Moneyval Mutual Evaluation Report Malta 2019

COMMITTEE OF EXPERTS ON THE EVALUATION
OF ANTI-MONEY LAUNDERING MEASURES AND

THE FINANCING OF TERRORISM (MONEYVAL)
MONEYVAL(2019)5
Anti-money laundering
and counter-terrorist
financing measures
Malta
Fifth Round Mutual Evaluation Report
July 2019
The Committee of Experts on
the Evaluation of Anti-Money
Laundering Measures and
the Financing of Terrorism -
MONEYVAL is a permanent
monitoring body of the Council
of Europe entrusted with the
task of assessing compliance
with the principal
international standards to
counter money laundering and
the financing of terrorism and
the effectiveness of their
implementation, as well as
with the task of making
recommendations to national
authorities in respect of
necessary improvements to
their systems. Through a
dynamic process of mutual
evaluations, peer review and
regular follow-up of its
reports, MONEYVAL aims to
improve the capacities of
national authorities to fight
money laundering and the
financing of terrorism more
effectively.
The fifth round mutual

evaluation report on Malta was
All rights reserved. Reproduction is authorised, provided the source
adopted by the MONEYVAL
is acknowledged, save where otherwise stated. For any use for
commercial purposes, no part of this publication may be translated, Committee at its 58th Plenary
reproduced or transmitted, in any form or by any means, electronic Session
(CD-Rom, Internet, etc.) or mechanical, including photocopying,
recording or any information storage or retrieval system without (Strasbourg, 15 – 19 July 2019).
prior permission in writing from the MONEYVAL Secretariat,
Directorate General of Human Rights and Rule of Law, Council of
Europe (F-67075 Strasbourg or [email protected])
Contents
Executive Summary ........................................................................................................................................................... 6
Key Findings .................................................................................................................................................................. 6
Risks and General Situation .................................................................................................................................... 9
Overall Level of Effectiveness and Technical Compliance ......................................................................... 9
Priority Actions .......................................................................................................................................................... 14
Effectiveness & Technical Compliance Ratings ............................................................................................ 17
Mutual Evaluation Report ............................................................................................................................................. 18
CHAPTER 1. ML/TF RISKS AND CONTEXT ......................................................................................................... 19
ML/TF Risks and Scoping of Higher-Risk Issues ................................................................................................. 19
Country’s risk assessment & Scoping of Higher Risk Issues ................................................................... 20
Materiality .................................................................................................................................................................... 21
Structural Elements ................................................................................................................................................. 22
Background and other Contextual Factors ..................................................................................................... 22
CHAPTER 2. NATIONAL AML/CFT POLICIES AND COORDINATION ....................................................... 30
Key Findings and Recommended Actions ....................................................................................................... 30
Immediate Outcome 1 (Risk, Policy and Coordination) ............................................................................ 31
CHAPTER 3. LEGAL SYSTEM AND OPERATIONAL ISSUES........................................................................... 38
Immediate Outcome 6 (Financial intelligence ML/TF) ............................................................................. 41
Immediate Outcome 7 (ML investigation and prosecution) ................................................................... 53
Immediate Outcome 8 (Confiscation)............................................................................................................... 62
CHAPTER 4. TERRORIST FINANCING AND FINANCING OF PROLIFERATION .................................... 69
Immediate Outcome 9 (TF investigation and prosecution) .................................................................... 71
Immediate Outcome 10 (TF preventive measures and financial sanctions).................................... 76
Immediate Outcome 11 (PF financial sanctions) ......................................................................................... 81
CHAPTER 5. PREVENTIVE MEASURES ................................................................................................................. 84
Immediate Outcome 4 (Preventive Measures) ............................................................................................. 85
CHAPTER 6. SUPERVISION ........................................................................................................................................ 94
Immediate Outcome 3 (Supervision)................................................................................................................ 96
CHAPTER 7. LEGAL PERSONS AND ARRANGEMENTS................................................................................ 113
Key Findings and Recommended Actions .................................................................................................... 113
3
Anti-money laundering and counter-terrorist financing measures in Malta – 2019
Immediate Outcome 5 (Legal Persons and Arrangements) ................................................................. 114
CHAPTER 8. INTERNATIONAL COOPERATION ............................................................................................. 121
Key Findings and Recommended Actions .................................................................................................... 121
Immediate Outcome 2 (International cooperation) ................................................................................ 123
TECHNICAL COMPLIANCE ANNEX......................................................................................................................... 135
Recommendation 1 - Assessing Risks and applying a Risk-Based Approach ............................... 135
Recommendation 2 - National Cooperation and Coordination........................................................... 138
Recommendation 3 - Money laundering offence ...................................................................................... 139
Recommendation 4 - Confiscation and provisional measures ............................................................ 140
Recommendation 5 - Terrorist financing offence..................................................................................... 142
Recommendation 6 - Targeted financial sanctions related to terrorism and terrorist
financing .................................................................................................................................................................... 144
Recommendation 7 – Targeted financial sanctions related to proliferation................................. 150
Recommendation 8 – Non-profit organisations ........................................................................................ 152
Recommendation 9 – Financial institution secrecy laws ...................................................................... 156
Recommendation 10 – Customer due diligence ........................................................................................ 157
Recommendation 11 – Record-keeping........................................................................................................ 161
Recommendation 12 – Politically exposed persons ................................................................................ 163
Recommendation 13 – Correspondent banking........................................................................................ 164
Recommendation 14 – Money or value transfer services ..................................................................... 165
Recommendation 15 – New technologies .................................................................................................... 167
Recommendation 16 – Wire transfers .......................................................................................................... 168
Recommendation 17 – Reliance on third parties ..................................................................................... 170
Recommendation 18 – Internal controls and foreign branches and subsidiaries ...................... 171
Recommendation 19 – Higher-risk countries ............................................................................................ 173
Recommendation 20 – Reporting of suspicious transaction ............................................................... 173
Recommendation 21 – Tipping-off and confidentiality ......................................................................... 174
Recommendation 22 – DNFBPs: Customer due diligence..................................................................... 175
Recommendation 23 – DNFBPs: Other measures .................................................................................... 177
Recommendation 24 – Transparency and beneficial ownership of legal persons ..................... 177
Recommendation 25 – Transparency and beneficial ownership of legal arrangements ......... 185
Recommendation 26 – Regulation /and supervision of financial institutions ............................. 188
Recommendation 27 – Powers of supervisors .......................................................................................... 192
Recommendation 28 – Regulation and supervision of DNFBPs ......................................................... 194
Recommendation 29 - Financial intelligence units .................................................................................. 201
Recommendation 30 – Responsibilities of law enforcement and investigative authorities... 205
Recommendation 31 - Powers of law enforcement and investigative authorities ..................... 206
Recommendation 32 – Cash Couriers ............................................................................................................ 207
Recommendation 33 – Statistics...................................................................................................................... 209
Recommendation 34 – Guidance and feedback......................................................................................... 209
Recommendation 35 – Sanctions .................................................................................................................... 211
Recommendation 36 – International instruments ................................................................................... 214
Recommendation 37 - Mutual legal assistance.......................................................................................... 214
Recommendation 38 – Mutual legal assistance: freezing and confiscation ................................... 217
Recommendation 39 – Extradition ................................................................................................................. 218
Recommendation 40 – Other forms of international cooperation .................................................... 220
Compliance with FATF Recommendations ................................................................................................. 227
GLOSSARY OF ACRONYMS ......................................................................................................................................... 231
5
EXECUTIVE SUMMARY
1. This report provides a summary of the anti-money laundering (AML) and countering the
financing of terrorism (CFT) measures in place in Malta as at the date of the onsite visit (5-16
November 2018). It analyses the level of compliance with the Financial Action Task Force
(FATF) 40 Recommendations and the level of effectiveness of Malta’s AML/CFT system, and
provides recommendations on how the system could be strengthened.
Key Findings
 Malta has made significant efforts to understand its money laundering (ML) and financing
of terrorism (FT) risks, including by conducting a formal national risk assessment (NRA)
exercise in 2013/14, with some updating of statistics and findings in 2017. The resulting 2018
report is the primary document demonstrating the country’s understanding of ML/FT threats,
vulnerabilities and risks in Malta. The NRA demonstrates that the authorities have a broad
understanding of the vulnerabilities within the anti-money laundering and counter-terrorist
financing (AML/CFT) system (particularly the regulated sectors), but a number of important
factors appear to be insufficiently analysed or understood. Several agencies, such as the
Financial Intelligence Analysis Unit (FIAU) and the Malta Financial Services Authority (MFSA)
have taken action over the period 2015–2017, and have further revised or are planning to
revise, their operations and priorities to take account of vulnerabilities in the framework. While
initial indications are positive, it is too early to assess their effectiveness. The private sector has
not used the results of the risk assessment for revisiting their relevant policies, procedures and
controls, mainly due to the results of the NRA being first communicated to them in late October
2018.
 The FIAU is considered to be an important source of financial intelligence for the Police in
Malta for pursuing investigations and prosecutions of ML, associated predicate offences and FT.
However, only in a limited number of cases are the FIAU disseminations used to develop
evidence and trace criminal proceeds related to ML. The authorities’ focus primarily on tax
collection (as opposed to conducting criminal investigations on tax-related matters and parallel
financial investigations) excludes the ML elements of the cases, which raises concerns on the
adequacy of the measures applied by the competent authorities in the light of the NRA
conclusions about tax evasion being one of the highest threats in the country. There are also
some concerns regarding the use of suspicious transaction reports (STRs), mainly from the
remote gambling sector concerning non-residents, as these cases are not sufficiently considered
to identify possible ML taking place through Malta. There are only few FT-related investigations
conducted by the Police, of which some were still on-going at the time of the on-site visit. Hence
it is difficult to conclude on the use of financial intelligence by the authorities for the purposes of
FT investigations. The FIAU uses cross-border cash declarations for analytical purposes and
submits relevant information to the Police and/or foreign counterparts. Other than that,
strategic analysis conducted by the FIAU does not adequately support the activities of the
respective stakeholders. The FIAU officers perform their functions freely and objectively
without undue influence. Different factors and circumstances call into question the FIAU’s
ability to perform its analytical function at full capacity. Underreporting and non-reporting
within certain entities and sectors poses problems.
 ML is mainly investigated together with the predicate offence on which the investigation
is centred. Limited resources, both human and financial, allocated to the investigation and
prosecution of ML weighs negatively on Malta’s capability to effectively fight ML. ML
investigations and prosecutions do not appear to be in line with the country’s risk profile and
the growing size and complexity of its financial sector. The assessment team is not convinced
that the law enforcement authorities are currently in a position to effectively and in a timely
manner investigate and prosecute high-level and complex ML cases related to financial, bribery
and corruption offences. While Malta was in principle able to provide examples of convictions
for most of the different types of ML, cases of stand-alone ML are very rare and no recent case
was presented in relation to professionals of the financial sector. Based on the few convictions
the sanctions applied against natural persons appear to be dissuasive. Malta has not yet
achieved convictions for ML concerning legal persons.
 While the law courts routinely order the confiscation of assets, shortcomings in asset-
tracing, in the effective use of provisional measures and in the identification of assets in the
judgments cast doubts on the effectiveness of the system and the existence of a coherent policy.
No asset-tracing has until very recently been performed in respect of assets located abroad.
Very few steps have been undertaken to trace assets transferred onto the name of third parties
or (very often complex) corporate structures. The shortcomings in the asset-tracing and
confiscation regime are not in line with the risks faced by the jurisdiction.
 Malta has a sound legal framework to fight FT. The Maltese authorities have recently
instituted a few FT investigations, but it is difficult to assess whether these are consistent with
the country’s FT risk profile as no up-to-date and exhaustive risk assessment was provided by
the authorities. There have not yet been any prosecutions or convictions for FT in Malta. While
the actions undertaken by the authorities are not fully in line with Malta’s possible FT risks, the
assessment team has however noted recent progress, insofar as the competent authorities have
improved their understanding of the threats and vulnerabilities and have undertaken certain
actions to mitigate the risks. Malta has recently elaborated a high-level national counter-
terrorism strategy which could however not be provided to the assessment team (which
consequently could not form a view of how FT is integrated with or supportive of that strategy).
 The financial sector’s appreciation of the ML/FT risk is varied across the sectors. Banks
and casinos demonstrated a good understanding of the ML risks, but some non-bank financial
institutions (FIs) and other designated non-financial businesses and professions (DNFBPs)
(including some trust and company services providers (TCSPs), legal professionals, accountants
and real estate agents) were unable to clearly articulate how ML might occur within their
institution or sector. Both FIs and DNFBPs were less confident in their understanding in relation
to FT risk. Banks, non-bank FIs, TCSPs, legal professionals and casinos demonstrated knowledge
of the applicable requirements in the AML/CFT Law and relevant regulations regarding the
pillars of the preventative regime. Among other DNFBPs, knowledge of AML/CFT obligations
was generally demonstrated, with some common gaps. Nevertheless, there remain concerns
about suspicious reporting obligations with most non-bank FIs and DNFBPs unable to elaborate
on typologies, transactions or activities that would give rise to a STR, particularly in relation to
FT. Although the total number of STRs has been steadily growing over the period 2013-2018,
there are generally low reporting rates across the sectors, compared to the inherent risks of
those sectors. Overall, Malta has not demonstrated that AML/CFT obligations are being
effectively implemented.
 The supervisory authorities do not have adequate resources to conduct risk-based
supervision, for the size, complexity and risk profiles of Malta’s financial and DNFBP sectors. At
the time of the evaluation, the Maltese authorities were working through a comprehensive list
of strategic actions to enhance Malta’s AML/CFT supervisory framework. Positive steps have
been taken by the supervisory authorities to improve their knowledge of ML/FT risks in the
banking, TCSPs and remote gaming sectors. However, weaknesses remain for all other sectors.
The supervisory authorities’ primary focus in the past has been to issue pecuniary fines for
7
specific breaches of AML/CFT requirements, rather than assess whether there are systemic
deficiencies with a subject person’s AML/CFT governance and control framework and apply the
necessary remediation measures. The sectorial supervisors have in place established fitness and
properness checks to prevent criminals and their associates from owning or controlling FIs.
However, during the period under review, the MFSA took well-publicised prudential
enforcement action related to AML/CFT issues against two privately-owned banks, both of
which were also licensed during the period under review. Although fit and proper checks were
conducted on these two banks, the risk appetite of the MFSA in licencing a bank with a single
beneficial owner, with no track record in banking, raises questions from a wider ML/FT
perspective. Market entry measures and on-going fitness and properness measures are
inadequate for lawyers, dealers in precious metal or stones (DPMS) and real estate agents.
 No in-depth analysis of how all types of Maltese legal persons and legal arrangements
could be used for ML/FT purposes has been finalised and shared with relevant stakeholders.
The authorities take a multi-pronged approach to obtaining beneficial ownership (BO)
information by way of the following: (i) the TCSP and/or a lawyer or accountant administering
the legal person and legal arrangement; (ii) Maltese banks; and (iii) with effect from 1 January
2018 all new Maltese legal persons and trusts which generate tax consequences in Malta were
required to obtain beneficial ownership information and disclose such information to the
pertinent registries. However, the registers of beneficial ownership information for legal
persons are currently being retroactively populated. Therefore, the assessment team could not
fully assess the effectiveness of this new mechanism. Notwithstanding this, there are some
shortcomings in this multi-pronged approach, which could sometimes call into question the
accuracy of beneficial ownership information held on Maltese legal persons. Taking into account
the nature and scale of business undertaken in Malta, the potential fines for failing to submit
beneficial ownership information on legal persons are not considered effective, dissuasive and
proportionate.
 Through a combination of a supranational and national mechanisms Malta ensures
implementation of the United Nations (UN) targeted financial sanctions (TFS) regimes on FT
and proliferation financing (PF) without delay. Deficiencies exist in the immediate
communication of the amendments to the UN lists of designated persons and entities to the
subject persons. This has an impact on the immediate implementation of the relevant UNSCRs
by the FIs and the DNFPBs which do not rely on automated sanctions screening mechanisms or
group-level analytical systems. Most of the subject persons demonstrated awareness of their
TFS obligations, but there is confusion whether to report to the FIAU (by way of an STR) and/or
to the Sanctions Monitoring Board (SMB). Several DNFBPs were not aware at all of freezing or
reporting obligations. The Office of the Commissioner for Voluntary Organisations (CVO) has
identified the enrolled voluntary organisations (VOs) which are vulnerable to FT abuse, and
conducted extensive outreach to the enrolled VOs sector on FT. The FT risks associated with the
non-enrolled VOs have not yet been analysed. A risk-based approach to monitor the VO sector
has not yet been developed and implemented.
 Maltese legislation sets out a comprehensive framework for international cooperation,
which enables the authorities to provide assistance concerning ML/FT and associated predicate
offences. The FIAU has a broad legal basis for international cooperation and proactively and
constructively interacts with its foreign counterparts by exchanging information on ML/FT. The
Police are active in the sphere of international cooperation through direct communication
(especially via Europol, CARIN and SIENA). However, the information-sharing via different law
enforcement platforms often remains at the stage of inter-agency cooperation and is conducted
in parallel with the FIU-to-FIU cooperation, without achieving adequate levels of integration or
translating into requests of assistance. Overall, positive feedback on the quality and timeliness
of formal and direct international cooperation provided by Malta was received from foreign
partners.
Risks and General Situation

2. Malta is a relatively large international finance centre specialised in corporate and
transaction banking and fund management. Malta’s financial sector is bank-centric. The large
and internationally exposed banking sector is highly vulnerable to ML (especially non-retail
deposits, correspondent accounts, wire transfers and wealth management, but also in relation
to e-gaming and foreign customers). It is estimated that Malta has a significant shadow
economy. Cash is of widespread use in the country.
3. The NRA considers the ML threat related to foreign proceeds of crime to be high, a
consequence of the size and international exposure of Malta’s economy. The assessment team
considered that organised crime (OC) and fraud generate a significant part of the foreign
proceeds laundered in Malta. Domestic crime also feeds the overall ML threat, and is mainly
related to local OC groups, tax crime, drug trafficking, fraud, corruption/bribery, goods
smuggling and theft.
4. The NRA highlights that remote gaming is inherently vulnerable to ML due to the high
number of customers, mainly non-resident, the high volume of transactions, the non-face-to-
face nature of the business and the use of prepaid cards. The NRA classifies the large and non-
resident oriented TCSP sector as highly vulnerable to ML. Legal professionals, accountants and
real estate agents are also particularly vulnerable to ML.
Overall Level of Effectiveness and Technical Compliance
5. Since the last evaluation, Malta has taken steps to improve the AML/CFT framework. Namely,
subsidiary legislation was introduced to establish BO registers for companies, trusts (that
generate tax consequences), foundations and associations incorporated or administered in
Malta. The National Interest (Enabling Powers) Act (which is the main legislative instrument for
implementing UN and EU sanctions) has undergone significant changes. The Prevention of
Money-Laundering Act (PMLA) has been amended in part to transpose provisions of EU
Directive 2015/849 and in part to further clarify and strengthen the national AML/CFT regime.
However, some deficiencies remain in Malta’s technical compliance framework.
6. The authorities have demonstrated a broad understanding of the vulnerabilities within the
AML/CFT system (particularly the regulated sectors), but a number of important factors,
particularly FT, legal persons and arrangements, the use of new and developing technology and
the use of cash appear to be insufficiently analysed or understood.
7. A substantial level of effectiveness has been achieved in international cooperation and
implementation of PF targeted financial sanctions. A moderate level of effectiveness has been
achieved in identifying, understanding and assessing ML/FT risks, using financial intelligence,
investigating and prosecuting FT, applying AML/CFT preventive measures by FIs and DNFBPs,
implementation of FT targeted financial sanctions and transparency of legal persons and
arrangements. A low level of effectiveness has been achieved in all other areas covered by the
FATF standards.
Assessment of Risks, coordination and policy setting (Chapter 2 - IO.1; R.1, 2, 33 & 34)
8. Malta has made significant efforts to understand its ML/FT risks, including by conducting a
formal NRA exercise in 2013/14, with some updating of statistics and findings in 2017. The
9
resulting 2018 report is the primary document demonstrating the country’s understanding of
ML/FT threats, vulnerabilities and risks in Malta.
9. The NRA Report demonstrates that authorities have a broad understanding of the
vulnerabilities within the AML/CFT system (particularly the regulated sectors), but a number of
important factors - particularly, legal persons and arrangements, the use of new and developing
technology and the use of cash - appear to be insufficiently analysed or understood.
10. The NRA report concludes that FT risk is medium-high, but this appears largely driven by a
desire to be cautious and Malta’s geographical location, rather than a detailed analysis of
statistics, trends or activities. It is not clear that the FT analysis adequately considers the threats
and vulnerabilities of any specific products, services or sectors.
11. A National Coordination Committee on Combatting Money Laundering and Funding of
Terrorism (NCC) was established in April 2018. The key national policy document is the
“National AML/CFT Strategy”, which likewise dates from that month. The strategy sets out 7 key
initiatives, designed to improve the national AML/CFT framework and an Action Plan,
containing steps and timelines for deliverables assigned to the various national agencies.
12. Several agencies have taken action over the period 2015–2017, and have further revised, or
are planning to revise, their operations and priorities to take account of vulnerabilities in the
framework as a result of the NRA. While initial indications are positive, it is too early to assess
whether either the developing supervisory arrangements or the NCC coordination role and
Action Plan are, or will be, effective.
13. The private sector has not used the results of the risk assessment for revisiting their
relevant policies, procedures and controls. This is mainly due to the results of the NRA being
first communicated to private sector entities in late October 2018.
14. The conclusions of the NRA have not resulted in any decisions on possible exemptions from
AML/CFT requirements for low-risk products, sectors or activities. However, it appears that in
practice the fund industry applies some CDD exemptions in respect to underlying investors in
order to facilitate the conduct of business.
Financial Intelligence, Money Laundering and Confiscation (Chapter 3 - IOs 6-8; R.3, 4, 29-
32)
15. The FIAU is considered to be an important source of financial intelligence for the Police in
Malta for perusing investigations and prosecutions of ML, associated predicate offences and FT.
However, only in a limited number of cases are the FIAU disseminations used to develop
evidence and trace criminal proceeds related to ML. The authorities’ focus primarily on tax
collection (as opposed to conducting criminal investigation on tax-related matters and parallel
financial investigations) excludes the ML elements of the cases, which raises concerns on the
adequacy of the measures applied by the competent authorities in the light of the NRA
conclusions about tax evasion being one of the highest threats in the country. There are also
some concerns regarding the use of the STRs, mainly from the remote gambling sector
concerning non-residents, as these cases are not considered sufficiently to identify possible ML
taking place through Malta. There are only few FT-related investigations conducted by the
Police, of which some were still on-going at the time of the on-site visit. Therefore, it is difficult
to conclude on the use of financial intelligence by the authorities for the purposes of FT
investigations.
16. The FIAU officers perform their functions freely and objectively without undue influence.
Operational analysis carried out by the FIAU is conducted according to a detailed internal
written procedure. Different factors and circumstances call into question the FIAU’s ability to
perform its analytical function at full capacity: a very long analytical process; the low number of
disseminations to the Police and absence of feedback to the FIAU; issues related to STR
reporting; and lack of adequate human and technical resources. The FIAU uses cross-border
cash declarations for analytical purposes and submits relevant information to the Police and/or
foreign counterparts. Other than that, the assessment team is of the opinion that the efforts of
the FIAU related to conducting a strategic analysis do not adequately support the activities of
the respective stakeholders.
17. ML is mainly investigated together with the predicate offence on which the investigation is
centred. Parallel financial investigations are not conducted on a systematic but rather on a case-
by-case basis. The investigation (and subsequent prosecution) of ML stricto sensu does not
appear to constitute a priority for the Maltese authorities. Limited resources, both human and
financial, allocated to the investigation and prosecution of ML weighs negatively on Malta’s
capability to effectively fight ML. ML investigations and prosecutions do not appear to be in line
with the country’s risk profile. There are concerns that the law enforcement authorities are
currently not in a position to effectively and in a timely manner investigate and prosecute high-
level and complex ML cases related to financial, bribery and corruption offences. While Malta
was in principle able to provide examples of convictions for most of the different types of ML,
cases of stand-alone ML are very rare and no recent case was presented in relation to
professionals of the financial sector. Based on the few convictions the sanctions applied against
natural persons appear to be dissuasive. Malta has not yet achieved convictions concerning legal
persons.
18. The confiscation of criminal proceeds does not appear to be pursued as a policy objective.
The law courts routinely order the confiscation of assets. However, shortcomings in asset-
tracing, in the effective use of provisional measures and in the identification of assets in the
judgments cast doubts on the effectiveness of the system and the existence of a coherent policy.
No asset-tracing has until very recently been performed in respect of assets located abroad. It
was mostly directed towards assets in the name of the suspects. Very few steps have been
undertaken to trace assets transferred onto the name of third parties or (very often complex)
corporate structures. The shortcomings in the asset-tracing and confiscation regime are not in
line with the risks faced by the jurisdiction. Cases of non-declaration of cross-border
movements of cash are punished by effective and dissuasive sanctions. Despite of this, there are
hardly any investigations of ML/FT initiated on the basis of the cash declaration system.
Terrorist Financing and Financing Proliferation (Chapter 4 - IOs 9-11; R.1, 4, 5-8, 30, 31 &
39)
19. Malta has a sound legal framework to fight FT. The Maltese authorities have recently
the authorities. There have been no prosecutions or convictions for FT in Malta so far.
20. The assessment team is of the opinion that for the period under review, taking into account
the information provided and the contextual elements available, the actions undertaken by the
authorities are not fully in line with Malta’s possible FT risks. Recent progress has however to
be noted, insofar as the competent authorities have improved their understanding of the threats
and vulnerabilities and have undertaken certain actions to mitigate the risks. This includes the
monitoring of certain social media and internet platforms that might be used for fundraising or
fund-collection, of “at-risk individuals” in relation with certain forms of payments and money
transfers and the establishment of a close cooperation and information exchange between the
CVO and the competent authorities.
11
21. Malta has in mid-2018 elaborated a high-level national counter-terrorism strategy which
could however not be provided to the assessment team (being classified information). Any
assessment as to whether and to what extent the investigation of FT is integrated with such
strategy is therefore impossible.
22. Through a combination of supranational and national mechanisms, Malta ensures the
implementation of the UN TFS regimes on FT and PF without delay. Overall, the authorities
could demonstrate a competency in coordinating their activities with respect to implementation
of various TFS regimes. Although the comprehensiveness of understanding of its FT risks by the
country casts some doubts, the measures undertaken to implement TFS seem to be broadly
adequate to FT risks (bearing in mind the geographic location of Malta). Amendments to the
lists of designated persons and entities are not communicated immediately to the subject
persons. Most of the FIs and DNFBPs demonstrated a good level of understanding of obligations
on identification of assets of the TFS-related persons and entities. Nevertheless, the basic
screening approach followed especially by the DNFBPs is deemed insufficient, and there is
confusion as to which body to report to the matches with the lists to the FIAU (by way of an
STR) and/or to the SMB. Several DNFBPs were not aware of freezing or reporting obligations at
all. A detailed guidance is issued by the SMB and the FIAU to support subject persons with the
implementation of TFS regimes on FT and PF. The SMB constantly receives enquiries from a
range of private institutions which are analysed and answered. However, there is a lack of
adequate resources for supervision of the implementation of TFS on PF by the subject persons.
23. The CVO has identified the enrolled VOs vulnerable to FT abuse. However, the FT risks
associated with the non-enrolled VOs have not yet been analysed. A risk-based approach to
monitor the sector has not been developed and implemented. The CVO has conducted extensive
outreach to the enrolled VOs’ sector on FT. However, the donor community and the non-
enrolled VOs have so far not been specifically addressed. Most FIs and DNFPBs consider the VO
sector as higher risk irrespective of the individual VO’s level of vulnerability to FT abuse. This
demonstrates that the results of the VOs’ risk assessment are not yet used by the FIs.
Preventive Measures (Chapter 5 - IO4; R.9-23)
24. The financial sector’s appreciation of the ML/FT risk is varied across the sectors. Banks and
casinos demonstrated a good understanding of the ML risks, but some non-bank FIs and other
DNFBPs (including some TCSPs, legal professionals, accountants and real estate agents) were
unable to clearly articulate how ML might occur within their institution or sector. Both FIs and
DNFBPs were less confident in their understanding in relation to FT risk.
25. Banks, non-bank FIs, TCSPs, legal professionals and casinos demonstrated knowledge of the
applicable requirements in the AML/CFT Law and relevant regulations regarding the pillars of
the preventative regime, i.e. customer due diligence (CDD) (including identification of ultimate
BOs and on-going monitoring of transactions/business relationships) and record-keeping.
Among other DNFBPs, knowledge of AML/CFT obligations was generally demonstrated, with
most common gaps being in relation to on-going monitoring of TFS regimes (although this can
be the result of some DNFBPs dealing mainly with occasional transactions). Nevertheless, there
remain concerns about suspicious reporting obligations with most non-bank FIs and DNFBPs
unable to elaborate on typologies, transactions or activities that would give rise to a STR,
particularly in relation to FT. Although the total number of STRs has been steadily growing over
the period 2013-2018, there are generally low reporting rates across the sectors, compared to
the inherent risks of those sectors.
26. Overall, the deficiencies in the supervision of FIs and DNFBPs, the lack of information on
industry compliance with AML/CFT requirements, and the assessment of the legal framework
regarding preventative measures for FIs and DNFBPs as mainly low (as confirmed by
discussions with the private sector) means that AML/CFT obligations are being effectively
implemented by FIs and DNFBPs to some extent, with major improvements needed.
Supervision (Chapter 6 – IO.3; R. 14, 26-28, 34-35)
27. The supervisory authorities do not have adequate resources to conduct risk-based
supervision, for the size, complexity and risk profiles of Malta’s financial and DNFBP sectors. At
the time of the evaluation the Maltese authorities were working through a comprehensive list of
strategic actions to enhance Malta’s AML/CFT supervisory framework.
28. Positive steps have been taken by the supervisory authorities to improve their knowledge
of ML/FT risks in the banking, TCSP and remote gaming sectors. However, weaknesses in their
appreciation of ML/FT risks remain for all other sectors. Moreover, there was no documented
process in place setting out how subject person specific ML/FT risk-ratings drive the frequency,
scope and nature of future supervisory onsite/offsite inspections.
29. While the supervisory authorities’ approach to supervision is nascent, the FIAU’s focus in
the past has been to issue pecuniary fines for specific breaches of AML/CFT requirements,
rather than assess whether there are systemic deficiencies with a subject person’s AML/CFT
governance and control framework and apply the necessary remediation measures.
30.The sectorial supervisors have in place established fitness and properness checks to prevent
criminals and their associates from owning or controlling FIs and most DNFBPs. However,
during the period under review, the MFSA took well-publicised prudential enforcement action
related to AML/CFT issues against two privately-owned banks, both of which were also licensed
during the period under review. Although fit and proper checks were conducted on these two
banks, the risk appetite of the MFSA in licencing a bank with a single beneficial owner, with no
track record in banking, raises questions from a wider ML/FT perspective. Market entry
measures and on-going fitness and properness measures are inadequate for lawyers, DPMS and
real estate agents.
Transparency of Legal Persons and Arrangements (Chapter 7 – IO.5; R. 24-25)
31. It is acknowledged by the authorities in the NRA that Maltese legal persons and legal
arrangements can be misused for ML/FT purposes, in particular that such vehicles have been
used to obscure beneficial ownership. However, no in-depth analysis of how all types of Maltese
legal persons and legal arrangements which could be used for ML/FT purposes has been
finalised and shared with relevant stakeholders.
32. The Maltese authorities take a multi-pronged approach to obtaining beneficial ownership
information in a timely manner on Maltese legal persons and legal arrangements by way of the
following: (i) the TCSP and/or a lawyer or accountant administering the legal person and legal
arrangement; (ii) the depositing of share capital at Maltese banks; and (iii) with effect from 1
January 2018 all new Maltese legal persons and trusts which generate tax consequences in
Malta were required to obtain beneficial ownership information and disclose such information
to the pertinent registries. However, the registers of beneficial ownership information for legal
shortcomings in this multi-pronged approach. In particular, whilst the introduction of a
centralised register of beneficial ownership for companies and commercial partnerships is a
positive move, the Registry of Companies does not have sufficient human resources and legal
gateways to adequately verify/monitor the accuracy of the beneficial ownership information
13
held. This could sometimes call into question the accuracy of beneficial ownership information
held on Maltese legal persons.
33. Information is available publicly on the creation and types of legal persons and
arrangements in Malta.
34. Taking into account the nature and scale of business undertaken in Malta, the potential
fines for failing to submit beneficial ownership information on legal persons are not considered
effective, dissuasive and proportionate.
International Cooperation (Chapter 8 – IO.2; R. 36-40)
35. Maltese legislation sets out a comprehensive framework for international cooperation,
offences. While the Attorney General’s Office (AGO) serves as the central authority for
international cooperation through mutual legal assistance (MLA) in Malta, channels of
cooperation through direct communication are used by the Police and the FIAU with respective
foreign partners.
36. The FIAU has a broad legal basis for international cooperation and proactively and
constructively interacts with its foreign counterparts by exchanging information on ML and FT.
The assistance provided by the FIAU spontaneously and/or upon request is considered effective
in terms of quality and timeliness by its counterparts.
37. Moreover, the Police are active in the sphere of international cooperation through direct
communication (especially via Europol, CARIN and SIENA). However, the information-sharing
via different law enforcement platforms often remain at the stage of inter-agency cooperation
and is conducted in parallel with the FIU-to-FIU cooperation, without achieving adequate levels
of integration or translating into requests of assistance. These factors have also affected the
number of MLA requested by the AGO (which appears to be limited, especially when compared
with the amount of foreign requests for MLA received in recent years).
38. The Police regularly engage in Joint Investigation Teams to deal with transnational ML
schemes. Memoranda of Understanding have also been signed between the Police and foreign
authorities to enhance the non-MLA relationships and promote international cooperation.
39. Overall, positive feedback on the quality and timeliness of formal international cooperation
(including MLA and extradition) provided by Malta was received from foreign partners. The few
instances where international cooperation was not conceived as satisfactory by foreign partners
related to delay caused by difficulties experienced in collecting the requested information from
FIs in cases were a lot of financial data was required by the requesting state.
40. Maltese authorities frequently exchange basic and BO information with their counterparts
via various channels of communication. In order to ensure exchange of adequate and current
basic and BO information with their respective counterparts the Maltese authorities use a
combination of various sources of information to collect the data. The feedback provided by the
AML/CFT global network is generally positive in terms of the quality and timeliness of provided
assistance, and does not suggest any particular concerns in this respect either.
Priority Actions
 Malta should, as a matter of priority, take action to improve national understanding of

risks, threats and vulnerabilities by:
a) updating statistical data to inform the analysis of ML/FT risks;
b) analysing the main predicate offences associated with foreign proceeds of crime;
c) conducting a detailed analysis of the threat from local organised crime groups (OCGs);
d) conducting a detailed analysis of the risks arising from the use of legal persons and
arrangements;
e) analysing the ML/FT implications of corruption, tax evasion and the shadow/cash
economy;
f) assessing the vulnerabilities of the FinTech sector, including virtual assets;
g) conducting a more detailed assessment of FT risks, particularly a detailed analysis of
statistics, trends or activities; and consideration of the threats and vulnerabilities of
products, services or sectors in Malta.
 Malta should ensure that the supervisory authorities have sufficient resources and
expertise in place to ensure effective supervision for the size, complexity and the ML/FT risks of
their respective sectors.
 Malta should ensure that the supervisory authorities introduce a coherent and
comprehensive graduated risk-based supervisory model to properly assess the ML/FT risks and
level of compliance in financial and DNFBPs sectors. The risk-based supervisory model should
demonstrate how ML/FT risk-ratings drive the frequency, depth, scope and nature of
supervisory actions; and should be consistent with the risks present in the country.
 Malta should ensure that the supervisory authorities apply proportionate, dissuasive and
effective sanctions and that these are not delayed by judicial review.
 The Maltese authorities should ensure that subject persons in the legal, DPMS and real
estate sectors are subject to some form of licensing, registration or other controls and on-going
checks, to prevent criminals and their associates from owning or controlling these subject
persons.
 Malta should enhance the use of financial intelligence in criminal investigations of tax-
related offences and more proactively pursue parallel financial investigations, including the ML
element of the case. The FIAU, the Malta Gaming Authority (MGA) and the Police should make a
better use of financial intelligence from STRs with the involvement of non-residents from the
remote gambling sector that can relate to ML, associated predicate offences or FT.
 The FIAU should reconsider its analytical process to ensure that the shortcomings
identified (such as the length of the analytical process, the huge disproportion of received STRs
and the low number of disseminations to the Police) do not impact its overall effectiveness.
 The authorities should increase outreach, training, develop targeted guidelines, typologies
and red flags for subject persons to improve the quality and quantity of STRs, especially in the
sectors where - according to the NRA - the inherent ML/FT risk is high.
 Malta should develop a full AML strategy for the investigation, prosecution and conviction
of ML and ensure that the Police is reinforced with both human and technical resources to be
fully able to investigate high-level and complex ML cases which are commensurate with the ML
risks which Malta faces (as an international financial centre).
 Malta should introduce for its competent authorities a written policy and guidance on
confiscation of proceeds of crime and instrumentalities.
15
 The Asset Recovery Bureau should become fully operational and be developed into an
efficient tool for the tracing and management of assets, supported by sufficient resources and
training for the authorities involved.
 Malta should accelerate on-going initiatives, such as the development of a national FT
strategy and the establishment of an inter-agency committee to deal more specifically with FT
on a regular basis.
 Malta should take appropriate measures to enhance awareness and understanding of all
subject persons of the ML/FT risks in Malta, regulatory requirements, risks related to the VO
sector and obligations related to implementation of the UN TFS.
 Malta should take measure to promptly communicate amendments to the lists of
designated persons under relevant UNSCRs to all subject persons to ensure implementation of
TFS relating to FT and PF without delay.
 Malta should ensure adequate resources for the coverage of TFS obligations in
supervisory inspections.
 Malta should ensure that the authorities have a greater understanding of the ML/FT
vulnerabilities of Maltese legal persons and legal arrangements and can collect accurate and up-
to-date BO information.
Effectiveness & Technical Compliance Ratings
Effectiveness Ratings1
IO.1 – Risk, policy IO.2 – International IO.3 – Supervision IO.4 – Preventive IO.5 – Legal persons IO.6 – Financial
and coordination cooperation measures and arrangements intelligence
Moderate Substantial Low Moderate Moderate Moderate
IO.7 – ML IO.8 – Confiscation IO.9 – TF IO.10 – TF IO.11 – PF financial

investigation & investigation & preventive sanctions
prosecution prosecution measures &
financial sanctions
Low Low Moderate Moderate Substantial
Technical Compliance Ratings2
R.1 - assessing risk R.2 - national R.3 - money R.4 - confiscation R.5 - terrorist R.6 - targeted
& applying risk- cooperation and laundering offence & provisional financing offence financial sanctions
based approach coordination measures – terrorism &
terrorist financing
LC C C C LC LC
R.7- targeted R.8 -non-profit R.9 – financial R.10 – Customer R.11 – Record R.12 – Politically
financial sanctions organisations institution secrecy due diligence keeping exposed persons
- proliferation laws
C PC C LC C LC
R.13 – R.14 – Money or R.15 – New R.16 – Wire R.17 – Reliance on R.18 – Internal
Correspondent value transfer technologies transfers third parties controls and
banking services foreign branches
and subsidiaries
PC LC PC LC LC LC
R.19 – Higher-risk R.20 – Reporting of R.21 – Tipping-off R.22 - DNFBPs: R.23 – DNFBPs: R.24 –
countries suspicious and confidentiality Customer due Other measures Transparency &
transactions diligence BO of legal persons
C PC C LC LC PC
R.25 - R.26 – Regulation R.27 – Powers of R.28 – Regulation R.29 – Financial R.30 –
Transparency & and supervision of supervision and supervision of intelligence units Responsibilities of
BO of legal financial DNFBPs law enforcement
arrangements institutions and investigative
authorities
LC PC LC PC LC LC
R.31 – Powers of R.32 – Cash R.33 - Statistics R.34 – Guidance R.35 - Sanctions R.36 –
law enforcement couriers and feedback International
and investigative instruments
authorities
LC LC C LC LC PC
R.37 – Mutual legal R.38 – Mutual legal R.39 – Extradition R.40 – Other forms
assistance assistance: of international
freezing and cooperation
confiscation
LC PC C LC
1 Effectiveness ratings can be either a High- HE, Substantial- SE, Moderate- ME, or Low – LE, level of
effectiveness.
2 Technical compliance ratings can be either a C – compliant, LC – largely compliant, PC – partially
compliant or NC – non compliant.

17
MUTUAL EVALUATION REPORT
Preface
This report summarises the AML/CFT measures in place as at the date of the onsite visit. It
analyses the level of compliance with the FATF 40 Recommendations and the level of
effectiveness of the AML/CFT system, and recommends how the system could be strengthened.
This evaluation was based on the 2012 FATF Recommendations, and was prepared using the
2013 Methodology. The evaluation was based on information provided by the country, and
information obtained by the assessment team during its onsite visit to the country from 5-16
November 2018.
The evaluation was conducted by an assessment team consisting of:
 Ms Zosha ZUIDEMA - Senior Policy Advisor, Law Enforcement and Crime Fighting
Department, Ministry of Justice and Security, the Netherlands (legal expert)
 Mr Olivier LENERT - National Member for Luxembourg Eurojust (legal expert)
 Dott. Italo BORRELLO - Manager, Deputy Head of the International Cooperation Division,
Financial Intelligence Unit, Italy (law enforcement expert)
 Mr Daniel AZATYAN - Head of Financial Monitoring Centre, Central Bank, Armenia (law
enforcement expert)
 Mr Nicholas HERQUIN - Deputy Director, Financial Crime Supervision and Policy
Division Guernsey Financial Services Commission, Guernsey (financial expert)
 Mr Hamish ARMSTRONG - Acting Head of Unit, Financial Crime Policy, Office of the
Director General, Financial Services Commission, Jersey (financial expert)
MONEYVAL Secretariat
 Mr Matthias Kloth – Executive Secretary
 Ms Astghik Karamanukyan – Administrator
 Ms Ani Melkonyan – Administrator
 Ms Kotryna Filipaviciute - Administrator
The report was reviewed by Mr Gabor Simonka (FIU Hungary), Ms Katherine Hutchinson (the
U.S. Department of the Treasury), the IMF and the FATF Secretariat.
Malta previously underwent a MONEYVAL Mutual Evaluation in 2012, conducted according to
the 2004 FATF Methodology. The 2012 evaluation the country’s 2015 follow-up report have
been published and are available at
https://www.coe.int/en/web/moneyval/jurisdictions/malta.
That Mutual Evaluation concluded that the country was compliant with 12 Recommendations;
largely compliant with 19; and partially compliant with 9. Malta was rated compliant or largely
compliant with 12 of the 16 Core and Key Recommendations. Malta was placed under the
regular follow-up process immediately after the adoption of its 4th Round Mutual Evaluation
Report and was removed from the regular follow-up process in December 2015.
CHAPTER 1. ML/TF RISKS AND CONTEXT
1. Malta is an island country which lies 93 km away from Sicily to its north and 288 km from
Tunisia to its south. The Maltese archipelago consists of the three main islands Malta (the
largest), Gozo and Comino. These islands altogether occupy an area of around 316 square
kilometres. Malta hosts a total population of 484,000 (2018 figures).
2. Malta is a parliamentary republic. The President is the Head of State and has executive
authority. He is elected by the House of Representatives for a period of five years. The President
is responsible for appointing the Chief Justice and the judges who sit on the independent
Constitutional Court and the Court of Appeal. The Cabinet for Malta consists of the Prime
Minister and such number of other Ministers as may be appointed in accordance with the
provisions of the Constitution. The Cabinet has the general direction and control of the
Government of Malta and is collectively responsible to Parliament.
3. Malta is a member of the European Union (EU), the United Nations (UN), the Council of
Europe, the World Trade Organisation, the World Bank (WB), the International Monetary Fund
(IMF) and other international organisations.
4. Malta’s official currency is the Euro (EUR). Malta became a member of the EU on 1 May
2004 and is the EU’s smallest Member State. Malta has the EU’s smallest but fastest-growing
economy (with a Gross Domestic Product (GDP) of EUR 11.13 billion in 2017, i.e. 0.07% of the
EU’s GDP, with an average annual growth rate of 3.7% during the period 2006-2016)3.
ML/TF Risks and Scoping of Higher-Risk Issues
Overview of ML/TF Risks
5. The national risk assessment (NRA) considers the money laundering (ML) threat related
to foreign proceeds of crime to be high, a consequence of the size and international exposure of
Malta’s economy. Organised crime (OC) and fraud generate a significant part of the foreign
proceeds laundered in Malta. The NRA notes that domestic crime also feeds the overall ML
threat, and is mainly related to local OC groups, tax crime, drug trafficking, fraud,
corruption/bribery, goods smuggling and theft.
6. The Maltese economy is exposed to ML through the use of cash or transferable cheques.
The large and internationally exposed banking sector is highly vulnerable to ML (especially non-
retail deposits, correspondent accounts, wire transfers and wealth management, but also in
relation to e-gaming and foreign customers). The NRA highlights that remote gaming is
inherently vulnerable to ML due to the high number of customers, mainly non-resident, the high
volume of transactions, the non-face-to-face nature of the business and the use of prepaid cards.
The NRA classifies the large and non-resident oriented trust and company services providers
(TCSP) sector as highly vulnerable to ML. Legal professionals, accountants and real estate
agents are also particularly vulnerable to ML.
7. The NRA also stresses vulnerabilities in Malta’s institutional and legal framework:
insufficient resources (including human resources) and expertise of law enforcement
authorities (LEAs) to fully support investigations, prosecutions and asset recovery, translating
into low levels of convictions and confiscation; lack of national coordination; and insufficiently
transparent legal entities and arrangements. The NRA also highlights a number of actions taken
or being taken to address these vulnerabilities.
3 Information provided by the Ministry of Finance of Malta.

19
8. The NRA notes that there is little hard evidence to suggest that Malta is particularly
exposed to financing of terrorism (FT) but sets the risk as medium-high to reflect the lack of
data. The main threats identified are external and related to the increased terrorist risks in
neighbouring countries, especially Libya.
Country’s risk assessment & Scoping of Higher Risk Issues
9. Malta conducted its first NRA in 2013/2014 based on the WB assessment tool. The final
and consolidated NRA report was not prepared and no analysis, findings or results were
published or provided to the private sector due to competing priorities and resource limitations
within the Financial Intelligence Analysis Unit (FIAU) at that time. The NRA was reviewed in
2017-2018 with the aid of external consultants. The methodology consisted of eight interrelated
modules within which a number of input variables are evaluated to judge factors related to
ML/FT threats and vulnerabilities. The tool is based on the understanding of the causal relations
among ML risk factors and variables relating to the regulatory, institutional and economic
environment.
10. The data analysed by the subgroups was used by the national ML vulnerability subgroup
to generate an overall ML vulnerability rating for Malta by including into the sectorial data their
own assessment of the country’s ability to combat ML. After including the findings for the
national FT risk, reviewed and analysed by a separate subgroup, the working group computed
the overall risk level for Malta on the basis of the conclusions of the assessment.
Scoping of Higher Risk Issues
11. The assessment team identified those areas which required an increased focus through an
analysis of information provided by the Maltese authorities (including the NRA) and by
consulting various open sources. These were as follows:
12. Corruption and bribery: The level of understanding of the relevant stakeholders of the
risks associated with corruption as a domestic and international source of proceeds of crime
and whether mitigating measures are adequate and effective (including customer due diligence
(CDD) of politically exposed persons (PEP)) received considerable attention.
13. OC: The assessors explored Malta’s capacity to detect and pursue OC-related ML. Malta is
a transit point for illicit financial flows, including associated with human and drug trafficking. In
the absence of detailed analysis of the threat from local OC groups it is unclear exactly how this
threat manifests itself in Malta or whether actions have been undertaken to mitigate the
emerging threats.
14. Shadow economy, the use of cash and tax evasion: The shadow economy accounts for
a significant part of the GDP of Malta.4 Malta is a cash-intensive economy where many sectors
rely significantly on cash transactions.5 According to the NRA, tax evasion is at about 5% of GDP
(vs. an OECD average of approximately 3%)6. Taking into account these factors, the assessors
focused on the understanding of the ML risks posed by the widespread use of cash and the tax
evasion. The assessment team held discussions on preventive measures applied by the subject
4 According to the NRA, the shadow economy comprised 25% of the official GDP. See Schneider, F., The
Shadow Economy and Work in the Shadow: What Do We (Not) Know?, Institute for the Study of Labor
(IZA), March 2012
5 Executive summary of the NRA.
6 Buehn, A. and F. Schneider, Size and Development of Tax Evasion in 38 OECD Countries: What do we (not)
know?, CESifo, Working Paper No. 4004, November 2012

persons in respect to use of cash and on the measures taken by the competent authorities to
prevent, detect and pursue tax-related ML.
15. Remote gaming: The vulnerability of gaming to ML was noted in the NRA and by the IMF,
which also acknowledged the country’s recent efforts to mitigate those risks7. The assessment
team considered how well ML/FT risks are mitigated in this sector, in particular in relation to
supervision and fit and proper checks (given that the sector was only subject to comprehensive
AML/CFT measures since the beginning of 2018).
16. Virtual assets: The assessors considered whether risks emanating from the use of virtual
assets have been properly assessed, taking into account the specific ML/FT risk assessment
scheduled for 20188 and whether any mitigating measures have been developed thereof.
17. TCSPS: The NRA notes the vulnerability of “gatekeepers” such as TCSPs, legal
professionals and accountants to ML/FT given their international client base, involvement with
complex corporate structures and legal arrangements and the fact that not all TCSPs are
registered9. The assessment team thus discussed whether the current arrangements in Malta
are sufficient to prevent the misuse of legal persons and arrangements for ML or FT.
18. Individual Investor Programme (IIP): The assessors considered if the risks associated
with IIP are understood in Malta IIP and whether the country’s due diligence legal framework is
adequate and effectively implemented to mitigate the risks.
19. Supervisory arrangements and practice: The assessment team considered the risks
and vulnerabilities stemming from the current level of resources allocated to and the
institutional framework for the supervision of financial institutions (FIs) and designated non-
financial businesses and professions (DNFBPs), providing for a clear division of responsibilities
and protection from undue influence. The NRA recognises the need to strengthen and clarify the
supervisory framework. Considerable attention was also paid to the fit and proper checks
conducted by the Malta Financial Services Authority (MFSA) and the Malta Gaming Authority
(MGA) and the application of risk-based supervision to FIs and DNFBPs. Vulnerabilities under
the current supervisory regime was acknowledged by the IMF, related with the risk-based
supervisory approach applied by the FIAU and the MFSA10.
20. ML investigations, prosecutions and convictions; and asset tracing, freezing and
confiscation: The assessors considered whether financial intelligence provided by the FIAU is
efficiently used, whether priority is given to economic crime and financial investigations by
LEAs and whether the LEAs are currently in a position to effectively and in a timely manner
investigate and prosecute high-level and complex ML cases related to financial, bribery and
corruption offences. The lack of stand-alone ML cases and the lack of recent cases in relation to
professionals of the financial sector received considerable attention.
21. FT risk: The assessors have examined the actions taken by the authorities to identify,
assess and address FT risks in view of the risks threat faced by international financial centres.
Materiality
transaction banking and fund management.11 Although it comprises a broad range of activities
7 https://www.imf.org/en/Publications/CR/Issues/2018/01/29/Malta-Selected-Issues-45591
and https://www.knowyourcountry.com/malta1111
8 NRA Results Report, p.31-32.
9 NRA Results Report, p.22-23.
10 IMF Financial System Stability Report (February 27, 2019).
11 Executive summary of the NRA, p.4
21
(covered by AML/CFT obligations which go beyond the scope of the FATF Standards12), Malta’s
financial sector is bank-centric. The six core domestic banks (which follow a traditional business
model based on retail deposit-funded lending) hold EUR 21.8 billion of assets (around 220% of
the country’s GDP) and employ a total of around 3,300 employees. The five non-core domestic
banks hold together EUR 2.5 billion of assets (around 25% of the country’s GDP) and undertake
limited business with Maltese residents. The remaining 14 international banks mostly serve
large, international corporates and hold EUR 22.5 billion of assets (around 230% of the
country’s GDP)13.
23. Collectively, other FIs – credit unions, leasing companies, insurance companies, pension
funds and capital market participants – account for less than EUR 5 billion in financial assets.
24. Malta is developing a regulatory environment for crypto-currency related services and
activities and is emerging as an international hub in this area
25. The size of the shadow economy in Malta, which is exacerbated by the widespread use of
cash and tax offences, constitutes a significant ML vulnerability.
26. All types of DNFBPs operate in Malta. The gaming sector represents 12% of the GDP14, and
includes 4 land-based casinos; and 275 remote gaming companies, a sector which has been
growing fast since the adoption of regulatory policies in 2004. Malta also has significant legal,
accounting and other TCSPs sectors. The real estate sector in Malta, which is considered as
significantly large given the size of the country, is involved in Malta’s (citizenship-by-
investment) IIP insofar as the latter includes a requirement to purchase or lease property in
Malta.
Structural Elements
27. The key structural elements which are necessary for an effective AML/CFT regime are
generally present in Malta. Malta has made a high-level commitment to address AML/CFT
issues. The National Coordination Committee on Combatting Money Laundering and Funding of
Terrorism (NCC) is responsible for AML/CFT policy-making and coordination. The NCC is
chaired by the Permanent Secretary of the Ministry of Finance (MoF) and composed of senior
officials of all relevant competent authorities.
Background and other Contextual Factors
AML/CFT strategy
28. The National AML/CFT Strategy and the related Strategic Action Plan (for the period 2018
to 2020) were approved in April 2018 based on the findings of the NRA and an assessment of
the gaps in the national AML/CFT framework. The strategy was designed to address the
identified shortcomings and mitigate risks. The strategy highlights seven initiatives, broken
down into approximately 50 actions. It was complemented with an Action Plan document that
details each of the actions and the associated steps, responsibilities and timelines. The strategy
was defined with the involvement of a wide range of stakeholders.15
Legal & institutional framework
12 Reg. 2 of the Prevention of Money Laundering and Funding of Terrorism Regulations

13 Information provided by the Financial Services Authority of Malta.
14 Executive summary of the NRA, p.8
15 Policy-makers, supervisors, law enforcement authorities, the Office of the AG, law courts, the Asset
Recovery Bureau, other government agencies and representatives of the private sector.
29. The AML/CFT legal and organisational framework in Malta is governed by the Prevention
of Money Laundering Act (PMLA), and the Criminal Code (CC), along with the Dangerous Drugs
Ordinance (DDO), the Medical and Kindred Professions Ordinance (MKPO), as well as a number
of regulations and enforceable means (such as Prevention of Money Laundering and Funding of
Terrorism Regulations (PMLFTR)).
30. Since the last evaluation, Malta has taken steps to improve the AML/CFT framework.
Namely, subsidiary legislation was introduced to establish beneficial ownership registers for
companies, trusts (that generate tax consequences), foundations and associations incorporated
or administered in Malta. The National Interest (Enabling Powers) Act (NIA) (which is the main
legislative instrument for implementing UN and EU sanctions) has undergone significant
changes. The PMLA has been amended in part to transpose provisions of EU Directive 2015/849
and in part to further clarify and strengthen the national AML/CFT regime. These included, inter
alia, amendments to empower the Minister for Finance to set up a National Co-Ordinating
Committee on Combating Money Laundering and the Funding of Terrorism; as well as a revision
of the Minister’s power to provide for administrative sanctions for breaches of subsidiary
legislation imposing AML/CFT obligations on subject persons which have been increased. In
addition, a number of regulations have been revised, including the PMLFTR.
31. The main agencies involved in Malta’s institutional structure to implement its AML/CFT
regime are the following:
32. The NCC is the Committee responsible for the drawing up of the national strategy and
policies to combat ML, FT and the proliferation of weapons of mass destruction. The NCC is also
responsible for co-ordinating the necessary actions to develop, implement and review the
national strategy and policies, including the carrying out of NRA and actions to address risks
identified.
33. The FIAU is Malta’s Financial Intelligence Unit (FIU) responsible for the receipt and
analysis of suspicious transaction reports (STR) and other information relevant to ML, associate
predicate offences and FT. It is also responsible for the dissemination of the results of its
analyses and for cooperating and exchanging information with counterpart FIUs, LEAs, as well
as other competent authorities.
34. The FIAU is also responsible for supervising FIs and DNFBPs for compliance with
AML/CFT requirements. In this task it is assisted by other supervisory authorities, namely the
MFSA and the MGA (which are mainly responsible for the regulation and supervision of FIs and
gaming operators, respectively). Moreover, the FIAU is tasked with the enforcement of
AML/CFT obligations, and empowered by law to impose administrative sanctions for breaches
of those obligations.
35. The Attorney General (AG) is the Public Prosecutor before the Criminal Court and the
Court of Criminal Appeal, responsible for the prosecution of all criminal offences, including ML
and FT. The Malta Police may also prosecute criminal offences before the inferior courts. The
Office of the AG is also the government’s attorney responsible for representing the Government
of Malta in the Courts of Law, besides being responsible for advising the Government on all legal
matters including proposed legislation. Moreover the Office of the AG is the Maltese Central
Designated Authority responsible for the handling of mutual legal assistance (MLA) and
extradition requests.
36. The Malta Police Force is the only law enforcement authority in Malta tasked with the
investigation and prosecution of criminal offences including ML and FT. It is vested with the
necessary powers to carry out searches, seizures and arrests, request documentation and
records, take witness statements and seize and obtain evidence. The Malta Police is also
23
responsible for cooperating and exchanging information with foreign law enforcement
authorities to assist them in the investigation of criminal offences.
37. The Malta Security Service (MSS) is tasked with the prevention of serious crime and the
protection of national security, particularly with respect to OC, espionage, terrorism, activities
of agents of foreign powers and other actions that threaten national security and democracy.
The MSS carries out its role of prevention of serious crime through the gathering and exchange
of intelligence with law enforcement and other competent authorities, including the FIAU, the
Armed Forces, the Malta Police Force and the Customs Department.
38. The Department of Customs is the governmental department responsible for the control
of imports and exports of goods. Among its roles, Customs is tasked with overseeing the
application of cash declaration requirements at national borders, and cooperates and exchanges
information with LEAs and the FIAU.
39. The Asset Recovery Bureau (ARB) is entrusted with the tracing, collection, storage,
preservation, management and disposal, of instrumentalities and proceeds of crime or property
the value of which corresponds to such instrumentalities or proceeds, in favour of the
government.
40. A number of provisions of the ARB Regulations were brought into force on the 1 October
2017, to enable the setting up of the ARB and to build its capacity to be able to start functioning.
The ARB started operating on 20 August 2018. Previously the Asset Management Unit (AMU)
within the Court Registry, which had been set up in 2012, carried out the task of conducting
inquiries to trace the assets of persons charged or convicted for criminal offences. This task has
been assumed by the ARB upon its becoming operational.
41. The Commissioner for Revenue (CFR) is the authority responsible for the
administration and collection of tax, including income tax, duty owed on documents and
transfers, value added tax as well as customs and excise duties. The CFR, the FIAU and the Malta
Police liaise and exchange information for the purposes of the analysis and investigation of ML
and/or tax evasion cases.
42. The Judiciary comprises those Judges and Magistrates appointed to sit in the Superior
and Inferior Courts of the Maltese Law Courts, respectively. Malta has a two-tier judicial system.
The Court of Magistrates, as a court of criminal judicature, is competent for offences punishable
by a term of up to twelve years of imprisonment. The Criminal Court, normally composed of a
judge sitting alone and a jury of nine persons, will hear criminal cases exceeding the
competence of the Court of Magistrates. There are currently 22 magistrates (one of them
handling all ML cases) and three criminal law judges, but appeals cases are not specifically
assigned to a criminal judge with particular specialisation in financial crime.
43. Cases concerning ML/FT, including appeals from decisions on such cases, are heard and
decided upon by those members of the judiciary presiding over courts with criminal
jurisdiction. The members of the Judiciary determine the punishments to be imposed, on the
basis of the respective punishments provided within the CC and the PMLA.
44. Magistrates are additionally empowered to issue warrants and orders for execution by
law enforcement and other competent authorities, such as warrants to enter and search
premises and for the arrest of persons. The Criminal Court may also issue investigation,
attachment, monitoring and freezing orders in terms of the CC, the PMLA and other laws.
45. The MFSA is the single regulator for financial services in Malta. The financial services
sector incorporates all financial activity including that of banks, financial and electronic money
institutions, securities and investment services companies, regulated markets, insurance
companies, pension schemes and TCSPs. Under the Single Supervisory Mechanism (SSM), the
European Central Bank (ECB) is responsible for the direct prudential supervision of significant
banks and groups in the participating Member States, and for monitoring national authorities'
prudential supervision of less significant banks. The criteria for determining significance are
laid down in EU law and the ECB issues annually a list confirming the categorisation of all banks
in the Banking Union. The ECB also grants and withdraws banking licenses and assesses
acquisitions of qualifying holdings for both significant and less significant banks. For significant
institutions, the ECB may take supervisory measures and may apply directly, or in cooperation
with national authorities sanctions in the cases specified under relevant EU law. For less
significant institutions, only national authorities may take supervisory measures and impose
sanctions. The ECB may issue guidance to national authorities on how they should perform
supervision of less significant banks. It can decide to directly supervise any one of these banks if
necessary to ensure that high supervisory standards are applied consistently.
46. The MFSA is also the Listing Authority for the purpose of the Financial Markets Act and
the Resolution Authority for the purpose of Directive 2014/59/EU and the Recovery and
Resolution Regulations (L.N. 301 of 2015).
47. The MFSA also assists the FIAU in supervising for AML/CFT purposes financial services
operators that are regulated by the MFSA. The MFSA may jointly with or on behalf of the FIAU
carry out on-site or off-site examinations for AML/CFT purposes on subject persons falling
under the MFSA’s competence.
48. Moreover, the MFSA is tasked with the administration of the register for beneficial owners
(BO) of trusts that are administered by trustees licensed under Maltese law.
49. The MGA is responsible for the governance and regulation of all gaming activities (both
remote and land-based) in Malta.
50. It also assists the FIAU in the AML/CFT compliance supervision of gaming service
providers that are regulated by the MGA. The MGA may, jointly with or on behalf of the FIAU,
carry out on-site or off-site examinations for AML/CFT purposes on subject persons falling
under the MGA’s competence.
51. The Registrar of Companies (ROC) is a government authority responsible for managing
the registry of companies and commercial partnerships. The ROC is tasked with overseeing the
implementation of measures concerning the transparency of BO and the BO registry with
respect to legal persons that are companies or commercial partnerships in terms of the
Companies Act.
52. The Registrar for Legal Persons oversees the registration of legal persons and is also
responsible for the BO registry with respect to foundations and associations.
53. The Office of the Commissioner for Voluntary Organisations (CVO) is responsible for
regulating, monitoring and supervising voluntary organisations (VO) in Malta.
54. The Sanctions Monitoring Board (SMB) is the entity responsible for monitoring the
implementation and operation of sanctions imposed by the United Nations Security Council
(UNSCR), the Council of the European Union, or of sanctions imposed in terms of order made by
the Prime Minister under the NIA.
55. The SMB is responsible for proposing persons or entities for designation by the UN
Sanctions Committees, by the Council of the European Union or by an order under national law.
It is also responsible for proposing the de-listing or the unfreezing of property of any designated
person or entity.
25
56. Moreover, the SMB is responsible for enforcing the implementation of financial sanctions.
Financial sector
57. Financial services in Malta are mainly provided by the banking sector. With banking
assets accounting for around 4.7 times the country’s GDP, the financial sector is the second
largest in the EU (after Luxembourg) relative to the size of the economy.
58. Compared with the banks, other FIs account for only a marginal market share. Detailed
information is provided below.
59. Of the 25 licensed banks, 3 are Maltese majority-owned while the others originate from,
inter alia, Austria, Australia, Belgium, Greece, Kuwait, Qatar, Turkey and the United Kingdom
(UK). There are 3 branches of foreign banks in Malta. 72% of the sector’s assets are foreign-
owned.
60. The fund industry has grown significantly in recent years. However, it is relatively small
compared to other major industries in Europe, where the NAV amounts to trillions of Euros. The
NAV of funds held by the sector in Malta in 2018 amounted to EUR 10.8 billion.
61. The domestic life insurance sector is relatively small and limited to 8 licences. In terms of
sales, gross written premiums for long-term insurance in 2016 amounted to EUR 3.7 billion
compared to EUR 2.6 billion for general insurance. New pension products have grown rapidly
since amendments were made to the regulation in 2016, as reflected both in the size of the
schemes (a total of EUR 3.7 billion of assets under management16) and the number of products
(49 schemes and 2 funds17).
62. The following number of banks and other FIs were subject to supervision as of 2017:
Table 1: Financial Institutions
Number
Type of FI
(September 2017)
Banks 25
Securities18 202
Insurance 137
Other FIs19 48
DNFBPs
63. All types of DNFBPs are present in Malta. Malta has a large gaming sector (representing
around 12% of GDP). 4 land-based casinos are present in Malta and 275 remote gaming
companies20.
16 MFSA, Annual Report, 2016

17 MFSA, Statistical Tables, September 2017
18 Include 160 Investment Services Providers; 16 Retirement Scheme Administrators (Retirement
Schemes are schemes that are managed with the purpose of providing retirement benefits. Although they
are licensed by MFSA they are not classified as FIs since it is the Scheme Administrator (not the Scheme
itself) that is considered as an FI. Scheme administrators may have more than one Scheme under
administration); and 26 Fund Administrators.
19 Other FIs include Payment Institutions, E-money Institutions, and a small number of Non-deposit
taking Lenders and Money Brokers, all of which are regulated under the Financial Institutions Act. There
are 10 credit institutions and 5 financial institutions that provide currency exchange services. None of the
credit or financial institutions offer only currency exchange services.
20 These are the companies that are in possession of at least one licence of Class 2/2 on 4 (fixed-odds
betting) or Class 3/ 3 on 4 (P2P games) in 2016 or 2017. In 2018 since the new licence regime was
introduced, there is only one - B2C licence. Number of customers for fixed –odds betting in 2017 was 5.97
million and Number of customers for P2P games – 793k.
64. The following statistics were provided by the authorities in relation to the DNFBPs sector.
Table 2: DNFBPs
Type of DNFBP Number
Trustees21 169
188 (and 70 licensed trustees providing CSP
Corporate Service Providers (CSPs)22
services)
Exempt Corporate Service Providers23 (functions
performed by lawyers, notaries public, auditors 343
and accountants)
Gaming 208
Real Estate Agents 111
Lawyers 246
Notaries 279
Accountants and Auditors 381
Dealers in Precious Metals and Stones 118 (estimate based on 2013 data exercise)
Persons providing VA-related services24 0
Materiality and level of ML/TF risks of the different FIs and DNFBPs
65. The assessors classified obliged sectors on the basis of their relative importance in the
Maltese context, given their respective materiality and level of ML/FT risks. The assessors used
this classification to inform their conclusions throughout this report, weighting positive and
negative implementation issues more heavily for important sectors than for less important
sectors. This approach applies throughout the report, but is most evident in IO.3 and IO.4:
a) most significant: the banking sector based on the overall market share, as well as known
ML/FT typologies; TCSPs given their international client base, involvement with complex
corporate structures and legal arrangements and the fact that not all TCSPs are registered;
b) significant: remote gaming companies based on the high number of customers, mainly non-
resident, the high volume of transactions, the non-face-to-face nature of the business and the
use of prepaid cards; real estate agents due to their involvement in Malta’s IIP and lack of
registration requirements; accountants and legal professionals (both lawyers and notaries)
based on exposure to ML/FT risks; and virtual assets.
c) less significant: other FIs, including securities providers and insurance, and other DNFBPs.
Preventive measures
66. Subject person’s AML/CFT obligations are all set out in laws, regulations and guidance.
67. Since the adoption of the 4th round MER, Malta has made many necessary legislative and
institutional changes in order to strengthen its AML/CFT system.
21 The total number of clients is 12.205 (out of which number of Maltese resident clients is 2.115 and
number of Non-Malta resident clients is 10.090). The total number of assets under administration is
approx. EUR 13,4bln.).
22 The total number of clients is 14.871 (out of which number of Maltese resident clients is 4.801 and
number of Non-Malta resident clients is 10.070). No information is provided by the authorities on the
total number of assets under administration.
23 The Maltese AML/CFT framework exempts some DNFBPs. These are described in more detail at c.28.4,
but are namely “private trustees” (i.e. those who (i) do not hold themselves out as trustee to the public;
(ii) are not remunerated; and (iii) do not act habitually as trustee to more than five settlors at any time)
and individuals holding 10 or less directorships and company secretarial positions and not providing
TCSP services by way of business.
24 Requests for authorisations and approvals under the VFA Act were accepted by the MFSA with effect
from 1 November 2018.

27
68. The PMLFTR 2008 was repealed and replaced by a revised version which came into force
on 1 January 2018 transposing the requirements of the 4th AMLD. The PMLFTR sets out who are
the persons and entities subject to AML/CFT obligations (i.e. subject persons), their AML/CFT
obligations and the applicable sanctions. The Implementing Procedures Part I pre-date the
PMLFTR and the conclusion of the NRA. They were revised at the time of the onsite to reflect the
new legal requirements (a consultation draft was published on 30 October 2018).
69. The most significant changes introduced under the revised PMLFTR include the following:
i. A widening of those entities considered as subject persons so as to include all gaming
licensees, including remote gaming licensees, not only limited to casinos. Anyone offering safe
custody services (and not already licensed as a credit institution or as an investment services
provider) is also considered as a subject person. In addition, the cash transaction threshold
applicable to traders in goods to be considered as subject persons was lowered from EUR
15,000 to EUR 10,000, capturing further goods and hence further trade under the AML/CFT
regime.
ii. The definition of BOs has been revised.
iii. The application of CDD measures by subject persons has to be risk-based, entailing the
carrying out of a business risk assessment to ensure that their policies and procedures are
tackling risk where this is actually present and where it is most needed.
iv. The definition of PEPs has been extended to the effect that enhanced CDD has to be applied
also with regard to domestic PEPs.
v. The situations in which a subject person may exercise reliance on another subject person
have also been widened.
vi. The sanctions that may be imposed on subject persons for breaches of their AML/CFT
obligations have been increased.
Legal persons and arrangements
70. Malta has seen a slow but steady growth of the sector in recent years. In early 2018,
51,000 active companies were registered with the Registry of Companies (compared to around
44,000 in 2013). This trend is also observed in the licensed sectors, with the number of
corporate professional trustees and fiduciaries having increased in recent years.
71. The Maltese legal framework provides for the establishment of public liability companies,
private limited liability companies, Societa Europea, European Economic Interest Groupings,
Partnerships en nom collectif and Partnerships en Commandites, as well as private foundations,
purpose foundations and associations.
72. For a new company or partnership to be established under Maltese law, registration with
the Registry of Companies is required. Legal personality is awarded at the time confirmation of
the registration is issued. Associations have the option of either registering with the Registrar
for Legal Persons, in which case they obtain legal personality upon registration, or to not
register, in which case they are not endowed with legal personality. On the other hand, it is
mandatory for all foundations, whether they are new or whether they existed before 2008
(when the relative legislation came into effect), to register at the Public Registry, Malta. “New
foundations” obtain legal personality on registration. Foundations which existed before the law
came into effect in 2008 have legal personality, but are nonetheless required to be registered at
the Public Registry.
73. The Registrar for Legal Persons operates under the aegis of Identity Malta.
74. There is no registration obligation for trusts, other than those that generate tax
consequences in Malta. Due to this fact officially approved statistics are not available, it is
however estimated25, that authorised trustees in Malta provide services to approximately 3529
trusts, including (but not limited to) trusts created under Maltese law.
75. It is estimated that, as of June 2018, about 49% of all Maltese registered companies were
fully Maltese-owned (compared to about 51% which were partially or fully foreign-owned).
76. Malta has a definition of VOs which is broader than the FATF definition. A substantial
number of these VOs fall under the FATF’s definition of non-profit organisations (NPOs) as they
are set up primarily to receive or disburse funds to carry out their social purpose. Most VOs in
Malta are organisations set up to promote hobbies, sports or social and cultural activities. In
2018, around 1600 VOs were enrolled in Malta.
Supervisory arrangements
77. The MFSA is responsible for both the regulation and the supervision of the financial
services sector, including the TCSP sector.
Table 3: FIs and DNFBPs
Licensing Body (Market
Type of FI/DNFBP AML/CFT Supervisor
Entry)
Banks FIAU assisted by the MFSA MFSA
Securities FIAU assisted by the MFSA MFSA
Life Insurance FIAU assisted by the MFSA MFSA
Other FIs FIAU assisted by the MFSA MFSA
Trustees FIAU assisted by the MFSA MFSA
CSPs FIAU assisted by the MFSA MFSA
Exempt Corporate Service Accountants and Auditors -
Providers (functions performed by Accountancy Board
FIAU
lawyers, notaries public, auditors Lawyers - None
and accountants) Notaries - Notarial Council
Land Based Casinos FIAU assisted by the MGA MGA
FIAU (with effect from 1 January
Internet Casinos MGA
2018) assisted by the MGA
FIAU (with effect from 1 January
Other Remote Gaming Operators MGA
2018) assisted by the MGA
Real Estate Agents FIAU None
Lawyers FIAU None
Notaries FIAU Notarial Council
Accountants and Auditors FIAU Accountancy Board
Dealers in Precious Metals and
FIAU None
Stones
Virtual Assets26 FIAU MFSA
International Cooperation
78. The Maltese legislation sets out a comprehensive legal framework for international
cooperation in criminal matters, which enables the authorities to provide a broad range of
assistance concerning ML/FT and associated predicate offences. Assistance is provided on the
basis of various legal arrangements and international instruments. These include UN, Council of
Europe and EU conventions, treaties and other bilateral agreements on MLA in criminal matters
and extraditions, as well as EU Framework Decisions. While the AGO serves as the central
authority for international cooperation for MLA in Malta, channels of cooperation through direct
communication are used by the Police and the FIAU with respective foreign partners.
25 Calculation based on the data that MFSA’s collects for the supervisory purposes (data of 31 August, 2018).
26 Requests for authorisations and approvals under the VFA Act were accepted by the MFSA with effect from 1 November 2018.
29
CHAPTER 2. NATIONAL AML/CFT POLICIES AND COORDINATION
Key Findings and Recommended Actions
Key Findings
 Malta has made significant efforts to understand its ML/FT risks, including by conducting
a formal NRA. The resulting NRA report is the primary document demonstrating the country’s
understanding of ML/FT threats, vulnerabilities and risks in Malta.
 The 1st NRA exercise was conducted in 2013/14 and then an updating of some statistics
and findings was undertaken in 2017. This resulted in a 2018 report that on some issues
contains some analysis based upon statistics that are 4 or 5 years old.
 The NRA Report does demonstrate a broad understanding of the vulnerabilities within the
AML/CFT system (particularly the regulated sectors), but certain core topics appear to be
insufficiently analysed.
 In addition, there appears little detailed understanding of the significance of the ML/FT
implications of important contextual factors such as corruption, tax evasion and the
shadow/cash economy.
 The NRA report concludes that FT risk is medium-high, but this appears largely driven by
a desire to be cautious and Malta’s geographical location, rather than a detailed analysis of
statistics, trends or activities. It is not clear that the FT analysis adequately considers the threats
and vulnerabilities of any specific products, services or sectors.
 Several agencies took individual action over the period 2015–2017 to address some
concerns arising from the 1st NRA exercise. The key national policy document outlining Malta’s
AML/CFT measures is the “National AML/CFT Strategy”, dated April 2018. The strategy sets out
7 key initiatives, designed to improve the national AML/CFT framework and an Action Plan,
containing steps and timelines for deliverables assigned to the various national agencies.
 On an individual basis, several agencies have revised their operations and priorities to
take account of vulnerabilities in the framework and to improve risk-based supervision
generally, strengthen and reinforce AML/CFT requirements and apply more dissuasive
sanctions and remediation measures.
 Going forward, the NCC, established in April 2018, will be key in aligning the objectives
and priorities of national agencies. This role is identified within the legal mandate of the NCC,
and some work toward this end has begun. However, it is too early to assess whether either the
developing supervisory arrangements or the NCC coordination role are, or will be, effective.
 The results of the NRA were communicated to private sector entities through a series of
presentations in late October 2018 (the contents of which were also posted on the FIAU
website). Most banks, other FIs and DNFBPs were aware of the contents of the NRA.
 The conclusions of the NRA have not resulted in any decisions on possible exemptions
from AML/CFT requirements for low-risk products, sectors or activities. However, it appears
that in practice the fund industry applies some CDD exemptions in respect to underlying
investors in order to facilitate the conduct of business.
Recommended Actions
 Malta should, as a matter of priority, take action to improve the national understanding of
risks, threats and vulnerabilities by:
a) updating statistical data to inform the analysis of ML/FT risks;
b) analysing the main predicate offences associated with foreign proceeds of crime;
c) conducting a detailed analysis of the threat from local organised crime groups (OCGs);
d) conducting a detailed analysis of the risks arising from the use of legal persons and
arrangements;
e) analysing the ML/FT implications of corruption, tax evasion and the shadow/cash
economy
f) assessing the vulnerabilities of the FinTech sector, including virtual assets;
g) conducting a more detailed assessment of FT risks, particularly a detailed analysis of
statistics, trends or activities; and consideration of the threats and vulnerabilities of
products, services or sectors in Malta.
 Malta should consider whether some CDD exemptions in respect to underlying investors
applied by the fund industry are based on a consideration of risks and mitigating measures
within funds sector. The country should consider whether these exemptions should be formally
regulated.
 More detailed information on ML/FT risks, including a description of the main ML and FT
methods, trends and typologies, should be shared with the private sector.
 Going forward, Maltese authorities should ensure that the objectives and activities of the
AML/CFT supervisors, the FIAU and LEAs are consistent with national AML/CFT policies and
the identified ML/FT risks.
79. The relevant Immediate Outcome considered and assessed in this chapter is IO.1. The
Recommendations relevant for the assessment of effectiveness under this section are R.1, 2, 33
and 34.
Immediate Outcome 1 (Risk, Policy and Coordination)
Country’s understanding of its ML/FT risks
80. The Maltese authorities demonstrated commitment and undertook efforts to understand
ML/FT risks. The NRA undertaken in Malta (along with a separate sectoral assessment of the
gaming sector) is the primary means of demonstrating the country’s understanding of ML/FT
threats, vulnerabilities and risks in Malta. When discussing risk, Maltese authorities referred to
the NRA as an accurate description of national risk and confirmed that this was consistent with
their understanding. The NRA process began in 2013 with the collection of data and the
formation of working groups, membership of which included all competent authorities and
representatives of the private sector, to undertake analysis.
81. The NRA process was primarily coordinated by the FIAU, who provided staff to chair each
of the sectoral working groups, and utilised the methodology provided by the WB.
82. Although this has been referred to in some documents and communications as “the first
NRA”, discussions with Maltese authorities on-site confirmed that the process was only partially
completed, due to competing priorities and resource limitations within the FIAU at that time.
This means that the output of the exercise comprised a number of draft reports prepared by the
respective working groups. No final, consolidated, NRA report was prepared and no analysis,
findings or results were published or otherwise communicated to the private sector.
83. Based on the abovementioned risk assessment, a further exercise was undertaken in
2017, assisted by external consultants. Maltese authorities indicate that this further work was
31
necessary in order to validate the conclusions of the original analysis. This involved the
collection and updating of some (but not all) of the data and statistics collected in the 2013/14
exercise, and also included more qualitative input from industry representatives. This resulted
in the production of a final, consolidated NRA report, dated 2018.
84. The final NRA report (2018) is classified and was not provided to the assessment team
prior to the on-site visit. Instead, the Maltese authorities provided the assessment team with
two documents in relation to the outcome of the NRA exercise prior to the onsite – one entitled
“National Risk Assessment Executive Summary” and another entitled “Results of the ML/FT
National Risk Assessment”.
85. These documents, while summarising the process and providing high level conclusions ,
did not contain sufficient detail to enable the assessment team to reach any conclusions on
either the adequacy of the NRA process, the comprehensiveness of the data and information
analysed, nor the reasonableness of the national authorities’ conclusions on risk.
86. During the onsite, the assessment team was provided an opportunity to inspect the full
NRA report, but were not provided with a copy. The full NRA report document comprised
approximately 220 pages and, as far as possible, the assessment team has considered the
contents of all three documents, along with discussions with national authorities, in forming its
views as set out in this section.
87. In the view of the assessment team, the fragmented process of completing the NRA, as
described above, has resulted in a final document (“the 2018 NRA report”) that contains some
analysis based upon statistics that are 4 or 5 years old. For example: The 2018 NRA Report
includes commentary on the risks of products and services, which is based on statistical data
from STRs submitted and sanctions applied by the FIAU for the period from 2011-2013 (p.45);
Table 29 (number of investigation orders/attachment orders) contains data for the period from
2012-2013 (p.133); Table 31 (data on convictions and penalties applied) covers the period from
2012-2013 (p.143); and information on terrorism financing and terrorism investigations is
provided for the period for 2011-2013 (p.14).
88. The assessment team is concerned that the demonstrated and communicated risk
understanding in several areas is already very out-of-date.
89. The 2018 NRA Report does demonstrate a broad understanding of the vulnerabilities
within the AML/CFT system (particularly the regulated sectors), and there is broad consensus
among the authorities on the conclusions of the NRA is this regard. A structured SRA, which was
concluded in June 2017, provided guidance to remote gaming operators on the risks posed by
the various games and funding methods. These findings were made available to remote gaming
operators through the sector specific implementing procedures. As of the date of the on-site
visit, no other sectorial assessments have been conducted by the Maltese authorities.
90. The 2018 NRA report identifies and ranks a list of ML/FT threats and vulnerabilities.
91. Banking, payment services, CSPs, lawyers, trustees and remote gaming are all considered
by Maltese authorities to contain high inherent vulnerabilities. AML/CFT controls implemented
across all sectors are considered to be weak, AML/CFT resourcing in industry is assessed as
requiring enhancement and AML/CFT awareness in industry is assessed as generally low. As a
result CSPs, lawyers, trustees and remote gaming are all considered by Maltese authorities to
pose a high residual vulnerability.
92. A number of FIs and DNFBPs disagreed with these conclusions, suggesting that the
analysis (particularly of the control environment within the various industry sectors) was dated
and hence not particularly accurate or helpful. Several referred to substantial recent
amendments to AML/CFT laws and guidance, suggesting that the NRA findings would be very
different if based upon more current information and analysis.
93. The NRA identifies issues related to the resources of the law enforcement authorities
which are considered to be clearly insufficient to cope with the extensive investigative
commitments and other tasks assigned to them.
94. The assessment team considers that certain core topics (particularly predicate offences,
FT, legal persons and arrangements, the use of new and developing technology and the use of
cash) are insufficiently analysed within the 2018 NRA report. In the absence of any other
documentation or evidence of supplementary analysis, this has resulted in a demonstrated
understanding of risk by Maltese authorities that is, in the view of the assessment team,
insufficiently detailed in certain areas.
95. ML threat is considered to be driven primarily by the threat of foreign proceeds of crime,
but there is no analysis of the main predicate offences associated with foreign proceeds of
crime, nor sufficiently detailed analysis of methods or typologies of the laundering of such funds
in Malta.
96. In terms of domestic threats, the 2018 NRA Report lists tax evasion, local OCGs (both
“high”), drug trafficking, fraud and corruption and bribery (all “medium high”) to be the highest
ML threats.
97. However, there is little detailed analysis of the threat from local organised crime groups
(identified as a major threat) so it is unclear exactly how this threat manifests in Malta or what
action should be taken to mitigate.
98. Overall, there appears little detailed understanding or analysis of the significance of the
ML/FT implications of either corruption or tax evasion (which is estimated to represent over
5% of GDP). The assessment team considers these to be important contextual factors in Malta.
While tax evasion was identified as a high ML threat, there was confusion amongst FIs and
DNFBPs as to whether the threat of tax evasion refers to foreign or domestic evasion, as this
was not made sufficiently clear in communicating the NRA findings to industry.
99. Cash is widely used in Malta (estimated to represent over 25% of GDP), but the 2018 NRA
report does not include any detail as to the degree to which cash may be used for ML/FT. There
are also concerns regarding the seemingly ineffective measures at the border to detect
undeclared and falsely declared cash or to understand the source or eventual destination/use of
incoming cash.
100. There is no detailed analysis of the ML/FT risks arising from the use of legal persons and
arrangements either in the 2018 NRA Report or elsewhere, which the assessment team
considers should be a particular area of focus of Maltese authorities (given the nature of the
Malta as an international finance centre). It is noted, however, that the authorities were in the
process of undertaking such an assessment at the time of the on-site visit.
101. Malta has recently been active in positioning itself as a fin-tech-friendly jurisdiction,
including the introduction of a regulatory regime for virtual assets in 2018. The assessment
team is concerned that this regime was introduced without any risk assessment being carried
out and it is unclear whether the national authorities fully understand the ML/FT risks involved
or have taken adequate steps to ensure that such risks are mitigated. Authorities state that they
considered existing risk analyses from other (international) bodies (such as FATF, the European
Commission (Supranational Risk Assessment) and European Banking Authority (EBA)) and
were in the process of undertaking such an assessment (supplemental to the NRA, and
subsequent to the decision to introduce the virtual assets regime) at the time of the on-site visit.
33
102. The 2018 NRA Report (and particularly the high-level “findings” communicated to
industry) does not contain detailed information concerning the main methods, trends and
typologies used to launder proceeds of crime in Malta. The assessment team considers that the
published findings of the NRA are of limited value to the private sector, which is required to
take into consideration the results of the NRA in establishing internal controls. This was
confirmed by the majority of FIs and DNFBPs.
103. Some competent authorities (the MSS, the FIAU, the Police and the CVO) appear aware of
the FT threats, but the assessment of FT risks in the NRA is largely superficial. The NRA report
concludes that FT risk is medium-high, but this appears largely driven by a desire to be cautious
(due to a lack of data) and Malta’s geographical location, rather than any detailed analysis of
statistics, trends or activities. Although the assessment team considers that Malta has not
underestimated the level of FT risk when setting it as “medium-high” it is not clear that the FT
analysis adequately considers the threats and vulnerabilities of any specific products, services
or sectors. In particular, the problem of cash smuggling in the FT context was not considered in
sufficient depth. Authorities did not adequately assess the threat of Malta being used as a
conduit for financial flows intended to finance terrorism, terrorist groups or individual
terrorists in other countries, especially in areas of conflict and the risk of terrorist abuse in the
VO sector assessed by the CVO did consider only enrolled VOs, and did not contain analysis on
non-enrolled VOs.
104. A further risk area not considered in the NRA is the IIP. This programme, launched in
February 2014, enables third country nationals to obtain Maltese citizenship, on the condition
that: a) investments are made in the country; b) property is purchased or leased; and c) a
contribution is made to the National Development and Social Fund. This programme has
granted citizenship to approximately 3,000 individuals over almost 5 years of operation.
Controls on applicants and the checking of the background of potential investors are conducted
by the IIP Agency, with the assessment of LEAs, the FIAU and specialist international service
providers. On-site discussions with private sector entities indicated that the risks associated
with the program are perceived to be high. No specific assessment has been undertaken, nor
any specific guidance provided to relevant private sector stakeholders (e.g. real estate or
banking sectors) to assist in applying appropriate measures to check the background (including
source of wealth) of IIP investors and the origin of the invested funds.
National policies to address identified ML/FT risks
105. Several agencies took individual action over the period 2015–2017 to address some
concerns arising from the NRA exercise.
106. For example, the FIAU increased the resourcing of its compliance section from 5 officials
to 14 in 2016 and the MFSA established a dedicated AML/CFT Unit in 2016. In addition, gaming
operators became subject persons under Maltese law in January 2018, following the sectoral
risk assessment undertaken in 2017.
107. The Malta Police has, inter alia, adopted a restructuring plan to reform the Economic
Crimes Squad. Plans on restructuring were also confirmed by the authorities during the on-site
visit.
108. The key national policy documents outlining Malta’s AML/CFT measures are the “National
AML/CFT Strategy”, dated April 2018, and the related Strategic Action Plan (for the period 2018
to 2020).
109. The strategy sets out 7 key initiatives, designed to improve the national AML/CFT
framework:
I. Establish a National Coordination Committee
II. Strengthen and clarify the supervisory framework
III. Enhance internal capabilities of the FIAU
IV. Enhance investigation and prosecution capabilities
V. Establish an effective Asset Recovery Unit
VI. Increase transparency of legal entities and arrangements
VII. Build on existing international coordination setup.
110. The Action Plan contains detailed steps and timelines for deliverables assigned to the
various national agencies, some of which had already begun or been implemented at the time of
the on-site visit (e.g. establishment of the NCC, the ARB and the Register of BOs).
111. These appear broadly consistent with the understanding of vulnerabilities of the
framework (as set out in the NRA) and includes significant increase in resources amongst the
various competent authorities, and so should (when implemented) addresses identified ML/FT
risks and improve the framework overall.
112. The National Strategy was formulated in April 2018 with actions deliverable by 2020.
113. The implementation phase of the AML/CFT Strategy has already commenced with the
establishment of the NCC. The various agencies demonstrated an overall commitment to
implement the strategy and action plan and some work in various areas has already been
undertaken, it is too early to be able to clearly demonstrate overall effectiveness in this regard.
Exemptions, enhanced and simplified measures
114. The Maltese AML/CFT framework exempts some DNFBPs. These are described in more
detail at c.28.4, but are namely “private trustees” (i.e. those who (i) do not hold themselves out
as trustee to the public; (ii) are not remunerated; and (iii) do not act habitually as trustee to
more than five settlors at any time) and individuals holding 10 or less directorships and
company secretarial positions and not providing such services by way of business. These
exemptions do not appear to be driven directly by the results of the NRA or any other AML/CFT
assessments.
115. It appears that, to date, the conclusions of the NRA have not directed any decisions on
possible exemptions from AML/CFT requirements for low-risk products, sectors or activities.
Authorities suggested that this may occur in the future and indicated that a risk assessment will
be performed on certain parts of the land-based gaming sector (excluding casinos), but
including gaming parlours, the national lottery, low risk games (non-profit games and
commercial communication games) and bingo halls. The results of the risk assessment will
inform the authorities as to whether any such businesses would warrant an exception or a
partial exemption.
116. The Maltese legal framework does not contemplate any exemptions from CDD in relation
to investment holdings in funds which are often held in a nominee capacity by FIs or DNFBPs
acting on behalf of third parties, where the investment fund will not hold information about the
natural person on whose behalf the nominee is acting. In practice, the fund industry applies
such exemption in order to facilitate the conduct of business. This practice was confirmed by the
supervisory authorities. This is broadly in line with the Risk Factors Guidelines27 issued by the
27 https://eba.europa.eu/documents/10180/1890686/Final+Guidelines+on+Risk+Factors+%28JC+2017+37%29.pdf
35
European Supervisory Authorities. However, this matter should be considered from the
regulatory perspective, taking into account the risks within the sector.
117. Regulation 11 of the PMLFTR requires enhanced measures to be applied in relation to
transactions or business relationships with natural or legal persons established in “non-
reputable jurisdictions”, cross-border correspondent banking relationships, dealings with PEPs
and when carrying out complex and unusually large transactions.
118. In addition, subject persons are required to assess the ML/FT risk in each customer
relationship or one-off transaction and apply enhanced or simplified measures accordingly. In
the view of the assessment team, it is doubtful that these assessments incorporate or are
demonstrably consistent with the findings of the NRA – given that the results were only shared
with the industry in October 2018. In addition, the communicated results are not sufficiently
detailed to provide a useful basis to support the application of risk-based enhanced due
diligence (EDD). This calls into question the extent to which the results of assessments of risks
are properly used to support the application of enhanced measures for higher risk scenarios, or
simplified measures for lower risk scenarios.
Objectives and activities of competent authorities
119. On an individual basis the MFSA and the FIAU have revised their operations and priorities
to improve risk-based supervision generally, strengthen and reinforce AML/CFT requirements
and apply more dissuasive sanctions and remediation measures.
120. Supervisory authorities have demonstrated commitment to these changes in an effort to
develop more comprehensive risk-based supervision, despite on-going resourcing issues. Such
improvements will be key in mitigating the current deficiencies in the supervisory framework.
121. Positive initiatives have also been introduced to improve transparency of BOs, namely the
introduction of four Registers of BOs in January 2018.
122. The investigation and prosecution of ML or FT does not appear to be fully commensurate
with the risks posed by the country’s increasing nature as an international financial centre. Tax
evasion, drug trafficking and “local criminal groups” have been presented as some of the highest
threats of ML in Malta. There have however been almost no investigations or prosecutions for
ML of tax evasion or ML activities by “local criminal groups”. This does not appear to be in line
with the country’s risk profile. There have been no prosecutions for FT and it is not possible to
assess whether other FT initiatives are consistent with the country’s FT risk profile as no
adequate profile has been established in the NRA. The assessment team was presented with a
few cases of on-going investigations on FT, which were however of a too recent nature (i.e. with
the investigation having commenced in the course of 2018) to have already produced results
which could be reported in more detail (see IO.9 for further details). The authorities
interviewed by the assessors have not been in a position to precisely describe the FT risk faced
by the country.
123. Going forward, the NCC, established in April 2018, will be key in aligning the objectives
and priorities of national agencies with National priorities and strategies. This role is identified
within the legal mandate of the NCC, and some work toward this end has begun – by way of the
National Strategy and detailed action plans.
124. However, it is too early to assess whether the developing supervisory arrangements; the
operation of the NCC or the National Strategy and action plans are effective in this regard.
National coordination and cooperation
125. The NCC was established by specific regulations that entered in to force on 13 April 2018
and started functioning in the same month. The Group is chaired by the Permanent Secretary of
the MoF and all relevant competent authorities are represented on the NCC by senior officials.
126. The NCC is mandated to:
 Draw up national strategies and policies to combat ML, FT and the financing of the
proliferation of weapons of mass destruction; and
 Co-ordinate any action that needs to be taken to develop, implement and review the
national strategies and policies, including the co-ordination of national risk
assessments, and the actions to be taken to address any threats, vulnerabilities and
risks identified.
127. The main output of the NCC to date is the National Strategy and the associated Action
Plans, which are discussed above. The establishment, membership, mandate of the NCC appear
appropriate and early signs are encouraging, and its role in national coordination and
cooperation can have a positive impact on the effective coordination of the efforts aimed at
implementation of relevant policies.
128. At operational level, there is evidence of good recent co-operation between the
authorities, particularly between the MGA, MFSA and FIAU in relation to the supervision of FIs
and DNFBPs. Formal MoUs are in place and joint inspection are commonly undertaken, along
with intelligence exchange (for instance, in the course of licensing).
129. The FIAU, MFSA, Customs, CFR, and the SMB also cooperate on regular basis and share
statistics and other relevant information.
Private sector’s awareness of risks
130. The private sector was involved in the NRA process from its earliest stages, in line with
the WB methodology. This involved submission of data in 2012/13 and industry representative
bodies being part of working groups undertaking analysis. Some individual entities also
provided further data and information in 2017. No findings or other details of the NRA were
communicated to industry during the period 2012 to 2017. The NRA report was finalised in
early 2018, but has not been published.
131. The Maltese authorities did publish the National Strategy in April 2018 and the results of
the NRA were communicated to private sector entities through a series of general and sector-
specific presentations in late October 2018 (the contents of which were also posted on the FIAU
and MoF websites).
132. Most banks, other FIs and DNFBPs were aware of the results of the NRA, albeit only some
weeks before the commencement of the on-site assessment. Given the limited nature of the
communications, the assessment team is doubtful whether such awareness is consistent across
the whole of the private sector.
133. In most cases, private sector entities stated that the results of the assessment, as
communicated, did not provide them with a clear understanding of the risks present in Malta,
nor the features of their business/sector which presented a higher risk. Very few FIs or DNFBPs
could explain in any detail the ML/FT risks to Malta or to their businesses.
134. Further detail on the private sectors’ awareness of the results of the NRA and overall
understanding of risk is elaborated in IO4.
Conclusion
135. Malta has achieved a moderate level of effectiveness for IO.1.
37
CHAPTER 3. LEGAL SYSTEM AND OPERATIONAL ISSUES
Key Findings
IO.6
 The FIAU and the Police regularly obtain information from state authorities, subject
persons, legal entities and natural persons. The FIAUs direct access to a number of databases is
limited, hence indirect channels to collect information are extensively used. The assessment
team considers the information-gathering process to be unduly resource-intensive, and direct
data access is deemed to be of particular importance for Malta.
 The FIAU is considered to be an important source of financial intelligence for the Police in
The authorities presented successful cases demonstrating the ability of LEAs to obtain and use
financial intelligence. However, only in a limited number of cases were the FIAU disseminations
used to develop evidence and trace criminal proceeds related to ML. The authorities’ focus
primarily on tax collection (as opposed to conducting criminal investigation on tax-related
matters and parallel financial investigations) excludes the ML elements of the cases, which
raises concerns on the adequacy of the measures applied by the competent authorities, in the
light of the NRA conclusions about tax evasion being one of the highest threats in the country.
There are also some concerns regarding the use of the STRs mainly from the remote gambling
sector concerning non-residents, as these cases are not considered sufficiently to identify
possible ML taking place through Malta. There are only few FT-related investigations conducted
by the Police, of which some were still on-going at the time of the on-site visit. Therefore, it is
difficult to conclude on the use of financial intelligence by the authorities for the purposes of FT
investigations.
 Based on the discussions with the representatives of the FIAU and presented sanitised
cases, the assessment team concluded that the FIAU officers perform their functions freely and
objectively without undue influence.
 Operational analysis carried out by the FIAU is conducted according to a detailed internal
written procedure. Different factors and circumstances call into question the FIAU’s ability to
perform its analytical function at full capacity: a very long analytical process; the low number of
disseminations to the Police and absence of feedback to the FIAU; issues related to STR
reporting; and lack of adequate human and technical resources.
 The statistics on STR reporting demonstrates a constant upward trend. Nevertheless,
underreporting and non-reporting within certain entities and sectors poses a problem. The
assessment team concluded that various factors impact the effectiveness of the STR reporting.
This includes a low level of awareness among the subject persons about the risks inherent to
their relevant sectors and weak abilities for identifying STR due to the limited specific targeted
guidelines, typologies and red flags developed for and communicated to the subject persons.
 The FIAU uses cross-border cash declarations for the purpose of both operational and
strategic analysis. Based on this analysis information was submitted to the Police and/or foreign
counterparts. Other than that, the assessment team is of the opinion that the efforts of the FIAU
related to conducting a strategic analysis do not adequately support the activities of the
respective stakeholders.
 Cooperation between the FIAU and other competent authorities demonstrates an upward
trend. There are some measures in place to ensure confidentiality of exchanged information
between the FIAU and other competent authorities.
IO.7
 In Malta, ML is mainly investigated together with the predicate offence on which the
investigation is centred. Parallel financial investigations are not conducted on a systematic but
rather on a case-by-case basis. The investigation (and subsequent prosecution) of ML stricto
sensu does not appear to constitute a priority for the Maltese authorities. This assessment seems
to be confirmed by the low number of ML cases. Limited resources, both human and financial,
allocated to the investigation and prosecution of ML weighs negatively on Malta’s capability to
effectively fight ML. This is also not commensurate with the country’s increasing nature as an
international financial centre and the growing size and complexity of its financial sector.
 ML investigations and prosecutions do not appear to be in line with the country’s risk
profile. Moreover, the assessment team is not convinced that the LEAs are currently in a
position, due to several factors including resources, to effectively and in a timely manner
investigate and prosecute high-level and complex ML cases related to financial, bribery and
corruption offences.
 While Malta was in principle able to provide examples of convictions for most of the
different types of ML, cases of stand-alone ML are very rare and no recent case was presented in
relation to professionals of the financial sector.
 Based on the few convictions, the sanctions applied against natural persons appear to be
dissuasive. Malta has not yet achieved convictions for ML concerning legal persons.
IO.8
 The confiscation of criminal proceeds does not appear to be pursued as a policy objective.
Malta’s confiscation system is based on the prerequisite of a criminal conviction, although
alternative systems such as non-conviction based confiscation are being discussed. The law
courts routinely order the confiscation of assets. However, shortcomings in asset-tracing, in the
effective use of provisional measures (such as attachment and freezing orders) and in the
identification of assets in the judgments cast doubts on the effectiveness of the system and the
existence of a coherent policy. Confiscation judgments have furthermore been successfully
challenged in civil courts, with the consequences that assets have been returned to the
offenders.
 When detected, cases of non-declaration of cross-border movements of cash are
sanctioned by an effective and dissuasive sanctioning regime. Despite of this, there are hardly
any investigations of ML/FT initiated on the basis of the cash declaration system.
 No asset-tracing has until very recently been performed in respect of assets located
abroad. This could be one of the reasons why no cases have been presented in respect of assets
repatriated. It also appears that asset-tracing was mostly directed towards assets in the name of
the suspects. Very few steps have been undertaken to trace assets transferred onto the name of
third parties or (very often complex) corporate structures. The shortcomings in the asset-
tracing and confiscation regime are not in line with the risks faced by the jurisdiction.
 The assessment team has taken into account that a new institution, the ARB, has only
recently become operational and that a number of initiatives, ranging from the improvement in
human and technical resources to the drafting of new legislation, are in the course of being
implemented. It also takes note of the fact that the current problems result from previous
39
shortcomings in the legal framework and the resources and training so far allocated to the
authorities in charge of identifying, tracing and managing both the instrumentalities and
proceeds of crime. For the period under review, the assessment team however considers that
fundamental improvements are still required.
Recommended Actions
IO.6
 Malta should enhance the use of financial intelligence in criminal investigations of tax-
related offences and more proactively pursue parallel financial investigations, including the ML
element of the case.
 The FIAU, the MGA and the Police should make better use of information generated from
STRs, with the involvement of non-residents submitted by the remote gambling sector that can
relate to ML, associated predicate offences or FT.
 The Police and the FIAU should establish an effective feedback mechanism on the use of
financial intelligence in investigations.
 The FIAU should reconsider performance of its analytical process to ensure that the
shortcomings identified (such as the length of the analytical process, the huge disproportion of
received STRs, and the low number of disseminations to the Police) do not impact on its overall
effectiveness.
 The authorities should increase outreach, training, develop targeted guidelines, typologies
and red flags for subject persons to improve the quality and quantity of STRs, especially in the
sectors where - according to the NRA - the inherent ML/FT risk is high.
 Malta should: a) undertake measures to increase the effectiveness of information
gathering, and ensure that the FIAU has direct access to the databases commensurate with its
operational needs; and b) consider introducing centralised databases (such as an account
register) or establishing a cash transaction reporting requirement.
 Malta should further enhance the human and technical resources, including the
development of an electronic information system for the document workflow of the FIAU to
enable more effective operational and strategic analysis, and the development of a secure
electronic information exchange system within the competent authorities.
IO.7
 The Police should be reinforced with both human and technical resources to be fully able
to investigate high-level and complex ML cases which are commensurate with the ML risks
which Malta faces (as an international financial centre). Adequate training and capacity-building
should be provided.
 Malta should develop a comprehensive AML strategy for the investigation, prosecution
and conviction of ML, including the prioritisation of this offence as well as addressing the
shortcomings highlighted in Chapter 3 of this report.
 Malta should consider introducing measures to separate the role of the Police as both an
investigative and prosecutorial authority.
 Malta should eliminate any legal and practical obstacles for pursuing criminal
investigations for tax evasion, and reconsider its policy to investigate tax evasion as a mere
administrative offence.
IO.8
 Malta should introduce for its competent authorities a written policy and guidance on
confiscation of proceeds of crime and instrumentalities. This policy should extend to the widest
possible range of asset-tracing, in order to capture criminal proceeds disguised through the use
of the corporate structures available in Malta as an international financial centre.
 The ARB should become fully operational and be developed into an efficient tool for the
tracing and management of assets, supported by sufficient resources and training for the
authorities involved.
 Malta should consider introducing a system for non-conviction based confiscation to
achieve better results in the confiscation of proceeds of crime.
 Malta should ensure that ML/FT suspicions are sufficiently addressed in their system of
cross-border cash/bearer negotiable instruments (BNI) declarations. In particular, cash
declarations should require more meaningful information to allow the authorities to analyse
them with regard to possible ML/FT suspicions.
136. The relevant Immediate Outcomes considered and assessed in this chapter are IO.6-8. The
Recommendations relevant for the assessment of effectiveness under this section are R.1, 3, 4
and 29-32.
Immediate Outcome 6 (Financial intelligence ML/TF)
Use of financial intelligence and other information
137. The competent authorities in the field of AML/CFT access a number of financial
intelligence and other relevant information required to conduct their analysis and financial
investigations, to identify and trace the assets, develop operational analysis and investigate
ML/FT and associated predicate offences.
138. The FIAU obtains information required to perform its function by accessing a number of
databases as provided below in Table 4, both directly and indirectly. In addition the FIAU
requests information from any state authority, subject person, legal entity and natural person
possessing relevant data, exercising its powers to collect information on potential ML,
associated predicate offences and FT.
Table 4: Information databases accessed by the FIAU
Type of Information Type of Access
Common Database – CDB (people’s registry) Direct
Registry of Companies/BO register28 Direct
Indirect
Cross-border cash declarations
(information is submitted on a bi-weekly basis)
Indirect
VOs
(information is submitted every 3 months)
Indirect
IIP (information is submitted to FIAU on a weekly
basis)
Indirect
Passenger Name Records (PNR)
(upon request of the FIAU to Police)
139. In the view of the assessment team, the number of databases to which the FIAU has direct
access does not seem to be commensurate with the FIAU’s operational needs. As shown in the
28 The newly-centralised registry of beneficial ownership of legal persons will assist authorities in
obtaining beneficial ownership information. However, until a competent authority has been designated to
verify the information submitted to the Registries, the accuracy of the information remains questionable
and it is too early to conclude on the overall effectiveness of the centralised registry.
41
table below, there is an upward trend in the number of requests sent by the FIAU to the other
state agencies and subject persons. The information-gathering process appears to be unduly
resource-intensive (as further elaborated below), and the direct data access to a number of
databases is deemed by the assessment team to be of particular importance for Malta.
Table 5: Requests for information sent by the FIAU to subject persons and other state
authorities
Request As of July
2013 2014 2015 2016 2017
addressee 2018
Subject Persons 1664 2001 2971 4209 5450 5017
Supervisory
27 51 54 75 114 71
Authorities
Police 59 72 78 86 124 73
CFR 28 28 32 45 72 52
Other
Governmental 27 39 34 39 73 50
Authorities
Total 1805 2191 3169 4454 5833 5263
140. The Maltese authorities mentioned that, in order to enhance the efficiency of data access,
they are taking practical steps to increase the number of directly-accessible databases. In
particular, over the last year the FIAU was provided direct access to the Companies’ BO register
and initiated discussions to obtain direct access to the CFR-relevant databases (containing tax-
related information, ownership of real estate and vehicles or other vessels, etc.), and Police
database (data on criminal records). The FIAU plans to further extend its access to other
databases, e.g. the land registry, vehicle registry and others. The FIAU expressed the need of
obtaining direct access to the PNR, which is currently available through the Police.
141. The FIAU has stated that, despite the absence of any timeframe for the public authorities
to respond to FIAU requests, in practice communication is prompt and supports the FIAU needs
in performing its duties. There are no cases in which the public authorities refused to provide
requested information.
142. The FIAU has also regular communication with the subject persons as provided in the
Table 5 above. It appeared that, out of the total number of annual requests made by the FIAU,
over 85% are made to subject persons. The FIAU explained this high rate with the fact that in
the course of the analysis it circulates a request among the subject persons (mainly all banks) to
identify any assets or transactions conducted through the financial sector of Malta linked to the
case. As a result, for collecting information on one case, 25 requests are being made to all banks
if needed, followed-up by additional requests on more specific information to relevant credit
institutions. The FIAU confirmed that information provided was of a satisfactory quality, no
requests were refused by the subject persons, and information was mostly provided in a timely
manner (within 5 working days). Information requested by the FIAU includes CDD-related data,
including BO-related data, information on the transactions or activities and all the supporting
documentation. All the requests are communicated through encrypted e-mails. In the opinion of
the assessment team, this method considerably impacts the efficient use of the FIAU resources
and quicker access to the relevant information. Development of alternative methods, such as the
establishment of a bank and payment account central database or establishment of cash
transaction reporting requirement in Malta might facilitate the collection of relevant
information and improve the efficiency of the current system.
143. The Police (as the competent authority for investigation of ML, associated predicate
offences and FT) have a wide access to all necessary data, including through powers to use
compulsory measures. It obtains financial intelligence as well as other law enforcement
intelligence from a wide variety of national and foreign (such as foreign counterparts, Europol,
Eurojust, Interpol and others) sources, and the criminal investigations database. Requests for
information have been sent to a number of public institutions (e.g. the Tax Authorities, Mobile
and Landline Communication Services). The Police also obtain information directly from subject
persons. There are no confidentiality provisions which restrict the ability of the Police to obtain
information. The Police made requests to the subject persons in a number of instances (on
average the Police has made 264 requests per year from 2013-2018 to banks). As stated by the
Police, they do not encounter any difficulty in practice to collect this information and it has
always been obtained in a timely manner (5-7 working days) and in urgent cases in a shorter
period of time. There have not been any recorded cases of refusal to provide information to the
Police. Refusal to provide information to the Police may result in imprisonment.
144. The FIAU is considered to be an important source of financial intelligence for the Police in
In some instances, the Police also use the FIAU channels to obtain information from foreign FIUs
or subject persons29. The Police seek assistance from the FIAU in relation to both financial
investigations initiated on the basis of FIAU disseminations and independently, at their own
initiative. In total the Police submitted 138 requests to the FIAU during the period 2014 - May
2018. As stated by the Police, the FIAU provides assistance promptly upon request. Financial
intelligence provided by the FIAU to the Police cannot be used as evidence in performing
investigations. Data provided by the FIAU is gathered by the Police via its own channels. The
authorities presented successful cases demonstrating the ability of LEAs to obtain and use
financial intelligence.
Box 6.1: Financial intelligence generated by LEAs
Recently the Police Criminal Investigation Department (CID) has been investigating a murder case which
was suspected to be connected to fuel smuggling. After weeks of intensive investigations, the Police
effected a raid in a notorious area in Malta, and from thereat and other locations in Malta arrested
several suspects. Eventually, three persons were arraigned in Court under arrest and charged with
homicide.
All three suspects are very well known to CID Inspectors for their involvement in various criminal
activities. In fact, all three have been arraigned in court on numerous occasions and charged with
numerous kinds of offences.
Following the arraignment initial intelligence and investigations revealed that one of the subjects, as
well as two close relatives, are all unemployed but yet seem to afford a lavish lifestyle, which does not
reflect their true legitimate financial situation.
In conjunction with this case the FIAU was requested to collect and collate financial intelligence on the
above mentioned three subjects, as well as other immediate relatives. Additional information was
requested from various legal entities in order to collect financial intelligence and to establish a financial
picture of the lifestyle of the three suspects. The results showed that funds of considerable amounts
were remitted to third parties. In addition, it also transpired that the suspects owned high value assets,
and that bank accounts were used by a suspect to deposit funds in cash when the suspect was
unemployed. Investigators interrogated the suspects who did not collaborate. Despite the lack of
collaboration the investigator still considered to have enough evidence to arraign the suspects and
charging them for ML offence(s). All three (3) suspects were arraigned and their respective assets were
29Information mostly refers to financial data, such as bank account(s), UBOs, bank account(s) balance(s)
and if subject(s) are adversely known and how they are adversely known
43
frozen. Other investigation(s) are on-going in relation to this case.
145. There is no precise information on the number of cases where financial intelligence
collected by the Police from various sources was used in criminal investigations. However, as
also further elaborated in IO.7, only in a limited number of cases has financial intelligence been
used to develop evidence related to ML and associated predicate offences. There are only few
FT-related investigations conducted by the Police, of which some were still on-going at the time
of the on-site visit. Therefore, it is difficult to conclude on the use of financial intelligence by the
authorities for the purposes of FT investigations (see also IO.9). Further information on the use
of FIAU-generated intelligence by the Police is provided under core issue 6.3.
146. Turning to the specific matter of the use of financial intelligence formed by the FIAU on
ML related to tax evasion, the FIAU formalised the cooperation with the CFR since the beginning
of 2018 and started disseminating financial intelligence related to the cases of undeclared taxes.
However, the main activities of the CFR are focused on collecting the revenue, and the CFR is
empowered to apply only administrative measures. The CFR does not have the competency to
deal with ML investigations related to tax crimes. The authorities consider that the
administrative sanctions applied are sufficiently high, hence no parallel criminal proceedings
need to be initiated. Moreover, they stressed that the administrative sanctions regime reduces
the time-frames to conclude a case, lowers the burden of proof and increases efficiency. As of 31
October 2018, the FIAU disseminated 249 cases to the CFR (which launched the examination of
only around 60 cases). In contrast to this, as further elaborated in IO.7, there were only 2 ML-
related cases identified and submitted to the Police in 2018 by the FIAU.
147. In the light of the NRA conclusions about tax evasion being one of the highest threats in
the country, the assessment team is concerned about the adequacy of the measures applied by
the competent authorities (FIAU, CFR and Police) on this matter. Based on the above analysis of
the situation, the assessment team concluded that the authorities’ focus primarily on tax
collection (as opposed to conducting criminal investigation on tax-related matters and parallel
financial investigations) excludes the ML elements of the cases. Having said this, and as also
indicated below under IO.7, representatives of the CFR indicated a shift in the awareness of the
importance of pursuing also the criminal aspect of tax evasion (and related ML).
STRs received and requested by competent authorities
148. The FIAU is the central authority for the receipt of STR from the subject persons. The STRs
from all categories of FIs and DNFBPs are submitted via a secure electronic channel that is
logged into by accessing the FIAU’s website. In Malta, subject persons are required to report on
suspicious transactions and/or activities. There is no cash transaction reporting requirement in
Malta.
Table 6: STRs received by the FIAU on ML and FT
As at
Type of subject
2013 2014 2015 2016 2017 31.10.201
person
8
Banks 66 112 136 344 398 546
Remote Gaming
17 22 32 87 218 525
Companies
Company Service
15 13 18 34 50 36
Providers
Trustees and
7 12 16 19 10 14
Fiduciaries
Investment
10 9 26 12 12 30
Services Licensees
Insurance
1 1 7 9 12 5
Licensees
Other FIs30 8 17 11 30 48 59
Independent
Legal 8 5 11 5 9 9
Professionals31
Casino Licensees 0 1 3 4 4 18
Retirement
Scheme 0 1 1 2 2 3
Administrators
Other subject
11 9 20 19 15 30
persons
Total 143 202 281 565 778 1275
149. Over the period 2013-2018, the total number of STRs has been steadily growing. FIs
appeared to be the major senders of STRs. Among the subject persons, the top 3 reporting
institutions were credit institutions (banks and branches of foreign banks, filing 51% of STRs)
remote gaming companies (filing 29% of STRs), followed by TCSPs (filing 9% of STRs). Only a
very limited number of STRs were submitted by other types of FIs. The low reporting from some
of the DNFBPs (namely from legal professionals) raises concerns, given their international client
base, involvement with complex corporate structures and legal arrangements. Moreover, the
NRA states that the inherent ML/FT risk of this sector is high (for lawyers) and medium-high
(for notaries).
150. Given the materiality of the banking sector, further detailed analysis of reporting patterns
of individual banks has been conducted. While the overall number of STRs in this sector has
increased, there was a high level of concentration of STRs being reported by only 2 major banks,
of which one has submitted 67% of the STRs and the other 10% of STRs. A very limited number
of STRs were filed by other banks. Around 4-5 banks have never submitted any STR.
151. The assessment team concluded that there appear to be several reasons for the above: a
low level of awareness among the subject persons about the risks inherent to their relevant
sectors; as well as weak abilities for identifying STRs due to the limited specific targeted
guidelines, typologies and red flags developed for and communicated to the subject persons
(see also IO.4).
152. The FIAU has implemented a feedback mechanism for the subject persons to be aware of
the quality and the use of the submitted STR. The quality is evaluated by the application of a 5-
grade rating system, where (1) is a low-quality STR and (5) is a high-quality STR. According to
the statistics, around 65-70% of STRs were assessed by the FIAU as a high-quality
dissemination (i.e. obtaining the grade of (5)). This quality assessment is based on the fulfilment
of the basic components (identification of ML, FT or predicate offence, supporting
documentation and reasons for submitting STRs).
153. As indicated by the authorities, feedback is provided to the respective subject person for
every STR that is finalised. In cases where multiple STRs made up one case, every subject
person involved was provided with feedback on the outcome thereof. However, as discussed
during the interviews with the private sector, the latter indicated that they do not receive a
comprehensive feedback on the substance, i.e. related to the results of a final analysis-process
(either on a case-by-case basis, or as a strategic observation of the quality and consistency with
30 Under FIs, the following types of subject persons are included: Exchange Bureau, Money Remitters,
Electronic Money, Payment Service Providers.
31 Under independent legal professionals, the following types of subject person are included: Notaries,
Advocates, Legal Procurators.

45
the ML/FT risks in the country). The FIAU has implemented a new feedback mechanism since
July 2018 that contains more details. However, the effectiveness of this could not be assessed
during the on-site visit.
154. As of 2017, training activities were provided or organised by the FIAU to increase
AML/CFT awareness and understanding by the subject persons. In addition to the awareness-
raising activities, the FIAU intensified its supervisory activity, including carrying out of off-site
and on-site examinations with an increased emphasis on on-going monitoring and STR
reporting. While efforts of the FIAU in this field did result in some increase of reporting from the
TCSPs and the remote gaming sector, it does not yet translate into an increase of STRs from
traditionally less-involved categories of subject persons.
155. The STR form contains a reference to the underlying predicate offence. Subject persons
are not expected to precisely identify the underlying criminal activity when providing STRs.
According to the analysis of the STRs submitted to the FIAU over 2013-2018 (while 50% of
STRs are not linked to any alleged predicate offence), the following top 5 criminal activities
reported by the subject persons comprise: fraud (20% of STRs); tax crimes (undeclared income)
(15% of STRs); corruption (bribery) and human/drug trafficking (6% of STRs); and organised
crime (1.8% of STRs). This distribution is in general terms proportionate with the threats
highlighted in the NRA and with the FIAU disseminations to the respective competent
authorities.
156. Based on the provided statistics, 40 FT-related STRs were submitted by the subject
persons from 2014 to May 2018. Some of the banks referred to FT-related STRs submitted to
the FIAU. An example was also provided by the FIAU when a case was disseminated to the
Police based on an FT-related STR (see also IO.9).
157. Of the legal and natural persons who reported to the FIAU in 2017, just over 65% were
either non-Maltese nationals or foreign companies. In almost 18% of the cases (or 6 cases in
absolute terms) referred to the Police for further investigation due to a suspicion of ML/FT, the
use of a Maltese-registered company or bank account to launder the proceeds of predicate
offences carried out in foreign jurisdictions was identified. This reporting pattern is in line with
the international element to which Maltese subject persons are exposed.
Box 6.2: Criminal case initiated based on STRs.
The FIAU obtained intelligence through two STRs, one filed in the last quarter of 2015 and the other at
the start of 2016, indicating that subject No 1 and his associate (subject No 2), who run a business in
Malta, were suspected to be involved in the encashment of a substantial number of third party cheques.
The suspicion was based on the fact that the transactions in the bank accounts of the two above-
indicated subjects showed that they were depositing a substantial number of cheques issued to third
parties and withdrawing substantial cash amounts.
Such an illegal operation was deemed to be an operation which could have aided and abetted in the
laundering of funds that may have originated from a criminal activity. The financial analysis carried out
of the various bank accounts operated by subject No 1 and subject No 2 established that over three years
almost EUR 3.4 million were deposited predominantly in cheques and almost EUR 3 million were
withdrawn in cash.
Based on the analysis of the information available to the FIAU it was determined that there were
sufficient elements in the case to reach a reasonable suspicion that both subjects were providing an
unlicensed financial service and that the substantial profits emanating from this illegal activity were the
proceeds of crime. The case was referred to the Police for further investigation in mid-2016.
Following the receipt of the FIAU’s analytical report, investigations were initiated by the Police. During
the investigations carried out by the Police (including also physical surveillance), subject No 1 was
arrested and searches were conducted. The subject confessed of having cashed several cheques issued
to third parties, deposited the said cheques in his accounts which were held with four domestic credit
institutions and the earnings from the encashment of these cheques, which ranges from 0.5% to 1%
were either kept as part of the cash of the business or on his person to be used for business and/or
family needs.
As a result the subject was arraigned, prosecuted and convicted for an offence in terms of Art. 18
(Continuous Offences) and 298C (Usury) of the CC, Chapter 9; Art. 5 of the Banking Act, Chapter 371 and
Legal Notice 155 of 1999 as amended by Legal Notice 385 of 2003 (Provision of Business of Banking
without a license); Art. 3 of the Financial Investment Act, Chapter 376 and the Legal Notice 357 of 2002
as amended by Legal Notice 386 of 2003 (Provision of Business of a Financial Institution without a
license) and Art. 2 and 3 of the Prevention For Money Laundering Act, Chapter 373 (Money Laundering
Offence). During the proceedings, the accused plea bargained and on 25 May 2018 registered an
admission. As a result, he was condemned to two (2) years imprisonment suspended for four (4) years, a
fine of EUR 4000 and a confiscation of EUR 36,500 (The calculated amount of the generated proceeds of
crime) in favour of the Government of Malta.
158. With respect to tipping-off, the authorities and the private sector representatives
informed the assessment team that there are no known cases of tipping-off both in relation to
STR reporting as well as to the provision of information upon request. However, a high number
of requests circulated to the private sector might increase the risk of tipping-off. In order to
mitigate any potential instance, the FIAU is acting cautiously when sending requests for
information on cases with the involvement of high-profile persons and/or PEPs, or when the
nature of a business relationship between the subject person and the person who is the subject
of the FIAU request is likely to increase the risk of tipping-off. In such cases, the FIAU only
contacts subject persons as a measure of last resort and carefully chooses who to contact and
contacts only selected individuals. Subject persons are warned about the serious consequences
of tipping-off.
159. The FIAU receives information from the Comptroller of Customs on cross-border cash
declarations, including on false declarations, non-declarations and ML/FT suspicions identified
at the border. The FIAU uses cross-border cash declarations mainly for strategic analysis
purposes (to identify typologies, specific patterns and individuals frequently conducting cross-
border cash transactions). In addition, the FIAU is screening data against the received STRs and
information received from other sources to identify potentially suspicious cases. Information on
false declarations, non-declarations and ML/FT suspicions identified at the border generally
instigates an analysis in order to identify any elements of ML/FT. Persons who have carried
substantial sums to or from Malta with no clear purpose can also be subject to FIAU analysis. In
several cases, the FIAU submitted reports to the Police based on the strategic analysis.
160. The analysis of cash declarations for the period 2013-2018 (see the table below) revealed
that there was a peak of cash entering to Malta in the first three years, which then decreased in
the following years. The authorities clarified that the conducted geographical analysis of these
declarations revealed that the vast majority of the cash was brought to Malta from Libya (see
also IO.8). This peak was described as an impact of the political situation in Libya. The
assessment team was provided with a summary of the analysis conducted by the FIAU on these
declarations. Based on this analysis, information was submitted to the Police and/or foreign
counterparts.
161. As further elaborated under IO.8, the number of investigations for ML and FT triggered by
cash movements appears low and, given the fact that the wide use of cash is considered a
47
vulnerability in the NRA, the assessors concluded that the criminal intelligence tools of the
authorities should be improved.
Table 7: Cross Border Customs Declarations
Year Entering Malta Leaving Malta
Count EUR Count EUR
2013 5,968 207,449,137 1,051 53,201,537
2014 3,278 100,014,224 948 45,140,658
2015 876 29,812,730 363 20,982,278
2016 328 12,332,898 217 5,933,148
2017 202 15,494,519 393 17,426,163
As at
71 2,744,025 226 4,580,096
03.06.2018
162. The FIAU stated that, from 2013 to May 2018, it also received some 33 STRs from the
supervisory authorities (the Central Bank, the MFSA, and the MGA) identified during their
supervisory or regulatory activities. These reports involve ML/FT suspicions related to fit and
proper checks or unreported suspicious transactions. As a result of the analysis, the FIAU
disseminated some 5 cases to the Police (in 1 case intelligence was used in an already on-going
investigation, which resulted in the arraignment of two persons for misappropriation and other
charges; in 2 cases intelligence was used to provide assistance to the foreign authorities which
showed that subjects and legal entities in Malta were not operating illegally; in 1 case - as a
result of the investigation - there were no criminal actions taken, as funds matched the income
of the persons; and in 1 case not enough elements were unearthed to warrant any criminal
action against the subject).
Operational needs supported by FIU analysis and dissemination
163. Operational analysis carried out by the FIAU is conducted according to a detailed internal
written procedure. The operational analysis passes through three main stages: (i) initial
assessment; (ii) first assessment and prioritisation; and (iii) discussion in and determination by
the Financial Analysis Committee (FAC).
164. The initial assessment is conducted by an administrative support officer. No case can be
closed at this stage. The second stage of the analysis (first assessment and prioritisation) is led
by managers, and has as purpose to distinguish between the STRs that shall be continued and
those that do not require an in-depth analysis and can be closed (due to a lack of indication of
ML/FT or due to insufficient elements of ML/FT). The STRs which are not closed following the
first assessment are assigned to a financial analyst. The financial analyst carries out further
checks as part of a more in-depth first assessment. As part of the initial assessment, the financial
analyst also seeks to identify any indicators which may become useful during the prioritisation
process. This procedure also applies to suspicions of ML/FT which the FIAU may have formed
on the basis of information which came in its possession (independently of any STR).
165. At the last stage, analysed cases are presented to the FAC for a final determination. The
FAC is comprised of the Director and/or Deputy Director of the FIAU; the secretary, managers
and senior financial analysts of the FIAU; as well as a member of the FIAU’s legal and
international relations section. One of the members of the FAC is also a Police Liaison Officer,
who does however not have a voting right. The Committee meets once per month. However, in
urgent and extraordinary cases it can be convened at any time. The FAC takes the decision on
the dissemination of the cases to the Police by vote. The Police Liaison officer is present during
the FAC meetings to ensure that analytical reports may be exploited fully by the Police’s Anti-
Money Laundering Unit (AMLU)32. The Committee disseminates the case to the Police for
further action when it determinates that there are reasonable grounds to suspect that ML or FT
have taken place. Information is handed over to the Police via the Liaison Officer in hard copy
form/CD.
166. The case analysis procedure provides for a number of technical criteria and red flags to
decide upon the urgency and the prioritisation of the case, to be taken into account in the course
of analysis and the decision making. This includes a possible link with FT, the volume of assets
involved, criminal background of the person, involvement of PEPs, as well as the severity and
type of the predicate offence. Nevertheless, a limited number of disseminations made to Police
for the purpose of ML/FT investigations of identified cases suggests that the FIAU is lacking
certain criteria to support the process. In managing priority throughout the case analysis
procedure, regard may be given to the results of the NRA on ML/FT high risk areas, e.g. tax
evasion, corruption (bribery) and organised crime.
167. A breakdown of the disseminations to each recipient (Police, foreign FIUs or other local
authorities) is provided below.
Table 8: Number of disseminations based on the STRs
2013 2014 2015 2016 2017 201833 Total
Total number of STRs 143 202 281 565 778 1275 3244
Police 30 27 20 39 34 45 195
Foreign FIUs 34 50 77 135 277 534 1107
Disseminated to Tax
0 0 0 0 0 249 249
Authorities
Disseminated to other
0 1 3 1 0 4 9
local authorities34
168. Over the period 2013-2018 (31 October), a sizeable number of STRs were closed and no
further analysis was undertaken following the prioritisation meetings within the FIAU or
discussion in the FAC. In a majority of cases, the FIAU found that the information included in the
STRs or obtained during the analysis of an STR is not useful for ML/FT investigations in Malta.
169. The largest percentage of disseminations was sent to foreign FIUs in the form of
spontaneous disseminations. As explained by the authorities these disseminations result from
STRs coming mostly from the remote gaming industry and the increase in the number of
disseminations to the foreign FIUs is connected with the increase of the numbers of STRs
received from this industry. A change in legislation in 2018 allowed for the spontaneous
disclosure of information to the CFR and some STRs were sent to the CFR for application of
administrative measures with regard to tax evasion. The Police, which is responsible for ML/FT
investigation, received only 195 STR-based disseminations.
170. Upon detection of an STR received from a Maltese subject person (mainly from the
gaming sector) which concerns a non-resident, the FIAU disseminates in most of the cases the
intelligence sourced from the STR to the respective foreign FIU. The authorities explained the
high number of STRs for non-residents with the fact that Malta is a gambling centre which
provides gambling service platforms internationally. The assessment team is concerned about
the approach on the use of financial intelligence adopted by the Maltese authorities. Given that
the involvement of non-residents does not exclude that the ML is not taking place mainly
32 Since 1 December 2018 the APMLU is the AML squad under Financial Crimes Investigations
Department.
33 As at October 2018
34 MFSA, Security Service, Comptroller of Customs.
49
through the Maltese remote gambling sector, there is capacity for the FIAU, the MGA and the
Police to make better use of information generated from such STRs.
171. Concerning the mechanism for taking a decision on cases involving tax matters, the FIAU
adopted in January 2018 a procedure to deal with cases relating to tax evasion whereby it was
agreed that: (i) those cases which contain no other suspicion than tax evasion and which do not
exceed a threshold value35 of undeclared income per year are not undergoing an in-depth
analysis and the results of the preliminary analysis are disseminated to the Commissioner of
Inland Revenue; (ii) those cases in which the only predicate offence seems to be tax evasion, but
for which the amount of undeclared annual income exceeds the threshold value, an in-depth
analysis is carried out by the FIAU and the case is presented to the FAC for final determination;
and (iii) those cases in which there is a suspicion of other predicate offences besides tax evasion
are subject to an in-depth analysis by the FIAU and presented to the FAC for final determination.
If in scenario (ii) and (iii) the case passes the FAC with a positive decision on dissemination, it is
sent to the Police. As indicated above, the FIAU submitted to the Police only 2 ML-related cases
which involved tax evasion (please see IO.7 for further details). The assessment team considers
that the low number of criminal investigations for tax evasion is of particular concern, given
that the NRA considers tax evasion as one of the highest ML/FT threats in the country.
172. It should be noted that the FIAU disseminates the cases to the Police when there are
reasonable grounds for ML/FT suspicions. In some of the cases when a STR received relates to
the predicate offence or the attempt of it (such as attempted fraud), the FIAU contacts the
subject person and suggests addressing the Police directly.
173. Over the period from 2013 to mid-2018, the FIAU has disseminated around 9 FT-related
and 186 ML-related cases to Police. The Police initiate investigations automatically based on the
disseminations provided by the FIAU.
174. Concerning the FT-related disseminations, the authorities clarified that in the majority of
cases the FT-related suspicions were not confirmed as a result of additional checks by the Police
and the MSS. A limited number of these STRs have recently generated formal Police
investigations, of which some were still on-going at the time of the on-site visit.
175. Figures provided by the authorities on ML/FT prosecutions suggest that over the
respective period of time there have been only 5 ML cases prosecuted by the Police based on
FIAU disseminations. This raise concerns on the effective use of financial intelligence (see also
IO.7).
176. The FIAU has in a number of cases postponed transactions to determine whether there is
a reasonable suspicion that the transaction is related to ML or FT. Overall, the FIAU has the
power to postpone a suspicious transaction for a maximum of three working days. The FIAU is
empowered to apply the suspension, based on a STR provided by the subject person,
information received from the national competent authorities, a request of foreign counterparts
or on its own initiative (if the FIAU becomes aware of a pending transaction by any means). As a
result, as demonstrated in the table below, over the past two years the FIAU exercised its
powers on 17 occasions.
Table 9: Number of postponed transactions and applied attachments
Number of Number of attachment
Year Total Value Total Value
Postponements orders
2017 4 EUR 621,670.00 0 0
35 Determined by the FIAU Policy.

EUR 929,67236
2018 13 9 EUR 805,644 USD 9,496,211
USD 9,496,211
177. The FIAU does not have adequate IT tools to efficiently support the case analysis and case-
management process, including an electronic information system for document workflow.
Moreover, all STRs are printed out after the initial assessment and circulated within the FIAU in
a hard copy. The collected information and responses from domestic and foreign counterparts
related to the case are also used in a hardcopy and attached to the STR. The assessment team
has been informed that the FIAU is taking steps to enhance its IT tools.
178. The case analysis conducted by the FIAU (before it is sent to the Police) takes in average
7-12 months. The assessment team is concerned with this duration, which appears to be the
result of numerous formal procedures to be conducted in the course of the analysis, a lack of
direct data access, heavy paper-based workflow, a lack of clear and more detailed criteria for
carrying out analysis, as well as a lack of human resources. The authorities indicated that in
urgent cases (e.g. FT-related cases) case analysis is conducted in shorter timeframes.
Table 10: Case analysis duration
Average number of days
Year Number of Cases sent to Police
taken
2013 30 180 days
2014 27 174 days
2015 20 248 days
2016 39 209 days
2017 34 287 days
2018 (as at 31.10.2018) 45 359 days
179. There are no specialised resources dedicated to strategic analysis. There is only some
limited work conducted by the FIAU. As provided by the authorities the competent section of
the FIAU reviews on an annual basis the cases disseminated to the police for further
investigation to identify the predominant predicate offences as well as sectors, methods,
products and services used to channel funds suspected to be linked to ML/FT and analyses
cross-border cash declarations. The findings on cases disseminated to the Police are published
in the FIAU’s Annual Report along with other relevant information in the section titled
“Operations”37. As mentioned above, the FIAU has conducted also a strategic analysis of cross-
border cash declarations. However, considering that the FIAU does not receive a regular
feedback on the use on the disseminated cases, it might be questionable to which extent the
FIAUs efforts are adequately streamlined. The assessment team is of the opinion that the efforts
of the FIAU related to conducting a strategic analysis do not adequately support the activities of
the respective stakeholders.
180. Turning to the human resources of the FIAU, the assessment team concluded that, as of
the date of on-site visit, it was under-resourced. Around 40% of positions (including operative
and managerial positions) were vacant. In the light of the growing annual number of STRs
received by the FIAU, the current staffing situation raises concerns.
181. The assessment team discussed the issue of operational independence and autonomy at
length with various representatives of the FIAU who explained that the latter’s analysis and
36The figure includes of EUR 928,092 and SEK 17,002.

37 Asstated by the authorities, as from 2018 the FIAU has started reviewing all STRs received and not only
those that result in a dissemination to the Police to identify trends and typologies as mentioned above, to
be published in the Annual Report. However, this falls out of the scope of the evaluation.
51
dissemination function has never come under any political, government or industry pressure,
influence of interference. They have also presented sanitised cases (involving PEPs) which were
disseminated to the Police in order to prove their arguments. Despite the fact that the law does
not provide specific mechanisms and procedures for the appointment of the Director as
indicated under c.29.7, the assessment team concluded that the officers have always performed
their functions freely and objectively.
182. However, the assessment team concludes that different factors and circumstances call
into question the FIAU’s ability to perform its analytical function at full capacity: (i) a very long
analytical process; (ii) the low number of disseminations to the Police and absence of feedback
from the latter which could improve the dissemination process; (iii) a huge disproportion of
received STRs, considering also a high level of concentration of STRs being reported by only two
major banks; and (iv) issues identified under IO.3 on the effective risk-based supervision which
could also negatively impact the level and quality of STRs.
Cooperation and exchange of information/financial intelligence
183. Cooperation and communication among the authorities is carried out on a daily basis,
through various meetings and multilateral discussions. In general terms, the authorities
expressed satisfaction with the cooperation with the FIAU. The FIAU stated that it does not
encounter difficulties when exchanging information with domestic authorities. There is no
indication that the cooperation between the authorities is not conducted effectively.
184. As of 2018, the FIAU powers to disseminate results of its analysis were considerably
enhanced. While the FIAU was previously empowered to only share information with the Police,
the supervisory authorities (MFSA and MGA) and the Comptroller of Customs, it can now also
disseminate its findings to other competent authorities (such as the MSS, the SMB, the CFR, the
CVO and the ARB). Although there is no legislative requirement, the FIAU has initiated
negotiations to conclude MoUs in order to streamline cooperation with the provided authorities.
To this effect, the FIAU has already concluded MoUs with the MFSA, MGA and the CVO.
185. The FIAU cooperates with various supervisory authorities for the purposes of
ascertaining the “fitness and properness” of persons holding senior positions within licensed
entities, receiving and responding to over 2000 requests over 2014-2018. In addition, over the
recent period the FIAU enhanced cooperation with the CVO, conducting screening of
administrators of enrolled VOs, to supporting the FT preventive initiative. Moreover, the FIAU
cooperates closely with Identity Malta with respect to the implementation of the IIP.
186. There are some measures to ensure the confidentiality of the information exchange
between the FIAU and other competent authorities. In cases where information is exchanged via
e-mail, the system used is secured and encrypted. In the unlikely event that secure information
needs to be shared via email and the receiver does not support TLS encryption, the document is
password-protected and communicated to the receiver, using a different method of
communication. Nevertheless, the FIAU continuously utilised a hard-copy/CD when
disseminating information to the Police.
187. During the on-site visit, the assessment team was informed that various security
measures are implemented to protect information held within FIAU premises, including
information received from other FIUs, and to ensure that such information is being handled by
the appropriate personnel and in line with the FIAU’s functions.
188. Moreover, certain measures have been taken to prevent the recurrence of previous
incidents in 2017, when highly-confidential information was leaked and subsequently published
by local and international media. The information in question consisted of two reports which
had been disseminated by the FIAU to the Police for further investigation, and contents from an
internal draft analytical report. A compliance report was also leaked.
189. The FIAU has been obtaining full criminal records of persons who are offered a position
within the FIAU. As of recently and in addition to the MSS and criminal conduct related checks,
as detailed in c. 29.6 the FIAU has started undertaking checks and searches itself in relation to
all persons prior to them being offered a position with the FIAU. These checks are carried out by
the managers or the most senior members of the Financial Analysis section and are treated with
utmost confidentiality. Recently the FIAU implemented additional scrutiny process for members
in very sensitive positions, whereby the persons are subject to further tests. The FIAU have to
update and finalise its staff recruitment procedure, to ensure that persons who have been
selected or will be invited for a sensitive position within the FIAU undergo a greater degree of
scrutiny.
190. In light of these events, and in order to prevent, as far as possible, possible future cases of
leakage of information, the FIAU also acknowledged the importance of investing in hardware
and IT systems.
191. Nevertheless, considering, that these security measures were taken recently, the
assessment team was not able to conclude on the effectiveness of the initiatives undertaken by
the FIAU to prevent possible new cases of information leakage.
Conclusion
Immediate Outcome 7 (ML investigation and prosecution)
ML identification and investigation

193. Malta has a legal system and a designated institutional framework enabling the
investigation and prosecution of ML. The Malta Police have the responsibility to investigate ML
and associated predicate offences. Within the Police, the Economic Crimes and AML Squad is
responsible for investigating criminal offences of a financial nature. A designated AMLU is
tasked with the investigation of ML offences. ML investigations can also be carried out by other
sections of the Malta Police, such as the Drug Squad (in conjunction with the investigation of
drug-related offences). The AMLU is generally tasked with the investigations of more complex
ML cases, while less complex ones would usually be of the remit of the unit investigating the
predicate offence. The Economic Crimes and AML Squad was at the time of the on-site visit
composed of 13 Police officers and two analysts. Another two analysts are to be recruited in the
near future. Prior to June 2018, the AMLU was only composed of two officers, which since then
has been raised to five officers.
194. The decision to investigate and to prosecute lies with the Police, who will present their
case before the Court of Magistrates, while the AGO will represent the prosecution before the
Criminal Court. The AGO has no power to initiate investigations or prosecutions, but may act as
a consul to the Commissioner of Police and provide advice of a non-binding nature. The AGO
further plays an important role in the determination of the competent court, i.e. whether the
case is heard by the Court of Magistrates or the Criminal Court. It is also solely responsible for
the role of the prosecution in appeal cases. In relation to tax crimes, it should be noted that the
Police do not have the power to prosecute (although they can initiate investigations). Such
prosecutions require the authorisation of the CFR.
195. The discretion to investigate and prosecute ML offences and related predicate offences
lies with the Police, bound by the principle of legality. The authorities confirmed that an initial
53
suspicion would be sufficient to commence an investigation for ML, which could also be
triggered by reports from third parties or media reports. However, Maltese law recognises a
number of exceptions to the general rule that the cases (based on automatically launched
“investigations”) are only brought forward at the discretion of the Police. Any party can file a
complaint or file a report with, or provide information to, a Magistrate who can thereupon -
should the facts constitute a criminal offence carrying three years or more imprisonment -
institute a magisterial inquiry. The magistrate, leading the investigation, may appoint experts
and require Police assistance. Upon conclusion of the investigation, the magistrate draws up a
process verbal in which s/he may direct the Police to institute criminal proceedings against a
person, in which case the Police cannot unilaterally decide not to prosecute.38 This decision lies
with the AG.
196. Potential ML cases are mainly identified following the receipt of an analytical report of the
FIAU to the police, during the investigation of a predicate offence, upon complaint or on the
basis of information received from a foreign authority. The table below provides an overview of
the number of investigations and prosecutions during the period 2014-2018:
Table 11: Number of investigations and prosecutions
FIAU Investigations Prosecutions
Investigations Prosecutions Total
reports by Police ML based on
Year ML without ML without Prosecutions
to based on a FIAU a
FIAU report FIAU report ML
Police FIAU report39 report
2014 27 23 1 4 4 4
2015 18 20 0 4 4 4
2016 39 38 1 4 4 5
2017 34 24 2 4 4 6
201840 45 41 0 10 1 1
197. Based on the statistics provided, the majority of ML investigations (by the Police) are
based on FIAU reports, although almost none of those investigations seem to lead to
prosecutions (bearing in mind that the Police has also the role of prosecution service). The
majority of prosecutions, which still represents a small number (4 prosecutions opened per
year during the period 2014 - 2017), are based on investigations initiated in the absence of a
FIAU report. Malta achieved the following numbers of ML convictions in the past five years for
natural persons: 6 convictions (2014), 5 convictions (2015), 4 convictions (2016), 8 convictions
(2017) and 3 convictions (until November 2018). The predominant predicate offences for these
ML offences were: theft, drug trafficking, fraud, corruption/bribery and misappropriation.41
198. A significant number of ML investigations have originated in the last three years in
magisterial inquiries: 1 in 2016, 4 in 2017 and 8 in 2018.42 Most of these are however on-going
and the assessment team could not be provided with information on possible prosecutions due
38 Another exception to the monopoly of the Police lies in the “challenge proceedings”: should the Police
fail to investigate and prosecute upon a complaint, report of information, the plaintiff can apply to the
Court of Magistrates in order that the latter orders the Police to initiate the investigation process.
39 Difference in the number of FIAU reports and investigations may occur because, inter alia, reports
being sent by the end of a calendar year, or several reports pertaining to the same investigation.
40 Numbers only take into account the period until the onsite visit (i.e. November 2018).
41 In detail, the predicate offences in ML convictions were as follows: 2014 (theft/fraud; drug trafficking
(2x); excessive currency; false documents; misappropriation); 2015 (bribery; misappropriation; drug
trafficking (2x); undeclared cash); 2016 (fraud; link to prostitution; misappropriation; drug trafficking);
2017 (theft; fraud (2x); fraud, corruption/bribery (2x); misappropriation (2x); link to tax evasion); 2018
(illegal banking and financial activities; drug trafficking (2x)).
42 The number of ML investigations without FIAU reports and the magisterial inquires for ML do partially
overlapping.
to the confidentiality of such investigations. The related predicated offences are mostly
corruption and fraud. Only one case is related to drug trafficking.
Table 12: Crimes reported – examples of offences that potentially generate proceeds
2014 2015 2016 2017
Theft 8198 9687 8821 8255
Fraud 430 505 500 787
Drug trafficking 192 166 217 310
Corruption/bribery 2 13 6 1
Abuse of public
3 7 5 3
authority
ML 0 0 0 17
Table 13: Cases investigated by special branches of the Police not recorded in the
National Police System (NPS) (and Table 12) – from 2017 onwards cases have been
progressively recorded in the NPS
2014 2015 2016 2017
Theft 26 107 36 18
Fraud 46 75 156 6
Drug trafficking 69 77 58 46
Abuse of public
2 13 6 4
authority
ML 27 20 39 17
199. The overall number of investigations, prosecutions and convictions for ML is low, in
particular when compared to the number of potential predicate offences. The assessors
acknowledge that not every reported crime can lead to a formal investigation (and prosecution)
for the predicate offence and/or its ML aspects. However, even if only the cases investigated by
special branches and the FIAU reports were to be considered, an average of around 5 ML
prosecutions per year does cast doubt on Malta’s ability and capacity to pursue ML offences.
200. Based on statistical data and interviews the assessors are of the opinion that the Police
were rather focusing on the prevention and repression of predicate criminality and that ML was
not prioritised as an offence worth pursuing for its own sake. The majority of cases that lead to
prosecution for ML appear to be initiated by the Police in the course of the investigation on the
predicate offence. For the period 2014 to 2018, these were mostly fraud, drug or theft cases.
201. Investigations seem to have focussed on domestic crimes and offenders, where the
proceeds are located in Malta; this assessment seems to be corroborated by the very low
number of MLA requests sent abroad. Investigations appear to be limited to front persons and
do not go beyond or through complex corporate structures. No investigations have been
initiated prior to 2018 against legal persons.
202. Parallel financial investigations have not been conducted on a systematic but rather on a
case-by-case basis. The financial aspects of the crime and the fund flows were analysed mainly
to establish the offence and the identity of the offender. Financial investigations were not
focussed on the financial situation of the suspect, nor were - at least before the establishment of
the ARB in August 2018 - efforts undertaken to pursue these financial investigations with
information to be obtained from abroad. There was no proactive element in the LEAs approach
to ML. A case-management system regarding on-going investigations was only recently
introduced.
203. On a more positive note, the motivation, dedication and awareness of all the authorities in
charge of investigating ML met during the onsite visit is high. Moreover, recent examples of on-
going investigations (and which can hence not yet be assessed in a definitive manner) could
55
reflect a shift in focus by the Police. This is also reflected in a recent rise in the number of ML
investigations (with ten investigations for 2018 by November of that year) and allocated
financial and human resources.
204. Investigators and prosecutors will however need adequate resources and possibly
changes in the legal system (e.g. as regards the double role of investigator and prosecutor
vested in the same person) in order to have this translated in a more effective investigation and
prosecution of ML. The Police informed the assessment team that a reform process was
envisaged until mid-2020 which would convert the current Economic Crimes and AML Squad
into a new Financial Crimes Investigation Department with the personnel of 100 staff. It also
indicated plans to institute its separate prosecution section. In this context, the assessment team
also notes the recent opinion on constitutional arrangements and separation of powers in Malta
by the European Commission for Democracy through Law (the “Venice Commission”), which
recommended in December 2018 the establishment of an independent Directorate of Public
Prosecution who takes over prosecuting powers and corresponding staff from both the AGO and
the Police (as well as the function of magisterial inquiries) and whose decisions not to prosecute
should be subject to judicial review.43
Consistency of ML investigations and prosecutions with threats and risk profile, and
national AML policies
205. In the document entitled “Results of the ML/FT National Risk Assessment”, the Maltese
authorities present the threat level of ML of domestic proceeds of crime as follows:
Table 14: Threat level of ML of domestic proceeds
Sub-category Threat level
Tax evasion High
Local criminal groups High
Drug trafficking Medium-high
Fraud & misappropriation Medium-high
Bribery and corruption Medium-high
Smuggling (goods) Medium
Theft Medium
206. The subsequent offences (among others illegal gambling, human trafficking and
smuggling of persons) are rated “low”. While there appeared to be at least one human
trafficking-related ML case pending before the courts, the assessors note that some of the
authorities considered that the ML-risk posed by human trafficking appeared to be higher than
identified in the NRA and reflected in the statistical data for ML offences. The overall rating of
the ML threat for domestic proceeds is “medium-high”. As regards the ML threat of ML of
foreign proceeds of crime, the rating is “high”. No additional information is provided, other than
the fact that the “ML of foreign proceeds of crime threat level has been calculated for a number of
countries.”
207. Compared to the actual number of prosecutions for ML, per year and per related predicate
offence, the table below shows the situation of the past five years as follows:
43Council of Europe, Opinion on constitutional arrangements and separation of powers, adopted by the
Venice Commission at its 117th Plenary Session (Venice, 14-15 December 2018), paras. 64 et seq. (CDL-
AD(2018)028-e).
Table 15: Predicate offences in ML prosecution
Predicate offence in ML prosecution 2014 2015 2016 2017 201844
Tax evasion 0 0 0 0 0
Drug trafficking 1 3 3 3 3
Fraud & misappropriation 3 1 1 2 3
Corruption 0 0 0 0 0
Smuggling 0 0 0 0 0
Theft 0 0 1 0 0
Other 0 0 0 1 2
Total 4 4 5 6 8
208. Tax evasion, drug trafficking, “local criminal groups” and fraud have been presented as
being the highest threats of ML in Malta. While it appears both from the interviews and the
cases submitted by the Maltese authorities that drug offences, fraud and misappropriation are
frequently investigated and prosecuted, the number of prosecutions for ML in relation to these
predicate offences remains low, and below what is to be expected given the attributed threat
level.
209. Furthermore, there are barely any investigations and no prosecutions for (domestic or
foreign) tax offences, or the laundering of their proceeds. In particular, no cases were
investigated involving professionals to build complex legal structures to evade taxes and
launder the proceeds from such offences. Tax offences (allegedly concerning mainly cases of
underreporting at the domestic level) when detected are dealt with directly by the tax authority,
the Commissioner for Revenue, at administrative level with regard to the tax offence (but not
the ML-aspect). The payment of the due tax and an administrative fine are usually sought from
the offender, although no statistical data regarding the recovery rate could be provided. The
authorities explained this approach with historical and strategic reasons, notably a strong focus
on revenue collection which is easier to achieve through administrative proceedings.
Administrative fines in individual cases are not made public and are generally dissuasive. The
authorities further explained that the current system, where the possible offender has to be
heard by the tax authorities to assess the defrauded amount, could create possible issues of ne
bis in idem and defence rights’ infringements (i.a. the right to remain silent) in a later judicial
procedure.
210. As a consequence of the foregoing, almost no cases are denounced by the tax authorities
to the Police for further criminal investigations. Few investigations for tax offences and ML
thereof have been presented by the Police to the assessors in their written submissions. Most of
these cases were however still with the Commissioner for Revenue for further assessment, and
almost none has led to a formal prosecution (the assessors could only find traces of one
prosecution of ML of tax crimes, where the accused was however acquitted). It should be noted
that, when the Police investigates direct infringements to the Income Tax Act (without the ML-
aspect of such offences), it can only be provided with information by the Commissioner for
Revenue upon lifting of the professional secrecy by the Prime Minister.
44 Numbers only take into account the period until the onsite visit (i.e. November 2018). Note also that the
category “local criminal groups” as mentioned in the NRA has not been taken into account in this table, as
it is not a crime type.
57
Table 16: Tax crime cases referred by the Police to the tax authorities for assistance
Number of
Comments
Number SUBJECTS FIAU Police Cases
Year [concluded or
of Cases Generated Generated referred to:
pending]
Natural Legal IRD VAT
Concluded - no
2013 1 1 1 1 0 0 1 further
investigation(s)
Concluded - no
2013 1 1 1 1 0 0 1 further
investigation(s)
2014 1 1 1 1 0 1 0 In progress
2016 1 3 0 0 1 1 0 In progress
2017 1 1 1 1 0 1 0 In progress
2018 1 1 1 1 0 1 0 In progress
Total 6 8 5 6 1 4 2
211. The authorities have however mentioned that neither the fact that the Commissioner for
Revenue had to agree with a prosecution, nor the fact that the Prime Minister’s consent is
required for the Police to obtain information from the Commissioner for Revenue in direct tax
investigations, had in the past been an issue. Representatives of the Commissioner for Revenue
nevertheless indicated a shift in the awareness of the importance of pursuing also the criminal
aspect of tax evasion, in particular with regard to serious and large-scale cases. The authorities
stated that the maximum criminal sanctions for tax evasion (6 months with regard to income
tax and 1 year with regard to VAT tax) is currently considerably less than for ML (18 years).
Hence a ML conviction could also have a much stronger dissuasive effect on tax offenders. The
Police confirmed that discussions are underway to put stronger emphasis on a criminal
response to tax evasion.
212. The item “local crime groups”, ranked as another high threat of ML, seems to refer to ML
arising from activities of such OCGs in Malta, alone or in cooperation with international criminal
associations. Besides drug cases and some cases concerning oil smuggling, the assessment team
has however not been provided with information as to specific actions undertaken against such
groups to tackle this ML threat on a strategic and proactive level. No cases referred to
investigations for laundering of proceeds by international OCGs. This absence is striking given
the fact that the authorities observed in the NRA “a growth of foreign OCGs who use corporate
structures set up in Malta by Maltese professionals who use licensed companies in the financial and
gaming sector to give an appearance of legitimacy to funds of illicit origin”. The NRA mentions
further that “there is evidence of cash being brought into Malta by OCGs which is subsequently
laundered through the set-up of trading operations and the purchase of real estate and luxury
items.” The assessment of the threat posed by foreign OCGs does not seem to have been
followed-up by a particular operation or concerted action. The number of MLA requests for ML
sent abroad during the period 2014-2017 seems to confirm this, as the following table
demonstrates:
Table 17: Number of MLA requests for ML sent abroad
Outgoing
MLA
2014 2015 2016 2017 201845
requests
concerning:
ML 2 4 0 4 14
Tax offences 0 0 0 0 0
Corruption 0 0 0 0 0
213. Bribery and corruption are considered by the Maltese authorities to present a medium-
high treat of ML. The assessors have been provided with summaries of some investigations, but
not with evidence of recent successfully-completed prosecutions for ML of corruption proceeds.
No MLAs have been sent to other jurisdictions with regard to bribery/corruption. This despite
the NRA stating (with regard to corruption/bribery cases dealt with at FIAU level) that “(in) the
vast majority of cases subject to FIAU analysis, the subjects were foreign nationals who were
believed to have used Maltese companies and bank accounts to launder the proceeds of
corruption”.46
214. During the present evaluation, a number of investigations into high-level cases for alleged
corruption and other financial offences (and related ML) have been debated in Parliament and
have attracted strong local and international media attention (in particular following the
assassination of the Maltese journalist Daphne Caruana Galizia in October 2017). In the same
manner, high-profile cases with regard to banks and public allegations for their implication in
ML and related financial crimes (see in more detail under IO.3) were under scrutiny. At the time
of the onsite visit, these cases were still in the investigatory phase, so that the authorities could
not communicate thereon. The majority of these cases were subject to magisterial inquiries,
which are confidential. The Police stated that it remained informed of the magistrate’s findings,
including reports by magistrate-appointed experts whose findings are crucial for the
continuation of their investigations. Due to the confidentiality of the investigations, the
assessors could not be provided with any information as to whether the police investigations
had originally been initiated ex officio or as a response to already existing magisterial inquiries
(commenced at the initiative of third parties). Therefore, the assessors were not in a position to
form a final opinion as to the effectiveness with which Malta pursues such alleged high-level
cases related to ML.
215. As a consequence of the above and the limited resources within the Police for these highly
complex and sensitive matters, a decision on whether or not to prosecute these cases could take
many years. While the Police stated that it could prioritise cases (despite operating under the
principle of legality), in practice the scarce resources (currently five persons in the AMLU)
would put limits to such prioritisation. The Police stated that a reinforcement of the AMLU on an
ad hoc basis by other colleagues would be hampered in practice by the lack of sufficient training
of colleagues with regard to financial crimes. In light of this, the assessment team is not
convinced that the law enforcement authorities are currently in a position to effectively and in a
timely manner investigate (and, if appropriate, prosecute) such high-level and complex cases,
which could create within the wider public the perception that there may exist a culture of
inactivity or impunity. In this respect, the assessment team notes that the NRA uses remarkably
strong language as to the capacity in the Police to this effect, referring to the fact that staffing in
the past had been clearly insufficient to cope with the extensive investigative commitments and
that the lack of adequate resources appeared to be the main reason for the growing sense of
helplessness among the officers concerned.47
216. Based on how the highest threats of ML are dealt with by the competent authorities, the
investigation (and subsequent prosecution) of ML does not appear to constitute a priority for
the Maltese authorities, despite the willingness of the individual officers to perform their duties.
This is not commensurate with the risks posed by the country’s increasing nature as an
46 NRA, p. 33.
47 NRA, p. 138. Even though it is conceivable that this statement may have referred to the previous staff
situation within the AMLU, the assessment team considers that it would still be valid even after the rather
modest recent staff increase in that unit.
59
international financial centre and the growing size and complexity of its financial sector. The
low number of ML cases confirms this assessment.
217. Among the major shortcomings, the following could be identified by the assessment team:
- no official guidance or AML strategy and no prioritisation of AML for the period under
review;
- a lack of expertise of the competent authorities only recently addressed by efforts in
staff training;
- only very recent improvements in terms of material resources of the Police and other
competent authorities;
- limited human resources at Police level that are strained even more by the fact that the
same persons who specialise in AML/CFT have both a role as investigators and
prosecutors while having to represent Malta in the numerous international
organisations, agencies and fora dedicated to policing in general and AML/CFT in
particular;
- very few financial investigations, limited asset tracing (none abroad) and insufficient
use of international cooperation channels such as MLA requests; and
- the length of the proceedings, due to a lack of resources but also to time-consuming and
cumbersome proceedings for instance in respect of compiling evidence.
218. The Maltese authorities themselves have recognised a number of these shortcomings in
the NRA. As a consequence, some of these have been addressed in the AML/CFT Action Plan of
February 2018. Recent actions concern the increase of staff at Police level, the adjunction of
“civil” financial analysts, the draft guidance on prioritisation of ML cases, new IT systems and
investigative tools, as well as plans to have a special corps in charge of prosecution. While these
efforts are laudable, the assessment team considers that they are too recent and/or too
preliminary to produce tangible results for the purposes of this assessment. Therefore,
significant further improvements are still needed.
219. Overall, the assessment team concludes that, as regards investigations and prosecutions
of ML, Malta’s actions - both on a strategic and case-by-case level - are not consistent with the
country’s risk profile.
Types of ML cases pursued
220. Malta’s legal system is in principle sufficiently equipped to achieve convictions for all
types of ML offences, in particular since neither a conviction for the predicate offences is
required nor a necessary proof to establish from precisely which predicate offence the proceeds
in question are derived from. A conviction for ML may be achieved on the basis of factual
circumstances, even though reference was made in the NRA that the level of proof of the
predicate offence required for the ML offence was not consistently applied by all judges.48 As a
consequence, the authorities were able to provide examples of convictions for most of the
different types of ML. However, the cases presented to the assessment team were mostly cases
of self-laundering, i.e. the laundering of proceeds by a person who was involved in the
commission of the predicate offence. These examples mainly related to drug and fraud cases.
The table below gives an overview of the various types of ML convictions achieved by Malta in
the past five years:
221.
48 NRA, p. 145.
Table 18: Types of ML convictions achieved
Self- Stand- Third Appeal
Year Fiscal Guilty Acquitted
laundering alone party pending
2014 3 4 0 0 6 1 0
2015 1 0 4 0 4 0 1
2016 4 1 1 0 3 2 1
2017 8 2 1 1 6 4 2
201849 2 2 0 0 3* 0 0
* Note that in one case, the accused passed away during the proceedings and the case was subsequently dismissed.
222. The authorities were able to present cases of third-party and stand-alone ML. However,
no recent case was presented in relation to so-called gatekeepers and other professionals of the
financial sector (hence no conviction of professional launderers figured amongst the examples
of third-party ML). Moreover, the reduced number of cases makes it difficult to draw any
general conclusion from these figures.
223. Whereas the legal framework allows for the prosecution of ML of the foreign predicate
offence, no major recent case-example was provided in this respect. This is despite observations
by the authorities in the NRA that a large number of cases subject to FIAU and law enforcement
analyses and investigations concern foreign nationals and residents who were believed to have
used Maltese companies and FIs to launder the proceeds of crime.
Effectiveness, proportionality and dissuasiveness of sanctions
224. Malta’s CC provides for sanctions which are potentially proportionate and dissuasive:
sanctions for ML are a fine not exceeding EUR 2,500,000 and/or imprisonment not exceeding 18
years. In practice, the prosecution always seeks a fine cumulatively with imprisonment in more
serious cases. As most judgments provided concerned prosecutions of both the predicate
offence and ML, it is however difficult to determine whether the sanctions imposed in practice
in relation to ML are effective and dissuasive in view of the aggregation of penalties in
convictions for multiple crimes.
225. In the past five years prior to the onsite visit, aggregated fines ranged from EUR 5,000 as
the lowest sentence to EUR 110,000 as the highest. Custodial sentences ranged from 3 months
to 12 years’ imprisonment. Prison sentences at the lower end (i.e. up to two years’
imprisonment) were very often suspended, with judges taking into consideration the scale of
the offence, recidivism, victim restitution and other factors before suspending a sentence.
226. Based on the few convictions available for stand-alone ML and judging from the sentences
handed in cases of convictions for both the predicate offence and ML, the sanctions applied
against natural persons appear to be dissuasive and proportionate. Interviewed prosecutors
and members of the judiciary confirmed this assessment.
227. Malta has not yet achieved convictions for ML concerning legal persons.
Alternative measures
228. To a limited extent, Malta is able to apply other criminal justice measures in cases where a
ML investigation has been pursued but where it is no possible, for justifiable reasons, to secure
a ML conviction. While the country does not have instruments for non-conviction based
confiscation, the CC (Art. 23C(3)) provides for the possibility to confiscate instrumentalities and
proceeds from a criminal offence for which the accused person cannot be convicted (because
the person is not fit for trial or has absconded), provided that the court is fully convinced that
61
the proceedings would have otherwise led to a conviction. Malta was able to demonstrate with a
recent example that this provision is applied in practice, albeit in a context unrelated to ML.50
Conclusion
229. Malta has achieved a low level of effectiveness for IO.7.
Immediate Outcome 8 (Confiscation)
Confiscation of proceeds, instrumentalities and property of equivalent value as a policy
objective
230. After the adoption of the last MER in December 2012 (where Malta received a low rating
under the previous R.3, due largely to effectiveness issues as regards the identification of assets
and their management), the AMU was set up within the Court registry, tasked to trace the assets
of persons charged or accused of criminal offences. As this entity – which was composed in 2018
of six staff members, who were however not exclusively working for the AMU - had no capacity
to manage assets, the Maltese authorities decided in 2015 to set up the ARB. Following a
number of further legislative enactments, it finally became operational on 20 August 2018,
although it is not yet fully staffed and lacks certain premises. From that date onwards the ARB
has been in charge of asset-tracing and management, while the AMU’s remit being the
finalisation of assignments made prior to that date. The present assessment will focus on the
work of the AMU, as the ARB’s inception and preliminary results are too recent to have any
tangible impact on the effectiveness analysis for the period under consideration.
231. Malta has a legal system in place allowing the confiscation of both proceeds and
instrumentalities of crime, which is routinely done by the courts upon conviction in the cases
presented to them. However, the confiscation of criminal proceeds does neither appear to be
pursued as a policy objective nor as a political priority, at least for the largest part of the period
under review.
232. This is evidenced among others by the absence of any policy, formal or informal (although
draft guidelines in the form of an internal circular are being elaborated), the lack of resources -
both human and financial - allocated to this task, the lack of expertise and training, the fact that
no asset-tracing had ever been effected abroad until October 2018, and the lengthy process
required to set up the ARB. All these shortcomings have been duly recognised by the Maltese
authorities in the NRA and elaborated upon in the AML/CFT Action Plan. Having said that, a
number of recent initiatives have been taken in 2018 that can be considered as a certain change
of policy by Malta.
Confiscations of proceeds from foreign and domestic predicates, and proceeds located
abroad
Financial investigations
233. As discussed under IO.7, financial investigations are not systematically conducted, but
rather on a case-by-case basis and mostly to establish the predicate offence, the fund-flows and
the identity of the offender. Although the Police have the investigative tools and access to a
variety of databases required to obtain relevant information on a suspect’s assets (such as
50 In that case, the Court of Magistrates ordered on 5 November 2018 the confiscation of cash, two
vehicles, several mobile phones and a computer of a person charged with drug trafficking in Malta. The
criminal proceedings were discontinued because the person had absconded to Italy where he was
convicted for the same offence he had been charged with in Malta (hence the ne bis in idem-principle
justifiably prevented a criminal conviction in Malta). It should however be noted that this case did not
entail a charge for ML, but only for the predicate offence.
registers for land, transport and companies), such an investigation is rarely conducted because
of resource and training issues.
234. Cooperation with the FIAU has taken place, but very few requests for financial analysis
have been made by the Police to the FIAU. The Police have explained this with the fact that they
have access to the same information themselves. The table below indicates requests by the
Police to the FIAU:
Table 19: Requests by the Police to the FIAU to conduct a financial analysis
Year Requests to FIAU by Police
2014 0
2015 1
2016 1
2017 8
201851 5
235. When assets are identified, the Police may request the AG to apply to the courts for an
attachment order (prohibiting the transfer of the assets concerned). It is limited to the pre-
arraignment phase and is valid for a period of 45 days, renewable once under certain
conditions. The duration will be longer for persons not present in Malta, as the order has to be
notified in order for the 45 days’ deadline to start running (which is in practice only done once
the person re-enters Malta). The use of the attachment order was rather infrequent for the
period under review, although there has been a notable increase over the last year. The
interviewed authorities explain this by a lack of resources and strategic reasons, i.e. not to
reveal an on-going investigation at a premature stage.
236. After the suspect has been arraigned, the courts can issue a freezing order on all property
of the accused. In the framework of the freezing order (which will be published in the Official
Gazette), the AMU will establish a compendium of assets, defining the scope of the freezing
order. The AMU will in that framework contact all relevant entities (registries, FIs etc.). This is a
time-consuming exercise for which the AMU has not been sufficiently staffed. Moreover, the
asset tracing performed by the AMU has in the past been limited to assets situated in Malta.
Most enquiries did not bring results, as no assets could be found. It also appears that asset
tracing was mainly directed towards assets in the name of the suspects. Very few steps have
been undertaken to trace assets transferred onto the name of third parties or complex
corporate structures. The table below gives an overview of investigation and attachment orders
in the past five years:
Table 20: Investigation and Attachment Orders
Year 2014 2015 2016 2017 2018
Investigation &
6 5 4 1 17
attachment orders 52
Freezing orders53 57 67 33 28 51
237. Although the statistics provided are somewhat incomplete, the amounts of assets seized,
frozen and confiscated is rather low. This has also been recognised by the Maltese authorities in
their written submissions, the NRA and during the interviews. The available information further
51 Numbers only take into account the period until November 2018.
52 Some of these orders have been issued in respect of MLA requests and not necessarily domestic
investigations. Most orders have been issued in relation to ML of fraud PO cases.
53 Pursuant to the Malta Police, the freezing orders were issued “in cases principally related to drugs
trafficking, money laundering, fraud, misappropriation, corruption and organised crime”; they also
encompass orders issued on behalf of foreign authorities on the basis of MLA requests.
63
demonstrates a major discrepancy between the assets attached and frozen, confiscated and
ultimately recovered. The table below provides the numbers of seized, frozen, confiscated and
effectively recovered property for the period 2013-2018, both for ML and predicate offences:
Table 21: Conviction-based confiscation during the period 2013-2018
Property Property effectively
Year Property attached Property confiscated
frozen recovered
2013 --- EUR 166,464 --- ---
EUR 1,453.59 in bank
EUR 1,453.59 in bank
2014 EUR 18, 186,440.21 EUR 26,312 deposits, 9 cars, 1 truck,
deposits, 1 car, gold
immovable assets and gold
EUR 109,627 plus two
2015 EUR 603,801.73 EUR 51,224 ---
flats
Negligible amount of
EUR 30,140.92, share of an
liquid assets (some
2016 EUR 14,143,096.75 EUR 946,253 immovable asset,
recovery procedure still
maisonette and 1 car
underway)
EUR 14,728 and a car that
EUR 9,519, 6 cars, 4 trucks
2017 EUR 2,451,583.17 EUR 124,777 was subsequently
and 1 van
scrapped
2018 EUR 32,867,478.99 EUR 114,935 EUR 12,565 EUR 12,565
238. Malta has confiscated instrumentalities during the period 2013-2018, but the amounts are
likewise rather low (with a total of EUR 1,073,105) as shown in the table below:
Table 22: Confiscated instrumentalities
Year Amount
2013 EUR 152,336
2014 EUR 88,368
2015 EUR 18,449
2016 EUR 98,456
2017 EUR 602,498
201854 EUR 112,968
Total EUR 1,073, 105
239. While a lack of financial investigations and patrimonial enquires (in Malta and abroad)
and the limited use of provisional measures (such as attachment orders) explains these
shortcomings, there are further reasons for the low figures in terms of confiscations and
recovered assets.
240. Firstly, the accused can request provisional measures to be lifted for an amount of
approximately EUR 14,000 per year to cover his/her minimum living costs. As it frequently
takes several years for the court procedures to be concluded and a final judgment to be handed
down, the seized amounts will be considerably reduced.
241. Secondly, as regards confiscated immoveable goods, it appears that the judgments
ordering their confiscation are systematically challenged before the civil courts. Applicants have
been successful in having the civil courts reverse the confiscation, as it could not be established
beyond the required certainty under civil law that they constituted proceeds of crime. With the
standard of proof being different in civil and in criminal courts (i.e. in the former only requiring
the proof on the basis of probabilities), applicants frequently met the burden of proof even
where the onus is on them to demonstrate the legitimacy of the assets. Following the NRA and
some interviewed authorities, the judgments did not (or could not, absent enough preliminary
investigations) sufficiently list and specify the proceeds of crime to be confiscated, which
54 Ibid.
increased the likelihood of success of challenges in front of civil courts. The amount of what
should be confiscated was also not sufficiently specified in some judgments, according to the
NRA.
242. Malta does not have a system for non-conviction based confiscation, although the
confiscation of proceeds is possible in certain circumstances even in the absence of a conviction
(such as in the case of a perpetrator having absconded or being unfit for trial, as provided by
Art. 23C, paragraph 3 of the CC; see further under IO.7, core issue 7.5). A non-conviction based
confiscation system could be an effective tool in a scenario where the proceeds are located
domestically, but the offender is not. This seems to be frequently the case in the investigations
undertaken by the Malta Police. The authorities interviewed by the assessment team would
welcome such a system and underlined that there would be no constitutional or other legal
impediments to introduce it.
243. As regards the management of seized property, the AMU had no capacity to effectively and
efficiently perform this task. Frozen proceeds of crime (immoveable but also moveable, such as
yachts, cars etc.), if not money or assets in bank accounts or safes, were left with the accused to
manage. The accused is however deprived of the possession of instrumentalities which are
presented as evidence in court. The ARB should for the future have both the legal means and
sufficient human resources to initiate a more effective asset management policy.
Confiscation of falsely or undeclared cross-border transaction of currency/BNI
244. Malta applies a cash declaration system, according to which all persons entering, leaving
or transiting the country have to declare cash in excess of EUR 10,000. This obligation applies
irrespective of whether the persons arrive from or depart to other EU member states or third
states. False or non-declarations are criminal offences under the Cash Control Regulation.
Although cargo and mail transportation of cash are not covered by that regulation, the sending
of cash in mail is limited to EUR 10 by law. Information obtained through the declaration
process as well as information on discovered breaches is kept in a database and transmitted to
the FIAU on a bi-weekly basis (and for amounts exceeding EUR 100,000 immediately). Customs
also liaise with the Police and the MSS on possible ML/FT suspects carrying cash at the border.
Customs are obliged by law to seize any amount above EUR 10,000 (or, if indivisible, the whole
amount).
245. When detected, cases of false or non-declaration of cash are sanctioned by the
confiscation of all sums exceeding 10,000 EUR and a fine of 25% of the overall amount (with a
maximum of EUR 50,000). EUR 10,000 are being returned to the offender in case the overall
amount is not indivisible, unless formal ML/FT investigations are started. This appears to be an
effective and dissuasive sanctioning regime, although the assessment team was informed that
this regime has recently come under attack by a constitutional complaint challenging it, inter
alia, on the grounds of proportionality.
246. The tables below demonstrate declarations made for the period 2013-2018 with regard to
both incoming and outgoing cash:
Table 23: Number and sums of declarations for incoming and outgoing cash (land and
territorial waters)
Year Entering Malta Sum Leaving Malta Sum
2013 5344 EUR 251,941,837 889 EUR 52,556,813
2014 2816 EUR 99,895,902 815 EUR 44,970,209
2015 713 EUR 28,035,843 307 EUR 20,360,093
2016 261 EUR 12,340,651 182 EUR 5,933,148
65
2017 166 EUR 15,864,432 331 EUR 18,625,346
2018 (until 31
55 EUR 2,744,25 174 EUR 3,822,400
May)
Table 24: Cash declarations outside territorial waters55

Year Entering Malta Sum Leaving Malta Sum
2013 1 EUR 60,000 20 EUR 4,129,210
2014 3 EUR 401,579 17 EUR 5,207,233
2015 2 EUR 428,360 5 EUR 746,102
2016 3 EUR 129,397 7 EUR 188,166
2017 NA NA 8 EUR 188,808
2018 NA NA 18 EUR 343,870
Totals 9 EUR 619,336 75 EUR 10,803,389
247. The assessment team noted the significant peak in incoming cash in 2013 (more than EUR
250 million), decreasing continuously and significantly in the five subsequent years. The
authorities explained this peak as being a direct consequence of the political situation in
neighbouring Libya and by the fact that a large number of Libyan refugees entered Malta with
cash after the fall of the Gaddafi-regime. Likewise, a smaller peak in 2013 of outgoing cash may
also be related to the same events.
248. From January 2013 until March 2018, Customs detected 20 cases of undeclared cash,
amounting to a total of EUR 946,956 in seized cash. The table below provides an overview of
examples of these cases during the past two years, with charges usually brought under Art. 3 of
the Cash Control Regulations (SL233.07). Such charges were regularly not brought together
with charges for ML or FT, although the authorities stated that the focus was recently increased
on these aspects.
Table 25: Cash control investigations and seizures (2017-2018)
Place of
Date Amount involved Charges given Result of case
Seizure
Decided (guilty) with
8/2017 Airport EUR 16,106.38 Art. 3 (SL233.07) fine of EUR 4,026.60 and
confiscation of EUR 6,106.38
7/2017 Airport EUR 22,000 Art. 3 (SL233.07) fine of EUR 5,500 and
confiscation of EUR 6,000
7/2017 Out at sea EUR 22,290 Art. 3 (SL233.07) fine of EUR 5,747.50 and
EUR 23,000/ Decided (guilty) with
8/2017 Airport Egyptian pounds Art. 3 (SL233.07) fine of EUR 3,948.44 and
2,060/ Dinars 140 confiscation of EUR 1,448.44
8/2017 Airport EUR 13,650 Art. 3 (SL233.07) fine of EUR 3,412.50 and
Case is still Sub-Judice before the
9/2017 Airport EUR 36,355 Art. 3 (SL233.07)
Magistrates Court
55 This term is used to those situations when a person declares cash prior to boarding any vessel
departing from Malta and leaves the territorial waters, or likewise upon arrival in Malta from outside the
territorial waters of Malta.
10/2017 Airport EUR 30,000 Art. 3 (SL233.07) fine of EUR 6,305.90 and
confiscation of USD 19,340
EUR 16,500 fine of EUR 4,500.31 and
12/2017 Airport Art. 3 (SL233.07)
STG 2,397 confiscation of EUR 6,500 and
EUR 2,700
5/2018 Airport EUR 15,000 Art. 3 (SL233.07) fine of EUR 3,750 and
Art. 188C (Chapter
fine of EUR 7,557.50
Sea 9)
confiscation of EUR 20,230 and
9/2018 Passenger EUR 20,230 (Counterfeit
Thirteen (13) months
Terminal Currency) &
imprisonment suspended for
Art.3(SL233.07)
two (2) years
Yacht
10/2018 EUR 18,860 Art. 3 (SL233.07) fine of EUR 2,217 and
Marina
Case is still Sub-Judice before the
10/2018 Airport EUR 24,970 Art. 3 (SL233.07)
Magistrates Court
249. Given the amount of declared cash moving in and out of Malta, and even leaving aside the
exceptional peak of 2013, and taking into account the size of the jurisdiction, the assessment
team is not convinced that enough has been done by the authorities in respect of the detection
of undeclared cash and cash movements in general.
250. This assessment is supported by the fact that the NRA considers cash, especially the
“volumes of cash being brought physically (from Libya) into Malta”, to be one of the main issues
as regards potential FT threats and notes that “very little is done to ascertain the source of the
funds and to investigate what the funds are used for”. With regard to ML, the NRA notes that the
“threat posed by the inflow of cash from Libya, nonetheless, should be highlighted as posing a
very high risk to the jurisdiction and should prompt immediate actions by the authorities” and
“in some cases, substantial amounts of cash were used to purchase high value goods such as
yachts or immoveable property”.
251. Based on available statistics and interviews, Customs do not appear, for the period under
review, to have had an extensive ability to identify non-declared cash due to a shortage in
human and technical resources. Whenever a person makes a declaration - unless exceptional
circumstances and suspicions trigger Police intervention - no action is (and can be) undertaken
to determine whether cash may be related to criminal offences. This is because Customs have no
power to provisionally retain the person for the duration of such enquiries, nor do they have
access to relevant databases. In case of false declarations, Customs may retain the person for
two hours; the Police are immediately called and can arrest the offender.
252. The assessors note that the explanations for cash movements by the interviewees were
not very specific and mostly related to Malta’s geographical position and proximity to Libya.
Given the threats and risks duly identified by Malta in its NRA, one would have however
expected a somewhat more focused approach to the potential ML and FT risks. In this regard,
the assessors consider that the criminal intelligence tools of the respective authorities to
identify the sources, origins and routes of cash movements should be improved. Moreover,
whenever cash is declared on the basis of the declaration form, it appears that the information
provided is too general (usually only requiring at airports name, birthdate, flight number and
the purpose for taking cash) to form a reasonable view about its legal or illicit origins.
67
253. The number of investigations for ML and FT triggered by cash movements appears low.
Only one case, which had been successfully investigated and prosecuted, has been presented to
the assessors.
254. The Custom representatives met by the assessment team recognised that there are
deficiencies. Since 2017, they have addressed some of these shortcomings by recruiting a
number of specialised officers and other investigative means (e.g. a new “K9 section” with
specialised dogs trained for cash detection) to improve the detection rate. Representatives were
also sent on working/training visits to the custom authorities of larger EU member states.
Moreover, draft legislation is being elaborated increasing the power to retain persons by
Customs as well as their access to information. Other measures, such as a “cash movement
information system” to disseminate information to the FIAU and the Police in real time, are
envisaged for 2019. Mail orders will also be subject to specific legislation (although the current
postal legislation, prohibiting the sending of cash over EUR 10, already addresses this to a
certain extent).
Consistency of confiscation results with ML/FT risks and national AML/CFT policies and priorities.
255. The absence of criminal investigations for tax evasion (see above, IO.7), which was
identified as one of the main ML risks in the NRA, also have a direct effect on the confiscation
regime. No amounts with regard to tax evasion were confiscated in Malta in the period under
review. Apart from the ML offence itself, property has been frozen, seized and/or confiscated
mainly for predicate offences such as drug trafficking, fraud, trafficking in human beings,
bribery/corruption, robbery and counterfeiting currencies. For other predicate offences ranked
high in the NRA, such as smuggling and theft, confiscation results were negligible. Moreover, the
confiscation results mainly relate to asset-tracing with regard to the individual named in the
criminal investigations (or a family member). Bearing in mind the situation of Malta as a
regional international financial sentence, with a multitude of legal arrangements available to
separate assets from their actual owner (and to blur their connection), the confiscation results
are not in line with the ML risks faced by the country. No assets were confiscated with regard to
FT.
Conclusion
CHAPTER 4. TERRORIST FINANCING AND FINANCING OF PROLIFERATION
Key Findings
IO.9
 Malta has a sound legal framework to fight FT. The Maltese authorities have recently
the authorities. There have been no prosecutions or convictions for FT in Malta so far.
 The assessment team is of the opinion that for the period under review, taking into
account the information provided and the contextual elements available, the actions undertaken
by the authorities are not fully in line with Malta’s possible FT risks.
 Recent progress has however to be noted, insofar as the competent authorities have
improved their understanding of the threats and vulnerabilities and have undertaken certain
actions to mitigate the risks. This includes the monitoring of certain social media and internet
platforms that might be used for fundraising or fund-collection, of “at-risk individuals” in
relation with certain forms of payments and money transfers and the establishment of a close
cooperation and information exchange between the CVO and the competent authorities.
 Malta has in mid-2018 elaborated a high-level national counter-terrorism strategy which
could however not be provided to the assessment team (being classified information). Any
assessment as to whether and to what extent the investigation of FT is integrated with such
strategy is therefore impossible.
IO.10
 Malta utilises a combination of supranational and national mechanisms that ensures
implementation of the UNSCRs 1267/1989, 1988 and 1373 without delay.
 The SMB is the competent body in Malta responsible for the implementation of UNSCR
and EU sanction regimes (including designation of persons or entities domestically and
proposing designation to UN Committees, de-listing, unfreezing and providing access to frozen
funds or other assets). The SMB’s mandate was recently strengthened further and the number
of member-authorities has increased.
 The SMB has not yet identified individuals or entities or proposed any designations to the
UN sanctions under 1267/1989 or 1988. Malta has adopted domestic measures to implement
UNSCR 1373 which also enable the listing of EU internals. However, these procedures have not
yet been tested in practice.
 Although no assets have been identified and frozen pursuant to the sanctions regimes
under UNSCR 1267/1989, 1988 or 1373, subject persons demonstrated awareness of the TFS
regime through the existence of false positives.
 Deficiencies exist in the immediate communication of the amendments to the UN lists of
designated persons and entities to the subject persons. This has an impact on the
implementation of the relevant UNSCRs by the FIs and the DNFPBs that do not rely on
automated sanctions screening mechanisms or group-level analytical systems.
 Most of the FIs and DNFBPs demonstrated a good level of understanding of obligations of
the identification of assets of the TFS-related persons and entities. However, the basic screening
approach which is followed by some of subject persons (especially the DNFBPs) is deemed
69
insufficient. Although most of the subject persons demonstrated awareness of their TFS
obligations, there is confusion whether to report sanctions matches with the UNSCR lists to the
FIAU (by way of an STR) and/or to the SMB. In addition, several DNFBPs were not aware at all
of freezing or reporting obligations.
 Although the comprehensiveness of understanding of its FT risks by the country casts
some doubts, the measures undertaken to implement TFS measures are broadly adequate to the
FT risks related to the country’s geographic factor.
 The CVO has identified the enrolled VOs which could potentially be vulnerable to FT
abuse. However, the FT risks associated with the non-enrolled VOs have not yet been analysed.
 Although the CVO assessed the risk of FT abuse in the VO sector, a FT risk-based approach
to monitor the sector has not been developed and implemented.
 Most FIs and DNFPBs consider VO sector as higher risk irrespective of the individual VO’s
level of vulnerability to FT abuse. Whilst some subject persons apply enhanced scrutiny, some
consider the VOs outside their risk appetite.
 The CVO has conducted extensive outreach to the enrolled VOs sector on FT. However, the
donor community, and the non-enrolled VOs have so far not been addressed specifically.
IO.11
 The SMB, which is the competent body for implementation of PF-related UN and EU
sanctions regimes, demonstrated sophisticated awareness of PF-related sanctions-evasion risks.
The SMB is involved in the decision-making process on a range of activities related to combating
the proliferation of weapons of mass destruction (WMD) and dual-use goods.
 Through combination of supranational and national mechanisms, Malta ensures the
implementation of UNSCRs 1718 and 1737 without delay. However, deficiencies exist in the
immediate communication of the amendments to the UN lists of designated persons and entities
to the subject persons, and awareness among some subject persons of their freezing and
reporting obligations.
 No assets subject to freezing under the UNSCR 1718 or 1737 have been identified in Malta
to date, but Malta has provided information on a successful case under the EU PF-related TFS
regime. Detailed guidance is issued by the SMB on TFS to provide support to the subject persons
for implementation of PF-related TFS. The SMB constantly receives enquiries from a range of
private institutions which are analysed and answered.
 There is a lack of adequate resources for supervision of the implementation of UN TFS by
the subject persons.
Recommended Actions
IO.9
 Malta should make a more detailed analysis of its FT risks, in particular with regard to
money remittances, cross-border cash declarations and possible links between organised crime
and terrorism.
 Malta’s border cash control mechanism should be strengthened by giving the competent
authorities the legal powers and the resources to perform analyses and investigations related to
FT.
 Malta should accelerate on-going initiatives, such as the development of a national FT
strategy and the establishment of an inter-agency committee to deal more specifically with FT
on a regular basis.
 The level of FT sanctions, in particular with regard to the financing of individual terrorists
or specific terrorist acts (currently punishable by a maximum sentence of only four years
imprisonment) should be further raised to a fully-dissuasive level.
IO.10
 Malta should ensure that amendments to the lists of designated persons and entities
pursuant to UNSCRs 1267/1989, 1988 and 1373 are communicated immediately to all
reporting entities.
 Malta should conduct regular outreach in order to enhance the awareness and
understanding of the subject persons of FT-related TFS obligations, including actions to be
taken under the freezing mechanisms, and reporting to the SMB.
 Malta should expand its assessment of the risk of FT abuse to the whole VO sector.
 Malta should develop and implement a FT risk-based approach to monitor the VO sector.
 Malta should reinforce the outreach to VOs, reporting entities and donor community with
regard to the FT vulnerabilities and risks within the sector.
 Malta should consider widening the scope of the persons scanned by the CVO and
including other actors that can influence the activities of VOs.
IO.11
 Malta should ensure that amendments to the list of designated persons and entities
pursuit to UNSCRs 1718 and 1737 are communicated immediately to all subject persons.
 Malta should reinforce outreach to the subject persons, especially non-bank FIs and
DNFPBs, in order to raise the awareness and understanding of the implementation of PF-related
TFS obligations, including actions to be taken under the freezing mechanisms, and reporting to
the SMB.
 Malta should ensure adequate resources for coverage of TFS obligations in supervisory
inspections.
257. The relevant Immediate Outcomes considered and assessed in this chapter are IO.9-11.
The Recommendations relevant for the assessment of effectiveness under this section are R. 1,
4, 5-8, 30, 31 and 39.
Immediate Outcome 9 (FT investigation and prosecution)
Prosecution/conviction of types of FT activity consistent with the country’s risk-profile
258. Malta has generally a sound legal framework to combat FT, except as regards the
dissuasiveness of sanctions (cf. TC analysis under R.5). The Maltese authorities involved with
countering FT are the Police (via its counter-terrorism unit (CTU) and the AMLU), the AGO, the
MSS, the FIAU, Customs (with regard to cross-border cash movements) and the CVO (with
regard to the potential abuse of VOs for FT).
259. There have so far been no prosecutions or convictions for FT in Malta. In order to assess
whether this is in line with Malta’s risk profile, the assessment team took into consideration the
following: Malta assesses the threat level of FT to be “medium-high” while at the same time
determining the treat level of terrorist attacks to be “low”. In their written submissions and
71
during interviews, the authorities justified the threat level by different factors, such as the size
of the financial centre, the geographical proximity to Libya and other regions in which terrorist
networks are active and migratory flows from high-risk countries and territories. The
assessment team is of the opinion, confirmed by the authorities, that the conclusion appeared
largely driven by a desire to be cautious and to maintain a certain degree of vigilance and
alertness by both the competent authorities and the private sector, rather than any detailed
analysis of statistics, trends or activities (see above, IO.1). The FT analysis performed in the
NRA, dating back mostly as regards FT to 2013 and not updated since, is minimalistic and very
limited compared to the ML analysis, and does not adequately consider the threats and
vulnerabilities of any specific products, services or sectors. The same applies for the risks
associated with massive cash movements, especially from Northern Africa, the NRA limiting
itself to listing some rather vaguely-formulated vulnerabilities. As a consequence, neither the
document entitled “Results of the ML/FT National Risk Assessment” made available to the
assessors nor the NRA itself contains a proper risk assessment or risk profile as regards FT.
260. The NRA lists some vulnerabilities relating to the use of cash (lack of follow-up
investigations or systematic FIAU analysis) more generally relating to the financial sector
(insufficient supervision, complex structures set-up to disguise real ownership, low level of
awareness) and finally the lack of systematic training of the competent authorities. Some of
these shortcomings (which could date from pre-2013, as the NRA is not always up-to-date)
seem however, based on the interviews during the on-site visit, to have meanwhile been
addressed, especially as regards the awareness, readiness and training of the authorities in
charge of FT.
261. Possible links between OCGs and FT were discussed during the on-site visit with the
authorities who informed the assessment team that they were monitoring (in collaboration with
foreign counterparts) various aspects of local and cross-border criminal activities ranging from
fuel smuggling, drug trafficking, smuggling of counterfeit goods (e.g. cigarettes) to trafficking of
human beings, the proceeds of which could potentially support both OCGs and terrorist
organisations. However, pursuant to the interviewed authorities, so far there was no concrete
intelligence that the OCGs had actually provided financial or material support to terrorist
organisations or terrorists.
262. The Maltese authorities also highlighted the fact that Malta is not affected by the
phenomenon of “foreign terrorist fighters”, as Maltese citizens have not travelled to any conflict
zones to join terrorist groups, nor have such fighters left these conflict zones to settle in Malta.
Although Malta has to a certain extent “at-risk communities” the authorities maintain contacts
to them. Potential recruitment, radicalisation and collecting of funds via the internet and in
particular social media are also monitored. In this respect, the assessment team notes that Malta
has sufficiently criminalised the travels for the purpose of terrorist activities, the providing or
receiving of training in terrorist activities, as well as the financing or otherwise facilitating of
such travels. While the country has signed in 2016 the Additional Protocol to the Council of
Europe Convention on the Prevention of Terrorism (which requires a number of related acts to
be domestic criminal offences with regard to foreign terrorist fighters), the ratification thereof
would be welcomed.
263. The authorities were aware of media reports on the alleged illegal sale or fraudulent
acquisition of Schengen visa for Libyan nationals and associated risks of possible terrorists
entering Malta with such visas. They however, stated that those visas had been mainly obtained
on medical grounds and that recent legislations had excluded the possibility that persons
holding such visas could be accompanied, thus excluding the possibility that potential terrorists
could enter the country. While those having received the visas are under scrutiny, the
authorities stated that the number of visas potentially obtained fraudulently had been greatly
exaggerated in the media and would at a maximum be in their tens.
264. The authorities acknowledge the fact that, as an international financial centre, Malta can
be potentially exposed to FT through a high amount of cross-border transactions, be it through
the movement of funds as a transit jurisdiction or through the management of foreign funds. 56
Given that Malta as an international financial centre has some inherent FT risks, one could have
expected some analysis or more reliable data on the financial in- and outflows through the
Maltese economy and other information available (such as STRs), on involved actors and
available financial products in order to address these risks by establishing some form of formal
risk profile.
265. Absent a formal risk assessment and based only on the information available or
communicated during the interviews to the assessors, where no complete risk profile could be
provided, it remains difficult to assess the adequacy of Malta’s response to FT. The assessment
team is however of the opinion that, considering the period under review and taking into
account both the information provided and the contextual elements available, the actions
undertaken by the authorities - were it in terms of analysis of financial transactions and
products, STRs and other intelligence, the analysis of risks and keeping it up-to-date (not done
in a formal way since 2013), some recent cases (cf. infra) and finally the low number of FT
investigations (and absence of any prosecution) - are not fully in line with Malta’s possible FT
risks. The assessment team considers that Malta has at least not underestimated the level of FT
risk when setting it as “medium-high”.
266. However, the assessment has also noted recent progress. The competent authorities
(namely the FIAU, the Police, the MSS, but also Customs and the CVO) have taken a number of
actions and initiatives in order to mitigate the FT threats, such as the monitoring of certain
social media and internet platforms that might be used for fundraising or fund-collection, of “at-
risk individuals” in relation with certain forms of payments and money transfers and the
establishment of a close cooperation and information exchange between the CVO and the
competent authorities. These measures seem to be in line with the country’s current situation
and threat level as perceived by the authorities. The public nature of this report does however
not allow for a more detailed description of these measures.
FT identification and investigation
267. FT is identified through intelligence collected by the Police and the MSS, STRs submitted
to the FIAU and through international cooperation (in particular MLA requests).
268. For the period under review, the number of STRs related to FT is relatively low, although
steadily increasing. The FIAU also updated its STR form in order to increase awareness of
subject persons to FT. A limited number of these STRs, together with FIU generated cases, have
been submitted by the FIAU to the Police and have resulted in formal Police investigations.
Some investigations were still on-going at the time of the on-site visit. In none of the concluded
Police investigations was evidence of FT established and consequently no prosecutions were
carried out as at the time of the on-site visit.
56 In order to better understand the potential risks, Malta has participated in a workshop held in Monaco
in February 2018 which brought together a number of regional financial centres in Europe and FT experts
in order to develop “Guidance on Identifying, Assessing and Understanding the Risk of Terrorist
Financing in Financial Centres”. The authorities should ensure that this outcome document, endorsed by
MONEYVAL in July 2018, is sufficiently disseminated amongst all stakeholders.
73
Table 26: STR-generated cases, investigations, prosecutions and convictions for FT
Police
STR/FIAU FIAU reports
investigations
Year generated to Police for Prosecutions Convictions
without FIAU
cases investigation
report
2015 2 1 0 0 0
2016 12 2 0 0 0
2017 17 5 0 0 0
201857 9 1 2 0 0
269. The FIAU gives automatic priority to STRs on FT (with a first assessment carried out
immediately) and routinely brings these to the attention of the management, regardless of the
amounts involved. The names of potential suspects in STRs are immediately checked against the
information held by the other competent authorities, even before finalising the analysis.
Moreover, information is immediately shared with the CTU, likewise ahead of the completion of
the analysis. The CTU and the FIAU engaged in a one-off project which allowed the FIAU to use a
list of potential suspects for its database to be screened with regard to STRs, with a more
regular exchange of such data under negotiation. The FIAU stated that it usually does not
receive any feedback from the MSS or the Police. In some cases, the FIAU has, rather than
transferring the information to the Police for investigation, spontaneously disseminated the
content of its analysis to foreign counterparts. The FIAU stated that its access to information for
FT-related analysis could be improved, for example by giving it direct access to passenger-name
records or by introducing a central bank account registry (which would put an end to the
cumbersome process of contacting banks individually on such information).
270. Within the Police, FT cases are investigated by the AMLU, in liaison with the CTU, the unit
of the Police responsible for the collection, analysis and dissemination of intelligence with a
view of combatting terrorism and related offences (the latter’s resources having been raised
from three officers in 2003 to currently 12 officers, which may still not be fully sufficient). Such
information is collated and analysed in the same manner as for ML. Prioritisation would be
dependent on the presence of funds in Malta, and the likelihood of their transfer to other
jurisdictions. The AMLU collaborates closely with the CTU which has direct access to
intelligence databases related to counter-terrorism and ancillary matters. Meetings with the
MSS are held on a weekly basis. The AMLU has also regular contacts with foreign counterparts
and is a member of several international networks. Information is shared with these partners
on a regular basis. Moreover, the Police have a number of bilateral agreements with other
competent authorities, such as the MSS and the Armed Forces. The CTU regularly requests
information from the FIAU, and has done so in 98 cases in the last five years.
271. The assessment team was presented with a few cases of on-going investigations on FT,
which were however of a too recent nature (i.e. with the investigation having commenced in the
course of 2018) to have already produced results which could be reported in more detail. One
investigation concerned the financing of a terrorist organisation through proceeds derived from
human trafficking by a group of foreigners who are resident in Malta and with the use of
companies registered therein. Another case concerned a national of another EU member state
which held a bank account in Malta and who allegedly had an active role in two legal persons
which were under the suspicion of being linked to radical Islam. The Maltese authorities issued
an attachment order and froze that person’s bank account with an amount of EUR 123,420. Both
investigations are on-going. While one investigation was initiated upon information received
from another EU member state, the other was initiated following STRs received by the FIAU.
57 Numbers only take into account the period until 18 October 2018.
Although not reported as FT suspicions, such STRs were in the course of the analysis identified
as an FT related case by the FIAU.
272. As already indicated under IO.8, cross-border cash movements and declarations (and
offences against the underlying cash control regulation) have not resulted in any FT
investigations. The authorities were however of the opinion that, during the climax of incoming
and outgoing cash in 2013 with regard to Libya, ISIS had not yet been established in that
country (and cash movements from and to Libya have significantly declined since that year).
Cross-border cash movements and declarations are within the remit of the Customs
department. During the interviews, the authorities showed awareness, but the Customs
Department admitted that it does have neither the legal powers nor the resources to perform
any analysis or investigation. It is e.g. not possible for Customs to retain a person for the time to
make some prima facie checks on the suspected person, although draft legislation is in
preparation to address this shortcoming. Customs cooperate with the Police and MSS. They are
also monitoring the activities of Malta’s Freeport trans-shipment hub, from which a
considerable number of goods are shipped to/from the Maghreb and Mashreq, and inform the
competent authorities in case of any suspicion of FT (or terrorism). As explained under IO.6
(para. 158) the FIAU uses cross-border cash declarations for strategic analysis purposes (to
identify typologies, specific patterns, and individuals frequently conducting cross-border cash
transportation) and to also identify potential FT suspicions. Such strategic analysis led to the
opening of ML operational analytical cases by the FIAU, however no TF links were identified to
initiate analytical cases.
273. In addition to the formal detection via the FIAU and Police investigations, the MSS plays
an active role in the fight against FT, within the limits of its mandate. A number of actions taken
by the MSS, in respect of cash movements, couriers, money remittance and persons of interest
have been described to the assessment team. These measures include the gathering of
intelligence and information on persons suspected to be connected to FT. Actions taken involve
the monitoring of travellers arriving or departing from destinations deemed to be high risk, the
gathering of intelligence on the collection and transfer of funds potentially carried out by high
risk target groups or individuals, analysing whether persons of interest are remitting funds to
high risk jurisdictions as well as evaluating possible links between organised crime groups and
FT. In addition, information is also obtained through the monitoring of open source intelligence
and social media platforms. These measures are taken for the purposes of uncovering cases
concerning the collection of funds for FT as well as sharing of information with international
and national partners in order to uncover other possible local or international leads or cases.
274. The FT threats are similarly taken into account in their work by Customs and the CVO. The
CVO has taken various initiatives as explained in further detail under IO10.
275. In order to improve the identification of FT cases, the Maltese authorities have improved
training for their staff, sometimes with the help of foreign experts. For example, in November
2016, the FIAU held a training session for subject persons on how to identify FT cases, which
was attended by around 400-500 participants (mainly banks, other FIs and TCSPs). The FIAU
also devotes time on FT with regard to its sector-specific AML/CFT trainings, which it held in
the past for TCSPs, notaries and real estate agents. The authorities also increased their human
resources and provided some guidance to the private sector, such as a “Guidance Note on
Funding of Terrorism” issued in 2018. This guidance was based on existing FATF guidance, but
tailored and edited to meet the specific situation of Maltese subject persons. Other initiatives
were however of a rather recent nature and the team could not assess their effectiveness.
Moreover, the adequacy of human resources for effective CFT also remains a concern.
FT investigation integrated with -and supportive of- national strategies
75
276. Malta has, during the summer of 2018, adopted a high-level CT Strategy, based on the EU
Counter Terrorism Strategy. The document is classified and could neither be given nor shown to
the assessment team; the only information provided during discussions with the authorities is
that it sets high-level objectives under the so-called four pillars, i.e. “Prevent, Protect, Pursue
and Respond”.
277. Under the auspices of the Ministry for Home Affairs and National Security, a CT Action
Plan is currently being elaborated in accordance with the strategic objectives set out in the high-
level national CT strategy. A new specialised inter-agency committee (composed of members of
the AGO, the Police, the MSS, the FIAU and Customs), which should be dealing more specifically
with FT aspects, is also envisaged.
278. As the assessment team could not be provided nor be granted access to the national high-
level CT Strategy nor to any other draft document relating thereto, it is not in a position to
express any opinion, as to whether and to what extent the investigation of FT is integrated with
and used to support such strategy.
279. The team noted that in recent years, the authorities investigated two cases for terrorism.
One case related to charges of terrorism against two persons affiliated to the former Libyan
regime who were involved in the hijacking of a Libyan aeroplane in 2016 which they landed at
Malta International Airport. The other case related to the threat of committing terrorist act by a
woman who was later declared to be of unsound mind. Having discussed these cases with the
authorities, the assessment team agreed that those cases would not have been suitable FT
investigations and that there was no failure on the part of the authorities for not further looking
into the cases from a FT-angle.
280. In the period under review, there have been no FT prosecutions and convictions.
Therefore, the evaluators were unable to assess whether sanctions or measures applied in
practice against natural persons convicted of FT offences are effective, proportionate and
dissuasive.
Alternative measures used where FT conviction is not possible (e.g. disruption)
281. The Maltese authorities have not applied alternative measures in lieu of proceedings with
FT charges.
Conclusion
Immediate Outcome 10 (FT preventive measures and financial sanctions)

Implementation of targeted financial sanctions for FT without delay
283. Malta has a sound legal framework in place to implement FT-related TFS. As an EU
member state, Malta utilises a combination of supranational and national mechanisms to
implement UNSCRs 1267/1989, 1988 and 1373 without delay. Pursuant to amendments of the
NIA, UNSCRs imposing sanctions or applying restrictive measures are automatically binding in
their entirety in Malta and constitute a part of the domestic law thereof. The UNSCR and the EU
Regulation imposing freezing measures and the annexes thereto are immediately tantamount to
a freezing order upon publication, having the force of law in Malta. Hence a time-delay imposed
by the transposition of UNSCRs and amendments to the relevant EU Regulations does not exist
in Malta.
284. The SMB is the competent body responsible for implementation and operation of the UN
and EU sanctions regimes (including designation of persons or entities domestically and
proposing designations, de-listing, unfreezing and providing access to frozen funds or other
assets). The SMB’s mandate and powers were recently strengthened through amendments to
the NIA. The number of involved members increased from ten up to eighteen (and currently
includes also representatives from the FIAU, the MSS and the ministries responsible for
maritime, aviation, lands and immigration).58 The SMB meets on a regular basis (approximately
once a month) or on an ad-hoc basis should a specific case or incident require immediate
attention. The SMB convenes to discuss, amongst other items, coordination between the
competent authorities, as well as amendments to the relevant legislation. The SMB participates
also in the NCC to contribute information from their work to the AML/CFT framework.
285. Malta has not yet identified individuals or entities or proposed any designations to the UN
Security Council Committees pursuant to resolutions 1267/1989 and 1988. In this context, it
may however be noteworthy that Malta has proposed a designation under another UNSCR
regime59, thereby demonstrating the country’s general ability to take actions within the context
of UN designations.
286. The competence regarding designation of persons or entities at national level lies with the
Prime Minister who is empowered to order a designation after considering the
recommendations of the SMB and the AG. However, Malta did not yet have an occasion to test
the national designation mechanism in practice. There have also not yet been orders issued by
the Prime Minister for EU internals.
287. Malta has not received a request from a foreign jurisdiction for designation pursuant to
UNSCR 1373 or made a request to another country to give effect to the actions initiated under
the freezing mechanisms. Nevertheless, procedures are established in Malta and the SMB is
provided with the respective powers for dealing with such requests both within the framework
of EU and national legislation, should the occasion arise.
288. Malta applies diverse mechanisms for communicating designations to the FIs and the
DNFBPs. The SMB website contains links to the UN and EU consolidated sanctions list. In
addition, the MFSA informs licensed entities twice per year of changes to the lists, as confirmed
by the FIs. Larger FIs and DNFPBs mentioned that, as a source for designations in practice, they
primarily rely on automated and internationally recognised screening mechanisms or group-
level analytical systems. Smaller FIs informed the assessment team that they would perform the
screening of clients every time they receive updated lists from the MFSA. Smaller DNFPBs noted
that they are relying on manual checks performed against publicly available information. At the
same time, several DNFBPs stated that they are not aware of any sanction lists or other material
being provided by the Maltese authorities. Overall, communication of lists by the Maltese
authorities does not appear to be effective. The authorities do not communicate the updates to
the lists to the subject persons immediately. This has an impact on the implementation of the
relevant UNSCRs in particular by FIs and DNFPBs that do not rely on automated sanctions
58 The SMB currently is comprised of eighteen officials, acting collectively and representing the following
ministries/authorities: Ministry for Foreign Affairs and Trade Promotion (Chairman); Office of the AG;
FIAU; MSS; Malta Police; Office of the PM; Ministry for Home Affairs; Ministry responsible for Defence;
MoF; Ministry responsible for the Economy; Trade Department; Customs Department; Central Bank of
Malta; MFSA; Ministry responsible for maritime affairs; Ministry responsible for aviation matters;
Ministry responsible for lands; and Ministry responsible for immigration matters.
59 The Maltese authorities have indicated that they have made the first proposal to the UN Security
Council Committee pursuant to UN Resolution 1970 concerning Libya to designate a vessel. The proposal
is currently being considered by the relevant UN committee.
77
screening mechanisms or group-level analytical systems (and in particular on those which rely
entirely on the communication by the MFSA which only occurs twice per year).
289. Most of the FIs and DNFBPs demonstrated a good level of understanding of obligations of
the identification of assets of the TFS-related persons and entities. Most subject persons conduct
checks against the TFS lists when on-boarding and monitoring customers in the course of a
business relation. However, some subject persons met during the on-site visit mentioned that
the screening frequency of an on-boarded customer depends on his/her risk level, and the
screening may take place only once every 2 years or in even later intervals. Hence some FIs and
DNFBPs might not identify a potential match of existing customers with the UNSCR lists in a
timely manner.
290. The subject persons stated that the screening against the UN lists also covers BOs. While
some FIs and DNFBPs verify BO information using Maltese and foreign registers of legal persons
or legal arrangements, most of them obtain BO information and evidence independently. Hence
the deficiencies related to the accuracy of data available in the registries, as described below
under IO.5, do not have any considerable impact on the activities of subject persons with
respect to the screening of the BOs.
291. The SMB has issued a detailed guidance document on the implementation of TFS in 2018
(which is publicly available on its website). Since 2011 the FIAU has included a short section on
the implementation of TFS obligations in its Implementing Procedures. The SMB also conducts
regular outreach on TFS and provides upon request additional guidance on a case-by-case basis.
As further described under IO.11, the SMB demonstrated that it engages in TFS-related
communication with the subject persons.
Targeted approach, outreach and oversight of at-risk non-profit organisations
292. The CVO plays a central role in the prevention of abuse of the Maltese VO sector. It was set
up by the Voluntary Organisations Act (VOA) in 2007 with the task to strengthen the voluntary
sector through various initiatives (with the specific aim of promoting the work of VOs as well as
encouraging their role as partners with the government in various initiatives).
293. As of November 2018, amendments have been made to the VOA aimed at, inter alia,
widening the function and responsibilities of the CVO to also review periodically new
information on the voluntary sector’s potential vulnerabilities to AML/CFT and requiring
mandatory enrolment.
294. At the time of the on-site the CVO consisted of 7 staff members. The assessment team was
informed that in order to ensure adequate resources of the CVO (especially considering the
widening of its functions and responsibilities), it is planned to considerably increase the budget
and the staff in 201960. Considering the increasing scope of the CVO activities, including due to
the recent legislative amendments, the assessment team welcomes the decision to increase the
budget which would further strengthen the operational capacities of the CVO.
295. The Commissioner is responsible for maintaining an accurate and up-to-date register of
VOs. In accordance with the provisions of the law all information contained in the VO Register is
available to the public in hard copy at the office, through scanned documentation via email or
online for some VOs61. This allows for a greater transparency of the VO sector.
60 The authorities confirmed that the budget of the CVO was increased fivefold in 2019, with further plans
for an eightfold increase in the future.
61 An on-going project aims at populating the on-line database of VOs, scheduled to be accomplished by
the end of 2019.

296. In autumn 2018, the CVO has carried out a risk assessment exercise of all enrolled VOs
using various adequate and relevant characteristics and ranking them as having a high, medium
or low risk. The CVO has identified around 360 out of 1610 enrolled VOs62 that potentially have
a high risk factor of ML/FT. Out of these, 47 VOs were classified as potential high risk for FT due
to their international activities conducted in high risk jurisdictions. The VOs that are not
enrolled have not been assessed so far.
297. The CVO conducts a prudential monitoring of VOs. The administrators of all enrolled VOs
have been screened by the FIAU and the Police in 2018. The CVO also coordinates with and
seeks the assistance of the MSS. Changes to administrators of enrolled VOs and all
administrators of newly-enrolled VOs will be screened through the same sources when handling
the application for registration. At the time of the onsite visit, enrolment had been refused in
two cases due to the fact that the subjects were known to the Police through the FT-related
investigations63. While acknowledging this effort, the assessment team considers that the CVO
might need to widen its scope by giving more consideration to other actors that can influence
the activities of the VOs, such as founders, members, managers, executives or the prompters of
VOs.
298. The CVO annually monitors the administrative reports, annual returns and annual
accounts of VOs. All the annual reports are vetted. Reference to the Tax Compliance Unit is made
whenever investigations of these accounts by the CVO raise suspicion of tax-related offences. In
all other cases where the CVO identifies a suspicion, including possible FT-related matters, it
will report the case to the Police. During the period under consideration sanctions were applied
in cases where a breach of the VOA was identified, including warnings and the removal of three
administrators. These cases where however not related to FT-matters. Overall, although the
above-mentioned transparency measures are intended to reduce the vulnerability of VOs at FT
risk and the CVO assessed the risk of FT abuse in the VO sector, Malta has not developed and
implemented a FT risk-based approach to monitor the sector.
299. The CVO has conducted extensive outreach to the VO sector on FT. One seminar and seven
workshops have been organised by the CVO just before the on-site visit for VOs on the
safeguards from misuse for ML/FT purposes with participation of the FIAU. The material of the
seminar was distributed to all enrolled VOs. In addition, a supporting toolkit to safeguard VOs
from abuse has been developed and circulated to all VOs. VOs met during the on-site were
aware of these outreach activities. However, the donor community and the non-enrolled VOs
have so far not been addressed specifically.
300. Most FIs and DNFPBs consider VOs as higher risk clients without making a distinction
between VOs that pose a high, medium or low FT risk. Some of the subject persons indicated
that they prefer serving the EU funded VOs. Some other subject persons highlighted that VOs fall
outside their risk appetite. The representatives of VOs brought to the attention of the
assessment team that the subject persons, particularly FIs, would apply a higher level of
scrutiny when considering establishment of business relations with them, which consequently
results in discouraging the VOs from engagement with them. The authorities informed the
assessment team that they have not yet assessed the impact of the financial exclusion, but are
concerned by the issue and negotiate with the major banks on this matter. The assessment team
is concerned with the approach applied by the FIs, which demonstrates that the results of the
VOs risk assessment were not yet used by the FIs.
62 According to Art. 4(1) of the VOA, “Any voluntary organisation may apply to become enrolled with the
Commissioner and, once enrolled and subject to the observance of applicable provisions of law, may
enjoy the privileges contemplated by this Act and any regulations made thereunder”.
63 No further information has been disclosed by the authorities as both investigations are in progress.
79
Deprivation of FT assets and instrumentalities
301. Although no assets have been frozen pursuant to the sanctions regimes under UNSCR
1267/1989, 1988 or 1373, the authorities have demonstrated that they are able to take actions
under other UNSCR sanctions regimes64. This includes freezing of assets, unfreezing of funds
and providing access to frozen funds. Each of these cases are comprehensively analysed by the
SMB, using the powers, competencies, and the expertise of the 18 members representing the
state authorities. Decisions are taken expeditiously on an individual basis. The SMB has
cooperated closely with its foreign counterparts and the UN on these matters at operational
level.
302. A number of FIs and DNFPS mentioned that they came across false positive matches
under UNSCRs 1267/1989 and 1988. In the past 5 years, one sanction hit appeared, as a result
of which the bank reported to the SMB and froze the account (EUR 2000). Considering the level
of awareness of the obligations under the TFS regime demonstrated by most of the subject
persons, the assessment team concluded that the subject persons would also be capable to
identify and freeze assets in case of an actual match.
303. FIs were aware of their freezing and reporting obligations. However, there was some
inconsistency in FIs and DNFBPs’ understanding of whether to report matches with the UNSCR
lists and assets freezing to the FIAU (by way of an STR) and/or the SMB. In addition, several
DNFBPs (some representatives of investment funds, trustees and notaries) were not aware of
freezing or reporting obligations at all, stating that they would simply refuse the transaction or
exit the customer relationship (see also below, IO.4). The assessment team considers that this
negatively impacts the effective implementation of the TFS obligations.
304. In the absence of prosecutions/convictions, restraint orders or confiscations for FT in
Malta (see above, IO.9), no other measures to deprive terrorist of assets have been applied.
Consistency of measures with overall FT risk profile
305. Although the comprehensiveness of understanding of its FT risks by the country casts
some doubts (see above, IO.1), the steps taken to implement TFS measures, seem to be broadly
adequate. This assessment is supported by the measures taken by Malta in the framework of the
UNSCR 1970 concerning Libya in light of the geographical risks. However, shortcomings related
to communication of designations and the knowledge gap of some subject persons (as described
in the analysis above) weaken the effectiveness of the FT-related TFS regime in Malta.
306. The concerns on the FT risk-understanding have a greater impact on the assessment of
the adequacy of the preventive measures with respect to the VO sector. The risk of terrorist
abuse in the VO sector assessed by the CVO did consider only the enrolled VOs, and did not
contain any analysis of non-enrolled VOs. The assessment team acknowledges the importance of
the recently enacted amendments in relevant laws, and steps taken to improve the cooperation
between authorities for assessing and monitoring potential FT abuse in the VO sector.
Nevertheless, improvements are needed to ensure a risk-based approach towards supervision
and monitoring of VOs at risk of FT abuse and sustainable outreach to the VO sector, subject
persons and the donor community.
Conclusion
64The Maltese authorities have demonstrated to the assessment team that measures have been taken
under the UNSCR 1970 concerning Libya.
Immediate Outcome 11 (PF financial sanctions)
transaction banking and fund management. Malta’s financial sector is bank-centric, oriented to
providing financial services to foreign customers. Malta also has a relatively large international
trading economy. Bearing in mind the nature and scale of business undertaken in Malta and the
geographic location of Malta, the country is exposed to potential PF activities (through financial
and trading channels and the misuse of legal persons and legal arrangements). SMB
demonstrated a sophisticated understanding of exposure of Malta to PF. The assessment team
acknowledges the measures that Malta has put in place to mitigate the PF-related risks,
including amendments of the NIA and the detailed guidance document of the SMB on TFS. When
determining the materiality of the shortcomings Malta’s exposure to PF is seen as an important
contextual factor.
Implementation of targeted financial sanctions related to proliferation financing without delay
309. As an EU member state, Malta utilises a combination of supranational and national
mechanisms to implement UNSCRs 1718 and 1737 without delay. The TFS legal and institutional
framework described under IO.10 also applies to the PF-related TFS regime.
310. Pursuant to the NIA, UNSCRs constitute a part of the domestic law. The designations at the
UN level apply directly in Malta without the need for EU transposition. Hence, a time-delay
imposed by the transposition of UNSCRs and amendments to the relevant EU Regulations does
not exist in Malta.
311. The SMB is the body in Malta responsible for implementation and operation of PF-related
UN and EU sanctions regimes. The SMB has demonstrated sophisticated awareness of sanctions-
evasion risks in particular with regard to PF. The SMB is also involved in the decision-making and
the licensing on a range of activities related to combating the proliferation of WMD and dual-use
goods, which was evidenced by the provided case examples65. Furthermore, the SMB, in
conjunction with the Directorate for Trade Services and Projects, is the licensing authority for all
arms and related material. The SMB has experience in conducting PF-related investigations, and
an on-going case of a DPRK company in Mata was shared with the assessment team.
312. Malta has mechanisms for communicating designations to the FIs and the DNFBPs relating
to UNSCRs 1718 and 1737. However, as described above in IO.10, the authorities do not
communicate the updates to the UN list of designated persons and entities to the subject persons
in a timely manner. This has an impact in particular on the FIs and DNFBPs that do not rely on
automated sanctions screening mechanisms or group-level analytical systems.
Identification of assets and funds held by designated persons/entities and prohibitions
313. Malta has not identified and frozen assets of persons linked to the PF-related UN TFS
regime. However, the authorities and the subject persons met could demonstrate that they are
able to freeze and unfreeze assets66.
314. There have been no assets identified and frozen under the DPRK UNSCRs. According to the
Maltese authorities this is commensurate with the very limited economic and trade ties between
65 The SMB has an experience of supporting designations through the EU channels, providing analytical
data and other information, which served for re-designation of many Iranian entities, controlled or owned
by the Islamic Republic of Iran Shipping Lines Group
66 The SMB shared a case, triggered by a FI report and related to an Iranian entity designated under the EU
PF-related TFS regime. This case demonstrated the ability of the FI to identify the match with the
designated entity, followed by the immediate report to the SMB and freezing EUR 4,6 million. The assets
were unfrozen after the entity was de-listed.
81
Malta and the DPRK, as well as the absence of any significant diaspora in Malta. The assessment
team was informed about one case related to the DPRK which is described in the following box.
Box 11.1Case DPRK students
In September 2017, the Ministry of Foreign Affairs and Trade Promotion (MFTP) was informed that two
DPRK students had applied for the International Maritime Law Institute academic programme.
Information received indicated that one of the students belonged to a UN listed entity. MFTP, through
Malta’s permanent representation to the UN, sought guidance from the UN Sanctions Committee as to
whether training may be provided to these two DPRK students. The 1718 Sanctions Committee replied
that, given the student’s involvement with the listed entity, it was unable to determine that the proposed
training would not contribute to the DPRK’s proliferation of sensitive nuclear activities or ballistic
missile-related programmes. Accordingly, the SMB did not approve the training to be provided to the
students. No bank accounts had been opened or funds been transferred by the students to Malta.
315. Based on the above-provided examples the assessment team concluded that the legal and
institutional framework of Malta is sufficiently operational in order to prevent designated
persons or entities from operating or executing financial transactions related to proliferation.
FIs and DNFBPs’ understanding of and compliance with obligations
316. Most of the FIs and DNFBPs demonstrated a good level of understanding of the TFS-
related obligations. As already described under IO.10, the REs mostly conduct checks against the
TFS when on-boarding and monitoring the clients, and they do not encounter difficulties in
identifying and verifying the BOs. However, some subject persons met during the on-site visit
mentioned that the screening frequency of an on-boarded customer depends on the risk level of
the customer, and the screening can take place once every 2 years or even in longer intervals.
Hence, some FIs and DNFBPs might not identify a potential match with the UNSCR lists of
existing customers in a timely manner.
317. As already described under IO.10, larger FIs and DNFBPs mentioned that (as a source for
designations in practice) they rely primarily on automated and internationally-recognised
screening mechanisms or group-level analytical systems, also with regard to the implementation
of PF-related TFS.
318. FIs were aware of their freezing and reporting obligations. However, there was some
inconsistency in FIs’ and DNFBPs’ understanding of whether to report matches with the UNSCR
lists and assets freezing to the FIAU (by way of an STR) and/or the SMB. In addition, several
DNFBPs (some representatives of investment funds, trustees and notaries) were not aware of
their freezing or reporting obligations at all, stating that they would simply refuse the transaction
or exit the customer relationship (see also below, IO.4).
319. The SMB plays an important role in pursuing understanding and compliance with the TFS
obligations by the subject persons. It issued a detailed “Guidance on TFS Imposed Pursuant to EU
Regulations and the NIA under UNSCRs Related to Terrorism and FT, and Proliferation”,
providing description of obligations, mapping the steps to be taken and sanctions set up by Malta
for non-compliance with the freezing and reporting obligations for any and all natural and legal
persons in Malta. Since 2011, the FIAU has included a short section on the implementation of TFS
obligations in its Implementing Procedures. The SMB also conducts seminars and outreach on
the implementation of PF-related TFS.
320. The SMB provided the assessment team with a number of examples of inquires received
from a range of private institutions engaged in trade with clients of Iranian origin (persons and
legal entities) or on investment of assets in Iran. In all of the cases the SMB conducted an analysis
of the circumstances and the involved parties and answered inquires.
321. Awareness of PF-related risks by most FIs and DNFBPs is generally limited to the
operational risks related to implementation of freezing requirements. Although some outreach
and educational activities for FIs and DNFBPs have already been conducted by the competent
authorities to raise their appreciation of evasion schemes, this should be further enhanced.
Competent authorities ensuring and monitoring compliance
322. The SMB is also a body responsible for the monitoring of implementation of the UN TFS in
Malta, and has entered into a multilateral MoU on 31 May 2018 with the FIAU, MFSA and MGA
to further refine the exchange of information with these three authorities, and to formalise
their cooperation with respect to the supervision of FIs and DNFBPs. Through the MoU the
FIAU, MFSA and MGA agree to check TFS-related aspects as part of their supervisory
engagement, including in the context of on-site inspections. The Maltese authorities have stated
that the practice of covering TFS as part of the AML/CFT on-site inspections has been applied
for many years prior to signing the MoUs.
323. On-site inspections are currently focused on some specific aspects of implementation of
the AML/CFT measures, and implementation of PF-related TFS received relatively less
supervisory attention. Some of the FIs and DNFBPs stated that they have not been inspected
with regard to the implementation of the TFS regime. The Maltese authorities provided
statistics of the inspections that resulted in findings and breaches with regard to the
implementation of the TFS regime. However, no further data were provided to the assessment
team on the types of reporting entities inspected, the characteristics of breaches identified, the
TFS regimes these breaches refer to, or the measures taken to overcome the deficiency and to
prevent the repetition of a breach. Therefore, it is not possible to fully assess the adequacy and
dissuasiveness of applied corrective measures (see IO.3).
Table 27: Statistics on inspection of implementation of TFS by REs
Type of a Examinations with
Reprimands Sanctions
Year subject Findings in relation
Issued Imposed
person to Sanctions
FIs 10 2 1 (EUR 750)
2014
DNFBPs 6 2 0
FIs 0 0 0
2015
DNFBPs 26 1 0
FIs 3 1 0
2016
DNFBPs 52 1 0
FIs 25 0 0
2017
DNFBPs 18 0 0
324. In addition, the monitoring of PF-related TFS compliance is also limited in light of the
resource issues faced by the supervisor (see IO.3). It did not become apparent that adequate
human resources that are dedicated to the supervision of TFS matters are available. Hence the
assessment team concluded that there is a lack of adequate supervision of the implementation
of the TFS regime by the subject persons in Malta.
Conclusion
325. Malta has achieved a substantial level of effectiveness for IO.11.
83
CHAPTER 5. PREVENTIVE MEASURES
Key Findings
 It is apparent that the understanding of ML/FT risks is varied across the sectors. Banks
and casinos demonstrated a good understanding of the ML risks to which they are exposed, but
some non-bank FIs and other DNFBPs (including some TCSPs, legal professionals, accountants
and real estate agents) were less clear in relation to ML risks and were unable to clearly
articulate how ML might occur within their institution or sector. However, problems related to
ML/FT reporting, including the number of STRs, suggest that there might be problems with the
overall understanding of the risks among the subject persons.
 In relation to FT risk, FIs (particularly non-banks), and DNFBPs (including some TCSPs,
legal professionals, accountants and real estate agents) were less confident in their
understanding, with most stating that further guidance (including relevant sector-specific
typologies) would assist.
 Most banks, non-bank FIs, TCSPs, legal professionals and casinos demonstrated good
understanding of their AML/CFT obligations. Among other DNFBPs, knowledge of AML/CFT
obligations was generally demonstrated, with most common gaps being in relation to on-going
monitoring of TFS.
 All Banks and most non-bank FIs and DNFBPs (including TCSPs), described risk-based
procedures, including a business risk assessment (BRA) and risk-based application of CDD and
monitoring. Several DNFBPs stated that their BRAs are not regularly updated, and it is not clear
to what extent the BRAs and risk-based measures are effectively considering and mitigating all
the risks to which reporting entities are exposed.
 FIs and DNFBPs have in place control measures that include all the general elements of
CDD, on-going monitoring and record-keeping. FIs and DNFBPs explained their policies and
procedures in relation to beneficial ownership, which included the collection of extensive
information on structures, control and source of funds and wealth. However, some concerns
remain on the quality of CDD conducted by FIs and DNFBPs considering the recent cases
identified in Malta.
 In relation to PEPs, FIs and DNFBPs described PEP screening at on-boarding and
thereafter, and did not distinguish between foreign and domestic PEPs. Most explained that
PEPs would not be serviced due to their institutional risk appetite, but those that did service
PEPs understood and implemented appropriate additional measures.
 FIs that were actively using or considering new technologies were clear that ML/FT risk
assessments would be undertaken as part of any new business/product approval mechanism.
 All private sector representatives could describe their suspicion reporting obligations.
However, most non-bank FIs and DNFBPs were unable to elaborate on typologies, transactions
or activities that would give rise to a STR, particularly in relation to FT, with the majority of
interviewees suggesting that more guidance in this area is required. Although the total number
of STRs has been steadily growing over the period 2013-2018, there are generally low reporting
rates across the sectors, compared to the inherent risks of those sectors.
 Internal controls to ensure compliance with the AML/CFT requirements were described
to include an AML function and additional compliance/audit functions in FIs and some DNFBPs
(particularly TCSPs). All FIs and DNFBPs described formal, written procedures, including at
financial group level (where applicable).
 The deficiencies in the supervision of FIs and DNFBPs (set out under IO.3); the lack of
information from the supervisors on specific findings and compliance rates in relation to the
various requirements; and the Maltese authorities’ assessment of the legal framework regarding
preventative measures in FIs and DNFBPs as mainly low (see results of NRA), as well as the
findings based on the discussions with the private sector, means that - in the view of the
assessment team - it has not been demonstrated that such obligations are being effectively
implemented.
Recommended Actions
 Maltese authorities should take appropriate measures to raise awareness of all FIs and
DNFBPs of the ML/FT risks in Malta, with a specific focus on distinct risks facing each sector and
relevant mitigating measures to be taken, prioritising TCSPs, legal professionals, accountants
and real estate agents; and ensure that all FIs and DNFBPs have a comprehensive understanding
of the risk based approach and its implementation, particularly with respect to correspondent
banking, higher risk jurisdictions and EDD measures taken in relation to PEPs.
 Maltese authorities should take appropriate measures to raise awareness of all FIs and
DNFBPs (particularly legal professionals, accountants and real estate agents) of the ML/FT risks
in Malta, with a specific focus on reporting obligations; criteria on suspicion specific to the
sector; and methods, trends and typologies relevant to each sector.
 Maltese authorities should enhance awareness in the DNFBP sectors of the regulatory
requirements in relation to on-going monitoring of a business relationship and the monitoring
and reporting obligations concerning TFS.
 Malta should amend legislation to address the technical deficiencies described in the TC
Annex.
Recommendations relevant for the assessment of effectiveness under this section are R.9-23.
Immediate Outcome 4 (Preventive Measures)
327. Assessors’ findings on IO.4 are based on interviews with a range of private sector
representatives, as well as the experience of supervisors and other competent authorities
concerning the relative materiality and risks of each sector. The assessment team grouped the
obliged sectors into categories in terms of their significance for the overall picture of
compliance, see Chapter 1.
Understanding of ML/FT risks and AML/CFT obligations
328. From discussions with the private sector during the onsite visit, it is apparent that the
understanding of ML/FT risks is varied across the sectors.
Banks
329. In general, the banks demonstrated a good understanding of the ML/FT risks to which
they are exposed and have implemented tools which allow them to mitigate those risks. All the
banks also demonstrated a good understanding of their AML/CFT obligations.
330. Banks carry out risk assessments, including customer, product or service risk, operational
risk, country-based risk and/or geographical risk. The risk assessments are comprehensive and
most of the banks demonstrated that their assessments are updated regularly.
85
331. Risk assessments generally take into account the groups’ assessment of risks (where the
bank is part of a group) but do not yet include any results of the Maltese NRA, due to the results
of the NRA being communicated very recently.
332. Generally, most banks agreed with the high-level risks identified in the NRA, but
suggested that the sectoral analysis appeared to be based on out-of-date statistics or
information. Several banks commented that the identification of the threats to Malta in the
communicated findings were inconsistent with their own understanding (which emphasised
cash transactions, foreign tax evasions and trade finance).
333. Banks risk-rate their customers prior to establishing business relationship, generally
using low, medium or high ratings. Most banks described themselves as having a conservative
risk appetite, with several suggesting that they will not bank foreign PEPs, non-resident legal
persons, or persons from countries which do not apply the FATF standards. Several also
suggested that they will not bank any TCSP business, virtual currency business, clients from
high risk jurisdictions, gaming business or individuals making use of the IIP.
334. Understanding of FT risk by banks as well as related obligations is generally good, except
that banks did not demonstrate sufficient understanding of FT risks inherent to international
financial centres. Banks viewed FT risk as low or medium primarily based on their own risk
assessments and not necessarily informed by any national view of risk.
Non-banks FIs
335. Understanding of AML/CFT obligations by non-bank FIs is generally good. The
understanding of ML/FT risks varies among non-bank FIs. Understanding of ML risks to the
country in general was adequate, but there was not sufficient understanding of the risks specific
to the nature of their business. Most non-bank FIs consider FT risk to be low but there is
relatively insufficient understanding of the risks, with most FIs being unable to clearly articulate
how FT might occur within Malta, their institution or sector.
336. Non-bank FIs all advised that they do not deal with cash (except in some strictly
controlled circumstances). All suggested that they refuse the establishment of business
relationships when risks are not understood, but all confirmed that they lack knowledge of
sector-specific risks (particularly on FT) and that there is a need for further guidance or training
for the sector.
337. Non-bank FIs were all aware of the NRA and had attended the presentations or otherwise
viewed the communicated results thereof. Most commented that the analysis and information
was high level and not sufficiently detailed to be of practical assistance. Several disagreed
altogether with the assessments of their particular sectors, suggesting that the analysis was out-
of-date, given the major changes in the legislative framework and industry controls over the last
several years.
338. Non-bank FIs generally described high risk customers as foreign PEPs, non-resident legal
persons, or persons from countries which do not apply the FATF standards.
339. The MVTS sector in Malta is represented by large international money transfer companies
which provide their services through their agents. These agents apply the MVTS company’s
policies and use the dedicated IT equipment and monitoring tools provided by the MVTS
company. The agents on-board and identify customers; the MVTS companies operated
screening of customers and monitoring of transactions. The MVTS agents’ understanding of
ML/FT risks was insufficient, and generally agents could not demonstrate how their sector
could be used for FT.
DNFBPs
340. Understanding of ML/FT risks among the DNFBP sector is not sufficient, with the
exception of casinos (land-based and online/remote). DNFBPs were generally unclear in
relation to ML/FT risks and were unable to clearly articulate how ML or FT might occur within
their institution or sector, with most stating that further guidance (including relevant sector-
specific typologies) would assist in this regard.
341. DNFBPs were mostly aware of the results of the NRA (with a few exceptions), but did not
find them useful for their sector.
342. Understanding of ML/FT risks in the TCSP sector is mixed, with some TCSPs unable to
clearly explain how ML or FT might occur within their institution or sector. TCSPs were aware
of the results of the NRA (having attended the briefing session or viewed the authorities’
websites), but did not consider them useful. TCSPs demonstrated knowledge of AML/CFT
obligations and generally have in place control measures in the required areas (as detailed
below).
343. Several DNFBPs (e.g. notaries and real estate agents) stated that any risks in their
business are mitigated since they do not deal in cash and most transactions are conducted via
Maltese banks, which assessors do not agree. Mostly, DNFBPs classify customers as high risk
when they are foreign PEPs or resident in high risk jurisdictions.
344. Knowledge of AML/CFT obligations was generally demonstrated as detailed below, with
most common gaps being in relation to on-going monitoring of TFS (although this can be the
result of some DNFBPs dealing mainly with occasional transactions), as further described
hereunder in paras. 370-371, and in the IOs 10 and 11.
345. Casinos (land-based and online/remote) demonstrated a good understanding of ML/FT
obligations including on-going monitoring and TFS.
346. Notaries’ involvement is mandatory for real estate transactions in Malta. All notaries,
along with lawyers, met by the assessment team demonstrated adequate knowledge of their
AML/CFT obligations.
347. Real estate agents and accountants demonstrated relatively low level of understanding of
the NRA and ML/FT risk. Accountants were unable to clearly articulate how “control” is
determined in relation to BO of legal persons and arrangements.
Application of risk mitigating measures
348. As noted above, most FIs and DNFBPs (including TCSPs) described the application of risk-
based procedures, including a BRA, the requirement for which was introduced in January 2018.
349. FIs and DNFBPs described risk-based application of CDD and monitoring, with customers
categorised on the basis of the level of risk and simplified, standard or EDD measures applied as
a result.
350. Almost all FIs and DNFBPs refuse to conduct transactions or to establish business
relationships when the proposed relationship or transaction was outside their risk tolerance.
351. Subject persons have been required to establish risk-based procedures and, in particular,
to conduct customer risk assessments since 2008. The formal requirement for a BRA was
introduced relatively recently and the results of the NRA (which would support the
implementation of the BRA requirement) were only recently communicated to the industry.
This means that it is not clear to what extent the BRAs and risk-based measures are effectively
considering and mitigating all the risks to which reporting entities are exposed. In addition, as
87
set out at para. 399, there is a lack of comprehensive records of supervisory findings or
compliance rates to evidence how well FIs and DNFBPs have applied mitigating measures.
Application of enhanced or specific CDD and record keeping requirements
352. FIs and DNFBPs (including TCSPs) have in place control measures that include all the
general elements of CDD, on-going monitoring and record-keeping. All reported that they would
not undertake a transaction or establish a business relationship with a customer when they fail
to collect the required information and evidence, although in practice refusals are mainly on the
grounds of the institution’s risk appetite, as opposed to incomplete CDD.
353. FIs and DNFBPs explained their policies and procedures in relation to beneficial
ownership, with identification and verification procedures being applied to
directors/representative of legal persons as well as BOs.
FIs’ and DNFBPs’ procedures involve the collection of extensive information on structures,
control and source of funds and wealth. In particular, banks indicated a very low risk tolerance
for customers, in particular legal persons and arrangements, with most indicating that they
obtain all original/certified CDD documents themselves and do not place reliance, according to
R.17 on intermediaries, TCSPs or other professionals67. Most TCSPs reported that they find it
difficult to bank their clients in Malta, as banks are cautious about TCSPs related risk; this was
also confirmed by majority of interviewed banks. Several banks that still maintain business
relationship with TCSPS reported maintaining a list of reliable TCSPs. List of reliable TCSPs is
developed on the basis of assessment of TCSPs’ internal AML/CFT control environment.
354. Several FIs and DNFBPs verify BO information using Maltese and foreign registers (with
several having applied and been granted access to the newly implemented Maltese Register of
BO), although most described obtaining BO information and evidence independently.
355. Most stated that failure to verify the identity of the UBO would result in a refusal to
establish a business relationship, although in practice problems mainly occur in verifying source
of funds and source of wealth.
356. Although, as indicated above, the FIs and TCSPs demonstrated good knowledge of the
AML/CFT obligations, there are nevertheless grounded concerns on the quality of CDD
conducted by FIs and TCSPs considering the discussions with the private sector and the cases
identified in Malta (referred below and at IO.3) which relate to the lack of internal AML control
conducted, monitoring transactions in terms of legitimacy and economic rationale or lack of due
diligence measures applied. In the absence of data on the nature of breaches identified by the
supervisors, it is difficult for the assessment team to conclude on the overall effectiveness of
implementation of relevant AML/CFT requirements.
357. With regard to the timing of verification of identity, Maltese law allows for the delay of
verification until after the establishment of business relationships, provided the risks are
mitigated. However, delayed verification is not a common practice for the private sector, with
the exception of casinos.
358. Casinos operate by obtaining identity information and evidence (e.g. passport or identity
card) upon the first visit of a customer to the casino. Address verification is only requested upon
the second visit, as new customers generally do not carry a proof of address.
67Discussions with the supervisors confirmed, that reliance, according to R.17, is not common practise in
the banking sector. In the view of supervisors, the former legal framework for reliance (pre-December
2017) was restrictive and, although the PMLFTR 2018 offers more flexibility, no increase in the
application of reliance provisions has been noted.
359. Real estate agents demonstrated a low level of understanding of BO requirements and
generally took comfort from the involvement of a notary and or lawyer in the transaction.
Application of EDD measures
360. FIs and DNFBPs (including TCSPs) generally have in place control measures that include
enhanced measures in the required areas.
PEPs
361. The Maltese legal framework covers both foreign and domestic PEPs. FIs and DNFBPs
have a good understanding of the enhanced measures required in relation to PEPs, and
generally have adequate measures in place to determine whether a customer or BO is a PEP.
Despite the fact that there have been some high profile cases involving PEPs, the Maltese banks
were fully aware of the PEP status and associated obligations.
362. FIs and DNFBPs mainly use a self-declaration and independent PEP screening at on-
boarding and thereafter, and did not distinguish between foreign and domestic PEPs. Some
explained that PEPs would not be serviced due to their institutional risk appetite, but those that
did service PEPs described appropriate additional measures, including approval from a senior
manager, additional measures to establish the source of wealth and funds, and more stringent
monitoring.
363. All FIs and most DNFBPs use commercial PEP screening tools and/or databases, but
several DNFBPs suggested that they would simply recognise a domestic PEP “since Malta is a
small country”.
364. Several FIs (namely MVTS agents and FIs providing currency exchange services) referred
to obtaining additional source of wealth information in relation to PEPs, but were unaware of
the obligation to obtain senior management approval or to enhance monitoring.
New Technologies
365. All FIs had awareness of the requirements in relation to the use of new (developing)
technologies and were clear that ML/FT risk assessments would be undertaken as part of any
new business/product approval mechanism. FIs referred to the assessment of monitoring tools,
including anti-fraud systems, biometric solutions, new products, etc. In addition, banks
specifically mentioned that they consider potential partnerships with the block-chain
technologies. However, they had not developed any such products by the time of the onsite visit.
No national-level risk assessment in relation to new (developing) technologies has been
undertaken, nor any specific guidance produced, in order to assist FIs.
366. There was confusion amongst DNFBPs regarding the obligations, mainly arising from the
fact that such new technologies were not being actively used or considered in their businesses.
Opening and maintaining correspondent relations
367. 20 of the 28 banks operating in Malta are reported as providing correspondent banking
services to respondent institutions. These are mainly provided to EU/EEA banks, but 11 Maltese
banks also provide such services to non-EU banks, including banks across Asia, the Middle East
and North Africa.
368. In addition, correspondent relationships are maintained by other FIs licensed under the
Financial Institutions Act.
369. Awareness of and compliance with requirements with regard to correspondent
relationships appear to be in line with the required standards. It should be noted that oversight
and monitoring by correspondent banks (including detailed reviews of policies and procedures,
89
as well as on-site audits/inspections) appears to be a major driver for standards in some of
Maltese banks, including what is described as a change in risk appetite and reluctance to service
higher risk customers/products” (as described in IO.3).
Implementation of Targeted Financial Sanctions
370. In relation to TFS, most FIs and DNFBPs have a good level of awareness of UN and EU
designations and apply automatic described screening of customers at on-boarding.
371. Most FIs implement daily (or in some cases weekly) screening of client and UBO
databases against UN and EU lists, with the notable exception of some investment firms. Regular
screening was not a consistent feature of DNFBPs’ procedures, with some accountants, Trustees,
company service providers and insurance agents indicating that this was undertaken as part of
regular client reviews, which could be up to 2 years or more after take-on of the client. This
raises concerns that existing customers who become subject to TFS may not be identified in a
timely manner.
372. Although certain banks demonstrated advanced awareness of the importance of
transaction monitoring to detect possible sanctions evasions, this was not conducted by some
smaller FIs and most of the DNFBPs (including all types).
373. Most FIs and DNFBPs were reliant on commercially provided sanctions lists and several
DNFBPs were unaware of any sanction lists or other material being provided by Maltese
authorities.
374. FIs were aware of their freezing and reporting obligations, describing the role of the SMB.
However, there was some inconsistency in DNFBPs’ understanding of whether to report
sanctions “hits” to the FIAU (by way of an STR) and/or the SMB.
375. In addition, several DNFBPs were not aware of freezing or reporting obligations at all,
stating that they would simply refuse the transaction or exit the customer relationship.
Application of wire transfer rules
376. Money remittance services (considered to be higher risk due to the cross-border nature of
payments and typologies involving transfer of funds) are provided through banks, payment
institutions and various agents of global MVTS providers (e.g. MoneyGram and Western Union).
Entities were aware of the applicable requirements and described appropriate procedures,
including adequate wire transfer information, screening, and requests for additional
information accompanying transfer of funds, where necessary. In addition, risks in relation to
higher risk countries are understood and supported by adequate guidance (see paras. 376-
381). Maltese authorities confirmed that there have been no examinations on payment service
providers that specifically consider obligations in relation to wire transfers and therefore there
is no conclusions can be reached as to levels or adequacy of compliance with these obligations.
Approach towards jurisdictions identified as high-risk
377. All FIs and DNFBPs demonstrated appropriate awareness of their obligation to include
country risk when assessing whether there is higher risk of ML/FT. Most FIs and DNFBPs
referred to countries identified by the FATF as non-compliant with the Standards and countries
subject to EU or UN sanctions.
378. Other than banks, most entities referred to FATF, UN and EU lists as the source of
information for higher risk countries. Several also referred to circulars or other information
provided by the Maltese authorities.
379. Banks and several other FIs had stricter requirements on the country risk, also referring
to countries with significant levels of corruption or other criminal activity; and the use of high
risk jurisdiction lists provided by the entity’s group.
380. Maltese law contains the concept of “non-reputable jurisdictions”, meaning countries
identified by the FATF or EU as non-compliant with the Standards.
381. Where a FI or DNFBP proposes to deal with a “non-reputable jurisdictions” that is subject
to an international call for the application of counter-measures (i.e. FATF category 1
jurisdictions), it is required to notify the FIAU, who will inform the entity of appropriate
counter-measures to be applied. However, no FI or DNFBP had any experience of reporting and
receiving such instructions and there was confusion amongst FIs and DNFBPs as to when, if
ever, relationships and/or transactions with “non-reputable jurisdictions” were to be notified to
the authorities.
382. The majority of FIs and DNFBPs referred to exiting/refusing the relationship or
transaction or taking enhanced measures themselves (determining source of wealth and
enhanced monitoring were the most commonly referred to).
Reporting obligations and tipping off
383. Almost all private sector representatives could describe their suspicion reporting
obligations and were aware of the role of the FIAU in this regard.
384. However, several notaries stated that they would refuse the establishment of a business
relationship or to conduct a transaction in case of suspicion, and were unaware of the obligation
to report a suspicious attempt when the business was refused.
385. Some non-bank FIs and DNFBPs have not made any STRs nor identified any suspicions
internally. Most non-bank FIs and DNFBPs were unable to elaborate on typologies, transactions
or activities that would give rise to a STR, particularly in relation to FT. The majority of DNFBPs
expressed the view that their businesses are unlikely to be vulnerable to ML or FT (in direct
contrast to the communicated findings of the NRA).
386. The majority of both FIs and DNFBPs suggested that more guidance in this area is
required, particularly sector-specific indicators.
387. In light of the dominance of banks in the financial sector, it is reasonable that the majority
of STRs are submitted by banks, which provided 51% in 2017. However, reporting by banks
appears highly uneven (77% of the STRs filed by banks were sent by the two major banks
operating in Malta). Remote gaming companies provided 29% of STRs filed in 2017. A limited
number of STRs were filed by other subject persons and in particular by DNFBPs (e.g. legal
professionals sent a total of 9 STRs in 2017). The assessment team considers that these are low
reporting rates, compared to the inherent risks of those sectors, particularly TCSPs which filed
9% of STRs in 2017 (see IO.6 for further details).
388. All FIs and DNFBPs understood the risks arising from, and had appropriate measures in
place to prevent tipping off. All suggested that feedback from the FIAU in relation to suspicious
potential transactions was very prompt, alleviating any practical tipping-off concerns.
389. In addition, several suggested that more general feedback from the FIAU in relation to the
quality of the STR had been received, although this was not consistent across entities
interviewed. The assessment team considers that the feedback provided is of limited nature
(e.g. no feedback on the substance of the STR, nor any strategic observation of the quality and
consistency with the ML/FT risks in the country). The FIAU has implemented a new feedback
91
mechanism since July 2018. However, the impact of this could not have been assessed during
the on-site visit.
Internal controls and legal/regulatory requirements impeding implementation
390. Internal controls to ensure compliance with the AML/CFT requirements include an AML
function and additional compliance/audit functions in FIs and some DNFBPs (particularly
TCSPs). All sectors have formal, written procedures.
391. Larger entities (particularly banks) implement group-wide policies and procedures for
the prevention of ML/FT and have appropriate control systems, including multiple lines of
defence, internal audit, automatic transaction monitoring, periodic reporting to the
management etc.
392. Smaller entities have internal controls that appear appropriate for the risks associated
with the business. ML Reporting Officers (MLRO) were however often also involved in customer
relationship management and/or business development, which may lead to actual or perceived
conflicts of interest.
393. There are no legal or regulatory requirements which impede the implementation of
internal controls and procedures to ensure compliance with AML/CFT requirements, including
information sharing between group entities.
394. In relation to legal and regulatory requirements, substantial amendments were made to
legal obligations and/or guidance during the 12 months prior to the on-site visit.
395. The PMLFTR, largely transposing the provisions of the EU’s 4th AMLD, came into force on
1 January 2018, i.e. it was in effect for 10 months prior to the on-site visit. The Implementing
Procedures Part I (which contain binding AML/CFT requirements as well as providing guidance
on how to comply with legal requirements) are dated 27 January 2017, i.e. they pre-date both
the PMLFTR and the conclusion of the NRA. It should also be noted that the Implementing
Procedures Part I were being further revised at the time of the on-site visit (a consultation draft
was published on 30 October 2018).
396. Some sector-specific requirements also predate both the PMLFTR and the conclusion of
the NRA, namely the “Implementing Procedures Part II – Banking” (19 February 2013, but
currently under revision) and the “Implementing Procedures Part II – Land-based Casinos” (25
September 2015).
397. Other sector-specific requirements are still being developed, e.g. “Implementing
Procedures Part II – CSPs”; “Implementing Procedures Part II – Insurance Sector”; and
“Implementing Procedures Part II – Trustees and Fiduciaries” (all in progress at the time of the
on-site visit); and “Implementing Procedures Part II – Virtual Financial Assets” (issued for
consultation on 31 October 2018).
398. Similarly, while it is positive that important guidance has been provided to industry, the
assessment team notes that much of this is of a very recent nature, including the following:
“Guidance Note on Transfer of Funds having Missing or Incomplete Information” (25 Oct 2018);
“Guidance Note on AML/CFT Obligations in relation to Payment Accounts with Basic Features”
(15 October 2018); “MFSA Guidance on PEPs” (8 October 2018); “Guidance Note on Funding Of
Terrorism – Red Flags and Suspicious Activities” (7 February 2018); “Supervisory Guidance
Paper on ML and FT Institutional/Business Risk Assessment” (2 February 2018); and the
“Implementing Procedures Part II - Remote Gaming companies” (July 2018).
399. This means that some of the legal requirements and guidance necessary to ensure
practical implementation of the FATF Recommendations were introduced very late in the
period that is the subject of this report. Industry compliance with such obligations cannot be
demonstrated over the requisite period.
400. Furthermore, although the AML/CFT supervisors were able to discuss risk understanding
and compliance by FIs and DNFBPs in general terms and with anecdotal observations of general
improvements in both understanding and implementation of AML/CFT requirements, there are
no comprehensive records of supervisory findings or compliance rates that would evidence
such general observations. The assessment team considers that the lack of supervisory data on
compliance was alleviated somewhat with respect to banks and larger DNFBPs, where
compliance could be demonstrated by way of correspondent banking relationships (see para.
368) and by group audit and compliance functions.
401. These factors, combined with the deficiencies in the supervision of FIs and DNFBPs (set
out under IO.3), as well as the Maltese authorities’ assessment of the legal frameworks for
AML/CFT preventative measures in FIs and DNFBPs as mainly low (see results of the NRA,
October 2018) leads the assessment team to conclude that the FATF obligations are being
effectively implemented by FIs and DNFBPs to some extent, with major improvements needed.
93
CHAPTER 6. SUPERVISION
Key Findings
IO.3
• The supervisory authorities, in particular the FIAU as the lead AML/CFT supervisor, do
not have adequate resources to conduct AML/CFT risk-based supervision and monitoring, for
the size, complexity and risk profiles of Malta’s financial and DNFBP sectors. Malta’s drive to
encourage high risk complex business such as virtual assets will put a further strain on the
FIAU’s limited resources. In April 2018 the Maltese authorities devised a comprehensive list of
strategic actions to enhance Malta’s AML/CFT framework, one being to strengthen and clarify
the supervisory framework by extending the breadth and depth of supervision and increasing
resources. Consequently, at the time of the evaluation the supervisory authorities were in the
midst of overhauling their policies, procedures and operations.
• The level of knowledge of ML/FT risks in Malta varied across the supervisors. The FIAU
and sectorial supervisors have a broad appreciation of ML/FT risks in the respective sectors.
They have taken positive steps to improve their knowledge, including through the circulation of
extensive data collection questionnaires for the banking, TCSP and remote gaming sectors.
Weaknesses in their appreciation of specific ML/FT risks remain with respect to all other
sectors due to the significant limitations with the Annual Compliance Report which informs the
FIAU’s understanding of ML/FT risks. Moreover, at the time of the evaluation, there was no
documented process in place setting out how subject person specific ML/FT risk-ratings drive
the frequency, scope and nature of future supervisory onsite/offsite inspections.
• It would appear that the general lack of resources devoted to AML/CFT supervision has
had a significant cumulative impact on the effectiveness of the authorities’ day-to-day AML/CFT
supervision, although the appointment of external experts recently did provide relief in the
handling of exceptional examinations.
• While changes are afoot the authorities’ primary focus in the past has been to issue
pecuniary fines for specific breaches of AML/CFT requirements. Only in a limited number of
cases did the FIAU assess whether there were systemic deficiencies with a subject person’s
AML/CFT governance and control framework, and apply the necessary remediation measures.
Moreover, no sanctions had been applied on a subject person’s senior management. Therefore,
sanctions are not considered effective, proportionate and dissuasive. Notwithstanding this, the
FIAU’s appetite to apply higher penalties has recently increased. However, the vast majority of
sanctions imposed in 2018 by the FIAU are not yet in force, as they are subject to judicial appeal.
• The sectorial supervisors have in place established fitness and properness checks to
prevent criminals and their associates from owning or controlling FIs. However, during the
period under review, the MFSA took well-publicised prudential enforcement action related to
AML/CFT issues against two privately-owned banks, both of which were also licensed during
the period under review. Although fit and proper checks were conducted on these two banks,
the risk appetite of the MFSA in licencing a bank with a single beneficial owner, with no track
record in banking, raises questions from a wider ML/FT perspective. The MGA has engaged an
external provider to undertake continuous adverse media and UN sanctions-screening on
individuals with a known connection with its licensees to assist with preventing criminals and
their associates from owning or controlling casinos and online gaming licensees. However, the
MFSA does not undertake similar continuous on-going screening of FIs and TCSPs.
• There is no specific law regulating lawyers, DPMS and real estate agents. Therefore, there
are no adequate market entry measures and on-going fitness and properness measures for
these persons.
 The FIAU was unable to quantify the impact of its supervision, as it was not in a position
to provide statistics on the nature of breaches identified and what action was taken to
remediate the underlying cause of these breaches. However, the FIAU does organise and
participate at a number of seminars, provides consultations and was considered by the private
sector representatives interviewed as open and co-operative. Moreover, the staff in the Legal
Unit and International Relations within the FIAU has increased, and this has led to an increase in
the production of guidance notes in 2018.
Recommended Actions
 The FIAU and the sectorial supervisors should further increase the frequency and depth of
onsite inspections and ensure that they have sufficient resources and expertise in place to
effectively supervise the size, complexity and the ML/FT risks of their respective sectors. The
authorities should ensure that their supervisory staff has the appropriate skill base to
undertake risk-based supervision for the wide variety of financial services, gaming, trust and
company services and virtual assets serviced in Malta. The SMB should ensure through
supervisory measures that the UN TFS are implemented in a timely and appropriate manner,
and that any identified violation is remedied.
 The FIAU and sectorial supervisors should review their existing inspection model and
introduce a coherent and comprehensive graduated risk-based supervisory model, which
demonstrates how ML/FT risk-ratings drive the frequency, scope and nature of supervisory
onsite/offsite inspections. The FIAU and the sectorial supervisors should continue to enhance
their knowledge of sectorial and subject person-specific ML/FT risks and ensure that this
enhanced knowledge includes an appreciation of wider group ML/FT risks.
 FIAU and the sectorial supervisors should ensure that inspections adequately consider the
ML/FT risks of subject persons’ business models and assess whether their AML/CFT
governance and control frameworks mitigate these ML/FT risks, and if not, apply the necessary
remediation measures. Should systemic AML/CFT deficiencies be identified, supervisors should
ensure that proportionate, dissuasive and effective sanctions are applied to subject persons, and
if appropriate, their directors and/or senior management. As part of this action, the authorities
should: 1) develop comprehensive procedures to guide inspections and to ensure appropriate
outcomes; 2) assess how the FIAU’s approach to imposing remedial actions and/or sanctions
can be streamlined to ensure timely outcomes and ensure that supervisory actions are not
delayed by judicial review; and 3) develop processes to ensure that appropriate measures are
also taken by the relevant sectorial supervisor.
 The MFSA should ensure that consideration is appropriately given to the wider ML/FT
risks associated with the ownership structure of its applicants, particularly banks with a very
limited number of beneficial owners. As part of this action, the MFSA should continue with its
initiatives to enhance authorisation procedures for all types of licence applications.
 Due to the international nature of Malta’s finance sector, the MFSA should undertake
regular adverse media and UN sanctions screening to prevent criminals and their associates
from owning or controlling FIs and DNFBPs. This would bring them in line with the approach
taken by the MGA.
 The Maltese authorities should ensure that subject persons in the legal, DPMS and real
estate sectors are subject to some form of licensing, registration or other controls and on-going
95
checks, to prevent criminals and their associates from owning or controlling these subject
persons.
 The FIAU should routinely collate feedback and statistics on the impact of their
supervisory actions. This should include introducing systems for maintaining statistics on the
numbers and trends of findings to enable them to target their outreach and ultimately
demonstrate the impact of their supervision of AML/CFT.
 Malta should continue issuing sector-specific guidance targeting higher risk sectors.
Recommendations relevant for the assessment of effectiveness under this section are R.14, 26-
28, 34, and 35.
Immediate Outcome 3 (Supervision)
404. As part of the NRA the Maltese authorities identified a number of gaps in relation to the
supervisory framework. One of these gaps was the limited evidence of the effectiveness of
supervision. Following the gap assessment the Maltese authorities devised a comprehensive list
of strategic actions to enhance Malta’s AML/CFT framework. One of these actions was to
strengthen and clarify the supervisory framework by extending the breadth and depth of
supervision and increasing resources. These strategic actions include a number of
recommendations, such as: increasing the supervisory capacity and skills of the FIAU, MFSA and
MGA; enhancement of entity-level risk assessment tools; improving enforceability of AML/CFT
obligations and sanctions; requiring registration of all subject persons, such as real estate
agents; and increasing outreach to industry. It is anticipated that all of the supervisory actions
be completed by the first quarter of 2020.
405. Meanwhile the FIAU developed its own strategy and action plan to fundamentally
strengthen its supervisory and enforcement functions. This included a complete overhaul of its
policies and procedures, developing - amongst others - a clear risk-based strategy on how to
carry out risk-based supervision, and revising its CMC procedures and sanctioning policy to
ensure a more effective use of sanctioning measures and remedial actions. Work on the
implementation of this action plan was on-going at the time of the on-site visit. The FIAU
indicated that it was collaborating closely with the EBA and the European Commission
throughout this process and planned to complete the implementation of this action plan by
March 2019.68
Licensing, registration and controls preventing criminals and associates from entering the
market
MFSA – FIs and TCSPs
406. The MFSA applies fitness and properness measures to prevent criminal and their
associates from holding, or being the beneficial owner or holding a management function
respectively in FIs and TCSPs. FIs and TCSPs are required to obtain the written consent of the
MFSA in the following cases: (i) for a new licence; (ii) to amend an existing licence; (iii) to
approve the appointment of a senior position (including but not limited to directors,
shareholders, or officials which occupy a senior role); and iv) to approve change in
shareholding. This is the responsibility of the MFSA’s Authorisations Unit, which currently
consists of 34 staff, but is anticipated to rise to 46 by 2020.
68The FIAU advised post-onsite visit that to a great extent it had completed its action plan by March 2019
(after the onsite visit to Malta), and thus has not been subject to analysis by the assessment team.
407. Fit and proper decisions are made through the EU SSM for members of the management
board and supervisory board of the significant banks in Malta, and for qualifying shareholders
of all banks.69
408. MFSA applies a fit and proper test to the applicant, beneficial owners of the institution, the
persons who will effectively run the institution as well as other key function holders such as the
compliance officer and MLRO and their associates. The fit and proper test comprises three main
factors: integrity, competence and solvency and applies to all types of FIs and TCSPs. Qualifying
shareholders, directors, controllers and key function holders are required to complete a
Personal Questionnaire and provide an original certificate of good conduct issued by the police,
in order to certify that the applicant has no criminal background (including a certified
translation if the good conduct certificate is from a foreign country). A criminal conduct record
(fedina penale) is also requested on a risk-based approach. By signing the Personal
Questionnaire, the potential applicant takes ownership of all the information submitted and
authorises the MFSA to undertake due diligence with third parties for the purpose of
determining his integrity, competence and solvency. The authorities have advised that all the
information submitted in the Personal Questionnaire by the applicant is corroborated with third
parties to check its authenticity and accuracy. As part of its due diligence procedure, the MFSA
will carry out a number of checks including: (i) requesting information from the FIAU; (ii)
checking EU/UN sanction lists; (iii) checking the Shared Intelligence Service (SIS) database
operated by the UK’s FCA70; (iv) making open-source enquiries; and (v) checking third-party
screening databases. Where relevant, the MFSA also sends due diligence enquiries to a foreign
competent authority with the aim of obtaining any additional relevant information that will
assist it in its assessment of the fitness and properness of an applicant. In addition, the
authorities advise that EDD reports from external intelligence companies are commissioned on
subjects with a high-risk profile, inter alia, in the following scenarios:
(i) Risk profile of the activity to be licensed (e.g. in relation to activities for which MFSA has
articulated a low risk appetite);
(ii) Risk profile of the individual - depending on the background of the individual, risks
associated with jurisdiction of residence/jurisdictions where an individual has been involved;
and
(iii) Where any of the checks cited above yield adverse information which on a risk-based
approach needs further analysis.
409. During the period under review, the MFSA took well-publicised prudential enforcement
action related to AML/CFT issues against two privately-owned banks, both of which were also
licensed during the period under review. Although fit and proper checks were conducted on
these two banks, the risk appetite of the MFSA in licensing a bank with a single beneficial owner
with no track record (i.e. competence in banking) raises questions from a wider ML/FT
perspective.
410. The assessment team was informed that the MFSA had recently enhanced its application
processes to prevent criminals and their associates from holding or being the beneficial owner
of a significant or controlling interest, or a management function of FIs and TCSPs by, inter alia,
69 The ECB has the power to make fit and proper decision only for the banks which are considered as
significant. National authorities are responsible for fit and proper decisions in relation to less significant
banks.
70 This is a mechanism for UK regulatory bodies, designated professional bodies and recognised
investment exchanges to collect and share material on individuals and firms – MFSA is a member of this
mechanism).
97
introducing: (1) closer liaison with the FIAU and the MFSA’s prudential supervisors throughout
the application process; (2) increased scrutiny of an applicant’s business model and corporate
governance structure from an AML/CFT perspective; (3) increased scrutiny of dominant
shareholders; and (4) increased scrutiny of the source of wealth and source of funds of those
persons holding significant or controlling interests. The tables below detail: (1) the number of
applications that have been processed by the MFSA from 2014 to 2018; and (2) the number of
applications processed by type of entity for 2018. While the MFSA has not refused an
application, the assessment team was advised that, when the MFSA identifies issues concerning
fitness and properness, additional information is requested by the MFSA, which ultimately leads
to the withdrawal of an application. The assessment team was advised that the sharp increase in
the number of withdrawals in 2017/2018 was largely a result of company service providers
becoming subject to regulation, and the subsequent consideration of applications by the MFSA
of existing company service providers who had previously been operating in an unregulated
environment.
Table 28: Number of licence applications received by the MFSA (2014-2018)
Licence
2014 2015 2016 2017 2018
Applications
Received 304 282 224 288 203
Approved 299 276 217 258 153
Withdrawn 5 6 7 30 50
Refused 1 0 0 0 0
% Withdrawn and
2% 2% 3% 10% 25%
Refused
Table 29: Licence applications by the type of subject person (2018)

Number of Percentage
Number of Number of
Licence of Licence
Type of Entity Applications Licences
Applications Applications
Received Issued
Withdrawn Withdrawn
Insurance undertakings
10 6 4 40%
including PCCs and cells
Insurance intermediaries 56 53 3 5%
Company service providers
36 19 17 47%
(both corporate and individual)
Credit institutions 0 0 N/A 0%
FIs 3 1 2 66%
Retirement schemes (personal
2 2 0 0%
& occupational)
Service providers to retirement
3 3 0 0%
schemes
Investment services licence
16 13 3 19%
holders and recognised persons
Collective investment schemes 35 24 11 31%
Additional sub-funds of licensed
37 29 8 22%
collective investment schemes
Trustees, fiduciaries and
administrators of private 5 3 2 40%
foundations
Total 203 153 50 25%
411. The MFSA also applies the aforementioned fit and proper measures to proposed directors,
shareholders or key function holders in existing licensees. Fit and proper checks are also carried
out before onsite inspections and during routine supervisory desk top monitoring. However, the
MFSA does not subject persons holding a significant or controlling interest or management
function in an FI or TCSP to regular UN sanctions and adverse media screening, other than on a
risk-based approach, and therefore is reliant on its licensed community to self-report any
convictions or intelligence provided by third parties such as the general public and other
competent authorities or any triggers from onsite inspections or complaints. Regular on-going
monitoring could assist in the identification of triggers and the undertaking of regulatory
actions and would be particularly beneficial in the context of Malta which is an international
finance centre, and therefore a large proportion of its supervised entities are beneficially owned
by persons located outside of Malta. At the time of the onsite visit the issue of more effective
monitoring was being considered by the authorities.
412. The following CSPs are exempt in the CSP Act from registration with the MFSA: advocates,
notary public, legal procurator or certified public accountants in possession of a warrant, as well
as authorised trustees under the Trusts and Trustees Act. However, these persons are subject
persons and are required to notify the FIAU that they are acting as CSPs by way of business. The
authorities have advised that as at 31 October 2018 there were 588 CSPs of which
approximately 343 persons are lawyers, auditors and accountants (excluding authorised
trustees under the Trusts and Trustees Act), which are not subject to MFSA market entry
requirements.
413. In 2014 the MFSA made rules under Art. 8 of the CSP Act which provide an interpretation
of what is intended by the provision of company services by way of business. The rules contain
a de minimis rule which states that, for the purposes of establishing whether an individual is
holding himself out as providing directorship services by way of business (and therefore subject
to registration under the Act and considered a subject person under the PMLFTR), the MFSA
shall consider whether such individual holds an aggregate of more than ten directorships and
company secretarial positions in companies other than those licensed, recognised or authorised
by the MFSA in terms of any one of the laws for the purposes of which the MFSA has been
designated as the competent authority. In establishing whether an individual may be considered
to be providing company services by virtue of the directorships and/or company secretarial
positions held, it is recommended that a final determination is sought from the MFSA (the MFSA
provided examples of such determinations). However, in the absence of statistics on the
number of individuals acting as director/company secretary in a third-party capacity for 10 or
less companies, the assessment team was unable to assess the impact of this de minimis rule.
414. Entities which are not authorised by the MFSA, but are found to be undertaking activities
in or from Malta for which they require a licence by the MFSA, are investigated by the MFSA’s
Enforcement Unit. Such instances may be brought to the attention of the Enforcement Unit, inter
alia, as a result of supervisory work carried out by other MFSA Units; reports made by
individuals to the MFSA; reports received from other local regulatory authorities; and reports
received from foreign competent authorities. The investigation may result in the MFSA issuing a
public warning and possibly taking other regulatory measures against the entity and/or the
individuals involved. The case may also be reported to the Malta Police and/or the FIAU if it
involves suspected criminal activity and/or money laundering.
MGA – Casinos and Online Gaming
415. Land-based casinos and online gaming providers are required to be licensed by the MGA.
Cruise casinos operating in Maltese territorial waters are required to hold a permit which is
issued by the MGA. This is the responsibility of the MGA’s Authorisations Unit, which currently
consists of 13 staff. The assessment team found that the MGA was the sectorial supervisor most
alive to the risks of its subject persons being infiltrated by criminals or their associates,
99
particularly the Italian Mafia, and consequently has put in place market entry and on-going
fitness and properness measures to mitigate this risk, albeit well-publicised cases of misuse of
gaming firms have occurred. The assessment team notes that bad actors continue to infiltrate
the gaming sector in Malta, which reaffirms the requirement for good-quality on-going
AML/CFT supervision in Malta.
416. Qualifying shareholders, the chief executive officer, directors, key official, MLRO and other
key management personnel of applicants for land-based casinos and online gaming providers
are required to complete a Personal Declaration Form and provide an original certificate of
good conduct issued by the police in order to certify that the applicant has no criminal
convictions. As part of its due diligence procedure the MGA will undertake open source
enquiries and check UN sanctions, local credit reports, court freezing orders, Interpol’s most
wanted list, as well as other public databases to ascertain if there is any negative information on
the applicant. The MGA also applies EDD measures on a risk-sensitive basis. EDD measures must
be applied: (1) where the applicant is a PEP; and (2) for higher risk jurisdictions (FATF high risk
jurisdictions plus jurisdictions assessed by the MGA as higher risk). These EDD measures may
include the commissioning of an enhanced criminal probity screening report from a third-party
provider.
417. The table below details the number of remote gaming applications that have been
processed by the MGA. The figures indicate that the MGA’s market entry requirements have
become more rigorous as the percentage of refused and withdrawn application significantly
increased from 2016 onwards.
Table 30: Number of remote gaming applications received by the MGA
2018
Licence
2014 2015 2016 2017 (End of
Applications
September)
Received 126 88 108 200 104
Approved 126 88 91 165 86
Withdrawn 0 0 13 32 9
Refused 0 0 4 3 9
% Withdrawn
0% 0% 16% 18% 17%
and Refused
418. Every individual who is or was in any capacity included in a licence application submitted
to MGA is contained in an on-going monitoring list, which at the time of writing includes 1,850
persons and 1,450 entities being supervised. All rejected persons are included as well. This list
is shared with an external service provider who undertakes adverse media and sanctions
screening (including the EU and UN lists) on a continuous manner and reports to MGA on a
weekly basis.
419. MGA looks into cases of possible illegal gaming, both remote and land-based, and
undertakes ad-hoc checks in order to detect illegal gaming, including field operations (normally
conducted jointly with the Police). When illegal gaming activity is found, MGA files police
reports for the latter to initiate prosecution. Currently, there are 37 on-going prosecutions for
illegal gaming going on within the Maltese courts in respect of which MGA is providing
assistance to the prosecution. Since 2017, there have been 3 convictions.
420. Further to the above, since 2015 MGA has filed 18 reports with the Police, requesting the
prosecution of a number of natural and legal persons which operated gaming activities in and
from Malta illegally.
Legal and Accountancy Services
421. When prospective law graduates apply for their advocate warrant exam, they have to
submit a police conduct certificate. The warrant is approved by two judges. However, there is no
specific law regulating lawyers other than ethical standards issued by and subject to monitoring
by the Commission for the Administration of Justice. The same process applies to foreigners
wishing to practice law in Malta (however, the police certificates are not verified). While the
authorities have the legal authority to disqualify an advocate upon conviction of a crime, there
are no proactive on-going fitness and properness checks for lawyers. Therefore, it is assessed
that the market entry measures in Malta for sole practitioners, partners or employed
professionals in law firms are not adequate. This is a significant ML/FT risk for Malta, which is
recognised by Malta in its NRA, as the legal profession often handles many international
customers and faces challenges with identification of non-face-to-face clients. On the other
hand, notaries are public officials and are regulated and subject to on-going supervision by the
Notarial Council.
422. Accountants are regulated based on the Accountancy Profession Act. Accountants are also
warrant holders having to submit the police good conduct certificate, as well as two references.
The same process applies to foreigners wishing to practice accountancy in Malta (however, the
police certificates are not verified). The Accountancy Board (appointed by the Minister of
Finance) has a quality assurance unit that can investigate (for instance in case of complaints)
and discipline (fines, suspension, removal).
Real Estate Agents, DPMS
423. Real estate agents and DPMS are not licensed, hence there are no provisions preventing
criminals and their associates from being involved in these sectors. However, this sector is
subject to on-going AML/CFT supervision by the FIAU. Moreover, Malta operates a notary
system for buying property. Therefore, due diligence on purchasers and sellers is also
conducted by Notaries.
Virtual Assets
424. Malta has introduced the Virtual Financial Assets Act 2018 (the VFA Act), which sets out
to regulate the field of initial coin offerings (ICOs) and virtual financial assets and to make
provision for matters ancillary or incidental thereto or connected therewith. The VFA Act
captures those persons that are launching crypto-currencies, as well as other service providers
connected to that asset class (including brokerage, portfolio managers, custodian and nominee
service providers, e-Wallet providers, investment advisors and crypto-currency exchanges). The
VFA Act also requires an issuer of virtual financial assets to appoint a VFA agent to assist,
monitor and provide guidance throughout the licensing period. The VFA agent must be resident
in Malta and licensed by the MFSA. Requests for authorisations and approvals under the VFA
Act were only accepted by the MFSA with effect from 1 November 2018. Therefore, the
assessment team was not in a position to assess the effectiveness of this new regime.
Supervisors’ understanding and identification of ML/FT risks
425. The senior members of FIAU demonstrated a broad understanding of the generic ML/FT
risks in Malta. However, the level of knowledge of ML/FT risks in Malta varied across the
sectorial supervisors. In particular, the assessment team considered that not all prudential
supervisors interviewed at the MFSA were equally cognisant of the ML/FT risks in their sectors.
While the FIAU and sectorial supervisors have taken positive steps to improve their knowledge,
there remain weaknesses in their appreciation of specific ML/FT risks for subject persons in the
securities, insurance, MVTS, law, accounting and real estate sectors.
101
426. Despite the jurisdiction actively promoting the use of virtual assets and related services in
Malta, the authorities are only now in the midst of formally assessing Malta’s ML/FT risks
associated with virtual assets. However, the Maltese authorities advised that existing risk
analyses from other (international) bodies, such as FATF, European Commission and EBA were
duly considered. A virtual assets risk assessment has been drafted, but has not been finalised
and shared with relevant stakeholders.
427. In 2012 the FIAU introduced an Annual Compliance Report (ACR), which all subject
persons are required to complete annually and, which informs its understanding of ML/FT
risks. However, the assessment team considers that there are significant limitations with the
ACR, as the questions are rudimentary, in that they do not solicit for example quantitative
information on the client base or transactions; do not elaborate further on the appropriateness
of the policies and procedures in place; and do not vary in accordance with the sector or type of
entity (including relevant information on the types of services and products offered) being
requested to provide information. Therefore, the way the questions are framed in the ACR does
not enable the Maltese authorities to broadly understand and identify ML/FT risks at subject
persons.
428. However, the Maltese authorities strengthened their understanding of ML/FT risks in the
banking, TCSP and remote gaming sectors in 2017 by: (1) undertaking an extensive data
collection exercise on all credit institutions, TCSPs and remote gaming operators; and (2)
introducing a prudential supervision questionnaire which the MFSA’s prudential and conduct
supervisory units were required to complete (also developed for gaming companies in 2018).
These data collection exercises sourced more granular data to assess the inherent risks,
including information on the type of products/services offered by the subject person,
distribution channels and customer interfaces, details on the volume and value of transactions;
details on various types and numbers of customers, deposit balances and countries dealt with
(indicating number of customers and beneficial owners, deposit balances and funds under
management per high risk / significant jurisdictions). The exercise also collected detailed
information on internal AML/CFT controls. Prudential questionnaires were aimed at putting in
place a formal procedure to ensure that the AML/CFT supervisors have structured, regular and
timely access to information from the MFSA and MGA prudential and conduct supervisors. This
information was integrated in the risk assessment of subject persons, together with other
sources of information such as information sourced from the analysis section of the FIAU.
429. Nonetheless, it remains unclear how this incorporates wider ML/FT group risks.
Furthermore, the ML/FT risk assessments of other types of FIs (securities, insurance and MVTS)
and DNFBPs (lawyers, notaries, accountants and real estate agents) are currently based on data
mainly collected through the ACR, which the assessment team considers is insufficient for the
nature, scale and complexity of business in Malta. Moreover, as reflected in Table 31, some FIs
have not submitted ACRs. The authorities have advised that they take supervisory actions
against these FIs, but this does not change the fact that they have not sufficient understanding
on the risks of these entities.
430. The FIAU’s assessment of residual ML/FT risk is currently a manual process. However, the
FIAU is in the process of developing a Compliance System which will automate a number of
processes, such as the assessment of ACRs and the allocation of risk scores. The objective is to
enable the FIAU’s Compliance Section, the MFSA and the MGA to have a ‘near real time’ risk
snapshot of the profile of all the entities subject to AML/CFT obligations and an up to date risk
overview by sector and across all sectors. It is currently intended that the Compliance System
will be fully operational in June 2019.
431. Given that 18 banks (out of 25) have been rated as medium or low risk, it is debatable if
the residual ML/FT risk ratings are appropriate for the nature, scale and complexity of Malta’s
banking sector (refer to Table 31 for the risk ratings applied to subject persons).
Risk-based supervision of compliance with AML/CFT requirements
432. Inspections of FIs and TCSPs which are licensed by the MFSA, are conducted jointly by the
FIAU and the MFSA. Inspections of DNFBPs (i.e. real estate agents, notaries, lawyers, auditors
and accountants) are conducted and coordinated solely by the FIAU, with the exception of
gaming operators which are supervised for AML/CFT purposes by both the MGA and the FIAU.
The Compliance Section of the FIAU currently has 13 members of staff devoted to AML/CFT
supervision, but this is set to rise to 58 by 202071. The MFSA’s Enforcement and AML/CFT unit
consists of 13 members of staff, but this is set to rise to 46 by 2020. The MGA’s newly formed
AML Unit consists of 8 members of staff. MoUs are in place between the FIAU and MFSA/MGA to
regulate the cooperation between them on a number of aspects including AML/CFT supervision.
The increase in staffing is a positive step as the assessment team considers that the general lack
of resources devoted to AML/CFT supervision has had a significant cumulative effect on the
effectiveness of the authorities’ day-to-day AML/CFT supervision.
433. The FIAU, in conjunction with the MFSA and MGA, has risk-rated all subject persons which
completed ACRs or participated in the extensive data collection exercises carried out in 2017
and has assigned risk-ratings to each of these and undertakes both on-site and off-site
inspections. However, these risk ratings might be affected by the significant limitations of the
ACR as discussed above.
434. FIs and DNFBPs have been risk rated as either: very high; high; medium high; medium
and low. The table below summarises the risk ratings for all subject persons in Malta.
Table 31: Risk ratings of the subject persons
High Residual
Residual Risk
Residual Risk
Residual Risk
Medium High
Low Residual
Population
Population
Population
Population
Population
Population
Population
Very High
Not Risk
Medium
(start of
2018)
Rated
Total
Risk
Risk
(%)
Industry
Sector
Banking 25 0 3 1 3 9 9
Securities
72
202 9% 3 27 99 52 4
Insurance 137 49%73 6 4 27 29 1
Other FIs 48 13% 3 13 24 2 0
Trustees 167 16% 19 53 56 8 4
CSPs 172 17% 11 44 67 19 1
Lawyers 246 11% 0 36 0 136 47
Accountant
381 4% 0 27 0 196 142
s
Real Estate 111 15% 0 23 0 43 28
Notaries 279 4% 0 47 0 150 70
Gaming 208 7% 4 30 82 61 16
71 The new restructuring plan was approved by the Government of Malta in March 2019.
72 Include 160 Investment Services Providers, 16 Retirement Scheme Administrators and 26 Fund
Administrators.
73 A proportion of these are tied insurance intermediaries and the authorities made a decision not to
separately risk assess these entities given their dependence on the insurance company.
103
435. At the time of the evaluation the supervisory authorities were in the midst of overhauling
their policies, procedures and operations on risk-based supervision. The assessment team was
informed that, with effect from 2018, higher risk entities would be subject to onsite inspections,
medium risk entities would be subject to offsite inspections74, and low risk entities would be
subject to supervisory meetings. However, the authorities were not in a position to provide the
assessment team with a documented procedure, setting out how these risk-ratings drive the
frequency, scope and nature of onsite and offsite inspections. Accordingly, it is assessed that at
the time of the evaluation there was not a coherent and comprehensive graduated risk-based
supervisory model. Malta argued that it operates a risk-based model of supervision as four
comprehensive inspections were conducted in 2018 on very high-risk subject persons.
However, these inspections were in reaction to intelligence received, rather than as a result of a
proactive risk-based driven supervisory model. Moreover, in the absence of a clearly defined
risk-based supervisory model, it is also unclear how ML and FT risks drove proactive
supervisory inspections during the preceding five years.
Onsite Inspections
436. AML/CFT inspections appear to be largely focused on checking that: (i) policies,
procedures and controls are in place and applied; (ii) business and customer risk assessments
are applied and (iii) CDD measures are applied, in particular that source of wealth and source of
funds is established for PEPs and high-risk customers. The private sector participants also
confirmed that the inspection teams, which usually consist of three officers, will conduct
interviews with the MLRO as well as other key staff and conduct an in-depth review of a
representative sample of CDD files. However, there appears to be little assessment by the
authorities of the effectiveness of the control and governance frameworks, business models at
subject persons to prevent and mitigate ML and FT, systems and processes in places to detect
ML/FT related suspicious transactions and implementation of UN TFS. This may explain why
significant AML issues described in detail below have gone undetected.
437. There is a MoU between the SMB and the FIAU, MFSA and the MGA, which has entered
into force on 31 May 2018, to check TFS-related aspects as part of their supervisory
engagements. However, implementation of UN TFS has received relatively less supervisory
attention, as also demonstrated under IO 11.
438. The tables below show the number of inspections undertaken between 2013 and up to
July 2018. It is unclear from the statistics provided what depth of review was applied and how
ML and FT risk drove these inspections prior to 2018.
Table 32: Number of onsite inspections
2018
Onsite
2013 2014 2015 2016 2017 (up to end
Inspections
of July)
Banks 5 2 3 3 5 2
Non-Bank FIs 2 1 0 4 6 0
Securities 17 25 10 8 10 0
Life Insurance 3 2 5 8 1 0
Trustees 13 19 9 8 12 0
CSPs 3 2 9 18 25 0
Real Estate 2 2 6 13 0 0
74This refers to specific off-site supervisory examinations triggered in view of the medium risk identified,
and does not include ACRs/REQs and ad-hoc off-site reviews triggered by compliance notes generated by
the FIAU Analysis Section and sent to the FIAU Compliance Section which are applicable to all subject
persons irrespective of the level of risk they pose.
Agents
Dealers in
Precious 0 0 0 0 0 0
Metals
Lawyers 1 1 6 12 5 0
Notaries 3 3 5 15 7 0
Accountants 2 2 5 18 6 0
Online Not in Not in
Not in scope Not in scope Not in scope 21
Gaming scope scope
Total Onsite
51 59 58 107 77 23
Inspections
Table 33: Number of offsite inspections
Offsite
2013 2014 2015 2016 2017
Inspections
Banks 2 3 3 12 17
Non-Bank FIs 0 0 0 3 2
Securities 0 0 2 4 3
Life Insurance 0 0 0 0 0
Trustees 3 0 2 1 4
CSPs 0 19 0 3 0
Total offsite
5 22 7 23 26
inspections
439. During the last two years, the FIAU and MFSA have devoted resources to deal with a small
number of inspections which were subsequently well publicised. At the end of 2017 the FIAU
were granted an additional power in the PMLA to appoint external experts, and in this respect,
appointed external experts to assist with carrying out comprehensive and extensive on-site
inspections on two banks (refer to box 3.1 and 3.2 for further details) and a group of connected
company service providers and accountancy firms in Malta, that were considered to pose a
significant risk of ML/FT to the jurisdiction due to a number of factors. The assessment team
considers that the FIAU’s use of this new power is a positive step in the right direction.
Box 3.1: Example of FIAU/MFSA Intervention at a Bank
Prudential assessments by the MFSA and an AML/CFT on-site review carried out by FIAU/MFSA, were
conducted in 2016. Subsequent to these supervisory interventions in November 2017, and following
discussions with an Inquiring Magistrate so as to ascertain whether planned supervisory actions could
jeopardize an on-going Magisterial inquiry, and before the indictment of the beneficial owner of the bank,
the FIAU jointly with the MFSA took a decision to carry out a comprehensive AML/CFT supervisory
examination. The MFSA and FIAU sought an independent third party with experience of forensics to assist
with this review. On 12 February 2018 the MFSA and FIAU together with the independent third party,
without prior notice, entered the premises of the Bank and copied all data of the banking system; all
accounts; all transactions; all SWIFT transfer data; customer documentation and all audio and e-mail
communications.
The indictment in a third country of the BO of the bank provided concrete and actionable information on
his suitability. The MFSA immediately prevented the BO from exercising any influence on the Bank. The
MFSA appointed a competent person under the Banking Act to take control and the running of the Bank to
prevent any dissipation of assets and any withdrawal of funds. Notwithstanding that the Bank is a less
significant institution, the withdrawal of its licence falls within the powers of the ECB. On 29 June 2018
the MFSA submitted its recommendation to the ECB for consideration of the withdrawal of the licence of
the Bank and on 16 October 2018 the ECB reached a preliminary decision to revoke the licence of the
Bank.
105
Box 3.2: Example of FIAU/MFSA Intervention at a Bank
In 2017 an on-site examination was carried out on the bank by the FIAU Compliance Section and MFSA
following information from the FIAU Financial Analysis Section indicating that the bank was receiving
funds of suspicious origin. The examination indicated serious and systemic shortcomings in the bank’s
adherence to AML/CFT obligations, including the establishment a comprehensive client profile, the
carrying out of adequate on-going monitoring and the failure to submit STRs.
Subsequent to the initial on-site examination, and with additional adverse information received from the
FIAU Analysis Section, the FIAU Compliance Section decided to carry out a further and more extensive
unannounced on-site examination. The second visit was carried out between February and July 2018. To
this effect the FIAU and MFSA engaged third party experts and initiated a full scope examination which
included the extraction of all relevant data that was stored on the banks’ systems and servers. The
compliance examination confirmed the findings obtained during the initial compliance examination,
which indicated serious and systemic shortcomings in the bank’s AML/CFT policies and procedures.
Concurrently to the compliance examination process, and in view of the serious concerns that had been
identified, on 5 October 2018 the FIAU issued a Directive to the bank to terminate the business
relationship with its main client which was deemed to expose the jurisdiction to significant ML/FT risks.
The MFSA also imposed a number of restrictions on the bank’s licence. The MFSA also appointed a
Competent Person to ensure good governance and proper conduct and the implementation of various
remedial measures. Subsequently the MFSA directed the Competent Person to initiate a controlled
process for the return of customer deposits. On the 13 October 2018 the FIAU issued a compliance report
notifying the Bank with the findings of the compliance examination. The supervisory/enforcement
process was still underway at the time of the on-site visit.
440. The assessment team concluded that the supervisory authorities do not have sufficient
resources to undertake full risk-based supervision of supervised entities. Given the level of risk
factors identified above, the supervisors should address the frequency and depth of onsite
inspections.
Remedial actions and effective, proportionate, and dissuasive sanctions
441. The FIAU has a broad range of remedial actions available to encourage compliance.
However, the assessment team considers the FIAU’s primary focus in the past has been to issue
pecuniary fines for breaches of AML/CFT requirements, and only in a limited number of cases
did the FIAU assess whether there are systemic deficiencies with a subject person’s AML/CFT
governance and internal control framework, and apply the necessary remediation measures
(e.g. agreed action plans or relevant recommendations).
Compliance Monitoring Committee
442. Findings of AML/CFT supervisory examinations undertaken by the FIAU or MFSA and
MGA, which are indicative of AML/CFT shortcomings are referred to the FIAU’s Compliance
Monitoring Committee (“CMC”). The CMC is an internal FIAU Committee, composed of FIAU
officials from the compliance (the 3 most senior officers) and legal sections (the manager of the
legal section or his/her representative) as well as the Director and Deputy Director of the FIAU.
This internal committee is responsible for the review of potential breaches of AML/CFT
obligations and the imposition of administrative penalties where breaches subsist or requesting
remedial action. The officers carrying out the supervisory examination from the FIAU or MFSA
and MGA are invited to present their findings and the subject person’s submissions in front of
the CMC.
443. There are two types of administrative sanctions that the Committee may decide to
impose: a reprimand and/or a monetary sanction. Concurrently and independently of an
administrative sanction, subject persons may be required to rectify their shortcomings and if
deemed necessary, the Committee may request the subject person to provide an action plan. In
low risk circumstances, the Committee may decide to issue a warning. A warning is not
considered to be an administrative sanction, but rather is issued to alert the subject person that
the Committee is expecting improvement in the area where deficiencies have been found, and is
thus being given the opportunity to improve itself accordingly. The Committee may decide that
the FIAU Compliance Team should follow up on the warning and/or action plan to ensure that
the measures required are adequately addressed by the subject person concerned.
444. The “Policies and Procedures of the Compliance Monitoring Committee – Offences and
Penalties” provides guidance to the CMC on the imposition of AML/CFT sanctions. However,
these are broad in nature, and whilst they detail factors to take into account when determining
the appropriateness of administrative sanctions, they do not provide guidance as to what
constitutes a “serious, repeated or systemic contravention.” Acknowledging that the procedures
require enhancement, the FIAU was at the time of the on-site visit in the process of amending
the procedures to provide more guidance to CMC members when imposing administrative
penalties.
445. Administrative penalties (i.e. fines) determined by the Committee are subsequently
presented to the Board of Governors of the FIAU. The members of the Board will be notified of
the circumstances of the case and the considerations taken by the Committee. The Board of
Governors will ensure that in reaching its conclusions, the Committee has acted in terms of its
policies and procedures and that the decision is effective, proportionate and dissuasive.
Sanctions
446. Fines exceeding EUR 10,000 imposed for breaches of AML/CFT legislative provisions are
published on the FIAU’s website where they remain posted for a period of five years from the
date of publication. The table below summarises the notices published on the FIAU’s website at
the time of the evaluation. It is noted that all of the sanctions published relate to isolated
breaches rather than to serious, systemic or repeated contraventions. Moreover, no sanctions
have been applied to directors and senior managers of subject persons. Given that the NRA
highlights that the residual ML/FT risks of company service providers, lawyers and trustees are
considered high, it is surprising that significant AML/CFT deficiencies had not been identified in
these sectors which required sanctioning during the preceding five years.
Table 34: Notices Published Sanctions on the FIAU website
Penalty
Penalty
Date of imposed on
imposed on Summary of reasons leading to
Sector Imposition Directors
the Firm imposition of penalties
of Penalty or
(EUR)
equivalent
Investment Findings from offsite inspection which
14 June 2018 38,750 None
Sector focused on four (4) business relationships
Investment 28 December In 8 cases failure to take reasonable
15,000 None
Sector 2017 measures to establish source of funds
Failure to establish source of wealth,
Banking 3 November
38,750 None scrutinise a transaction and submit a STR
Sector 2017
to the FIAU in respect of a client.
Banking 6 December Failure to establish source of funds for a
20,000 None
Sector 2016 client.
Other FIs 27 September 5,500 None Failure to reply to requests for
107
2016 information from the FIAU.
Failure to establish source of wealth and
Banking 28 September
4,000 None source of funds and make a STR in respect
Sector 2016
of a client.
Failure to scrutinise adequately on an on-
going basis the transactions undertaken
throughout a business relationship; failure
Banking 7 January
40,000 None to take sufficient measures to establish the
Sector 2016
source of funds of a PEP client and failure
to conduct enhanced on-going monitoring
of a business relationship with a PEP.
Failure, on one occasion, to take all
reasonable measures to establish the
Investment 9 November
2,500 None source of funds and assets that were
Sector 2015
registered in terms of the Investment
Registration Scheme 2014.
Failure, on one occasion, to take all
reasonable measures to establish the
Investment 9 November
2,500 None source of funds and assets that were
Sector 2015
registered in terms of the Investment
Registration Scheme 2014.
447. At the time of the evaluation the highest pecuniary fine in force for AML/CFT failings
published by the FIAU was EUR 40,000. No sanctions had been applied on a subject person’s
senior management. Therefore, the sanctions are not considered effective, proportionate and
dissuasive. Notwithstanding this, the FIAU’s appetite to apply higher penalties has increased;
the table below summarises the sanctions imposed or being determined by the CMC at the time
of the onsite visit. However, the vast majority of sanctions imposed by the FIAU are not yet in
force, as they are subject to judicial appeal. Therefore, it is too early to conclude on the overall
effectiveness, proportionality and dissuasiveness of the penalties applied. This recent approach
nevertheless demonstrates an increased commitment on behalf of the supervisors to impose
more dissuasive fines for AML/CFT breaches.
Table 35: Sanctions being determined or imposed in 2018, but not in force
Sector Amount Status

Banking EUR 327,500 Under Appeal
Banking EUR 199,500 Under Appeal
Determined by CMC – not yet
Banking EUR 11,200
issued
Determined by CMC – not yet
Banking EUR 8,000
issued
Trust EUR 30,000 Under Appeal
Investment EUR 370,250 Under Appeal
Investment EUR 38,750 Issued, not appealed75
Company Services EUR 9,000 Issued, not appealed76
Company Services EUR 1,480 Issued, not appealed77
Remedial Actions
75 After the on-site visit the fine was paid and the information was published on the FIAU website.
76 After the on-site visit the fine was paid, but not published since it is below the EUR 10,000 threshold.
77 After the on-site visit the fine was paid, but not published since it is below the EUR 10,000 threshold.
448. The FIAU requires subject persons to provide an action plan to remedy shortcomings, but
was unable to provide statistics on how many inspections resulted in agreed remedial action
plans although a small number of case studies were provided. The assessment team
understands that the FIAU’s compliance system which is under development will enable the
FIAU to maintain statistics on findings and demonstrate how those findings were remediated.
449. During the interviews with the private sector, it became apparent that written feedback
from the FIAU was issued so long after the date of the inspection it was no longer considered
relevant; in some cases subject persons had not received any written feedback after an on-site
inspection. The FIAU subsequently confirmed that there was a backlog of approximately 140
inspections for the period between 2015 and 2017. The FIAU had by the time of the on-site visit
issued all compliance reports for these 140 inspections. The delay in issuing timely feedback to
subject persons calls into question the effectiveness of these inspections.
Sanctioning by Sectorial Supervisors
450. The imposition of administrative penalties by the FIAU does not prejudice the ability of
the sectorial supervisors from taking additional actions, such as suspending or revoking licenses
as a result of AML/CFT deficiencies. Notwithstanding that online casinos only became subject
persons at the beginning of 2018, the table below indicates that the MGA has taken action as a
result of AML/CFT deficiencies.
Table 36: MGA enforcement actions relating to AML/CFT
Summary of Summary of Summary of
Summary of
reasons reasons reasons
Enforcement reasons leading
2015 leading to 2016 2017 leading to 2018 leading to
actions to imposition of
imposition of imposition of imposition
sanctions
sanctions sanctions of sanctions
From
From
information
information and
and intelligence
intelligence
collected by the
collected by the
Authority, the
Authority, the
latter had
latter had
reasonable
reasonable
Notices of grounds to
0 1 grounds to 1 0
Suspension conclude, that
conclude, that
the operator
the operator was
was using the
using the gaming
gaming
services for
services for
money
money
laundering
laundering
purposes
purposes
From
From From
information
information and information and
and intelligence
intelligence intelligence
collected by the
collected by the collected by the
Authority, the
Authority, the Authority, the The ML risk
latter had
latter had latter had posed by
reasonable
reasonable reasonable these gaming
Notices of grounds to
1 grounds to 1 grounds to 4 9 operators
Cancellation conclude, that
conclude, that conclude, that was deemed
these operators
the operator the operator was to be
were using the
was using the using the gaming unacceptable
gaming
gaming services services for
services for
for money money
money
laundering laundering
laundering
purposes purposes
purposes
Fines 0 0 5 Performed a 1 Performed a
109
share transfer share
without the transfer
required prior without the
approval of the required
MGA. This prior
meant that new approval of
shareholders the MGA.
were This meant
introduced or that new
changed shareholders
without the were
Authority introduced
performing fit or changed
and proper without the
checks on the Authority
new performing
shareholders fit and
prior to said proper
change taking checks on
place. the new
shareholders
prior to said
change
taking place.
This
These
suspension
suspensions
From was
were triggered, From
information triggered, by
by an information and
and intelligence an
investigation intelligence
collected by the investigation
conducted by collected by the
Authority, the conducted
the Italian Authority, the
latter had by the Italian
competent latter had
reasonable competent
authorities, reasonable
grounds to authorities,
Suspensions 6 where the 1 grounds to 2 1
conclude, that where the
operators were conclude, that
the operators operator
investigated for the operator was
were using the was
money using the gaming
gaming investigated
laundering services for
services for for money
organised crime money
money laundering
and association laundering
laundering organised
with MAFIA purposes
purposes crime and
organised
association
groups
with MAFIA
From
From
From information
information and
information and and intelligence
intelligence
intelligence collected by the
collected by the
collected by the Authority, the
Authority, the
Authority, the latter had The ML risk
latter had
latter had reasonable posed by
reasonable
reasonable grounds to these gaming
grounds to
Cancellations 1 grounds to 2 3 conclude, that 4 operators
conclude, that
conclude, that these gaming was deemed
the gaming
the operator operators were to be
operators were
was using the using the unacceptable
using the gaming
gaming services gaming
services for
for money services for
money
laundering money
laundering
purposes laundering
purposes.
purposes.
451. Until the supervisory actions taken against two Maltese credit institutions in 2018, the
MFSA had not suspended or cancelled a licence of an FI as a result of identified AML/CFT
deficiencies. This reinforces the view of the assessment team that, while it is clear that the
MFSA’s resolve to deal with ML and FT concerns has increased, there has been a disconnect
between AML/CFT and prudential supervision at the MFSA during the period under review.
Impact of supervisory actions on compliance
452. While the FIAU considers that the subject persons’ compliance with the AML/CFT
requirements has improved (and in this respect provided a small number of typologies), it was
unable to provide detailed statistics on the nature of breaches identified and what action were
taken to remediate the underlying cause of these breaches. Taking into account that the FIAU
has not in the past routinely imposed remediation plans, it is difficult to conclude to what extent
the FIAU is having an effect on the compliance of FIs and DNFBPs.
453. The recurring theme which developed during the interviews with the private sector was
the significant impact non-Maltese correspondent banks hold over the financial services sector
in Malta. The majority of Maltese-licensed credit institutions rely on correspondent banks to
process payments in currencies other than the Euro. The assessment team was advised on
several occasions that correspondent banks were increasingly making rigorous enquiries of
their respondents, including conducting on-site inspection visits to the premises of the Maltese
credit institutions. The majority of credit institutions stated that there was a fear of losing
correspondent banking relationships. Therefore, several banks were forced to meet certain
requirements set by correspondent banks, such as refraining from processing any payments
relating to the gaming sector, crypto-currencies sector, IIP clients or even accepting such clients.
As a result of discussions with the private sector, the assessment team considers that any
increase in compliance is more likely as a result of Maltese credit institutions’ fear of losing their
correspondent banking relationships (which has a cumulative effect on those FIs and DNFBPs
which bank their clients in Malta), rather than as a direct result of AML/CFT supervisory actions
taken in Malta. However, this is likely to change in view of the supervisory authorities’ increased
appetite to apply higher sanctions. In particular, once the sanctions listed in Table 35 and the
rationale for imposing these sanctions has been made public, this should have a more dissuasive
effect on subject persons in Malta. This is why it is critical that the FIAU’s approach to imposing
sanctions should be streamlined to ensure timely outcomes and that the publication of
sanctions is not delayed through judicial appeal.
Promoting a clear understanding of AML/CFT obligations and ML/FT risks
454. The FIAU does organise and participate in a number of seminars, and was considered by
the private sector representatives interviewed as open and co-operative. Moreover, the staff in
the Legal Unit and International Relations within the FIAU has increased which has led to an
increase in the production of guidance notes in 2018.
Training and Outreach
455. Regular training sessions, seminars and conferences have been conducted by the FIAU
throughout the past years. Staff members of the FIAU have also delivered
training/presentations to subject persons within the various sectors at events that were
organised by representative bodies and private institutions.
456. During 2017, and in conjunction with the revision of the FIAU Implementing Procedures
Part I, the FIAU organised two training events (in February and April 2017, respectively). These
events were open to all subject persons and were attended by almost 900 individuals. In 2018
the FIAU, in conjunction with the MFSA with external experts, held a one-week training event
which was intended to provide guidance to subject persons on the carrying out of AML/CFT
business risk assessments. The training events targeted credit institutions, trustees, CSPs,
111
investment companies, notaries and real estate agents, and were attended by around 270
individuals.
General and sector-specific guidance
457. The main guidance document issued by the FIAU (and which provides general guidance
on the application of all the AML/CFT obligations envisaged under the PMLFTR) is the
Implementing Procedures Part I. These Implementing Procedures lay down legally-binding
procedures and provide guidance, and is applicable to all subject persons (i.e. both the financial
and the non-financial sectors). The Implementing Procedures Part I were issued on 20 May
2011 and were most recently updated on 27 January 2017. Although the PMLFTR was
introduced on 1 January 2018, at the time of the onsite visit the revised version of Part 1 of the
Implementing Procedures was issued for consultation by the FIAU, but was not yet in force. As
from 2014 the FIAU has published a number of sector-specific and ad-hoc guidance notes to
assist subject persons carrying out AML/CFT preventative measures. The increase in staff in the
Legal Unit and International Relations within the FIAU appears to be paying dividends as there
was a sharp increase in the number of guidance notes published in 2018. While this is positive,
further work is required as there exists currently no sector-specific guidance for the investment,
insurance and TCSP and virtual asset sectors.
Conclusion
CHAPTER 7. LEGAL PERSONS AND ARRANGEMENTS
Key Findings
IO.5
• It is acknowledged by the authorities in the NRA that Maltese legal persons and legal
arrangements can be misused for ML/FT purposes, in particular, that such vehicles have been
used to obscure beneficial ownership. However, no in-depth analysis of how all types of Maltese
legal persons and legal arrangements could be used for ML/FT purposes has been finalised and
shared with relevant stakeholders. Moreover, the assessment team found that there was a lack
of detailed knowledge amongst some of the authorities and the private sector of the main types
of predicate crime that legal persons and legal arrangements are exposed to, in particular that
the vehicle itself may be used to facilitate financial crime.
• The Maltese authorities take a multi-pronged approach to obtaining beneficial ownership
information in a timely manner on Maltese legal persons and legal arrangements by way of the
following: (i) the TCSP and/or a lawyer or accountant administering the legal person and legal
arrangement; (ii) the depositing of share capital at Maltese banks; and (iii) with effect from 1
January 2018 all new Maltese legal persons and trusts which generate tax consequences in
Malta were required to obtain beneficial ownership information and disclose such information
to the pertinent registries. However, the registers of beneficial ownership information for legal
shortcomings in this multi-pronged approach. In particular, whilst the introduction of a
centralised register of beneficial ownership for companies and commercial partnerships is a
positive move, the Registry of Companies does not have sufficient human resources and legal
gateways to adequately verify/monitor the accuracy of the beneficial ownership information
held. This could sometimes call into question the accuracy of beneficial ownership information
held on Maltese legal persons.
• Information is available publicly on the creation and types of legal persons and
arrangements in Malta. Basic information on Maltese legal persons is publically available.
• Taking into account the nature and scale of business undertaken in Malta, the potential
fines for failing to submit beneficial ownership information on legal persons are not considered
effective, dissuasive and proportionate. Moreover, as reflected in IO.3, significant concerns have
been highlighted concerning the adequacy of supervision of subject persons. At the time of the
evaluation, no sanctions relating to significant AML/CFT deficiencies had been applied to the
gatekeepers of Maltese legal persons and legal arrangements, being TCSPs and/or lawyer or
accountants, in the preceding five years.
Recommended Actions
• The authorities should finalise their assessment of the vulnerabilities and the extent to
which all types of Maltese legal persons and legal arrangements could be misused for ML/FT.
This assessment should include: (i) the domestic and international ML/FT threats, including the
underlying predicate crimes, that Maltese legal persons and legal arrangements are exposed to;
and (ii) the vulnerabilities of the Maltese multi-pronged approach to obtaining accurate and
timely beneficial ownership information. Upon completion the authorities should ensure that
the conclusions of this assessment are communicated to all relevant stakeholders, and where
113
appropriate, the private sector; and appropriate measures should be put in place to mitigate any
identified vulnerabilities.
• Malta should ensure that the Registry of Companies has adequate resources and legal
powers to ensure that it holds accurate and up-to-date basic and beneficial ownership
information and that it applies effective, proportionate and dissuasive sanctions; and consider
whether a more robust approach to striking-off delinquent companies is required.
• Effective, proportionate and dissuasive sanctions should be applied by the FIAU to
gatekeepers which fail to maintain up-to-date beneficial ownership information.
• Technical issues identified in the TC annex should be addressed to strengthen measures
to prevent the misuse of legal persons and legal arrangements.
Recommendations relevant for the assessment of effectiveness under this section are R.24 and
25.
Immediate Outcome 5 (Legal Persons and Arrangements)
460. Malta has a mixed legal system in that it has its roots in the Civil Law, but has absorbed
many features of Common Law. The Maltese legal framework provides for the establishment of
the following legal persons: public liability companies; private limited liability companies;
Societa Europea, European Economic Interest Groupings; Partnerships en nom collectif
(unlimited liability) and Partnerships en Commandites (limited liability); as well as private
foundations, purpose foundations and associations. With regard to legal arrangements, the
Maltese legal framework provides for the establishment of trusts.
461. The Maltese authorities take a multi-pronged approach to obtaining beneficial
information on Maltese legal persons legal arrangements in a timely basis as follows: (i) based
on data collated by the Registry of Companies, approximately 98%78 of legal persons seek the
services of a corporate service provider and/or a lawyer or accountant who are subject to
AML/CFT obligations at the incorporation stage and/or on on-going basis; (ii) all companies set
up in Malta have a share capital requirement and the authorities estimate that in practice 80%
of these companies’ share capital is deposited into a Maltese bank account, and is therefore
subject to AML/CFT obligations; and (iii) with effect from 1 January 2018 all new Maltese legal
persons were required to obtain beneficial ownership information and disclose such
information to the pertinent registries. Companies and partnerships formed and registered
prior to 1 January 2018 were required to submit the beneficial ownership information on either
the anniversary of its registration or when there is a change in the beneficial ownership of the
company, whichever is the earlier. Therefore, by the third quarter of 2019, Malta should have
retroactively populated the beneficial ownership registers information for all legal persons.
462. In addition, with effect from 1 January 2018, trustees who were appointed for trusts
which generate tax consequences in Malta were required to report the beneficial ownership
information of such trusts, whereas for the existing trusts (generating tax consequences) prior
to 1 January 2018, such beneficial ownership information was reported by 1 July 2018. The
effectiveness of these provisions is discussed below.
463. The below table outlines the number of companies, foundations and associations
registered in Malta as of spring 2018:
78 Of the 4420 companies registered between January and October 2018, only 40 companies were
registered without the assistance of a subject person.
Table 37: Number of companies, foundations and associations
Year 2014 2015 2016 2017 2018
Public Limited Liability Company 422 477 523 555 555
Private Limited Liability Company 38,800 42,213 45,348 48,772 48,129
Societa Europea 6 7 7 7 7
European Economic Interest
30 34 40 40 41
Grouping
Partnerships en Commandite 95 127 141 159 159
Partnerships en nom collectif 979 1,014 1,062 1,098 1,125
Private foundations 76 116 143 168 171
Purpose Foundations 168 194 228 264 268
Associations 68 80 93 110 113
464. For trusts, there is no registration obligation other than for those that generate tax
consequences in Malta. However, the MFSA regularly collects data for supervisory purposes,
and as at 31 August 2018, confirmed that there were 3529 trusts under the administration of
licensed trustees in Malta79.
Public availability of information on the creation and types of legal persons and
arrangements
465. As noted in more detail at R.24, information on the various types, forms and basic features
of Maltese legal persons and arrangements is publicly available on the website provided by the
Ministry for Justice, Culture and Local Government. The Public Registry, Malta
(https://identitymalta.com/legalpersons/) and the Registry of Companies
(https://www.roc.mt/ROC/) both have created websites through which relevant forms
required to incorporate a legal entity can be downloaded. The websites provide information and
guidelines about the incorporation procedures to be followed for all types of legal persons along
with general information about the nature and structure of the various types of legal persons.
Identification, assessment and understanding of ML/TF risks and vulnerabilities of legal
entities
466. It is acknowledged by the authorities in the NRA that Maltese legal persons and legal
arrangements can be misused for ML/FT purposes, in particular that such vehicles have been
used to obscure beneficial ownership. The authorities assessed the residual ML/FT risk for
company service providers and trustees as high. Furthermore, the authorities (in conjunction
with an international consultancy firm) have carried out a further analysis of how all types of
Maltese legal persons and legal arrangements could be used for ML/FT purposes. A risk
assessment document has been drafted, but not finalised and shared with relevant stakeholders.
Therefore, the Maltese authorities did not consider they were in a position to summarise and
provide a copy of this document to the assessment team to retain and analyse. Furthermore,
with the exception of the FIAU, the assessment team found that there was a lack of detailed
knowledge amongst some of the authorities and the majority of private sector interviewed, of
the main types of predicate crime that legal persons and legal arrangements are exposed to, in
particular that the vehicle itself may be used to facilitate financial crime.
Mitigating measures to prevent the misuse of legal persons and arrangements
467. Malta has taken three key measures to prevent the misuse of legal persons and legal
arrangements. The first measure was the introduction of Malta’s two legal persons’ registries,
79It is unlikely, in the view of Malta, that there is significant number of express trusts that are governed
by Maltese law, where the trustee is outside of Malta, due to the certain restrictions (see Rec.25, criterion
25.1).
115
which provide a source of basic information on all Maltese legal persons. The second measure
was the introduction of regulation covering the trust and corporate service sector. Both trust
service providers and CSPs are subject to prudential and conduct of business regulation by the
MFSA and AML/CFT supervision by the FIAU in conjunction with the MFSA. The third measure
was the introduction of beneficial ownership registers on 1 January 2018 for all types of legal
persons and trusts.
468. The Maltese authorities take a multi-pronged approach to obtaining beneficial
information in a timely manner on legal persons incorporated under Maltese law and legal
arrangements, but the assessment team has identified the following shortcomings with each of
these methods, which could call into question the accuracy of beneficial ownership information
held on legal persons in Malta:
a) Trustees have been regulated and supervised by the MFSA since 2004 and CSPs since 2013,
albeit subject to AML/CFT supervision prior to this date, as they were deemed to be subject
persons under the PMLFTR. However, there is no legislative provision requiring a subject
person to incorporate a company or register a partnership and maintain its registered office.
Therefore, legal persons may be created without the scrutiny of an entity subject to Maltese
AML/CFT supervision. In mitigation, the authorities estimate that approximately 98% of
legal persons seek the services of a Maltese supervised corporate service provider and/or a
lawyer or accountant at the incorporation stage and/or on on-going basis. Nonetheless,
lawyers providing company services are exempt from registration with the MFSA, in view of
the fact that they are already subject persons. However, as reflected in IO.3, it is assessed that
lawyers are not subject to adequate market entry measures. Moreover, under IO.3 the
assessment team has highlighted significant concerns regarding the adequacy of AML/CFT
supervision and application of remedial actions and/or sanctions on subject persons, in
particular, company service providers, lawyers, accountants and trustees.
b) All companies set up in Malta have a share capital requirement. However, there is no
requirement for this to be deposited in a Maltese bank subject to AML/CFT supervision. The
authorities estimate that in practice 80% of these companies’ share capital is deposited into
a Maltese bank account. However, this is likely to reduce further as the corporate service
providers interviewed advised that it was becoming increasingly difficult to bank their
clients in Malta due to the enhanced scrutiny of CDD checks by Maltese banks. Therefore,
beneficial ownership information would not be available to the Maltese authorities via this
approach for approximately 20% of companies.
c) Centralised registers of beneficial ownership have been created for both legal persons and
trusts. These are maintained respectively by the Registrar of Companies, Registrar of Legal
Persons (Associations and Foundations), and the MFSA. However, the registers for legal
persons are currently being retroactively populated. Therefore, the assessment team could
not fully assess the effectiveness of this new mechanism. Nonetheless, the assessment team
identified the following shortcomings with the register of beneficial ownership for
companies and other commercial partnerships: (i) directors/partners and the company
secretary are responsible for providing basic and beneficial ownership information to the
Registrar of Companies and other competent authorities. However, to date there is no
requirement for the director and/or the company secretary to be resident in Malta, and thus
subject to Maltese AML/CFT supervision. Nevertheless, irrespective of whether the
directors/company secretary are resident in Malta or not, they are still subject to the
obligations set out in the Companies Act (Register of Beneficial Owners) Regulations to
submit accurate and up to date beneficial ownership information; and (ii) The Registry of
Companies does not have sufficient human resources and legal gateways to adequately
verify/monitor the accuracy of the beneficial ownership information held on register of
beneficial ownership. In particular, the Registry of Companies is not empowered in
legislation to undertake on-site visits to verify the accuracy of beneficial ownership
information held on companies and commercial partnerships. However, at the time of the
evaluation the Registry of Companies was investigating as to how to enhance its existing
verification checks, which are detailed below.
469. The authorities advise that the Registry of Companies carries out a thorough vetting of a
company’s memorandum and articles prior to incorporation, as well as checks on the natural
persons involved in the company, including: (i) requesting a copy of an identification document;
(ii) bank/character reference in the case of non-EU residents; and (iii) checks whether the
relevant individuals are sanctioned as per the lists issued by the United Nations Security
Council, EU and the US Office of Foreign Assets Control. In the case of body corporates in the
company/commercial partnership structure, the Registrar requests a good standing certificate.
As part of its verification process of the registered office of the company (which is required by
law to be in Malta), the Registry of Companies also requires a copy of a lease agreement or a
contract of sale of specific premises (unless the address is known to be that of the CSP,
warranted lawyer or accountant), evidencing that the company will therefore be utilising the
address indicated therein and is authorised to do so. Moreover, the Registrar of Companies is
empowered in legislation to refuse registration of documents until beneficial ownership
information is given.
470. In cases where the proposed company structure involves a trust, the Registry of
Companies requests a declaration that due diligence has been carried out on the ultimate
beneficial owner(s). In those residual cases where a company is not incorporated through the
services of a subject person, the Registry of Companies does not proceed with the incorporation
and registration of the company, unless a true copy of an identification document, in case of
natural persons, or a good standing certificate (issued from the relevant jurisdiction’s company
registry) in case of body corporates, is provided to the Registry, in relation to all proposed
directors, company secretary and shareholders. Such documents are required to be certified by
a warranted lawyer or accountant. In addition, in such cases the Registry of Companies also
requires a bank/character reference on the shareholders, a police conduct certificate, a utility
bill to verify the address as well as a declaration confirming that they have not been or are: (i)
interdicted or incapacitated; (ii) undischarged bankrupt; (iii) convicted of any of the crimes
affecting public trust or of theft or of fraud or of knowingly receiving property obtained by theft
or fraud; and (iv) not subject to a disqualification order under Art. 320 of the Companies Act.
471. The Registry of Companies has provided some examples of the types of verification of
information which began following the introduction of the register of beneficial ownership (Box
5.1.).
Box 5.1.: Verification of information on beneficial owners by the Registry of Companies
Case Study 1: A company submitted a Form BO1. The analyst vetting the document noted that the
shareholder, a body corporate holding 1200 shares, was registered in the UK. The analyst checked with
the UK’s Person with Significant Control Register and found out that the natural person disclosed did not
match with the UK’s Register. The analyst requested clarification and the company confirmed that the
information on the UK register was correct and therefore submitted another Form BO1 with correct
information.
Case Study 2: A company submitted a Form BO1. The analyst vetting the document noted that the date of
birth did not match with the passport. The analyst sent back the form and requested an amendment. Once
the amendment has been submitted, the beneficial owners were registered.
Case Study 3: A company […. Yachting Limited] submitted a Form BO2. The shareholder of the company
was another Maltese Company [… (Malta) Limited], whose shares were held by another Maltese company
[E (Malta) Limited] whose shares were in turn ultimately owned by a company registered in a foreign
117
jurisdiction […. (Group) Limited]. The analyst performed an internal search and found a discrepancy
between the beneficial ownership information of E (Malta) Limited and the beneficial ownership
information of … Yachting Limited. The analyst sent the form back and refused to register it until the
mistake was rectified.
Timely access to adequate, accurate and current basic and beneficial ownership
information on legal persons
Basic information held at the registries
472. Every type of Maltese legal person has to be registered with the Company Registrar or the
Registrar for Legal Persons for it to obtain legal personality. Registration involves the provision
of basic information as prescribed under R.24 of the TC Annex. Basic information on Maltese
companies and partnerships is publicly available (accessible online). In relation to the basic
information in respect of foundations and associations, this is also available publicly for physical
inspection. Legal persons are required to notify the respective Registrar of changes to basic
information within 14 days from the date of the amendments together with the relevant returns
and documentation.
473. The assessment team was advised that the Registry of Companies and the Registrar of
Legal Persons check the completeness of the basic information/documentation provided in
respect of legal persons. Moreover, where the object clause of a proposed new company or
foundation includes an activity relating to financial services which would require a licence or
other authorisation from the MFSA, the registration of the company or foundation is not
effected prior to confirmation that the MFSA has in principle approved the issue of the licence.
Any changes to registered company information, including shareholder information, only takes
effect once they have been registered with the relevant Registry.
Beneficial ownership information held at the registries
474. The MFSA, the Registry of Companies and the Registry of Legal Persons (Foundations and
Associations) have established beneficial ownership registers respectively for trusts and legal
persons, as required under EU and Maltese law. As of January 2018, beneficial ownership
information was requested and included in the relevant register for any newly-formed legal
person. At the time of the mutual evaluation80, the registries were not fully populated with
beneficial ownership information. It is expected that Malta would have retroactively populated
the beneficial ownership registers information for all legal persons by the third quarter of 2019.
At the time of the evaluation, the authorities were in the midst of adding beneficial information
to the registries. Therefore, it is too early to conclude on the overall effectiveness of actions
taken and the impact of such to the overall transparency of the beneficial ownership
information in Malta, especially taking into account some other shortcomings with this new
mechanism, as discussed above.
475. The beneficial ownership registers for both legal persons and legal arrangements are
freely accessible by all authorities through an online system, including for the tax authorities
and customs. Subject persons may also access the register in order to carry out due diligence. In
the case of the Registry of Legal Persons, an internal electronic database is currently being used
until an online electronic register is fully functional.
80At the time of the onsite visit the Registry of Companies had received beneficial ownership notifications
from 5,200 companies, which represent 83% of the total BO information that had to be submitted up to
31 October 2018, in accordance with the transitional provisions. However, it should be noted that there
are approximately 48,000 Maltese companies.
Timely access to adequate, accurate and current basic and beneficial ownership
information on legal arrangements
476. Trustees authorised in terms of the Trusts and Trustees Act are required to identify and
verify beneficial owners of both Maltese and non-Maltese express trusts.
477. For trusts which generate tax consequences in Malta, there was no registration obligation
prior to 1 January 2018. Therefore, in order to obtain beneficial ownership information,
enquiries would be made to all banks, or all TSPs or CSPs on whether they have any dealings
with a particular trust or legal person and requiring the FI or DNFBP to provide relevant
information, or else by making an enquiry with the MFSA, which in turn has extensive powers to
request information from TSPs and CSPs, as explained in the TC annex, and which information
would then be shared with the competent authority.
478. With respect to the trusts beneficial ownership register, with effect from 1 January 2018,
trustees who were appointed as such for trusts which generate tax consequences were required
to report the beneficial ownership information of such trusts. For the existing trusts (generating
tax consequences) prior to 1 January 2018, such beneficial ownership information was reported
by 1 July 201881 and was available and accessible to competent authorities and subject persons.
By October 2018 the trusts beneficial ownership register was made available online, whereby
free and unfettered access was granted to competent authorities, and search facilities granted to
subject persons for the purposes of carrying out due diligence in terms of the PMLFTR. Upon
receipt of beneficial ownership information of trusts, the MFSA also carries out sample checks of
identification details against electoral registers and other due diligence tools. It should be noted
that, since the MFSA is also the competent authority responsible for the supervision of trustees,
the MFSA therefore does not merely collate the beneficial ownership information of trusts in the
relevant register.
479. The MFSA and the FIAU have the right to request and access BO information from trustees
in relation to all trusts, irrespective of any tax consequence or otherwise.82
Timely access by the FIAU and Police to beneficial ownership information
480. Malta’s Police force and the FIAU can obtain both basic and beneficial ownership
information through statutory powers.
481. The assessment team was informed that during recent years, neither the FIAU nor the
Police have experienced any difficulty in obtaining beneficial ownership information as
required. The FIAU and other authorities also confirmed that, when they require the beneficial
ownership information of a legal person, they resort to requests to various sources, namely the
Registry of Companies itself, banks and other FIs, as well as any other relevant subject persons.
They confirmed that they have never found any discrepancies between the said sources.
Moreover, the FIAU advised that as a matter of standard practice they will always request
beneficial ownership information as part of any request made to a subject person, regardless of
the underlying reason for the request. This includes situations where the FIAU may already
have beneficial ownership information on a specific legal person on file, with the aim of
corroborating this information before using it for analytical purposes sending it to a foreign
FIAU or sharing it with a competent authority in Malta. The private sector interviewees
81 At the time of the onsite visit the Trust Beneficial Ownership Register had received beneficial
ownership notifications from 271 trusts, which covers all reportable trusts in terms of the relevant
regulations (i.e. trusts which generate tax consequences).
82 By the third quarter of 2019 (in view of the deadline for implementation of the Fifth Anti-Money
Laundering Directive) Malta will retrospectively bring all trusts into scope of the reporting requirements
for the Trusts BO Register, irrespective of whether such trusts generate tax consequences or otherwise.
119
confirmed that they often received requests for beneficial ownership information from the
authorities.
482. The following is a table of requests by the FIAU to subject persons for beneficial
ownership information that was sent only as a result of a foreign request for information,
broken down by year. The table does not include cases where the FIAU sent such requests to
subject persons in a domestic context. However, the authorities confirmed that the same
average time of 3-4 days to obtain beneficial ownership information would still apply.
Table 38: Requests by FIAU to subject persons for beneficial ownership information
Foreign
Year
requests for Average time taken
Requests sent to Foreign requests
information to obtain
subject persons for Information
from foreign information
FIUs
2014 42 361 42 4 days
2015 41 668 41 3 days
2016 79 1361 79 4 days
2017 125 1763 125 3 days
2018 67 893 67 3 days
483. The newly-centralised registries of beneficial ownership of legal persons and legal
arrangements will greatly assist authorities in obtaining beneficial ownership information in a
timely basis. However, as reflected above, there are some shortcomings in the regime which
could call into question the accuracy of the information.
Legal Persons
484. The Registrar of Companies is empowered to issue pecuniary fines for the failure to
submit both basic and beneficial ownership information within the prescribed filing period. The
tables below detail the number of fines applied and the percentage of those which have been
settled.
Table 39: Pecuniary Fines for Basic Information
Year Number of Fines Percentage of Fines Settled
2014 1421 78%
2015 1517 73%
2016 1636 74%
2017 1912 72&
2018 2122 59%
Table 40: Pecuniary Fines for Beneficial Ownership Information

Year Number of fines Percentage of fines settled
2018 388 52%
485. Whilst pecuniary fines have been issued for failing to submit both basic and BO
information, as indicated above, these are not always paid. The Registrar of Companies
confirmed that the judicial proceedings in terms of Art. 401 of the Companies Act to recover
such penalties are on-going. Such proceedings include the issuing of garnishee orders on the
personal bank accounts of directors. The Registrar of Companies informed that the striking-off
procedure would be invoked as a matter of last resort, and to date the Registrar of Companies
has struck 4150 non-compliant companies off the register in relation to failure to submit basic
information. However, given that fines remain unpaid since 2014, the Registrar of Companies
should reassess if a more robust approach to striking off companies is warranted.
486. Criminal sanctions are provided for under all three sets of regulations governing the
beneficial ownership registers (a fine not more than EUR 5,000 or to imprisonment for a term
not exceeding six months or to both such fine and imprisonment) in respect of the provision of
misleading or false information. Failure to obtain, retain and provide beneficial ownership
information to the registries is punishable by penalties ranging from EUR 500-1,000, together
with daily penalties ranging from EUR 5-10 for every day during which the default continues
under the Register of Beneficial Ownership Regulations (Companies, Foundations and
Associations). Taking into account the nature and scale of business undertaken in Malta the
pecuniary fines for legal persons are not considered effective, proportionate and dissuasive.
Legal Arrangements
487. The Trusts and Trustees Act provides that any person who contravenes or fails to comply
with any of the provisions of this Act, saving any higher punishment which may be provided
under any other law, shall be liable upon conviction to a fine not exceeding EUR 466,000 or to a
term of imprisonment not exceeding four years, or to both such fine and imprisonment.
Furthermore, pursuant to Reg. 9 of the Trusts and Trustees Act (Register of BOs) Regulations,
where a trustee authorised or registered in terms of the Act, contravenes or fails to comply with
any of the provisions of these regulations, the MFSA may impose an administrative penalty
which may not exceed EUR 150,000 for each infringement. No sanctions have been applied so
far in accordance with the above-mentioned provisions.
Sanctioning of Gatekeepers
488. As referenced in IO.3, the assessment team is concerned that there has been a distinct lack
of sanctioning by the FIAU for AML/CFT failings against the gatekeepers (trust and corporate
service providers, lawyers or accountant) of Maltese legal persons and legal arrangements.
Conclusion
CHAPTER 8. INTERNATIONAL COOPERATION
Key findings
IO.2
121
 Maltese legislation sets out a comprehensive framework for international cooperation,
offences. While the AGO serves as the central authority for international cooperation through
mutual legal assistance (MLA) in Malta, channels of cooperation through direct communication
are used by the Police and the FIAU with respective foreign partners.
 The FIAU has a broad legal basis for international cooperation and proactively and
constructively interacts with its foreign counterparts by exchanging information on ML
associated predicate offences and FT. The assistance provided by the FIAU spontaneously
and/or upon request is considered effective in terms of quality and timeliness by its
counterparts. The international cooperation conducted with foreign countries is consistent with
Malta’s overall geographical risk exposure.
 Moreover, the Police are active in the sphere of international cooperation through direct
communication (especially via Europol, CARIN and SIENA). However, the information-sharing
via different law enforcement platforms often remains at the stage of inter-agency cooperation
and is conducted in parallel with the FIU-to-FIU cooperation, without achieving adequate levels
of integration or translating into requests of assistance. These factors have also affected the
number of MLA requested by the AGO (which appears to be limited, especially when compared
with the amount of foreign requests for MLA received in recent years).
 The Police regularly engage in Joint Investigation Teams (JIT) to deal with transnational
ML schemes. MoUs have also been signed between the Police and foreign authorities to enhance
the non-MLA relationships and promote international cooperation.
 Overall, positive feedback on the quality and timeliness of formal international
cooperation (including MLA and extradition) provided by Malta was received from foreign
partners. The few instances where international cooperation was not conceived as satisfactory
by foreign partners related to delay caused by difficulties in collecting the requested
information from FIs in cases were a lot of financial data was required by the requesting state.
 Maltese authorities frequently exchange basic and BO information with their counterparts
via various channels of communication. In order to ensure exchange of adequate and current
basic and BO information with their respective counterparts the Maltese authorities use a
combination of various sources of information to collect the data. The feedback provided by the
AML/CFT global network is generally positive in terms of the quality and timeliness of provided
assistance, and does not suggest any particular concerns in this respect either.
Recommended Actions
IO.2
 The use of formal MLA tools for seeking timely assistance from abroad to pursue ML,
associated predicate offences and FT should be improved, in order to make the use of MLA more
consistent with the role of Malta as an increasingly growing international financial centre.
 Forms and channels of “diagonal cooperation” that take place between the FIAU and
foreign LEAs should be used only when necessary to ensure timeliness in providing information
to relevant domestic authorities, maintaining the usual FIU-to-FIU cooperation channels as the
main channel to collect or exchange financial intelligence.
Recommendations relevant for the assessment of effectiveness under this section are R.36-40.
Immediate Outcome 2 (International cooperation)
Providing constructive and timely MLA and extradition
491. International cooperation is particularly important in the Maltese context, given the
geographic position as a destination for foreign proceeds that exposes the country to a high risk
of transnational criminal activities. On the basis of various legal arrangements and international
instruments (including UN, CoE and EU Conventions, treaties and other bilateral agreements on
mutual legal assistance, see further R.36 in the TC Annex), Maltese authorities are able to
provide a wide range of assistance in case of requests for international cooperation in criminal
matters and extradition.
492. The national authority responsible for coordinating both incoming and outgoing mutual
legal assistance requests is the AGO. Incoming requests are received either directly by the AGO
or through the MFTP, and in the vast majority of cases are referred to and executed by the
Police. Once executed, requests are referred back to the AGO which will then communicate the
information to the requesting authority. The AGO has assigned one principle staff officer full-
time to deal with MLA requests, who is backed-up by four additional support officers depending
on the workload, which the AGO considers as sufficient in terms of resources. Malta has one
liaison officer within Europol.
493. Upon receipt of a MLA request, a file is opened and logged into an electronic case-
management system which is linked to the Eurojust database. A general review of the legality of
the request is conducted, also to verify that all legal requirements are satisfied. The authorities
confirmed that in practice the only reason to refuse to reply to an MLA request is when it is
going against fundamental principles of laws of Malta. After receiving the MLA request, the AGO
refers the case to the competent authority, but keeping a note in the file with regard to the
information of the request, including the alleged offence and the requested measure. Automatic
notifications generated by the system ensure that requests are executed in a timely manner.
494. In the last year for which full statistics are available (2017), Malta received 138 legal
assistance requests. Of these requests, 11,5% concerned ML, while 44,2% concerned fraud and
14,4% tax crimes. On the basis of the information provided by the Maltese authorities regarding
the requests executed between 2013 and 2018, the average time of execution of a MLA request
related with ML was 51 days. The overall duration very much depends on the nature and
importance of the matter, and the authorities are able to prioritise urgent matters and execute
them, if necessary, in a matter of hours. Some MLA requests received in 2017 (and very few
requests from 2015 and 2016) were still pending at the time of the onsite visit. In some
instances delay was caused by difficulties experienced by the Maltese authorities in collecting
the requested information from FIs in cases were a lot of financial data was required by the
requesting state. Occasionally, these requests (when completed) were followed by additional
requests for supplementary information which then did not yet lead to the eventual execution of
the original request. The table below gives an overview of incoming MLA requests (excluding
extradition) for ML and related predicate offences (note that no incoming requests for FT were
received) during the period 2013-2018.
Table 41: Incoming MLA-requests (excluding extradition) for ML and related predicate
offences
123
Average time of
Total number of Number of incoming Number of executed
execution (days) for
Year incoming requests requests related to requests related to
requests related to
for all offences ML ML
ML83
2013 98 17 16 66
2014 90 19 19 56
2015 121 20 17 65
2016 139 22 21 45
2017 138 16 11 42
201884 21 5 5 32
495. The Maltese authorities presented a number of cases where the assistance provided to the
requesting countries was considered instrumental in securing a conviction or a confiscation
order in a foreign jurisdiction. Some examples are referred below:
Box 2.1: Investment fraud and money laundering
In 2013 the Malta Police received a request from the authorities of a foreign country concerning an
alleged investment fraud (Ponzi type) involving a number of Maltese registered companies set up with
the assistance of a Maltese CSP. Following the request the Malta Police initiated its investigations and
collected relevant information from local credit institutions, company registry and tax authorities which
indicated a number of connections between the suspects involved. Upon the request, a coordination
meeting with the foreign authorities was held at Eurojust, aimed at providing a wider explanation and
understanding of the investigation in progress, and how the investigation linked other States. The data
collated by the Maltese authorities also from the other involved jurisdictions were shared with the
authorities of the requesting country so that they could be in a better position to submit a supplementary
request in a specific manner. During the coordination meeting it had been also agreed that additional
actions will be taking place simultaneously in each State. Indeed, in a supplementary request the
authorities of the requesting country referred European Arrest Warrants against all suspects and to every
State. The Malta Police subsequently raided simultaneously the places frequented by the subjects, and
then proceeded with the respective searches and arrests. Following the raid, searches and arrest, the
Court of Magistrates of Malta accorded a Magisterial Inquiry wherein several experts (including
Information & Technology, medical, arts and vehicle experts and scene of crime officers) were appointed
to assist. As per request, the suspects found in Malta were arrested, detained and questioned. A Maltese
company service provider and other individuals who provided services/assistance to the suspects were
also questioned. Following this, two suspects were arraigned in Court on the bases of the European Arrest
Warrant whereby both accepted to be extradited and face the investigation and possible charges against
them. During the investigation carried out by the Malta Police, other assets (not originally referred to by
the requesting authorities) were identified and subsequently an additional order from the Criminal Court
was issued and the assets were frozen. Moreover, certain assets which were not deemed connected were
released after consultation with the requesting authorities through the AGO. In the course of the same
year the Court of Magistrates of Malta continued the execution of the letters of request; several witnesses
testified and all immovable and moveable assets were frozen, secured and preserved. In due course,
another coordination meeting was held at Eurojust whereby a briefing was provided on the actions taken
and the way forward by the requesting authorities. Upon request, all valuable moveable assets which
were seized and frozen were transferred to the requesting country through the AGO.
496. Mutual legal assistance in relation to seizure and freezing of assets provided by the
Maltese Authorities is referred below.
Box 2.2: Fraud, misappropriation and ML
83 Numbers for 2018 only refer to requests received until 31 March 2018.
The case concerned about 130 victims of fraud which concluded a foreign exchange trading service
agreement (‘FOREX’) with a number of companies. These contracts were concluded in a foreign country
via internet. The victims transferred the money they intended to invest to the concerned companies, one
of which had bank accounts with a Maltese bank. In 2016 the concerned companies traded on an
unprecedented scale within a few minutes, whereby most of their clients lost a substantial amount of
their investment, including parts of the capital which the concerned companies had offered capital
protection over. In accordance with the signed contracts with the relative victims the capital protection
settings obliged the concerned companies to stop trading at a loss of 50% of the capital invested.
However, rule in the contract was not observed. The aggrieved parties incurred damages round about
EUR 630,274. Malta received an MLA request from the foreign country requesting assistance to seize the
remaining funds of the concerned companies which were held with Maltese banks. Upon receipt of this
request the AGO filed an application before the Criminal Court asking for the issue of an attachment order
against the concerned companies in view of the aforementioned facts. The Criminal Court within hours
acceded to such a request and an Attachment Order was issued, which was forthwith notified to the
relative bank licensed in Malta. The said bank informed the AGO that substantial amounts in the names of
the concerned companies have been seized. The relative information was passed on to the foreign
authorities, who from their end have continued with their investigations.
Box 2.3:Fraud
The accused, who was a lawyer by profession, was suspected of having, as sole owner of a law office in a
foreign country, instigated several accused persons employed with him as lawyers to deceive capital
investors about the chances of success for the assertion of compensation claims in so-called conciliatory
proceedings during the period of June 2011 and February 2015. The remuneration charged for the
execution of the conciliatory proceedings was respectively lower than that provided for by the legal
provisions for lawyer’s fees in the country. Confiding in the recommendations made by the other accused
persons (at the instigation of the accused), several thousand aggrieved investors respectively mandated
the law office to initiate and execute conciliatory proceedings, although, in reality, there were no
prospects that the opposing party would even participate in such proceedings. In fact such conciliatory
proceedings failed, as expected, given that the opposing parties never participated in such proceedings.
Notwithstanding the above the accused still charged the aggrieved persons fees for legal services in
connection with these conciliatory proceedings. In such fashion the accused obtained a total of EUR
2,506,133.49. It was believed that the accused transferred such funds to a Maltese Bank. Hence, the
foreign judicial authorities issued an EIO requesting the seizure of EUR 2,988,175.12 held in the name of
the suspect with a Maltese bank. Upon the receipt of such an order the AGO filed an application before the
Criminal Court requesting the said Court to issue an attachment order against the accused. Such an order
was immediately issued and served on the bank concerned. The bank managed to freeze the funds
available in the said account (even if less from what was originally thought that such account held i.e. EUR
2,988,175.12). The foreign authorities were immediately informed about the results.
Box 2.4: Tax Evasion, fraud and money laundering
Investigations conducted by investigators in a foreign country revealed that a suspect for tax evasion,
fraud and ML had a bank account with a Maltese Bank. The suspect did not disclose and declare with the
foreign authorities all foreign-held assets for tax purposes. However, the foreign authorities became
aware of the Maltese bank account following a search which was conducted at the suspect’s residence
wherein they found a visa credit card issued by the Maltese Bank. In view of their findings the foreign
authorities issued a freezing order in terms of EU framework decision 2003/577/JHA. Upon receipt of the
125
said freezing order the AGO certified in terms of Maltese law that the said certificate was issued by a
competent judicial authority in the foreign country and the said freezing order was served on the local
bank. That bank froze the assets in the said bank account, and the AGO informed the foreign authorities
accordingly. In order to retain the freezing order in force the AGO files every six months an application
with the Criminal Court to request an extension. To date all such applications were granted.
497. The authorities stated that the possibility for concerned persons to appeal domestically
against the decisions to implement incoming MLA requests would in practice not hamper
effective international cooperation. In cases where the person concerned needs to be formally
notified (e.g. in the case of attachment or freezing orders), the AGO liaises with the foreign
authorities to find the most suitable date for issuing such an order, to avoid that the formal
notification would jeopardise the foreign investigations.
Extradition
498. Malta is able to execute extradition requests, including those related to ML and FT, along
the deadlines provided by the Extradition Act. This Act stipulates that once a person is arrested
in pursuance of a warrant for extradition purposes, such person shall be brought before the
Court of Magistrates (as a Court of Committal) as soon as practicable and in any case not later
than forty-eight hours from his arrest. The AGO is the Maltese Central Designated Authority for
the receipt and execution of the extradition requests, even for those received through
diplomatic channels. The extradition proceedings before the Court of Committal is to be
completed within two months from the arraignment date (with the possibility to extend the
deadline to further periods of two months). The table below gives an overview of incoming
extradition requests for ML and related predicate offences (note that no incoming requests for
FT were received) during the period 2013-2018. In practice, the two-month deadline for
executing the requests was generally met. However, one request for extradition received in
2016 took considerably longer (660 days) which was explained by the authorities with a
number of procedural issues (including an appellate stage before the Court of Appeal) and vast
amounts of documentation.
Table 42: Incoming extradition requests for ML and related predicate offences
Total number of Number of Number of Average time of
Year incoming requests incoming requests executed requests execution (days) for
for all offences related to ML related to ML requests related to ML
2013 11 2 2 26
2014 12 2 2 17
2015 33 7 7 30
2016 11 1 1 660
2017 18 0 0 N/A
201885 5 0 0 N/A
499. Persons arrested on the basis of a European Arrest Warrant (EAW) are to be brought as
soon as possible before the Court of Magistrates (as a Court of Committal), and in any case not
later than forty-eight hours from the arrest. In such cases, the decision to surrender shall be
taken by the Court within one month starting on the day when the person in respect of whom
the warrant was issued was arrested. If an appeal is filed, the related decision shall be taken not
later than one month starting on the day when the appeal is filed (either by the AG or by the
person in respect of whom the warrant was issued).
500. Moreover, in the event that the Police (through Interpol channels) trace a person against
whom there is a red alert in Malta, the foreign police are immediately notified with such
information. The Maltese authorities will immediately request the full documentation in
relation to the said extradition request. Once the request is received, the AGO verifies the
documentation and assesses whether it is in conformity with the Extradition Act. If this is the
case, the AGO requests the Minister of Justice to issue the “Authority to Proceed” (Art. 13 of the
Extradition Act). The Minister may issue such an order to proceed, unless it appears that an
order for the return of the person concerned could not lawfully be made in accordance with the
provisions of the Extradition Act. Throughout all the extradition proceedings, the AGO is
generally present and maintains contacts with the requesting authority so as to keep it abreast
with developments and request any additional information or clarifications which may become
necessary throughout the proceedings.
501. Malta is able to extradite its own nationals and does not oppose their extradition. In fact,
the legislation dealing with extradition does not make a distinction between Maltese nationals
and non-Maltese nationals when dealing with extradition requests. Malta has also implemented
simplified extradition proceedings with regard to EU member states under the EAW Regime
(Extradition (Designated Foreign Countries) Order). Given that they are based on the principle
of mutual recognition, the Court of Committal does not have to determine whether the
requested person has a prima facie case to answer. Moreover, all extradition proceedings can be
further simplified if the requested person consents to his extradition.
502. Malta has only refused extradition requests during the period under consideration due to
a lack of procedural prerequisites (but not on the merits of the case). For example, in one case
the request did not come from a competent designated foreign judicial authority. In another
case, the offence which formed the basis for the extradition request had already been time-
barred. The requirement of double-criminality does only exist for coercive measures, but has in
practice not posed any obstacles to incoming extradition requests.
Seeking timely legal assistance to pursue domestic ML, associated predicate and FT cases with
transnational elements
503. Outgoing requests are also handled by the AGO. Requests may be initiated by the Police,
during a magisterial inquiry or during prosecution/trial. The vast majority are initiated by the
Police in the course of an investigation.
504. Despite of the frequency and relevance of connections to other jurisdictions of many cases
under analysis, Maltese authorities do not regularly seek MLA in relation to ML, associated
predicate offences and FT cases. This is also due to the fact that, in addition to the international
cooperation through MLA, for which the AGO serves as the central authority, channels of
cooperation through direct communication are used by the Police and the FIAU with respective
foreign partners. In fact, direct cooperation is often used by the Police and the FIAU and
information-sharing is often conducted in parallel via law enforcement and FIU-to-FIU
platforms. As these forms of international cooperation do not translate into formal requests of
assistance, the number of MLA sent by the AGO are limited (especially when compared with the
amount of foreign requests for MLA received in recent years). In 2017, only 15 MLA requests
were sent by the AGO, of which 1 related to ML and 7 to fraud (the total outgoing MLA requests
were 17 in 2015 and 20 in 2016). In total, Malta made only 10 outgoing MLA requests with
regard to ML in the past six years. The table below gives an overview of outgoing MLA requests
for ML and related predicate offences (note that no outgoing requests for FT were made) during
the period 2013-2018.
Table 43: Outgoing MLA-requests (excluding extradition) for ML and related predicate
offences
Year Total number of Number of outgoing Number of Average time of
127
outgoing requests requests related to executed requests execution (days) for
for all offences ML related to ML requests related to
ML86
2013 9 1 1 30
2014 26 4 4 140
2015 17 0 0 N/A
2016 20 1 0 N/A
2017 15 1 1 180
201887 5 3 1 90
505. According to the explanations provided by the Maltese authorities, the limited number of
outgoing MLA requests (especially those dealing with ML) would reflect the fact that most ML
cases are of a domestic nature and hence there would be no need to seek MLA from foreign
authorities. For those cases with an international component, the investigators would also in
practice rather engage in informal police-to-police cooperation, which would then not be duly
reflected in the numbers. Even considering these explanations, the limited number of outgoing
requests does not appear commensurate with the risks faced by Malta as a centre which serves
as a crossroad of financial flows affecting different jurisdictions. It also stands somewhat at odds
with explanations given by the authorities (made in the context of IO.7) that the low number of
ML prosecutions and convictions in Malta would be a consequence of many ML-related cases
having international components. Moreover, the assessment team notes that – in light of the
statistics - informal cooperation does not appear to later translate into formal cooperation.
506. The establishment of the ARB has facilitated outgoing MLA. Previously, Malta was unable
to trace assets located in third states, a gap which the ARB has now filled since it took up its
functions on 20 August 2018. The authorities stated that, in at least one case, foreign assets
traced by the ARB had already resulted in an outgoing MLA request since the ARB became
operational.
Extradition
507. As regards outgoing requests for extradition, Malta makes approximately 10 requests per
year. The table below gives an overview of outgoing extradition requests for ML and related
predicate offences (note that no outgoing requests for FT were made) during the period 2013-
2018. Given the fact that extradition can be only requested when the person is wanted for
prosecution (not for investigation) the number of extradition requests naturally reflects the low
number of convictions (see IO.7).
Table 44: Outgoing extradition requests for ML and related predicate offences
Total number of Number of outgoing Number of executed Average time of
Year outgoing requests requests related to requests related to execution (days) for
for all offences ML ML requests related to ML
2013 9 1 1 547
2014 15 0 0 N/A
2015 18 3 3 273
2016 9 0 0 N/A
2017 14 0 0 N/A
2018 1 0 0 N/A
Seeking and providing other forms of international cooperation for AML/CFT purposes
FIAU
86 Note that the average time in this table, as well as in the three following tables, only relates to the
actually executed requests, and does not take into account the pending ones.
508. The FIAU has a broad legal basis for international cooperation and proactively and
constructively interacts with its foreign counterparts by exchanging information on ML,
associated predicate offences and FT. Information is exchanged by the FIAU either on receipt of
a request for information from a foreign FIU, or spontaneously whenever the FIAU believes that
the information in its possession can be of interest to one or more of its foreign counterparts.
509. The FIAU, as a member of the Egmont Group of FIUs, exchanges information with other
members via the Egmont Secure Web, while also making use of the FIU.Net system to exchange
information with FIUs from EU jurisdictions. Under Maltese law, the FIAU is authorised to
exchange information with foreign counterparts without the necessity of having MoUs or formal
agreements in place. In circumstances where the signature of an MoU is a pre-requisite for the
exchange of information in other jurisdictions, the FIAU pursues the conclusion of such MoUs
with their respective counterparts.88
Table 45: FIU-to-FIU International Cooperation (through FIU.Net and ESW)
(2013
–
Year 2013 2014 2015 2016 2017 2018
26 July
2018
FIAU Incoming requests
Foreign requests received by
34 51 62 66 100 86 399
the FIAU via FIUNet
Foreign requests received by
62 49 63 66 85 46 371
the FIAU via ESW
TOTAL (foreign requests
96 100 125 132 185 132 770
received)
Outgoing requests
Requests sent by the FIAU via
21 47 43 27 40 69 247
FIUNet
Requests sent by the FIAU via
131 149 136 86 230 199 931
ESW
TOTAL(outgoing requests) 152 196 179 113 270 268 1178
Spontaneous disseminations
Spontaneous dissemination of
information by the FIAU via - 5 16 24 79 143 267
FIUNet
Spontaneous dissemination of
information by the FIAU via 9 47 61 115 198 157 587
ESW
TOTAL(spontaneous
9 52 77 139 277 300 854
disseminations)
510. During the period 2013-2018, the number of requests made by the FIAU was steadily
growing, reflecting the increasing international relevance of cases subject to analysis by the
FIAU, and overall comprised around 1200 requests. The majority of these requests made by the
FIAU are addressed to FIUs of other European countries. In 2017, the FIAU’s top counterparts
were the United Kingdom, Italy, Germany, Switzerland and the United Arab Emirates (by order
of the highest number of outgoing requests). The countries from which the FIAU mainly seeks
information are consistent with Malta’s overall geographical risk exposure.
88The FIAU has signed a total of 16 MoUs with the FIUs of the following countries: Belgium, Canada,
Cyprus, Georgia, the Holy See, Israel, Japan, Latvia, Monaco, Panama, Romania, San Marino, Slovenia,
South Africa, the Republic of North Macedonia and Tunisia. At the time of the on-site visit, negotiations of
three further MoUs with foreign counterparts were ongoing.
129
511. The FIAU expressed its general satisfaction with the cooperation with its major
counterparts. According to statistics provided it appeared that there were no requests of the
FIAU to foreign counterparts rejected. It was just in a negligible number of cases that the
request was not responded by foreign FIUs. The average time for receiving the response varied
from 20 to 47 days, depending on the counterpart. The majority of the replies received were
considered by the FIAU to be of good quality and to further support the analysis of the case. The
FIAU noted that it sometimes encounters difficulties in obtaining banking and account
information, especially on beneficial ownership from some counterparts due to some
constraints in their legislation.
512. For the period from 2013 to 2018 the number of spontaneous sharing of information
made by the FIAU to foreign counterparts was increasing dynamically and overall comprised
around 850 disseminations. The vast majority of spontaneous disseminations concern non-
residents. The authorities explained the high number of STRs on non-residents with Malta’s role
as a financial and gambling centre which provides financial and gambling service platforms
internationally. The consent for the foreign FIU to use the information to pursue the
investigation is given by the FIAU together with the spontaneous dissemination. The large
percentage of spontaneous disseminations was sent to foreign FIUs more than 30 days after the
information was received (only in around 30% was intelligence received by the FIAU
disseminated to other FIUs within 30 days of the receipt).
513. The FIAU provides an extensive international cooperation to its foreign counterparts also
based on the received requests. The number of the received requests and the geographical
representation of the foreign counterparts is growing on an annual basis (i.e. in 2018 the FIAU
received requests from some 46 countries). Around 84% of the requests received originated
from European countries. The main originators of requests were Italy, Germany, France, the
United Kingdom and Belgium. The vast majority of requests for information received concern
information from the FIAU’s own database (which includes STR data), bank account data, basic
and BO information of Maltese legal persons and arrangements.
514. In parallel with the increase in the number of requests for information received by the
FIAU, the time the FIAU took to reply to these requests also improved. Most of the requests are
replied to within 1 week to 1 month from date of receipt. As a general rule, the FIAU strives to
provide a first reply to foreign requests for information within 30 days from receipt of the
request, unless the request specifies a lesser timeframe (in which case the information is
provided within that indicated timeframe).
515. According to the feedback provided by Malta’s foreign counterparts, the assistance
provided by the FIAU was considered effective in terms of timeliness and quality by most of its
counterparts. In addition, the FIAU carried out a self-assessment in 2017 to gauge the quality,
usefulness and completeness of assistance it provides to its counterparts, in the course of which
it requested the FIUs of those jurisdictions with which it mostly cooperated to provide feedback
to a questionnaire. 22 FIUs were requested to provide feedback to which 15 FIUs provided a
reply. In general feedback received by most of them was positive, in terms of the quality (the
information provided is useful, complete, clear and fulfilling the request) and timeliness of the
assistance provided. Although this was a one-off exercise, the FIAU is considering the
introduction of a procedure whereby feedback on quality, usefulness and completeness of
information it provides will be requested from counterpart FIUs along with every exchange of
information. The assessment team considers it to be a good approach to further control the
timeliness and quality control of the provided cooperation
516. According to information provided by the FIAU, occasionally they communicate directly
with relevant foreign law enforcement agencies, when they deem it necessary, in order to
ensure a timely manner of sharing information with relevant counterparts (see the case below).
During the on-site visit the representatives of the FIAU pointed out that in these cases the same
information is shared also with the FIU of the concerned foreign country. However, the
assessment team has concerns that the use of direct channels of communication between the
FIAU and the foreign law enforcement authorities may lead to bypassing the use of the normal
channels of communication among FIUs and the same function to which the FIU-to-FIU
cooperation should be devoted.
Box 2.5: The FIAU assisted foreign LEA in a case which led to the attachment of USD 797,000.
In October 2018 the FIAU received intelligence from a foreign LEA in relation to a foreign registered asset
management company and its UBO who is a national of country A and a resident of country B. The
intelligence explained that the foreign registered asset management company held funds with a domestic
investment services firm which were the proceeds of transactions which violated securities laws of a
country B.
The FIAU was also informed of two pending transactions, totalling USD 797,000, one in favour of an
account held in country C and the other in favour of an account in country B. The FIAU was also informed
that the UBO of the asset management company was incarcerated and the transfer instructions were
received from a person who worked in the Operations department of the asset management company.
The FIAU suspended both transactions after close communication with the foreign LEA so as to ensure
that sufficient timing is allowed for the foreign LEA to submit a formal request to the Malta Police in order
to have the funds held in Malta attached.
Following the suspension of the transactions by the FIAU, a report was submitted to the Malta Police who
proceeded with securing an attachment order on the funds in question.
517. During the period 2013-2018, the number of spontaneous disclosures received from
foreign counterparts was steadily growing, comprising around 483 disseminations. Overall
analysis of this information triggered 9 reports submitted by the FIAU to the Police for the
period 2014-2018. While no statistics was provided, the Maltese authorities advised that
foreign counterparts’ disclosures also supported analysis of some cases initiated by the FIAU
that subsequently were disseminated to the Police.
Police
518. The Police are active in cooperating and exchanging information with foreign
counterparts for intelligence and investigative purposes related to ML, associated predicate
offences or FT. This is done through either direct bilateral contacts, or the use of international
communication networks such as Interpol, Europol and SIENA. The general powers provided by
Maltese law (Art. 92 CC and S.L. 164.02) authorise the Police to cooperate with foreign
counterparts and provide requested information for the purposes of identifying and tracing the
proceeds and instrumentalities of crime. The table below shows the number of requests
received through Interpol and Europol (by type of request).
Table 46: Requests received through INTERPOL channels

INTERPOL - Type of Request(s)
Year Banking Company Property & Criminal
Others
documents information Assets Records
131
information involvements information information
including including UBO including UBOs
UBO
2013 4 25 1 34 141
2014 7 41 3 33 176
2015 9 29 2 39 151
2016 21 39 4 49 128
2017 28 47 1 37 159
2018
(until the end 12 19 2 12 83
of March)
TOTAL 81 200 13 204 838
Table 47: Requests received through EUROPOL channels

EUROPOL (Siena) - Type of Request(s)
Others
Banking Company Property &
Internal
documents information Assets Criminal Governmental
Year Request
information involvements information Records Entities
(excluding
including including including information (excluding
Criminal
UBO UBO UBO MFSA)
Records)
2013 nav nav nav nav nav nav
2014 62 5 0 670 83 1747
2015 27 5 0 715 46 2230
2016 86 12 0 923 49 3465
2017 109 13 0 1068 27 3825
2018
(until the
30 5 0 348 2 1145
end of
March)
TOTAL 314 40 0 3724 207 12412
519. The Police are able to form JITs with foreign counterparts to conduct cooperative
investigations. In particular, the AG may authorise the setting-up of teams to carry out
investigations into criminal offences in one or more EU Member States within the ambit of the
“Convention on Mutual Assistance in Criminal Matters between the Member States of the
European Union”. This possibility is complemented by the Police Act which allows the
Commissioner of Police to authorise the competent authorities of another EU Member State to
conduct in Malta - jointly with or under the supervision or direction of the Police - patrols and
other operations by officers or other officials of that State.
Supervisory authorities
520. As an AML/CFT supervisor, the FIAU is also empowered to cooperate and exchange
information with foreign regulatory and supervisory authorities. Although no statistics were
provided, it became evident for the assessment team form the discussions with authorities and
provided examples that the FIAU Compliance Section has in the past sporadically exchanged
information and sought the cooperation of foreign counterpart supervisors. There were also
some instances when the FIAU, upon MFSA request (in the context of local authorisation and fit
and properness checks prior to licensing entities in Malta) exchanged information with foreign
jurisdictions, when a link was identified.
521. The FIAU Compliance Section is also a member of and participates in the Anti-Money
Laundering Committee (AMLC) of the European Supervisory Authority. It has also recently
signed an agreement with the ECB to regulate the practical modalities for exchange of
information in so far as the AML/CFT supervision of credit and FIs are concerned, which is in
line with the requirements of the Amendments to the Fourth Anti-Money Laundering Directive
(i.e. the 5th AMLD).
522. Other Maltese authorities involved in the AML/CFT system also seek and provide
assistance at international level. In particular, the MFSA collaborates with foreign bodies,
government departments, international organisations, the European Securities and Markets
Authority, the EBA, the European Insurance and Occupational Pensions Authority, the European
Systemic Risk Board, the ECB, the Single Resolution Board and other entities which exercise
regulatory, supervisory or licensing powers under any law in Malta or abroad (or which are
otherwise engaged in overseeing or monitoring areas or activities in the financial services
sector and the registration of commercial partnerships). While such cooperation potentially also
includes ML, associated predicate offences and FT, in practice this has not yet occurred, except
for instances when communication was conducted via the FIAU as a supervisory body
responsible for AML/CFT matters.
523. The MGA is empowered to share supervisory information with foreign counterparts. To
that effect, the MGA has a number of MoUs in place with counterpart regulators in the EU and
beyond, which provide for the sharing of information. With regard to ML/FT investigations in
third states, a request to the MGA for assistance goes through the FIAU and the Police.
Office of the Commissioner for Revenue
524. The Office of the Commissioner for Revenue is an administrative type of body focused
primarily on the tax revenue activities. It cooperates with its counterparts on income tax and
VAT matters on the basis of the double taxation agreements, and parties to the Convention on
Mutual Administrative Assistance in Tax Matters. Cooperation on tax evasion and related
ML/FT matters is conducted through respective LEA channels.
Customs Department
525. The Customs Department cooperates with its foreign counterparts via various
international platforms, such as the EU Commission’s Cash Control Experts Group, the
Programmes Information and Collaboration Space (PICS), the Common Customs Risk
Management System (CRMS), the Anti-Fraud Information System (AFIS), and the World
Customs Organisation’s (WCO) Regional Intelligence Liaison Offices (RILO) for Western Europe.
However, the exchange of information with foreign counterparts on AML/CFT matters is mainly
conducted through the FIAU and LEA channels.
International exchange of basic and beneficial ownership information of legal persons and
arrangements
526. Malta frequently exchanges basic and BO information with its counterparts using various
sources of data-collection and channels of communication. While the basic information on
companies, foundations and associations registered in Malta is available online and publicly
accessible (including for the foreign competent authorities), BO information is made available
through the international enquiry. In order to obtain and exchange adequate and current basic
and BO information with their respective counterparts the Maltese authorities use a
combination of sources of information to collect the data. The primary source of such data are
the Registry of Companies and the subject persons mainly corporate service providers, or
lawyers, accountants and banks, due to their role in the company formation, and provision of
further services (see also IO.5). BO information has recently started being held in the Registry
for Companies. For the companies incorporated after 1 January 2018, such information is
already collected and stored in the registry. Since the registry is still not fully populated, no
conclusion can be drawn with regard to the effectiveness of its use.
133
527. When an MLA request for the identification of basic and BO information of legal persons
and arrangements is received, the AGO forwards such request to the Police for execution, which
in turn requests such information from the Registrar of Companies or from the subject persons
in Malta. In certain instances the FIAU channels are used to identify and verify data before being
provided to foreign counterparts.
528. The FIAU is the main source of basic and BO information of the Maltese legal entities and
arrangements for foreign counterparts. As mentioned above, these requests comprise the vast
majority of incoming enquiries. Requested information would include data on the directors,
partners, shareholders, secretary, auditor, legal and judicial representatives of the company, as
well as access to other statutory documents of the companies, and information on BO. The FIAU
did so far not have any requests concerning a Maltese-registered company where it was unable
to identify and supply BO information. The feedback provided by the AML/CFT global network
is generally positive in terms of the quality and timeliness of provided assistance, and does not
suggest any particular concerns in this respect either.
Conclusions
529. Malta has achieved a substantial level of effectiveness for IO.2.
TECHNICAL COMPLIANCE ANNEX
1. This annex provides detailed analysis of the level of compliance with the Financial Action Task
Force (FATF) 40 Recommendations in their numerological order. It does not include descriptive text
on the country situation or risks, and is limited to the analysis of technical criteria for each
Recommendation. It should be read in conjunction with the Mutual Evaluation Report (MER).
Recommendation 1 - Assessing Risks and applying a Risk-Based Approach
2. The requirements on assessment of risk and application of the risk-based approach (RBA)
were added to the FATF Recommendations with the last revision and so were not assessed in the
previous mutual evaluation of Malta.
3. Criterion 1.1 – Malta performed the first National Risk Assessment (NRA) of the money
laundering and terrorism financing (ML/FT) risks in 2013-2014. The World Bank NRA methodology
was used to conduct the assessment, which involved the participation of various competent
authorities, policy making bodies, as well as private sector representatives.
4. Malta completed its first NRA in 2015. The results of the NRA were not published, but draft
reports were prepared, including analysis of the ML/FT risks and vulnerabilities and an action plan.
5. The NRA was updated and reviewed in 2017, involving commissioned third-party consultants.
The same competent authorities, policy making bodies and private sector participants were
consulted. This resulted in the production of a final, consolidated NRA report, dated 2018, as well as
in, a national anti-money laundering and counter-terrorist financing (AML/CFT) strategy based on
the findings, and a detailed action plan (designed to implement the strategy over a three year
period).
6. The national AML/CFT strategy has been published on the website of the Ministry of Finance.
The NRA Report is used by competent authorities to inform their AML/CFT activities and policies.
7. In June 2017 the MGA also finalised a separate report analysing the risks of the gaming sector
(both land-based and remote gaming sectors), including ML/FT threats and vulnerabilities, following
an extensive information and data gathering exercise carried out in 2016, which involved operators,
representative bodies, competent authorities and credit institutions. The policies and procedures,
risk registers and audit reports of a sample of operators were reviewed. The MGA is at present
considering whether to publish the report or extracts therefrom.
8. Criterion 1.2 – A statutory body, the National Coordinating Committee on Combating Money
Laundering and Funding of Terrorism (NCC) was established by law on 13 April 2018. The NCC’s
functions are listed under Art. 12A Prevention of Money Laundering Act (PMLA) to include devising
national strategy and policies and co-ordinating action to combat ML, the FT and the financing of the
proliferation of weapons of mass destruction (PF) including the co-ordination of NRAs.
9. Criterion 1.3 – Under Art. 12A of PMLA that the NCC is empowered to co-ordinate any action to
be taken to develop, implement and review strategy and policies, including the coordination of NRAs.
10. Malta carried out its first ML/FT NRA in 2013/2014 and updated it in 2017/2018. (see c.1.1
above)
11. Criterion 1.4 – The National AML/CFT strategy was published in April 2018. The NCC, which
comprises all competent authorities that have a role in the prevention of ML/FT, has started to meet
135
to discuss the findings of the NRA and take the necessary actions to implement the AML/CFT
strategy through the devised action plan.
12. The full NRA is not publicly available, but the results of the NRA were published in a separate
document and were posted on the Ministry of Finance’s (MoF) website in August 2018. The results of
the NRA were communicated to the public and private sectors in a series of seminars in October
2018, organised by the NCC along with the Financial Intelligence Analysis Unit (FIAU), the Malta
Financial Services Authority (MFSA) and the Malta Gaming Authority (MGA).
13. Criterion 1.5 – The findings of the NRA are addressed through the implementation of the
National AML/CFT strategy and in particular through the detailed action plan that has been devised.
Further details of actions taken to date are considered under IO.1.
14. Criterion 1.6 – Reg. 3, 4 and 5 of the Prevention of Money Laundering and Funding of Terrorism
Regulations (PMLFTR) allows the FIAU to limit the applicability of AML/CFT obligations in specified
circumstances, provided that: there is little risk of ML or FT (Reg 3); the activity occurs on an
occasional or very limited basis and there is little risk of ML or FT (Reg 4); or the risk of ML and FT
inherent in a particular activity is clear and understood (Reg 5; applying to the obligation to conduct
a risk assessment). However, the FIAU has not yet exercised its powers in this regard. There is one
exemption from the definition of designated non-financial businesses and professions (DNFBP),
namely trustees acting in terms of Art. 43A of the Trusts and Trustees Act. Exemptions from the
AML/CFT regime (see c.28.4) are limited to circumstances of lower risk and - while not specifically
considered in the NRA - are not inconsistent with the authorities’ understanding of risk.
15. Criterion 1.7 – Under Reg. 11(1) PMLFTR, financial institutions (FIs) and DNFBPs are required
to apply enhanced due diligence (EDD) measures to manage and mitigate higher risks in specified
scenarios, including:
i. activities or services that are determined by the FIAU to pose a high risk of ML/FT;
ii. high risk occasional transactions or business relationships that are identified by the subject
person following the carrying out of risk assessment;
iii. dealings with natural or legal persons established in non-reputable jurisdictions as defined
under Reg. 2 PMLFTR;
iv. politically exposed persons (PEPs), correspondent relationships and when carrying out
transactions that are complex and unusually large transactions.
16. Currently, there are no examples of activities or services that are determined by the FIAU to
pose a high risk of ML/FT that have been communicated to FIs and DNFBPs.
17. Criterion 1.8 – Reg. 10(1) PMLFTR permits the application of simplified due diligence measures
in the following two instances: (i) in relation to activities or services that are determined by the FIAU
to represent a low risk of ML/FT, having taken in consideration the findings of the NRA; and (ii) in
situations in which - following the carrying out of the risk assessment - the subject persons
determine that a particular occasional transaction or business relationship poses a low risk of
ML/FT.
18. Criterion 1.9 – According to Art. 26 PMLA, the FIAU (which may be assisted by the MFSA, MGA
or other supervisory authorities) is responsible for supervising subject persons for compliance with
the AML/CFT obligations and provisions envisaged under the PMLA, the PMLFTR and the FIAU
Implementing Procedures, which include the implementation of the obligations described under
c.1.10-12.
19. Criterion 1.10 – Reg. 5(1) PMLFTR requires subject persons to take appropriate steps to
identify and assess the risks of ML and FT arising out of their activities or business, and in doing so
they must take into account a number of risk factors, including among others those relating to
customers, countries or geographical areas, products, services, transactions and delivery channels,
and shall also take into consideration any national or supranational risk assessments on ML/FT. The
results of the NRA were communicated to the public and private sectors in a series of seminars in
October 2018. However, no details of the NRA have been provided to FIs or DNFBPs.
(a) Document their risk assessments – Reg. 5(3) PMLFTR obliges subject persons to ensure that the
risk assessments are properly documented and that they are made available to the FIAU and other
supervisory authorities when requested.
(b) Consider all the relevant risk factors before determining what is the level of overall risk and the
appropriate level and type of mitigation to be applied – Reg. 5(1) PMLFTR broadly meets this
criterion.
(c) Keep assessments up to date – Reg. 5(4) requires subject persons to ensure that risk assessments
are regularly reviewed and kept up-to-date.
(d) Have appropriate mechanisms to provide risk assessment information to competent authorities and
SRBs – Reg. 5(3) PMLFTR obliges subject persons to ensure that risk assessments are properly
documented and that they are made available to the FIAU or other supervisory authorities when
requested.
20. Criterion 1.11 – FIs and DNFBPs are required to:
(a) Have policies, controls and procedures – Reg. 5(5)(a) PMLFTR requires subject persons to have in
place and implement measures, policies, controls and procedures, proportionate to the nature and
size of their business, to address the risks identified as a result of the risk assessments that they are
required to carry out in terms of Reg. 5(1).
Reg. 5(6) PMLFTR explicitly requires that, to the extent applicable, such measures, policies, controls
and procedures and changes thereto are adopted and implemented following senior management
approval. The Maltese authorities stated that “to the extent applicable” only excludes sole-
practitioners, which will be made clear in forthcoming guidance.
(b) Monitor implementation of controls – Reg. 5(5)(f) PMLFTR requires subject persons to monitor
and, where appropriate, enhance the measures, policies, controls and procedures adopted to better
achieve their intended purpose.
(c) Take enhanced measures – Reg. 11(1)(b) PMLFTR requires subject persons to apply EDD
measures where, on the basis of the risk assessment carried out in accordance with Reg. 5(1), the
subject person determines that an occasional transaction, a business relationship or any transaction
represents a high risk of ML/FT.
21. Criterion 1.12 – Reg. 10(3) PMLFTR moreover prohibits the application of simplified due
diligence measures when the subject person (i.e. FIs and DNFBPs) has knowledge or suspicion of
proceeds of criminal activity, ML/FT.
Weighting and Conclusion
137
22. Malta meets criteria 1.1-1.5; 1.7-1.12 and mostly meets criterion 1.6. R. 1 is rated Largely
Compliant (LC).
Recommendation 2 - National Cooperation and Coordination
23. In 2012 MER, Malta was rated C with former R.31. In 2018, R.2 was amended to include
information sharing between competent authorities, and to emphasise that cooperation and
cooperation should include coordination with the relevant authorities to ensure the compatibility of
AML/CFT requirements with Data Protection and Privacy rules and other similar provisions (e.g.
data security/localisation).
24. Criterion 2.1 – Malta carried out its first NRA in 2013. The NRA was updated in 2017-2018. A
NRA Report (including an action plan) was prepared. In 2018 a national AML/CFT strategy and a
detailed action plan to implement such strategy over a period of three years was devised. Thus,
Malta has national policies that are informed by the risks identified.
25. Criterion 2.2 – Malta has designated the NCC to be the authority responsible for national
AML/CFT policies. The NCC was established on 13 April 2018. The responsibilities and functions of
this Committee are set in law and include: “draw up a national strategy and policies to combat
ML/FT and PF and co-ordinate any action to be taken to develop, implement and review the national
strategy and policies, including the co-ordination of national risk assessments and the actions to be
taken to address any threats, vulnerabilities and risks identified.” The NCC is in the process of
recruiting the necessary staff to constitute its Secretariat.
26. Criterion 2.3 – The NCC is intended to serve as a national platform for all relevant competent
authorities to cooperate and co-ordinate their policies and actions.
27. An assistant commissioner of police acts as police liaison officer to the FIAU, attending
meetings of the FIAU Financial Analysis Committee (FAC), which discusses the analytical cases being
pursued by the FIAU and determines which cases should be submitted to the Malta Police for further
investigations.
28. Supervisors (FIAU, MFSA and MGA) have memoranda of understanding (MoUs) to regulate
their cooperation. In 2017, cooperation between the MFSA and the FIAU was improved with the
adoption of a joint supervisory mechanism which covers the various aspects of supervision, starting
with risk assessment and including a detailed methodology for the conduct of supervisory actions. A
similar approach is in the process of being adopted with the MGA.
29. The Sanctions Monitoring Board (SMB) co-ordinates all measures necessary to implement
international financial sanctions to counter FT and PF. A number of relevant authorities, such as the
Malta Police, the MFSA, the AG, Customs, the Central Bank of Malta (CBM), and the FIAU are
represented on the SMB.
30. Criterion 2.4 – The functions and responsibilities of the NCC and the SMB (described above)
also include PF.
31. Criterion 2.5 – There is cooperation and coordination between relevant authorities and the
Information and Data Protection Commission (IDPC), the supervisory authority competent for data
protection and privacy matters. This is both formal (for instance, consultation between authorities
when introducing requirements that impact both AML/CFT and data protection) and informal (for
instance, meetings between agencies to discuss general or specific matters of interpretation). As a
result, data sharing requirements in the AML/CFT regime have been reviewed and updated to
ensure compatibility.
32. All criteria are met. R. 2 is rated Compliant (C).
Recommendation 3 - Money laundering offence
33. Malta was rated C in the 4th round mutual evaluation report of 2012 with both R.1 and R.2.
34. Criterion 3.1 – Maltese law criminalises ML on the basis of the Vienna and the Palermo
conventions under Art. 3 of the Prevention of Money Laundering Act (Chapter 373 of the Laws of
Malta – “PMLA”). ML is sufficiently defined on the basis of these two conventions in Art. 2 (1) PMLA.
ML subsisting from drug-related offences is criminalised under Art. 22(1C)(a) of the Dangerous
Drugs Ordinance (Chapter 101 of the Laws of Malta – DDO) and Art. 120A(1D)(a) of the Medical and
Kindred Professions Ordinance (Chapter 31 of the Laws of Malta – MKPO).
35. Criterion 3.2 – Maltese law provides for an “all crimes” approach. Any criminal offence is thus a
predicate offence (Art. 2(1) PMLA).
36. Criterion 3.3 – This criterion is not applicable as Malta does not apply a threshold approach.
37. Criterion 3.4 – The definition of “property” under Art. 2(1) PMLA is broad enough to cover any
type of property, regardless of its value, that directly or indirectly represents the proceeds of crime.
The provision defines “property” as assets of every kind, nature and description, whether
moveable/immovable, corporeal/incorporeal or tangible/intangible, legal document or instruments
evidencing title to, or interest in such assets.
38. Criterion 3.5 – Art. 2(2)(a) PMLA specifically provides that a person may be convicted of a ML
offence even if said person has not been found guilty by a court of law of having committed the
underlying criminal activity. The existence of such criminal liability may be established on the basis
of circumstantial or other evidence without it being incumbent on the prosecution to prove a
conviction in respect of the underlying criminal activity and without it being necessary to establish
precisely which underlying activity. This also applies to the ML offences laid down in other laws than
the PMLA, such as the DDO and the MKPO.
39. Criterion 3.6 – The definition of criminal activity under Art. 2(1) PMLA refers to “any activity …
wherever carried out” which constitutes a criminal offence. As the law does not provide for any other
qualifications, the definition extents to conduct that occurred in another country which was
demonstrated by case examples.
40. Criterion 3.7 – Pursuant to Art. 2(2)(b) PMLA a person can be (separately) charged and
convicted for both the ML offence and the predicated offence from which the property or proceeds
are derived.
41. Criterion 3.8 – The Maltese criminal legal system appears to allow for the possibility for the
intent and knowledge required to prove the ML offence to be inferred from objective factual
circumstances. Although this is not expressly provided in law, jurisprudence has been established to
this effect which was demonstrated by general case-examples under the CC.
42. Criterion 3.9 – Malta provides for proportionate and dissuasive criminal sanctions to natural
persons convicted of ML. According to Art. 3, paragraph 1 PMLA, sanctions for ML are a fine not
exceeding EUR 2,500,000 and/or imprisonment not exceeding 18 years. These sanctions are
139
comparable in severity to the sanctions Malta imposes for related economic and financial crimes, as
well as to sanctions for ML applied by other countries in the global AML/CFT network.
43. Criterion 3.10 – Recognising the concept of criminal liability of legal persons, Malta provides
for the possibility of sanctioning legal persons with a fine of up to EUR 2,500,000 under Art. 3,
paragraph 1 PMLA. This does not preclude the criminal liability of natural persons (Art. 3, paragraph
2 of the PMLA). Art. 328K of the CC, which applies to the ML offences under the PMLA and the DDO,
also provides for the possibility of the court ordering the suspension or cancellation of any licence,
permit or other authority to engage in any trade, business or other commercial activity; and the
temporary or permanent closure of any establishment which may have been used for the
commission of the offence. These sanctions are sufficiently proportionate and dissuasive.
44. Criterion 3.11 – There is a sufficient range of ancillary offences under Maltese law pursuant to
Art. 2(1) PMLA (in conjunction with relevant provisions of the CC, to which the PMLA makes
reference). These include attempt (Art. 41 CC); instigation, incitement, aiding/assisting or
commandment of the commission of a crime (Art. 42 CC); as well as forming part of a conspiracy to
commit a crime (Art. 48a CC).
45. All criteria, unless they are not applicable, are met. R.3 is rated C.
Recommendation 4 - Confiscation and provisional measures
46. Malta was rated PC with the previous R.3 in the 4th round of mutual evaluation report of 2012.
Deficiencies identified related to the lack of information on freezing and confiscation orders, as well
as effectiveness questions on the attachment regime.
47. Criterion 4.1 – In general, Malta’s confiscation regime is regulated by the PMLA, the DDO, the
MPKO and the CC. Maltese law provides for the confiscation of the following:
(a) Property laundered
48. The confiscation of the property laundered and of the proceeds of crime is foreseen in the
PMLA (Art. 3(5)), the DDO (Art. 22(3A)(d) and 22(3B)), the MPKO (Art. 120A(2A), (2Abis) and (2B))
and the CC (Art. 23).
(b) Proceeds of (…), or instrumentalities used or intended for use in, ML or predicate offences
49. Art. 23 CC applies to any crime and foresees that the instruments used or intended to be used
in the commission of any crime and anything obtained from such crime are confiscated and forfeited
as a consequence of the punishment for the same crime as established by law. The same provision
further provides that in the case of things, the manufacture, use, carrying, keeping or sale whereof
constitutes an offence, such things may be forfeited upon an order of a court of criminal jurisdiction,
even though there has been no conviction.
(c) Property that is the proceeds of, or used in, or intended or allocated for use in the financing of
terrorism, terrorist acts or terrorist organisations
50. The forfeiture of the proceeds of FT offences is provided for in Art. 328L CC. Where a person is
found guilty of having committed the offences of: FT, the use and possession of money or property
for the purposes of terrorist activities, entering or becoming concerned in funding arrangements for
the purposes of terrorist activities or of facilitating retention or control of terrorist property, the
court pronouncing guilt may order the forfeiture of any money or other property used in or allocated
to be used in FT.
(d) Property of corresponding value
51. The confiscation of property of corresponding value is foreseen under Art. 3(5a) PMLA (with
regard to ML), Art. 22 DDO (with regard to drug-related crime) as well as under Art. 23B(1) CC (as a
general provision for all offences). The authorities illustrated the application of these provisions in
practice with case examples.
52. Criterion 4.2 – In general, Malta’s regime for provisional measures is regulated by the same
laws as the confiscation regime, which are notably: the PMLA, the DDO, the MPKO and the CC.
Maltese law provides for the following preventive measures:
(a) identify, trace and evaluate property that is subject to confiscation
53. Art. 23D CC enables the Court Registrar as competent authority to conduct inquiries to trace
and ascertain the whereabouts of any moneys or other property under the control of the person who
is charged, accused or convicted. The Court Registrar’s inquiries for information are compulsory and
must be made within thirty days of receipt of demand. For any cases established after 20 August
2018, the newly-established Asset Recovery Bureau (ARB) will have the responsibility of the tracing,
identification and evaluation of proceeds of crime.
(b) carry out provisional measures, such as freezing or seizing, to prevent any dealing, transfer or
disposal of property subject to confiscation
54. Provisional measures are divided in Malta with regard to the period before and after the
arraignment. In the pre-arraignment phase, any monies or moveable property belonging to the
suspect may be attached by means of an order, for a renewable period of 45 days (Art. 4(6) PMLA,
Art. 435A CC and Art. 24A(6) DDO). The order prohibits the accused from transferring, pledging,
hypothecating or otherwise disposing of any movable or immovable property. Upon arraignment,
the prosecution can additionally request the court to impose a freezing order pending court
proceedings on the assets of the accused, were they monies, moveable or immoveable property (Art.
5 PMLA, Art. 22A(1) DDO, Art. 120A(2A) MKPO and Art. 23A CC).
(c) take steps that will prevent or void actions that prejudice the country’s ability to freeze or seize or
recover property that is subject to confiscation
55. Malta has legislation in place according to which breaches and contraventions of attachment
and freezing orders constitute criminal offences and any acts made in contravention of such orders
are deemed to be null and without effect. The PMLA, CC, DDO and MPKO provide for a range of civil
and criminal sanctions in cases of breach of either the attachment or freezing orders. Moreover, the
country has legislation in place with regard to the recovery of property which is subject to
confiscation.
(d) take any appropriate investigative measures
56. The PMLA, DDO, MPKO and CC provide the authorities with a wide range of investigative
measures, including investigation orders, monitoring orders and controlled deliveries.
57. Criterion 4.3 – As regards confiscation there exists a sufficient protection of the rights of bona
fide third parties (Art. 23 CC). With regard to freezing orders, Art. 5(1) PMLA provides for such
rights. A similar provision is found in Art. 22A(1) DDO which is also rendered applicable to the
141
MKPO by virtue of Art. 120A(2A) of the same ordinance. In the case of an attachment order, any third
party can file an application before the criminal court asking for the lifting of that order on particular
property during the pre-arraignment stage.
58. Criterion 4.4 – Malta has mechanisms in place for managing seized, frozen and confiscated
property. The management of such property had previously been carried out by an Asset
Management Unit (AMU) which was set up within the Court Registry in 2012. Since August 2018 the
ARB has been tasked with the proper and efficient tracing, collection, storage, preservation,
management and disposal of instrumentalities and proceeds of crime. It has taken over, with regard
to any proceedings introduced since its establishment, the role of managing and disposing of frozen
or confiscated property.
59. All criteria are met. R.4 is rated C.
Recommendation 5 - Terrorist financing offence
60. In the 4th round mutual evaluation report of 2012, Malta was rated LC on SR.II. Deficiencies
identified related to the need for clearer legal provisions in the definition of FT offences to cover
contributions used by a terrorist group for any purpose (including a legitimate activity) and to
include the direct and indirect collection of funds for terrorist financing.
61. Criterion 5.1 – In 2015, Malta undertook extensive amendments to its CC in the chapter
containing the crimes of terrorism and related acts. Art. 328B(3) and 328F(1) CC criminalise the
financing of certain terrorist activities, which in return are defined in Art. 328A CC. Art. 328A,
paragraph 4 CC lays out a detailed list of criminal offences for specific terrorist acts which are set out
in the nine Conventions listed in Annex 1 of the Terrorist Financing Convention (TFC), in line with
Art. 2(1)(a) TFC. These offences do not require any specific “terrorist purpose” (such as e.g.
intimidating a population or compelling action by a government or an international organisation). A
“generic” terrorism-offence in Art. 328A is comprised of an intentional element (paragraph 1) with a
list of actions (paragraph 2) usually associated with terrorist acts (e.g. murder, bodily injury, taking
of liberty, causing dangerous destruction to government facilities, release of dangerous substances
etc.). The intent in paragraph 1 is modelled on the language of Art. 2(1)(b) TFC. However, the
language of the Maltese provision slightly deviates from the TFC in that it requires that the acts
concerned are aimed at “seriously intimidating the population” (whereas the TFC only requires
intimidation of the population). Moreover, the Maltese definition requires that those acts “may
seriously damage a country or an international organisation”, which is a potentially more restrictive
objective element not required by the TFC.
62. Criterion 5.2 – Malta criminalises FT by dividing the offence into different parts: whereas the
financing of terrorist organisations is criminalised by Art. 328B(3) CC, the financing of individual
terrorists or specific terrorist acts is captured by Art. 328F(1) CC. The financing of an individual
terrorist/specific terrorist act under Art. 328F(1) CC includes providing or collecting funds or other
assets, directly or indirectly, with the intention or the knowledge that they are used, full or in part,
for the above purposes. The financing of a terrorist group under Art. 328B(3) CC includes the direct
or indirect collection or provision by any means of money or other property (or the financing in
other ways), knowing that such financing will contribute towards the terrorist group’s activities,
whether criminal or otherwise. The term “money or other property” is wide enough to capture
“funds and other assets”. Both the financing of terrorist groups or individual terrorists are not linked
to a specific terrorist act.
63. Criterion 5.2bis – Art. 328C(2)(d) CC criminalises the travels (or attempts to travel) for the
purpose of the perpetration, planning, or preparation of, or participation in, terrorist activities, or
the providing or receiving of training in terrorist activities. Financing, organising or otherwise
facilitating such travels is criminalised under Art. 328C(2)(e) CC. The above provisions do not
expressly state that such travels include the perpetrators’ travel to “another State other than their
States of residence”. However, nothing in the provision’s wording suggests that such travels are
limited to the territory of the States of the perpetrators’ residence.
64. Criterion 5.3 – No distinction is made in the relevant provisions of the CC which criminalise the
various FT offences regarding the legitimate or illegitimate source of funds used to finance terrorism.
65. Criterion 5.4 – The various FT offences under the CC do not require that the funds were used to
carry out or attempt a terrorist act or be linked to a specific terrorist act (with the exception of those
provisions which relate exclusively to the financing of a specific terrorist act).
66. Criterion 5.5 – The Maltese criminal legal system allows for the possibility for the intent and
knowledge required to prove the FT offence to be inferred from objective factual circumstances.
Although this is not expressly provided in law, jurisprudence has been established to this effect
which was demonstrated by general case-examples under the CC.
67. Criterion 5.6 – The financing of terrorist organisations as criminalised by Art. 328B(3) CC is
punishable by a imprisonment not exceeding eight years (Art. 328B(3)(b) CC). The financing of
individual terrorists or specific terrorist acts is punishable by imprisonment not exceeding four
years and/or a fine not exceeding EUR 11,646 (Art. 328F(1) CC). In light of other MERs and the
survey made in 2015 by the FATF of the applicable FT sanctions in 172 countries/jurisdictions of the
global AML/CFT network89, these sanctions are considerably below the global average. While
bearing in mind that there is no single benchmark and that dissuasiveness may vary according to
legal traditions, the sanctions are not fully dissuasive and proportionate, also when compared to
similar criminal offences in Malta (including ML with a maximum penalty of eighteen years of
imprisonment, and the crime of terrorism which is subject to the punishment of imprisonment from
seven years to life).
68. Criterion 5.7 – Recognising the concept of criminal liability of legal persons, Malta provides
under Art. 328J(1) and (2) and 328K CC the possibility of sanctioning legal persons for FT with: fines
ranging from EUR 11,646 to 2,329,373; the suspension or cancellation of any licence, permit or other
authority to engage in any trade, business or other commercial activity; the temporary or permanent
closure of any establishment which may have been used for the commission of the offence; or the
compulsory winding up of the body corporate. These sanctions, which do not preclude the criminal
liability of natural persons, can be considered to be sufficiently proportionate and dissuasive.
69. Criterion 5.8 – Malta’s CC provides for a number of ancillary offences which include: (a)
attempting to commit the FT offence (Art. 41); (b) participation as an accomplice in a FT offence (Art.
42); (c) organising or directing others to commit a FT offence (Art. 42); and (d) forming part of a
conspiracy for the purpose of committing one or more FT offence(s) (Art. 48a).
70. Criterion 5.9 – Under the “all crime” approach, FT offences are predicate offences to ML.
89 FATF Guidance, Criminalising Terrorist Financing (Recommendation 5), October 2016, para.65.
143
71. Criterion 5.10 – No geographical restrictions are made regarding FT offences. Maltese law does
not impose any requirements on the location of persons or organisations or the terrorist acts.
72. Malta’s generic FT offence is slightly more restrictive in its objective element than the one
provided by the FT Convention. Criminal sanctions for natural persons for the FT offence are not
fully proportionate and dissuasive. R.5 is rated LC.
Recommendation 6 - Targeted financial sanctions related to terrorism and terrorist financing
73. In its 4th MER Malta was rated PC with the former SRIII. The summary of the factors underlying
this rating were: not any clear and publicly-known procedure for de-listing and unfreezing; no
evidence that designation of EU internals have been converted into the Maltese legal framework;
concerns over effectiveness of freezing system at the request of another country that relies on
judicial proceedings; insufficient guidance and communication mechanisms with DNFBP (except
trustees) regarding designations and instructions including asset freezing; insufficient monitoring
for compliance of the DNFBPs; and the effectiveness-concerns under R.3 might affect the effective
application of c.III.11.
74. Since the previous MER, Malta amended the National Interest (Enabling Powers) Act (NIA), the
main legislative instrument through which UN and EU sanctions are implemented under Maltese
law. It is also on the basis of that act, that the SMB is constituted. Operating Procedures of the SMB
have also been issued. The procedures are an internal policy document which has been agreed to by
the governmental members of the SMB.
75. Criterion 6.1 – In relation to designations pursuant to UNSCR 1267/1989 and 1988:
(a) The authority responsible for proposing persons or entities to the 1267/1989 Committee and the
1988 Committee is the SMB, pursuant to Art. 7(5)(a)(ii) NIA. No requests have so far been made to
these Committees.
(b) No mechanism exists defining the process for detection and identification of targets for
designation based on the designation criteria set out in the UNSCRs.
Pursuant to Art.1 of the SMB’s Operating Procedures the SMB is responsible for initiating the process
for the designation of individuals and entities. The SMB will initiate the process for designating
individuals or entities whether at UN level, EU level or national level upon its own initiative
(following a request received by another country or following a report received by relevant
stakeholders, or from the FIAU, MSS or Malta Police in accordance with an MoU that the SMB has
concluded with these entities). Art.15 and Art.16(1)and(2) NIA stipulate cooperation between the
SMB and the competent authorities and authorisation of the SMB to request any information it
deems necessary, relevant and useful for the purpose of pursuing its function under the NIA, that has
to be provided without delay and whereby confidentiality provisions do not apply.
(c) Pursuant to Art. 6 of the SMB’s Operating Procedures, the SMB may propose a designation to the
UN if it has a sufficiently strong factual basis to conclude that there are reasonable grounds to
believe that the designation criteria under a relevant UN Resolution are met. Art. 7 of the SMB’s
Operating Procedures confirms that proposals for designation are not dependent on any criminal
suspicion or on-going criminal proceedings.
(d) Art. 8 of the SMB’s Operating Procedures provides that the SMB, when proposing designations,
must follow the procedures established by the relevant UN Sanctions Committee and use relevant
UN standard forms for proposing a designation to a UN Sanctions Committee.
(e) Art. 9 of the SMB’s Operating Procedures requires that the SMB, when proposing a designation to
the UN, include a wide range of information on the targeted individual or entity as part of the
proposal to allow for accurate and positive identification, as well as a detailed statement of the case
in support of the proposed listing. Art. 10 of the SMB’s Operating Procedures further requires that
the SMB, as part of the proposal to designate, must indicate whether Malta may be made known to be
the designating state.
76. Criterion 6.2 – In relation to designations pursuant to UNSCR 1373
(a) At the European level, the EU Council is responsible for deciding on the designation of persons or
entities (Regulation 2580/2001 and Common Position 2001/931/CFSP). Within the context of
Regulation 2580/2001 and Common Position 2001/931/CFSP, EU listing decisions shall be drawn
up on the basis of precise information from a competent authority, meaning a judicial authority or
equivalent of an EU Member State or third state. This does not include persons, groups and entities
having their roots, main activities and objectives with the EU (EU internals). Domestic legislation is
thus required to deal with EU internals.
In the Maltese national context, Art. 3(4)(a)(i) NIA stipulates whenever the Prime Minister considers
that the national or international interests of Malta so require, he may order upon the
recommendation of the SMB and of the Attorney General (AG) by regulations under the NIA the
designation of any person or entity. Art. (7)(5)(a)(ii) reiterates that the SMB has the mandate to
propose to the Prime Minister designations under Art. 3(4)(a) of the Act. Art. 1 and 2 of the SMB’s
Operating Procedures further provides that the SMB may consider proposing a designation to the
Prime Minister either upon its own initiative, upon initiative of another competent authority in
Malta, or upon a request by another country, accompanied by sufficient and reasonable information
making a case for designation. No persons have been designated at the national level and no orders
have been issued by the Prime Minister for EU internals.
(b) The mechanism for identifying targets for designation based on the designation criteria set out in
UNSCR 1373 is the same for designations pursuant to UNSCR 1267/1989 and 1988. See c.6.1(b).
(c) At the European level the verification of the reasonable basis for any requests for designations
received is handled by the ‘Common Position 2001/931/CFSP on the application of specific
measures to combat terrorism’ Group (COMET Working Party) at the EU Council, which examines
and evaluates the information to determine whether it meets the criteria set forth in UNSCR 1373.
No clear time limit has been set for the WP’s review.
At the national level, Art. 2 of the SMB’s Operating Procedures requires that if the request for
designation is received from another country the SMB shall immediately convene a meeting to
promptly determine whether the request is supported by sufficient facts to conclude, based on
reasonable grounds, that the relevant designation criteria are met. Malta has not yet received any
formal request from another country for designation.
(d) At the EU level, the COMET Working Party examines and evaluates the information to assess
whether the information meets the criteria set out in Common Position 2001/931/CFSP. It will then
make recommendations which will be adopted by the Council on the basis of precise information or
material in the relevant file which indicates that a decision has been taken by a competent authority,
145
without it being conditional on the existence of criminal proceedings (Art. 1(4) Common Position
2001/931/CFSP).
At the national level, Art. 6 of the SMB’s Operating Procedures provide that the SMB may propose a
designation to the Prime Minister if it has a sufficiently strong factual basis to conclude that there are
reasonable grounds to believe that the designation criteria under UNSCR 1373 are met. Art. 6 of the
SMB’s Operating Procedures, which applies to national listings through Art. 13 of the SMB’s
Operating Procedures, confirms that designations pursuant to UNSCR 1373 are not dependent on
any criminal suspicion or on-going criminal proceedings.
(e) At the EU level, there is no specific mechanism for asking non-EU member countries to give effect
to EU restrictive measures.
At the national level, the SMB shall, when proposing listings to another country, provide as much
information as possible on the person or entity requested to be designated, and a statement of the
case (Art. 15 of the SMB’s Operating Procedures). The proposed listing should include, as a minimum
name, surname, title, date of birth, nationality of the person or entity to be designated, and sufficient
facts to provide a reasonable basis for the requested country to conclude that the designation
criteria under UNSCR 1373 are met. No such proposals have been made so far.
77. Criterion 6.3 – (a) At the EU level, Art. 8 of Regulation 881/2002 (UNSCR 1267/1989) and Art.
9 of Regulation 753/2001 (UNSCR 1988/2011) as well as Art. 8 of Regulation 2580/2001 and Art. 4
of Common Position 2001/931/CFSP (UNSCR 1373/2001 state, inter alia, that Member shall inform
each other of the measures taken under the Regulations and shall supply each other with any other
relevant information at their disposal in connection with this Regulations. The Common Position
mentions that Member shall, through police and judicial cooperation afford each other the widest
possible assistance in preventing and combating terrorist acts.
At the national level, Art. 15 NIA states that the SMB shall, in the exercise of its functions, cooperate
with law enforcement authorities, the MSS, the FIAU, and all public and regulatory authorities in
Malta to ensure that the regulations under the NIA, EU Regulations and the UNSCRs are observed.
Art. (16)(1) NIA further grants the SMB the power to request from any person and any authority or
entity any information it deems necessary, relevant and useful for the purpose of pursuing its
function under the NIA and Art. (16)(2) requires requested persons and entities to provide the
relevant information without delay to the SMB. Art. 18 of the SMB’s Operating Procedures also
mentions the above.
(b) At EU level, as for the UNSCRs 1267/1989 and 1988 regime, EU Regulation 1286/2009 provides
for ex parte proceedings against a person or entity whose designation is considered. The Court of
Justice of the EU makes an exception to the general rule that notice must be given before the decision
is taken in order not to compromise the effect of the designation.
At the national level, Art. 3 of the SMB’s Operating Procedures provide that the SMB in all cases
operates ex parte and may not inform a targeted person or entity, or any other person or entity, of
the fact that a designation is being considered or has been proposed, except in the circumstances and
as permitted under the NIA. NIA does not provide for any exception in this regard.
78. Criterion 6.4 – At EU level, UN lists are given effect through amendments to the relevant EU
Regulations. In 2018, transposition times exceeded the FATF definition of “without delay”. EU
listings pursuant to Regulation 2580/2001 are immediately implemented.
79. At the national level, Art. 5 NIA stipulates that UNSCRs imposing sanctions or applying
restrictive measures shall be automatically binding in their entirety in Malta and shall be part of its
domestic law. Art. 17 NIA states that, when regulations are made under Art. 3(4)(a) or when an
UNSCR or an EU Regulation is published, the UNSCR or EU Regulation imposing freezing measures
shall immediately upon publication be tantamount to a freezing order having the force of law in
Malta. Hence the time delay imposed by the amendments to the relevant EU Regulations does not
exist in Malta.
80. Regarding designations at the national level, pursuant to Art. 3(4)(a) NIA the Prime Minister
may order that any natural or legal persons in Malta immediately freeze, without prior notice, all
property of a designated person or entity or of any other person or entities as may be indicated in
the order. The same mechanisms apply for requests from other countries to designate a person or
entity in Malta. Such requests are dealt with promptly by the SMB as outlined under c.6.2 (c).
81. Criterion 6.5 – Art. (7)(5)(a)(i) NIA designates the SMB as the responsible authority for
monitoring the implementation and operation of sanctions imposed by regulations made under the
Act, EU Regulations or UNSCRs. To fulfil its mandate, the SMB has entered into a multilateral MoU
with the FIAU, MFSA, and MGA to regulate the exchange of information with these three authorities,
and to agree on cooperation procedures with respect to the supervision of FIs and DNFBPs. Through
the MoU the three above-mentioned authorities agree to check TFS-related aspects as part of their
supervisory engagement (including in the context of onsite inspections).
(a) In relation to UNSCRs 1988 and 1267/1989, EU Regulations establish the obligation to freeze all
the funds and economic resources belonging to a person or entity designated on the European list:
Art. 2(1) EU Regulation 881/2002, as amended by EU Regulation 363/2016 and Art. 3 EU Regulation
753/2011. To address the time delay between designations at the UN and EU levels, Malta made the
obligations set out in UNSCRs to impose targeted financial sanctions (TFS) on designated individuals
and entities directly applicable (see c.6.4). Maltese citizens and any person or entity located in Malta
are furthermore prohibited to provide financial services to or make property available to or for the
benefit of a designated person or entity. For designations under UNSCR 1373, the Prime Minister
(when issuing an order pursuant to Art. 3(4)(a) NIA) may order that any natural or legal person in
Malta shall immediately freeze, without prior notice, all property of a designated person or entity, or
of any other persons or entities indicated in the order (see c.6(2) (a)). The term “property” is broadly
defined in Art. 3(4)(c) NIA90 and it is line with the FATF definition.
(b) In relation to UNSCRs 1988 and 1267/1989, the freezing obligation as laid down in the EU
Regulations extends to all funds or other assets defined in R.6, namely funds owned by designated
persons (natural or legal) as well as funds controlled by them or by persons acting on their behalf or
on their order. These aspects are covered by the notion of ‘control’ in Art. 2 EU Regulation 881/2002,
as amended by EU Regulation 363/2016, and Art. 3 EU Regulation 753/2011. At the national level
Art. 17(2) NIA reiterates the obligations that are set out in the relevant UN and EU instruments.
90 Property shall mean “assets, including but not limited to financial assets, economic resource, including oil
and other natural resources, property of every kind, whether tangible or intangible, moveable or immoveable,
however acquired, and legal documents or instruments in any form, including electronic or digital, evidencing
title to, or interest in, such funds or other assets, and any interest, dividends, or other income on or value
accruing from or generated by such funds or other assets, and any other assets which potentially may be used
to obtain funds, goods or services”.
147
For designations under UNSCR 1373, the freezing obligation under Art. 2(1)(a) EU Regulation
2580/2001 is not extensive enough. However, the Prime Minister (when issuing an order pursuant
to clause 3(4)(a) NIA) may order that any natural or legal person in Malta shall immediately freeze,
without prior notice, (i) all property that is owned or controlled, whether wholly or jointly, directly
or indirectly, by a designated person or entity; (ii) property that is derived or generated from
property owned or controlled, directly or indirectly, by a designated person or entity; and (iii)
property of any person or entity acting on behalf of or at the direction of a designated person or
entity. See also c.6(2)(a).
(c) In compliance with the UNSCRs, EU Regulations 881/2002 (Art. 2(2)), 753/2011 (Art. 3) and
2580/2001 (Art. 2(1) and (2)) prohibit EU nationals and all other persons or entities present in the
EU from making funds or other economic resources available to designated persons or entities. Art.
(17)(2)(e) and 3(4)(a)(iv) NIA reiterate these obligations.
(d) Designations decided at the European level are published in the Official Journal of the EU and
website and included in a consolidated financial sanctions database maintained by the European
Commission, with an RSS feed. The EU Council provides guidance by means of the EU Best Practices
for the effective implementation of restrictive measures.
At the national level, the Ministry of Foreign Affairs and Trade Promotion (MFTP) has developed a
homepage on sanctions that provide links to the relevant UN and EU lists. Although designations
have not yet been made at national level, this would occur in theory - as stated by the Maltese
government – also within about an hour. A detailed guidance document on TFS relating to terrorism,
FT and PF has also been published. Furthermore, the MFSA sends a notification of changes to
compliance officers at each licensed entity. If needed, the SMB and supervisory authorities can
provide additional guidance on a case-by-case basis, either by telephone or in writing, or generally
due to recent developments of high importance. The FIAU has issued a guidance note regarding red
flags and suspicious activities on FT.
(e) Under the EU framework, natural and legal persons targeted by the European regulations must
immediately provide all information to the competent authorities of the Member State in which they
reside or are present, as well as to the European Commission, either directly or through these
competent authorities: Art. 5(1) EU Regulation 881/2002, Art. 5(1) EU Regulation 753/2011 and
Art. 4 Regulation 2580/2001.
At the national level, Art. 17(6)(c) NIA requires that FIs and DNFPBs shall immediately notify the
SMB in case targeted property is identified, and of the actions taken in relation to such property
including attempted transactions. Art. 21 of the SMB’s Operating Procedures provides that in case of
any matches, subject persons shall immediately supply any relevant information to the SMB,
including information on accounts, amounts frozen or action taken in compliance with the NIA, and
to cooperate with the SMB in verification of this information.
(f) The rights of bona fide third parties are protected at European and national levels: Art. 6
Regulation 881/2002, Art. 7 Regulation 753/2011 and Art. 4 Regulation 2580/2001 and Art. 18 and
(7)(5)(iv) NIA.
82. Criterion 6.6 – (a) Given the direct applicability of UN and EU measures, including
amendments or variations thereto (hence including when there is a de-listing), the relevant
provisions would be directly applicable under Maltese law. Art. 23 of the SMB’s Operating
Procedures addresses the process to be followed in cases where a listed person or entity seeks to get
de-listed by a competent Sanctions Committee. Individuals or entities are advised to follow the
guidelines for de-listing as issued by the relevant UN Sanctions Committee, and either address the
Office of the Ombudsman (for 1267) or the Focal Point (for 1988) directly. Maltese nationals or
residents and Malta registered entities may also opt to file the petition to the UN via the SMB through
the Maltese Permanent Mission to the UN.
(b) In relation to UNSCR 1373, the Council of the EU revises the EU’s list at regular intervals (Art. 6
2001/931/CFSP). Modifications to the list under EU Regulation 2580/2001 are immediately
effective in all EU Member States.
At the national level, with regard to UNSCR 1373 the Prime Minister (in accordance with Art.
(4)(a)(vi) NIA, and through an order issued to that effect) may order the amendment or revocation
of any previous order, including an order for the de-listing of any person or entity that no longer
meets the designation criteria. Articles 28-32 of the SMB’s Operating Procedures lay down the
national procedures for de-listing of designated persons and unfreezing of funds.
(c) Designated persons or entities affected may write to the Council to have the designation
reviewed or institute proceedings according to Art. 263(4) and 275(2) TFEU before the Court of
Justice of the European Union in order to challenge the relevant EU measures (decisions and
regulations), whether they are autonomously adopted by the EU or adopted by the EU in line with
UNSCR 1373.
At the national level, petitioners may also lodge an application of appeal with the First Hall Civil
Court, requesting the cancellation of the order made in accordance with Art. 3(4)(a) NIA.
(d) and (e) The SMB’s Operating Procedures provide that a petitioner can submit a request for de-
listing to the Focal Point for De-listing in accordance with the 1988 Committee Guidelines (Art. 25),
or the Office of the Ombudsperson of the UN seeking to be removed from the UN Sanctions
Consolidated List, in accordance with the procedures in annex II of UNSCR resolution 1904(2009),
1989 (2011) and 2083 (2012) to accept de-listing petitions (Art. 26).
(f) and (g) Persons or entities whose assets have been frozen erroneously or inadvertently may
provide evidence to the SMB to establish that assets in question were wrongly targeted and make
recommendations in accordance to propose de-listing or the unfreezing of property (Art. 7(5)(iv)
NIA). The SMB’s Operating Procedures are provided at the MFTP homepage which also sets out the
relevant process. De-listing and unfreezing decisions taken in accordance with European regulations
are published in the Official Journals of the EU and on a dedicated website.
83. Criterion 6.7 – At the European level, there are procedures in place to authorise access to
frozen funds or other assets which have been determined to be necessary for basic expenses, for the
payment of certain types of expenses, or for extraordinary expenses: Art. 2a Regulation 881/2001,
Art. 5 Regulation 753/2011, and Art. 5 and 6 Regulation 2580/2001.
84. At the national level Art. (7)(5)(a)(v) NIA and Art. 35 to 37 of the SMB’s Operating Procedures
regulate the process. All applications for the unfreezing of funds or other assets as mentioned in this
criterion shall be received by the SMB, which may decide on the applications in line with relevant
procedures laid down in relevant UNSCRs.
85. Malta utilises both supranational and national mechanisms to implement TFS. Designations at
the UN level apply directly in Malta without the need for EU transposition, and Malta has the ability
149
to designate a persons or entities at a national level pursuant to UNSCR 1373, although this
mechanism has not yet been used in practice. Procedures for de-listing and unfreezing and the
designation of EU internals have been enacted in the NIA and the SMB’s Operating Procedures.
However, there is no mechanism exist defining the process for detection and identification of targets
for designation based on the designation criteria set out in the UNSCRs. R.6 is rated LC.
Recommendation 7 – Targeted financial sanctions related to proliferation
86. Malta’s previous MER was conducted prior to FATF’s 2012 adoption of R.7.
87. The legal basis for implementing R.7 includes relevant EU legislation, and at the national level
the NIA and the SMB’s Operating Procedure. The same national legal provisions are applicable
regarding TFS on FT as well as on proliferation financing (PF).
88. Criterion 7.1 – The UNSCRs relating to the prevention, suppression and disruption of PF and its
financing are implemented in the EU by Council Regulations 2017/1509 (DPRK) and 267/2012
(Iran), as amended91. In the EU legal framework, Regulations are directly applicable in Member
States. Malta implements the UNSCRs on TFS directly “without delay” at a national level, pursuant to
Art. (5)(1) and 17(1) NIA.
89. Criterion 7.2 – At the national level, Art. (7)(5)(a)(i) NIA designates the SMB as responsible
authority for monitoring the implementation and operation of sanctions imposed by regulations
made under the Act, EU Regulations or UNSCRs.
(a) The relevant EU regulations require all natural and legal persons within the EU to freeze the
funds or other assets of designated persons and entities. This obligation is triggered as soon as the
regulation is approved and the designations are published in the Official Journal of the EU.
Pursuant to Art. 17(1) and (2) NIA the relevant UNSCRs and EU Regulations freezing orders shall
immediately upon publication be tantamount to a freezing order having the force of law in Malta and
shall have effect of attaching without delay or prior notice all property of designated persons and
entities. The term “property” is broadly defined in Art. 3(4)(c) NIA and is in line with the FATF’s
definition.
(b) In the relevant EU Regulations, all types of funds or other assets mentioned under c.7.2(b) must
be frozen. As described under c.6.5(b), pursuant to Art. 17(2)NIA the freezing obligations extend to
all the situations that are set out in the relevant UN and EU instruments.
(c) The EU Regulations prohibit funds and other assets from being made available (Art. 6 Regulation
329/2007 and Art. 23(3) Regulation 267/2012). Art. 17(2)(e)92 NIA also states the same.
91 As regards the DPRK, UNSCRs 1718 (2006), 1874 (2009), 2087 (2013), 2094 (2013), 2270 and 2321 (2016)
have been transposed by Council Decision 2016/849/CFSP and Council Regulation 2017/1509, both as
amended. As regards Iran, TFS imposed by the UN are mainly established by Council Decision 2012/35 and
Regulation 267/2012. With the adoption of UNSCR 2231 (2015), which terminated UNSCR 1737 and its
successor resolutions, a number of targeted restrictive measures contained in EU Regulation 267/2012 have
been lifted.
92 A freezing order as is mentioned in sub-article (1) shall have the effect of: prohibiting any Maltese citizen or
any person or entity located in Malta from making property, or financial services or other related services
available, directly or indirectly, wholly or jointly, to or for the benefit of a designated person or entity; or an
entity owned or controlled, directly or indirectly, by a designated person or entity; or to any person or entity
acting on behalf of, or at the direction of, a designated person or entity, unless licensed, authorised or notified
(d) The mechanisms described in c.6.5(d) apply for communicating designations to FIs and DNFBPs.
(e) FIs and DNFBPs must immediately provide to the competent authorities all information that will
facilitate observance of the EU Regulations, including information about the frozen accounts and
amounts (Art. 50 Regulation 2017/1509 and Art. 40 Regulation 267/2012). At the national level, Art.
17(6)(c) NIA requires that FIs and DNFPBs shall immediately notify the SMB in case targeted
property is identified, and of the actions taken in relation to such property including attempted
transactions. Art. 21 of the SMB’s Operating Procedures addresses this (see c.6.5(e)).
(f) The rights of bona fide third parties are protected at European and national levels: Art. 54
Regulation 2017/1509 and Art. 42 Regulation 267/2012 and Art. 18 and (7)(5)(iv) NIA.
90. Criterion 7.3 – Art. 47 of Regulation 267/2012 and Art. 55 of Regulation 2017/1509 state that
member states must take all necessary measures to implement EU regulations, as well as develop a
regime to adopt and administer effective, proportionate and dissuasive sanctions. Ths SMB monitors
the implementation and operation on TFS, together with the FIAU, the MFSA and the MGA (see c.6.5).
91. National provisions regarding criminal and administrative sanctions are in place. Criminal
sanctions for individuals are imprisonment (from a minimum of twelve months to a maximum of
twelve years) and/or a fine (of not less than twenty-five thousand euros and not exceeding five
million euros). For entities, the sanction is a fine of not less than eighty thousand euros and not
exceeding ten million euros for corporations. The law provides for corporate liability when sanctions
are breached by an entity following the lack of supervision or control of an officer of the company as
listed in Art. 121D CC for the benefit of the body corporate. In addition, MGA and MFSA may apply
supervisory sanctions, including license-related measures, for any violation of Maltese law by a
licensed entity.
92. Criterion 7.4 –
(a) The Council of the EU communicates its designation decisions and the grounds for listing to
designated persons and entities which have rights of due process. Individual de-listing requests must
be processed upon receipt, in compliance with the applicable legal instrument and EU Best Practices
for the effective implementation of restrictive measures. The Best Practices mention UNSCR
1730(2006) and the de-listing Focal Point, and the possibility to submit de-listing requests either
through the Focal Point or through their State of residence or citizenship. The Council of the EU shall
promptly review its decision upon request, and inform the designated person and/or entity. Such a
request can be made, irrespective of whether a de-listing request is made at the UN level, for
example through the Focal Point mechanism.
At the national level, pursuant to Art. 7(5)(iii) and (iv) NIA and Art. 23 to 27 of the SMB’s Operating
Procedures individuals or entities are advised to follow the guidelines for de-listing as issued by the
relevant UN Sanctions Committee, and address the Focal Point pursuant to UNSCR 1730 directly.
Maltese nationals or residents and Malta-registered entities may also opt to file the petition to the
UN via the SMB (through the Maltese Permanent Mission to the UN).
(b) Publicly known procedures to unfreeze the funds or other assets of persons or entities with the
same or similar name as designated persons or entities are provided for at EU level as well as at
national level (see c.6.6(f)).
in accordance with the relevant United Nations Security Council Resolution or Regulation of the Council of the
European Union or order issued under Art. 3(4)(a).
151
(c) Art. 36 and 37 EU Regulation 2017/1509 and Art. 24, 26 and 27 EU Regulation 267/2012
authorise access to funds where countries have found an applicable exemption.
At the national level, pursuant to Art. 7(5)(a)(iv) NIA in conjunction with Art. 35 to 37 of the SMB’s
Operating Procedures the SMB shall have the function to authorise access to frozen funds or other
assets which the SMB determines to be necessary for basic expenses, for the payment of reasonable
costs and fees for legal, medical, professional or other essential services, or for documented
extraordinary expenses. The SMB may authorise, under such conditions as it deems appropriate, the
release of frozen property or the making available of property, if it has determined that the relevant
provisions under relevant UNSCR are met, and prior to the granting of authorisation has either
notified or obtained approval by the relevant UN Sanctions Committee, as required under relevant
UNSCRs. This means that approval by the competent UN Sanctions Committee must generally be
obtained before the SMB may grant such access.
(d) See c.6.6(g).
Criterion 7.5 – (a) The addition of interests or other earnings to frozen accounts is permitted
pursuant to Art. 36 EU Regulation 2017/1509 and Art. 29 EU Regulation 267/201).
At the national level, Art. 16 of the SMB’s Operating Procedures state that TFS shall not prevent FIs
from crediting frozen accounts with interest or other earnings on frozen accounts, provided that any
additions shall also be frozen and the SMB be informed without delay.
(b) Payments under a contract entered into prior to designation are possible under the necessary
conditions (Art. 25 EU Regulation 2015/1861, which amends EU Regulation 267/2012).
At the national level, Art. 17 of the SMB’s Operating Procedures state that TFS shall not prevent a
designated person or entity from making payments due under contracts, agreements or obligations
that were concluded or arose before the date on which a person or entity was designated, provided
that the SMB, in the case of PF cases, has given its consent or (in all other cases) was informed
without delay. In case of PF sanctions, the SMB must inform - prior to granting consent - the relevant
Sanctions Committee of its intention to authorise such payments and must have determined certain
conditions.
93. Malta implements TFS related to proliferation in accordance with the UN Resolutions as well
as the EU and national regime. Designations at the UN level apply directly in Malta without the need
for EU transposition. R.7 is rated C.
Recommendation 8 – Non-profit organisations
94. In its 4th MER Malta was rated PC with the former SRVIII. However, that assessment pre-dated
the 2016 adoption of changes to R.8 and its Interpretive Note.
95. The Voluntary Organisations Act (VOA) was introduced in 2007. It was further amended in
2018, and the relevant measures entered into force on 6 November 2018 (at the time of the on-site
visit). Those measures have introduced new requirements on enrolment (which previously was not
compulsory for any type of voluntary organisations (VOs) and on registration of VOs with the
Commissioner for VOs (CVO). It also established the position of the CVO including his duties and
function, which are exhaustively listed in Art. 7 VOA. The task of the Office of the Commissioner is to
strengthen the voluntary sector through various initiatives with the specific aim of promoting the
work of VOs as well as encouraging their role as partners with the government in various initiatives.
The ultimate mission of the Office of the Commissioner is to give more visibility to the voluntary
sector as well as to guarantee transparency and accountability of the organisations that compose it
in the carrying out of their work. In view of this, the Commissioner is also the regulatory authority
responsible for this sector with the aim of monitoring and supervising the activities of these
organisations as well as supporting them to take a risk-based approach.
96. Criterion 8.1 – (a) Malta has defined VOs in Art. 2(1) in conjunction with Art. 3, for the purposes
of the VOA93, which is broader than the FATF definition. A substantial number of these VOs fall under
the FATF’s definition of non-profit organisations (NPOs) as they are set up primarily to receive or
disburse funds to carry out their social purpose, and most VOs in Malta are organisations set up to
promote hobbies, sports or social and cultural activities. The Office of the Commissioner has
conducted a risk assessment of 1,610 enrolled VOs, and identified enrolled ones potentially being at a
high risk of ML/FT abuse. However, Malta has not conducted any analysis to identify the subset of
non-enrolled VOs, which by virtue of their activities or characteristics are likely to be at risk of FT
abuse. Therefore, the risk assessment of the VO sector is not comprehensive.
(b) Malta has not identified the nature of threats posed by terrorist entities to the VOs which are at
risk, as well as how terrorist actors abuse those VOs. As described above, the Office of the
Commissioner has carried out a risk assessment exercise of all enrolled VOs. Using various
characteristics, it identified 360 VOs that potentially have a risk factor of AML/CFT, of which 47 VOs
conduct activities in high risk jurisdictions. Non-enrolled VOs have not been considered for the
purposes of the review.
(c) Malta has reviewed the adequacy of its measures that relate to the subset of the enrolled VOs in
the VO sector that may be abused for FT support, which have led to amendments in the VOA in 2018.
(d) The above-mentioned risk assessment was finalised in October 2018. Malta has not made
available any provisions on the periodic reassessment of the sector’s potential vulnerabilities to
terrorist activities.
Sustained outreach concerning terrorist issues
97. Criterion 8.2 – (a) Pursuant to Art. 7(1)(h) VOA the CVO shall monitor the promotion of VOs and
the behaviour of administrators of VOs to ensure the observance of high standards of accountability
and transparency and compliance with law. In addition, Art. 8(2) VOA state that the CVO shall seek to
encourage an environment where the credibility and good reputation of the voluntary sector is
continually enhanced through high standards of operation of VOs and their administrators, of
transparency and public awareness and of proper accountability. The CVO also publishes annual
reports that (as stated in Art. 10(1) VOA) shall contain the activities during the preceding year, a
general description of the circumstances of the voluntary sector in Malta, any recommendations
regarding relevant legislation and the accounts and financial records in respect of the operations of
93 Art. 1(2) VOA states that a VO means a foundation, a trust, an association of persons or a temporary
organisation which is independent and autonomous and which qualifies under Art. 3 VOA. That provision
defines that a VO is independent and autonomous of the government and is created or established for any
lawful purpose as non-profit making voluntary, whether it is registered (or able to be registered) as a legal
person or not in terms of the Second Schedule to the Civil Code and whether it is enrolled in terms of the VOA
or not. In addition, a VO may not be established as a limited liability company or any commercial partnership
established under the Companies Act. Trusts established or recognised in terms of the Trusts and Trustees Act
shall qualify as VOs only when they are established as charitable trusts.
153
his office. A “Code of Good Governance, Practice and Ethics for Administrators of VO” has been issued
by the CVO in 2011. Compliance with this Code is not mandatory, but it provides guidance on how
VOs should revise their governing documents, their statutes, codes of conduct, and any other similar
document. Clear legal obligations for administrators of VOs are stated in the amendments of the VOA.
(b) Malta has undertaken outreach to raise awareness amongst VOs about their potential
vulnerabilities to FT abuse and risks, and the measures that VOs can take to protect themselves
against such abuse. One seminar and seven workshops were held for VOs in September and October
2018 respectively to address these issues. A supporting toolkit to safeguarding VOs from abuse in this
respect has also been developed by the CVO. The donor community has so far not been addressed
specifically.
(c) During the seminar and the workshops, the CVO has worked with VOs to address FT risks and
vulnerabilities. Development and refinement of best practices, together with the VOs, has to been
taken up.
(d) No measures at the moment have been taken to encourage VOs to conduct transactions via
regulated financial channels, whenever feasible.
Targeted risk-based supervision or monitoring of NPOs
98. Criterion 8.3 – Pursuant to Art. 7(1)(b) and (h) VOA the CVO shall monitor the activities of VOs
in order to ensure observance of the provisions of the VOA and any regulations made thereunder, and
also the behaviour of administrators of such organisations to ensure the observance of high
standards of accountability and transparency respectively. The CVO may investigate the affairs of any
VO at any time. (S)he may demand, in writing, any relevant information relating to the operation of a
VO or any person involved in the activities of a VO, if (s)he has cause to believe that such information
is necessary in order to establish whether an organisation is acting in compliance with the provisions
of this Act or any regulations made thereunder (Art. 34 VOA).
99. As part of the on-going monitoring and scrutiny by the CVO, the CVO submits all VO records to
the FIAU and Malta Police for checks on the administrators of VOs.
100. Apart from the provisions in VOA, there a no other measures in place yet to supervise or
monitor the VOs at risk of FT abuse.
101. Criterion 8.4 – (a) The CVO regularly monitors the administrative reports, annual returns and
annual accounts of VOs. Information is referred to the Tax Compliance Unit whenever investigations
of these accounts raise suspicions. However, the measures applied are not based on the level of the
VO’s risk of FT abuse.
(b) The Commissioner may apply to the Administrative Review Tribunal to order the suspension of
the activities of an enrolled VO or the cancellation of the enrolment of a VO if any of the conditions are
met (as stipulated in Art. 19(2) VOA), such as: carrying out unlawful activities, including making
public collections without the necessary authorisation or misapplying funds, or using funds or
benefits received for purposes other than those for which such funds or benefits were granted. In
case the two aforementioned conditions are applicable the Commissioner may by written notice
order the suspension of activities of any VO.
102. In those cases where the Commissioner is of the opinion that a person or VO is making or has
made abusive use of a certificate of enrolment or made use of a forgery thereof, the Commissioner
may impose various sanctions as listed in Art. 22 VOA.94
103. Part VII (Art. 31 to 33) lists various offences (general breaches of the VOA and two more
specific ones) where fines or imprisonment may be issued. Some sanctions have been imposed, but
no fines or terms of imprisonment have been issued so far.
Effective information gathering and investigation
104. Criterion 8.5 – (a) The FIAU and the Malta Police are empowered to request and obtain any
information, data or documentation necessary (both from VOs and from the CVO) to be able to carry
out their analysis and investigations. In addition, as mentioned in c.8.3 and c.8.4(a), the CVO also
works together with the MSS and the Tax Compliance Unit. The CVO is also a member of the NCC.
There seems to be no co-operation with the Registers for Legal Persons and for Trusts.
(b) As mentioned under c.8.3 the CVO has investigative powers pursuant to Art. 34 VOA. In addition,
the FIAU and the Maltese Police (the Counter-Terrorism Unit) are empowered to investigate and
analyse cases and suspicions on ML and FT. The CVO also works together with the MSS.
(c) As mentioned under c.8.3 the CVO has investigative powers pursuant to Art.34 VOA and is
empowered to compel the production of any information or documentation. Art. 34 of the VOA is
applicable to both enrolled and non-enrolled VOs. This would include financial and administration
records which enrolled VOs are bound to keep. Information contained in the VO Register, in
accordance with the provisions of the VOA is available to the public and can be accessed in hard copy
at the office or through scanned documentation via email. The FIAU and MSS have access to any
documentation available to the CVO.
(d) Malta has a general framework in place at the domestic level to share information between the
CVO, the FIAU, the Maltese Police and the MSS, when there is a suspicion or reasonable grounds to
suspect that a particular VO is involved in FT-related activities, exploited as a conduit for FT or is
concealing or obscuring the clandestine diversion of funds to be redirected for the benefit of terrorist
or terrorist organisations.
Effective capacity to respond to intentional requests for information about an NPO of concern
105. Criterion 8.6 – Although the CVO is the authority vested with the regulation and monitoring of
VOs in Malta, and is considered as the point of contact to provide information on VOs in Malta, no
specific information is given on the procedures to respond to international requests to the CVO in
Malta for information regarding particular VOs suspected of FT. However, MLA and FIU channels can
be used to international requests.
Weighting and conclusion
106. Amendments of the VOA (that were enacted during the on-site visit) will give the CVO more
powers to be proactive when there are suspicions of ML/FT of enrolled VOs, which has meanwhile
become mandatory enrolment. The CVO has improved the sharing of information on enrolled VOs
94These sanctions include: prohibit such person from using such certificate by giving notice to such person in
writing; or issue public statements on the facts to warn the public about any abuse by the person or voluntary
organisation; or apply to the Tribunal to take action to seize any funds raised or public collections made by
such person or organisation and to return such funds to the donor thereof, or if it is not possible to locate
donors within six months from such seizure, pay such funds into the Voluntary Organisations Fund.
155
with the MSS, the FIAU and the Maltese Police, which includes VOs potentially involved in FT
activities. Measures have been taken to promote accountability and integrity to VOs in general. The
CVO has carried out a risk assessment exercise of all the enrolled VO and has, using various
characteristics, identified around 360 VOs that potentially have a risk factor of AML/CFT. First steps
have been undertaken in regard to outreach to the VO sector on FT. Non-enrolled VOs have not been
considered for the purposes of the review. However, Malta mostly met criteria 8.2, 8.5 and 8.6, and
partly met criteria 8.1, 8.3 and 8.4. Due to some deficiencies as described above R. 8 is rated
Partially Compliant (PC).
Recommendation 9 – Financial institution secrecy laws
107. In 2012 MER, Malta was rated C with former R.4.
108. Criterion 9.1 – (a) Access to information by competent authorities – Maltese authorities have
provided information relating to access to information by the FIAU, law enforcement and the MFSA.
109. In relation to the FIAU and law enforcement authorities are empowered by Art. 30(1), Art.
30(2) and Art. 30A of the PMLA, along with Art. 6B of the Professional Secrecy Act, to demand
information, notwithstanding any provision of the Professional Secrecy Act and subject persons who
comply with such demands are not considered to be breaching any obligations of confidentiality or
professional secrecy.
110. In relation to the MFSA, although the Professional Secrecy Act contains specific exemptions
relating to the provision of information to public authorities, the powers set out in Art. 16 of the
MFSA Act stipulate that subject persons must comply with demands for information despite any
provisions contained in any other law, and despite any contractual gagging restriction or similar
prohibition or other confidentiality obligation arising or alleged to arise under contract law. This is
complemented by specific exemptions from the Professional Secrecy Act in various sectorial
legislation (e.g. the Trusts and Trustees Act and the Company Service Providers Act).
(b) Sharing of information between competent authorities domestically and internationally
Sharing by MFSA:
111. Art. 17(2) of the MFSA Act allows for the disclosure of otherwise confidential information by
the MFSA when such disclosure is made in the context of exchange of information with local or
overseas enforcement or regulatory authorities.
112. Art. 17(3) of the MFSA Act states that the obligation of professional secrecy shall not prevent
the authority from exchanging or transmitting confidential information to the European Securities
and Markets Authority (ESMA), the European Banking Authority (EBA) and colleges of supervisors,
to the European Insurance and Occupational Pensions Authority (EIOPA), or to the European
Systemic Risk Board (ESRB), subject to conditions and restrictions emanating from European Union
legislation.
Sharing by FIAU:
113. The PMLA and PMLFTR contain a number of provisions facilitating the sharing of information
by the FIAU. Exchange of information with foreign counterpart FIUs is covered by Art. 27A of the
PMLA; Art. 27(1) of the PMLA covers the exchange of information with Maltese supervisory
authorities or overseas equivalents; Art. 34(3) of the PMLA provides for the sharing of information
with law enforcement authorities
Sharing by law enforcement authorities:
114. Law enforcement authorities are able to share and exchange information in terms of Art. 92 of
the Police Act and there is no prohibition and/or restriction(s) to the sharing and exchange of
information, both with local authorities (including the FIAU, the MFSA, Customs), or their overseas
equivalents.
(c) Sharing of information between financial institutions – The PMLFTR contains obligations based
upon R.13, R.16 and R.17. Subject persons must comply irrespective of financial institution secrecy
laws.
115. All criteria are met. R. 9 is rated C.
Recommendation 10 – Customer due diligence
116. In 2012 MER, Malta was rated LC with former R.5. The assessment identified technical
deficiencies related to the availability of exemptions from CDD in some cases of simplified CDD.
117. Criterion 10.1 – Reg. 7(4) PMLFTR prohibits subject persons (including FIs) from keeping
anonymous accounts or accounts in fictitious names.
118. Criterion 10.2 – Reg. 7(5)(a) PMLFTR requires the subject person to apply CDD in the following
circumstances: when establishing a business relationship; when conducting an occasional
transaction (i.e. a transaction or several linked transactions amounting to EUR 15,000 or more);
whenever they have knowledge or suspicion of proceeds of criminal activity, ML/FT, regardless of
any derogation, exemption or threshold.
119. Reg. 7(7) PMLFTR requires subject persons to repeat CDD measures whenever doubts arise
about the veracity or adequacy of the previously obtained customer identification information.
120. Reg. 2 PMLFTR, defines “occasional transaction” to include the transfer of funds as defined
under Regulation (EU) 2015/847 when the transfer exceeds EUR 1,000 in a single operation or in
several operations which appear to be linked.
121. Criterion 10.3 – Reg. 7(1)(a) PMLFTR states that all customers shall be subject to CDD
measures, including identification of the customer and verification of the identity using documents,
data or information obtained from a reliable and independent source.
122. The term “customer” as defined in Reg. 2 PMLFTR as “a natural or legal person”.
123. Reg. 7(1)(a) and 7(1)(b) PMLFTR refer to a customer as also “a body corporate, a body of
persons or any other form of legal entity or arrangement” and “a body corporate, foundations, trusts
and similar legal arrangements” respectively. The specific CDD requirements in those regulations,
along with accompanying guidance, establish that all natural persons, legal persons and legal
arrangements are covered as appropriate.
124. Criterion 10.4 – Reg. 7(3) PMLFTR states that subject persons must ensure that a person
purporting to act on behalf of a customer is duly authorised in writing to act on the customer’s
behalf, and must identify and verify the identity of that person.
125. Criterion 10.5 – Reg. 7(1)(b) PMLFTR requires subject persons to identify beneficial owners
and take reasonable measures to verify their identity to the extent that the subject person is satisfied
with knowing who the beneficial owner is. Under the FIAU Implementing Procedures Part I (3.1.1),
157
subject persons are required to establish systematic procedures for identifying an applicant for
business and ensuring that such identity is verified on the basis of documents, data or information
obtained from a reliable and independent source.
126. The term “beneficial owner” is defined under Reg. 2 PMLFTR and is broadly compliant with the
FATF definition.
127. Criterion 10.6 – Reg. 7(1)(c) PMLFTR requires subject persons to assess and, as appropriate,
obtain information on the purpose and intended nature of the business relationship, and to establish
a business and risk profile of the customer.
128. Criterion 10.7 – Reg. 7(2)(a) requires subject persons to scrutinise transactions undertaken
throughout the course of the business relationship to ensure that the transactions are consistent
with the subject person’s knowledge of the customer and of the customer’s business and risk profile,
including, where necessary, the source of funds.
129. Reg. 7(2)(b) requires subject persons to ensure that documents, data or information held by
the subject person are kept up-to-date.
130. There is no explicit requirement to undertake reviews of existing records.
131. Criterion 10.8 – There is no explicit requirement for FIs to understand the nature of the
customer’s business. However, this requirement is met by a combination of other obligations,
namely to assess and, as appropriate, obtain information on the purpose and intended nature of the
business relationship, and to establish a business and risk profile of the customer.
132. Reg. 7(1)(b) requires subject persons to take reasonable measures to understand the
ownership and control structure of the customer, where the customer is a body corporate,
foundation, trust or similar legal arrangement. Further requirements on the establishment of the
ownership and control structure of the company are provided under the Implementing Procedures
Regulations (Section 3.1.3).
133. Criterion 10.9 – The requirement to identify and verify legal persons and legal arrangements is
set in Reg. 7(1)(a), with further detail in the FIAU Implementing Procedures Part I.
(a) name, legal form and proof of existence
134. Sections 3.1.3.2 - 3.1.3.6 of the FIAU Implementing Procedures Part I set out the procedures for
identification and verification of public companies, private companies, commercial partnerships,
foundations and associations, and trustees respectively, which include gathering information on
their name, form and proof of existence and verifying the same.
(b) powers that regulate and bind; names of senior management
135. The procedures suggest a number of documents that may be obtained in order to verify the
information referred to at a) above.
136. While some of these documents may also contain information concerning the powers that
regulate and bind the legal person or arrangement (e.g. Memorandum and Articles of Association;
trust deeds) there is no clear obligation to obtain this information.
137. Reg. 7(1)(a) requires subject persons to identify all directors (or equivalent)
(c) address of the registered office and, if different, a principal place of business
138. The procedures referred to at (a) above include the requirement to obtain and verify: in
relation to public companies, private companies and commercial partnerships - “registered address
or principal place of business”; in relation to foundations or associations - “registered address”; in
relation to trusts - “the country of establishment” (along with the residential address of the trustee,
as beneficial owner).
139. Criterion 10.10 – Reg. 7(1)(b) requires the identification and taking of reasonable measures to
verify the identity of the beneficial owners of customers.
140. Reg. 2 of the PMLFTR defines the beneficial owner as “any natural person or persons who
ultimately own or control the customer”.
(a) natural person(s) (if any) who ultimately have a controlling ownership interest
141. The definition of beneficial owner specifies that, in the case of a body corporate or a body of
persons, this shall be any natural person or persons who ultimately own or control that body
corporate or body of persons through direct or indirect ownership of 25% + 1 or more of the shares,
or more than 25% of the voting rights or an ownership interest of more than 25%, are considered to
be beneficial owners.
(b) where there are doubts or there is no beneficial owner(s) under a); natural person(s) (if any)
exercising control through other means
142. The definition of beneficial owner specified that, in the case of a body corporate or a body of
persons, the beneficial owner shall consist any natural person who controls via an ownership
interest (see a) above) or, through control via other means.
143. Further guidance in this regard is provided in s under paragraph (ii) of Section 3.1.2.1 of the
Implementing Procedures Part I, with reference to the FATF’s “Guidance in Transparency of
Beneficial Ownership”.
(c) where no natural person is identified under (a) or (b) above, the identity of those holding the
position of senior managing official
144. Reg. 2 also provides that where subject persons have exhausted all possible means to identify
the beneficial owner(s) as set out above, and provided there are no grounds of suspicion, they shall
consider the natural person(s) holding the position of senior managing official or officials to be the
beneficial owner(s).
145. In such situations subject persons are also required to keep a record of the actions taken to
identify the beneficial owner.
146. Criterion 10.11 – Reg. 2 PMLFTR includes a definition of the beneficial owner in the case of
trusts, legal entities such as foundations and legal arrangements similar to trusts.
(a) for trusts: the settlor, the trustee(s), the protector (if any), the beneficiaries or class of
beneficiaries, and any other natural person exercising ultimate effective control over the trust
147. Paragraph (b) of the definition of ‘beneficial owner’ stipulates that the beneficial owner shall
consist of the settlor, the trustee or trustees, the protector where applicable, the beneficiaries or the
class of beneficiaries as may be applicable, and any other natural person exercising ultimate control
over the trust through direct or indirect ownership or other means.
148. (b) for other types of legal arrangements, the identity of persons in equivalent or similar positions
159
149. Paragraph (c) of the definition of beneficial owner stipulates that for legal entities such as
foundations and legal arrangements similar to trusts the beneficial owner shall consist of the natural
person(s) holding equivalent or similar positions to those stated in the response to c.10.11 (a) above.
150. Criterion 10.12 – Reg. 7(9) PMLFTR requires subject persons (carrying out long-term
insurance business) to carry out CDD measures on the beneficiaries of long-term insurance policies
in line with the FATF Standard: a) identify the beneficiaries where these are specifically named
natural persons, legal entities or arrangements; b) where the beneficiaries are designated by
characteristics, class or other means, subject persons shall obtain sufficient information concerning
those beneficiaries to be able to identify them at the time of pay-out; c) verify the identity of the
beneficiaries at the time of pay-out.
151. Criterion 10.13 – When assessing the risks arising out of their activities or business in terms of
their obligation under Reg. 5(1) PMLFTR, subject persons must take into account a number of risk
factors including customer risk. However, there is no specific requirement to include the beneficiary
of a life insurance policy as a relevant risk factor in determining whether enhanced CDD measures
are applicable.
152. Maltese authorities state that subject persons are expected to consider the beneficiaries of the
policy as part of the customer risk factors, although this is not specified in the legal requirement.
153. Further guidance in this regard is planned.
154. Criterion 10.14 – Reg. 8(1) PMLFTR requires subject persons to verify the identity of the
customer and the beneficial owner before establishing the business relationship or carrying out the
occasional transaction.
155. Reg. 8(2) of the PMLFTR allows verification to be delayed, so long as: this is necessary so as
not to interrupt the normal conduct of business; the risk of ML/FT is low; and verification is
completed as soon as is reasonably practicable after the establishment of the business relationship.
156. Although verification may only be delayed if the risk of ML/FT is low, there is no explicit
requirement to effectively manage AML/CFT risks in this regard.
157. Criterion 10.15 – Maltese authorities stated that the general obligation to have risk
management and CDD measures (Reg. 5(5)(a)(ii) and Reg. 7(8) PMLFTR) should be interpreted so as
to comply with this criterion.
158. However, neither of these regulations include a specific requirement to adopt risk
management procedures “concerning the conditions under which a customer may utilise the
business relationship prior to verification”.
159. Criterion 10.16 – Reg. 7(6) PMLFTR requires subject persons to apply CDD measures at
appropriate times to existing customers on a risk-sensitive basis, including when a subject person
becomes aware that the relevant circumstances surrounding a business relationship have changed.
Subject persons are expected to take into consideration a number of factors, and this may include the
CDD which has been previously carried out.
160. Reg. 7(7) of the PMLFTR requires subject persons to repeat CDD measures when doubts arise
about the veracity or adequacy of previously obtained CDD information.
161. Criterion 10.17 – Reg. 5(1) PMLFTR requires subject persons to undertake an assessment of
ML and FT risk arising out of their activities or business. This must take into account a number of
factors, including customers, countries or geographical areas, products, services, transactions and
delivery channels, and also take into consideration any national or supranational risk assessments.
162. Reg. 11(1) states that enhanced CDD measures must be applied in cases where: specific
activities or services are determined by the FIAU to represent a higher risk; on the basis of the risk
assessment, a subject person determines that there is a higher risk; and dealings are with natural or
legal persons established in non-reputable jurisdictions.
163. Reg. 11(2) states that such enhanced CDD measures must be appropriate to manage and
mitigate the high risk of ML/FT.
164. Reg. 11(1) also provides for a number of other situations in which the application of EDD
measures is mandatory, including: cross-border correspondent banking relationships; dealings with
PEPs; carrying out complex and unusually large transactions. In these scenarios, specific enhanced
measures are stipulated in the regulations.
165. Criterion 10.18 – Reg. 10(1)(a) and (b) PMLFTR, states that simplified CDD may be carried out
when: the FIAU have determined that there is a low risk of ML/FT, or, the subject person determines
that there is a low risk of ML/FT on the basis of the risk assessment carried out under Reg. 5(1).
166. Reg. 10(2) PMLFTR states that subject persons may determine the applicability and extent of
due diligence measures in a manner that is commensurate to the risk identified.
167. Reg. 10(3) PMLFTR prohibits the application of simplified due diligence measures when the
subject person has knowledge or suspicion of proceeds of criminal activity, ML/FT.
168. Criterion 10.19 – If a subject person is unable to perform CDD measures, Reg. 8(5) PMLFTR
requires that subject person not to proceed and to terminate any business relationship or occasional
transaction.
169. Reg. 8(5) PMLFTR further requires subject persons to consider disclosing the information to
the FIAU by way of a suspicious transaction report.
170. Criterion 10.20 – Under Reg. 8(5) PMLFTR, where not proceeding due to the inability to
complete CDD measures is impossible or is likely to frustrate the efforts of investigating a suspected
ML/FT operation, subject persons may proceed on condition that an STR is immediately lodged.
However, the formulation “likely to frustrate the efforts of investigating” appears to apply a lower
threshold than the FATF Standard (that “performing the CDD process will tip-off…”).
171. A number of minor deficiencies exist: no explicit requirement to undertake reviews of existing
records; the requirement to obtain information on the powers that regulate and bind a legal
person/arrangement is not clear; there is no explicit requirement to effectively manage AML/CFT
risks following delay of verification of identity; FIs are permitted not to pursue CDD at a lower
threshold than the FATF Standard; consideration of the beneficiaries of a life policy is not an explicit
risk factor. R. 10 is rated LC.
Recommendation 11 – Record-keeping
173. Criterion 11.1 – Subject persons are required to maintain all necessary records on transactions,
both domestic and international, for at least five years following completion of the transaction. Reg.
161
13(1)(b) PMLFTR requires subject persons to retain evidence and records necessary to reconstruct
all transactions carried out by that FI.
174. Reg. 13(2)(b) stipulates that records must be retained for five years commencing on the date
when all dealings taking place in the course of the transaction in question were completed.
175. Reg. 13(2) PMLFTR provides that, in relation to records of linked transactions, the five years
retention period commences on the date on which the last operation took place. It also allows the
FIAU, relevant supervisory authorities or LEAs to further extend that period to a maximum retention
period of ten years.
176. Criterion 11.2 – Subject persons are required to keep all records obtained through CDD
measures, account files and business correspondence, and results of any analysis undertaken, for at
least five years following the termination of the business relationship or after the date of the
occasional transaction. Reg. 13 PMLFTR requires subject persons to retain all CDD documentation,
data and information for a period of five years commencing on the date when the business
relationship ends or when the occasional transaction is carried out. Where a business relationship
could not be formally ended, the five years period shall start from the date on which the last
transaction in that business relationship was carried out.
177. Section 5.2. paragraph (b) of the Implementing Procedures Part I specifies that all account files
and business correspondence should be retained. This section also specifies the retention of records
of the findings of the examinations of the background and purpose of the relationship/transaction.
Under the Implementing Procedures Part I, it is also required to retain any other records that are
necessary to demonstrate compliance with the obligations under the PMLFTR. The Implementing
Procedures state that this will include internal SARs reports, the MLROs determination of
knowledge/suspicion or otherwise, external SARs reports and reasons for not externalising a SAR
report, and hence includes the results of the MLRO’s analysis.
178. Criterion 11.3 – Transaction records are required to be sufficient to permit reconstruction of
individual transactions so as to provide, if necessary, evidence for prosecution of criminal activity.
Reg. 13(1)(b) requires subject persons to retain supporting evidence and records necessary to
reconstruct all transactions carried out by that person in the course of a business relationship or any
occasional transaction.
179. Criterion 11.4 – Subject persons are required to ensure that all CDD information and
transaction records are available swiftly to domestic competent authorities upon appropriate
authority. Reg. 13(3) PMLFTR requires subject persons to ensure that upon request, all CDD
information and transaction records are made available to the FIAU and, as may be allowed by law,
to relevant supervisory authorities and LEAs.
180. Section 5.5. paragraph 3 of the Implementing Procedures Part I requires subject persons to
establish effective systems to respond efficiently, adequately, promptly and comprehensively to all
enquires by the FIAU or by supervisory or other relevant competent authorities.
Recommendation 12 – Politically exposed persons
182. In 2012 MER, Malta was rated LC with former R.6. The assessment identified no technical
deficiencies.
183. The term “politically exposed persons” is defined under Reg. (2) PMLFTR as natural persons
who are or have been entrusted with prominent public functions, other than middle ranking or more
junior officials. The definition then goes on to list a number of public functions and positions which
are captured under this definition. The definition does not refer to or distinguish between national
and foreign PEPs. Under Reg. (11)(7) PMLFTR, without prejudice to the application of enhanced CDD
measures on a risk sensitive basis, where a PEP is no longer entrusted with a prominent public
function, subject persons shall be required to apply EDD measures for at least twelve months after
the date on which that person ceased to be entrusted with a prominent public function. This
timeframe of twelve months does not meet the mandatory application of enhanced measures in the
FATF Standard, which has no time limit. However, the risk-based approach would still require
consideration by the subject person of the particular risks associated with the customer (and the
appropriate mitigating measures).
184. Criterion 12.1 – Reg. 11(1) PMLFTR requires that subject persons, in addition to their usual
CDD obligations, apply EDD measures when dealing with a customer or a beneficial owner who is a
PEP, subject to the twelve-month limit above.
185. Such enhanced measures comprise of:
(a) Risk management systems – Reg. 11(5) requires subject persons to have procedures to
determine whether a customer or a beneficial owner is a PEP.
(b) Senior management approval – Reg. 11(5) requires senior management approval for
undertaking occasional transactions or establishing or continuing business relationships with PEPs.
(c) Source of wealth and funds – Reg. 11(5)(b) requires a subject person to take adequate
measures to establish the source of wealth and source of funds
(d) Enhanced on-going monitoring – Reg. 11(5)(c) PMLFTR requires subject persons to conduct
enhanced on-going monitoring of business relationships with PEPs.
186. Criterion 12.2 – The definition of PEP does not distinguish between domestic and foreign PEPs.
The enhanced measures set out under c.12.1 apply to all PEPs irrespective of whether they are
domestic or foreign.
187. The definition also includes persons entrusted with a prominent function within an
“institution of the European Union or any other international body”.
188. Criterion 12.3 – Reg. 11(8) PMLFTR applies all EDD measures to family members or persons
known to be close associates of PEPs, subject to the twelve-month limit above however the risk-
based approach would still require consideration by the subject person of the particular risks
associated with the customer (and the appropriate mitigating measures).
189. “Family members” are defined by Reg. 11(8) as including: (i) the spouse, or a person
considered to be equivalent to a spouse; (ii) the children and their spouses, or persons considered to
be equivalent to a spouse; and (iii) the parents.
190. "Persons known to be close associates" of a PEP are defined by Reg. 11(8) as meaning: (i) a
natural person known to have joint beneficial ownership of a body corporate or any other form of
163
legal arrangement, or any other close business relations, with that PEP; (ii) a natural person who has
sole beneficial ownership of a body corporate or any other form of legal arrangement that is known
to have been established for the benefit of that PEP.
191. Criterion 12.4 – Reg. 11(6) PMLFTR requires that subject persons take reasonable measures to
determine whether the beneficiaries of a life insurance policy and, where applicable, the beneficial
owner of the beneficiary are PEPs. It requires that these measures be taken no later than the time of
pay-out or assignment, in whole or in part, of the policy.
192. If the subject person establishes that a PEP is involved, then it is required to inform senior
management before proceeding with the pay-out and to conduct enhanced scrutiny of the entire
business relationship. These obligations apply to all policies the beneficiary of which is a PEP, not
only those presenting a higher risk.
193. Where, following such enhanced scrutiny (or for any other reason) the subject person knows
or suspects or has reasonable grounds to suspect ML or FT, the general obligation to submit a STR to
the FIAU applies. However, there are no specific requirements to consider making a STR where
higher risks are identified in relation to life insurance policies with the involvement of a PEP as a
beneficiary or the beneficial owner of the beneficiary.
194. All these measures are subject to the twelve-month limit, followed by risk-based application of
enhanced measures, as described above.
195. There are no specific requirements to consider making a STR where higher risks are identified
in relation to life insurance policies with the involvement of a PEP as a beneficiary or the beneficial
owner of the beneficiary. R. 12 is rated LC.
Recommendation 13 – Correspondent banking
197. Criterion 13.1 – Reg. 11(3) PMLFTR requires subject persons to apply EDD measures when
they establish correspondent relationships with institutions from a country other than the member
states of the EU.
198. The mandatory application of these measures only to non-EU correspondents is not in
compliance with the FATF Standards which requires that the enhanced measures be applied to all
cross-border correspondent banking relationships.
199. The term “correspondent relationship” is defined under Reg. 2 PMLFTR and includes:
(i) the provision of banking services by one bank as the correspondent to another bank as the
respondent, including providing a current or other liability account and related services, such as
cash management, international funds transfers, cheque clearing, payable-through accounts and
foreign exchange services;
(ii) the relationship between and among institutions carrying out relevant financial business (i.e.
other FIs) and activities equivalent thereto, including where similar services to those under
paragraph (a) are provided by a correspondent institution to a respondent institution, and including
relationships established for securities transactions or funds transfers.
200. The EDD measures required comprise of:
(i) Reg. 11(3)(a) requirement for the relevant subject persons to ensure that they gather sufficient
information about the respondent institution to understand fully the nature of the respondent’s
business and to determine from publicly available information the reputation of the institution and
the quality of supervision on that institution;
(ii) Reg. 11(3)(b) requirement for subject persons to assess the adequacy and effectiveness of the
respondent institution’s measures, policies, controls and procedures for the prevention of ML and
FT;
(iii) Reg. 11(3)(c) requirement for subject persons to obtain the approval of senior management
prior to the establishment of new correspondent relationships;
(iv) Reg. 11(3)(d) requirement for subject persons to ensure that they document the respective
responsibilities of each institution for the prevention of ML/FT.
201. While correspondent banks are required to determine the quality of supervision of a
respondent bank, they are not required to determine if the respondent has been subject to a ML/FT
investigation or regulatory action.
202. In addition, correspondent banks are required to document rather than clearly understand the
respective responsibilities, which is not in line with the standard which implies the need to conduct
an analysis and not just to collect documents.
203. Criterion 13.2 – Reg. 11(3)(e) PMLFTR requires subject persons to be satisfied that the
respondent institution has verified the identity of and performed on-going due diligence on the
customers having direct access to the accounts of the respondent institution and to ensure that the
respondent institution will be provide the relevant CDD data, when the subject person requests it.
The mandatory application of these measures only applies to non-EU correspondents.
204. Criterion 13.3 – Reg. 11(4) prohibits FIs from entering into or continuing a correspondent
relationship with a shell institution. It also requires subject persons to implement appropriate
measures to ensure that they are not entering into or continuing a correspondent relationship with a
respondent institution which is known to permit its accounts to be used by a shell institution.
205. The term “shell institution” is defined under Reg. 2 PMLFTR and covers not only banks but all
other FIs.
206. The mandatory application of these measures only applies to non-EU correspondents.
207. Mandatory measures regarding correspondent banking relationships apply only to respondent
institutions outside the EU; correspondent banks are not required to determine if the respondent
has been subject to a ML/FT investigation or regulatory action; correspondent banks are required to
document rather than clearly understand the respective responsibilities. R. 13 is rated PC.
Recommendation 14 – Money or value transfer services
208. In 2012 MER, Malta was not evaluated against former SR.VI, having received a C rating in the
previous assessment.
209. Criterion 14.1 –The Financial Institutions Act (FIA) provides that the business of a FI may only
be undertaken in or from Malta by a company which is licensed in terms of that Act. The First
165
Schedule of the FIA lists the activities of FIs, one of which is “payment services”, which is defined in
the Second Schedule.
210. The definition does not appear to cover other stores of value, or “new payment methods” as
required by the FATF Standards.
211. Criterion 14.2 – The MFSA’s Enforcement Unit monitors and investigates cases where persons
carry out unauthorised activities, including persons carrying out MVTS without a licence. Instances
are brought to the attention of the Enforcement Unit by other MFSA Units, members of the public,
and other local/international authorities. Art. 22(1) and (5) FIA state that any person who
contravenes any provisions of the Act shall be guilty of a criminal offence and if found guilty of such
an infringement would be liable to a fine of EUR 465,874.68 or to a term of imprisonment not
exceeding four years, or both such fine and imprisonment. This would include any person providing
unlicensed MVTS in breach of Art. 3(1).
212. In addition, under Art. 23(1) FIA, where the MFSA is satisfied that a person’s conduct is in
breach of the Act, or any rules or regulations issued thereunder, it may, by notice in writing and
without recourse to a court hearing, impose an administrative penalty not exceed EUR150,000 for
each infringement or failure to comply.
213. Criterion 14.3 – “Payment services” (as described at c.4.1) are subject to AML/CFT obligations
under the PMLA and the PMLFTR and this activity is monitored for AML/CFT compliance in terms of
Art. 26 PMLA. However, the definition of payment services does not appear to cover other stores of
value, or “new payment methods” as required by the FTAF Standards.
214. Criterion 14.4 – Art. 8A (1) FIA stipulates that no FI (including those providing payment
services) may enter into an agency arrangement with a third party unless it has communicated the
following information to the competent authority (MFSA): (i) the name and address of the agent; (ii)
a description of the internal control mechanisms that will be used by agents in order to comply with
the AML/CFT obligations under the PMLA and the PMLFTR; and (iii) the identity of the directors and
persons responsible for the management of the agent to be used in the provision of Services, and
evidence that they are suitable persons.
215. Furthermore, in terms of Art. 8A(3)-(5) FIA, the MFSA may subject the person who will be
appointed as agent to any of the obligations imposed on the company licensed under the FIA. It also
can refuse to list the agent (if not satisfied that the information provided to it is correct). In case the
MFSA suspects that the agent is involved in ML/FT the registration can be refused or withdrawn.
216. Art. 8A (1) also stipulates that a person who is appointed as an agent of a FI shall only act as
agent: (i) in respect of those activities for which the FI to which he will act as agent is licensed under
the FIA; (ii) to not more than one person licensed under the FIA; and (iii) subsequent to the
verification by MFSA of the information provided by the FI.
217. According to Art. 8D of the FIA MFSA shall maintain a public register of all FIs and their
branches and agents.
218. However, the definition of payment services does not appear to cover other stores of value, or
“new payment methods” as required by the FATF Standards.
219. Criterion 14.5 – The obligation on the MVTS provider to conduct a risk assessment of the risks
of ML/FT that arise out of its business includes consideration of the provision of business or services
through agents.
220. The obligation on MVTS providers to put in place and implement internal controls includes
internal controls and compliance management procedures to ensure that its agents are complying
with the MVTS AML/CFT policies, procedures and measures.
221. FIs are required to inform the MFSA about the internal mechanisms that it will adopt to ensure
that agents are complying with AML/CFT obligations (see c.14.4 above). However, Art. 8A (1) (as
described above) only refers to “internal control mechanisms that will be used by agents” but not to
any monitoring arrangements used by the FI.
222. The definition of “payment services”, does not appear to cover all stores of value, or “new
payment methods” as required by the FATF Standards. R. 14 is rated LC.
Recommendation 15 – New technologies95
223. In 2012 MER, Malta was not evaluated against former R.8, having received a C rating in the
224. Criterion 15.1 – There are no references in any material relating to the NRA shared with the
assessment team to any work done by the authorities for the purpose of identifying and assessing
ML/FT risks that may arise in relation to the development of new products and practices, or delivery
mechanisms, nor the use of new technologies.
225. Maltese authorities stated that the NCC (established by law in April 2018) is expected to
consider this specific risk and determine, where applicable, any necessary subsequent policy
changes. At the time of the on-site, the NCC was in the process of conducting a risk assessment on
virtual financial assets.
226. Subject persons are required to identify and assess the risks of ML/FT that arise out of its
activities or business. There is a general obligation to review and up-date risk assessments (which
may be triggered by the development of new products or activities). In addition, section 3.5.4. of the
Implementing Procedures Part I (New or developing technologies and products and transactions
that might favour Anonymity), requires subject persons to pay special attention to any threat of
ML/FT that may arise from new or developing technologies or from products or transactions that
might favour anonymity, and take measures, if needed, to prevent their use in ML/FT.
227. Criterion 15.2 – There is no specific requirement to undertake the risk assessment described at
c.15.1 above prior to the launch or use of such products, practices and technologies.
228. No risk assessment for the purpose of identifying and assessing ML/FT risks that may arise in
relation to the development of new products and practices, delivery mechanisms or the use of new
technologies has been carried out at the country level. The requirement to assess the risk of new
products, services and new or developing technologies does not specify that such assessments be
undertaken prior to the use of such products, practices and technologies. R. 15 is rated PC.
95The FATF revised R.15 in October 2018 and its interpretive note in June 2019 to require countries to apply
preventive and other measures to virtual asset service providers and virtual asset activity. This evaluation
does not assess Malta’s compliance with revised R.15 because, at the time of the on-site visit, the FATF had not
yet revised its assessment Methodology accordingly. Malta will be assessed for technical compliance with
revised R.15 in due course, in the context of its mutual evaluation follow-up process.
167
Recommendation 16 – Wire transfers
229. In 2012 MER, Malta was rated C with former FATF SR.VII due to direct applicability of the
relevant requirements at the EU level as set out in the Regulation (EC) No 1781/2006.
230. Subject persons carrying out financial business involving the transfer of funds are required to
comply with the provisions of Regulation (EU) 2015/847 on information accompanying transfers of
funds, which is directly applicable under Maltese law.
231. For consistency reasons, the analysis below uses the terminology of the FATF
Recommendations interchangeably with that of the Regulation (EU) 2015/847.
232. Criterion 16.1 – Art. 4 of Regulation (EU) 2015/847 implements the FATF requirement
regarding all cross-border wire transfers of EUR 1,000 or more to be always accompanied by
required and accurate originator information, as well as by required beneficiary information.
233. Criterion 16.2 – The FATF requirements regarding batch files are implemented through Art. 6
of Regulation (EU) 2015/847 with relevant references to Art. 4 for required and accurate originator
information, as well as for required beneficiary information, including the originator’s payment
account no. or unique transaction identifier, that is fully traceable.
234. Criterion 16.3 –Art. 6 of Regulation (EU) 2015/847 implements the FATF requirement
regarding cross-border wire transfers below EUR 1,000 to be always accompanied by required
originator and required beneficiary information.
235. Criterion 16.4 –According to Art. 6 of Regulation (EU) 2015/847, FIs need not verify the
information on the originator unless, inter alia, they have reasonable grounds for suspecting ML/FT.
236. Criterion 16.5 and 16.6 – Wire transfers with all participants in the payment chain established
within the EU are considered domestic transfers for the purposes of R.16, which is consistent with
the FATF Standards.
237. Art. 5 of Regulation (EU) 2015/847 defines that such transfers shall be accompanied by at
least the payment account number of both the originator and the beneficiary, or by the unique
transaction identifier. At that, there is a three working day period established for the ordering FI to
make available required originator information whenever requested to do so by the beneficiary or
intermediary FI.
238. Art. 14 of the Regulation requires FIs to respond fully and without delay to enquiries from
appropriate AML/CFT authorities.
239. Criterion 16.7 – Art. 16 of Regulation (EU) 2015/847 establishes a five-year period for ordering
and beneficiary FIs to retain the records of originator and beneficiary information. Upon expiry of
this retention period, personal data is to be deleted, unless provided for otherwise by national law.
The Regulation defines that Member States may allow or require further retention only after they
have carried out a thorough assessment of the necessity and proportionality of such further
retention, and where they consider it to be justified as necessary for the ML/FT purposes. That
further retention period shall not exceed five years.
240. Criterion 16.8 – Art. 4 of Regulation (EU) 2015/847 prohibits the ordering FI to execute any
transfer of funds before ensuring full compliance with its obligations concerning the information
accompanying transfers of funds.
241. Criterion 16.9 – Art. 10 of Regulation (EU) 2015/847 requires intermediary FIs to ensure that
all the information received on the originator and the beneficiary, that accompanies a transfer of
funds, is retained with the transfer.
242. Criterion 16.10 – Regulation (EU) 2015/847 does not provide for the exemption specified in
this criterion regarding technical limitations preventing appropriate implementation of the
requirements on domestic wire transfers.
243. Criterion 16.11 – Art. 11 of Regulation (EU) 2015/847 stipulates the obligation of the
intermediary FI to implement effective procedures including, where appropriate, ex-post or real
time monitoring, in order to detect whether required originator or required beneficiary information
in a transfer of funds is missing.
244. Criterion 16.12 – Art. 12 of Regulation (EU) 2015/847 stipulates the obligation of the
intermediary FI to establish effective risk-based procedures for determining whether to execute,
reject or suspend a transfer of funds lacking the required originator and required beneficiary
information and for taking the appropriate follow up action.
245. Criterion 16.13 – Art. 7 of Regulation (EU) 2015/847 stipulates the obligation of the beneficiary
FI to implement effective procedures including, where appropriate, ex-post or real-time monitoring,
in order to detect whether required originator or required beneficiary information in a transfer of
funds is missing.
246. Criterion 16.14 – Art. 7 of Regulation (EU) 2015/ 847 defines that, in the case of transfers of
funds exceeding EUR 1,000, the beneficiary FI shall verify the accuracy of the identification
information on the beneficiaries before crediting their payment account or making the funds
available to them. Provisions of Art. 16 of the Regulation on retention of the records of beneficiary
information apply, as described under the analysis for c.16.7.
247. Criterion 16.15 – Art. 8 of Regulation (EU) 2015/847 stipulates the obligation of the beneficiary
FI to implement effective risk-based procedures for determining whether to execute, reject or
suspend a transfer of funds lacking the required originator and beneficiary information and for
taking the appropriate follow-up action.
248. Criterion 16.16 – The Regulation (EU) 2015/847 is binding for all MVTS providers and,
according to Art. 2, applies to the transfers of funds, in any currency, which are sent or received by
an ordering, intermediary or beneficiary FI established in the EU.
249. See R.14 above for analysis in relation to the inclusion of MVTS within the Maltese AML/CT
regime, including agents, branches and subsidiaries.
250. Criterion 16.17 – Regulation (EU) 2015/847 does not specifically address situations where
both the ordering and beneficiary institutions are controlled by the same MVTS provider.
251. Art. 9 and 13 of the Regulation require beneficiary and intermediary FIs to take into account
missing or incomplete information on the originator or the beneficiary as a factor when assessing
whether a transfer of funds, or any related transaction, is suspicious and whether it is to be reported
to the FIAU. Art.4 of the Regulation, in turn, prohibits ordering FIs to execute any transfer of funds
before ensuring full compliance with the obligations on accompanying information. Overall, this
appears to fall short of the FATF requirement for an MVTS provider to take into account all
information from both the ordering and beneficiary sides (as opposed to missing or incomplete
information on the originator or the beneficiary).
169
252. Maltese authorities suggest that the general STR reporting obligation requires an MLRO to
consider all available information deemed relevant, and that this would, in the case of a subject
person that controls both ordering and beneficiary sides, include all information from both the
ordering and the beneficiary side.
253. Regulation (EU) 2015/847 does not require to file a STR in the country affected by the
suspicious wire transfer and to make relevant transaction information available to the FIAU.
254. Criterion 16.18 – FIs conducting wire transfers are subject to the requirements of the EU
Regulations and domestic measures that give effect to UNSCRs 1267, 1373, and successor
Resolutions. Reference is made to the analysis for R.6 for further details.
255. Most criteria are met, apart from c16.16 and c16.17, which are mostly met. R. 16 is rated LC.
Recommendation 17 – Reliance on third parties
256. In 2012 MER, Malta was not evaluated against former R.9, having been assessed as Ct in the
previous evaluation.
257. Criterion 17.1 – Reg. 12(1) PMLFTR permits subject persons to rely on other subject persons or
third parties to fulfil certain CDD obligations (the identification and verification of the customer, the
identification and verification of the beneficial owner, and understanding the nature of the business
relationship), while clearly stipulating that the subject person remains ultimately responsible for
compliance with such obligations.
258. The term “Third party” is defined under Reg. 12(2) PMLFTR as “any person or institution,
including member organisations or representative bodies of such persons or institutions, situated in
an EU member state other than Malta or other third country (excluding non-reputable jurisdictions)
that: (a) applies CDD and record keeping requirements consistent with those in the PMLFTR; (b) is
supervised for AML/CFT purposes in a manner consistent with the requirements of the 4th AMLD.
However, requirement for application of CDD and record keeping, “consistent with PMLFTR”, does
not amount to compliance with the requirements set out in R.10 (see analysis of R10).
259. While this definition does not appear consistent with the definition of “third party” in the FATF
Standards (IN to R.17), which is limited to a “financial institution or DNFBP”, the conditions for
placing reliance ensure that the Standards is met, by limiting its use to third parties who apply CDD
and record keeping requirements and are supervised for AML/CFT purposes.
260. Reg. 12(3) PMLFTR requires that subject persons placing reliance shall obtain CDD
information from the subject persons or third party being relied on. Section 3.6.1 of the
Implementing Procedures Part I provides more specificity in relation to the reliance process,
including the requirement to obtain such information “immediately”.
261. Reg. 12(4) PMLFTR requires subject persons placing reliance to take adequate steps to ensure
that, upon request, the other subject person or third party being relied upon shall immediately
forward relevant copies of the identification and verification data. Section 3.6.1 of the FIAU
Implementing Procedures Part I requires subject persons to have a written agreement in place for
this purpose and recommends subject persons to “consider making occasional tests of the system”.
262. Criterion 17.2 – Reg. 12(2) PMLFTR prohibits reliance on third parties from non-reputable
jurisdictions, defined as a jurisdiction that has deficiencies in its national AML/CFT regime and
having inappropriate and ineffective measures to prevent ML/FT, or is listed by the EU as a high-risk
jurisdiction pursuant to Art. 9 of the 4th AMLD. While this prohibits reliance on third parties from
non-reputable jurisdictions, it is not equivalent to the obligation to have regard to information on the
level of country risk.
263. Criterion 17.3 – Reg. 12(5) PMLFTR allows subject persons to rely on other entities within the
same group to perform the specified CDD measures (i.e. those required under Reg. 7(1)(a) to (c)), as
long as the group applies CDD measures, record-keeping measures and AML/CFT policies and
procedures equivalent to those in the PMLFTR.
Further conditions are that:
 The effective implementation of the CDD, record-keeping and AML/CFT policies and
procedures at group level must be subject to supervision by a relevant authority.
 A subject person may not rely on a third party from a non-reputable jurisdiction, unless the
third party is a branch or majority-owned subsidiary of persons or entities established in a EU
Member State which is subject to national provisions implementing the 4th AMLD, and which fully
complies with group-wide policies and procedures that are equivalent to those required in terms of
Reg. 6 PMLFTR. However, this does not amount to compliance with the requirements set out in R.10,
R.12 and R.18, due to the deficiencies in compliance with those Recommendations (see the analysis
of R.10, R.12 and R.18).
264. Reg. 6(3) and (4) PMLFTR provide that parent entities having branches or majority owned
subsidiaries in third countries with AML/CFT requirements that are less stringent than those
envisaged under the PMLFTR shall ensure that those branches or subsidiaries apply the more
rigorous AML/CFT procedures envisaged under the PMLFTR; or additional measures to mitigate any
ML/FT risks, and shall inform the FIAU.
265. Requirement for application of CDD and record keeping, “consistent with PMLFTR”, does not
amount to compliance with the requirements set out in R.10 (see analysis of R10); Requirements for
reliance on third party that is part of a same group do not amount to compliance with the
requirements set out in R.10, R.12 and R.18 (see analysis of R10, R12 and R18). While PMLFTR
prohibits reliance on third parties from non-reputable jurisdictions, it is not equivalent to the
obligation to have regard to information on the level of country risk. R. 17 is rated LC.
Recommendation 18 – Internal controls and foreign branches and subsidiaries
266. In 2012 MER, Malta was not evaluated against former R.15, having been assessed as C in the
previous evaluation. Malta was rated C with former R.22.
267. Criterion 18.1 – Reg. 5(5) PMLFTR, requires subject persons to implement, policies, controls
and procedures, proportionate to the nature and size of its business, which address the risks
identified as a result of their risk assessment.
(a) Compliance management arrangements – Reg. 5(5)(a)(ii) requires subject persons to have
compliance management measures. Reg. 5(5)(c) requires the appointment (where appropriate with
regard to the nature and size of the business), of an officer at management level whose duties shall
include the monitoring of the day-to-day implementation of the subject persons’ AML/CFT measures,
policies, controls and procedures.
171
(b) Employee screening – Reg. 5(5)(a)(ii) requires subject persons to have in place and implement
employee screening policies and procedures.
(c) On-going training – Reg. 5(5)(b): subject persons are required to take appropriate and
proportionate measures from to time to make employees aware of:
• the subject persons’ AML/CFT measures, policies and procedures; and
• the provisions of the AML/CFT and other legal requirements.
Reg. 5(5)(e) PMLFTR: subject persons are to provide employees from time to time with training in
the recognition and handling of operations and transactions which may be related to proceeds of
criminal activity, ML/FT.
d) Independent audit function – Reg. 5(5)(d) PMLFTR, requires subject persons to implement an
independent audit function, where this is appropriate with regard to the nature and size of the
business.
The requirements to appoint a compliance officer and implement an independent audit function are
dependent on an undefined nature and size of the business.
268. Criterion 18.2 – A “group” is defined as a parent undertaking and all its subsidiary
undertakings.
269. Reg. 6(1) PMLFTR states that subject persons that are part of a group are required to
implement group-wide policies and procedures that include the AML/CFT measures referred to
under c.18.1, as well as policies and procedures on data protection and the sharing of information.
270. This broad provision may be interpreted to include the provision at group level compliance,
audit or AML/CFT functions of any information that is necessary for AML/CFT purposes, hence
including customer, accounts and transaction information. However, this is not specified in the
legislation.
271. Criterion 18.3 – Where subject persons have branches/subsidiaries in third countries where
AML/CFT measures are less stringent than those under the PMLFTR, Reg. 6(3) required that those
branches/subsidiaries implement the provisions of the PMLFTR as long as the third country’s
legislation permits. Where the third country legislation does not permit it, that subject person should
ensure that the branches/subsidiaries apply additional measures to effectively handle the risk of
ML/FT and must immediately inform the FIAU.
272. There are no similar provisions for branches and subsidiaries within the EEA. Instead, the
parent undertaking must ensure that the subsidiary or branches follow the law of the other EEA
state (Reg. 6(2)).
273. Requirements to appointment of a compliance officer and implement an independent audit
function are dependent on an undefined nature and size of the business; the full scope of information
to be exchanged under group-wide AML/CFT programmes is not clearly articulated; and FI’s are not
required to ensure that their branches and subsidiaries in the EEA have in place similar AML/CFT
measures to Malta based on the assumption that all EEA members have implement the 4 th AMLD
adequately. In the context of Malta, these are considered to be minor deficiencies. R. 18 is rated LC.
Recommendation 19 – Higher-risk countries
274. In 2012 MER, Malta was rated LC with former R.21. The assessment identified technical
deficiencies related to the lack of practical assistance on application of the concept of non-reputable
jurisdiction and hence the risk that appropriate counter-measures would not be applied.
275. Criterion 19.1 – Reg. 11(1)(c) states that subject persons shall apply EDD measures when
dealing with natural or legal persons established in a “non-reputable jurisdiction”, which is defined
as a jurisdiction that has deficiencies in its national AML/CFT regime or that has inappropriate and
ineffective measures for the prevention of ML/FT, taking into account any accreditation, declaration,
public statement or report issued by an international organisation which lays down internationally
accepted standards for the prevention of ML and for combating FT or which monitors adherence
thereto, or is a jurisdiction identified by the European Commission in accordance with Art. 9 of
Directive (EU) 2015/849.
276. While this formulation does not necessarily encompass the countries for which certain actions
are called for by the FATF, the supporting guidance in the Implementing Procedures (Appendix III)
clarify that enhanced measures must be applied to jurisdictions subject to a FATF call for counter-
measures.
277. Criterion 19.2 – The FIAU may apply countermeasures proportionate to the risks whenever it is
informed by subject persons that they are going to undertake occasional transactions for, or
establishing business relationships or acting in the course of a business relationship with a natural
or legal person established in a non-reputable jurisdiction in respect of which there has been an
international call for counter-measures.
278. The FIAU can require a business relationship to cease or a transaction not to be undertaken, or
apply any other counter-measure as may be adequate under the respective circumstances.
279. This process is effectively mandatory in relation to jurisdictions subject to an FATF call for
counter-measures (see 19.1 above). In addition, Art. 30C of the PMLA empowers the FIAU to apply
specific counter-measures in relation to higher-risk countries on its own volition (i.e. independently
of any call by the FATF).
280. Criterion 19.3 – FATF and MONEYVAL Statements are uploaded on the FIAU’s and MFSA
websites and the FIAU sends out a newsletter to all its subscribers (which include the MLROs of all
financial institutions) to advise them about the new statements as well as to remind them about the
Guidance Note that the FIAU had issued on High-Risk and Non-Cooperative Jurisdictions. In addition,
MFSA circulates information on the statements to its supervised entities.
Recommendation 20 – Reporting of suspicious transaction
282. Malta was rated PC in the MER of 2012 as regards the STRs requirements. The assessment
team highlighted deficiencies in the criminalisation of FT limiting the reporting obligations and
requiring further clarifications in the definition of FT. Furthermore, the scope of reporting
requirements related to ML only, not to proceeds of criminal activity.
173
283. Criterion 20.1 – According to Reg. 15(3) PMLFTR, whenever subject persons (as defined in Reg.
2 PMLFTR) know, suspect or have reasonable grounds to suspect that funds, regardless of the
amount involved, are the proceeds of criminal activity or are related to FT, or that a person (natural
or legal) may have been, is or may be connected with ML or FT they are required to disclose that
information to the FIAU. Criminal activity is defined by the PMLA as “any activity, whenever or
wherever carried out, which, under the law of Malta or any other law amounts to: (a) a crime or
crimes specified in art. 3(1)(a) of the UN Convention Against Illicit Traffic in Narcotic Drugs and
Psychotropic Substances; or (b) one of the offences listed in the Second Schedule to the PMLA i.e. any
criminal offence”. The disclosure has to be made as soon as it is reasonably practicable, but not later
than five working days from when the knowledge or suspicion first arose. This mechanism to file
STRs casts doubts on fulfilment of the obligation to do so “promptly” in line with the FATF
Recommendations. Subject persons are prohibited to carry out the transaction until the FIAU has
been informed (Art. 15 (4)), unless it is not possible to refrain from carrying out the transaction (Art.
15 (5)), in which case the subject person must inform the FIAU “immediately after the transaction is
effected”.
284. Criterion 20.2 – Reg. 15 PMLFTR states clearly that STRs are to be sent in cases of funds
suspected to be proceeds of criminal activity “regardless of the amount involved”. The authorities
indicated that the disclosure obligation also covers attempted transactions, although this is not
clearly stated by the law.
285. The PMLFTR is partly in line with the substantive requirements under Criterion 20.1, as the
mechanism to file STRs casts doubts on the fulfilment of the obligation to do so “promptly” in line
with the FATF Recommendations. Criterion 20.2 is partly met, as the legislation does not clearly and
expressly include also the attempted transactions among those to be reported by the subject
persons. Taking into account the above, R.20 is rated PC.
Recommendation 21 – Tipping-off and confidentiality
286. In the 2012 MER, Malta was rated C with former R.14.
287. Criterion 21.1 – Reg. 15 (10) PMLFTR states that disclosures made by a subject person, their
employees or directors that have been done in bona fide are not to be treated as a breach of duties of
professional secrecy or any other restriction imposed by statute or otherwise and shall not involve
that subject person, its employees or directors in any liability of any kind. This extends also to those
circumstances when the subject person, its employees or directors are not precisely aware of the
underlying criminal activity and regardless of whether illegal activity actually occurred. Reg. 15(11)
PMLFTR further provides protection and confidentiality to the identity of the persons and employees
reporting suspicious ML/FT or suspicions that funds are the proceeds of criminal activity, either
internally (internal reporting) or to the FIAU.
288. Criterion 21.2 – Reg. 16(1) PMLFTR states that subject persons, any official or employee of a
subject person or any person from whom the FIAU has demanded information, or any other person
who has transmitted information to the FIAU are prohibited from disclosing to the person concerned
or to a third party (i.e. any other person, natural or legal) the fact that (a) information, including a
STR, has been or may be transmitted to the FIAU; and/or (b) that information has been demanded by
the FIAU. This prohibition of disclosure shall extend to tipping-off that an analysis or an investigation
has been, is or may be carried out. Any subject person, official/employee or any other person who
breaches such prohibition shall be guilty of an offence and liable on conviction to a fine not
exceeding EUR 115,000 or to imprisonment for a term not exceeding two years, or to both such fine
and imprisonment. Reg. 16(2) provides for exemptions from the prohibition within groups, in line
with R.18.
Recommendation 22 – DNFBPs: Customer due diligence
290. In 2012 MER, Malta was not assessed against former R.12, having received a LC rating in the
291. In the analysis presented below, the deficiencies identified in relation to the compliance of FIs
with the FATF requirements under respective Recommendations are also relevant, where applicable,
for the DNFBPs, unless specified otherwise.
292. Criterion 22.1 – Maltese CDD requirements are applicable to all subject persons, be they FIs or
DNFBPs. A subject person is anyone carrying out “relevant financial business” and/or “relevant
activity”. The latter term is defined under Reg. 2 PMLFTR to include all DNFBPS as envisaged by the
FATF Standards.
(a) Casinos – Reg. 9(1) PMLFTR: casino and gaming licensees must carry out CDD measures when
carrying out transactions that amount to or exceed EUR 2,000. In the case of an occasional
transaction the ERU 2,000 threshold can be reached either in a single operation or in several
operations which appear to be linked.
Reg. 9(1) PMLFTR is applicable to transactions of all kinds as it does not specifically refer to
transactions in chips or tokens.
Regulation 9(2((b) along with the supporting Implementing Procedures, act to require that casinos
to be able to link CDD information for a customer to the transactions that the customer conducts in
the casino.
(b) Real estate agents – The activity of real estate agents constitutes ‘relevant activity’, but the
activity is not expressly defined in legislation to include the involvement in transactions for a client
concerning both the buying and selling of real estate.
CDD obligations are understood to encompass both parties to the sale and purchase of property and
this interpretation is evidenced in compliance reports and sanctions imposed on real estate agents
for failing to identify both parties to sale agreements.
(c) Dealers in precious metals and stones – The definition of ‘relevant activity’ includes trading in
goods (not limited to precious metals and stones) for cash of EUR 10,000 or more, whether the
transaction is carried out in a single operation or in several operations which appear to be linked.
(d) Lawyers, notaries, other independent legal professionals and accountants – The activities of
auditors, external accountants and tax advisors constitutes ‘relevant activity’ along with lawyers,
notaries and other independent legal professionals, when they participate in any financial or real
estate transaction, or by assisting in the planning or carrying out of transactions for their clients
concerning:
(i) buying and selling of real property or business entities;
175
(ii) managing of client money, securities or other assets, unless operating with a licence issued under
the provisions of the Investment Services Act;
(iii) opening or management of bank, savings or securities accounts;
(iv) organisation of contributions necessary for the creation, operation or management of
companies;
(v) creation, operation or management of companies, trusts, foundations or similar structures, or
when acting as a trust or company service provider.
(e) Trust and company service providers – The definition of ‘relevant activity’ includes trust and
company service providers, so are subject to all CDD requirements.
A ‘trust and company service provider’ is defined by Reg. 2 PMLFTR as being any natural or legal
person who:
(a) provides trustee or other fiduciary services whether authorised or otherwise in
terms of the Trusts and Trustees Act, other than persons acting as trustees in terms of Art. 43A
of the said Act;
(b) arranges, by way of business, for another person to act as a trustee of an express trust
or a similar legal arrangement;
(c) arranges, by way of business, for another person to act as a fiduciary (i.e. nominee)
shareholder for another person other than a company listed on a regulated market that is
subject to disclosure requirements;
(d) acts as a company service provider- defined in the Company Service Providers Act to
consist of the formation of companies or other legal entities; acting as or arranging for another
person to act as director or secretary of a company, a partner in a partnership or in a similar
position in relation to other legal entities; and provision of a registered office, a business
correspondence or administrative address and other related services for a company, a
partnership or any other legal entity.
The definition is broadly consistent with the FATF Standards.
There is an exemption from the definition of DNFBP (namely; trustees acting in terms of Art.
43A of the Trusts and Trustees Act). Exemptions from the AML/CFT regime are limited to
circumstances of lower risk and, while not specifically considered in the NRA, are not
inconsistent with the authorities’ understanding of risk.
293. The deficiencies identified under R.10 also apply to DNFBPs.
294. Criterion 22.2 – Reference is made to the analysis for R.11 on the general coverage of record-
keeping requirements within Maltese legislation, which are equally applicable to FIs and DNFBPs, as
subject persons.
295. Criterion 22.3 – Reference is made to the analysis for R.12 on the general coverage of PEP
requirements within Maltese legislation, which are equally applicable to DNFBPs.
296. Criterion 22.4 – Reference is made to the analysis for R.15, which is equally applicable to
DNFBPs.
297. Criterion 22.5 – Reference is made to the analysis for R.17 on the reliance provisions, which are
applicable to DNFBPs.
298. Based on deficiencies identified in R.10, 12, 15 and 17 which are equally relevant to DNFBPs,
R. 22 is rated LC.
Recommendation 23 – DNFBPs: Other measures
299. In 2012 MER, Malta was rated PC with former R.16. The assessment identified technical
deficiencies related to the incrimination of FT and the scope of reporting requirements.
300. In the analysis presented below, the deficiencies identified in relation to the compliance of FIs
with the FATF requirements under respective Recommendations are also relevant, where applicable,
for the DNFBPs, unless specified otherwise.
301. Criterion 23.1 – Maltese reporting requirements are applicable to all subject persons, be they
FIs or DNFBPs. A subject person is anyone carrying out “relevant financial business” and/or
“relevant activity”. The latter term is defined under Reg. 2 PMLFTR to include most DNFBPS as
envisaged by the Standard, excluding “private trustees” (see c.22.1 for details).
302. Reference is made to the analysis for R.20 on the general coverage of STR requirements within
Maltese legislation.
303. Criterion 23.2 – Reference is made to the analysis for R.18 on the general coverage of internal
control requirements within Maltese legislation.
304. All subject person, including DNFBPs in the circumstances envisaged by this criterion (with the
exception of “private trustees”), are obliged to have internal controls as described at R18 above.
305. Criterion 23.3 – Reference is made to the analysis for R.19 on the general coverage of the
requirements regarding high-risk countries within Maltese legislation.
exception of “private trustees”), are obliged to comply with high-risk countries requirements as
described at R.19 above.
307. Criterion 23.4 – Reference is made to the analysis for R.21 on the general coverage of the
tipping-off and confidentiality requirements within Maltese legislation.
exception of “private trustees”), are obliged to comply with tipping-off and confidentiality
requirements as described at R21 above.
309. Based on deficiencies identified in R.20 and R.18 which are equally relevant to DNFBPs, R. 23
is rated LC.
Recommendation 24 – Transparency and beneficial ownership of legal persons
310. In the 3rd Round Malta was rated as C with former R.33.
311. Criterion 24.1 – (a) Types, forms and features of legal persons: The Maltese legal framework
provides for the establishment of public liability companies; private limited liability companies;
177
Societa Europea, European Economic Interest Groupings; Partnerhips en nom collectif (i.e. unlimited
liability) and Partnerships en Commandites (i.e. limited liability); as well as private foundations,
purpose foundations and associations. Art. 84 of the Companies Act also provides for cell companies
which are a form of Partnerships en Commandites. Associations have the option of either registering
with the Registrar for Legal Persons, in which case they obtain legal personality upon registration, or
to not register, in which case they are not endowed with legal personality. On the other hand, it is
mandatory for all foundations, whether they are new or whether they existed before 2008 (when the
relative legislation came into effect), to register at the Public Registry, Malta. Separate legislation
defines each type of legal person, as discussed under (b) below.
(b) Process for creation of legal persons and obtaining beneficial ownership: Art. 67-82 of the
Companies Act explains the process for creating, capturing basic information and registering a
company at the Registrar. Art. 13, 14 and 15 of the Companies Act explains the process for creating,
capturing basic information and registering a partnership (limited and unlimited liability) at the
Registrar of Companies, which until recently formed part of the MFSA. The Companies Act (Cell
Companies Carrying on Business of Insurance) Regulations which govern protected cell companies
(PCC) and the Companies Act (Incorporated Cell Companies Carrying on Business of Insurance)
Regulations which govern incorporated cell companies (“ICC”), allow a cell company to be formed in
carrying out the business of insurance, reinsurance, captive, insurance brokerage and insurance
management. However, to date there are no ICCs authorised under the Insurance Business Act.
Both PCCs and ICCs have the ability to create cells for the purposes of the segregation of the cellular
assets and liabilities. It should be noted that incorporated cells and protected cells have different
statuses at law: namely, a protected cell does not have a separate legal personality and each cell
transacts through the PCC, whilst in the case of an ICC each incorporated cell has its own separate
legal personality which is distinct from that of other incorporated cells and that of the ICC. PCCs may
only be used for regulated insurance business and ICCs may only be used for regulated insurance
and investment business.
312. The Second Schedule to the Civil Code lays down the requisites for the registration of
foundations in Art. 26, 29, 31, 32, 33, 32A and 35 and the requisites for the registration of
associations in Art. 27, 48, 49, 51, 53 and 54 with the Registrar of Legal Persons. All the necessary
information for registration of legal persons is publicly available. The obtaining and recording of
beneficial ownership is discussed under c.24.6.
313. Criterion 24.2 – It is acknowledged by the authorities in the NRA that Maltese legal persons can
be misused for ML/FT purposes, in particular, that such vehicles have been used to obscure
beneficial ownership. A separate risk assessment analysing how all types of Maltese legal persons
could be used for ML/FT purposes was underway, but not finalised at the time of the on-site visit.
314. Criterion 24.3 – Companies and Partnerships - Companies (Art. 76) and partnerships (Art.15) of
the Companies Act are required to submit respectively their memorandum and articles of
association and their deed of partnership to the Registrar of Companies to obtain their legal status.
The particulars of each director, shareholder and company secretary, as well as the registered office
and share capital of the company are all entered in the Registry of Companies electronic online
system (https://rocsupport.mfsa.com.mt/pages/SearchCompanyInformation.aspx). Basic
information (company name, registration number, registered office address and company status) is
available free of charge. The authorities have advised that further information is available online,
upon subscription but without charge to the general public. Downloading of company documents
carries a small charge. This procedure applies to all commercial partnerships, which includes
partnerships en commandite, en nom collectif and limited liability companies.
315. Foundations and Associations - As per Subsidiary Legislation 16.07/Legal Notice 439/2010
relative to the Civil Code (Second Schedule) (Fees) Regulations, the basic information and all
registration documents at the Public Registry regarding associations and purpose foundations are
publicly available and open to physical inspection against a small charge. Basic information is
publicly available for private foundations.
316. Criterion 24.4 – Companies and Partnerships – Companies and Partnerships are required to
maintain constitutive documents in Malta. Therefore, the basic information specified in c24.3 is
maintained. Art. 123 of the Companies Act requires companies to keep a register of members where
there must be entered the names and addresses of the members, a statement of the shares held by
each member, distinguishing each share by its number, and of the amount paid or agreed to be
considered as paid on the shares of each member, the date when each person was entered in the
register as a member, and the date at which any person ceased to be a member. Where the share
capital is divided into different classes of shares, the rights attaching to the shares of each class shall
be included in the memorandum of association (under Art. 69 of the Companies Act). Pursuant to
Art. 123 of the Companies Act, the register of members must be kept at the registered office of the
company or such other place in Malta as may be specified in the memorandum or articles. Art. 13 of
the Companies Act requires that a partnership shall not be validly constituted, unless a deed of
partnership is entered into and signed and certificate of registration is issued. Art. 14 of the
Companies Act requires the deed of partnership to state, inter alia: the name and residence of the
partners; the partnership name; registered office; the objects of the partnership and the contribution
of each of the partners.
317. Foundations and Associations – Foundations and Associations are required to maintain
constitutive documents in Malta. Therefore, the basic information specified in c24.3 is maintained.
Art. 49 of the Second Schedule to the Civil Code requires that the agreement establishing an
association shall be in writing. The statute shall state, inter alia, the following in order to be eligible
for registration: name; registered address; the purpose or objects and the composition of the board
of administration and the names of the first administrator. Art. 29 of the Second Schedule to the Civil
Code states that a foundation may only be constituted by virtue of a public deed and shall state, inter
alia, the following in order to be eligible for registration: name; registered address; the purpose or
objects and the composition of the board of administration and the names of the first administrator.
318. Criterion 24.5 – Companies and partnerships - There is an obligation in the Companies Act for
companies to notify the Registrar of Companies of changes in their directors, shareholders, company
secretary, share capital and in general any changes to the memorandum and articles. Art. 79(2)
requires the directors and the company secretary to deliver to the Registrar for registration a
printed copy of any resolution effecting changes to the memorandum and articles within fourteen
days after the date of the resolution, together with a revised and updated copy of the memorandum,
and of the articles, if any, as amended by the said resolution and incorporating all the changes
effected to date relating to the directors, company secretary, the representation of the company,
change in registered office of the company, or any transfer or transmission of shares or any
allotment of shares. The Companies Act provides for penalties in the event of a late notification of the
foregoing. Companies are also obliged to submit an annual return which confirms the current basic
179
information. Art. 19 of the Companies Act requires that any change in a deed of partnership shall be
in writing and signed by the partners and an authentic copy submitted to the Registrar.
319. Foundations and Associations – Pursuant to Regs. 3 and 5 of the Civil Code (Second Schedule)
(Notifications and Forms) Regulations, there is an obligation to file with the Registrar for Legal
Persons the updated information through the prescribed forms or by notification to the Registrar
within 14 days from the date of any amendments to the statute. Copies of the amended documents/
consolidated statutes must also be filed.
320. Criterion 24.6 – The Maltese authorities rely on a range of measures to obtain beneficial
ownership information in a timely manner on legal persons incorporated under Maltese Law as
follows: (1) the vast majority of legal persons have an on-going business relationship with a
corporate service provider and/or a lawyer or accountant at the incorporation stage and on an on-
going basis as Maltese legal persons must have a registered address in Malta; (2) all companies set
up in Malta have a share capital requirement and the authorities estimate that in practice 80% of all
these companies’ share capital is deposited into a Maltese bank account. Details of the relevant bank
or account information is typically provided as part of the registration documentation for companies,
and are thus available and accessible at the relevant Registry; and (3) with effect from 1 January
2018 all new Maltese limited liability companies, partnerships, foundations and associations were
required to obtain beneficial ownership information and disclose such information to the pertinent
registries pursuant to the Companies Act (Register of Beneficial Owners) Regulations, 2017; Civil
Code (Second Schedule) Register of Beneficial Owners – Foundations) Regulations, 2017 and Civil
Code (Second Schedule) (Register of Beneficial Owners – Associations) Regulations, 2017. The
purpose of these Regulations was to implement Directive (EU) 2015/849 (4th AMLD). In respect of
non-Maltese legal persons administered by a corporate service provider, lawyer or accountant
beneficial ownership information would be collated by a subject person in accordance with the CDD
requirements under the PMLFTR.
321. Companies and other commercial partnerships registered in Malta prior to 1 January 2018 are
required, as per Reg. 8 of the Companies Act (Register of Beneficial Owners) Regulations, 2017, to set
up their own register of beneficial owners by the end of June 2018. These companies are
furthermore required to submit to the Registrar of Companies the first notification / declaration on
their beneficial owners as at either (i) the date of the first anniversary of the company’s registration
that falls due after 30 June 2018; or, (ii) where there is a change in beneficial owners occurring after
30 June 2018 and before the date of the said anniversary, as at the date of such change.
322. The period for submitting beneficial ownership information in regard to Foundations and
Associations established prior to 1 January 2018 has been extended to 30 June 2019 as per the Civil
Code (Second Schedule) (Register of Beneficial Owners-Foundations) (Amendments) Regulations,
2018 and as per the Civil Code (Second Schedule) (register of Beneficial Owners-Associations)
(Amendment) Regulations, 2018. The Maltese authorities have advised that this extension is because
the VOs sector, being quite large in Malta, requires more time to adapt to the new requirements in
view of the penalties stipulated in the Regulations.
323. The instruments establishing the Beneficial Ownership Registers grant access to beneficial
ownership information to the following: (i) national competent authorities with designated
responsibilities for combating money laundering and terrorist financing; (ii) the Financial
Intelligence Analysis Unit; and (iii) national tax authorities. In addition, any other authority which
does not fall within any of these categories, but is listed as a competent authority under the PMLFTR
is also granted access to the said information. Additionally, access is also granted to (i) subject
persons in terms of the PMLFTR providing services in or from Malta, for the purpose of carrying out
CDD in accordance with the said regulations; and (ii) any person who, or organisation which, in a
written request, satisfactorily demonstrates and justifies a legitimate interest specifically related to
the prevention of money laundering and the financing of terrorism. However, in the latter case,
access would be only granted to the name, the month and year of birth, the nationality, the country of
residence and the extent and nature of the beneficial interest of the beneficial owners
Companies & Partnerships
324. Reg. 5 of the Companies Act (Register of Beneficial Owners) Regulations requires that a
company shall obtain and at all times hold adequate, accurate and up to date information in respect
of its beneficial owners, which shall at least include the following particulars: (a) the name, the date
of birth, the nationality, the country of residence and an official identification document number
indicating the type of document and the country of issue, of each beneficial owner; (b) the nature and
extent of the beneficial interest held by each beneficial owner and any changes thereto; and (c) the
effective date on which a natural person became, or ceased to be, a beneficial owner of the company
or has increased or reduced his beneficial interest in the company.
325. The definition of beneficial owner is defined in the PMLFTR and means any natural person or
persons who ultimately own(s) or control(s) the company through direct or indirect ownership of
more than 25% or more of the shares or voting rights or control through other means. In the absence
of such a natural person or natural persons, the senior managing official shall be considered the
beneficial owner. The definition of beneficial owner is broadly compliant with the FATF definition.
326. These Regulations also apply to partnerships as if reference to company were a reference to
partnership en nom collectif and partnership en commandite (limited partnership).
Foundations
327. Reg. 4 of the Civil Code (Second Schedule) (Register of Beneficial Owners-Foundations)
Regulations requires that a foundation shall obtain and at all times hold adequate, accurate and up to
date information in respect of its beneficial owners, which shall at least include the following
particulars: name; date of birth; nationality; country of residence, an official identification document
number including the type of document and country of issue, the role of the beneficial owner, and in
the case of a beneficiary, the nature and extent of the benefit and any changes thereto.
328. Reg. 2 defines the term ‘beneficial owner’ as the founder; administrator(s); the protector or
members of the supervisory council, if any, the beneficiaries where identified in the foundation
instrument or where the individuals benefiting from the foundation have yet to be determined, the
class of persons in whose main interest the foundation is set up or operates and any other natural
person exercising ultimate and effective control over the foundation by any means including any
person whose consent is to be obtained, or whose direction is binding.
Associations
329. Reg. 4 of the Civil Code (Second Schedule) (Register of Beneficial Owners-Associations)
Regulations requires that an association shall obtain and at all times hold adequate, accurate and up
to date information in respect of its beneficial owners, which shall at least include the following
particulars: name; date of birth; nationality; country of residence, an official identification document
number including the type of document and country of issue, the nature and extent of the beneficial
181
interest and any changes thereto and the role of the relevant person i.e. the administrators, the
protector or members of the Supervisory Council, if any, and any other natural person exercising
ultimate and effective control over the association by means of indirect ownership or by other means
including any person whose consent is to be obtained or whose direction is binding for material
actions to be taken.
330. Criterion 24.7 – Malta has imposed obligations on companies, associations and foundations to
ensure that beneficial ownership is accurate and up-to-date as follows:
Companies and Partnerships
331. Reg. 5(1) of the Companies Act (Register of Beneficial Owners) Regulations provides that
every company shall obtain and at all times hold adequate, accurate and up to date information in
respect of its beneficial owners. Furthermore, Reg. 6(1) stipulates that where there is a change in the
beneficial ownership of a company, the company is obliged to deliver a notice to the registrar, within
fourteen days after the date on which the change is recorded with the company, notify the Registrar
of the updated including the nature and extent of the beneficial interest and the effective date of
changes made.
Foundations
332. Reg. 4(1) of the Civil Code (Second Schedule) (Register of Beneficial Owners – Foundations)
Regulations provides that every foundation shall take all reasonable steps to obtain and at all times
hold adequate, accurate and up to date information in respect of its beneficial owners. Furthermore,
Reg. 7(2) then provides that where there is a change in the beneficial ownership of the foundation
the foundation shall, within 14 days from the date on which the change is recorded with the
foundation, notify the Registrar of the updated including the nature and extent of the beneficial
interest and the effective date of changes made.
Associations
333. Reg. 4(1) of the Civil Code (Second Schedule) (Register of Beneficial Owners – Associations
Regulations, 2017) imposes a requirement that every association shall take all reasonable steps to
obtain and at all times hold adequate, accurate and up to date information in respect of its beneficial
owners. Furthermore, Reg. 8(2) requires that where there is a change in the beneficial ownership of
an association, the association shall, within 14 days notify the Registrar with updated information
including the nature and extent of the beneficial interest and the effective date of changes made.
334. Notwithstanding the above, the assessment team has identified major shortcomings with the
Maltese beneficial ownership regime which are detailed in R.24.8, which could call into question the
accuracy of beneficial ownership information in Malta.
335. Criterion 24.8 – The Maltese authorities take a multi-pronged approach to obtaining beneficial
information in a timely manner on legal persons incorporated under Maltese law and legal
arrangements, but the assessment team has identified the following shortcomings with each of these
methods, which could call into question the accuracy of beneficial ownership information for some
legal persons in Malta:
a) Trustees have been regulated and supervised by the MFSA since 2004 and CSPs since 2013, (albeit
subject to AML/CFT supervision prior to this date), as they were deemed to be subject persons
under the PMLFTR. However, there is no legislative provision requiring a subject person to
incorporate a company or register a partnership and maintain its registered office. Therefore, legal
persons may be created without the scrutiny of an entity subject to Maltese AML/CFT supervision.
Moreover, lawyers providing company services are exempt from registration with the MFSA in view
of the fact that they are already subject persons. However, lawyers are not subject to adequate
market entry measures.
b) All companies set up in Malta have a share capital requirement. There is no requirement for this
to be deposited in a Maltese bank subject to AML/CFT supervision. The authorities estimate that in
practice 80% of these companies’ share capital is deposited into a Maltese bank account. However,
this is likely to reduce further as the corporate service providers interviewed advised that it was
becoming increasingly difficult to bank their clients in Malta due to the enhanced scrutiny of CDD
checks by the Maltese banks. Therefore, beneficial ownership information would not be available to
the Maltese authorities via this approach for approximately 20% of companies.
336. c) Centralised registers of beneficial ownership have been created for both legal persons and
trusts. These are maintained respectively by the Registrar of Companies; Registrar of Legal Persons
(Associations and Foundations) and the MFSA. However, the registers for legal persons are currently
being retroactively populated. Hence, the assessment team could not fully assess the effectiveness of
this new mechanism. Notwithstanding the above, the assessment team identified the following
shortcomings with the register of beneficial ownership for companies and other commercial
partnerships: (i) directors (or equivalent) and the company secretary are responsible for providing
basic and beneficial ownership information to the Registrar of Companies and other competent
authorities. However, to date there is no requirement for the director and/or the company secretary
to be resident in Malta, and hence to be subject to Maltese AML/CFT supervision; and (ii) the
Registry of Companies is not empowered in legislation96 to undertake on-site visits to verify the
accuracy of beneficial ownership information held on companies and commercial partnerships.
337. Foundations and Associations – Administrators are responsible for providing basic and
beneficial ownership information to the Registrar where the administrator is a body corporate, the
declaration of beneficial ownership shall be signed by at least two persons entrusted with the
management and administration thereof. However, administrators of foundations and associations
are not required to be resident in Malta and therefore to be subject to Maltese AML/CFT supervision.
In the case of a non-resident administrator, Art. 29 (in respect of foundations) and Art.49 (in respect
of associations) of the Second Schedule to the Civil Code requires the appointment of a person
ordinarily resident in Malta to act as the local representative of the legal person in Malta.
Nonetheless, it is the administrator who is obliged to obtain and maintain beneficial ownership
information.
338. Criterion 24.9 – All company information (including beneficial ownership) that is collected by
the Registrar of Companies is retained in the company register throughout the lifetime of the
company and thereafter.
339. With regard to the dissolution of a company Art. 324(2) of the Companies Act requires that the
liquidator shall keep the accounts, accounting records and documents of the company for a period of
ten years from the date of publication of the striking of the company’s name off the register, but
there is no explicit obligation for the liquidator to retain BO information. The authorities clarified
96The Companies Act (Register of Beneficial Owners) (Amendment) Regulations, 2019 will provide the
Register of Companies with the power to undertake onsite visits in order to establish the current beneficial
ownership
183
that since the company is obliged by law to keep a register of beneficial owners, such register is to be
considered as an important document which the liquidator should keep.
340. Subject persons under the PMLFTR are required, in terms of Reg. 13(2)(a) of the PMLFTR, to
keep records of CDD measures carried out, including information obtained on the company and the
identity of its beneficial owners, for a period of 5 years (which may be extended up to a cumulative
maximum of 10 years where the FIAU considers this to be necessary), as from the date of carrying
out of an occasional transaction or termination of a business relationship with the company.
341. Criterion 24.10 – Competent authorities have all the powers necessary to obtain timely access
to basic and beneficial ownership information, including from subject persons. This is explained
under c.27.3 (which is relevant to DNFBPs), c.29.3 (FIU) and c.31.1 (law enforcement). As explained
under c.24.3, basic information for companies and partnerships is available online, but not in respect
of foundations and associations. Furthermore, with effect from 1 January 2018, all new Maltese
limited liability companies, partnerships, foundations and associations were required to obtain
beneficial ownership information and disclose such information to the pertinent registries. With
regard to legal persons established prior to the effect of these new regulations, beneficial
information must be submitted to the authorities by no later than 30 June 2019. Art. 43(12) of the
Trusts and Trustees Act sets out that any person operating in or from Malta, who acts as mandatory
(nominee) in the holding of securities, is required to be licensed by the MFSA irrespective of the
extent of his/her activities, whether remuneration is payable therefor or whether (s)he holds
himself/herself out as providing such services or not.
342. Criterion 24.11 – Companies are prohibited from issuing share warrants to bearer pursuant to
s.121 of the Companies Act. This prohibition also includes bearer shares.
344. Nominee Directors - The Companies Act does not distinguish between different types of
directors and does not recognise nor provide for nominee directors. All persons that act as directors
are subject to the same duties and obligations under the Companies Act. The general duties of
company directors are provided under Art. 136A of the Companies Act.
345. Nominee Shareholders – Malta allows companies to have nominee shareholders, however it has
the following mechanisms to ensure that they are not misused: (i) Art. 43(12) of the Trusts and
Trustees Act sets out that any person operating in or from Malta, who acts as mandatory (nominee)
in the holding of securities, is required to be licensed by the MFSA irrespective of the extent of his
activities, whether remuneration is payable therefor or whether he holds himself out as providing
such services or not; (ii) Art. 43(9)(a) of the Trusts and Trustees Act provides that holding upon
trust of securities in a Maltese legal person by trustees, who are not authorised in terms of the Act
(e.g. a non-Maltese trustee), shall only be permitted if a qualified person is engaged in writing by the
trustee and such agreement is notified to the MFSA prior to any acquisition taking place and (iii) Reg.
5(2) of the Companies Act (Register of Beneficial Owners) Regulations provide that every company
shall obtain beneficial owners information from the shareholders of the company and, or from any
natural person whom it has reasonable cause to believe to be a beneficial owner, who shall be bound
to provide the said information to the company without delay, and every beneficial owner who
acquires, disposes of, increases or reduces his beneficial interest in the company shall be bound to
immediately provide the said information to the company.
346. Criterion 24.13 – Criminal sanctions are provided for under all three sets of regulations
governing the beneficial ownership registers (a fine not more than EUR 5,000 or to imprisonment for
a term not exceeding six months or to both such fine and imprisonment) in respect of the provision
of misleading of false information. Failure to obtain, retain and provide beneficial ownership
information to the registries is punishable by penalties ranging from EUR 500-1,000, together with
daily penalties ranging from EUR 5-10 for every day during which the default continues under the
Register of Beneficial Ownership Regulations (Companies, Foundations and Associations). Taking
into account the nature and scale of business undertaken in Malta these financial sanctions are not
considered dissuasive and proportionate for companies, commercial partnerships and foundations.
347. Criterion 24.14 – As explained in c.24.3 above, basic information on companies registered in
Malta is available online and publicly accessible, hence also by foreign competent authorities. Basic
information on foundations and associations is publicly available. Access to the beneficial ownership
registers is explained at c24.6. The FIAU’s ability to request both basic and beneficial ownership
information is explained at c.24.10. Refer also to R.37 and R.40.
348. Criterion 24.15 – The quality of assistance received from counterparts in other countries in
response to requests for basic and beneficial ownership information or requests for assistance in
locating beneficial owners residing abroad, is done on a case-by-case basis whereby the Maltese
authorities will inform the foreign authority about the quality and usefulness of the assistance
afforded and/or if further clarifications or information is required. The FIAU has advised that it
retains statistical information about the quality and usefulness of information received from foreign
counterparts and also rates such assistance. However, the authorities have not explained how the
AGO or the MFSA and MGA monitor the quality of assistance received from other countries.
349. Malta meets c.24.1, 24.3 - 24.6, 24.10, 24.11, 24.12 and 24.14; mostly meets 24.2, 24.9, and,
24.15 and partly meets c.24.7 24.8. and 24.13. The rating has been influenced by the following
factors: (1) an in-depth analysis of how all types of Maltese legal persons and legal arrangements
could be used for ML/FT purposes has not been finalised; (2) shortcomings in mechanisms could call
into question the accuracy of beneficial ownership information; (3) there is no explicit obligation for
the liquidator to retain beneficial ownership information; (4) it is not considered that the financial
sanctions are dissuasive and proportionate in respect of failing to submit beneficial ownership
information to the Registries in respect of companies, commercial partnerships and foundations; and
(5) no information provided by the country on how the AGO or the MFSA and MGA monitor the
quality of assistance received from other countries. R.24 is rated PC.
Recommendation 25 – Transparency and beneficial ownership of legal arrangements
350. In the 4th Round Malta was rated as C with former R.34.
351. Criterion 25.1 – (a) Trustees authorised in terms of the Trusts and Trustees Act are considered
as subject persons under the PMLFTR and therefore required to identify beneficial owners and take
reasonable measures to verify their identity pursuant to Reg. 7(1)(b) thereof. In the case of trusts
(both Maltese and foreign law express trusts) the beneficial owner shall consist of the settlor, the
protector, if any, any other trustee, the beneficiaries, or where the individuals benefitting from the
trust have yet to be determined, the class of persons in whose main interest the trust is set up or
operates; and any other person exercising ultimate and effective control over the trust by any means.
It should be pointed out that the PMLFTR makes no distinction between different kinds of trusts, and
185
therefore this obligation is applicable vis-à-vis all trusts. Under Reg. 7(2)(b) subject persons should
ensure that documents, data or information held by the subject person are kept up-to-date as part of
the on-going monitoring. Furthermore, Art. 43(4)(f) of the Trusts and Trustees Act sets out that
licensed trustee should establish adequate systems for maintaining records of the identity and
residence of beneficiaries, the dealings and the assets in connection with trusts and compliance with
applicable law. Art. 43(A) of the Trusts and Trustees Act exempts private trustees who (i) do
not hold themselves out as trustee to the public; (ii) are not remunerated, even indirectly, except as
permitted by any rules issued by the Authority (however, no such rules exist); and (iii) do not act
habitually as trustee, in any case in relation to more than five settlors at any time. Such trusts are
governed by a detailed notarial procedure and therefore such trusts are covered for AML/CFT
purposes by the notary who is a subject person in terms of the PMLFTR.
(b) There is no explicit requirement in the Trusts and Trustee Act requiring trustees to hold basic
information on regulated agents of, and service providers to, the trust, including investment advisors
or managers, accountants and tax advisors. However, pursuant to Art. 1124A. of the Civil Code there
is a fiduciary duty on trustees to carry out their obligations in good faith and act honestly and
exercise due diligence and Art. 25 of the Trusts and Trustees Act requires trustees to ensure that
investment managers are competent. Moreover, Section 3 of the Code of Conduct requires trustees to
have procedures in place to ensure that proper due diligence is carried out, therefore it is assessed
that Malta complies with this criterion.
(c) Professional trustees are required to ensure that CDD documents, data or information is kept up
to date (Reg. 7(2)(b) PMLFTR) and maintained for at least five years after their involvement with the
trust ceases (Reg. 13(1)(a) PMLFTR). Art. 21(4)(a) of the Trusts and Trustees Act requires trustees
to keep accurate accounts and records.
352. There are no requirements set out under (a), (b) and (c) which apply to an express trust that is
governed by the law of Malta where the trustee is resident outside of Malta. However, there are two
mitigating measures set out in Trusts and Trustee Act: (i) Where a foreign trustee holds shares in a
Maltese company or immovable property in Malta under trust (irrespective of governing law), such
foreign trustee is required to appoint a Maltese licensed trustee as a “qualified person” to ensure due
compliance with all fiscal, prevention of money laundering and other legal obligations in connection
with the property held under trust. Such qualified person appointment is subject to the MFSA’s
statement of “no objection”, prior to the acquisition of the property under trust (Art. 43(9); (ii)
Where Trustees who are not resident in Malta, and no property under trust is held in Malta nor any
transactions taking are place in Malta, the only connection with Malta would be the governing law
chosen for the trust agreement. However, Art. 14A is restrictive in terms of the settlor reserved
powers, thus making it less attractive for foreign trustees to choose Maltese law as the governing law
of a trust which has no further connection with Malta.
353. Criterion 25.2 – Under Sections 3.0 and 9.6 of the Code of Conduct made pursuant to Art. 52 of
the Trusts and Trustees Act Trustees are required to keep and preserve appropriate records in Malta
which will at least include such records as are appropriate for their functions. Furthermore, as
referenced at c.25.1(c) CDD documents shall be kept up-to-date pursuant to the PMLFTR.
354. Further details on the maintenance of beneficial ownership records can be located at c.25.5.
355. Criterion 25.3 – In the course of establishing a business relationship or carrying out an
occasional transaction, subject persons have to determine who their customer is, which would
include establishing in which capacity the prospective customer is requesting a given service or
product (Reg. 7(3) PMLFTR) Trustees are required to disclose their status when carrying out
transactions pursuant to Art. 32 of the Trusts and Trustees Act.
356. Criterion 25.4 – Notwithstanding the provisions of the Professional Secrecy Act trustees are not
be prevented by law or enforceable means from providing competent authorities with any
information relating to the trust upon request, with information on the beneficial ownership and the
assets of the trust to be held or managed under the terms of the business relationship.
357. Criterion 25.5 – Competent authorities have all the powers necessary to obtain timely access to
basic and beneficial ownership information, including from registered agents. This is explained
under c.27.3 (which is relevant to DNFBPs), c.29.3 (FIU) and c.31.1 (law enforcement).
358. With effect from 1 January 2018 all new Maltese trusts which generate tax consequences are
required to provide beneficial ownership details (as per definition in PMLFTR) to the Register of
Beneficial Owners of Trusts administered by the MFSA pursuant to the Trusts and Trustees Act
(register of Beneficial Owners), Regulations, 2017. The purpose of these Regulations was to
implement Directive (EU) 2015/849 (4th AMLD). For those trusts in existence within the scope of the
Regulations before 1 January 2018 the deadline for submitting beneficial ownership information was
1 July 2018. This register can be accessed by all Malta national competent authorities, including
LEAs.
359. Criterion 25.6 – Please refer to c.24.14 above concerning the provision of international
cooperation in relation to basic and beneficial ownership of companies in Malta which likewise
applies to the provision of international cooperation in relation to basic and beneficial ownership
information on trusts and other legal arrangements (Art. 49 of the Trusts and Trustees Act).
Moreover, in terms of Reg. 6(5) of Trusts and Trustees Act (Register of Beneficial Owners)
Regulations, the authorities referred to the above and the FIAU may, in pursuance of their functions
in accordance with applicable law, provide information on beneficial owners accessible to them in
terms of this regulation to competent authorities and to FIUs of other jurisdictions.
361. (a) Art. 51(6) of the Trusts and Trustees Act provides that any person who contravenes or fails
to comply with any of the provisions of this Act, saving any higher punishment which may be
provided under any other law, shall be liable, on conviction, to a fine not exceeding EUR 466,000 or
to a term of imprisonment not exceeding four years, or to both such fine and imprisonment.
Furthermore, pursuant to Reg. 9 of the Trusts and Trustees Act (Register of Beneficial Owners)
Regulations, where a trustee authorised or registered in terms of the Act contravenes or fails to
comply with any of the provisions of these regulations, the MFSA may impose an administrative
penalty which may not exceed EUR 150,000.
362. (b) TCSPs (including the exempt persons referenced in 25.1) are subject to proportionate and
dissuasive sanctions for failing to comply with the PMLFTR by the FIAU. Please refer to the analysis
under R.35.
363. Criterion 25.8 – The competent authorities have proportionate and dissuasive sanctions for
failing to grant to competent authorities timely access to information. Under Art. 51(6) of the Trusts
and Trustees Act any trustee who fails to furnish information to the MFSA regarding trusts, saving
any higher punishment which may be provided under any other law, shall be liable, on conviction, to
a fine not exceeding EUR 466,000 or to a term of imprisonment not exceeding four years, or to both
such fine and imprisonment. Additional sanctions are provided for under Art. 54(7) of the Trust and
187
Trustees Act. Under Reg. 21 PMLFTR any trustee who fails to furnish information is subject to an
administrative penalty of not less than EUR 1,000 and not more than EUR 46,500. Additionally,
infringements of an investigation order can be liable to a fine not exceeding EUR 11,646.87 or to
imprisonment not exceeding twelve months, or to both such fine and imprisonment.
364. Malta meets c.25.2 – 25.8 and mostly meets c.25.1. There is no explicit requirement placed on
the trustee of an express trust that is governed by Maltese law where the trustee is resident outside
Malta to obtain and hold information in line with c.25.1. R.25 is rated as LC.
Recommendation 26 – Regulation /and supervision of financial institutions
365. In the 4th Round Malta was rated as LC with former R.23. The assessors concluded that there
were effectiveness issues as there were a low number of AML/CFT onsite inspections and no
infringements were being identified at FIs as a result of these inspections. In the 5th round
effectiveness issues are no longer analysed in the TC Annex.
366. Criterion 26.1 – The FIAU is the authority tasked with the monitoring and supervision of FIs for
compliance with the AML/CFT requirements under the PMLA and PMLFTR (Art. 16(1)(c) and 26
PMLA). Art. 27 PMLA empowers the FIAU to request the assistance of other supervisory authorities
to carry out, on behalf of or jointly with the FIAU, onsite or offsite inspections on subject persons
(defined in the PMLFTR and includes all FIs as listed in the FATF Recommendations) falling within
the competence of the supervisory authority. Following the creation of the AML Unit in 2015, the
MFSA commenced joint inspection visits to FIs with the FIAU. Prior to 2015 the MFSA only
undertook ad-hoc AML/CFT inspection visits to FIs, either jointly with the FIAU, or on behalf of the
FIAU. A MoU is in place between the MFSA and FIAU to regulate the cooperation between them
regarding AML/CFT supervision.
367. Criterion 26.2 – All Core Principles FIs are required to be licensed as follows: credit institutions
are licensed under Art. 5 Banking Act; investment services (securities) are licensed under Art. 3 of
the Investment Services Act; and collective investment schemes are licensed under Art.4 of the
Investment Services Act.
368. Any insurance or re-insurance business is authorised under Art. 7 of the Insurance Business
Act. Insurance Intermediaries and Tied Insurance Intermediaries are required to be registered or
enrolled under Art. 13 and 37 of the Insurance Intermediaries Act, respectively. The applications for
registration or enrolment refer to two separate applications. An application for registration is
applicable for individuals desirous of applying for registration on the Brokers/Agents/Managers
Register. An application for enrolment is applicable for a company desirous of acting as an insurance
intermediation company after enrolling in the Brokers/Agents/Mangers List. Retirement scheme
administrators appointed by retirement schemes registered in Malta are licensed under Art. 6 of the
Retirement Pensions Act.
369. Other FIs: MVTS and money or currency changing services are licensed under Art. 3 of the
Financial Institutions Act.
370. Criterion 26.3 – The MFSA undertakes fitness and properness checks to prevent criminals and
their associates from holding a significant or controlling interest, or management function, in an FI.
The fit and proper test comprises three main factors: integrity, competence and solvency and applies
to all types of FIs. All qualifying shareholders (a person who holds a direct or indirect holding in a
company which represents 10% or more of the share capital or voting rights in the FI), controllers,
directors or persons who will effectively direct or manage the business and key function holders
must be assessed and approved by the MFSA before they can be involved in licensable activity. Fit
and proper decisions are made through the EU SSM for members of the management board and
supervisory board of the significant banks in Malta, and for qualifying shareholders of all banks.97
371. The Banking Act (Arts. 7, 13 &14); the Investment Services Act (Arts 6 & 10); the Insurance
Business Act (Arts. 8 & 38); and the Insurance Intermediaries Act (Arts. 9 & 10) (i.e. Core Principles
FIs) contain legal provisions requiring that those persons holding (or being the beneficial owner of)
a significant or controlling interest, or holding a management function are fit and proper.
372. Qualifying shareholders, directors, controllers, key function holders (senior managers who
have a significant influence over the direction and management of the FI) are required to complete a
Personal Questionnaire and provide an original certificate of good conduct issued by the police in
order to certify that the applicant has no criminal background (including a certified translation if the
good conduct certificate is from a foreign country). A criminal conduct record (fedina penale) is also
requested on a risk-based approach. By signing the Personal Questionnaire, the potential applicant
authorises the MFSA to undertake due diligence with third parties for the purpose of determining
their integrity, competence and solvency. The authorities have advised that all the information
submitted in the Personal Questionnaire by the applicant is corroborated with third parties to check
its authenticity and accuracy. As part of its due diligence procedure the MFSA will carry out a
number of checks including: (i) requesting information from the FIAU (ii) checking EU/UN sanction
lists; (iii) checking the Shared Intelligence Service (SIS) database operated by the UK’s FCA (which is
a mechanism for UK regulatory bodies, designated professional bodies and recognised investment
exchanges to collect and share material on individuals and firms – MFSA is a member of this
mechanism); (iv) making open source enquiries and (v) checking third party screening databases.
Where relevant, the MFSA also sends due diligence enquiries to a foreign competent authority with
the aim of obtaining any additional relevant information that will assist it in its assessment of the
fitness and properness of an applicant. In addition, the authorities advise that enhanced due
diligence reports from external intelligence companies are commissioned on subjects with high risk
profile.
373. Furthermore, both when processing applications for a licence, and when reviewing proposed
changes in the qualifying shareholding of a licence holder, the MFSA has advised that it always
requires an organogram setting out all the persons/entities that will form part of its shareholding
structure, up to the ultimate beneficial owner/s and with the relevant percentage holdings of the
voting rights and capital.
374. The assessment team was informed that the MFSA had recently enhanced its application
processes to prevent criminals and their associates from holding or being the beneficial owner of a
significant or controlling interest, or a management function of FIs and TCSPs by, inter alia,
introducing; (1) closer liaison with the FIAU and the MFSA’s prudential supervisors throughout the
application process; (2) increased scrutiny of an applicant’s business model and corporate
governance structure from an AML/CFT perspective (3) increased scrutiny of dominant
shareholders and (4) increased scrutiny of the source of wealth and source of funds of those persons
97 The ECB has the power to make fit and proper decision only for the banks which are considered as
significant. National authorities are responsible for fit and proper decisions in relation to less significant banks.
189
holding significant or controlling interests. However, at the time of the onsite visit this had not been
fully embedded into the MFSA’s authorisation procedures for all types of licence applications.
375. On-going fit and proper checks are also carried out before onsite inspections and during
routine supervisory desk top monitoring. However, the MFSA does not subject persons holding a
significant or controlling interest or management function in an FI or TCSP to regular UN sanctions
and adverse media screening and therefore is reliant on its licensed community to self-report any
convictions or intelligence provided by third parties, such as the general public or other competent
authorities. Regular on-going monitoring could assist in the identification of triggers and the
undertaking of regulatory actions and would be particularly beneficial in the context of Malta as an
international finance centre, and therefore a large proportion of its supervised entities are
beneficially owned by persons located outside of Malta.
376. Other FIs: Art. 5 of the Financial Institutions Act provides that no company shall be granted a
licence unless all qualifying shareholders, controllers and all persons who will effectively direct the
business of the FI are suitable persons to ensure its prudent management. Pursuant to Art. 9 of the
Financial Institutions Act a change of qualifying shareholding requires the prior approval of the
MFSA. The aforementioned fitness and properness checks equally apply to other FIs.
377. Criterion 26.4 – FIs (both core principles institutions and others) are regulated and supervised
for AML/CFT purposes. The IMF/World Bank conducted a Financial Sector Assessment Programme
(FSAP) in 2002/2003 and the MFSA commissioned an independent assessment using the same
format as the FSAP in 2010. At the time of the onsite visit the authorities were unable to confirm
their level of current compliance with the core principles where relevant for AML/CFT purposes.
378. The FIAU is in terms of Art. 26(1) responsible for ensuring that subject persons are complying
with their AML/CFT obligations under the PMLA and the PMLFTR. The FIAU is assisted by the MFSA
in the AML/CFT supervision of FIs that fall under the regulatory competence of the MFSA.
379. Reg. 6(1) PMLFTR requires FIs forming part of a group to implement group-wide AML/CFT
policies and procedures, and policies and procedures on data protection and sharing of information
for the prevention of ML/FT. The MFSA has advised that there are eleven licence holders with
branches outside of Malta (one credit institution; one payment institution; three insurance
companies and six investment services licence holders). Before a Maltese licence holder establishes a
branch outside Malta, the said licence holder is required by law to communicate its programme of
operations to the MFSA. It is only when the latter is satisfied of the proposed operational set-up for
the branch, that all information pertaining to the branch, is communicated to the host regulator.
Following the setting up of the branch, the MFSA maintains regular contact with the host regulator.
However, the authorities were unable to provide details of how groups are supervised on a
consolidated basis for AML/CFT purposes.
380. Criterion 26.5 – Art. 26(2) PMLA stipulates that the FIAU must carry out its responsibilities of
ensuring compliance by subject persons with their AML/CFT obligations, on a risk sensitive basis.
However, there are no formalised policies in place, outlining how the frequency and intensity of on-
site and off-site supervision for all types of FIs is being determined, taking into account the ML/FT
risks associated with an institution or group and the wider ML/FT risks present in Malta.
381. In 2012 the FIAU and MFSA adopted a risk-based approach to AML/CFT supervision by way of
the FIAU collecting data through the Annual Compliance Report (ACR), which all FIs are bound to
submit to the FIAU on an annual basis. Upon creation of the MFSA’s AML Unit in 2016, the task of
analysing the results of ACRs and determining the risk scores for FIs and TCSPs, fell upon the MFSA,
with the results made available to the FIAU. However, there are significant limitations with the ACR,
as the questions are rudimentary, in that they do not solicit quantitative information on the client
base; elaborate further on the appropriateness of the policies and procedures in place; and do not
vary in accordance with the sector or type of entity being requested to provide information.
Therefore, the way the questions are framed in the ACR does not enable the Maltese authorities to
assess ML/FT residual risks at subject persons. However, the Maltese authorities strengthened their
understanding of ML/FT risks in the banking, TCSP and remote gaming sectors in 2017 by: (1)
undertaking an extensive data collection exercise on all credit institutions and TCSPs: and (2)
introducing a prudential supervision questionnaire which the MFSA’s prudential and conduct
supervisory units were required to complete. These data collection exercises sourced more granular
data to assess the inherent risks, including information on the type of products/services offered by
the subject person, distribution channels and customer interfaces, details on the volume and value of
transactions; details on various types and numbers of customers, deposit balances and countries
dealt with (indicating number of customers and beneficial owners, deposit balances and funds under
management per high risk/significant jurisdictions). The exercise also collected detailed information
on internal AML/CFT controls. Prudential questionnaires were aimed at putting in place a formal
procedure to ensure that the AML/CFT supervisors have structured, regular and timely access to
information from the MFSA and MGA prudential and conduct supervisors. This information was
integrated in the risk assessment of subject persons, together with other sources of information such
as information sourced from the analysis section of the FIAU.
382. Nonetheless, it remains unclear how this incorporates wider ML/FT group risks. However, the
ML/FT risk assessments of other types of FIs (securities, insurance and MVTS) and DNFBPs
(lawyers, notaries, accountants and real estate agents) were at the time of the on-site based on data
mainly collected through the ACR, which the assessment team considers is insufficient for the nature,
scale and complexity of business in Malta.
383. The FIAU’s assessment of residual ML/FT risk is currently a manual process. However, the
FIAU is in the process of developing a Compliance System which will automate a number of
processes, such as the assessment of ACRs and the allocation of risk scores. The objective is to enable
the FIAU’s Compliance Section, the MFSA and the MGA to have a ‘near real time’ risk snapshot of the
profile of all the entities subject to AML/CFT obligations and an up-to-date risk overview by sector
and across all sectors. It is currently intended that the Compliance System will be fully operational in
June 2019.
384. The FIAU, in conjunction with the MFSA and MGA, has risk-rated all subject persons which
completed ACRs and has assigned risk-ratings (very high; high; medium high; medium and low) to
each of these. At the time of the evaluation the supervisory authorities were in the midst of
overhauling their policies, procedures and operations on risk-based supervision. The assessment
team was informed that, higher risk entities would be subject to onsite inspections, medium risk
entities would be subject to offsite inspections98, and low risk entities would be subject to
98 This refers to specific off-site supervisory examinations triggered in view of the medium risk identified and
does not include ACRs/REQs and ad-hoc off-site reviews triggered by compliance notes generated by the FIAU
Analysis Section and sent to the FIAU Compliance Section which are applicable to all subject persons
irrespective of the level of risk they pose.
191
supervisory meetings. However, the authorities were not in a position to provide the assessment
team with a documented procedure outlining this process.
385. Criterion 26.6 – All FIs are expected to submit an ACR on a yearly basis, hence updated
information to determine the ML/FT risks posed by the various sectors and operators is collected on
a yearly basis. The risk assessment is not determined exclusively on the basis of information sourced
through the ACRs, and the FIAU and the MFSA take into consideration intelligence that might be
available to the analysis section of the FIAU or information that is in possession of the prudential
supervisory teams at the MFSA. However, with the exception of credit institutions and TCSPs, where
a new risk methodology is in place, it is difficult to ascertain how prudential data is incorporated into
the risk methodology. The authorities report that these sources of information allow the FIAU and
the MFSA to have updated and relevant information that allows them to review their risk
assessments whenever there are major events or developments in the management and operations
of the financial institution or group. However, there is no formalised documented procedure
outlining this process: as noted under c.26.5, at the time of the on-site visit the supervisory
authorities were in the midst of overhauling their policies, procedures and operations on risk-based
supervision.
386. Malta meets 26.1; 26.2; mostly meets 26.3 and partly meets 26.4; 26.5 and 26.6. The rating has
been influenced by the following factors: (1) at the time of on-site visit, there were no formalised
procedures in place, setting out how the frequency and intensity of on-site and off-site supervision
for all types of FIs is being determined, taking into account the ML/FT risks associated with an
institution or group and the wider ML/FT risks present in Malta; (2) the authorities were unable to
confirm their level of current compliance with the core principles where relevant for AML/CFT
purposes; and (3) at the time of the on-site visit, increased scrutiny on wider ML/FT risk elements
had not been fully embedded into the MFSA’s authorisation procedures for all types of licence
applications. Moreover, the MFSA does not subject all relevant persons to regular UN sanctions and
adverse media screening. For these reasons, R.26 is rated PC.
Recommendation 27 – Powers of supervisors
387. In the 4th Round Malta was rated as C with former R.29.
388. Criterion 27.1 – As explained under c.26.1 the FIAU is the authority tasked with the monitoring
and supervision of FIs and DNFBPs for compliance with the AML/CFT requirements under the PMLA
and PMLFTR. This is set out under Art. 16(1)(c) and 26 PMLA. Subject persons are defined in the
PMLFTR and include all FIs as listed in the FATF Recommendations. Art. 26 PMLA grants the
necessary powers to the FIAU to carry out such responsibilities, which include the powers to carry
out on-site examinations, to request information or documents from subject persons to establish
compliance or to engage external experts to assist it in carrying out specific tasks (including
compliance) requiring certain expertise (Art. 26A PMLA). Art. 27 PMLA empowers the FIAU to
request the assistance of other supervisory authorities to carry out, on behalf of or jointly with the
FIAU, onsite or offsite inspections on subject persons falling within the competence of the
supervisory authority. Following the creation of the AML Unit in 2015, the MFSA commenced joint
inspection visits to FIs with the FIAU. Prior to 2015 the MFSA only undertook ad-hoc AML/CFT
inspection visits to FIs, either jointly with the FIAU, or on behalf of the FIAU.
389. Criterion 27.2 – Pursuant to Art. 26(2)(c) PMLA the FIAU has the authority to conduct on-site
inspections with the aim of establishing compliance with the AML/CFT provisions under the PMLA
and PMLFTR. Additionally, Art. 27(3)(b) PMLA enables the FIAU to request other supervisory
authorities to carry out, on behalf of or jointly with the FIAU, on-site or off-site inspections on those
subject persons falling under the competence of that supervisory authority.
390. Criterion 27.3 – Pursuant to Art. 26(2)(a) PMLA the FIAU may authorise its officers, employees
or agents (hence including officers of other supervisory authorities assisting the FIAU) to require
subject persons to provide any information and documentation that may be required to establish
compliance with the AML/CFT provisions of the PMLA and the PMLFTR, and to answer to any
questions that may be reasonably required.
391. Art. 26.2(b) PMLA also empowers the FIAU to require, by virtue of a notice in writing served
on a subject person the production, within a specific time and at a specific place, of documents that
are reasonably required for the performance of its AML/CFT supervisory function. “Reasonably”
under Art. 26 (2)(a) and (b) of the PMLA is interpreted to mean documents or information that are
required and necessary by FIAU officers to carry out the compliance examination and establish
whether the subject person is complying with his AML/CFT obligations. “Within a specific time and
at a specific place” means that the information and documentation has to be provided according to
the timeframe and place that are established and communicated to the subject person by the FIAU in
terms of Art. 26(2)(b) PMLA. There is no common practice in this respect and the timeframe set by
the FIAU would depend on the urgency of the matter and the nature of the supervisory examination
being carried out. The FIAU is not required in terms of Art. 26 PMLA or any provision or law to give a
specific period of notice to subject persons prior to conducting on-site inspections. However, by way
of practice and in normal circumstances, the FIAU notifies subject persons about the carrying out of
an on-site inspection 30 days prior to the visit. Given that Art. 26 PMLA does not oblige the FIAU to
notify the subject persons prior to the carrying out of on-site examinations, the FIAU is empowered
to carry out surprise on-site examinations or on-site examinations within a short notice. The Maltese
authorities have advised that in 2018 the FIAU initiated 4 on-site inspections (3 banks and 1 CSP
Group of Companies) without providing prior notice to the entity in question or by giving short
notice.
392. The aforementioned provision is also complemented by the general power conferred to the
FIAU in terms of Art. 30A PMLA to demand from any person, authority or entity, any information
that the FIAU deems relevant and useful for the purpose of pursuing its functions under Art.16.
393. The Maltese authorities have advised that a request made by the FIAU as above is sufficient for
FIs to be obliged to comply and there is no requirement to obtain a court order, warrant or other
form of authorisation from any other entity or institution. Moreover, accordance with Reg. 21
PMLFTR, the failure to comply with any lawful requirement, order or directive issued by the FIAU
may be subject to the imposition of administrative penalties by the FIAU.
394. As regards copies or removal of documents FIAU officers are empowered in terms of Art.
26(2)(a) and (b) PMLA to require subject persons to provide documents or information for the
purposes of carrying out compliance examinations (be it on-site or off-site). In terms of Art. 26(3)
PMLA FIAU officers may make notes and take copies (in whole or in part) of such documents.
395. Criterion 27.4 – As detailed in c.26.1 the FIAU is the authority tasked with the monitoring and
supervision of FIs and DNFBPs for compliance with the AML/CFT requirements under the PMLA and
PMLFTR. Reg. 21 PMLFTR provides for the imposition of administrative sanctions. The MFSA is
193
empowered to restrict, suspend or withhold licenses or authorisations of FIs, where these would not
abide by their licensing conditions, which include a condition to comply with all AML/CFT
legislation.
396. Further details of sanctions can be found at c.35.2. It is noted in more detail under R.35 that
the civil sanctions provided by Reg. 21(7) PMLFTR do not extend to the “senior management” at the
subject person. Therefore, c.27.4 is rated as mostly met.
397. Malta meets c.27.1 – c27.3 and mostly meets c27.4. As a result of the issue also raised under
R.35 (“lack of civil sanctions for senior management”), R.27 is rated LC.
Recommendation 28 – Regulation and supervision of DNFBPs
398. In the 4th Round Malta was rated as PC with former R.24. The assessors concluded that there
were effectiveness issues as there were insufficient resources devoted to AML/CFT supervision of
compliance and reporting of lawyers, notaries, dealers in precious metals and stones and real estate
agents. It was assessed that the risk-based approach concerning the oversight of all of the DNFBPs
was not formalised. In the 5th round effectiveness issues are no longer analysed in the TC Annex.
399. Criterion 28.1 – Casino licensees and Gaming licensees are considered to be relevant activities
in terms of Reg. 2(1) PMLFTR. Thus, any person or entity licensed to operate a casino under the
Gaming Authorisations Regulations (S.L.583.05) (the ‘Regulations’), issued under the Gaming Act
(Chapter 583 of the Laws of Malta) is considered to be a subject person and subject to AML/CFT
regulation and supervision under the PMLA and the PMLFTR. Additionally, Reg. 2(4) of the PMLFTR
explicitly specifies that casino and other games that are provided through the internet or other
electronic means, are also subject to AML/CFT obligations and supervision. It is noted that until 1
January 2018 only land-based casinos were considered as DNFBPs, with internet-based and cruise
casinos becoming DNFBPs through the amendments to the PMLFTR. The recent ‘Gaming Act’
(Chapter 583 of the Laws of Malta) seeks to consolidate the main laws governing gaming in Malta,
including the Gaming Act (Chapter 400 of the Laws of Malta) and the Lotteries and Other Games Act.
The Gaming Act (Chapter 583) became applicable to remote gaming operators as of 1 July 2018 and
will apply to land-based operators, including casinos, as of 1 January 2019.
400. (a) Land-based and online casinos must hold a licence issued by the MGA.
401. Art. 3 of the Gaming Authorisations Regulations 2018 stipulates that no person may provide or
carry out a gaming service or critical gaming supply unless he is in possession of a valid licence. The
Gaming Definitions Regulations define a gaming service as “making a game available for
participation by players, whether directly or indirectly” and a critical gaming supply as
“indispensable in determining the outcome of game/s forming part of the gaming service; and, or an
indispensable component in the processing and, or management of essential regulatory data”.
Therefore, all gaming is regulated under the Gaming Authorisations Regulations 2018 including
land-based casinos, land-based gambling, online gambling, cruise casinos and controlled skill games.
402. (b) Market entry measures are in place to prevent criminals and their associates from holding
a significant or controlling interest or management function in a land based and online casino.
403. Pursuant to Reg. 11 of the Gaming Authorisations Regulations, 2018 the MGA is required to
assess fitness and properness on any person that holds a qualifying interest of at least 10%. Any
change in the ownership of any share capital of the company or its affiliates must be notified to the
MGA within three working days and any documentation required by the Authority as part of the
notification process is required by not later than thirty days after the change. Should such changes
result in a situation which would have disqualified the company from obtaining a licence, the MGA
must inform the licensee accordingly and the situation must be remedied within a timeframe
specified by the Authority, otherwise the Authority must revoke the licence as specified in the
Gaming Authorisations and Compliance Directive (Art. 37(2)(a)). Moreover, Art. 17 of the Gambling
Authorisations Regulations 2018 prohibits the assignment of an authorisation to prevent the due
diligence checks from being bypassed after the granting of the licence by persons who would not
otherwise satisfy the requirements. Art. 9 and 10 of Compliance and Enforcement Regulations
describes the grounds on which a licence can be cancelled or suspended, which include that if any
authorised person or a key function holder in the authorised person ceases to be fit and proper. Any
changes in the management or board of directors of the company requires prior approval in writing
from the MGA prior to affecting the change.
404. When processing applications for a licence, and when reviewing proposed changes in the
qualifying shareholding of a licence holder, licence holders are required to provide an organogram
setting out all the persons/entities that will form part of the shareholding structure, up to the
ultimate beneficial owner/s and with the relevant percentage holdings of the voting rights and
capital to enable the MGA to undertake its fitness and properness checks.
405. Associates of criminals are not considered in the Gaming Act, Gaming Regulations, Directives
and/or Guidelines. However, these are taken into consideration as part of the fitness and propriety
procedures and assessment and criminal probity screening performed by the MGA and discussed at
Fit and Proper Committee level. The MGA rejects applicants found to having direct or indirect links
with criminals.
406. The MGA’s Fit and Proper Guidelines indicate that “all persons involved”, including persons
with a beneficial interest or a controlling interest and directors and key functions Compliance and
Enforcement Regulations the administrative and financial strategies; marketing and advertising;
legal affairs; player support; responsible gaming; The prevention of fraud; risk management;
prevention of money laundering and the financing of terrorism; data protection and privacy;
technological affairs; network and information security; and internal audit. For licensees operating
casinos and bingo halls the operation of the urn or any other gaming device which requires human
intervention; management of the pit, gaming area and the surveillance systems of the gaming
premises; all key functions should be of high repute, integrity and honesty. The assessment is based
on risk, and conducted on a case-by-case basis, but criteria to be taken into consideration include
whether the person has been investigated, charged or convicted for a criminal offence, subject to any
civil suit, publicly criticised for any function. Ineligibility criteria include conviction for an offence
against the Act, taken to be related to an offence against the Act or against any other law relating to
gaming or betting. Such a condition may however be dispensed with depending on the nature of the
offence. The new Gaming Act (Chapter 583) will limit the licensing of casino employees to key
personnel rather than having the requirement applicable to all employees. The rationale for this
change is to enable the MGA to focus on persons responsible for the key functions at a gaming
operator. Reg. 23 of the Gaming Authorisations Regulations, 2018 states that no person shall provide
a key function unless in possession of a key function certificate. The key functions listed in schedule
4 to the Gaming Authorisations Regulations are broad and cover a multitude of management
functions.
195
407. Art 11 (c) of the Gaming Authorisations Regulations states that licences shall not be issued (or
renewed) unless the MGA is “reasonably satisfied that all persons involved in the applicant company
are fit and proper persons”. An application form is to be filled in by “every natural person that is a
director, shareholder, UBO, key function or any other person that the Authority may request”. MGA
cannot issue a key function certificate unless it is satisfied that such person is fit and proper to fulfil
his obligations and discharge his duties is prima facie competent to perform the key function (Art. 8
of the Gaming Authorisations and Compliance Directive). The certificate can be cancelled if the Key
Function “ceases to be, in the opinion of the Authority, fit and proper to hold such authorisation”
(Art. 11 of the Gaming Authorisations Directive).
408. Any of the above natural persons involved in a gaming company are required to undergo a
rigorous due diligence process. All natural persons are required to complete a Personal Declaration
Form and provide an original certificate of good conduct issued by the Police where they have been
residing in the last two years in order to certify that the applicant has no criminal convictions. As
part of its due diligence procedure the MGA will undertake open source enquiries and check UN
sanctions; local credit reports; court freezing orders; Interpol’s most wanted list, as well as other
public databases to ascertain if there is any negative information on the applicant. The MGA also
applies EDD measures on a risk-sensitive basis. EDD measures must be applied: (a) where the
applicant is from a higher risk jurisdiction and (b) where the applicant is a considered a high-risk
person (including politically exposed persons (“PEPs”)).
409. Following licensing the MGA proactively checks the integrity of its licensees by undertaking:
weekly criminal probity report screening on all persons involved in MGA licensed businesses;
routine compliance audits every two to three years; desk top reviews; thematic reviews and
monitoring of the monthly player fund reports; tax reports, bi-annual industry returns; management
accounts and audited financial statements.
410. Cruise Casinos – In view of territoriality restrictions, the applicability of the regulatory regime
to cruise casinos is only valid for a term not exceeding the time during which the cruise ship is
moored at or within Maltese territory; be valid only in regard to registered passengers of the cruise
ship; and it is not transferable and shall be limited to cruise ships. The MGA does not issue a licence
to cruise casinos, but a permit allowing the cruise ship to operate its casino in Maltese territorial
waters between 6:00pm and 6.00am of the following day while the cruise ship is moored or within
Maltese territory. The operation of cruise casinos within Maltese territorial waters normally only
lasts for one night. Since 2015, the MGA has received less than 10 applications. Approvals expire
once the cruise ship leaves the territorial waters.
411. (c) Casino and gaming licensees are subject persons in terms of Reg. 2(1) PMLFTR and
required to comply with the AML/CFT requirements envisaged under the PMLA, PMLFTR and any
Implementing Procedures issued by the FIAU. The FIAU is the authority tasked with the monitoring
and supervision of casinos and gaming licensees for compliance with the AML/CFT requirements
under the Art. 26(1) PMLA. Art.27 PMLA empowers the FIAU to request the assistance of other
supervisory authorities to carry out, on behalf of or jointly with the FIAU, onsite or offsite
inspections on subject persons falling within the competence of the supervisory authority. In 2017
the MGA set up an internal unit dedicated to AML/CFT supervision to be able to assist the FIAU in
the AML/CFT supervision of gaming operators and from January 2018, the MGA started performing
Off-site and On-site AML/CFT Compliance to online gaming operators. In August 2006 the MGA and
FIAU signed an MoU to regulate the cooperation between them on a number of aspects including
AML/CFT supervision. The MFSA and FIAU are currently in the process of updating the MoU to
reflect the joint efforts in AML/CFT supervision of casino and gaming licensees and are aiming to
complete the MoU in the first quarter of 2019.
412. Criterion 28.2 – All DNFBPs envisaged under the FATF Glossary are deemed to be subject
persons under the PMLFTR, and are subject to the AML/CFT supervision (see however exemptions
noted under c.22.1). Pursuant to Art. 26 PMLA, the FIAU is the authority responsible to monitor
compliance of all DNFBPs with the AML/CFT requirements set out under the PMLA and the PMLFTR.
In terms of Art. 27(3)(b) PMLA the FIAU cooperates with and requests the assistance of other
supervisory authorities to carry out joint on-site or off-site examinations or to request such
authorities to carry out AML/CFT on-site or off-site inspections of subject persons regulated by these
authorities on behalf of the FIAU. As far as DNFBPs are concerned, the MFSA is responsible for the
authorisation and regulation of trust and company service providers, and thus assists in the FIAU in
the AML/CFT supervision of such entities. In the case of other categories of DNFBPs, excepting
gaming operators, AML/CFT supervision is carried out by the FIAU acting on its own.
413. Criterion 28.3 – All categories of DNFBPs are subject to systems for monitoring compliance
with AML/CFT requirements set out under the PMLA and PMLFTR.
414. Criterion 28.4 – DNFBPs other than casinos
(a) The FIAU’s powers under the PMLA described under R.26 and R.27 are applicable to all
categories of DNFBPs. On-site and off-site supervisory powers are set out, inter alia, under Art.26
and 27 PMLA.
(b) There is no single competent authority exercising measures to prevent criminals and their
associates from being professionally accredited or holding (or being the beneficial owner of) a
significant or controlling interest or holding a management function in a DNFBP.
415. Real Estate Agents – there is no specific law regulating the real estate sector, therefore there
are no relevant measures in place. However, since 2016 Malta has been seeking to regulate the
sector and the Maltese authorities have advised that it remains their intention to legislate on this
matter in late 2018/early 2019.
416. Dealers in Precious Metals and Stones - there is no specific law regulating these dealers,
therefore there are no relevant measures in place.
417. Legal and accounting profession - the National Risk Assessment states that there is no specific
law regulating the legal profession, other than ethical standards issued by and subject to monitoring
by the Commission for the Administration of Justice, established under the Commission for the
Administration of Justice Act. However, under the Code of Organisation and Civil Procedure in order
to exercise the profession of advocate a person must be of “good conduct and good morals” and the
authorities have advised that candidates for a warrant must present a clean police conduct
certificate. The same process applies to foreigners wishing to practice law in Malta, but the police
certificates are not verified. While the authorities have the legal authority to disqualify an advocate
upon conviction of a crime, there are no proactive on-going fitness and properness checks for
lawyers. Therefore, it is assessed that the market entry measures in Malta for sole practitioners,
partners or employed professionals in law firms are not adequate. Notaries are regulated pursuant
to the Notarial Profession and Notarial Archives Act and pursuant to Art. 6 no person shall be
appointed as a notary unless he is of good conduct and character. Art. 14(f) of the Notarial Profession
197
and Notarial Archives Act stipulates that a notary may be removed from office by the President of
Malta where he is found guilty of theft, fraud or crimes against public faith.
418. Art. 3(2)(a) of the Accountancy Profession Act stipulates that a person shall not qualify for a
warrant to practice as accountant if he is not of good conduct and good morals. The Accountancy
Board established under Art. 6 of the Accountancy Profession Act is responsible for regulating the
accountancy profession in the public interest and is responsible to deal, through disciplinary
committees with cases of professional misconduct and other disciplinary proceedings in respect of
warrant holders or holders of a practicing certificate including cases leading to the suspension or
withdrawal of any warrant or practicing certificate issued under this Act.
419. Trust and Company Service Providers – As explained at c.26.1 the MFSA is responsible for both
the prudential and conduct of business regulation, monitoring and supervision of Trustees and
Company Services Providers (CSP) pursuant to the Trust and Trustees Act and the Company Service
Providers Act respectively. Art. 43(4) of the Trusts and Trustees Act requires an individual acting as
trustee or a body corporate, including its directors and qualifying shareholders (10% or more of the
capital) be fit and proper. Art. 5(1) of the CSP Act stipulates that an applicant be fit and proper and
where the applicant is a company or other type of legal entity, its directors and shareholders (25%
or more of the shares or voting rights) be fit and proper. The MFSA’s fitness and properness criteria
for TCSPs are set out the Code of Conduct for Trustees and the MFSA Rules for Corporate Service
Providers.
Company Service Providers Statutory Exemption and De Minimis Ruling
420. The following company service providers are exempt in the CSP Act from registration with the
MFSA: advocates, notary public, legal procurator or certified public accountants in possession of a
warrant, as well as authorised trustees under the Trusts and Trustees Act. However, these persons
are subject persons and are required to notify the FIAU that they are acting as CSPs by way of
business. The authorities have advised that as at 31 October 2018 there were 588 CSPs of which 400
were not licensed under the Company Service Providers Act. Approximately 70 of these are persons
licensed under the Trusts and Trustees Act, and therefore subject to market entry requirements,
however approximately 343 persons are lawyers, notaries public, auditors and accountants, and as
explained above lawyers are not subject to adequate market entry measures.
421. The MFSA has made rules under Art. 8 of the CSP Act. These rules contain a de minimis
provision that any individual who holds 10 or less directorships and company secretarial positions
in companies, other than those licensed, recognised or authorised by the MFSA is not considered as
an individual holding himself out as providing directorship services by way of business (irrespective
of whether they receive remuneration for these services) and therefore not subject to registration or
notification under the Act. Accordingly, these persons are not considered subject persons under the
PMLFTR and subject to AML/CFT supervision by the FIAU.
422. In establishing whether an individual may be considered to be providing company services by
virtue of the directorships and/or company secretarial positions held, it is recommended that a final
determination is sought from the MFSA and the MFSA provided examples of such determinations.
However, with the absence of statistics on the number of individuals acting as director/company
secretary in a third-party capacity for 10 or less companies, the assessment team was unable to
assess the impact of this de minimis rule. However, directors of Maltese legal persons are the natural
persons accountable to competent authorities for providing beneficial information, therefore this
lacuna has implications under c.24.8 as these persons are not subject to AML/CFT supervision. The
Maltese authorities argue that subjecting individuals acting as director/company secretary for not
more than 10 companies goes beyond the FATF standards, as it captures all directors/company
secretaries, including those not acting in the context of a professional relationship with a third party.
However, the assessment team does not agree with this point of view as the exemption is applicable
to individuals holding up to 10 appointments irrespective of whether they receive remuneration for
these services
Trustee Statutory Exemptions
423. Under Art. 43(7) of the Trusts and Trustees Act there is a statutory exemptions from licensing
in respect of any person in possession of a warrant to carry out the profession of an advocate, notary
public, legal procurator or certified public accountant, but only if acting as a trustee is limited to
what is necessary and incidental in the course of carrying out his profession. The Maltese authorities
have advised that these relate to very specific circumstances where such a person would usually be
acting as a trustee on an occasional basis and only as part of a specific transaction or ancillary
function to his profession. For example, a lawyer holding clients’ monies required for the execution
of a contract would create fiduciary obligations, but these arise only incidentally due to the nature of
the lawyer’s profession and activity. However, the MFSA does not maintain any statistics on how
many trusteeships are held by these unlicensed persons and therefore it is unknown if this provision
is being abused. Art. 43(A) also exempts private trustees who (i) do not hold themselves out as
trustee to the public; (ii) are not remunerated, even indirectly, except as permitted by any rules
issued by the Authority (no such rules exist); and (iii) do not act habitually as trustee, in any case in
relation to more than five settlors at any time. Such trusts are governed by a detailed notarial
procedure and therefore such trusts are covered for AML/CFT purposes by the notary who is a
subject person in terms of the PMLFTR. It should be noted however that all the exemptions referred
to in Art. 43(7) refer to persons who are already subject persons in their own right and therefore
subject to AML/CFT supervision.
424. (c) The FIAU in conjunction with the MFSA/MGA (where applicable) is the authority tasked
with the monitoring and supervision of all DNFBPs for compliance with the AML/CFT requirements
under the PMLA and PMLFTR and has a broad range of sanctions and these are referred to in more
depth at c.35.1. However, it is noted under R.35 that the civil sanctions detailed in Reg. 21(7)
PMLFTR do not extend to the “senior management” at the subject person.
All DNFBPs, other than casinos
426. As explained under R.26 the FIAU is assisted by other supervisory authorities (mainly the
MFSA & MGA) in the AML/CFT supervision of DNFBPs that would fall under the regulatory
competence of such authorities. Art. 26(2) PMLA stipulates that the FIAU must carry out its
responsibilities of ensuring compliance by subject persons with their AML/CFT obligations, on a risk
sensitive basis. However, the frequency and intensity of on-site and off-site supervision does not
fully take into account, for all types of DNFBPs, the ML/FT risks associated with an institution or
group and the wider ML/FT risks present in Malta.
427. The risk assessment of DNFBPs, excepting TCSPs and casinos, is carried out on the basis of
information obtained from those persons, through data collection exercises, predominantly through
the ACR which all subject entities are bound to submit to the FIAU on an annual basis. As detailed in
199
c.26.5 there are significant limitations with the ACR, as the questions are rudimentary and do not
elaborate further on the appropriateness of the policies and procedures in place. The questions do
not vary in accordance with the sector or type of entity being requested to provide information, and
many of the questions are binary and do not solicit quantitative information on the DNFBPs client
base. Therefore, the way the questions are framed in the ACR does not enable the Maltese authorities
to assess the true ML/FT vulnerabilities at the DNFBPs under their supervision. Furthermore, the
risk assessment of DNFBPs does not take into consideration the risks posed by the establishments or
branches in foreign jurisdictions. Some of the limitations of the ACR are acknowledged by the
Maltese authorities and in 2017 the FIAU and the MFSA carried out an extensive data collection
exercise on all TCSPs, to strengthen the authorities’ risk understanding of this sector and the
respective operators. It should also be noted that approximately 343 lawyers and accountants also
provide corporate services, a material sector in terms of ML/FT risk in Malta, which as TCSPs were
covered under the extensive data collection exercise of 2017.
Online Gambling and Casinos
428. It is noted that until 1 January 2018 only land-based casinos were considered as DNFBPs, with
internet-based and cruise casinos becoming DNFBPs through the amendments to the PMLFTR and
therefore subject to AML/CFT supervision.
429. In September 2017 the MGA carried out a data collection exercise on the AML/CFT controls
that remote gaming licensees already had in place. The results obtained from this exercise, together
with data already held by the MGA and collected through the annual Industry Performance Return,
was aimed at allowing the MGA to assess and risk rate the various remote gaming operators in Malta
as well as to devise a supervisory plan covering remote gaming operators for 2018. Though the
Industry Performance Return does not consider ML/FT specifically, the MGA indicates that it allows
it to have a good understanding of operators’ business operations including the location of their
operations, games offered, etc. Furthermore, the MGA is continuing to enhance its understanding of
the ML/FT risks of individual online gaming operators through the annual AML/CFT Questionnaire.
This questionnaire was circulated at the end June 2018 and the MGA is currently receiving and
processing the information sourced through these questionnaires. The authorities indicate that this
questionnaire will provide MGA/FIAU with new data on operators, which updates their control
measures in place and captures specific risk criteria that will be used to update the AML/CFT Risk
Matrix 2019.
430. The FIAU, in conjunction with the MFSA and MGA (where applicable), has risk-rated all subject
persons which completed ACRs and has assigned risk-ratings (very high; high; medium high;
medium and low) to each of these. At the time of the evaluation the supervisory authorities were in
the midst of overhauling their policies, procedures and operations on risk-based supervision. The
assessment team was informed that with effect from 2018, higher risk entities would be subject to
onsite inspections, medium risk entities would be subject to offsite inspections, and low risk entities
would be subject to supervisory meetings. However, the authorities were not in a position to provide
the assessment team with a documented procedure outlining this process
431. Malta meets c28.1, c.28.2 and 28.3 and partly meets 28.4 and 28.5. The rating has been
influenced by the following factors: (1) lawyers, DPMS and real estate agents are not regulated by
sectorial legislation, therefore there are concerns regarding the adequacy of market entry measures
and on-going fitness and properness measures for these persons; (2) the frequency and intensity of
both onsite and offsite inspections for DNFBPs, other than casinos and TCSPs, does not fully take into
account the ML/FT risks associated with an institution or group and the wider ML/FT risks present
in Malta; (3) statutory exemptions and de minimis ruling by the MFSA might result in some persons
not being subject to market entry measures and/or subject to AML/CFT; and (4) civil sanctions do
not extend to the “senior management” at the subject person. R.28 is rated as PC.
Recommendation 29 - Financial intelligence units
432. In its MER of 2012, Malta was rated C with the former R.26.
433. Criterion 29.1 – The FIAU, established by means of Act XXXI of 2001 (PMLA) and operational
since 2002, is a government agency in the form of a corporate body having a distinct legal
personality. According to Art. 16(1) PMLA, the FIAU is responsible for the collection, collation,
processing, analysis and dissemination of information with a view to combating ML and FT. The
FIAU seems to have similar powers in relation to predicate offences associated to ML, as the
mentioned article, when listing the specific functions that the FIAU is responsible for, refers to
activities suspected to involve property that may have derived directly or indirectly from, or
constitutes the proceeds of criminal activity.
434. Criterion 29.2 – According to Art. 16(1)(a) PMLA, the FIAU is responsible for receiving reports
from subject persons (both FIs and DNFBPs) regarding transactions suspected to involve ML/FT or
property that may have derived directly or indirectly from, or constitutes the proceeds of criminal
activity. Subject persons are under the obligation imposed by Reg. 15(3) PMLFTR to submit a report
to the FIAU whenever they know, suspect or have reasonable grounds to suspect that funds are the
proceeds of criminal activity or are related to FT, or that a person may be connected with ML/FT.
435. The Maltese legislation does not require subject persons to submit cash transaction reports,
wire transfer reports or other threshold-based declarations or disclosures, as subject persons are
only bound to submit reports on suspicious transactions or activities.
436. Criterion 29.3 – (a) The FIAU is legally empowered (Art. 30(1) PMLA) to demand from any
subject person, including but not limited to the subject person who may have made the suspicious
transaction report, any additional information that it may deem useful for the purposes of
integrating and analysing the suspicious transaction report or any other information in its
possession.
(b) The same powers can be exercised by requesting information also from any Government
ministry, department, agency or other public authority, or any other person, physical or legal, or
supervisory authority. On that basis, the authorities indicate that the FIAU has access to, inter alia,
information held by the Police and supervisory authorities such as the MFSA and the MGA;
employment and tax records; citizenship, passport and identification details; information relating to
the purchase and registration of property, vessels, vehicles and aircraft, VOs; and cross border cash
declarations.
437. The law states that the FIAU is able to obtain any information, thus specifying the subjects and
databases to which the FIAU can access. The FIAU seems to be able also to demand administrative,
financial and law enforcement information from subject persons, other authorities, LEAs and any
other person or entity. The law provides for the appointment of a Police Liaison Officer whose
functions includes that of making available to the FIAU or to any member of its staff any information
at the disposal of the police or which is part of police records to the extent that such information is
relevant to the exercise of the FIAU’s functions (Art. 24(3) PMLA).
201
438. The law does not specify what type of information the FIAU may request from subject persons.
However, it stipulates that the FIAU is empowered to request any information which it deems useful
for pursuing an analysis (Art. 30 PMLA) or for pursuing any of its functions at law (Art. 30A PMLA).
According to the Maltese authorities, this legal provision has been drafted in this manner so as to
ensure that the FIAU has the widest possible powers to source the necessary information
(irrespective of what type of information this may be) to conduct its functions effectively.
439. Criterion 29.4 – The FIAU analyses information provided through suspicious transaction
reports, information obtained through requests sent to subject persons, other authorities and
persons or entities, information obtained from foreign FIUs, or any other information that it has
access to or has in its possession.
(a) The FIAU’s analysis can be operational in nature. In particular, Art. 16(1)(a) PMLA stipulates that
it is the FIAU’s function to supplement suspicious reports received with additional information that
may be available to it or that it may demand to draw up an analytical report to be sent for further
investigation to the Police. The FIAU is empowered to perform operational analysis not only upon
the submission of STRs but also out of its own volition when it becomes aware of or comes in
possession of information that raises the FIAU’s suspicion (Art. 16(1)(l) and Art. 31(2) PMLA).
440. To assist its operational analysis, the FIAU makes use of IT tools and software (these include
the FIAU’s database, intelligence databases namely C6 and World-Check, I2 software, FIU.Net and
XBD), that identify any information already held by the FIAU which is linked to an analysis being
carried out, map out links between individuals, transactions, countries and/or entities depending on
the case, as well as identify potential links to other jurisdictions which may have previously been
unknown to the FIAU as being connected to the analysis being carried out.
(b) As regards strategic analysis, Art. 16 (1) PMLA stipulates that the FIAU is responsible to analyse
information with a view to combating ML and FT. Further, Art.16 (1) (f) specifies that information is
gathered by the FIAU for the analytical purposes with a view of detecting areas of activity which may
be vulnerable to ML or FT. The provisions of the law thus extend the FIAU’s powers to both
operational and strategic analysis. The organisational chart of the FIAU includes a Manager
specifically vested with the strategic analysis function.
441. Criterion 29.5 – In case of a reasonable suspicion of ML or FT, or that property may have
derived from, or constitutes the proceeds of, criminal activity, the FIAU sends any analytical report,
or any information, document, analysis or other material in support of the analytical report, to the
Commissioner of Police for further investigation (Art. 16(1)(b) and (d) and Art. 31 PMLA). In
addition, Art. 16(1)(k) PMLA enables the FIAU to cooperate and exchange information, upon request
or spontaneously, with any supervisory authority and other competent authority.
442. As regards the regime to be assigned to STRs, in terms of dedicated, secure and protected
channels for dissemination, the FIAU does not disseminate STRs itself, but the information contained
in the STR, any supplemental information and the results of the analysis is sent to the Malta Police
for further investigation. This is in line with the FIAU’s obligation under Reg. 15(11) PMLFTR to
protect and keep confidential the identity of persons and employees who report STRs. Maltese
legislation does cater specifically for the dissemination of STRs results (i.e. analytical reports and
other information) to the Malta Police (Art. 16(1)(b) PMLA and in a more detailed manner under Art.
31 PMLA). Moreover, cooperation with supervisory authorities other competent authorities is
regulated under Art. 27 and 27B PMLA.
443. Communication with other relevant and competent authorities is done via face-to-face
meetings, telephone calls, hard copy documents, use of encrypted memory drives, and emails, where
the email system used is secured and encrypted using TLS encryption. Analytical reports are passed
on to the designated Police Liaison Officer in hard copy. Should the FIAU have any additional
supporting documentation which is only available in soft copy, this is passed on accordingly to the
Police Liaison Officer via email which, as stated above is secured and encrypted, or other secure
means (such as military grade encrypted USBs).
444. Criterion 29.6 – (a) The FIAU’s Confidentiality Policy sets rules and procedures to ensure the
confidentiality and security of information, including on the handling, storage and internal and
external access to information, depending on the information’s level of sensitivity. Moreover, the
financial analysts within the FIAU, by way of procedure, exchange information with foreign
counterparts only through secure channels, mainly the ESW and the FIU.Net. In addition,
confidentiality obligations are specifically recalled in the PMLA (Art. 34), to which FIAU officers and
employees and agents, whether still in the service of the FIAU or not, have to adhere to. In particular,
they shall treat any information acquired in the exercise of their duties or the exercise of their
functions under the PMLA as confidential and shall not disclose any information relating to the
affairs of the FIAU, which they have acquired in the performance of their duties or the exercise of
their functions. Breaches of Art. 34(1) PMLA are subject to a criminal sanction under the CC. Art. 34
PMLA also stipulates the circumstances where FIAU information and/or documentation may be
disclosed or disseminated. The list of exemptions provided for by Art. 34 seems too large (in
particular (e)) and leaves room to subjects mentioned to disclose information received in carrying
out their functions, even though it gives the FIAU discretion in deciding when such information may
be disclosed (see also c.40.6). Furthermore, in terms of Art. 33 PMLA any official or employee of the
FIAU who discloses to a third party that an analysis is being carried out or that the FIAU received a
STR, or that the FIAU transmitted information to the police for further investigation shall be guilty of
a criminal offence and shall be liable on conviction to a fine.
(b) Every officer and employee of the FIAU is screened by the MSS prior to their employment with
the FIAU and every three years thereafter. The obtainment of the necessary clearance is a
prerequisite for engagement and continued employment with the FIAU. All FIAU staff members
require a security clearance at “SECRET” level. Moreover, the FIAU obtains a complete police conduct
certificate prior to employing an individual. This certificate provides the complete history of an
individual’s criminal records and indicates any criminal conviction that the individual might have
had.
(c) Physical controls are implemented to safeguard the FIAU premises and information held by the
FIAU. IT controls are also put in place including email encryptions and firewalls; user account
management and periodic user verification; user access monitoring; security awareness notices and
communications; and limited access to hardware and databases. As regards access to information
held by the analysis section of the FIAU, only the Director and Deputy Director of the FIAU and the
financial analysts have access to the analysis database which holds STRs, requests for information
and miscellaneous intelligence reports.
445. Criterion 29.7 – (a) The FIAU is defined by the law as a body corporate having distinct legal
personality (Art. 15 PMLA).
446. Art. 18(1) PMLA stipulates that the FIAU shall be composed of a Board of Governors and a
Director. The Board is appointed by the Minister responsible for Finance from a panel of persons
203
nominated by the AG, the Governor of the Central Bank of Malta, the Chairman of the MFSA and the
Commissioner of Police respectively. The Chairman and Deputy Chairman are appointed by the
Prime Minister from among the persons appointed by the Minister. Art. 19(5) PMLA stipulates that
the members of the Board shall discharge their duties in their own individual judgement and shall
not be subject to direction or control of any other person or authority. No reference is made in the
law to specific professional skills and personal characteristics to be possessed by the members of the
Board, and to be periodically assessed, in order to adequately assume responsibilities for the policy
to be adopted by the FIAU. The Board is required to provide to the Minister of Finance a copy of its
annual accounts, certified by auditors, and a report on the operations of the FIAU on an annual basis
(Art. 42 PMLA). The report is tabled at the House of Representatives by the Minister.
447. The Board is, in accordance with Art. 18(2) PMLA, responsible for the policy to be adopted by
the FIAU and to be executed and pursued by the Director, as well as to ensure that the Director
carries out that policy accordingly. The authorities indicate that “policy” covers a number of policy
documents that regulate the operations of the FIAU, including on administration (e.g. travel or
confidentiality), compliance (e.g. policy on sanctions and publications of sanctions) and analysis
(financial analysis procedure). Of the FIAU functions listed under Art. 16(1)(a) to (l) the Board is
only in charge of advising the Minister on “all matters and issues relevant to the prevention,
detection, analysis, investigation, prosecution and punishment of ML and FT offences”. In practice,
the authorities indicate that the Director and staff of the FIAU also provide advice to the Minister.
Advice is provided on issues such as AML/CFT legislative proposals or AML/CFT issues of a strategic
nature.
448. As per Art. 23 PMLA, the Director (and the other officers and staff) of the FIAU are appointed
or recruited by the Board according to such procedures and on such terms and conditions and in
such numbers as the Board may determine. Art. 18(3) stipulates that it is the Director who is
responsible for executing the policy established by the Board and for carrying out all the functions of
the FIAU, including the functions of analysing, requesting and/or forwarding or disseminating
information, which are not attributed to the Board under the Act, “in accordance with the policy and
subject to the general supervision of the Board”.
449. In practice, upon receipt of an STR, the initial decision to start analysis (and/or to share
information with foreign jurisdictions) is taken by the Financial Analysis Managers. A Financial
Analyst carries out a preliminary analysis, which is discussed in a prioritisation meeting, attended by
analytical officers and chaired by the Managers of the section. A decision can be taken to carry out
more detailed analysis and initiate an analytical case. Once the analysis is carried out the case is then
presented by the analytical officer before the Financial Analysis Committee. This internal committee
is composed of all analytical officers, an officer from the legal section, the Deputy Director and the
Director and attended by the Police Liaison Officer, who does not hold any voting rights. The
Committee determines whether there is a reasonable suspicion of ML, FT or proceeds of criminal
activity and whether to close the case, request additional information, or disseminate the case to the
Police. In the latter case, an analytical report drawn up by the analyst assigned to the case is
forwarded to the Malta Police for further investigations, after an internal review has been conducted
by the analyst’s respective manager and the Director or Deputy Director of the FIAU to ensure that
the analyst’s findings are presented in a clear, comprehensive and understandable manner.
450. The authorities indicate that the Board of Governors, or other external persons have no
involvement in the carrying out of these operational functions and that the members of the Board do
not have access to any information, data, documentation stored or databases maintained by the
FIAU. The authorities indicate that the Board receives reports containing aggregated information on
the operations of the FIAU. In exceptional circumstances, especially when the Board is required to
assess the operations of the Unit and whether these are in line with agreed policies and processes,
there could also take place discussions on specific cases, however in full respect of confidential and
sensitive information. The appointment/recruitment of the Director, other officers and staff of the
FIAU is carried out by the Board according to procedures, terms and conditions determined by the
Board. In practice, the FIAU follows the general public service-sector procedures. The law does not
provide specific mechanisms and procedures for the appointment of the Director.
451. (b) Art. 16(1)(k) PMLA empowers the FIAU “upon request or on its own motion and subject to
such conditions and restrictions as it may determine, to cooperate and exchange information with”
foreign counterparts, supervisory authorities, even if located outside Malta, and with other
competent authorities. The Director of the FIAU is responsible for carrying out this function.
452. (c) The FIAU falls within the structure of the Ministry for Finance, having however distinct
legal personality and separate premises where all its operations take place and information and
databases are maintained and stored.
453. (d) The financial resources available to the FIAU consists of fees originating from its
supervisory functions (including revenue from pecuniary sanctions imposed for breaches of
AML/CFT obligations), resources allocated by the Ministry for Finance and other income. Art. 15(2)
establishes that the FIAU is autonomous in entering into contracts, acquire, hold or dispose of its
property, using its assets and acquiring technical resources and other equipment which it deems
necessary. The obtainment and deployment of human resources are planned for a period of three
years and the related plans, as well as the initiation of external recruitment processes, are subject to
the approval of the Ministry for Finance.
454. Criterion 29.8 – The FIAU has been a member of the Egmont Group of FIUs since 2003.
455. Malta meets Criteria 29.1, 29.2, 29.3, 29.4, 29.5, 29.6 and 29.8 and partly criterion 29.7, which
is due to the absence of specific mechanisms and procedures for the appointment of the Director. On
the basis of the above, R.29 is rated as LC.
Recommendation 30 – Responsibilities of law enforcement and investigative authorities
456. This Recommendation, which was formerly R.27, did not form part of Malta’s fourth round
MER in 2012.
457. Criterion 30.1 – The Malta Police is the LEA designated to investigate criminal offences,
including ML offences, associated predicate offences and FT offences. Within the Malta Police, the
Economic Crimes Squad is responsible for investigating criminal offences of a financial nature. It has
within it a special designated Anti-Money Laundering Unit which is tasked with the investigation of
ML offences (even though nothing precludes other police units from investigating ML offences as
well). In fact, ML investigations are also carried out by other sections of the Malta Police, such as the
Drug Squad (in conjunction with the investigation of drug-related offences) or the Criminal
Investigations Department (in conjunction with the investigation of serious organised crime). The
Anti-Money Laundering Unit is generally tasked with the investigations of more complex ML cases,
while other less complex ML cases would usually be investigated by the section investigating the
205
predicate offence. In relation to smuggling/contraband and the respective excise duties and VAT
issues, the Customs Department may report cases to the Police; the latter may initiate ex-officio an
investigation (jointly with the Customs Department or separately). In relation to tax crimes
(including VAT), it should be noted that the Police do not have the power to prosecute (although they
can initiate investigations). Such prosecutions require the authorisation of the CFR, which has the
powers to investigate administratively. With regard to terrorism-related offences (including FT), the
Malta Police has a special designated unit (the “Counter-terrorism Unit”) tasked with the
investigation.
458. Criterion 30.2 – Police officers investigating predicate offences are authorised to pursue related
ML/FT offences.
459. Criterion 30.3 – The AMU which was set up within the Court Registry in 2012 (Art. 23D of the
CC) was until recently the competent authority to identify, trace and initiate freezing and seizing of
property that is or may become subject to confiscation, or is suspected to be proceeds of crime. Since
August 2018 the ARB has been tasked with the above issues. The assessment team notes that the
role of the ARB does not apply to procedures initiated prior to its establishment. While the ARB is
the designated authority which fulfils the requirements of criterion 30.3, Malta is not fully compliant
with regard to cases assigned to the AMU before August 2018, as the latter lacks the full capacity
with regard to asset-tracing, in particular abroad.
460. Criterion 30.4 – There are no competent authorities other than the Malta Police which have the
responsibility to pursue financial investigations of predicate offences.
461. Criterion 30.5 – Malta has not designated any specific anti-corruption enforcement authority.
Corruption and any related ML/FT offences are addressed in the same manner as other predicate
offences.
462. In relation to tax crimes, the Police can initiate investigations but requires the authorisation of
the CFR for their prosecutions. While the ARB is the designated authority which fulfils the
requirements of criterion 30.3, Malta is not fully compliant with regard to cases assigned to its
predecessor before August 2018 with regard to asset-tracing (in particular abroad) and
management. R.30 is rated LC.
Recommendation 31 - Powers of law enforcement and investigative authorities
463. This Recommendation, which was formerly R.28, did not form part of Malta’s fourth round
MER in 2012.
464. Criterion 31.1 – Competent authorities conducting investigations of ML, associated predicate
offences and FT are empowered by the CC to obtain access to all necessary documents and
information for use in those investigations and in prosecutions and related actions, including powers
to use compulsory measures for: (a) the production of records held by FIs, DNFBPs and other natural
or legal persons (Art. 355AD(3) and (4)); (b) the search of persons and premises (Art. 355E to 355J,
355K to 355O, 355AF and 355AG); (c) taking witness statements and (d) seizing and obtaining
evidence (Art. 355P to 355U).
465. Criterion 31.2 – Malta’s competent authorities are empowered to use a wide range of
investigative techniques for the investigation of ML, associated predicate offences and FT, such as
undercover operations (Art. 435E (3) CC), accessing computer systems (Art. 355P and 355Q CC) and
controlled deliveries (Art. 435E CC with regard to the investigation of any criminal offence and Art.
30B DDO with regard to the investigation of drug-related offences envisaged under that law). The
Malta Police does currently not have the power or authorisation to directly intercept
communications during criminal investigations. However, the Commissioner of Police may request
the MSS to petition the Minister of the Interior (responsible for the Security Services) to authorise
interceptions for use in a criminal investigation. As the law currently stands the Police are not able to
make use of the possibility to intercept communications through its own independent decision.
466. Criterion 31.3 – The Police (Art. 355AD CC) are empowered to enquire with banks and other
FIs whether natural or legal persons control accounts. Requests for information are disseminated by
email which is secured and encrypted. There may still be instances where requests for information
are hand-delivered if this is requested by particular institutions. With regards to the timeliness of
responses, the Police will indicate its own timeline to persons holding/controlling accounts, non-
adherence to which is subject to sanctions. With regard to the process of identification of assets, this
does not imply a prior notification to the owner.
467. Criterion 31.4 – The FIAU can, upon request (Art. 34(3) PMLA), disclose information or
documents to a competent authority in or outside Malta investigating ML (including the related
offences under the Dangerous Drugs Ordinance and the Medical and Kindred Profession Ordinance)
and FT, but apparently not with regard to the associate predicate offences (as they are not explicitly
mentioned in the law). The Malta Police has to request the prior express authorisation of the FIAU
should they intend to further disseminate or use the information or document provided for other
purposes. Moreover, the FIAU is empowered to report to the Malta Police and provide information
on suspicions of ML/FT as well as information on the underlying criminal activity (Art. 16(l) of the
PMLA).
468. The Malta Police does currently not have the power or authorisation to directly intercept
communications during criminal investigations, but must request prior authorisation. The FIAU is
only authorised to disclose information or documents upon request to a competent authority in or
outside Malta with regard to ML and FT, but not related predicate criminality. R.31 is rated LC.
Recommendation 32 – Cash Couriers
469. This Recommendation, which was formerly SR.IX, did not form part of Malta’s fourth round
MER in 2012.
470. Criteria 32.1 – Reg. 3 of the Cash Control Regulations obliges any person entering, leaving or
transiting through Malta (whether entering from/heading towards a State which is a member of the
EU or not) and carrying a sum equivalent to EUR 10,000 or more in cash, to submit a declaration to
Customs. Due to the broad definition of “cash” it applies to BNI. However, cargo and mail
transportation of cash are not covered (although the sending of cash by mail is limited to EUR 10 by
law).
471. Criteria 32.2 – Persons making physical cross-border transportation of currency or BNI of a
value equal to or exceeding EUR 10,000 are required to make a written declaration to the Controller
of Customs. They are required to confirm the truthfulness of their declaration and are warned about
the consequences of false, inaccurate or incomplete declarations.
472. Criterion 32.3 – The criterion is not applicable since Malta has a declaration system.
207
473. Criterion 32.4 – Upon discovery of a false declaration or a failure to declare, the carrier is
interviewed by customs for the purposes of the cash declaration form. The carrier is then requested
to fill in a (new) cash declaration form. In doing this, the carrier is obliged to provide (further)
details of the provenance/origin of the cash or BNIs.
474. Criterion 32.5 – In accordance with Reg. 3(4) of the Cash Control Regulations, persons who
make a false declaration or who do not fulfil their obligation to declare sums of cash as required
under Reg. 3(2) shall be guilty of a criminal offence and shall be liable to a fine equivalent to 25% of
the value of such sum. Reg. 3(4) also states that the maximum fine may not exceed EUR 50,000. Reg.
3(5) provides for the forfeiture of the undeclared amount in excess of EUR 10,000, or the whole
amount when it is indivisible.
475. Criterion 32.6 – Malta has a database containing the details of declarations made and details of
breaches of these regulations. All information obtained through the declaration process as well as
information on discovered breaches has to be transmitted to the FIAU on a bi-weekly basis (Reg.
4(1) and (2) of the Cash Control Regulations).
476. Criterion 32.7 – Further to the transmission of information from Customs to the FIAU
mentioned under c.32.6, the Customs Department coordinates with various sections within the
Police (including the Immigration Unit, the Economic Crimes Unit and the Police Anti-Drug Squad)
on the basis of an agreement and with the possibility of forming JITs. Customs also liaise with the
MSS. Customs, Police and Security Services exchange information on possible suspects carrying cash
at the border.
477. Criterion 32.8 – Mechanisms to restrain currency or BNIs are foreseen under Art. 355P CC and
Reg. 3(1) of the Cash Controls Regulation. Art. 355P CC empowers the Police to seize anything if they
have reasonable grounds for believing that it has been obtained in consequence of the commission of
an offence (including ML/FT offences) or that it is evidence in relation to an offence which would
require its seizure to prevent it being concealed, lost, damaged, altered or destroyed. Reg. 3(3)
empowers the authorities to seize the undeclared or falsely-declared amount in excess of EUR
10,000 (or the whole amount if it is indivisible).
478. Criterion 32.9 – The information referred to under c.32.9(a), (b) and (c) is retained in a
database held by the Comptroller of Customs in accordance with Reg. 4(1) of the Cash Controls
Regulation and Regulation 1889/2005. It is shared in accordance with Art. 6 and 7 of Regulation
1889/2005 on a bi-weekly basis with the FIAU and on request with the police. The information is
available for international cooperation.
479. Criterion 32.10 – Information collected from the declaration system is stored, safeguarded, and
processed pursuant to Maltese data protection requirements emanating from the Data Protection
Act. The Maltese authorities have stated that the declaration system is not affecting the trade
payments between countries nor the freedom of capital movements.
480. Criterion 32.11 – Persons who are carrying out a physical cross-border transportation of
currency or BNI that are related to ML/FT or predicate offences are subject to convictions for
ML/FT. However, concerns remain about the lack of fully proportionate and dissuasive sanctions
with regard to the FT offence (see c.5.6). Upon conviction for ML/FT, the cash or other monetary
instruments are subject to confiscation (see R.4). Reg. 3(5) and (6) of the Cash Control Regulations
provide for the confiscation of undeclared amounts in excess of EUR 10,000, or the whole undeclared
amount when the cash/BNI is indivisible. The forfeiture is not applicable where the value of the
carried amount is exactly EUR 10,000. The provisions of these regulations are applicable whenever a
person makes a false declaration or fails to make a declaration as required, and irrespective of
whether suspicions of ML/FT arise.
481. Malta does not have a declaration system for cargo and mail transportation of cash (although
the legislation limits the sending of cash by mail to EUR 10). Concerns about the full dissuasiveness
of the sanctions for the FT-offence are also affecting compliance with criterion 32.11.a). R.32 is
rated LC.
Recommendation 33 – Statistics
482. In the 4th Round Malta was rated as LC with former R.32. The assessors concluded that there
was no detailed statistics of the number of confiscations and confiscation orders and that the
statistics for on-going supervision of FIs (other than credit institutions) was not broken-up by
category. The assessors also raised that it was impossible to assess the effectiveness of maintaining
statistics on international exchange of information due to the lack of requests and that there was an
insufficient review of the Maltese AML/CFT system as a whole.
483. Criterion 33.1 – (a) STR received and disseminated – The FIAU retains statistical data on the
number of STRs received and the number disseminated to the Malta Police for further investigations.
(b) ML/FT Investigations, Prosecutions and Convictions – The Malta Police holds statistical data on
investigations and prosecutions of ML and FT offences. Statistical information is also kept on
convictions delivered by the criminal courts.
(c) Property frozen, seized and confiscated – The Registrar of the Criminal Courts keeps statistical
information on all freezing orders and confiscations. The ARB is also responsible for the collection
and retention of statistical data concerning:
(i) the number of investigation, attachment, freezing and confiscation orders issued under the CC or
under any other law;
(ii) the estimated value of property attached, seized or frozen, at the time the issue of the attachment
or freezing order; and
(iii) the estimated value of property recovered at the time of confiscation.
(d) MLA or other international requests for co-operation made and received – The AGO, which is the
central designated authority for mutual legal assistance in criminal matters, has a database which
keeps statistical data about the requests for assistance received and made (which includes all forms
of requests for legal assistance ranging from the traditional letters of requests and extradition
requests to European Arrest Warrants and Freezing Orders), the legal arrangements upon which the
request was made, the requesting and requested countries and the status of the request (among
others). This database is also linked to the Eurojust Case Management system in line with the
consolidated version of the EU Council Decision 2002/187/JHA.
484. The only criterion under this recommendation is met. R.33 is rated C.
Recommendation 34 – Guidance and feedback
209
485. In the 4th Round Malta was rated as PC with former R.25. The assessors concluded that there
were no sector specific guidelines on ML/FT techniques and methods and that the FIAU was not
ensuring that the feedback mechanism to subject persons was working effectively in practice. The
assessors were also unable to assess the effectiveness of the new provisions in the Implementing
Procedures Part I due to the recent adoption at the time of the on-site visit.
Guidelines
487. Under Reg. 17 PMLFTR, the FIAU is empowered to issue legally-binding procedures and
guidance, together with the relevant supervisory authorities, as may be required for the carrying
into effect of the provisions of the AML/CFT regulations stipulated under the PMLFTR. The main
guidance document issued by the FIAU and which provides general guidance on the application of all
the AML/CFT obligations envisaged under the PMLFTR is the Implementing Procedures Part I. These
Implementing Procedures lay down legally-binding procedures and provides guidance, and is
applicable to all subject persons (i.e. both the financial and the non-financial sectors). The
Implementing Procedures Part I were issued on 20 May 2011 and were most recently updated on 27
January 2017. Although the PMLFTR was introduced on 1 January 2018, at the time of the onsite
visit, the FIAU was in the process of consulting on a revised Part I of the Implementing Procedures99.
Historically, the FIAU has also issued sector-specific guidance named Implementing Procedures Part
II in respect of Banks (updated in February 2013) and Land-Based Casinos (updated in September
2015) and Remote Gaming (issued on 19 July 2018). However, the banks and land-based casinos
guidance will require updating to reflect the recent legislative amendments to the PMLA and
PMLFTR. Specific guidance for the CSP sector is currently being drafted and specific guidance for
virtual financial asset operators was issued for consultation on 31 October 2018. Sector specific
guidance for the insurance and investment sectors remains to be drafted.
488. Apart from the issuance of general and sector specific AML/CFT guidance and procedures the
FIAU also issues ad-hoc guidance to address particular obligations or matters of AML/CFT relevance
(e.g. Guidance note on high-risk and non-cooperative jurisdictions; Interpretative note on the
AML/CFT obligations of professional firms and FT – Red Flags and Suspicious Activities and business
risk assessments).
Feedback and Outreach
489. Pursuant to Art.16 PMLA the FIAU is responsible for the promotion of training of, and to
provide training for personnel employed with any subject person on matters relevant to the
prevention of ML and FT and to advise and assist subject persons to put in place and develop
effective measures and programmes to prevent ML and FT.
490. The FIAU organises or participates at a number of seminars and conferences organised by
private bodies and educational entities on AML/CFT matters and obligations. For example, in 2017
the FIAU held two half day seminars on the revised Implementing Procedures Part I (in February and
April 2017) which were attended by close to 900 subject person officials and employees. In January
2018 the FIAU, jointly with the MFSA, held a one-week seminar dedicated to the carrying out of risk
assessments and the application of the risk-based approach. During this one-week seminar, sector-
99This was issued for consultation on 30 October 2018. It is anticipated that the final version will be published
by the end of 2018.
specific training was provided to credit institutions, investment companies, trustees, company
service providers, notaries and real estate agents.
491. Apart from organising training events, the FIAU also provides continuous assistance to subject
persons on specific AML/CFT issues over the phone or via e-mail. Between the period December
2015 to June 2018, the FIAU informed the assessment team that it has replied to approximately 300
queries. Moreover, the FIAU in 2017 set up a newsletter, to which the MLROs of all subject persons
registered on the FIAU database were requested to subscribe. The FIAU has also launched a public
Linked-In profile. The FIAU uses these resources and social media platforms to circulate and
publicise guidance, interpretative notes and other material that the FIAU publishes on its website to
ensure a wider circulation.
492. In terms of Art. 32 PMLA the FIAU is empowered to provide feedback (on its own motion or
following requests by subject persons) on the outcome of STRs and on other information to assist
subject persons in carrying out their reporting duties under the PMLFTR. Reg. 15(12) PMLFTR
stipulates that the FIAU shall provide subject persons and supervisory authorities, where applicable,
with feedback on the effectiveness of STRs.
493. The FIAU analysis section provides feedback on the outcome of STRs submitted to the subject
person making that STRs when: (i) the analytical report concerning that STR is sent to the Police; (ii)
the information contained in that STR is exchanged on a spontaneous basis with a counterpart FIU or
a local competent authority but no analytical case is opened by the FIAU; and (iii) no analytical case
is opened on the basis of that STR or an opened analytical case (concerning that STR) is closed by the
FIAU.
494. Moreover, the FIAU also provides information on the status of STRs reported, upon the request
of the subject person lodging that STR. Additionally, as from February 2014, the FIAU Analysis
Section has introduced a new procedure whereby each and every STR submitted is being reviewed
with the purpose of providing feedback on its quality to the subject person concerned. By virtue of
such a feedback procedure subject persons are informed about the adequacy of the STR submitted.
In particular, the FIAU indicates whether: (i) the suspicious transaction or activity was clearly and
completely described; (ii) whether sufficient detail was provided; and (iii) whether the supporting
documentation furnished was necessary for the analysis of the case.
495. The FIAU also provides a score which rates the overall quality and completeness of the STR.
This latter procedure is intended to educate and provide specific guidance to subject persons on the
specifics of reporting, in a bid to improve the quality of STRs submitted.
496. There remain gaps in sector specific guidance which would assist FIs and DNFBPs in applying
AML/CFT measures. R.34 is rated LC.
Recommendation 35 – Sanctions
497. In the 4th Round Malta was rated as PC with former R.17. The assessors concluded that a low
number of sanctions had been imposed on subject persons; no pecuniary sanctions had been
imposed on FIs; no sanctions had been imposed on FIs senior management; and sanctions had not
been imposed in an effective and dissuasive manner. It was also identified that the FIAU did not
publish the sanctions it imposes.
498. Criterion 35.1 – Malta has a range of proportionate and dissuasive sanctions.
211
Financial Institutions and DNFBPs
499. Under Art. 13 PMLA, the Minister responsible for Finance may make Regulations for the
imposition of criminal punishments, administrative penalties and other measures, that may be
imposed in respect of any contravention, breach or failure to comply with any rules, regulations or
directives made under this Act. Art. 13 also lays down the maximum punishments that can be
imposed by means of regulations. Reg. 21 PMLFTR provides for the imposition of administrative
penalties of not less than EUR 1,000 and not more than EUR 46,500 in respect of every breach in
AML/CFT obligations. With respect to minor contraventions the FIAU may impose an administrative
penalty of not less than EUR 250 or issue a reprimand in writing instead of an administrative
penalty. With respect to serious, repeated or systemic contraventions, pursuant to Reg. 21(4)(b) the
FIAU may impose the following penalties:
(i) where the subject person committing such contravention carries out a relevant activity (hence a
DNFBP) penalties of up to EUR 1,000,000 or twice the amount of the benefit derived from the breach
(where the benefit can be quantified); and
(ii) where the subject person committing such contravention carries out a relevant financial business
(hence FIs) the maximum penalty that may be imposed increases up to EUR 5,000,000 or 10% of the
total annual turnover of the institution.
500. Reg. 21(3) stipulates that administrative penalties may be imposed either as a one-time fixed
penalty or as daily cumulative penalty until the particular issue is rectified. They shall be imposed by
the FIAU through an administrative process and without the need of a judicial hearing. It is in fact the
Compliance Monitoring Committee (“CMC”), composed of FIAU officials from the compliance, the
legal unit as well as the Director and Deputy Director of the FIAU, that is responsible for the review
of potential breaches of AML/CFT obligations and the imposition of administrative penalties where
such breaches subsist. This function is exercised in accordance with sanctioning policies and
procedures that are approved by the Board of Governors of the FIAU.
501. The FIAU also has the power to: (1) require subject persons to terminate a business
relationship within a stipulated period of time pursuant to Reg. 18 PMLFTR and (2) issue directives
in writing ordering a subject person to do or to refrain from doing any act pursuant to Art. 30C
PMLA.
502. Reg. 16(1) PMLFTR imposes a criminal sanction for disclosing prohibited information
(tipping-off: see also c.21.2.). Any subject person, official or employee of a subject person or a
supervisory authority who discloses prohibited information (as envisaged under Reg. 16.1) shall be
liable to a fine not exceeding EUR 115,000 or imprisonment of up to 2 years, or to both such fine and
imprisonment. Although Art.13 PMLA empowers the Minister of Finance to issue rules or regulations
which cater for the imposition of criminal sanctions for breaches of AML/CFT obligations envisaged
under the PMLA, PMLFTR or Implementing Procedures, excepting tipping-off which is criminalised,
there are currently no regulations or rules catering for the imposition of criminal sanctions for other
AML/CFT breaches envisaged under the PMLFTR and the Implementing Procedures. However,
R.35.1 does provide countries with flexibility to decide whether civil or administrative powers would
be more appropriate.
503. Pursuant to Art. 13C PMLA, penalties exceeding EUR 10,000 are published in accordance with
policies and procedures established by the FIAU’s Board of Governors and are currently published
on the FIAU website.
504. Reg. 21(8) PMLFTR states that the imposition of administrative penalties does not prejudice
the ability of other supervisory authorities or authorities (who would be responsible for the
authorisation, licensing, registration, regulation of the granting of a warrant to subject person) to
take additional actions as it may deem appropriate. As per Reg. 21(6), the FIAU must inform the
relevant supervisory authority in a timely manner when it imposes an administrative penalty on a
subject person. The MFSA is empowered to restrict, suspend or withhold licenses or authorisation of
financial services licensees, where these would not abide by their licensing conditions, which include
a condition to comply with all AML/CFT legislation. The MGA may order the suspension or
cancellation of a remote gaming license if the license holder is in breach of the provision of the
PMLFTR pursuant to Reg. 13(1)(g) of the Remote Gaming Regulations. With regard to casinos the
MGA may, in terms of Art. 18 and 19 of the Gaming Act cancel a casino license as a result of a breach
of a licence condition or where the authority is satisfied that the casino licensee is not, or has ceased
to be a suitable person to be the licensee of a casino.
NPOs
505. Art. 31 of the VOA currently in force provides that “Where any person acts in breach of any of
the provisions of this Act or any regulations made thereunder, and a specific penalty is not provided
for the offence under this Act or any regulations made thereunder, such person shall, on conviction,
be liable to a fine of not less than EUR 116.47 but not more than EUR 2,329.37 or to a term of
imprisonment for a period not exceeding six months, or to both such fine and imprisonment.”
Targeted financial sanctions related to TF and terrorism
506. Art.6 of the NIA lays down the following criminal penalties for any breach of sanctions
(including TFS related to terrorism and terrorist financing), whether EU, UN or national sanctions.
507. For Individuals: If found guilty by a Court of Law, the penalties are a term of imprisonment for
a term from twelve months to twelve years or a fine of not less than EUR 25,000 and not exceeding
EUR 5,000,000, or to both such imprisonment and fine.
508. For Entities: the payment of a fine of not less than EUR 80,000 and not exceeding EUR
10,000,000. The Court may also order:
 the suspension or cancellation of any licence, permit or other authority of the entity to
engage in any trade, business or other commercial activity;
 the temporary or permanent closure of any establishment which may have been used for the
commission of the offence;
 the compulsory winding up of the body corporate;
 the exclusion from entitlement to public benefits or aid.
509. Criterion 35.2 – Pursuant to Reg. 21(7) PMLFTR, where a contravention is committed by a
subject person who is a body or other association of persons, the administrative penalty may be
imposed on any person who at the time of the contravention was a director or similar officer (e.g. a
partner in a limited partnership) responsible for the management of the body or association of
persons, or whoever was purporting to act in such a capacity. Furthermore, the FIAU is empowered
to recommend to other supervisory authorities that a director or similar officer be precluded from
exercising managerial functions within any subject person. However, the civil sanctions detailed in
Reg. 21(7) PMLFTR do not extend to the “senior management” at the subject person.
213
510. With regard to TFS related to FT and terrorism, Art. 6(4A) of the NIA provides that where an
offence against the provisions of this Act is committed by a body corporate, every person who, at the
time of the commission of the offence, was a director, manager, secretary or other similar officer of
such body corporate, shall be guilty of an offence unless he proves that the offence was committed
without his knowledge and that he exercised all due diligence to prevent the commission of the
offence.
511. Malta meets c.35.1 and partly meets 35.2. The civil sanctions detailed in the PMLFTR do not
extend to the “senior management” at the subject person. R.35 is rated LC.
Recommendation 36 – International instruments
512. In its 2012 report, Malta was rated LC with former R.35 and SR.I. Assessors found that
although the Palermo and TFC were in force, there were reservations about the effectiveness of
implementation in some issues. Furthermore, the regime for freezing funds was not satisfactorily
implemented, an aspect which is no longer assessed under this Recommendation.
513. Criterion 36.1 – Malta ratified the Vienna Convention on the 28 February 1996. Malta signed
the Palermo Convention on the 14 December 2000 and ratified it on the 24 September 2003. Malta
signed the Merida Convention on the 12 May 2005 and ratified it on 11 April 2008. Malta signed the
TFC on 10 January 2000 and ratified it on 11 November 2001. Malta signed the Council of Europe
Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the
Financing of Terrorism on the 16 May 2005 and ratified it on 30 January 2008.
514. Criterion 36.2 – The Vienna Convention, the Palermo Convention and the TFC were transposed
into national law mainly through the PMLA, the CC, the DDO and the MKPO. The Merida Convention
was transposed into national law mainly through the CC, the PMLA, the Permanent Commission
against Corruption Act and the Extradition Act.
515. The relevant provision implementing Art. 5 of the Vienna Convention in the DDO (where
different procedures are established in relation to offences committed in Malta or cognizable outside
Malta) and Art. 120E and Art. 120F MKPO, concerning the freezing of property and confiscation
orders cognizable by courts outside Malta, are not fully aligned. The different sets of rules may cause
confusion in practice. The third-party confiscation provisions are not fully covered.
516. In relation to the implementation of the provisions of the Conventions regarding confiscation
procedures (Art. 5 of the Vienna Convention; Art. 12, 13 and 14 of the Palermo Convention; and Art.
51-55 of the Merida Convention), the Asset Recovery Regulations of 2015 have entered into force in
their entirety on 20 August 2018.
517. Malta meets criterion 36.1, as it has ratified all the relevant Conventions. As regards criterion
36.2, relevant provision implementing Art. 5 of the Vienna Convention are not fully aligned, with
different rules that may cause confusion in practice. Furthermore, the principles on third party
confiscation are not fully implemented. R.36 is rated PC.
Recommendation 37 - Mutual legal assistance
518. In its 2012 report, Malta was rated C with former R.36 and SR.V.
519. Criterion 37.1 – Malta has the legal basis to provide the MLA requested by foreign jurisdictions.
This legal framework is comprised of a network of international treaties, conventions and EU
Framework Decisions (which are directly applicable under national law), the CC and subsidiary
legislation, the PMLA, the Dangerous Drugs Ordinance (DDO), the Medical and Kindred Professions
Ordinance, the Extradition Act and subsidiary legislation thereto. MLA is also provided on the basis
of the principle of reciprocity.
520. Art. 649 CC provides for the execution of letters of request in general. The DDO and PMLA deal
more specifically with requests relating to dangerous drugs and psychotropic substances and ML
respectively. Requests for assistance in relation to FT, which is criminalised under the CC, are also
regulated by Art. 649.
521. In Maltese law, the assistance afforded may range from the service of summons and
documents to enforcement of confiscation orders, from the hearing of witnesses to search and
seizure, from the production of documents to hearing of a witness or expert by video conference.
522. Investigation and attachment orders may be issued upon the request of foreign judicial,
administrative or prosecuting authorities under Art. 435B CC, whose provisions are also reflected in
Art. 9 PMLA and Art. 24B DDO which provide for the issuance of an investigation and attachment
order upon the request of a foreign authority in connection with investigations related to drug
related offences and money laundering.
523. The above mentioned Art. 435B CC refers to cases where a “relevant offence” is suspected to
have been committed, such as, in terms of Art. 435D, “an act or omission which if committed in
Malta, or in corresponding circumstances, would constitute an offence, liable to the punishment of
imprisonment or of detention for a term of more than one year, but excludes offences under the DDO
and the PMLA”. According to information provided by the authorities, Malta is also able to provide
MLA for offences which carry less then twelve months imprisonment.
524. Criterion 37.2 – The AGO is the Maltese Central Designated Authority for the transmission and
receipt of letters of request. MLA requests are generally executed in chronological order of their
receipt, except for requests highlighted as urgent by the requesting jurisdiction, which receive
priority. Once a request is received information about that letter of request is inserted in the
computerised case management database held by the AGO, so as to ensure that each stage of the
execution of the request for legal assistance and the progress thereof can be monitored.
525. Criterion 37.3 – In general requests for legal assistance are not prohibited or made subject to
unreasonable or unduly restrictive conditions. Art. 649 CC provides that the only restrictions to MLA
are instances for which a request received would be contrary to fundamental principles of Maltese
law, the public policy or the internal public law of Malta. Treaties, conventions, or other legal
arrangements to which Malta is a party with other countries specifically provide for other
restrictions such as the requirement of dual criminality as condition to provide MLA. For requests
for assistance by authorities of jurisdictions with whom Malta has no arrangement, the granting of
judicial assistance is made conditional on reciprocity.
526. Criterion 37.4 – Maltese legislation does not provide for grounds to refuse to execute a request
for legal assistance in view of the fact that it involves fiscal matters or on the grounds of secrecy and
confidentiality requirements of FIs or DNFBPs. As noted under c.37.3, Art. 649 CC states that the only
limitations for the execution are instances in which the request goes against the fundamental
principles of Maltese law, public order and internal public law of Malta. In addition, under Maltese
215
law, secrecy and confidentiality do not seem to be an inhibiting factor when executing MLA requests.
Art. 6B of the Professional Secrecy Act provides that whoever is requested to provide information by
a law enforcement or regulatory authority investigating a criminal offence or a breach of duty, by a
magistrate in the cause and for the purposes of in genere proceedings or by a court of criminal
jurisdiction in the course of a prosecution for a criminal offence, must provide the requested
information notwithstanding any professional secrecy or confidentiality obligations. Only
information that is subject to legal privilege (Art. 642(1) CC and Art. 588(1) of the Code of
Organisation and Civil Procedure) would be exempted. In the execution of letters of request, a
magistrate is given the powers pertaining to a Magistrate conducting an in genere inquiry (Art.
649(5B) CC).
527. Moreover, where an investigation order is granted in furtherance of a letter of request
(similarly to an investigation order issued for purpose of a local investigation) such an order will
prevail over any obligation of confidentiality or professional secrecy. Art. 24A(3)(b) DDO stipulates
that an investigation order shall, without prejudice to the legal privilege, have effect notwithstanding
any obligation as to secrecy or other restriction upon the disclosure of information imposed by any
law or otherwise. This is recalled by Art. 435B CC and Art. 9 PMLA, hence the provision is also
applicable to investigation orders issued under these provisions.
528. Criterion 37.5 – Art. 649(5B) CC stipulates that the execution of the requests of mutual
assistance should be similar to the in genere proceedings (which deal with inquiries conducted by
the Inquiry Magistrate into offences carrying a penalty of three years imprisonment or more), that
are conducted in confidentiality and behind closed doors so as not to prejudice the pending
investigation.
529. Criterion 37.6 – As already noted, Art. 649 CC states that the only limitations to the execution of
a letter of request are instances in which the request goes against the fundamental principles of
Maltese law, public order and internal public law of Malta. Dual criminality is a condition for
providing assistance if coercive actions are requested, since most coercive actions in Malta can be
undertaken during the investigation of a criminal offence (e.g. attachment of funds which requires a
criminal offence punishable by at least twelve months imprisonment). The condition of dual
criminality is also a ground for not rendering assistance if the applicable arrangement between
Malta and the requesting country stipulates such a condition. In any case, dual criminality is not
required in terms of mutual recognition instruments adopted between EU member states such as the
European Investigation Order, transposed into Maltese Law by virtue of the European Investigation
Order Regulation (Subsidiary Legislation 9.25).
530. Criterion 37.7 – The execution of MLA in general does not seem to be conditioned or limited by
differences in the way countries denominate or categorise the offences. However, Art. 435D CC (3)
provides for the concept of relevant offence valid for the purposes of investigation, confiscation and
freezing of property. The same article requires that the equivalent relevant offence in Malta would be
punishable by at least one year imprisonment before executing a mutual legal assistance request
with regard to investigation, freezing or confiscation orders concerning offences cognizable by
foreign courts. This seems to restrict the range of offences in relation to which the country should
provide MLA.
531. Criterion 37.8 – According to numerous provisions in the CC (e.g. Art. 435A - Special powers of
investigation; Art. 435B - Powers of Investigation in connection with offences cognizable by Courts
outside Malta; Art. 435BA - Issuing of monitoring order of banking operations; Art. 435E - Controlled
deliveries and joint investigations with the competent authorities of other countries; Art. 649 -
Examination of witnesses in connection with offences cognizable by courts of justice outside Malta),
and in the DDO and the Medical and Kindred Professions Ordinance (Art. 24B - Powers of
investigation in connection with offences cognizable by Courts outside Malta), Malta provides MLA
to the extent that the same investigative measures and powers which are available to Maltese
enforcement and/or judicial authorities in terms of Maltese law may also be used in the context of a
request for legal assistance, such as (but not limited to) controlled deliveries; investigation orders
and bank monitoring orders.
532. Malta meets all the criteria, except 37.7 (due to the apparent narrow range of offences in
relation to which the country can provide MLA). R.37 is rated LC.
Recommendation 38 – Mutual legal assistance: freezing and confiscation
533. In the 2012 MER, Malta was rated C with former R.38 and SR.V.
534. Criterion 38.1 – The measures provided for in the relevant legislation and described under R.4
are equally available upon request of a foreign country. There is no need for the local authorities to
start the investigation to give effect to a foreign request for attachment, freezing or confiscation: the
AG files an application before the Criminal Court specifying the reasons given by the foreign
competent authority as to why the freezing or confiscation order should be issued and the Court will
decree immediately such an application. This decree is normally issued and served in less than two
days from when the application is filed in Court.
535. As noted under R.37, Art. 435B CC (and Art. 9 PMLA and Art. 24B DDO) provides that the
Criminal Court can issue an attachment order upon application from the AG based on a foreign
request in respect of a person suspected by the foreign authority of a “relevant offence”. The order
attaches in the hands of the garnishees all money and other movable property due or pertaining or
belonging to the suspect and prohibits the suspect from transferring or otherwise disposing of any
movable or immovable property.
536. Art. 435C CC (and Art. 10 PMLA and Art. 24C DDO) provides rules regarding the freezing
(temporary seizure) of all or any or the money or property, movable or immovable, of a person
accused before a foreign court of a “relevant offence”. The freezing order has the effect of attaching in
the hands of all third parties, all the money and movable property due or pertaining or belonging to
the accused. It shall also prohibit the accused from transferring, pledging, hypothecating or
otherwise disposing of any movable or immovable property.
537. Art. 24D DDO, Art. 11 PMLA and Art. 435D CC provide that upon receipt of a request for the
enforcement of a confiscation order the AG may apply to the Civil Court demanding the enforcement
in Malta of the order.
538. Maltese authorities confirmed that freezing, seizing and confiscation orders can be executed
also in relation to offences that are not “relevant”. No specific information has been provided
whether all categories of property listed under c.38.1 are covered. In particular, no specific
information has been provided on freezing or seizing property which does not belong or is not due to
a suspect, and which could however constitute laundered property, proceeds of crime or
instrumentalities.
217
539. Criterion 38.2 – In terms of Maltese law there is no legal basis to execute a foreign civil in rem
confiscation order since the underlying conduct has to be qualified as a criminal offence under
Maltese law. For a confiscation order to be issued, the Maltese authorities require a conviction and
an order by the Court for the confiscation of the relevant property. As long as the
suspect/perpetrator is known, the Maltese authorities can proceed with the issue of provisional
measures such as attachment order or freezing order, even if the said suspect or perpetrator is
absent from the Maltese islands. However, such measures cannot be taken if the suspect is unknown,
or deceased given that criminal investigations/proceedings are extinguished with the demise of a
person.
540. Criterion 38.3 – Malta has not in place arrangements for the coordination of the seizure and
confiscation of assets with other countries that are coordinated through the Office of the AG as the
central designated office dealing with MLA in their national legislation. These arrangements are
based on the Council Framework Decision 2006/783/JHA of 6 October 2006 on the application of
the principle of mutual recognition to confiscation orders; the Vienna Convention, the Council of
Europe Convention on Laundering, Search, Seizure and Confiscation of the Proceeds of Crime, 1999
and the Palermo Convention. The ARB Regulations have entered into force in August 2018. They
provide that the Bureau is responsible to establish and maintain professional cooperation with
equivalent institutions abroad and collaborate with them in such regulatory frameworks as are
established by treaty or statute. The Bureau is also responsible for the handling of requests for
assistance or for information from a foreign recognised Asset Recovery Office. There is no specific
mechanism for managing, and when necessary disposing of, property frozen, seized or confiscated in
the context of MLA.
541. Criterion 38.4 – Malta indicates that it is able to share confiscated property with other
countries, including non EU-countries, in all cases, especially if confiscation is a direct or indirect
result of co-ordinated law enforcement actions. Reg. 14 of the Confiscation Orders (Execution in the
European Union) Regulations (Subsidiary Legislation 9.15) stipulates that where the amount
gathered from the execution of the captioned confiscation order is of EUR 10,000 or less the amount
shall accrue in favour of the Government of Malta. In all the other cases the amount is shared fifty –
fifty between Malta and the issuing State of the confiscation order. In the event of property, such
property shall be sold and the proceeds shall be disposed in line with the aforementioned guidelines.
The same regulation also allows for the said property to be transferred to the issuing State provided
that the confiscation order covers an amount of money and the State has given its consent.
Confiscation orders covering cultural objects forming part of the national heritage of Malta shall not
be sold or returned to the issuing State. In the past Malta has shared confiscated property with other
(EU and non-EU) countries even if the aforementioned Regulations were not applicable.
542. Malta does not (fully) meet criteria 38.1, 38.2 and 38.3 because Maltese law does not clearly
indicate the categories of property to be identified, frozen, seized or confiscated upon request of a
foreign country. However, taking also into account information provided under R. 4, this appears to
be a minor shortcoming. There is no legal basis to execute a foreign civil in rem confiscation order
since the underlying conduct has to be qualified as a criminal offence. R.38 is rated PC.
Recommendation 39 – Extradition
544. Criterion 39.1 – Art. 15(1) of the Extradition Act stipulates deadlines within which extradition
proceedings before the Court of Magistrates (as a Court of Committal) must be concluded. Art. 15(1)
stipulates that once a person is arrested in pursuance of a warrant for extradition purposes, such
person shall be brought before the Court of Magistrates (as a Court of Committal) as soon as
practicable and in any case not later than 48 hours from his arrest. Art. 15(4) (with reference to Art.
401 CC) provides that the extradition proceedings before the Court of Committal should be
completed within two months from the arraignment date (this deadline can be extended to further
periods of two months which in aggregate cannot be extended further than six months). The
execution of extradition requests follows the same timelines if a person is arrested in furtherance of
a European Arrest Warrant (EAW), with the exception that - in terms of Reg. 27A of the Extradition
(Designated Foreign Countries) Order - the decision on surrender shall be taken by the Court within
one month starting on the day when the person was arrested. If an appeal is filed (in terms of the
Reg. 32A), the decision by the Court of Criminal Appeal shall be taken by not later than one month
starting on the day when the appeal is filed by the AG or by the person in respect of whom the
warrant was issued.
(a) Both ML and FT are extraditable offences under Art. 8 of the Extradition Act, since they are
punished by over one year imprisonment (Art. 8 provides that an offence is considered to be an
extraditable offence if it is punishable with a term of twelve month imprisonment or a greater
punishment).
(b) The AGO is the Maltese Central Designated Authority for the receipt and execution of the
extradition requests. The Extradition Law provides a clear procedure and deadlines for each stage of
the execution of extradition requests. The authorities indicate that the AGO stores information about
received extradition requests and the progress in their execution. Requests are executed in
chronological order, without any other prioritisation system.
(c) The conditions for the non-execution of requests as defined by the Extradition Law do not
appear unreasonable or unduly restrictive.
545. Criterion 39.2 – There is no distinction in practice between Maltese nationals and non-Maltese
nationals when dealing with extradition requests. Art. 11(2) of the Extradition Law, which states that
the competent minister may refuse to grant the authority to proceed in the event that the requested
person is a Maltese citizen (e.g. for instance in the event that the principle of reciprocity comes into
play), establishes a discretionary power which, to the authorities’ knowledge, was never used.
546. Criterion 39.3 – Art. 8(2) of the Extradition Act stipulates that in determining whether an
offence is an extraditable offence or otherwise, the description of the offence shall not be regarded as
material if the offences under the law of Malta and that of the requesting country are substantially of
the same nature.
547. Criterion 39.4 – Simplified extradition proceedings have been implemented with regard to EU
member states under the Extradition (Designated Foreign Countries) Order (European Arrest
Warrant Regime). Given that these procedures are based on the principle of mutual recognition, the
Court of Committal in Malta does not have to determine whether the requested person has a prima
facie case to answer. All extradition proceedings can be simplified further if the requested person
consents to his extradition, according to Art. 15(5) of the Extradition Act. This provision states that,
if the person arrested declares before the Court of Committal that (s)he is willing to be extradited,
the said Court (upon being satisfied of the voluntariness of such declaration) shall commit him/her
to custody to await the return and all the provisions of the Extradition Act for the extradition shall be
219
deemed to be satisfied. The competent minister shall thereupon order the return to the requesting
country. No appeal shall lie from the decision of the Court committing the person to custody under
this provision.
548. Malta is able to execute extradition requests, including those related to ML and FT, without
undue delay and on the basis of specific procedures provided by the law. R.39 is rated C.
Recommendation 40 – Other forms of international cooperation
550. Criterion 40.1 – FIAU. Art. 16(1)(k) PMLA includes among the functions assigned to the FIAU
that of cooperating and exchanging information, upon request or spontaneously with any foreign
body, authority or agency which it considers to have functions equivalent or analogous to those of
the FIAU (i.e. receipt and analysis of STRs and dissemination of analytical reports) hence counterpart
FIUs, and to those of a supervisory authority. The FIAU’s cooperation with regulatory or supervisory
authorities outside Malta and with counterpart FIUs is regulated, respectively, by Art. 27(1) and 27A
PMLA. As regards, in particular, FIU-to-FIU cooperation, Art. 27A(6) provides that whenever the
FIAU receives an STR or any other information which concerns another member state of the EU, the
FIAU is bound to inform the FIU of that member state and to provide it with any relevant information
it may have.
551. Police. Art. 92 of the Police Act stipulates that the Malta Police may (directly or through
regional or international police organisations) co-operate with any state agency having similar
powers and duties in any other country.
552. There is no explicit obligation to provide assistance in a timely manner, except for FIU-to-FIU
cooperation.
(a) Competent authorities have a lawful basis for cooperation (see c.40.1).
(b) and (c) Legislation leaves it to the competent authorities’ discretion to determine the means and
channels to be used for cooperation, including the most efficient ones. In particular, the FIAU makes
use of the Egmont Secure Web and the FIU.Net system to exchange information with foreign
counterpart FIUs. The Police make use of the Interpol, Europol and SIENA and other information
channels such as CARIN and the Swedish Initiative. Generally the MFSA exchanges information with
other regulators or supervisors using the most appropriate means (which can include emails, normal
mail, courier services or phone conversations). Documents exchanged or provided may be
password-protected, as appropriate. Submission of financial returns to the European Supervisory
Authorities is made through a secure mechanism.
(d) As per the FIAU’s Financial Analysis Procedure, requests are categorised as high or medium
priority and are to be replied to within 5 or 30 calendar days respectively. Although the
prioritisation of requests by the Police is not formalised in written guidelines and policies, in
practice, priority is given to requests for any restraint of criminal assets (or suspected criminal
assets), searches and arrests. The Police indicated that, in general, they aim to reply to requests
within a week’s time, which could be extended depending on the volume of information that needs to
be exchanged. In normal circumstances, this will not be longer than a fortnight and/or three weeks.
(e) As regards the FIAU, the measures for safeguarding the information described under c.29.6
(Art.34(1) PMLA) apply to the information received from foreign authorities. As regards the Malta
Police, the information received by foreign counterparts and all communications exchanged are
safeguarded and secured through various measures (Art. 6 of the Second Schedule of the Police Act
on breaches of confidentiality; security clearance to be obtained by the officers of the International
Relations Unit of the Malta Police; security of the Unit’s premises; measures on the use of
information in the context of Europol and Interpol).
554. Criterion 40.3 – In terms of Art. 27A(2) PMLA the FIAU may negotiate and sign agreements and
memoranda of understanding with foreign counterparts FIUs to regulate the exchange of
information and cooperation with such foreign counterparts. The FIAU, however does not need to
have an agreement or MoU in place to be able to cooperate and exchange information with
counterpart FIUs. The FIAU has over the years negotiated and signed 16 MoUs with foreign FIUs. The
Malta Police is also authorised to cooperate and exchange information with foreign counterparts
(Art. 92 of the Police Act), without the necessity to have specific arrangements or memoranda of
understanding in place.
555. Criterion 40.4 – According to the Maltese authorities, Art. 16(1)(k), 27 and 27A PMLA also
allows the provision of feedback to counterpart FIUs and foreign regulatory and supervisory
authorities on the use and usefulness of information that is provided. The FIAU is bound by the
Egmont Principles for Information Exchange, under which it is required, upon request and whenever
possible, to provide feedback to foreign counterparts. In practice, the FIAU provides feedback to
foreign counterparts whenever such feedback is requested. The authorities indicated that, as part of
its general powers (Art. 92 of the CC and Subsidiary Legislation 164.02), the Malta Police provides
feedback on the use and usefulness of information that is received from foreign counterparts,
whenever requested.
556. No reference has been made to the timeliness to be ensured by the authorities when providing
feedback to their counterparts.
557. Criterion 40.5 – FIAU. Art. 27A (4) PMLA provides that the FIAU may refuse to disclose
information to foreign counterparts only on the basis of specific reasons (where such disclosure
would not be in accordance with fundamental principles of Maltese law; where the foreign
counterpart does not have duties of secrecy and confidentiality that are at least equivalent to those
of the Unit or does not provide effective measures to protect confidentiality and secrecy of
information; or on grounds of lack of reciprocity or repeated non-cooperation by the foreign
counterpart). The conditions that the FIAU imposes whenever it exchanges information with foreign
FIUs are consistent with those recalled in the international principles (information to be used only
for the purposes of ML, associated predicate offences and FT investigation, and no further use or
dissemination without the prior consent of the FIAU). Art. 27A(1) PMLA authorises the FIAU to
cooperate and exchange information with counterpart FIUs, irrespective of the nature or status of
that FIU. Art.27A(4) of the PMLA states that requests for information received from EU member
states’ FIUs may only be refused by the FIAU if in the latter’s opinion such disclosure would not be in
accordance with fundamental principles of Maltese law.
558. Malta Police. Reg. 4(3) of the Simplification of Exchange of Information or Intelligence between
the Malta Police Force and Other State Agencies of the Member States of the European Union having
Similar Powers Regulations the Police may refrain to communicate information or intelligence
where there are “factual reasons” to assume that the communication would (a) harm essential
221
national security interests of Malta; (b) jeopardise the success of a current investigation or a criminal
intelligence operation or the safety of individuals; or (c) clearly be disproportionate or irrelevant
with regard to the purpose for which it has been requested.
559. Criterion 40.6 – FIAU. Art. 34(1) PMLA stipulates that the FIAU, its officers, employees and
agents (whether still in the service of the FIAU or not) shall treat any information acquired in the
exercise of their duties or the exercise of their functions under the PMLA as confidential and shall
not disclose any information relating to the affairs of the FIAU, which they have acquired in the
performance of their duties or the exercise of their functions (which includes information received
from foreign counterparts). Art. 34(1) also lists a number of exemptions from this confidentiality
rule, allowing FIAU, officers, employees and agents to disclose such information (i) when authorised
to do so under any of the provisions of the PMLA; (ii) for the purpose of the performance of their
duties or the exercise of their functions under the PMLA; (iii) to any competent court or tribunal in
any appeal proceedings; (iv) in the form of an aggregation of data or other statistical information,
which in the opinion of the FIAU does not lead to the identification of any specific person and which
does not prejudice any analysis or investigation; and (v) when specifically and expressly required to
do so under a provision of any law. Although the authorities indicated that no legislation has obliged
the FIAU to disclose information, concerns remain with respect to provision (v), as it seems to be too
broad and to leave space to possible legislative provisions requiring the FIAU to disclose information
acquired in performing its duties as FIU. The authorities indicated that, in line with the FIAU’s
obligations under clause 32 of the Egmont Principles for Information Exchange, whenever the FIAU
receives information from a foreign FIU, the FIAU ensures that such information is only used for the
purposes for which it was sought and provided. The prior consent of the counterpart FIU is
requested whenever the information needs to be used for other purposes or prior to being
disseminated to other authorities. In practice FIAU analysts ensure that written confirmation has
been obtained from the respective foreign FIU prior to sharing information with such authorities.
560. Malta Police. The authorities explain that police officers are bound by confidentiality
obligations from disseminating or disclosing information from foreign partners without the
necessary authorisations. Moreover, handling codes are used in certain instances (e.g. for
information shared through the EUROPOL channel) to clearly indicate the use that may be made of
exchanged information. Police officers making use of the obtained information are made aware of
these handling codes and their significance.
561. Criterion 40.7 – FIAU. Art. 34(1) PMLA imposes confidentiality and non-disclosure obligations
on the FIAU, its officers, employees and agents and stipulates that FIAU officers, employees or agents
are to “treat any information acquired in the performance of their duties or the exercise of their
functions under the Act as confidential”, and this obligation continues to apply also once any officer,
employee or agent terminates his engagement with the FIAU. Art. 34(1) makes no distinction
between information obtained domestically and that obtained from foreign FIUs.
562. As per Art. 27A(4) PMLA, in exchanging information with its counterparts, the FIAU is entitled
to refuse disclosing any document or information “if in its opinion the foreign authority, body or
agency does not have duties of secrecy and confidentiality that are at least equivalent to those of the
Unit or does not provide effective measures to protect confidentiality and secrecy”. However, this is
only applicable to non-EU member state FIUs, since it is deemed that those are subject to the same
level of confidentiality and secrecy. When exchanging information with foreign authorities other
than FIUs, the FIAU makes its own considerations as to the degree of information that is to be made
available and the conditions to govern any such exchange of information.
563. Malta Police. Art. 6 of the Second Schedule to the Police Act which imposes confidentiality
obligations on law enforcement agents and officers applies information received from national
sources and information received from foreign counterparts and authorities. The authorities indicate
that, by way of general practice, police officers do not exchange information, or would only exchange
basic information, in cases where the requesting counterpart LEA is known to have issues with
safeguarding and protecting the confidentiality of information exchanged.
564. Criterion 40.8 – FIAU. According to Art. 30A PMLA, the FIAU may request information from any
person, authority or entity for the purposes of pursuing its functions under Art. 16 PMLA (including
those of cooperating and exchanging information with counterpart FIUs and supervisory
authorities). On the basis of these provisions the FIAU is authorised to conduct inquiries and obtain
information also on behalf of foreign counterpart FIUs.
565. Malta Police. The authorities indicated that Art. 92 of the Police Act (which authorises the
Police to cooperate with foreign counterparts) is interpreted widely to also confer the authority to
make inquiries and obtain information (for intelligence purposes) on behalf of their counterparts.
This power is used and exercised regularly in practice by the Malta Police. Within the EU, “Reg. 3(2)
of the Simplification of Exchange of Information or Intelligence between the Malta Police Force and
Other State Agencies of the Member States of the European Union having Similar Powers
Regulations” provides that the Police may also provide to their counterparts information that is
accessible to the Malta Police (which would include information accessible through requests for
information), unless such information may only be accessed by the Police pursuant to an
authorisation by a judicial authority, in which case the AG would need to consent to sharing the
information.
566. Criterion 40.9 – On the basis of texts under the criteria analysed above (in particular, c.40.1 and
c.40.2), the FIAU has an adequate legal basis for providing co-operation on ML, associated predicate
offences and FT.
567. Criterion 40.10 – Please refer to text under c.40.4.
568. Criterion 40.11 – The FIAU can exchange with foreign FIUs any information it has access to or
can obtain directly or indirectly (see in particular Art. 30A and Art. 27A PMLA).
569. Criterion 40.12 – Refer to text under c.40.1 which provides an explanation of the legal basis for
the FIAU to cooperate and exchange information with foreign regulatory and supervisory
authorities. Refer also to text under c.40.5 according to which the FIAU is authorised to cooperate
with foreign supervisory authorities irrespective of their nature or status.
570. As explained under c.40.1, the MFSA has the necessary legal basis to cooperate and exchange
information with foreign counterparts. The relevant laws do neither distinguish between exchange
of information for prudential or AML/CFT-related purposes, nor do they pose any restrictions based
on the nature or status of the foreign authority.
571. Criterion 40.13 – Refer to the text under c.40.8. The FIAU may exchange information that is
available domestically with foreign regulatory or supervisory authorities where the FIAU believes
that such information would assist those authorities in ensuring that the financial or other sectors
are not used for criminal purposes or to safeguard their integrity.
223
572. The MFSA may use its general powers at law to request information, to enter business
premises etc. (Art. 16(1), (a) and (b) of the MFSA Act) in order to obtain the requested information
on behalf of foreign counterparts. It may then use the powers given to it by law to cooperate and
exchange information with foreign counterparts in order to furnish that information to such foreign
counterparts.
573. Criterion 40.14 – The authorities indicated that the abovementioned MFSA’s and the FIAU’s
powers to exchange information in their possession with foreign supervisors would cover (a) to (c).
574. Criterion 40.15 – The MFSA may use its general powers to request information, to enter
business premises etc. (Art. 16(1)(a), (b) of the MFSA Act) in order to obtain the requested
information on behalf of foreign counterparts. It may then use the powers given to it by law to
cooperate and exchange information with foreign counterparts in order to furnish that information
to such foreign counterparts. With regard to the ability to authorise or facilitate the ability of foreign
counterparts to conduct inquiries themselves in the country, a number of sectorial laws are in place.
These include: the Investment Services Act: Art. 17A(3); the Banking Act: Art. 25(5); and the
Insurance Business Act: Art. 32D(2). Besides applicable legislation, the MFSA is also bound by the
terms of the MoUs to which it is a signatory many of which contain provisions concerning the
possibility of conducting joint investigations and participation by the requesting authority in
interviews conducted by the requested authority.
575. FIAU. According to Art. 30A PMLA, the FIAU may request information from any person,
authority or entity for the purposes of pursuing its functions, including cooperating and exchanging
information with counterpart supervisory authorities (Art. 16(1)(k) PMLA). Moreover, in terms of
Art. 27(1) PMLA the FIAU may exchange information with any regulatory or supervisory authority
outside Malta, where that information would assist that foreign authority. Art. 27(1) and
Art.16(1)(k) PMLA also enable the FIAU to cooperate with such authorities, which includes
conducting joint investigations with foreign supervisors.
576. Criterion 40.16 – MFSA. According to Art. 17(4) of the MFSA Act, information divulged to the
authority under conditions of confidentiality in pursuance to a request within the terms of a bilateral
or multilateral agreement, memorandum of understanding or other similar arrangement for the
exchange of information or other form of collaboration with overseas authorities or bodies, are
treated as confidential. No court or tribunal may order the disclosure of such information, unless the
prior written approval of the authority or body is obtained. Where the MFSA makes requests for
assistance on the basis of an MoU or MMoU to which it is a party, the MFSA follows and abides by the
confidentiality and permissible uses provisions contained in any MoU or MMoU in terms of which
the request is made (e.g. Art. 10 of the IOSCO MMoU). Should the MFSA need to use information
provided for other purposes, it would request the consent of the authority that provided the
information. With regards to internal use of information the MFSA has never received information
which was subject to restriction on internal use within the MFSA. In any case internal use of
information is always strictly on a need-to-know basis.
577. The same approach is applied in case of requests for assistance made by the MFSA which are
not based on an MoU or MMoU. If the requested authority provides the information requested
subject to certain conditions/limitations (e.g. on disclosure), the MFSA will act in line with those
conditions subject to consultation with the requested authority. Art. 17 of the MFSA Act obliges
MFSA to treat such information as confidential and “shall not, directly or indirectly, disclose such
information to any other person, except with the consent of the person who had divulged the
information.”
578. FIAU. Art. 34(1) PMLA provides that the FIAU, its officers, employees and agents (whether still
in the service of the FIAU or not) shall treat any information acquired in the exercise of their duties
or the exercise of their functions under the PMLA as confidential and shall not disclose any
information relating to the affairs of the FIAU, which they have acquired in the performance of their
duties or the exercise of their functions (which includes information received from foreign
supervisors).
579. Art. 34(1) also provides that the FIAU may not be bound to disclose any information that the
FIAU receives from foreign supervisors, and it is in the FIAU’s discretion when such information may
be disclosed. The authorities indicate that the FIAU may for example refuse to disclose such
information without the consent of the foreign supervisor. Considerations and concerns expressed
under Criterion 40.6 can be also extended here.
580. Criterion 40.17 – The Malta Police is able under Art. 92 of the Police Act to cooperate and
exchange information with foreign counterparts for intelligence and investigative purposes relating
to ML, associated predicate offences or FT. This is done through either direct bilateral contacts, or
the use of international communication networks of Interpol, Europol and SIENA. Although there is
no specific legal basis in this regard, the general powers (i.e. Art. 92 CC and S.L. 164.02) authorise
and oblige the Malta Police to cooperate with foreign counterparts and provide requested
information for the purposes of identifying and tracing the proceeds and instrumentalities of crime.
Information that is exchanged by the Malta Police outside the context of MLA would only be
exchanged for intelligence and investigative purposes.
581. Criterion 40.18 – The Malta Police is authorised to conduct inquiries and obtain information on
behalf of foreign counterparts (see also c.40.8).
582. Criterion 40.19 – The Malta Police is able to form joint investigative teams with foreign
counterparts to conduct cooperative investigations. The Joint Investigation Teams (EU Member
States) Regulations empowers the AG to authorise the setting up of a joint investigation team to
carry out investigations into criminal offences in one or more of the EU Member States setting up the
team in terms of the Convention on Mutual Assistance in Criminal Matters between the Member
States of the European Union. This is complemented by Art. 93 of the Police Act which allows the
Commissioner of Police to authorise the competent authorities of an EU Member State to conduct in
Malta, jointly with or under the supervision or direction of the Police, patrols and other operations
by officers or other officials of that State. According to Art. 92 of the Police Act, the Malta Police is
duly authorised and empowered to form joint investigative teams not only with EU LEAs but also
with LEAs from non-EU jurisdictions.
583. Criterion 40.20 – Art. 16(1)(k) does not clearly refer to exchanges of information between the
FIAU and foreign non-counterpart authorities. The “diagonal cooperation” seems to fall into the
general provision enabling the FIAU to cooperate with “any competent authority”. Art.34(3) of the
PMLA allows the FIAU to disclose any document or information to an authority outside Malta
investigating any act or omission committed in Malta and which constitutes, or if committed outside
Malta would in corresponding circumstances constitute any offence of ML or FT. In practice,
whenever information is exchanged directly with a law enforcement agency, the counterpart FIU of
that jurisdiction is notified. Moreover, the FIAU is authorised to exchange information with
regulatory and supervisory authorities outside Malta in line with Art. 27 PMLA. Art. 17(2) of the
225
MFSA Act allows the MFSA to disclose information to local or overseas enforcement or regulatory
authorities, bodies or other entities for the purpose of preventing, detecting, investigating or
prosecuting the commission of acts that amount to, or are likely to amount to, a criminal offence
under any law or to an offence or breach of a regulatory nature, whether in Malta or overseas.
584. Competent authorities are generally able to provide a wide range of direct and indirect
international assistance, with deficiencies that refer, particularly: (1) to the wide range of
exemptions from the confidentiality rules, allowing FIAU, officers, employees and agents to disclose
such information, inter alia, “when required to do so under a provision of any law”; and (2) to the
absence of an explicit obligation to provide assistance and a feedback in a timely manner by the
authorities (with the exception of the FIAU). In the light of the above, R.40 is rated LC.
Compliance with FATF Recommendations
Recommendation Rating Factor(s) underlying the rating
1. Assessing risks &  Exemptions from the AML/CFT regime are limited to
applying a risk-based circumstances of lower risk and - while not specifically
LC
approach considered in the NRA - are not inconsistent with the authorities’
understanding of risk.
2. National cooperation
C
and coordination
3. Money laundering
C
offence
4. Confiscation and
C
provisional measures
5. Terrorist financing  FT offence is slightly more restrictive in its objective element
offence than the one provided by the FT Convention;
LC
 Criminal sanctions for natural persons for the FT offence are
not fully proportionate and dissuasive.
6. Targeted financial  No mechanism exists defining the process for detection and
sanctions related to LC identification of targets for designation based on the designation
terrorism & FT criteria set out in the UNSCRs.
7. Targeted financial
sanctions related to C
proliferation
8. Non-profit organisations  Malta has not conducted analysis to identify the subset of non-
enrolled VOs which by virtue of their activities or characteristics
are likely to be at risk of FT abuse, using relevant sources of
available information, therefore the risk assessment of the VO
sector is not comprehensive;
 Malta has not identified the nature of threats posed by
terrorist entities to the VOs which are at risk as well as how
terrorist actors abuse those VOs;
 Malta has not made available any provisions on the periodic
reassessment of the sector’s potential vulnerabilities to terrorist
activities;
PC  Malta has undertaken outreach to raise awareness amongst
VOs but the donor community has so far not been addressed
specifically;
 No measures have been taken to encourage VOs to conduct
transactions via regulated financial channels, whenever feasible;
 The measures applied to monitor or supervise the VOs are not
based on the level of the VO’s risk of FT abuse;
 There seems to be no co-operation with the Registers for
Legal Persons and for Trusts;
 No specific information is given on the procedures to respond
to international requests to the CVO in Malta for information
regarding particular VOs suspected of FT.
9. Financial institution
C
secrecy laws
10. Customer due diligence A number of minor deficiencies exist:
 no explicit requirement to undertake reviews of existing
records;
 the requirement to obtain information on the powers that
LC regulate and bind a legal person/arrangement is not clear;
 no explicit requirement to effectively manage AML/CFT risks
following delay of verification of identity;
 FIs are permitted not to pursue CDD at a lower threshold, than
the FATF Standard;
227
Anti-money laundering and counter-terrorist financing measures in Malta - 2019
 consideration of the beneficiaries of a life insurance policy is
not an explicit risk factor.
11. Record keeping C
12. Politically exposed  There are no specific requirements to consider making a STR
persons where higher risks are identified in relation to life insurance
LC
policies with the involvement of a PEP as a beneficiary or the
beneficial owner of the beneficiary.
13. Correspondent banking  Mandatory measures regarding correspondent banking
relationships apply only to respondent institutions outside the
EU;
 Correspondent banks are not required to determine if the
PC
respondent has been subject to a ML/FT investigation or
regulatory action;
 Correspondent banks are required to document rather than
clearly understand the respective responsibilities.
14. Money or value transfer  The definition of “payment services”, does not appear to cover
services LC all stores of value, or “new payment methods” as required by the
Standard.
15. New technologies  The requirement to assess the risk of new products, services
and new or developing technologies does not specify that such
assessments be undertaken prior to the use of such products,
practices and technologies.
PC  No risk assessment for the purpose of identifying and
assessing ML/FT risks that may arise in relation to the
development of new products and practices, delivery
mechanisms or the use of new technologies has been carried out
at the country level.
16. Wire transfers  Regulation (EU) 2015/847 does not specifically address
situations where both the ordering and beneficiary institutions
are controlled by the same MVTS provider.
LC
 Regulation (EU) 2015/847 does not require to file a STR in the
country affected by the suspicious wire transfer and to make
relevant transaction information available to the FIAU.
17. Reliance on third parties  Requirement for application of CDD and record keeping,
“consistent with PMLFTR”, does not amount to compliance with
the requirements set out in R.10 (see analysis of R10);
 Requirements for reliance on third party that is part of a same
LC group do not amount to compliance with the requirements set
out in R.10, R.12 and R.18 (see analysis of R10, R12 and R18).
 While PMLFTR prohibits reliance on third parties from non-
reputable jurisdictions, it is not equivalent to the obligation to
have regard to information on the level of country risk.
18. Internal controls and A number of minor deficiencies exist:
foreign branches and  requirements to appointment of a compliance officer and
subsidiaries implement an independent audit function are dependent on an
undefined nature and size of the business;
 the full scope of information to be exchanged under group-
LC
wide AML/CFT programmes is not clearly articulated;
 FI’s are not required to ensure that their branches and
subsidiaries in the EEA have in place similar AML/CFT measures
to Malta based on the assumption that all EEA members have
implement the 4th AMLD adequately.
19. Higher-risk countries C 
20. Reporting of suspicious PC  The mechanism to file STRs casts doubts on the fulfilment of
transaction the obligation to do so “promptly” in line with the FATF
Recommendations.
 The legislation does not clearly and expressly include also the
attempted transactions among those to be reported by the
subject persons
21. Tipping-off and
C
confidentiality
22. DNFBPs: Customer due  Deficiencies identified in R.10, 12, 15 and 17 are equally
LC
diligence relevant to DNFBPs.
23. DNFBPs: Other measures  Deficiencies identified in R.20 and R.18 are equally relevant to
LC
DNFBPs.
24. Transparency and  An in-depth analysis of how all types of Maltese legal persons
beneficial ownership of and legal arrangements could be used for ML/FT purposes has
legal persons not been finalised;
 The shortcomings in applied mechanisms call into question
the accuracy of beneficial ownership information;
 There is no explicit legal requirement for a liquidator to retain
beneficial ownership information;
PC
 It is not considered that the financial sanctions are dissuasive
and proportionate in respect of failing to submit beneficial
ownership information to the Registries in respect of companies,
commercial partnerships and foundations;
 No information provided by the country on how the AG Office
or the MFSA and MGA monitor the quality of assistance received
from other countries.
25. Transparency and  There is no explicit requirement placed on the trustee of an
beneficial ownership of express trust that is governed by Maltese law where the trustee
LC
legal arrangements is resident outside Malta to obtain and hold information in line
with c25.1.
26. Regulation and  There are no formalised procedures in place, setting out how
supervision of financial the frequency and intensity of on-site and off-site supervision for
institutions all types of FIs is being determined, taking into account the
ML/FT risks associated with an institution or group and the
wider ML/FT risks present in Malta;
 The authorities were unable to confirm their level of current
PC compliance with the core principles where relevant for
AML/CFT purposes;
 Increased scrutiny on wider ML/FT risk elements had not
been fully embedded into the MFSA’s authorisation procedures
for all types of licence applications;
 The MFSA does not subject all relevant persons to regular UN
sanctions and adverse media screening.
27. Powers of supervisors  Deficiencies identified in R.35 (criterion 35.2) apply, as
LC legislation does not extend to the “senior management” at the
subject person.
28. Regulation and  Lawyers, DPMS and real estate agents are not regulated by
supervision of DNFBPs sectorial legislation, therefore there are concerns regarding the
adequacy of market entry measures and on-going fitness and
properness measures for these persons;
PC  The frequency and intensity of both onsite and offsite
inspections for DNFBPs, other than casinos and TCSPs, does not
fully take into account the ML/FT risks associated with an
institution or group and the wider ML/FT risks present in Malta;
 The exemptions and de minimis ruling by the MFSA might
229
result in some persons not being subject to market entry
measures and/or subject to AML/CFT;
 Civil sanctions do not extend to the “senior management” at
the subject person.
29. Financial intelligence  The law does not provide specific mechanisms and
LC
units procedures for the appointment of the Director.
30. Responsibilities of law  Prosecutions of tax crimes (including VAT) require the
enforcement and LC authorisation of the CFR.
investigative authorities
31. Powers of law  The Malta Police does currently not have the power or
enforcement and authorisation to directly intercept communications during
investigative authorities criminal investigations, but must request prior authorisation.
LC  The FIAU is only authorised to disclose information or
documents upon request to a competent authority in or outside
Malta with regard to ML and FT, but not related predicate
criminality.
32. Cash couriers  Malta does not have a declaration system for cargo and mail
transportation of cash.
LC
 Concerns about the full dissuasiveness of the sanctions for the
FT-offence are also affecting compliance with criterion 32.11.a)
33. Statistics C
34. Guidance and feedback  There remain gaps in sector specific guidance which would
LC
assist FIs and DNFBPs in applying AML/CFT measures.
35. Sanctions  The civil sanctions detailed in the PMLFTR do not extend to
LC
the “senior management” at the subject person.
36. International  Provision implementing Art. 5 of the Vienna Convention are
instruments not fully aligned, with different rules that may cause confusion in
PC practice.
 The principles on third party confiscation are not fully
implemented.
37. Mutual legal assistance  There is an apparent narrow range of offences in relation to
LC
which the country can provide MLA.
38. Mutual legal assistance:  No legal basis to execute a foreign civil in rem confiscation
freezing and confiscation order since the underlying conduct has to be qualified as a
criminal offence;
PC
 No specific mechanism for managing, and when necessary
disposing of, property frozen, seized or confiscated in the
context of MLA.
39. Extradition C
 There is no explicit obligation to provide assistance in a timely
40. Other forms of way, except for FIU-to-FIU cooperation.
international cooperation  No reference has been made to the timeliness to be ensured
by the authorities when providing feedback to their
LC counterparts.
 The wide range of exemptions from the confidentiality rules,
allow FIAU, officers, employees and agents to disclose
information received from foreign competent authorities, inter
alia, “when required to do so under a provision of any law”.
GLOSSARY OF ACRONYMS
ACR Annual Compliance Report

AG Attorney General
AGO Attorney General’s Office
AMU Asset Management Unit
AMLU Anti-Money Laundering Unit
ARB Asset Recovery Bureau
BNI Bearer Negotiable Instruments
CC Criminal Code
CDD Customer Due Diligence
CFR Commissioner for Revenue
CSP Corporate Service Provider
CTU Counter-Terrorism Unit
CVO Office of the Commissioner for Voluntary Organisations
DDO Dangerous Drugs Ordinance
DNFBP Designated Non-Financial Businesses and Professions
DPMS Dealer in Precious Metal Stones
EBA European Banking Authority
ECB European Central Bank
EDD Enhanced Due Diligence
EU European Union
EUR Euro
FI Financial Institution
FAC FIAU Financial Analysis Committee
FIAU Financial Intelligence Analysis Unit
FIU Financial Intelligence Unit
FT Financing of Terrorism
GDP Gross Domestic Product
STR Suspicious Transaction Reports
LEA Law Enforcement Authorities
MFSA Malta Financial Services Authority
MFTP Ministry of Foreign Affairs and Trade Promotion
MGA Malta Gaming Authority
MKPO Medical and Kindred Professions Ordinance
MLA Mutual Legal Assistance
MoF Ministry of Finance
MSS Malta Security Service
MVTS Money or Value Transfer Services
NCC National Coordination Committee on Combatting Money
Laundering and Funding of Terrorism
NIA National Interest (Enabling Powers) Act
NRA National Risk Assessment
OC Organised Crime
OCG Organised Criminal Group
OECD Organisation for Economic Co-operation and Development
PEP Politically Exposed Persons
PMLA Prevention of Money Laundering Act
PMFTR Prevention of Money Laundering and Funding of Terrorism
Regulations
ROC Registrar of Companies
SMB Sanctions Monitoring Board
SSM Single Supervisory Mechanism
STR Suspicious Transaction Report
TCSP Trust and Company Services Providers
TFS Targeted Financial Sanctions
UBOs/BOs Ultimate beneficial owners/Beneficial owners
UN United Nations
UNSCR United Nations Security Council
231
VO Voluntary Organisation
VOA Voluntary Organisations Act
WB World Bank
WMD Weapons of Mass Destruction
© MONEYVAL
www.coe.int/MONEYVAL
July 2019
Anti-money laundering and counter-terrorism financing measures

Malta
Fifth Round Mutual Evaluation Report
This report provides a summary of AML/CFT measures in place in Malta as at the date
of the on-site visit (5 to 6 November 2018). It analyses the level of compliance with the
FATF 40 Recommendations and the level of effectiveness of Malta’s AML/CFT system,
and provides recommendations on how the system could be strengthened.
233

Moneyval Mutual Evaluation Report Malta 2019

Uploaded by

Copyright:

Available Formats

Moneyval Mutual Evaluation Report Malta 2019

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Moneyval Mutual Evaluation Report Malta 2019

Uploaded by

Copyright:

Available Formats

COMMITTEE OF EXPERTS ON THE EVALUATION

OF ANTI-MONEY LAUNDERING MEASURES AND

The fifth round mutual

Risks and General Situation

 Malta should, as a matter of priority, take action to improve national understanding of

IO.7 – ML IO.8 – Confiscation IO.9 – TF IO.10 – TF IO.11 – PF financial

Technical Compliance Ratings2

compliant or NC – non compliant.

3 Information provided by the Ministry of Finance of Malta.

Country’s risk assessment & Scoping of Higher Risk Issues

know?, CESifo, Working Paper No. 4004, November 2012

Background and other Contextual Factors

12 Reg. 2 of the Prevention of Money Laundering and Funding of Terrorism Regulations

16 MFSA, Annual Report, 2016

from 1 November 2018.

Key Findings and Recommended Actions

Key Findings and Recommended Actions

Advocates, Legal Procurators.

35 Determined by the FIAU Policy.

36The figure includes of EUR 928,092 and SEK 17,002.

Immediate Outcome 7 (ML investigation and prosecution)

ML identification and investigation

Table 24: Cash declarations outside territorial waters55

Key Findings and Recommended Actions

Immediate Outcome 10 (FT preventive measures and financial sanctions)

the end of 2019.

Key Findings and Recommended Actions

Key Findings and Recommended Actions

Table 29: Licence applications by the type of subject person (2018)

Sector Amount Status

Key Findings and Recommended Actions

Table 40: Pecuniary Fines for Beneficial Ownership Information

CHAPTER 8. INTERNATIONAL COOPERATION

Key Findings and Recommended Actions

Box 2.4: Tax Evasion, fraud and money laundering

Table 46: Requests received through INTERPOL channels

Table 47: Requests received through EUROPOL channels

ACR Annual Compliance Report

Anti-money laundering and counter-terrorism financing measures

You might also like