SMF17 MLRO: The Hiring Guide for FCA-Regulated Firms
The SMF17 Money Laundering Reporting Officer appointment is unlike any other senior hire an FCA-regulated firm makes. The individual holds personal criminal liability under the Proceeds of Crime Act 2002 for failure to submit a Suspicious Activity Report where there are reasonable grounds to suspect money laundering. They hold personal regulatory accountability to the FCA under the Senior Managers and Certification Regime for the adequacy of the firm’s AML framework. They must be individually approved by the FCA before they can hold the function. And they must be capable of making independent judgements — about SAR consent, about customer due diligence standards, about escalation to law enforcement — under conditions of commercial pressure and time constraint that would compromise a less resilient individual.
This guide is written for CEOs, chairs, and boards of FCA-regulated firms who are making or replacing an SMF17 appointment. It covers what the function genuinely requires, how to assess candidates against those requirements, what the FCA’s approval process involves, what the realistic timeline looks like, and the most consequential mistakes firms make in this hire. For Exec Capital’s MLRO search service, see our MLRO Recruitment page.
Adrian Lawrence FCA — Founder, Exec Capital
Fellow of the Institute of Chartered Accountants in England and Wales (ICAEW FCA) | ICAEW-Registered Practice | FCA-regulated firm executive search since 2018
The question I find most useful when assessing MLRO candidates is not about regulatory knowledge — it is about SAR decisions. I ask them to describe the most difficult consent SAR decision they have made: what the facts were, why it was difficult, what they decided, and how it turned out. The answer tells you almost everything you need to know. A candidate who has held a substantive MLRO role will have made dozens of these decisions and will recall specific ones with clarity. A candidate whose answer is procedural rather than specific — describing the SAR decision framework rather than a particular decision — has usually not been in a position where the decision was genuinely theirs to make. The personal accountability of the SMF17 function means it has to be genuinely theirs. If it has not been, you need to know before you appoint them.
Discuss your MLRO search with Adrian →
Adrian Lawrence FCA | Founder, Exec Capital | ICAEW Verified Fellow | ICAEW-Registered Practice | Companies House no. 13329383 | FCA-regulated firm executive search since 2018
What the SMF17 function genuinely requires
SMF17 is the Money Laundering Reporting Officer Senior Management Function under SMCR. The FCA designates this as a prescribed responsibility: every FCA-authorised firm must have a named individual holding the function, and that individual must be approved by the FCA before they can do so. There is no minimum size threshold — a two-person FCA-authorised firm needs an FCA-approved MLRO just as much as a major bank.
The core statutory duty of the MLRO is to receive internal Suspicious Activity Reports from across the business and to decide, for each report, whether the suspicion meets the threshold for external disclosure to the National Crime Agency under the Proceeds of Crime Act. Where the MLRO decides to submit an external SAR, they file it through the NCA’s online system and, where applicable, seek consent to proceed with a transaction that might otherwise constitute money laundering. This is not a process function — the decision to submit or not submit is a personal legal judgement made by the MLRO alone, and getting it wrong carries criminal consequences.
Beyond the SAR function, the SMF17 holder owns the firm’s AML and CTF framework: the policies, risk assessments, customer due diligence standards, enhanced due diligence requirements, transaction monitoring programme, and staff training. They manage the firm’s relationship with the FCA on financial crime matters and with the NCA on SAR submissions. They report to the board on the AML risk profile and on the adequacy of the firm’s financial crime controls. In firms subject to the Money Laundering Regulations 2017, they are responsible for the firm’s documented AML risk assessment — the analysis of the money laundering and terrorist financing risks the firm faces given its products, customers, delivery channels, and geographies.
The criminal liability dimension — what it means for hiring
No other executive appointment in an FCA-regulated firm carries the personal criminal liability that attaches to the SMF17 function. Under section 330 of the Proceeds of Crime Act, a person in a regulated sector who fails to disclose knowledge or suspicion of money laundering — or fails to disclose where they had reasonable grounds for suspicion — commits a criminal offence. The maximum sentence is five years’ imprisonment. The MLRO is the named individual in the firm whose failure to report will attract this liability.
The criminal liability dimension has direct implications for the hiring process. It means the MLRO must have genuine, personal experience of making SAR decisions — not procedural involvement in a SAR function managed by someone else. It means they must have the independence of mind to make the right SAR decision even when the subject of the suspicion is a major client, a senior colleague, or a commercially significant transaction. And it means the board must genuinely support the MLRO’s independence — a firm that has historically pressured its MLRO on SAR decisions is a firm that creates criminal exposure for whoever holds the SMF17 function next.
Candidates who understand the liability dimension — and who ask the right questions about the firm’s SAR culture before they accept the role — are usually the right candidates. An experienced MLRO who does not ask about SAR volumes, SAR decision escalation procedures, and the board’s relationship with compliance before accepting an offer has either not thought through the personal exposure or is less experienced than their CV suggests.
What distinguishes a strong SMF17 candidate
The technical knowledge floor for a credible SMF17 candidate is high: they need command of the Money Laundering Regulations, deep familiarity with the JMLSG guidance relevant to the firm’s sector, working knowledge of the NCA’s SAR submission system and consent process, and understanding of the FCA’s financial crime expectations as set out in the FCA’s financial crime guidance. These are not optional; they are the baseline. A candidate who is not already working at this technical level cannot be trained up to it within a timeframe that reduces the firm’s regulatory risk.
Above the technical floor, what distinguishes strong candidates is specifically: the volume and complexity of SAR decisions they have personally made; their experience of managing the FCA relationship on AML matters under supervisory pressure; their ability to build and maintain an AML risk assessment that genuinely reflects the firm’s evolving risk profile rather than a template exercise; and their track record of board communication that gives directors an accurate picture of financial crime risk rather than a reassuring one.
Sector-specific experience matters considerably at the SMF17 level. The financial crime typologies in retail banking are different from those in asset management, payments, consumer credit, and crypto. A candidate with deep AML experience in one sector can develop understanding of another, but the learning curve is steeper than it appears from a CV, and the firm’s regulatory risk during the learning period is real. Where the firm operates in a sector with a specific risk profile — payments with cross-border transfer risk, wealth management with PEP exposure, crypto with blockchain analytics requirements — sector-specific MLRO experience should be a prioritised rather than preferred criterion.
Recognising candidates who are not ready for SMF17
The most dangerous MLRO candidates are those with strong AML credentials at the technical level who have not held personal decision-making authority. Individuals who have built AML frameworks, written policies, managed compliance monitoring programmes, and held significant compliance roles may present as ready for SMF17 without having made the kind of personal judgements the function requires.
The distinguishing characteristic is not seniority or title — it is decision ownership. An individual who has been the compliance director at a mid-size financial services firm may have approved and delegated SAR decisions without making them personally. An individual who has been the MLRO at a smaller firm with fewer resources but direct, personal accountability for every SAR decision has often developed a more robust capacity for the function than their more senior counterpart.
The interview questions that surface this distinction are concrete and situational: describe the three most difficult SAR decisions you have personally made in the past two years. What made them difficult? What did you decide? What happened? A candidate with genuine SMF17-level experience answers these questions with specificity and with the appropriate weight — they understand what was at stake, they describe the tension clearly, and they explain their reasoning. A candidate without that experience gives procedural answers that describe the SAR decision framework without a specific decision at the centre.
The FCA approval process for SMF17
The formal approval process for an SMF17 appointment runs through the FCA’s Form A. The application is submitted by the firm, not the individual, and includes a statement of responsibilities setting out what the proposed MLRO will be accountable for, regulatory references from the candidate’s previous regulated employers, and a candidate declaration covering fitness and propriety.
The FCA’s standard processing time for Form A applications is three months from submission, though applications for straightforward appointments at well-known firms with clean regulatory histories sometimes complete faster. Applications that raise questions — where the candidate has a previous regulatory event to disclose, where regulatory references flag concerns, or where the candidate’s experience does not obviously match the complexity of the SMF17 function — will take longer and may require supplementary information from the firm.
The three-month approval timeline means that from the point of offer acceptance to the point where the individual can formally hold the SMF17 function, the firm is in a regulatory gap. This gap must be managed — typically through an interim MLRO arrangement under the FCA’s temporary permissions for SMF appointments, with the firm notifying the FCA of the vacancy and the interim appointment. The FCA expects the gap to be filled promptly; operating without an SMF17 for an extended period is a regulatory breach in its own right.
Interim MLRO — when and how
An interim MLRO is appropriate whenever the firm faces a gap in the SMF17 function — whether from unexpected departure, supervisory pressure requiring an immediate upgrade, or the period between a permanent appointment’s offer acceptance and FCA approval. The interim provides regulatory continuity: they receive internal SARs, maintain the AML framework, manage the FCA relationship, and ensure the firm is not operating without effective financial crime governance while the permanent appointment progresses.
For the interim to hold the SMF17 function formally, they must either already hold FCA approval (from a current or recent SMF17 designation at another firm) or the firm must apply to the FCA for interim SMF permissions. In practice, most interim MLROs deployed by specialist search firms have active or recent FCA approval and can begin operating in the function quickly. For urgent requirements — where the firm needs an interim MLRO to be in place within days rather than weeks — direct sourcing through a specialist FCA compliance search firm is the fastest route.
Salary benchmarks — SMF17, 2026
| Role | Context | Compensation |
|---|---|---|
| MLRO — Tier 1 or complex firm | High-volume SAR, 500+ staff, complex AML | £150,000 – £250,000+ base |
| MLRO — mid-market financial services | Asset manager, insurer, payments firm | £100,000 – £160,000 base |
| MLRO — smaller FCA-authorised firm | Consumer credit, e-money, smaller broker | £70,000 – £110,000 base |
| Dual SMF16/SMF17 | Combined compliance and MLRO function | £90,000 – £150,000 base |
| Interim MLRO | Gap coverage, Section 166 remediation | £700 – £1,400 per day |
The most consequential mistakes in MLRO appointments
Appointing on AML technical knowledge without testing decision-making independence is the most consequential mistake. A candidate who can recite the Money Laundering Regulations and describe a comprehensive AML framework but who has never been in a position where they had to make a difficult SAR decision against commercial pressure is not ready for SMF17. The technical knowledge is necessary but not sufficient. The decision-making independence is the thing that matters most, and it is the thing most easily overlooked by a board that is more comfortable assessing compliance knowledge than personal accountability.
Underestimating the board relationship dimension produces MLROs who build excellent technical AML frameworks that the board does not engage with. An MLRO who cannot communicate financial crime risk in terms that drive board-level understanding and accountability has failed at one of their most important functions — not because the framework is inadequate, but because the governance layer that should be overseeing it is not functioning. The FCA expects boards to understand and own the firm’s financial crime risk; an MLRO who allows the board to remain uninformed is allowing a governance failure.
Moving too slowly when the SMF17 vacancy arises is a regulatory risk in itself. Firms that treat the MLRO search as a normal executive hire — with a six-to-eight week search process followed by a three-month notice period — are routinely operating without an effective SMF17 for four to five months. The FCA’s expectation is that the vacancy is filled promptly. An interim MLRO deployed within one to two weeks of the vacancy arising resolves the regulatory continuity problem while the permanent search runs at the appropriate pace.
MLRO Recruitment — Permanent and Interim
Exec Capital places MLROs and SMF17 holders across the UK financial services sector. Permanent, interim and fractional. Shortlist within 3–7 working days. For urgent interim requirements, call directly.
Related Guides and Services
- MLRO Recruitment — permanent, interim and fractional MLRO search across all regulated sectors
- SMF16 Head of Compliance Hiring Guide — how to hire for the Compliance Oversight function
- When a Firm Needs a Fractional MLRO — the FCA’s position, when it works and when it doesn’t
- Fractional MLRO — our fractional MLRO service for smaller FCA-regulated firms
- Head of Compliance Recruitment (SMF16) — compliance leadership search for FCA-regulated firms
- FCA Regulated Firm Recruitment — all SMF appointments
Sources
- FCA — Senior Managers and Certification Regime (SMCR)
- Proceeds of Crime Act 2002
- Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017
- NCA — Suspicious Activity Reports
- Joint Money Laundering Steering Group (JMLSG) Guidance
- FCA — Financial Crime and AML Guidance
- FATF — AML/CFT Recommendations
MLRO Recruitment | SMF16 Recruitment | Fractional MLRO | FCA Regulated Firms | CRO Recruitment
Accredited Member of GBC 
Carbon Offset via TreeNation