Kindly click here to access the first part to this article
Part 2 of 2
At least annually, all Maltese subject persons are required to given an account to the FIAU of details on their AML compliance policies and procedures. This is known as the ‘Annual Compliance Report’. Additionally, this is sustained with ad hoc data requests from various authorities. The trend seen is that the questionnaires that subject firms are receiving and compiling are becoming more frequent and lengthier. The automation of reports coming from strong tools used by an organisation can save it large volumes of man-hours.
Distributed Ledger Technology (DLT) is currently a hot topic within the industry as financial institutions are looking for efficient solutions to cumbersome and costly regulatory burdens in AML compliance. While DLT may offer certain efficiencies (decentralisation, immutability, removal of intermediaries), certain challenges in AML still remain (lack of standardisation, permissions, different stakeholders’ input). However, it is safe to state that discussions on DLT for AML compliance have only just begun.
With the enactment of EU’s Directive 2015/849/EU on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (known as the 4th directive), the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.02) (the “Regulations”) have been amended to introduce the obligation on every subject person to carry out a risk assessment: this may be achieved by the subject person taking “appropriate steps, proportionate to the nature and size of its business, to identify and assess the risks of money laundering and funding of terrorism that arise out of its activities or business, taking into account risk factors including those relating to customers, countries or geographical areas, products, services, transactions and delivery channels and shall furthermore take into consideration any national or supranational risk assessments relating to risks of money laundering and the funding of terrorism”. There is also the responsibility to carry out this assessment at different stages of a subject person’s activities – the assessment is to remain up-to-date. This coordination of statistics, relevant to each and every subject person, requires the input of the best technologies to ensure that, on the one hand, this assessment is carried out to satisfy AML compliance, but also, on the other hand, for the firm itself to reap other different benefits from its self-assessment.
Ignoring AML compliance brings regulatory and financial risks: recent revisions to the local Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta), the Regulations and the IPs issued thereunder have enhanced the sanctioning regime with a significant increase in penalties that may be prescribed against subject persons (amongst others). These serve both as a deterrent and against actual breaches by local subject persons in their AML compliance obligations.
In this respect, firms should make best use of technological advances to aid in their obligations to detect and deter money laundering and funding of terrorism. There are different approaches to digitisation: it may either be rejected in certain areas but rejected in the right way, for example in smaller firms with a focus on “a personal touch” towards a certain portfolio of their clientele; digital change may be embraced cautiously, from the top-most level within the organisation first and then implemented throughout; finally, a firm may be open to investing in experimenting, exploring and creating innovative solutions to place it at the forefront of the industry. Closing your eyes totally to digitalisation may no longer remain on the agenda. Putting in place suitable tools, frameworks, and policies is essential for staff to help in mitigating the AML risks that are ever-evolving.
For further information, kindly get in touch with our Risk & Compliance team on [email protected]