How to manage two anti-money laundering roles in a single director firm
Sole practitioners have two roles to manage when dealing with anti-money laundering (AML) compliance. AMLCC CEO, Richard Simms, examines how to make sure you’re covering both roles effectively.
As a single-director firm, anti-money laundering (AML) compliance sits squarely with you.
You’re the Money Laundering Reporting Officer (MLRO) and Money Laundering Compliance Officer (MLCO).
It sounds like a lot, but it doesn’t have to be overwhelming.
With structure, clear records and a risk-based mindset, you can fulfil both roles effectively and show that your firm takes compliance seriously.
Understanding your two roles
Under Regulation 21 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), every regulated firm must appoint two key roles:
- A money laundering reporting officer (MLRO) to assess internal suspicions and decide whether to report them to the National Crime Agency (NCA)
- A money laundering compliance office (MLCO) to ensure the firm’s AML systems, controls and policies are working effectively
Your core responsibilities
The MLCO and MLRO roles each have a clear set of duties that together cover the reactive and proactive sides of compliance.
The MLCO
This role should:
- develop, implement and review your AML policies, controls and procedures (PCPs)
- oversee your firm’s business-wide risk assessment (BWRA) and ensure client-level assessments reflect real risks
- monitor compliance, fix weaknesses and record any improvements made
- make sure training is completed, logged and understood
- write an annual report on your firm’s AML performance
The MLRO
This role should:
- receive, document and assess any internal suspicions, even your own, about potential money laundering, terrorist financing or proliferation financing
- decide whether to submit a Suspicious Activity Report (SAR) to the NCA
- keep confidential, auditable records of every suspicion and decision, including those not reported
- pause any relevant transaction until consent is received or the statutory period expire
- maintain communication with the NCA or your supervisor if a case develops
Training and awareness
You must keep your knowledge up to date and show evidence by completing annual AML and sanctions training.
You should also keep certificates, webinar notes and CPD logs.
Recording new learning, such as changes in Legal Sector Affinity Group (LSAG) guidance or Solicitors Regulation Authority (SRA) expectations, should also feed into your policies or risk assessments.
Keeping up with changes in the AML landscape
The UK’s 2025 National Risk Assessment on Money Laundering (NRA) outlines how money laundering, terrorist financing and proliferation financing threats are evolving.The key areas to look out for are:
- property transactions, especially involving overseas clients or complex ownership structures
- sanctions evasion
- cross-border payments and technology-based threats such as deepfakes, synthetic IDs and crypto assets
Your documentation should always show you’ve considered these priorities. Make a note that you’ve reviewed the NRA and summarise how its findings affect your work.
Preparing for inspections
Your compliance could be reviewed through a routine inspection or due to a client’s suspicious behaviour, so you’ll need to be ready to provide:
- your current business-wide risk assessment
- your AML policies, controls and procedures
- relevant client risk assessments and CDD records
- evidence of training and continuing professional development (CPD)
- SAR logs or internal decision notes
A clear, well-organised AML system shows you’re managing risk effectively. Refresh your documents every year and treat each concern as something worth recording.
Making AML part of your day-to-day routine
Compliance is easier to manage when AML processes are woven into the way you work, not treated as a separate task.
That way, everything a reviewer could ask for is already there: current records, clear evidence and a visible audit trail.
Following the steps below will make this easier:
- Centralise your evidence - by keeping policies, training logs, client due diligence and risk assessments in one place. If you open new matters daily, your AML records should live in the same system or file structure
- Keep your business risk assessments live - add notes or updates whenever you take on new types of work or clients, and review at least once a year
- Review your PCPs as you go - when a new risk emerges or sector guidance changes, record how you’ve responded and update your policies and procedures
- Audit training regularly - keep your AML training up to date and file evidence of its completion
- Spot-check files in real time rather than being reactive - review a client file while the matter is active to see if the CDD checks are complete and if the risk rating has changed.
- Track and sign off updates - these small actions build a robust evidence trail
Find out more
AMLCC’s compliance platform helps firms meet their obligations under Money Laundering Regulations and beyond.
It includes tools for identity verification, risk assessments, ongoing monitoring, suspicious activity reporting and full firm-wide AML governance.
Features also include live support, training materials and audit-ready record-keeping.
Law Society members receive 10% off their subscription.
Visit the AMLCC website to book your free demo.