Risk Assessment
The first stage of the risk-based supervision process involves the identification and assessment of ML/FT risks posed by subject persons, as well as the sectors in which they operate. The risk assessment is conducted by the Risk Team through the Compliance Assessment and Supervisory Platform for Assessing Risk (CASPAR) system.
The results of the risk assessment carried out through the CASPAR system are then used to guide the Supervisory Teams in the effective implementation of a supervisory plan according to the established supervisory strategy. The plan defines when and how the population of subject persons will be supervised according to the risk profile derived from the risk assessment exercise. The entire subject person population is subject to AML/CFT monitoring irrespective of the results of the risk assessment process. It is the frequency, scope and method of supervision to be applied that varies vis-a-vis the subject person’s risk profile
Supervision & Remediation
The methods of supervision will vary mainly on the basis of the risk posed by the subject person, and include the following:
- Full scope examinations
- Targeted examinations
- Thematic examinations
- Follow-up examinations
- Supervisory meetings
A typical compliance examination starts with the subject person being notified that a compliance examination will be conducted. The notification also includes a request to submit preliminary documentation and information within a stipulated timeframe. Following the receipt of the requested information, an introductory meeting is held between the Supervision Team and the subject person. This is followed by the performance of testing procedures (e.g. review of systems, review of customer files) of the subject person to assess the adherence by the subject person to AML/CFT obligations. Once all testing is completed, the closing meeting is held between the Supervision Team and the subject person to officially close the compliance examination.
Once a compliance examination is concluded, the Supervision Team assesses various factors of the compliance examination performed on the subject person, such as the overall regard to AML/CFT obligations and whether serious, breaches of AML/CFT obligations have been identified. The outcome of examinations can be one of the following:
- Outcome 1 – To send a closure letter to the subject person in cases where no/minor shortcomings in the AML/CFT compliance programme are identified during a compliance examination. This letter is also issued when the subject person demonstrates that sufficient remedial action had already been implemented to address any non-serious shortcomings identified by the Supervision Team and may include some recommendations for the subject to further strengthen its AML/CFT control framework.
- Outcome 2 – To send a remediation letter to the subject person officially requesting it to implement a remedial action plan within a stipulated timeframe to address non serious shortcomings identified during a compliance examination. The case is then handled by the Remediation Team to monitor and/or follow-up on the implementation of remedial action plans, while offering support to the subject person to ensure that the plans are effectively address the shortcomings identified during compliance examination.
- Outcome 3 – In cases where serious shortcomings are identified, the case is referred to the FIAU’s Compliance Monitoring Committee (CMC). The outcome of the compliance examination is communicated to the subject person through the submission of a potential breaches letter. This clearly highlights potential breaches of AML/CFT obligations identified during the course of the compliance examination. The subject person is granted the opportunity to submit representations within a stipulated timeframe from the receipt of the report. The potential breaches letter and the subject person’s representations are subsequently referred to the CMC for its consideration, which may also include the imposition of administrative measures.
Co-operation with the Malta Financial Services Authority (MFSA) and the Malta Gaming Authority (MGA)
Article 16(1)(k) of the PMLA empowers the FIAU to cooperate and exchange information with other supervisory authorities. Article 27(3)(b) of the PMLA also permits the FIAU to request other supervisory authorities to carry out compliance examinations on behalf of, or jointly with, the FIAU. To this end, the FIAU signed a Memorandum of Understanding the MFSA and the MGA respectively. The MFSA and MGA adopt the same process and methodology used by the FIAU when carrying out compliance examinations on FIAU’s behalf. The Quality Control Team is responsible for providing support to the MFSA and the MGA, as well as to ascertain that the examinations carried out are in line with the Supervision Section’s established procedures.