News
Print Article

The MLRO, MLCO, MLPO Problem: Why "Same Job, Different Jurisdiction" Is a Trap

02/07/2026

If you've spent time in financial crime compliance across more than one jurisdiction, you've probably had a version of this conversation: someone from a group office asks who your firm's "Nominated Officer" is, and you answer confidently, only to discover, a few sentences later, that you were both talking about entirely different jobs.

That's not a hypothetical. It's built into the terminology itself. MLRO, MLCO, MLPO, Nominated Officer acronyms are used interchangeably in group policies, job adverts, LinkedIn titles, and even regulatory correspondence, as though they map onto a single universal role. They don't.

Each jurisdiction has assembled its own combination of these titles, attached its own legal duties to each, and, in at least one case, reused a label that already means something different next door.

For anyone drafting a group AML policy, recruiting across offices, or simply trying to understand what a counterparty's compliance function actually looks like, that ambiguity is a real operational risk.

Here's what the terminology means, jurisdiction by jurisdiction, and where the traps sit.

United Kingdom: one person, two legal hats:

  • In the UK, there is no MLCO. The two terms in play are MLRO (Money Laundering Reporting Officer) and Nominated Officer, and the common shorthand "the MLRO is basically the compliance officer" doesn't fully capture what's actually going on.
  • The MLRO role comes from the FCA's SYSC rules: oversight of the firm's AML systems and controls, and (for FCA-regulated firms) the formally approved Senior Management Function SMF17.
  • The Nominated Officer role comes from a different legal source entirely: the Money Laundering Regulations 2017 and the Proceeds of Crime Act 2002 (POCA), and it's a narrower, sharper duty: receiving internal suspicious activity reports (SARs) from staff and deciding whether to escalate them externally to the National Crime Agency. If you get that decision wrong, it becomes a question of personal criminal liability, not just a compliance issue.
  • The JMLSG guidance is explicit that these are two distinct legal responsibilities that usually, but not necessarily, sit with the same individual.
  • In practice, nearly every UK firm appoints one person to both roles, which is exactly why the distinction quietly disappears from everyday usage, right up until an absence, a conflict of interest, or an enforcement action forces someone to ask which hat was being worn when a specific decision was made.

Jersey: three roles, and a regime currently being rewritten

  • Jersey is not the "no MLCO" jurisdiction some assume it to be by analogy with the UK; it's the opposite pattern. Jersey has three separately defined roles, all captured as "Key Persons" under the Financial Services (Jersey) Law 1998:
    • MLRO Money Laundering Reporting Officer
    • MLCO Money Laundering Compliance Officer (a narrow role, focused on financial crime risk)
    • CO Compliance Officer
  • It's tempting to describe the CO as simply "the broader role, covering everything else that isn't AML", but that undersells how the JFSC itself frames the structure.
  • The JFSC's Compliance Monitoring guidance doesn't treat these three as separate turfs. It defines a single collective concept, "the compliance function," which it explicitly states includes the CO, the MLRO, and the MLCO together, and holds that function jointly responsible for "all legal and regulatory obligations including operation of the business, conduct, prudential and financial crime obligations." The related compliance risk assessment is separately required to "cover all risks."
  • So the more accurate description isn't "the CO owns everything else"; it's that Jersey deliberately built a shared compliance function across all three roles, with the MLCO carrying the financial-crime slice of a jointly-held, wider mandate.

Guernsey: the same label, a different job:

  • Guernsey is where the terminology genuinely misleads people, because it reuses a term the UK already uses for something else.
  • Guernsey has three roles under its Handbook on Countering Financial Crime and Terrorist Financing: MLRO, MLCO, and Nominated Officer.
  • The MLCO is responsible for monitoring the firm's compliance with its AML/CFT policies, procedures and controls, a role introduced in 2018/2019 and broadly comparable to Jersey's MLCO. So far, so consistent.
  • The trap is the Nominated Officer.
    • In the UK, that title belongs to the person who receives SARs and decides on external disclosure, arguably the single most legally consequential role in the whole framework.
    • In Guernsey, the GFSC's own Handbook defines the Nominated Officer's job much more narrowly: to receive disclosures "in the absence of the MLRO" and to "otherwise carry out the functions of the MLRO in that officer's absence." It's an absence-cover role, not the primary decision-maker role the same title carries in the UK.
  • So a Guernsey Nominated Officer and a UK Nominated Officer share a job title and almost nothing else.
  • Anyone drafting a cross-jurisdictional AML policy, or moving between a UK and a Guernsey entity, needs to actively unlearn the UK definition before applying the term in a Guernsey context, rather than simply translating it.

Elsewhere: a few more variants worth knowing:

The UK/Jersey/Guernsey cluster isn't the whole picture. A few other jurisdictions add their own combinations, though the sourcing on these two is thinner than the material above, and worth a direct regulator check before you rely on it:

  • The Bahamas appears to use MLPO Money Laundering Prevention Officer as a role usually held jointly with the MLRO. This is based on a single trade-press source rather than a primary regulator document, so treat it as indicative rather than confirmed.
  • The UAE (DFSA in the Dubai International Financial Centre; FSRA in Abu Dhabi Global Market) reportedly registers a combined "CO & MLRO" function compliance officer and reporting officer folded into one registered role. Again, this rests on a secondary legal-commentary source, not a DFSA/FSRA rulebook citation, so it should be verified against the regulator's own rules before being stated as fact in a published piece.
  • Other offshore centres, including the Cayman Islands, have their own regulator-specific frameworks (CIMA's guidance notes, in Cayman's case) that weren't checked in enough depth for this piece and are worth verifying separately if you want to extend the comparison.

Why this matters beyond pedantry

None of this is trivia for its own sake. Three practical consequences follow directly from the confusion:

  • Group policies drafted centrally often get this wrong. A single global AML policy that defines "the MLRO" or "the Nominated Officer" once and applies that definition across every jurisdiction in which the group operates will misstate the legal duties of at least one of those roles somewhere in the group.
  • Recruitment and job titling create false equivalence. An MLRO/MLCO job advert written for a Jersey audience and reused for a UK hire implies a role split that doesn't exist in UK law, and vice versa: a UK-drafted MLRO job description applied in Guernsey will understate what the MLCO is separately responsible for.
  • Due diligence on counterparties can miss the actual decision-maker. If you're assessing a counterparty's AML framework and you ask "who is your Nominated Officer" without specifying jurisdictional context, you may get an answer describing an absence-cover role (Guernsey) when what you actually needed to know was who makes the SAR disclosure decision (UK), two very different people in terms of authority and accountability.

The underlying lesson is a simple one, but it's easy to lose in the acronym soup: these titles are not interchangeable shorthand for "the AML person." Each is a term of art, defined by a specific piece of legislation or regulatory handbook, carrying specific legal consequences that don't travel automatically across a border, even when the border in question is the short ferry ride between Jersey and Guernsey.


This article reflects the regulatory position in each jurisdiction as understood at the time of writing (July 2026). Jersey's MLCO framework, in particular, is under active reform (see above), with further changes taking effect through 31 October 2026; readers relying on this for compliance purposes should check current JFSC and GFSC guidance directly. The Bahamas and UAE points are sourced from secondary commentary rather than primary regulator text and should be independently verified before being relied on.

Sources

United Kingdom

Jersey

Guernsey

Elsewhere (lower-confidence   secondary sources only)

 

JERSEY MLRO MLCO UNITED KINGDOM GUERNSEY

The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more

Gallery

View our latest imagery from our news and work

Find out more

Contact

Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.