AML Compliance in Malta

As a business owner, you need to confirm your precautions are robust and meet local and regional AML requirements.

Money laundering and terrorist financing is one of the biggest challenges’ businesses are facing today.

Money laundering and terrorist financing is one of the biggest challenges’ businesses are facing today. Ensuring their entity is not used for criminal activity, and mitigating other risks are a key focus, particularly for regulators. As a business owner, you need to confirm your precautions are robust and meet local and regional law requirements.

What is money laundering?

Money laundering is the process whereby the proceeds of illegal activity are changed into seemingly legitimate funds. Sums of money are passed through various structures such as company structures, businesses, banks, and various other means, to obscure its origin. The money that comes out the other end is considered clean, and its black origins have been completely concealed. The money being cleaned often comes from organized crime such as drug trafficking, human trafficking, and corruption. The money is then used to buy luxury properties, pay bribes, or even to fund terrorism. The reasoning behind the process is that using large sums of illicit money can draw the attention of authorities; by ‘cleaning’ it, there is limited risk of discovery. The act of money laundering is a crime in most jurisdictions, punishable by prison and hefty fines. Businesses found to have facilitated money laundering, either willingly or unwillingly, can also face serious consequences. Possessing property gained through illicit funds is also illegal in the jurisdiction of Malta.

What regional rules are there?

In 1990, the European Union adopted the very first anti-money laundering directive. It was designed to respond to the growing threat that money laundering posed to the EU economy. The legislation has been revised periodically to keep up with emerging and evolving threats to the financial sector. The EU lays down provisions relating to due diligence, business types, know your customer, reporting, and monitoring. States must then transpose these provisions into each member state’s national law within a specific time frame. Currently, in its fifth edition, the AMLD as it’s known was updated to include virtual currency and similar technologies. It had to be transposed by member states by January 2020. The revised legislation improved the Union, countries, and entities to stop the financial system from being used for money laundering and terrorist financing.


Recent changes including the setting up of a public register for companies, trusts, and other legal arrangements. It also enhanced the powers of Financial Intelligence Units and gave them access to information to help them do their jobs. In terms of virtual currencies, it limited the anonymity afforded to both currencies and wallet providers. Changes also included central bank account registries and retrieval systems and enhanced cooperation between AML supervisory bodies across the bloc. It also laid down stricter penalties for money laundering, the extension of criminal liability to companies and partnerships, and tightened the selection process for FIAU (Financial Intelligence Analysis Unit) staff. The 6th AMLD has not yet been enforced throughout the Member States, but most of the changes are already present in existing domestic legislation.

What AML/CFT rules does Malta have?

Malta is bound by its national legislation. It is also bound to transpose the EU AMLD’s into national law, and it must adhere to EU standards. The laws are as follows: 

  • Prevention of Money Laundering Act Chapter 373 of the Laws of Malta
  • Prevention of Money Laundering and Funding of Terrorism Regulations- Subsidiary legislation 3773.01
  • Criminal Code Chapter 9 of the Laws of Malta
  • Commission Delegated Regulation 2018/1108 on Central Contact Points
  • Commission Delegated Regulation 2019/758 on Measures for Groups Present in Certain Third Countries
  • Commission Delegated Regulation 2016/1675 on High-Risk Third Countries
  • Third, Fourth, Firth Anti-Money Laundering Directives
  • 2006/70/EC Implementation Directive
  • Regulation EC 1781/2006.


Malta also follows recommendations laid down by various international organizations. These include the Financial Action Task Force (FATF) and The Council of Europe’s MONEYVAL and GRECO. While not legally binding, these recommendations are based on current performance and encourage states to adhere to international best practices and standards.

What are the consequences of non-compliance?

Non-compliance with anti-money laundering obligations brings with it severe consequences. These include criminal proceedings, fines, license suspension or revocation, and of course, significant reputational damage. Anyone charged with money laundering offences is tried in the Criminal Court or the Court of Magistrates, under the direction of the Attorney General. The FIAU is not responsible for prosecutions; rather, they investigate cases and refer them to the authorities.


Maltese law requires evidence of the conversion or transfer of property, paired with the suspicion or knowledge that it has been either directly or indirectly derived from criminal activity. Specifically, to hide or disguise its origins or assisting those involved in illegal activity. Likewise, concealing the source, location, origin, movement, or rights of a property with the above knowledge or suspicion, is also a crime. The law also states that acquiring, possessing, and retaining such property is an offence. Either carrying out or attempting to carry out any of the above is punishable under Maltese law.


Even if there hasn’t been a conviction for a crime, the proceeds from that incident can still be considered illicit funds.  The accused must prove they had no knowledge or suspicion of the origin of the funds. For those found guilty, the maximum fine is EUR 2.5 million or a prison sentence capped at 18 years. In the case of a legal entity, punishments can be given to an individual involved in the entity, the corporate body itself, or the future proceeds of the entity. Maltese law also provides for the confiscation of property. This includes evidence, proceeds, and other assets to the value of such proceeds.  Additionally, any property believed to be purchased with money laundering proceeds can be confiscated by the government. The Malta Financial Services Authority and the Malta Gaming Authority are also empowered to revoke licenses and conduct monitoring as and when required.

Who are ‘subject persons’?

Under Maltese law, ‘subject persons’ are defined as “any legal or natural person carrying out either relevant financial business or relevant financial activity.” It can include the following:

  • Notaries and lawyers when they act on behalf of clients in any financial transaction or through the planning of any financial transaction. This can include fiat currency, immovable property, or movable property.
  • Those engaged in brokering, buying, and selling property, e.g., real estate agents involved in selling and letting;
  • Managing money, securities, assets, and property on behalf of a client;
  • Managing securities, savings, or bank accounts;
  • Involvement in organizing contributions for opening and operating a company;
  • Managing and helping to create trusts, foundations, companies, or others;
  • Tax advisors, auditors, accountants, and those providing advice on financial and tax matters;
  • Those involved in trading art including galleries, freeports, auction houses, and auctioneers;
  • Those involved in maintaining internal reporting procedures.

What are KYC and due diligence?

Know your customer, otherwise known as KYC, is a mandatory process whereby a service provider identifies and verifies a potential or actual client. It also aims to establish any risks associated with the relationship and whether the customer is suitable to onboard. Due diligence is a process whereby information given is verified in the parameters of the law. For example, ensuring the source of funds are legal and conducting a background check.


Under Maltese law, every subject person should have due diligence carried out on them. It should include, among other things, the following:

  • Identifying the client based on documents, information, and data that’s been obtained from a reliable source;
  • Verifying the legal status of the customer and or directors or those in administrative roles within the legal entity;
  • Identifying the beneficial and ultimate beneficial owners;
  • Ensuring ongoing monitoring is carried out on the client and relationship;
  • Keeping all documents and data up to date for the duration of the relationship and after, if required by law.


KYC verification typically includes the evaluation of a government-issued ID, utility bills, and proof of address. It can also include biometrics, facial verification, and other details. The KYC and due diligence requirements you will have to enforce will vary depending on your business type and applicable laws.

What is risk management?

Another critical aspect of compliance within your Maltese organidation is conducting risk management exercises. Subject persons are required that risk management processes and procedures are updated and enforced. Under these measures, the subject person must evaluate transactions that can be considered as the following:

  • Complex in nature;
  • Of a high value;
  • Form an unusual or suspicious pattern;
  • Have no purpose that can be defined economically or legally;
  • Come from or involve a non-reputable jurisdiction.


In cases where these characteristics are noted, the subject persons should increase the monitoring carried out on the client and the business relationship.

A guide to record-keeping and reporting procedures

Under Maltese law and international best practices, subject persons must keep relevant documentation and information to aid any potential investigations by the FIAU or police. What information can be stored and for how long is laid down both by national law and at an EU level, including the GDPR.

How can BDO Malta help?

BDO Malta's AML compliance team is on hand to assist clients from all industries with their AML/CFT obligations. Their multidisciplinary experience allows them to focus on the nature of the business and tailor solutions that meet the applicable practical and legal requirements. Our AML practice concentrates on both assessing and mitigating the risks of money laundering and counter-terrorist financing.


Our experienced staff have helped clients of all sizes to foster a more robust culture of compliance within their organizations. We can provide assistance with the following services:


BDO Malta can assist you in ensuring that your company complies with all national and international AML legal requirements, especially with regard to money laundering and funding of terrorism. 

Want to know more?

Get in touch