Hiring an MLRO in 2026: a recruitment guide for FCA-regulated firms

The Money Laundering Reporting Officer is one of the most consequential senior hires an FCA-regulated firm makes. It is a personal accountability role — the individual who holds SMF17 under SMCR is personally responsible to the FCA for the firm’s AML and CTF framework. When that framework fails, when a Suspicious Activity Report is not filed that should have been, when a PEP is onboarded without adequate enhanced due diligence, the accountability does not rest with the firm in the abstract. It rests with the MLRO as a named individual.

Recruiting for this role requires a different approach to most senior finance or risk appointments. Technical knowledge of the Money Laundering Regulations 2017 and the JMLSG guidance is necessary but not sufficient. The MLRO must also navigate the FCA’s approval process as an SMF17 holder, operate with genuine independence from the commercial function, and carry the weight of personal regulatory accountability in a way that most professionals have not experienced before.

This guide sets out what regulated firms need to understand before they start the search, what to look for in candidates, how the SMF17 approval process works, and where hiring most commonly goes wrong.

Who needs an MLRO under FCA rules

The requirement to appoint an MLRO applies to any firm within scope of the Money Laundering Regulations 2017. For FCA-regulated firms, this includes banks, building societies, credit unions, payment institutions, electronic money institutions, investment firms, wealth managers, consumer credit firms, and others. The specific form of the appointment — whether the MLRO must be an employee of the firm or can be an external appointment — depends on the firm’s regulatory category and size, and is discussed further in the context of outsourcing below.

For firms within SMCR enhanced or core scope, the MLRO function corresponds to SMF17. The individual holding this function must be individually approved by the FCA and PRA (for dual-regulated firms) as a Senior Manager. This approval requirement has material implications for the recruitment process and timeline.

The SMF17 approval process — recruitment timeline implications

The single most important planning consideration for MLRO recruitment is the SMF17 approval timeline. Once a candidate is selected, the firm must submit an individual SMF application to the FCA before the candidate can formally hold the function. The FCA’s statutory timeline for determining complete applications is three months, though the actual timeline depends significantly on the completeness of the application and whether further information is requested.

In practice, firms should plan for a minimum of 10–14 weeks from selection to approval for a straightforward application — a candidate with a clear employment history, no disclosable events, and existing SMF approval from a previous role. For candidates without previous SMF approval, or where the application generates requests for further information, the timeline can extend to 16–20 weeks.

The practical consequence is that the search process needs to begin significantly earlier than for most senior appointments. A firm that identifies the need to recruit an MLRO in January and wants the new hire in post by April should have begun the search no later than October. Firms that approach the search as they would an executive hire — beginning when the departure is confirmed, expecting to have someone in the role within three months — consistently find themselves with a gap in MLRO coverage that creates regulatory risk.

During the approval period, the outgoing MLRO should continue to hold the function where possible. Where the outgoing MLRO has already left, the firm needs to make interim arrangements — either a temporary MLRO appointment approved by the FCA or, in some cases, an internal appointment of a suitable individual on an interim basis while the permanent candidate’s approval is processed.

What to look for — the four essential qualities

Technical AML/CTF knowledge

The MLRO must have a substantive understanding of the UK’s AML/CTF framework — the Money Laundering Regulations 2017, the Terrorism Act 2000, the Proceeds of Crime Act 2002, and the relevant JMLSG guidance for the firm’s sector. This is not a role where general compliance knowledge is a substitute for specific AML expertise. The MLRO will be making personal decisions about whether to submit Suspicious Activity Reports to the National Crime Agency, setting policy on customer due diligence and enhanced due diligence, and maintaining the firm’s AML risk assessment. Each of these requires genuine technical knowledge, not familiarity with the general compliance framework.

In 2026, the technical knowledge requirement has expanded. The FCA’s increasing focus on sanctions compliance — particularly following the Russia sanctions regime from 2022 onwards — means MLROs at most regulated firms now carry meaningful responsibility for the firm’s sanctions screening programme alongside the traditional AML and CTF functions. Knowledge of OFSI and the financial sanctions regimes is increasingly a core expectation rather than a bonus.

Judgment and the willingness to file

The most technically capable MLRO is inadequate if they lack the judgment to make sound decisions under uncertainty and the willingness to file SARs even when doing so is commercially inconvenient. The purpose of the MLRO function is to identify and report suspicion, not to confirm it to a forensic standard before acting. The test for filing under POCA 2002 is suspicion — a lower threshold than most commercial contexts would apply to a major decision.

An MLRO who allows commercial pressure to delay or prevent filing — who treats SAR submission as a last resort rather than a professional obligation — is an MLRO who creates regulatory and legal risk for the firm. Identifying candidates with the right filing culture requires probing during the interview process: how do they approach uncertainty, what is their experience of internal pushback on AML decisions, how have they handled situations where the commercial team has disagreed with their assessment?

Board standing and communicative authority

The MLRO must present the annual MLRO report to the board and must be able to communicate AML risk in terms that non-specialist directors understand and take seriously. This requires a different set of skills to the analytical and investigative aspects of the role. An MLRO who is technically excellent but unable to engage a board in a substantive conversation about the firm’s financial crime risk profile cannot fulfil the governance function that the role requires.

This consideration is particularly important for smaller regulated firms where the MLRO may not have the organisational support of a wider financial crime team. The MLRO at a 50-person firm is doing everything — writing policy, training staff, managing the CDD process, reviewing alerts, making filing decisions, and presenting to the board — and needs to be effective across all of those dimensions.

Genuine independence from the commercial function

JMLSG guidance and FCA expectations are clear that the MLRO should have genuine independence from the business development and relationship management functions of the firm. This independence needs to be structural — the MLRO should not report to a business line head whose commercial performance depends on the clients the MLRO might restrict or exit — and cultural. A firm that treats its MLRO as a risk to be managed rather than an oversight function to be supported will not retain good MLROs for long, and will eventually face the regulatory consequences of a culture in which financial crime controls are treated as an obstacle to business.

Sector-specific considerations in 2026

The MLRO role varies materially by sector. At a payment institution or e-money institution, the typologies that matter most are payment fraud, authorised push payment fraud, and the layering of criminal proceeds through payment rails. The MLRO at a wealth manager or private bank is dealing primarily with source of wealth verification, PEP management, and the risk of managing assets derived from corruption or tax evasion. The MLRO at a consumer credit firm faces a different profile again — smaller individual transaction values but high volumes, with fraud typologies prevalent.

Sector-specific experience is therefore not merely preferable — in most cases it materially affects the quality of the MLRO’s judgment and the adequacy of the firm’s AML framework. An MLRO recruited from retail banking into a wealth management firm may have strong technical foundations but will need time to develop the sector-specific knowledge that effective oversight of the wealth management financial crime risk requires. The better the sector fit at the point of hire, the lower the time-to-effectiveness and the lower the transitional risk to the firm.

Where MLRO recruitment most commonly goes wrong

The most common failure in MLRO recruitment is beginning the process too late. The approval timeline makes this appointment uniquely unforgiving of a slow start. A firm that loses its MLRO unexpectedly — through resignation, dismissal, or personal circumstances — and begins searching the following week is already behind.

The second most common failure is treating the role as primarily a compliance appointment rather than a personal accountability appointment. Candidates who have operated within compliance teams but have never held personal SMF accountability are making a material step change when they take the MLRO role. The responsibility is qualitatively different. Not all strong compliance professionals are ready for that transition, and the interview process should explicitly test for it.

The third failure is under-weighting cultural fit with the board and senior leadership. An MLRO whose relationship with the CEO or CFO breaks down — whose escalations are ignored, whose judgments are routinely challenged commercially, who feels unable to file SARs without internal conflict — will either compromise their standards or leave. Either outcome represents a failure of governance with regulatory consequences.

FD Capital places MLROs and Deputy MLROs exclusively in FCA-regulated firms. We understand the SMF17 approval process, the sector-specific knowledge requirements, and the cultural conditions that make MLRO appointments successful. If you are recruiting for this role or planning succession, we would welcome a conversation.

Related Services

• MLRO Recruitment
• AMLRO Recruitment
• Financial Crime Recruitment
• Compliance Recruitment
• SMCR Compliance Recruitment
• Recruitment for FCA Regulated Firms

Related Guides

• SMF17 — MLRO Function: A Complete Guide
• FCA Conduct Rules Guide
• SMCR: A Complete UK Guide