Regulation Focus Series | Article 2: Malta and MFSA KYC AML Regulations

Malta has emerged as a bastion of financial services activity in the European Union (EU) as a result of its progressive regulatory and tax regimes. 

Nevertheless, the central Mediterranean island nation’s compliance with EU financial regulations means that financial service companies, Crypto Asset Service Providers (CASPs) and other Virtual Asset Service Providers (VASPs) operating in the jurisdiction have to adhere to strict Anti-Money Laundering (AML) and financial reporting standards. 

As an EU member state, Malta’s Prevention of Money Laundering Act and the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) are framed according to the EU’s Anti-Money Laundering Directives (AMLD). The country’s AML and Counter Terrorist Financing (CTF) regulations are enforced by the Malta Financial Services Authority (MFSA). 

In this second article in our Regulation Focus Series, we explore Malta’s KYC/AML regime and rules – and how VASPs and other financial service providers can effectively meet their compliance responsibilities. 

Malta KYC / AML Regulations

As noted above, Malta’s AML / CTF MFSA regulations are closely modeled on the EU’s AMLD regime – as an EU member state, Malta was required to transpose the expansive AML framework into its national law code in 2020. 

Malta’s financial regulatory regime is therefore composed of the following laws and regulations:

• Prevention of Money Laundering Act Chapter 373 of the Laws of Malta
• Prevention of Money Laundering and Funding of Terrorism Regulations- Subsidiary legislation 3773.01
• Criminal Code Chapter 9 of the Laws of Malta
• Commission Delegated Regulation 2018/1108 on Central Contact Points
• Commission Delegated Regulation 2019/758 on Measures for Groups Present in Certain Third Countries
• Commission Delegated Regulation 2016/1675 on High-Risk Third Countries
• The EU’s Third, Fourth, Firth Anti-Money Laundering Directives
• 2006/70/EC Implementation Directive
• Regulation EC 1781/2006

Malta also closely follows AML recommendations issued by the Financial Action Task Force (FATF) and The Council of Europe’s MONEYVAL and GRECO organizations, which develop AML policies and strategies. 

What does this mean for Regulated Businesses in Malta? 

Maltese law places the responsibility for compliance with its various financial regulations based on legal or natural persons that fall under the definition of a Subject Person. 

Subject Persons include legal or natural persons that fit categories or engage in activities including: 

• Managing savings, securities, or bank accounts;
• Managing and/or helping to form foundations, trusts, companies and other legal entities;
• Those engaged in buying, selling or brokering property, including real estate agents that facilitate transactions or let property;
• Notaries and lawyers acting on behalf of clients engaging in transactions, including property.
• Those involved in raising funds for opening and operating a company;
• Tax advisors, auditors, accountants, and those providing advice on financial and tax matters;
• Those involved in trading art including galleries, freeports, auction houses, and auctioneers;
• Compliance officers and those involved in maintaining internal reporting for regulated businesses.

Financial service providers, CASPs and VASPs need to adhere to EU-wide KYC/AML reporting standards that include: 

• Identifying and authenticating a prospective client based on verified documentation;
• Verifying the legal status of the customer and/or company principals directors;
• Identifying the beneficial and ultimate beneficial owners (UBOs) of business customers;
• Carrying out a customer due diligence through a risk-based approach. This includes applying adequate enhanced due diligence (EDD) processes for higher risk customers;
• Ongoing monitoring of clients’ transactional activity and risk profile; 
• Keeping all compliance documents and customer compliance data current – and in some cases, for a duration after a relationship has concluded. 

KYC verification typically includes the evaluation of a government-issued ID or registration certificate, utility bills, and other proofs of address. For higher risk industries such as banking and crypto that are onboarding customers remotely, this stage  can also include biometrics, and facial verification through technology such as Passive Liveness. 

Risk Management

Another key component of Maltese AML compliance is carrying out risk management exercises on higher-risk customers. Subject persons are responsible for developing, updating and implementing EDD / enhanced risk management processes and procedures that evaluate transactions falling under the following categories:

• Complex transactions
• High-value transactions
• Transactions that are unusual or atypical for a customer
• Transactions that are not legally or economically explainable
• Involve a higher-risk jurisdiction

In addition, Maltese regulations place a high emphasis on organized record-keeping so that financial service providers, VASPs and other regulated entities can provide a clear record of a customer’s transactional history if they are ever audited. Failure to maintain adequate records can lead to stiff penalties and sanctioning for Maltese regulated businesses. 

Malta is world-renowned as a center for gaming companies, which benefit from the island country’s progressive tax and regulatory regimes. Gaming companies registered in Malta are regulated by the Malta Gaming Authority (MGA), which acts as the implementation agent of the country’s Financial Intelligence Analysis Unit (FIAU). This involves ensuring licensed gaming companies, casinos and other businesses that fall under its remit are compliant with the Prevention of Money Laundering Act (PMLA). 

KYC/AML is central to the PMLA’s reporting standards, and gaming companies need to demonstrate robust and consistent KYC/AML protocols and procedures if they are to operate in Malta. 

How KYC-Chain can help

KYC-Chain provides cutting edge automated KYC and AML solutions that enable a wide range of financial service providers, fund administrators, wealth managers and VASPs to securely and efficiently onboard customers from a large and diverse range of global jurisdictions. 

KYC-Chain’s end-to-end workflow solution can be uniquely tailored to a Maltese-registered business’ specific compliance responsibilities, strategies and markets of operation in order to  to comply with Maltese and other relevant regulatory regimes while also significantly reducing exposure to the risks of fraud and other financial activities.

Our solutions allow companies to realize these goals without the need for large, resource-draining compliance teams, and can be seamlessly integrated with pre-existing APIs. 

We constantly update and expand our onboarding technology to meet fast-changing regulatory and compliance regimes, ensuring regulated companies can meet compliance challenges while remaining focused on what matters most: their business. 

Are you looking for a powerful and efficient KYC solution that will arm your company with the compliance tools it needs, wherever it is based or does business? Get in touch and we can start a conversation.