MLRO and SAR Reporting Workflow for UK Firms
In brief: An MLRO/SAR workflow should help staff report concerns internally, give the MLRO enough facts to decide what to do, and keep a restricted decision record without tipping off the client.
Key points
- Staff should report concerns internally before trying to resolve suspicion with the client.
- The MLRO or nominated officer decides whether a SAR is needed.
- The firm should keep internal reports, MLRO decisions, and DAML considerations securely.
What should an MLRO/SAR workflow do?
An MLRO/SAR workflow should make suspicious activity escalation simple for staff and defensible for the firm. Staff need to know what to report, how to report it, and what not to say to the client. The MLRO needs enough facts to decide whether a SAR is required.
The National Crime Agency publishes information about suspicious activity reports.
Internal workflow
- Staff record the concern in plain language.
- The concern is sent to the MLRO or nominated officer.
- The MLRO reviews facts, documents, and context.
- The MLRO records the decision and rationale.
- If appropriate, a SAR is submitted.
- If a defence against money laundering is needed, DAML considerations are recorded.
- Access to records is restricted.
What staff should include
- Client name and matter.
- Facts that created concern.
- Documents or transactions involved.
- Dates and people involved.
- What has already been checked.
- Whether there is urgency.
What the MLRO should record
The MLRO decision log should explain what was reviewed, whether suspicion exists, whether a SAR was submitted, whether DAML was considered, and what the firm should do next.
Avoid tipping off
Staff should avoid warning the client that a report may be made. Questions to gather ordinary CDD evidence may be appropriate, but the firm needs clear internal guidance on where the line sits.
This guide is general information and is not legal advice.