• AML-CFT Compliance Risk Assessments

AML-CFT Compliance Risk Assessments


It is no surprise that the Anti-Money Laundering and Combating the Funding of Terrorism (“AML/CFT”) sector has been rapidly evolving within the last decade. Subject persons were obliged to review and update their controls overnight, to ensure compliance with all legislative changes. Failure to maintain effective AML/CFT systems can not only result in criminal activity, but also enforcement measures, revocation of license, and reputational damage.


A comprehensive and thoroughly tested AML/CFT Compliance Program is therefore an essential requirement for strict adherence to the applicable legislation, further emanating from EU directives and established practices by intergovernmental bodies.


BDO Malta’s qualified experts in the AML/CFT sector are able to provide subject persons with a full assessment to determine whether the Company has implemented adequate and effective controls in line with all applicable AML/CFT rules and regulations.


Our assessment includes control objectives and key controls for the following processes:

  • Compliance with the following regulatory frameworks in relation to the prevention of money laundering and financing of terrorism (‘PMLFT’);
  • Assessment of automated technology solutions deployed by the subject person for the PMLFT and other risks involved;
  • Assessment of risk assessments carried out by the subject person in relation to PMLFT;
  • Communication with key management to discuss, confirm, and walkthrough the key controls in place within the identified risk areas; and
  • Identification of unmitigated risks or control gaps in the current processes.


Any identified vulnerabilities, weakness or deficiencies are recorded based on the RAG risk rating system, outlining non-compliance, partial compliance, and general adequate compliance with the relevant AML/CFT laws, regulations, recommendations, and guidance. The end result allows subject persons to identify the level of work effort required to address variances or shortcoming within the organisation’s procedures and controls.