In view of the legislative amendments made to Chapter 373 of the Laws of Malta, the Prevention of Money Laundering Act and its subsidiary legislation, the ‘Prevention of Money Laundering and Funding of Terrorism Regulations’ (PMLFTR), the revision of Part I of the Implementing Procedures was expected and such revision provides various industries further guidance. The changes and additions brought about are expected to provide extensive and in-depth guidance to subject persons in fulfilling their obligations to comply with AML/CFT rules.
- The salient features are as follows: A comprehensive understanding of the procedure to be followed when carrying out business and customer risk assessments in order to ensure the proper application of the risk based approach. Some of the highlights of this approach include; the determination of the likelihood and impact of any manifested risks in order to identify any threats and vulnerabilities that one may be exposed to. It follows that the FIAU enlists various risks, however, this must in no way be considered as being exhaustive, and appreciation must be given to the nature, actives and size of the business. Some of the mentioned risks include, customer risks, geographical risks, product, services and transaction risk as well as delivery channel risk. Additional and sector specific risks may also arise and thus thorough examination is expected. In the event that a subject person has identified any ML/FT risk, it must take preventive action in order to supress or reducing the risk from materialising. Additional obligations are imposed by virtue of Regulation 5 (5) of the PLMFTR.
- A revamp of Customer Due Diligence (CDD) obligations—Special cognisance must be given to the subject persons’ obligation to perform on-going supervision whilst offering significant guidance in order to perform their duties diligently and effectively;
- In previous publications, the FIAU recognised technological alternatives to address CDD obligations including identification and verification of customers (according to the rules contained under section 4.3.1 of the revises Implementing Procedures Part I). Consequently, the revised document acknowledges new tech creations which have since been discovered.
- Previously, the instances of when outsourcing could be resorted to, was acknowledged in a haphazard and brief manner. With the revised procedure, a chapter has been specifically designated to ‘outsourcing’, including matters relating to the conditions and responsibilities of the outsourced service provider;
- Amendments by way of clarification of what constitutes a non-reputable jurisdictions and high- risk jurisdictions have been made to Chapter 8;
- Due consideration was given to the implications of omitting subject persons from sanction screening obligations, that had been suggested in the initial consultation document. In view of the feedback received, Section 4.11 was introduced reminding subject persons of their obligations under Chapter 365 of the Laws of Malta, ‘The National Interest (Enabling Powers) Act’, which inter alia includes reporting obligations, sanction screening and freezing of assets. Moreover, Section 4.11 highlights the importance of coordination with competent authorities.
The FIAU notified that as a result of the revised procedures, it is hereby repealing the sector specific Implementing procedures addressed to banks and that it has initiated discussions with the Malta Bankers Association on the possibility of drafting a new version of Implementing Procedures Part II. Other sector specific Implementing Procedure Part II addressed to land-based casinos, remote gaming sectors which supplement Part I of the Implementing Procedures are still however of relevance and further ad-hoc guidance is to be expected.