Anti-Money Laundering (AML)
Money laundering is the process of concealing the identity, original ownership and destination of funds obtained through illicit means, typically by means of transfers involving foreign banks or legitimate businesses. AML measures detect and prevent the laundering of funds derived from criminal activities.
Countering the Financing of Terrorism (CFT)
Separate but closely related to money laundering is the Financing of Terrorism, which is the provision of financial support to terrorists (individuals or organisations). CFT measures are often part and parcel of anti-money laundering laws.
AML/CFT Obligations
The AML requirements are set out in the PMLFTR and are supplemented by the Implementing Procedures Part I published by the FIAU, which provide further detail on the implementation of the requirements.
In addition, sector-specific guidance is published as Implementing Procedures Part II. (remote gaming)
Key AML/CFT obligations include:
- Customer Due Diligence (CDD), involving verifying the identities of customers (KYC) and assessing the risks associated with their activities.
- Risk Management, involving regularly scrutinising financial transactions for unusual or suspicious patterns that may indicate potential money laundering or terrorist financing.
- Record Keeping, involving maintaining comprehensive records of customer transactions, identity verification and AML/CFT compliance measures.
- Reporting, involving the mandatory reporting of suspicious activities to relevant authorities, such as filing Suspicious Activity Reports (SARs).
- Training and Awareness, ensuring that employees are well-informed about AML/CFT regulations and are equipped to identify and report suspicious activities.
Amidst tightening regulations and an evolving risk landscape, companies require assurance that their AML/CFT control framework is strong and tight enough to detect and prevent instances of money laundering or terrorist financing.
External auditing is required to ascertain the correct implementation and functioning of the internal AML/CFT regime.
The role of an external audit is to provide independent assurance that an organisation’s risk management, governance and internal control processes and anti-money laundering and counter funding terrorism framework are operating effectively and are also effective in mitigating the risk, whilst keeping processes commercially viable.
Notably, it provides the company with the opportunity to address perceived risks before resulting in complicated issues. Most importantly, it would also propose recommendations known as a remediation plan on how identified weaknesses can be addressed by management.
At IGAML we have the necessary proven competence and expertise to conduct AML/CFT audits.
IGAML provides two types of audits:
1. Full audits
Complete and comprehensive 360 degree audit of all systems, processes and procedures, assessment of a sample of clients, testing and controls.
2. Thematic audits
Thematic audits are a bespoke examination of specific areas of the policies and procedures including their implementation and effectiveness.
The scope of these audits is to identify and remediate any weaknesses in specific operational processes of the company in order to ensure compliance with relevant laws and regulations.
Some of the most common audits are:
- Transaction monitoring
- The risk based approach
- The application of enhanced due diligence
- The operational flow and internal controls and compliance management.
All our audits come with a remediation plan in order to rectify any deficiencies and our consultants will assist you in achieving the desired results.
The Money Laundering Reporting Officer (MLRO) is a key figure responsible for overseeing and managing the AML/CTF framework and plays a crucial role in ensuring compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations under EU law.
One of the primary functions of the MLRO is to establish and maintain AML policies and procedures within the organisation, including conducting risk assessments, identifying potential vulnerabilities and implementing measures to mitigate risks. The MLRO is expected to create a culture of awareness and vigilance among staff, promoting a proactive approach to AML/CTF compliance.
The MLRO is also responsible for monitoring and screening transactions to detect suspicious activities, ensuring that appropriate due diligence is conducted on customers and that enhanced due diligence is applied to higher-risk relationships. In case of any suspicions or red flags, the MLRO has the authority to halt transactions and report the activity to relevant authorities.
Under EU law, the MLRO is the central point for receiving internal reports from employees who have concerns about potential money laundering or terrorist financing activities. The MLRO assesses the validity of these reports, conducts investigations when necessary and decides whether to escalate the matter to the relevant authorities.
Furthermore, the MLRO is involved in maintaining records of all transactions, customer due diligence processes and internal reports. This meticulous record-keeping is essential for audits and regulatory inspections.
In the event of a suspicious activity report (SAR) being filed, the MLRO works as a liaison with law enforcement agencies and financial intelligence units, providing additional information and cooperating with authorities during investigations.
The MLRO also plays a crucial role in ongoing training and education within the organisation, ensuring that employees are well-versed in AML/CTF regulations and that they remain updated on emerging risks and trends. Training programs are designed to empower staff to recognize and respond effectively to potential threats.
The current predicament facing most MLROs and Compliance Officers is that whilst typology reports and FIU Guidance Notes are readily available and exhaustive, a practical understanding and implementation of a robust anti-financial crime compliance program is sometimes difficult to achieve without the proper tools or experience.
In this regard, senior management would do well to opt for ‘the Shadowing Service’ at least until the MLRO is fully capable of assuming all functions independently of any external help whatsoever.
The Shadowing MLRO (Money Laundering Reporting Officer) service is a unique service that assists the MLRO for regulatory compliance and reassurance in meeting regulatory obligations. This service is offered where IGA shall be responsible for taking care of all the functions alongside the appointed MLRO.
In view of the recent changes within the AML/CFT regime kindly note that the following shall be pertinent in achieving a status of compliance within your operation for which the shadowing service will ensure that the following are held up to regulatory requirements:
- Regular assisting in reporting (both from an internal & external perspective).
- Guidance and Recommendations on how to file a better STR/SAR.
- ‘Ad Hoc’ MLRO shadowing according to the circumstances of the case/risk.
- Ensuring the BRA is up to date and assistance in drafting BRA prior to submitting it with the REQ.
- Calls and Q&A as often as needs be.
- Ensuring Policies, Procedures & Controls (AML/CFT Manual) are ‘effective’ and up-to-date.
- Assisting in investigations (whenever needed or when triggered by Law Enforcement Authorities).
- Assistance with the drafting of effective policies and procedures.
- Drafting of the customer risk assessment and transaction monitoring triggers.
- Yearly training and upskilling
- Assistance and preparation for a FIAU Compliance review;
- Assistance and representation during FIAU/MGA Compliance reviews;
- Business Risk Assessment, creation and drafting;
- Client Risk assessment, design and development;
- Setup of transaction monitoring rules, thresholds, limits and controls;
- Manuals, including ancillary policies;
- Outsourced managed service providing KYB and KYB solutions;
- Ongoing monitoring of clients;
- Enhanced due diligence reports;
- Analytical reporting and research services;
- Assistance in addressing any potential findings and remediation consultancy accordingly;
- Procedural review to ensure the implementation of AML/CFT requirements is commercially viable;
- Shadowing of MLROs, assessing day-to-day duties and ensuring all compliance requirements are met;
- Legal advisory services;
- Comprehensive AML/CFT external audits;
- AML/CFT governance and management consultancy;
- AML/CFT Training as appropriate according to the different levels of the organisation;
- Preparation of the Risk Evaluation Questionnaire (REQ).
- Investigative due diligence;
- MLRO services, including advisory services to clients’ in-house MLRO, which includes independent advisory services to the client’s Board of Directors in this respect;
The EU’s money laundering directives dictate that every business in the regulated sector must apply a risk-based approach to their anti-money laundering checks; KYC (Know Your Customer) and KYB (Know Your Business) checks are a key component in this approach, whereby firms are required to verify the identity of their clients and comprehend the nature of their business ties.
The practice of hiring outside service providers to manage these procedures on a company’s behalf is known as ‘outsourcing’ KYC/KYB services and has a number of benefits:
- Scalability
- Cost effectiveness
- Expert knowledge and training
- Access to system and technology
IGAML’s dedicated and experienced team of professionals can offer bespoke outsourcing services for all of your Customer Due Diligence (CDD) obligations in terms of AML/CFT regulations and handle your day-to-day compliance management when it comes to:
- Onboarding clients
- Ongoing Monitoring of accounts
- Transaction monitoring
- CDD and EDD reports
Entrusting your KYC/KYB processes to our team ensures your regulatory compliance, granting you the peace of mind to concentrate on your core business activities and business growth.
Our services are designed to cover all customer-types and can be tailored to meet your particular requirements.
All checks and deliverables are carried out to the highest standards in-line with the relevant regulatory requirements.
The Prevention of Money Laundering Act (Cap. 373) forms the bedrock of Malta’s AML/CFT framework. Enshrined in Chapter 373 of the Laws of Malta, the Prevention of Money Laundering Act establishes the overarching legal principles and obligations for entities operating within Malta to prevent and combat money laundering and the financing of terrorism.
Subsidiary legislation, the Prevention of Money Laundering and Funding of Terrorism Regulations 373.01 (PMLA), complements the Prevention of Money Laundering Act providing details, guidelines and specific procedures that must be adhered to and offering practical guidance on customer due diligence, record-keeping and reporting requirements.
Chapter 9 of the Laws of Malta, which constitutes the Criminal Code, complements the Prevention of Money Laundering Act by providing a legal basis for prosecuting offences related to illicit financial activities. This legislation addresses offences related to money laundering and terrorist financing and prescribes penalties for entities or individuals found guilty of engaging in such activities.
As a European Union (EU) member state, Malta has incorporated EU Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) legislation and obligations into its national legal framework.
Malta implemented the Fourth Anti-Money Laundering Directive by revising the Prevention of Money Laundering Act (Cap. 373) and introducing the Money Laundering and Funding of Terrorism Regulations in 2017 to incorporate these provisions.
On February 7, 2020, Act I of 2020 was published, introducing amendments to the ‘PMLA’ intended to transpose the 5th Anti-Money Laundering Directive into law (expanded authority for the FIAU to enforce cash restrictions, streamlined procedures before the Court of Appeal and revised criteria for the selection of FIAU officials and staff).
In contrast, implementation of the 6th AML Directive is expected to establish a uniform interpretation of the criminal offence of money laundering across the European Union.
In Malta, the regulatory landscape for Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) involves multiple authorities overseeing different aspects of compliance.
The Financial Intelligence Analysis Unit (FIAU) is the central hub for reporting entities to submit their disclosures and suspicious transaction reports. It is responsible for receiving, processing, analysing and disseminating information related to suspected money laundering and terrorist financing.
The Malta Gaming Authority (MGA) plays an important role in AML/CFT oversight within the gaming sector by ensuring that gaming operators adhere to their AML/CFT obligations, conduct proper due diligence on customers and report any suspicious transactions.
The Malta Financial Services Authority (MFSA) is the overarching financial regulatory body in Malta overseeing financial services (banking, investment services, insurance and securities. In the context of AML/CFT, the MFSA sets prudential requirements and conducts supervisory activities to ensure that licensed entities comply with AML/CFT regulations.
The Malta Police Financial Crimes Unit investigates and combats financial crimes, including money laundering and terrorist financing. It collaborates with other regulatory bodies and international law enforcement agencies to address cross-border financial crimes.
The Attorney General’s Office works in collaboration with the police and regulatory bodies to bring legal actions against individuals or entities found in violation of AML/CFT laws.
Collectively, these bodies work to create a comprehensive and effective AML/CFT framework in Malta, ensuring that all sectors, from gaming to financial services, uphold the highest standards of integrity and compliance with the relevant legislation.
According to the Prevention of Money Laundering and Funding of Terrorism Regulations, the following are considered ‘Subject Persons’:
- Auditors, external accountants and tax advisors as well as any other person that undertakes to provide, directly, or through other persons to whom he is related, material aid, assistance or advice on tax matters;
- Real estate agents, including when acting as intermediaries in relation to the letting of immovable property where the monthly rent amounts to €10,000 or more;
- Notaries and other independent legal professionals;
- Any natural or legal person trading in works of art or acting as an intermediary in the sale of works of art (including art galleries, auctioneers and free ports), where the value of the transaction or a series of linked transactions amounts to €10,000 or more; and
- Free ports when storing works of art the value of which amounts to €10,000 or more, or when trading in works of art or acting as intermediaries in the sale of works of art.
The principle is that resources must be allocated on a priority basis so that the most significant risks are given the most attention. To ensure a risk-based approach, entities must perform a business risk assessment to understand the risks and vulnerabilities to which they may be exposed. Following this, the entity must devise a Customer Acceptance Policy and transcribe its AML/CFT policies and procedures outlining how the company will be abiding with its Customer Due Diligence and other various AML/CFT obligations.
Non-compliance with AML/CFT regulations can result in legal consequences, including criminal proceedings, severe penalties and reputational damage for businesses.
Know your customer, otherwise known as KYC, is a mandatory process whereby a service provider identifies and verifies a potential or actual client. KYC verification typically includes the evaluation of a government-issued ID, utility bills and proof of address. It can also include biometrics, facial verification and other details.
Subject persons must ensure the ongoing updating and enforcement of risk management processes. This requires the evaluation of transactions exhibiting complexity, high value, unusual or suspicious patterns, lack of defined economic or legal purpose or associated with non-reputable jurisdictions; when such characteristics are identified, heightened monitoring on the client and business relationship is warranted.
At IGA Group, we are committed to providing the best possible service to our clients by using our wealth of experience and industry knowledge to maximise the potential of their business. We have years of experience in the gaming sector, through previous employment with gaming companies, through software companies providing technical solutions and through various consultancy engagements at the strategic, operational and regulatory levels.
Our expertise covers the whole spectrum of operator activities, including legal, finance, operations, online gaming regulation, compliance, AML, technical , licensing, corporate, SEO, support, company formation, mergers & acquisitions and more…