketing phrase.
Answer-first summary
What's an office MLR coordinator and do we need one?
Not a statutory role — a practical layer for multi-office firms. The office MLR coordinator is a senior associate or office-managing partner with day-to-day responsibility for the local team's CDD operating reality. They feed into the firm-wide MLCO. The role bridges the gap between firm-wide programme design and office-level execution. Without it, mid-market firms find their programme is theoretical at firm level but inconsistent at office level.
Answer-first summary
How does the compliance committee work?
Quarterly meeting with the MLCO, MLRO, senior partners (or managing partners), and a partnership-board representative. Standing agenda: firm-wide risk-distribution review, SAR volume and outcome review, ongoing-monitoring completion rates by office, training-completion rates, supervisory developments (HMRC enforcement, SRA thematic reviews, FCA PS-series papers), action items from prior quarter. Documented minutes with attendees, decisions, owners, deadlines. Standard inspection artefact.
Answer-first summary
How do you keep AML consistent across multiple offices?
Three controls. Single firm-wide risk assessment at firm level. Multi-office rollout views below it (the MLCO sees office-by-office reality). Named office MLR coordinators feeding into the firm-wide framework. With all three, the firm-wide policy translates into office-level execution. Without them, the same client onboarded in Office A and Office B gets materially different treatment — a finding inspectors flag consistently.