AML Compliance Guidelines: Malta

Malta is a small island nation, occupying a strategic location between Sicily and Libya, and across one of the busiest shipping lanes of the world in the Central Mediterranean. The economy of Malta is moderately free and ranked 10th by GDP per capita in the European Union.

Its economy is primarily driven by services in shipping, banking, the financial sector, tourism, and online gaming. It has a small domestic market which makes it heavily reliant on foreign trade in both goods and services.

Malta has been attracting foreign investments consistently due to its business-friendly policies, tax incentives, highly skilled workforce, and strategic location in the Mediterranean Sea. While these factors present business opportunities they also introduce risks of the inflow of proceeds generated from organized crimes, corruption, fraud, and tax evasion.

Malta has established a strong framework to combat money laundering (ML) and terrorist financing (TF), especially the reforms introduced after the country was put on the Financial Action Task Force’s greylist, aligned it with international standards.

The following is a brief overview of the key aspects of Malta’s Anti-Money Laundering (AML) and Sanctions Compliance Framework.

AML Supervisory Authorities in Malta

Financial Intelligence Analysis Unit (FIAU)

The FIAU is Malta’s primary overseeing subject person’s compliance with AML Laws and its implementing regulations in coordination with the supervisory authorities. It also plays the role of Maltese FIU by collecting and analyzing information from domestic and foreign sources, particularly from subject persons through suspicious transactions and activity reports, and disseminating verified information to law enforcement and other authorities.

It also issues interpretations for regulations to guide and assist subject persons in effectively implementing procedures required by the AML regulations. FIAU uses its powers to implement fines and other penalties to promote enforcement of these regulations.

Malta Financial Services Authority (MFSA)

The FIAU is the national agency responsible for fighting terrorism financing and money laundering in Malta. The MFSA is considered to be an agent of the FIAU. It supports and coordinates with FIAU in discharging its responsibilities to ensure that entities operating in the financial sector comply with AML and counter-financing of terrorism (CFT) obligations.

National Coordinating Committee (NCC)

The NCC, established within the Ministry of Finance, is a governing body exercising general oversight over AML/CFT policy. This means NCC also develops, implements, and coordinates the AML/CFT strategy of Malta. Another function of the NCC is to publish the National Risk Assessment (NRA).

Key AML Laws

Prevention of Money Laundering Act (PMLA)

Malta’s efforts to combat money laundering date back to 1994, when PMLA was enacted and money laundering was criminalized. It takes an “all crimes” approach for underlying predicate offenses that generate illicit proceeds.

PMLA Malta is a framework legislation that sets obligations to prevent, detect, and prosecute money laundering and funding of terrorism offenses. In addition, it established the Financial Intelligence Analysis Unit (FIAU), responsible for overseeing the AML compliance of subject persons.

Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR)

The objective of these regulations is to implement provisions of the 5th AML Directive in Malta within the framework set by PMLA. To achieve these goals, regulations set specific obligations for regulated entities including requirements for risk assessment, internal controls, customer due diligence, reporting, and record-keeping. In addition, regulations also form the basis for certain powers and responsibilities of the FIAU and supervisory authorities.

FIAU Implementing Procedures

The FIAU issues Implementing Procedures (IPs) that serve as a practical guide and interpretation on how to achieve compliance with the PMLFTR or Money Laundering Act Malta.

Part 1 of the procedures contains general guidelines whereas Part 2 contains sector-specific directions. Subject persons are legally bound to ensure compliance with IPs and face administrative penalties from the FIAU in case of contraventions.

Use of Cash (Restriction) Regulations

This subsidiary legislation sets certain restrictions on cash use with an objective to combat money laundering and terrorism financing. FIAU is entrusted with the supervision and enforcement of these regulations.

The key provisions state that:

• Any cash payment (or linked transactions) that equals or exceeds €10,000 for the sale/purchase of works of art, antiques, precious metals or stones, motor vehicles, or immovable property is illegal.
• Cash payments above this threshold are a criminal offense and may result in a fine of up to 40% of the amount in excess of the limit on conviction.
• Notaries are required to retain certain information about the sale or purchase of immovable property that amounts to or exceeds €10,000.
• FIAU may conduct onsite examinations of the traders or notaries to ensure their operations are in compliance with these regulations.

Who is subject to AML Laws in Malta?

Entities and individuals who must ensure AML/CFT compliance in Malta are referred to as subject persons, which include:

• Credit and financial institutions (banks, insurance companies, investment firms)
• Crypto-asset service providers
• Gaming operators (land-based casinos, remote gaming platforms)
• Trustees and fiduciaries (trust and company service providers)
• Accountants, auditors, and tax advisors
• Real estate agents and notaries
• Dealers in high-value goods (art, jewelry, precious metals and precious stones)
• Legal professionals (when engaging in financial or corporate transactions)

Non-Compliance with AML Laws

Non-compliance with AML Malta regulations and implementing procedures can lead to significant administrative and criminal penalties.

Administrative Penalties: The FIAU is the primary authority empowered to impose substantial fines on non-compliant entities. Administrative fines can reach significant amounts depending on the severity of the breach, e.g., for entities operating in non-financial sectors up to €1,000,000, and for entities operating in the financial sector up to €5,000,000.

Criminal Penalties: A person convicted of a money laundering offense may face up to 18 years imprisonment or a fine of up to €2,500,000.

AML Compliance Malta

To ensure, AML compliance subject persons should pay particular attention to the following obligations.

Risk-Based Approach

• Determining risk factors (e.g., customer, geographic, products/services, transaction, and delivery channel risks)
• Conducting business risk assessment (BRA)
• Applying mitigating measures, controls, policies, and procedures
• Carrying out customer risk assessment (CRA)
• Conducting adverse media screening
• Applying risk-sensitive CDD measures

Subject persons will only be able to apply a risk-based approach once the risk of a particular business relationship or occasional transaction is assessed or understood. Two main risk factors of CRA are customer reputation, and its nature and behavior.

FIAU Implementing Procedures mandate adverse media screening for assessing customer reputation risk. The impact of adverse media news will depend on its recency, relevance, nature, and credibility of the source.

Customer Due Diligence (CDD)

The requirement to apply customer due diligence measures ensures that subject persons have adequate mechanisms in place to:

• Identify who is the customer, and where applicable (including in the case of trusts, companies, foundations, and associations), the beneficial owners
• If the customer is a legal person, establish an ownership and control structure
• Verify whether the person is a person who they claim they are.
• Determine if a person is acting on behalf of another person (such as an agent or attorney); if so verify their identity and claim of authorization
• Establish the purpose and intended nature of the business relationship, and establish the customer’s business and risk profile
• In the case of a business relationship, monitor on an ongoing basis whether the relationship aligns with the subject person’s knowledge about the customer
• Implement policies and procedures for sanctions screening

Customer due diligence measures shall be applied in the following circumstances:

• When establishing a business relationship
• When executing an occasional transaction
• When suspicion of ML/TF is identified
• On a risk-sensitive, periodic basis for existing customers
• When doubts arise about the accuracy and adequacy of existing identification information

Enhanced Due Diligence Measures

Subject persons are required to apply enhanced due diligence measures in situations where the ML/TF risks are assessed as high, including the following situations prescribed by law:

• Politically exposed persons
• Correspondent banking relationships
• Complex and unusually large transactions

Politically Exposed Persons (PEPs)

AML checks require maintaining risk management systems to determine if any of their customers or a beneficial owner is a politically exposed person, a family member, or a close associate of a PEP. PMLFTR Malta doesn’t distinguish between domestic or foreign PEP, so the requirements are the same whether a person holds a prominent position in Malta or a foreign country.

Moreover, this requirement is not only applicable to new or prospective clients but also to existing customers as well who can become a PEP at any point during the course of the business relationship. Therefore, the PEP identification system or PEP screening system should be part of the ongoing monitoring of a client.

Record-Keeping

Subject persons must maintain records and documents related to customer identification, transactions, and due diligence activities. Such records shall be maintained for a period of five years, subject to no other law required for a longer period. In no situation can a subject person be asked to retain records for more than 10 years.

Suspicious Transaction Reporting (STR)

Subject persons are required to file an STR with the FIAU in the event they have knowledge, suspicion, or reasonable grounds to suspect ML/TF or that funds are the proceeds of a crime. The obligation to file an STR exists irrespective of whether a transaction was executed or attempted and the amount involved.

Expected Changes in AML/CFT Laws in Malta

As a member of the Financial Action Task Force (FATF) and Moneyval, Malta undergoes regular evaluations to assess the effectiveness of its AML policies and identification of areas of improvement. This means new regulations are expected to take place as gaps in existing regulations are identified or new threats are detected.

Additionally, all member states of the European Union are obliged to transpose the EU Directive in their legal systems, and Malta is no exception. One such Directive is the 6th AMLD of 31 May 2024 which will introduce new changes like the establishment of a central beneficial owner register, real estate register, central bank account register, and establishment of Union’s AML/CFT Authority (AMLA).

High Risk Sectors

The National Risk Assessment Malta identified several sectors with elevated ML/TF risks. The NRA identified that financial institutions, company service providers, remote gaming, real estate, and dealers in high-value goods pose relatively higher inherent ML risks than other sectors.

Similarly, the report identified that FIs (money remitters) and legal persons with beneficial owners in high-risk jurisdictions pose higher residual TF risk. Whereas money transfer services, trade finance products, virtual currencies, the use of vessels or shipping companies, and the aviation industry were assessed as having a medium to high risk of contravening targeted financial sanctions.

Sanctions Compliance in Malta

National Interest (Enabling Powers) Act (NIA)

The NIA provides the legal basis to implement and enforce international sanctions in Malta. It provides for the incorporation of the United Nations Security Council and European Union sanctions in local legislation.

It establishes a Sanctions Monitoring Board with powers to issue regulations and enforce sanctions in Malta. The NIA also provides for fines and penalties for individuals and legal entities who fail to comply with these regulations.

Sanctions Monitoring Board (SMB)

The Sanctions Monitoring Board is the competent authority to oversee and enforce compliance with local and international sanctions in Malta. All entities and individuals in Malta are obliged to comply with EU and UN sanctions as well as national sanctions (no individual designation as of now).

Sanctions Screening Requirement in Malta

Although every person and entity in Malta is obliged to ensure compliance with applicable sanctions, subject persons have an additional obligation to have policies, procedures, and internal controls in place to ensure compliance with the NIA.

As per Article 17 (6) of NIA, subject persons are obliged to screen their clients against applicable sanctions lists on a regular basis and immediately after a change in those lists occurs. If a match to the sanctions list is identified, subject persons are obliged to report it to the SMB along with measures taken.

With reference to the EU Blocking Statute that protects the EU operators from the extraterritorial effects of OFAC sanctions, a judgment delivered by the First Hall Civil Court observed that sanctions issued by other nations do not have an effect in Malta due to the Sovereignty of the Maltese State.

However, SMB guidance note on National Sanctions of third countries recommends that hits that match with sanctions issued by third countries should be monitored and not be dismissed plainly. Subject persons should analyze the reason why an entity was designated, for example, a designation due to terrorism may raise concerns and have implications on AML/CFT compliance.

SMB guidance note on adverse media recommends subject persons to include adverse media screening in fulfilling their CDD obligations. In relation to sanctions, adverse media may uncover indirect control or ownership of companies or property of listed persons or entities, or links to a third party that may be known for violating or circumventing sanctions.

Penalties for Non-Compliance

A person convicted for contravening sanctions measures may be liable for up to 12 years imprisonment or a fine of up to €5 million, or both. In the case of legal entities, the fine could be as high as €10 million.

Moreover, SMB can impose administrative penalties to subject persons contravening requirements of Article 17 (6) of NIA requiring implementation of internal controls and procedures to ensure compliance with EU, UN, and National Sanctions.

The goal of an effective AML strategy is to disrupt and dismantle underlying criminal activities or predicate offenses that generate significant volumes of illegal funds. These illegal funds at some point in time will need to be introduced into the financial system, thus creating demand for money laundering.

These underlying crimes, like corruption, drug trafficking, and human trafficking generate billions of dollars in proceeds annually. A report by the FIAU cited an estimate that $150 billion is generated annually from human trafficking and modern slavery alone.

Monitoring predicate offenses is not only a requirement for AML subject persons but is equally crucial for corporations to ensure transparency and integrity across their operations, as guided by Directive (EU) 2024/1760 on Corporate Sustainability Due Diligence.