In terms of Regulation 16 of the PMLA, the FIAU is the national competent authority responsible for monitoring AML/CFT compliance by subject persons carrying out relevant financial business or relevant activity in terms of Regulation 2 of the PMLFTR. This function is entrusted to the Supervision Section within the FIAU. In order to fulfil this function, the FIAU has adopted a risk-based supervisory strategy in accordance with the 4th AML Directive. This means that the frequency, scope and method of supervision intensifies according to the level of ML/FT risk posed by a subject person.
The execution of this strategy entails the carrying out of the following 3 main activities:
Risk understanding and assessment
The first stage of the risk-based supervision process involves the identification and assessment of ML/FT risks posed by the subject persons, as well as the sectors in which they operate. The risk assessment is conducted by Risk through the Compliance Assessment and Supervisory Platform for Assessing Risk (“CASPAR”) system.
Supervisory coverage determination
The results of the risk assessment carried out through the CASPAR system are then used to create a supervisory plan according to the established supervisory strategy. The plan defines when and how the population of subject persons will be supervised according to the risk profile derived from the risk assessment exercise. All the subject person population is subject to AML/CFT monitoring irrespective of the results of the risk assessment process. It is the frequency, scope and method of supervision to be applied that differs vis-a-vis the subject person’s risk profile.
Following the creation of the supervisory plan, the Supervision Section carries out the supervisory action in line with the plan. Methods of supervision include the following:
a. Full-scope examinations
b. Thematic examinations
c. Targeted examinations
d. Follow-up examinations
e. Supervisory meetings
A typical examination starts with the subject person being notified that a compliance review will be conducted. The notification also includes a request to submit preliminary documentation and information within a stipulated timeframe. Following the receipt of the requested information, an introductory meeting is held between officers the FIAU supervisory team and the subject person. This is followed by the performance of testing procedures to assess the adherence by the subject person to AML/CFT obligations. The results of the compliance review are communicated to the subject person through the submission of a report. This clearly highlights potential breaches of AML/CFT obligations identified during the course of the compliance review. The subject person is granted the opportunity to submit representations within a stipulated timeframe from the receipt of the report. After the submission of representations by the subject person (if any), Supervision presents the case to the Compliance Monitoring Committee (CMC), who evaluates the representations received and determines whether the AML/CFT shortcomings included in the report constitute a breach of AML/CFT obligations. This decision, together with the enforcement measures decided by the CMC, are communicated to the subject person. Follow-up action can be carried out by Enforcement at a later stage to determine whether the AML/CFT shortcomings identified were remediated by the subject person.
Co-operation with Other Supervisory Authorities
Although AML/CFT supervisory actions stem from the FIAU, compliance examinations may also be conducted by officers from the Malta Financial Services Authority (MFSA) or the Malta Gaming Authority (MGA) apart from officers from the FIAU’s Supervision Section. This is due to a Memorandum of Understanding signed between the FIAU, MFSA and MGA, allowing the MFSA and MGA to act as agents of the FIAU and carryout compliance examinations on the FIAU’s behalf. A compliance review report indicating the potential AML/CFT obligations breaches identified are sent directly by MFSA or MGA to the subject person concerned. The subject person will also be requested to submit representations directly to the MFSA or MGA. However, the results of a compliance examination and the representations submitted by the subject person are communicated to the FIAU by the MFSA and MGA. It is the FIAU who retains the final responsibility to decide upon the potential breaches of AML/CFT obligations identified through compliance examinations and to implement any enforcement measures thereafter.