It comes as no surprise that Maltese regulatory authorities have significantly increased their supervisory coverage. This to maintain continuous oversight of the conduct, stability, and compliance of firms; particularly in light of the recommendations set out by the FATF. This has evidently resulted in more meaningful enforcement action, including heftier pecuniary sanctions and the imposition of numerous remediation directives.
Recently, the FIAU issued a publication entitled the ‘Enforcement Factsheet’, comprising statistics following the Unit’s analysis of data collected in 2020, providing more insights on compliance trends. The publication confirms a total of 167 examinations carried out under the annual supervisory cycle (July 2019 – June 2020) and 142 examinations carried out throughout the current annual supervisory cycle (July 2020 – June 2021). This highlights a stark increase when compared to the 67 examinations carried out in 2017 and 58 examinations in 2018. Furthermore, the top 3 common findings across all sectors concern the inadequacy of customer risk assessments (11.37%), CDD related infringements (9%) and inadequate policies, controls, and procedures (6.64%). Other significant findings concern record-keeping infringements, late risk assessments and failure to submit STRs.
The MFSA has also made available to its licensees a publication titled ‘MFSA AML and CFT Strategy: Integrating AML and CFT within our conduct and prudential supervisory activity’. Within this document, the MFSA sets out the methodology undertaken by the Authority when carrying out compliance visits on its licensees. The key principles concern the regulated firm’s focus on the entire lifecycle, risk assessment of business models, firm strategies and corporate arrangements, culture, governance and accountability, open communication, and adherence to the risk-based approach.
In view of the ever-increasing compliance requirements, it is understandable that the feeling across regulated firms and subject persons is one of exasperation. Nevertheless, supervisory visits are not only essential for the safeguarding of Malta’s financial system, but also beneficial in terms of testing businesses’ business continuity plans, risk governance framework and internal controls. Supervisory coverage entails the independent audit and testing of risk and compliance frameworks, which in turn enables firms to identify and act on any weaknesses, gaps or deficiencies.
During supervisory visits, it is important that senior management and key function holders remain:
- compliant - comply with requests for information in a prompt manner
- honest – be upfront and honest during interviews with supervisory officials
- communicative – no firm is perfect - speak openly on weaknesses already identified within the business and on what is being done to rectify the deficiencies
- respectful – remain level-headed during wrap up meetings as these are intended to advise firms on the findings
- humble – demonstrate your willingness to improve or remediate where necessary
- proactive – act on the findings outlined by the Authority prior to receiving the concluding letter
Undoubtedly, business continuity plans should prioritize preventive actions rather than treatment measures. Crisis management should be avoided where possible. The best approach is therefore to ensure ongoing review and update of the business’ inherent and residual risks, regulatory and governance framework, to ensure sufficient preparedness for unplanned supervisory visits.
BDO is here to help!
Our Risk and Compliance Advisory departments can help you enhance your firm’s preparedness response by setting up the necessary risk assessments and governance framework, preventive and remediation plans; a vital aspect of any firm’s business continuity plans.
Contact BDO Malta today to find out more.