In terms of Regulation 16 of the PMLA, the FIAU is the national competent authority responsible for monitoring AML/CFT compliance by subject persons carrying out relevant financial business or relevant activity in terms of Regulation 2 of the PMLFTR. This function is entrusted to the Supervision and Enforcement Section within the FIAU. In order to fulfil this function, the FIAU has adopted a risk-based supervisory strategy in accordance with the 4th AML Directive, signifying that the frequency, scope and method of supervision intensifies according to the level of ML/FT risk posed by a subject person.
The execution of this strategy entails the carrying out of the following 3 main activities:
1) Risk understanding and assessment
The first stage of the risk-based supervision process involves the identification and assessment of ML/FT risks posed by the subject persons as well as the sectors in which they operate. The risk assessment is conducted by Risk through the Compliance Assessment and Supervisory Platform for Assessing Risk (“CASPAR”) system.
2) Supervisory coverage determination
The results of the risk assessment carried out through the CASPAR system are subsequently transposed into a supervisory plan in accordance with the established supervisory strategy. The plan defines when and how the population of subject persons will be supervised in accordance with the risk profile derived through the risk assessment exercise. All the subject person population is subject to AML/CFT monitoring irrespective of the results of the risk assessment process. It is the frequency, scope and method of supervision to be applied that differs vis-a-vis the subject person’s risk profile.
3) Supervisory action
Following the formulation of the supervisory plan, Supervision carries out the supervisory action in line with the plan. Methods of supervision include the following:
a. Full-scope examinations
b. Thematic examinations
c. Targeted examinations
d. Follow-up examinations
e. Supervisory meetings
A typical examination will commence with the subject person being notified that a compliance review will be conducted. The notification will also include a request to submit preliminary documentation and information within a stipulated timeframe. Subsequent to the receipt of the requested information, a kick-off meeting is held between officers the FIAU supervisory team and the subject person, followed by testing procedures carried out to assess the adherence by the subject person to AML/CFT obligations. The result of the compliance review are communicated to the subject person through the submission of a report highlighting potential breaches of AML/CFT obligations identified during the course of the compliance review. The subject person is granted the opportunity to submit representations within a stipulated timeframe from the receipt of the report. Following submission of representations by the subject person (if any), Supervision will present the case to the Compliance Monitoring Committee (CMC) who will evaluate the representations received and determine whether the AML/CFT shortcomings included in the report constitute a breach of AML/CFT obligations. This decision, together with enforcement measures decided upon by the CMC, is communicated to the subject person. Follow-up action can be carried out by Enforcement at a later stage to determine whether AML/CFT shortcomings identified were remediated by the subject person.
To ascertain sufficient and adequate supervisory coverage of all the subject persons irrespective of the sector or sub-sector in which they operate, Supervision is divided into 3 distinct teams as follows:
a) Credit and Financial Institutions Supervision
b) Investments, VFAs and Gaming Supervision
c) DNFBPs Supervision
Co-operation with Other Supervisory Authorities
Although AML/CFT supervisory actions stem from the FIAU, compliance examinations may also be conducted by officers from the Malta Financial Services Authority (MFSA) or the Malta Gaming Authority (MGA) apart from officers from the FIAU’s Supervision. This is in virtue of a Memorandum of Understanding signed between the FIAU, MFSA and MGA, allowing the MFSA and MGA to act as agents of the FIAU and carrying out compliance examinations on the FIAU’s behalf. A compliance review report indicating the potential AML/CFT obligations breaches identified during the examination are sent directly by MFSA or MGA to the subject person concerned. The subject person will also be requested to submit representations directly to the MFSA or MGA. However, results of compliance examination and representations submitted by the subject person are communicated to the FIAU by the MFSA and MGA, and it is the FIAU who retains the final responsibility for deciding upon potential breaches of AML/CFT obligations identified from the conduct of compliance examinations and enforcing any enforcement measures thereafter.