- Policies and Procedures – Breach of Regulations 5(5)(a) and 5(5)(f) of the PMLFTR and Section 3.4 of the IPs
Shortcomings noted were namely that the AML/CFT Procedures Manual produced by the Company was a rather generic document detailing its obligations at law but providing insufficient guidance on the ways these would be met in practice, while also being outdated. Furthermore, the Company’s policies and procedures did not detail the Customer Acceptance Policy (‘CAP’) and only referred to it and the need to on board investors in line with its risk appetite. These deficiencies did not enable the Company to adequately address its AML/CFT responsibilities and furthermore, the lack of an adequate CAP did not allow a comparison of the risk posed by potential investors with the Company’s risk appetite at the on boarding stage.
- Customer Risk Assessment (CRA) – Breach of Regulation 5(5)(a)(ii) of the PMLFTR and Section 3.5 of the IPs
The template of the CRA methodology and risk calculation tool provided was not specific to the Company’s circumstances. Despite the Company carrying out mostly non-face-to-face business, even accepting investor subscriptions in kind, the CRA did not adequately cater for addressing relevant risk indicators, as the interface risk factor was not considered and subscriptions in kind may not have been adequately considered or reflected. In some instances, the completed CRA did not consider the necessary risk indicators which would permit the Company to establish the investor’s risk profile. It also emerged that in conducting the CRA, the estimated transaction profile (value and volume) as well as the investor’s activities, are not taken into consideration. The FIAU managed to establish that for certain investor relationships, the CRA was carried out after on boarding, a matter of serious concern since the Company was not in a position to establish the level of risk prior to accepting the investor.
- Identification and Verification – Breach of Regulations 7(1)(a) and 7(1)(b) of the PMLFTR and Section 4.3 of the IPs
FIAU’s audit revealed shortcomings by the Company in terms of its obligations regarding the identification and verification of natural persons, legal entities and where applicable, the beneficial owner/s. Documents held on file were not sufficient and in one case was not valid at the time of on boarding.
- Purpose and Intended Nature – Breach of Regulation 7(1)(c) of the PMLFTR and Section 4.4.2 of the IPs
Information concerning the investor’s anticipated level and nature of activity was not obtained for all business relationships. Failures were also observed in the Company’s measures to obtain the source of wealth and expected source of funds of its investors. In other instances involving a nominee investor, the information on file was limited to the activities of the nominee. The application of Simplified Due Diligence (“SDD”) would be conditional on the Company obtaining an undertaking from the nominee investor (being a regulated entity) that CDD information and documentation on the underlying investors would be made immediately available to the Company upon its request. It also emerged that on some occasions, the Company invested its own funds in the business of its investors, where there was no clear rationale and where it was not clear whether this was in line with the fund prospectus. The Company was thereby not in a position to build a comprehensive business and risk profile on its investors.
These repeated failures did not permit the Company to adequately gauge and assess any significant breaches to its risk appetite, where the Company was not in a position to identify and assess the risks of ML and FT that arise out of its activities or business, taking into account risk factors relating to investors, countries or geographical areas, products, services, transactions and delivery channels. As a result of inadequate observance of AML/CFT requirements, the Company permitted professional investors to transfer millions into the financial system without proper controls. The FIAU’s Compliance Monitoring Committee (‘CMC’) considered that the Company was in the process of surrendering its licence with the MFSA, as well as its nature and size. The CMC determined that the Company’s lack of regard towards its AML/CFT obligations could have had an impact not only on its own operations but also on the local financial services industry as well as negatively impacting Malta’s reputation.