In June 2025, the Financial Intelligence Analysis Unit (FIAU) released its latest Corrective Actions Paper, outlining its approach to restoring compliance across subject persons (SPs) following AML/CFT breaches. The publication explains how corrective directives are imposed, monitored, and concluded, highlighting their use in supporting regulatory compliance across the jurisdiction.
It also reflects the FIAU's increasing reliance on administrative measures not only as an enforcement mechanism, but as a supervisory tool to drive sustainable change and improve AML/CFT frameworks across all sectors.
Understanding FIAU Directives
Corrective actions take the form of either Remediation Directives or Follow-Up Directives, depending on the seriousness of the breaches identified:
- Remediation Directives are used in cases where deficiencies are less severe or where corrective steps have already been initiated. These directives are generally less intrusive and may only require the SP to provide evidence of compliance through written declarations and updated documentation.
- Follow-Up Directives apply in cases requiring more active oversight. SPs must submit an Action Plan, attend regular meetings with the FIAU, and demonstrate control implementation through walkthroughs, testing, and submission of customer files.
Two-Stage Review Process
Each directive follows a structured review:
- Design and Technical Compliance: The first phase assesses whether the AML/CFT framework is appropriately structured. This includes reviewing policies and procedures, business risk assessments, and the integration of controls into internal systems.
- Control Effectiveness: The second phase evaluates whether those controls are working in practice. This may involve reviewing a sample of customer files, onboarding processes, monitoring reports, and internal alerts.
The outcome of the first phase directly influences the depth of testing in the second, with a risk-based approach applied throughout to ensure proportionality and relevance.
Conduct Expected During the Process
The FIAU outlines several practical standards for how SPs should manage the directive process:
- Clear and timely communication is essential. Delays should be explained in advance, and all correspondence should be constructive and transparent.
- Documentation must be relevant and purposeful. Submitting irrelevant or excessive material without explanation creates unnecessary inefficiencies.
- Timeframes should be realistic and supported by clear planning. Overpromising or submitting broad, undefined deadlines undermines the objective of timely compliance.
- A risk-based mindset should inform all remediation efforts. Controls must reflect the organisation’s actual risk exposure—not simply replicate regulatory text.
The FIAU also encourages SPs to go beyond the minimum requirements. Many demonstrate proactive engagement by requesting additional meetings and voluntarily strengthening AML/CFT controls across other parts of the business.
Consequences of Non-Compliance
When an SP fails to meet the requirements of a directive, the FIAU may escalate the matter. Measures include:
- Notification of the FIAU’s Supervision Section or the SP’s prudential regulator.
- Monetary penalties, either as a one-off fine or a daily pecuniary penalty until compliance is achieved.
Insights from Supervisory Experience
Between 2020 and 2024, the FIAU issued 101 directives and held 151 meetings related to the remediation process. The paper includes anonymised case studies across sectors, including gaming, banking, TCSPs, CSPs, and notaries, demonstrating the impact of remediation and oversight in practice. Common findings include improvements in risk assessments, updates to onboarding procedures, better calibration of transaction monitoring systems, and increased accountability at MLRO level.
Next Steps for Subject Persons
Corrective directives serve as a regulatory mechanism to support long-term improvements, not simply to address past issues. SPs that engage constructively with the FIAU contribute to a more resilient AML/CFT regime and reinforce the integrity of their own operations. The FIAU underscores the importance of this collaboration, especially as financial crime threats continue to evolve. SPs are encouraged to see the directive process as an opportunity to strengthen their control frameworks and internal governance, not just to meet compliance obligations, but to uphold Malta’s reputation as a trusted jurisdiction.
How BDO Malta Can Support Your Compliance Efforts
BDO Malta assists subject persons in assessing, implementing, and reviewing AML/CFT frameworks in line with FIAU expectations. Whether responding to a directive, preparing for a compliance review, or strengthening internal controls, our team provides practical, risk-based guidance tailored to your sector.
We work alongside clients to support sustainable remediation and demonstrate tangible progress where it matters and to strengthen your AML/CFT framework and reduce future compliance risk, transforming enforcement into an opportunity for long-term resilience.
Get in Touch
