Michael Calleja | Senior Compliance Services Executive | Malta
The document provides an Overview of the Enforcement Process followed by the FIAU when carrying out examinations to monitor compliance of Subject Persons (SPs) with their AML/CFT obligations. It is worth reiterating that the FIAU (through its Compliance Monitoring Committee) can impose various administrative measures for breaches related to AML/CFT obligations, such as “inter alia”:
1. Written Reprimand: This is a warning for minor breaches.
2. Remediation Directive: Requires the market participant to align its operations with AML/CFT obligations, update policies and procedures, and update customer profiles if needed. Typically imposed for less significant breaches.
3. Follow-Up Directive: SPs must create and implement an action plan with specific tasks and deadlines to rectify the breach. Periodic meetings and assessments are conducted to ensure compliance.
4. Administrative Penalty: Penalties vary based on breach severity:
5. Penalties for Individuals: Directors or officers responsible for management may be penalized if they contributed to a breach through wilful or gross negligence. The CMC ensures a rigorous assessment of individual involvement and requires sufficient evidence before imposing penalties.
A significant portion of the Factsheet is dedicated to the most serious breaches identified between 2021 and 2022. These breaches are categorized into four main areas: the nature of business relationships, Enhanced Due Diligence (EDD), ongoing monitoring and reporting of suspicious transactions and activities, and issues related to beneficial ownership.
i. The purpose and intended nature of the business relationship: In 2021 and 2022, 33 breaches of this regulation were identified, primarily due to SPs’ failure to establish complete customer profiles, often because of generic or vague information about the customer’s source of wealth. Additionally, SPs frequently neglected to gather details on expected levels and types of customer activity, particularly in sectors like investment services and gaming. This failure compromises the ability to monitor customer transactions effectively. SPs are encouraged to periodically adjust and refine these profiles to better understand and monitor their customers’ transactional behaviours.
ii. Enhanced Due Diligence (EDD): Between 2021 and 2022, 20 breaches of EDD requirements were identified. These included failures to establish or effectively implement EDD policies and procedures. Some SPs did not conduct EDD measures even when high-risk elements were present. While a single high-risk element doesn’t automatically necessitate EDD, SPs must be vigilant in assessing risks and applying due diligence, especially when dealing with high-risk jurisdictions, cash-intensive businesses, services that promote anonymity, complex structures without clear justification, or activities linked to a higher corruption risk.
iii. Ongoing Monitoring: (comprising of both Transaction Monitoring and the obligation of Subject Persons to keep documents, data and information up to date throughout the business relationship) and Reporting (Internal and External) of Suspicious Transactions and Suspicious Activities. The FIAU re-emphasizes that whilst having an automated system for monitoring is not mandatory, its necessity depends on the SP’s size, business complexity, risk appetite, and the volume of daily transactions. This factsheet, primarily aimed at payment processing institutions, is valuable for all SPs in understanding their transaction monitoring duties. Between 2021 and 2022, 29 breaches related to transaction monitoring were recorded. The primary issues were ineffective monitoring leading to systemic failures and, in some cases, transactions being processed without adequate scrutiny or understanding, resulting in the processing of transactions with unexplained sources.
iv. Breaches relating to beneficial ownership: These include breaches related to the identification and verification of the identity of Beneficial Owners, the ownership and control structure and breaches for failure to report situations involving the possible concealment of beneficial ownership.
Moreover, legal entities like companies, trusts, foundations, and partnerships serve numerous legitimate purposes but can also be misused in complex schemes to conceal the true owner, the motive behind transactions, or assets. To mitigate such misuse, it’s crucial to gather sufficient information about the Beneficial Owner (BO), the source of assets, and their activities. Inadequate or outdated BO information facilitates money laundering and terrorist financing (ML/FT) by concealing:
- The identity of potential criminals.
- The purpose of transactions.
- The source of funds.
Concealment of BO information can also occur through shell companies, complex ownership/control structures, use of legal persons as directors, formal or informal nominee shareholders/directors without disclosing the nominator, or through close associates and family. Between 2021 and 2022, 63 BO-related breaches were identified, mainly involving failures in identifying and verifying the BO, inadequately verifying complex ownership/control structures, and not reporting suspicions of ML/FT related to BO concealment. These breaches are considered serious due to the high ML/FT risk and potential association with predicate offences like tax evasion and money laundering.
Case studies are included in the Enforcement Fact Sheet in relation to each of the abovementioned focus areas – providing Subject Persons with practical examples of material breaches for various types of regulated business to assist SPs in combatting Money Laundering and Terrorist Financing. Although the FIAU positively notes the significant investment in the AML/CFT control framework made by Subject Persons, the document provides additional guidance to Subject Persons as to which areas should be given priority to ensure that their services are not being abused for illegitimate purposes.
The FIAU encourages SPs to review the Enforcement Factsheet in detail, which can be accessed through their website. Additionally, Aspida offers support to SPs through internal audits, client file evaluations, and thorough reviews of policies and procedures, ensuring compliance with all statutory obligations and adherence to AML/CFT requirements as per FIAU expectations.
For a discussion on options available to facilitate your requirements, please contact email@example.com in the first instance.