Malta has earned recognition within the European Union because of its financial and digital system. As a country with remarkable financial frameworks, the country is recognized as attractive for investors and jurisdictions, so the country continuously upgrades its AML controls to align with international standards.
What is the AML Regulatory Framework in Malta?
Malta’s approach to preventing money laundering has a solid legal foundation, supported by deep detailed implementation guidelines. These are the following key regulations and guidelines:
- Prevention of Money Laundering Act (PMLA): this act is a foundational base for Malta’s prevention against money laundering and on top of that this act also mandates the obligation of reporting suspicious transactions.
- Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR): This secondary legislation supports the PMLA by providing a detailed supply for AML compliance.
- FIAU Implementing Procedures: These procedures are sector-specific and overarching, offering operational guidance for regulatory entities on meeting AML obligations.
The inclusion of these key regulations ensures Malta’s framework stays dynamic and ready for emerging threats.
Who Oversees AML Compliance in Malta?
AML compliance in Malta is overseen by a coordinated framework involving several key authorities.
Financial Intelligence Analysis Unit (FIAU)
FIAU implements procedures and sector-specific guidance to promote AML/CFT compliance across the sector. As Maltas’s central agency, FIAU is responsible for collecting, analyzing, and disseminating financial intelligence to eliminate money laundering and terrorism financing.
Malta Financial Services (MFSA)
The MFSA's role is to regulate financial providers in Malta such as banks, insurers, investment firms, and other institutions, ensuring compliance with AML and CTF.
Malta Gaming Authority (MGA)
For gaming and gambling, MGA regulates these sectors in Malta. They highlight the importance of AML and CTF requirements to eliminate illegal activities within the gaming industries
Chambers of Advocates
In Malta, lawyers and law firms are classified as DNFBPs. The Chamber of Advocates supervises compliance within the legal profession.
Real Estate Agents Licensing Board
Real estate agents in Malta are highly subject to AML and CTF regulations. So, The Licensing Board monitors their compliance.
Who Are The Main AML Laws and Regulations in Malta?
Prevention of Money Laundering Act, 2000 (Chapter 37)
This act forms the core of the legal framework in Malta by outlining legal obligations for reporting, and recordkeeping with the provision of authoritarian power like the Financial Analysis Unit (FIAU)
Prevention of Money Laundering and Funding Terrorism Regulations (PMLFTR)
With regulations expanded by the PMLA, they paved the way for PMLFTR to provide details on specific obligations for the subject person, which includes customer due diligence, ongoing monitoring, and reporting of suspicious activities.
Virtual Financial Assets Act (VFAA)
The VFAA regulates Maltas’s crypto sector. They require this sector to adhere to AML compliance, licensing, and whitepaper registration for public offerings. To classify if a digital asset is under the right framework, the Financial Instruments Test is utilized.
Which Business Must Comply With AML in Laws in Malta?
Financial and Crypto Services handle money or digital assets, requiring stronger AML control (e.g. banks, payment providers, crypto exchanges)
Professional Services are the ones who facilitate or advise entities or individuals on financial matters, resulting in AML duties (e.g. lawyers, auditors, accountants)
Corporate and Fiduciary Services manage companies and trusts that require screening of clients for reliability (e.g. trustees, company service providers)
Property and Gaming involve high-value or anonymous transactions, hence they are more prone to AML risks (e.g. real estate agents, notaries, online casinos)
These sectors are expected to have systems in place to detect and prevent suspicious activities
What Are Malta’s Know Your Customer (KYC) Requirements?
KYC is a crucial part of any AML strategy. Businesses in Malta must do the following:
● Verify Identity
● Confirm Residence and Source of Funds
● Use Biometric Tool for Remote OnBoarding
How Do Maltese Institutions Asses Customer Risk?
Businesses and entities in Malta are required to know how to categorize customers based on their risk levels (low, medium, or high) as part of their AML compliance framework. Categorizing customers is determined by following these procedures:
Customer Identification
This process includes verifying the customer’s identity by inspecting official documents such as passports, national IDs, or other valid identification sources, alongside with reliable data sources for accuracy.
Proof of Residence and Financial Background:
This process is where documents are collected to ensure the accuracy of customer’s residential address and obtain details about their source of funds and overall wealth to ensure transparency in financial activities.
Remote onboarding and biometric validation:
This process incorporates biometric verification such as facial recognition or fingerprint scanning. This is mostly target to online or remote customer onboarding, following the strict protocols that utilizes biometric verification.
How Does Malta Conduct Customer Risk Assessment and Profiling?
- Risk factor evaluation involes determining a customer’s risk level by evaluating their location, industry, and transaction behavior. Customers from countries with wak AML control are considered in higher risk and are in need of closer monitoring
- Continuous monitoring and reassessment involves consists of consistent updates of risk profiles to help detect suspicious activity in compliance with Maltese AML regulations.
How Are Suspicious Transactions Monitored and Reported in Malta?
Reporting suspicious activity is a legal obligation in Malta. Hence, regular monitoring for even the slightest malicious financial activity should be done and immediately reported. The process is as follows:
- Transaction Monitoring and Reporting Mechanism: Monitoring Suspicious Transaction Reports are registered by FIAU’s on CASPAR platform in order to submit any suspicious activity or transaction reporting.
- Compliance Oversight: Money Laundering Reporting Office (MLROs) help ensure that the company remain compliant and operates efficiently by certifying requirements are met and obey AML regulations.
AML Responsibilities Across Financial Sectors
Banks
Regulatory Oversight: Malta Fiancial Services Authority (MFSA) is responsuible fot supervising banks to ensure compliance with AML/CFT laws
Customer Due Diligence (CDD): CDD is the process where customer’s identity are verified and assess risk before creating a business relationship
Enhanced Due Diligence (EDD): EDD is the process where clients are deeply checked for high-risk potential. This includes enhanced verifications and monitoring.
Crypto Providers
Virtual Financial Assets (VFA) Providers are framework under Virtual Financial Assests Act to support and supply crypto-related services. Obtaining licensing as Class 3 or Class 4 is required before providers to operate.
Payment Firms and Equated Montly Installment (EMI)
- EMIs: Regulated by MFSA, they are required to monitor transactions for any fraud breaches.
- PMLFTR: is a regulation in which imposes strictly AML/CFT obligations on EMIs and Payment Institutions
- FIAU: The national central agency in Malta that receives and look into suspicious activity reports.
FinTech Startup
- FinTech Startups: Since they are vulnerable to AML/CFT, they often rely on RegTech solutions.
- RegTech: A framework that allows real-time screening, risk scoring, and transaction monitoring
- FATF Greylist: in 2021, Malta was greylisted by the FATF due to the country’s AML enforcement. However, after major reforms, Malta was delisted in 2022.
Penalties for AML Non-Compliance in Malta
Regulatory Penalties
- Under the PMLA Act, chapter 373 regulation, the FIAU can press fines up to €5 million per infraction for breaches of AML/CFT obligations.
- Another form of penalty if breaches happen is revocation of licences, regulated by bodies such as MFSA or MGA
Criminal Offenses under the PMLA
- Introduced by Act III of 2002 , if the PMLA sees an entity guilty of committing money laundering offence, they could face up to minimum of 1 year in prison.
- On top of imprisonment, monetary penalties can be fined for those who committed violations.
Additional Fines
- Regulatory authorities are have the power to seize or confiscate assets tied to money laundering activities
- Any type of non-compliance be impactfully damage the reputation of an entity causing long-lasting consequences in the financial sector.
What is the CASPAR Reporting System/Platform?
In Malta, all Suspicious Transactions Reports (STRs) must immediately be submitted through the portal of CASPAR.
CASPAR portal eases the security and efficient submission of STRs to the FIAU in Malta. This process creates a pathway for reporting entities through standardizing forms, ensures real-time tracking of submitted reports. In addition, this allows for smooth and secure flow for communication between the FIAU and the regulatory authority, allowing enhanced collaboration for preventing money laundering.
How Does Malta Regulate Virtual Financial Asset Providers?
- Aforementioned, getting the right license (Class 3 or 4)
- Set up AML programs following FIAU regulations.
- Perform risk-based CDD and monitor transactions
Recent Key Developments in Malta
- Recently, VFA service providers now encourages stricter oversight to enhance transparency and accountability in the crypto sector
- Aforementioned, In 2022, Malta was fremoved from the FATF grelist. This regulated in obtaining comprehensive reforms, underscoring their commitment to a solid AML enforcement and matching with international standards.
- In 2023, updated sectorial guidelines were introduced to regulatory gaps which strengthened compliance across the financial industries in Malta.
FAQ's Blog Post
Malta’s primary AML legislation is the Prevention of Money Laundering Act (PMLA), supported by the PMLFTR regulations. These laws align Malta’s framework with EU directives and FATF standards.
The Financial Intelligence Analysis Unit (FIAU) is Malta’s main AML authority. It oversees compliance, conducts inspections, and receives suspicious transaction reports (STRs).
Malta was removed from the FATF grey list in 2022. Since then, it has strengthened its AML/CFT controls significantly.
Yes, crypto providers are regulated under the Virtual Financial Assets Act (VFAA). They must register with the MFSA and comply with AML obligations set by the FIAU.
Firms must identify clients, verify identity, and understand the purpose of the business relationship. Enhanced Due Diligence is mandatory for high-risk clients, such as PEPs.
Banks, financial institutions, gaming operators, VFA service providers, lawyers, accountants, and real estate agents are all subject to AML rules. These are classified as subject persons under Maltese law.