How should growing UK fintechs divide compliance and money laundering reporting duties? At Compliance Consultant, we frequently see mid-sized fintechs struggle to delineate between the Compliance Oversight function (SMF 16) and the Money Laundering Reporting function (SMF 17). While combining them into a single dual-hatted role is legally permitted for smaller firms under the Senior Managers and Certification Regime, separating them is often the required choice for scaling businesses in 2026 to manage distinct statutory duties, mitigate severe FCA penalties, and avoid personal liabilities. This comparison breaks down the exact differences in day-to-day oversight, National Crime Agency reporting obligations, and how to allocate these roles without creating a single point of failure in your governance framework.
Quick verdict: How to allocate SMF 16 and SMF 17 functions at UK fintechs
When structuring your governance framework, you must map specific regulatory burdens to the correct senior management function. The division of responsibilities is not merely operational; it is a regulatory expectation that the FCA reviews during supervisory visits.
- Best for managing broad FCA conduct rules and compliance monitoring: SMF 16
- Best for owning the AML programme and filing Suspicious Activity Reports (SARs): SMF 17
- When neither is right: When the individual already holds the Chief Executive (SMF 1) function, as FCA rules explicitly prohibit the CEO from also holding the SMF 16 designation in most regulated firms.
In the early stages of a financial services startup, a single individual often holds both positions. However, as transaction volumes rise and the complexity of your product offering expands, this dual-hatted arrangement introduces major operational strain. Managing both general compliance and financial crime prevention leaves little time for the proactive testing that prevents systemic failures.
Furthermore, firms must plan for real-world processing times rather than relying on theoretical timelines. While the official target for straightforward senior manager approvals is shorter, in practice, obtaining FCA approval for an SMF 16 or SMF 17 candidate currently takes approximately 6 months. This timeline makes early decision-making about your organizational structure a practical necessity.
Overview of each senior management function under the FCA framework
To build a compliant structure, you must first understand the distinct regulatory foundations of each role. These are defined under FCA Handbook - SUP 10C.6 FCA required functions, which establishes the exact boundaries of each required position.
SMF 16 (Compliance oversight)
The Compliance Oversight function, designated as SMF 16, is responsible for the overall management of the firm's compliance systems and controls. The individual in this position ensures that the business adheres to the rules set out in the FCA Handbook, manages regulatory reporting via the RegData portal, and serves as the primary point of contact for the regulator on general conduct matters.
Under the Senior Managers and Certification Regime, the SMF 16 holder must actively monitor the firm’s compliance framework. This involves maintaining the compliance monitoring plan, managing the risk registers, and ensuring the business meets current standards, including the Consumer Duty. They are responsible for identifying systemic gaps in the firm's policies and procedures, making them the central figure in protecting the firm's regulatory standing.
SMF 17 (Money laundering reporting)
The Money Laundering Reporting Officer (MLRO), designated as SMF 17, is a statutory role mandated under the Money Laundering Regulations 2017. The MLRO is responsible for the design and implementation of the firm’s anti-money laundering (AML) and counter-terrorist financing (CTF) systems.
A primary duty of the SMF 17 holder is to act as the nominated officer for receiving internal suspicious activity reports from staff. The MLRO must evaluate these reports independently and decide whether to file a formal Suspicious Activity Report (SAR) with the National Crime Agency (NCA), as outlined in the FCA's guidance on money laundering and terrorist financing. This role is highly specialized, requiring deep knowledge of transaction monitoring, sanctions screening, and know-your-customer (KYC) onboarding processes.
Head-to-head comparison: How our London compliance advisory separates these roles
While both functions sit within the broader compliance department, their legal origins, reporting lines, and personal risks are distinct. The following table highlights the operational and regulatory differences between the two roles.
| Factor | SMF 16 (Compliance Officer) | SMF 17 (MLRO) | Distinct duty |
|---|---|---|---|
| Primary Regulatory Body | Financial Conduct Authority (FCA) | National Crime Agency (NCA) & FCA | SMF 16 handles broad code of conduct; SMF 17 handles financial crime. |
| Key Legislation | Financial Services and Markets Act 2000 | Money Laundering Regulations 2017 | MLRO has criminal liability under Proceeds of Crime Act 2002. |
| Scope of Responsibility | Firm-wide regulatory compliance & consumer protection | Financial crime, AML, sanctions, and terrorist financing | SMF 16 oversees systems and controls; SMF 17 reports suspicious activity. |
| Personal Liability | Regulatory fines and public censure from the FCA | Regulatory sanctions plus direct criminal prosecution | MLRO faces prison risk for failure to report suspicious activity. |
Statutory duties and personal liability
The personal liability associated with these roles represents their most significant difference. The SMF 16 holder is subject to the Duty of Responsibility under the Financial Services and Markets Act 2000. If a firm breaches a regulatory requirement, the SMF 16 holder can face regulatory fines or public censure if they did not take reasonable steps to prevent the breach. We cover the operational mechanics of documenting these defensive actions in our guide on evidencing reasonable steps under SM&CR.
The SMF 17 holder, however, faces direct criminal liability under Part 7 of the Proceeds of Crime Act 2002. If an MLRO fails to disclose a suspicion of money laundering, or if they tip off a client under investigation, they can face personal criminal prosecution, resulting in custodial sentences of up to five years. This dual liability framework—carrying both FCA administrative sanctions and individual criminal penalties—explains why the recruitment market for qualified MLROs is exceptionally demanding.
Regulator interaction and reporting structures
The communication channels for each function reflect their different focus areas. The SMF 16 holder maintains a continuous, collaborative relationship with the FCA, responding to information requests, managing notifications, and handling supervisory reviews. Their goal is to maintain the firm's overall compliance and market conduct.
The SMF 17 holder operates within a more confidential and structured communication framework. When filing SARs, the MLRO interacts directly with the NCA. To preserve the integrity of financial crime investigations, the MLRO must have the authority to act independently of the board, allowing them to make reporting decisions without internal interference or commercial pressure. This division of communication channels is a key reason why MLRO vs compliance officer structures must remain distinct as a firm grows.
How Compliance Consultant retainers protect senior managers
Holding an SMF designation carries significant personal accountability. At Compliance Consultant, we provide structured retainer packages designed to give senior managers the tools, templates, and advisory hours needed to evidence that they are taking reasonable steps to manage their regulatory obligations.
| Retainer Tier | Price (inc. VAT) | Advisory Allocation | Key Inclusions & SM&CR Deliverables |
|---|---|---|---|
| Silver (Compliance Professional) | £895/month (£9,540/yr annual) | 8 hours/month | 1-day response SLA, Monthly briefings, SMCR Responsibilities Mapping Playbook (£299 retail value), Compliance Monitoring Programme Builder (£199 value) |
| Gold (Compliance Partner) | £1,495/month (£16,140/yr annual) | 16 hours/month | 4-hour response SLA, Dedicated consultant, Quarterly board reports, SMCR Handover Documentation (£199 value), Conduct Rules Breach Investigation Toolkit (£349 value) |
The Silver retainer is designed for established firms that require proactive compliance management and professional-grade templates to track their senior manager duties. It provides the SMCR Responsibilities Mapping Playbook, helping dual-hatted individuals maintain clear boundaries between their roles.
The Gold retainer is built for high-growth businesses requiring a dedicated compliance partner. It includes strategic board-level support, direct mobile access to a consultant, and key documentation tools like the SMCR Handover Playbook and the Conduct Rules Breach Investigation Toolkit, which are essential when transitioning from a dual-hatted setup to a separated compliance function.
Who should hold what: Structuring your UK financial services team
As your fintech expands, determining when and how to separate these roles is critical to satisfying regulatory scrutiny and maintaining operational control.
Choose a separated SMF 16 setup if…
Your firm should appoint a dedicated SMF 16 holder if you offer complex retail products, manage high volumes of customer data, or operate across multiple regulatory permissions. Managing compliance in a retail environment requires continuous focus on consumer outcomes, marketing reviews, and product governance.
A dedicated compliance officer is also necessary if your business is navigating the complex process of securing its first regulatory permissions. For a detailed breakdown of how to structure your team during this phase, read our comprehensive guide on how to get FCA authorisation.
Choose a separated SMF 17 setup if…
A separated SMF 17 setup is necessary if your fintech operates in high-risk sectors such as cross-border payments, peer-to-peer lending, or crypto-assets. High transaction volumes generate large numbers of automated alerts that require manual investigation by an independent, trained specialist.
If your general compliance officer is spent managing transactional alerts and filing SARs, they will struggle to maintain oversight of your broader regulatory requirements. The FCA expects the MLRO to have the time, resource, and direct authority to handle AML controls without being compromised by commercial targets.
Neither setup is right if…
Neither role should be allocated to individuals who lack appropriate seniority, independent authority, or verified industry training. The FCA assesses the fitness and propriety of candidates by reviewing their practical experience and relevant professional credentials.
Furthermore, you cannot allocate these roles to individuals with clear conflicts of interest. As noted in the industry analysis on the dual SMF holder at smaller regulated firms, the FCA explicitly prohibits the Chief Executive (SMF 1) from holding the Compliance Oversight (SMF 16) function in most regulated firms. This restriction ensures that the person responsible for monitoring regulatory compliance is independent of the firm's commercial leadership.
Final verdict: Navigating FCA scrutiny on combined roles
For early-stage fintechs with low transaction volumes and simple operational models, combining the SMF 16 and SMF 17 functions into a single role is a legally permissible approach. It helps keep overheads manageable while meeting the minimum requirements for initial authorisation.
However, as your business grows, this combined model creates a single point of failure. The FCA expects growing firms to proactively review their governance structures. If a single manager is responsible for both general conduct risk and the detailed investigation of transaction alerts, critical tasks will eventually be missed, increasing the risk of regulatory breaches.
Separating these functions demonstrates to the regulator that your firm takes governance seriously. By assigning SMF 16 and SMF 17 to distinct, qualified individuals, you distribute accountability, protect your senior managers from excessive liability, and ensure your compliance framework scales alongside your business.
Protect your senior managers and strengthen your firm's governance. Book a free 30-minute discovery call with our team to discuss your SM&CR mapping, or email info@complianceconsultant.org with the subject "Retainer Discovery Call" to learn whether our Silver or Gold advisory retainer is the right fit to support your compliance team.