Requirement of an MLRO
The fund’s MLRO is an individual appointed by the fund’s board of directors, primarily responsible for ensuring that the fund and its shareholders are compliant with the requirements of the Code as well as reporting suspicions of money laundering in the fund to the Isle of Man Financial Intelligence Unit (FIU). The board of directors of the fund, while having overall responsibility for ensuring the fund complies with the Code, relies on the fund’s MLRO to assist them in this regard.
Historically, Isle of Man (“IOM”) funds have not been required to formally appoint an MLRO, instead relying on their administrator to cover these responsibilities, however following guidance issued in August 2021, the Isle of Man regulator (“FSA”) has advised that it expects all Isle of Man funds to ensure that they are fully compliant with the Code and for an MLRO for each fund to be formally appointed. This means that administrators are still permitted to undertake the role, but MLRO services provided must be clearly stated in an agreement or side letter. If the administrator is not appointed as MLRO, the regulator now expects an MLRO to be formally appointed and the administrator to confirm to the fund board that it does not act as MLRO to the fund.
Future supervisory visits to administrators will include checking each fund has an MLRO appointed and that the fund’s MLRO is undertaking their responsibilities set out in the Code.
Appointment and duties of the Fund MLRO
The fund can formally appoint an inhouse person to act as its MLRO (e.g. Director, MLRO of Investment Manager) and this decision clearly recorded.
The main duties of the fund’s MLRO are:
- AML Monitoring
The fund can delegate certain duties to the administrator such as measures to establish the actual identification and verification of shareholders in the fund. As part of its AML policy, the administrator will also collect and retain all shareholder identity documentation and transaction records to understand each shareholder’s profile and monitor for unusual or suspicious shareholder transactions. Notwithstanding that the above functions are delegated to the administrator, ultimate responsibility for ensuring the fund complies with the Code rests with the board of directors of the fund and the fund’s MLRO. It is therefore necessary that the fund MLRO closely monitors the performance of AML functions by the administrator as part of his/her duties. - Fund Requirements
- Each fund should have specific AML/CFT procedures all internal disclosures.
- Each fund must establish and maintain separate registers of all
- external disclosures
- Internal disclosures
- other disclosures to the Financial Intelligence Unit.
- Reporting of external disclosures is through the ‘Themis’ system
- MLRO Board Report
A report to the board of each fund must be submitted by the fund MLRO, at least annually, describing:- the fund’s AML/CFT environment including any developments in relation to AML/CFT legislation during the period covered by the report.
- progress on any internal developments during the period covered by the AML/CFT.
- any activities relating to compliance with the Code that have been undertaken by the fund during the period covered by the report.
- the results of any testing undertaken.
The report should enable the board to not only be aware of the ML/FT risks to which the fund is exposed but also to understand how effective the fund’s AML/CFT framework is in mitigating these risks. - Staff Training
A fund must provide or arrange education and training, including refresher training, at least annually, for all officers, which would include the fund’s directors and MLRO. - Risk Assessments – Business Risk Assessment (BRA)
Each relevant person must prepare an assessment of its exposure to ML/FT risk: this includes a Business Risk Assessment (“BRA”) (paragraph of the Code 5), and an assessment of the risk of ML/FT that a business relationship or one-off transaction poses for each of its customers (the Customer Risk Assessment (“CRA”) paragraph 6 of the Code).
The fund must have its own separately documented BRA which meets all the requirements of paragraph 5 of the Code.
The BRA should include all aspects of the fund’s dealings with its- account opening
- customer instructions
- transactions during the relationship
- ongoing monitoring of the business relationship (including transactions)
- technology / security issues if there is an online element to the business relationship
- any outsourced / delegated services
- Risk Assessments – Technology Risk Assessment (TRA)
A Technology Risk Assessment (“TRA”) (paragraph 7 of the Code) must also be carried out by each relevant person.
The fund must have its own distinct TRA, and clear consideration of the fund’s own technological risks must take place.
Apex Services
Apex offers MLRO services to support boards with their responsibility of oversight for AML compliance and appropriately communicating with Reporting Authorities. We have a team of experienced MLRO’s who act for a number of funds we administer.