back to updates & publications


In August, the FIAU informed subject persons of the following publications issued by MONEYVAL, EUROPOL and the European Banking Authority (EBA):


The report contains a comprehensive review of the actions taken to oversee and control virtual asset service providers (VASPs), and an outline of the characteristics of the risks associated with criminals exploiting VASPs and virtual assets (VA) for ML purposes.

The Key findings of the Report include:

  • Better results in regulating and supervising the VASP sector were achieved in areas where the VASPs were included as reporting entities in the national AML/CFT Law.
  • Members reported that it was challenging to accurately determine the materiality of the sector for the VA and VASPs risk assessment at national level.
  • In more advanced jurisdictions the risk analysis also considers the results of the supervisory actions in addition to the products, services, customers, geography, business models and the strength of the entity’s compliance program.
  • The use of technology when identifying and assessing risks in this sector appears to be a good practice (e.g. blockchain risk evaluation tools).
  • Licensing, registration and regulation remain a challenge.
  • Some members report that registration for the purposes of AML / CFT oversight is still not enough, as less reputable firms use the registration as a stamp of legitimacy, and their customers rarely understand the difference between registration and regulation.
  • MONEYVAL members report difficulties in detecting unlicensed/unregistered VASPs in practice.
  • Not all supervisors of the MONEYVAL members are comprehensively resourced in terms of staffing and knowledge, and the RBA is rarely tailored on a sector specific risk assessment.
  • The collection of statistics relating to VAs and VASPs would improve the assessment of risk, particularly in the jurisdictions that need to identify domestic unregistered VASPs or external VASPs operating in the jurisdiction.
  • Monitoring of cross border transactions is still a problematic issue (e.g., issue with the application of travel rule).
  • The majority of MONEYVAL members are receiving a negligible amount of STRs from VASPs.
  • Concerns with the quality of VASP reports include:
    • the overreliance on technological tools to detect potential suspicious transactions which can assist in identifying red flags but cannot completely replace human analysis and expertise;
    • defensive STRs being reported;
    • outsourcing of AML/CFT obligations including transaction monitoring;
    • lack of AML/CFT expertise; and
    • misunderstanding of reporting obligations in situations where VASPs operate in multiple jurisdictions.
  • Fraud and child sexual exploitation were highlighted as prevalent predicate offences identified by VASPs.
  • ML/TF investigation responsibility is most often not determined on the basis of the cases’ modus operandi (e.g., whether it involves VAs), but rather on the type of underlying crime.
  • Sourcing of financial intelligence is heavily dependent on the designation of VASPs as reporting entities.
  • There are difficulties in gathering evidence from VASPs located in foreign jurisdictions, and MLA channels are not efficient in ensuring timely seizure of VAs located abroad.
  • The majority of FIUs and LEAs are lacking appropriate technological tools and expertise to effectively analyze and investigate VA related ML/TF cases.
  • The ability to seize and freeze VAs is dependent on the presence of a VASP intermediary and/or the possession of the private keys providing controls over the VAs.
  • Only a small fraction of ML/TF investigations involve proceeds of crime that are VAs. The value of frozen and confiscated proceeds of crime that are VAs is negligible.

This Report can be accessed directly through MONEYVAL’s website on the following link:



The Assessment contains Europol’s evaluation of the cybercrime landscape and how it has changed over the last 24 months.

The assessment confirmed that the year 2022 shifted the world’s attention from the COVID-19 pandemic to Russia’s invasion of Ukraine, which has resulted in the displacement of some cybercriminals active in the area. The boost in disruptive cyberattacks targeting EU Member States is mostly due to a significant number of Distributed Denial of Service (DDoS) attacks affecting national and regional public institutions. Online fraudsters responded swiftly to the circumstances and exploited the crisis by targeting victims across the EU under the guise of supporting Ukraine or Ukrainians. Fake webpages were created to solicit money, using URLs that included misleading key words.

Emails pretending to raise funds for the humanitarian effort were sent from fraudulent addresses. In some cases, fraudsters impersonated celebrities that led or supported real campaigns or spoofed the humanitarian organisations’ domains, inviting victims to donate in cryptocurrencies (‘Help Ukraine’ crypto scams emerge as Ukraine raises over $37 million in 2022).

The threat of online child sexual exploitation, while not affected by these geopolitical developments, has been further increasing in terms of quantity and severity.

The Key findings include:

  • Cybercriminal services are intertwined, and their efficacy is co-dependent.
  • Similar techniques are being used for different goals.
  • The central commodity of this illicit economy is stolen data.
  • Same victims usually suffer multiple offences.
  • Underground communities educate and recruit cybercriminals.

This Assessment can be accessed directly through EUROPOL’s website:



This Report was issued in light of a transformed risk environment that has been contributed by geopolitical occurrences like Russia’s invasion of Ukraine, legislative advancements such as the release of an extensive ‘AML Package,’ and the implementation of the Markets in Crypto-Assets Regulation (MiCAR).

The Report evaluates the existing risks that reman relevant, examines the newly emerging Cross-sectoral risks and risks arising from legislative divergence and divergent supervisory practices, as well as provides an overview of sector-specific risks for credit institutions, payment and e-money institutions, investment firms, collective investment undertakings, fund managers and others.

The Report also highlighted 23 proposals to the EU co-legislators and competent authorities to address the identified risks and to strengthen the EU’s financial crime defenses.

This Report can be accessed directly through the EBA’s website at: https://www.eba.europa.eu/eba-publishes-fourth-opinion-%C2%A0-money-laundering-and-terrorist-financing-risks-across-eu


The EBA published a factsheet summarizing the purpose of EuReCa as the central AML/CFT database, who reports into it and how the EBA uses information from EuReCA to foster an effective approach by EU supervisors to tackling financial crime risks in their sector.

This Factsheet can be assessed through the EBA’s website:



The EBA has published its Annual Report which sets out its activities and achievements for 2022 and provides an overview of the key priorities for 2023.

The key achievements for 2022 include:

  • Evaluating the robustness of EU banks;
  • Updating the prudential framework;
  • Leveraging EUCLID: making the most of banking and financial data;
  • Digital resilience, financial innovation and consumer protection;
  • Fighting ML/FT – framework and supervision;
  • Integrating ESG risks into the regulatory framework;
  • Enhancing efficiency and effectiveness of the EBA;
  • Cross-sectoral work under the Joint Committee;

The main priorities set for 2023 include:

  • Incorporating the ESG roadmap into the prudential framework;
  • Finalizing the Basel III implementation in the EU;
  • The 2023 EU-wide stress test of banks;
  • Delivering Data at the service of stakeholders;
  • Regulating and supervising digital finance; and
  • Establishing a new Anti-Money Laundering Authority (AMLA).

The document can be accessed from the EBA’s website:


FF International provides Compliance, AML and Risk Management services.

For further information, please contact:

Franco Falzon C.P.A. LL.M (Managing Director)

E: info@ffinternational.com.mt

T: +356 2010 7771 (office)

M: +356 9989 5679 (mobile)

While FF International Limited (hereinafter referred to as “FFI”) endeavours to ensure that any information published in articles / publications / memos / updates (including any information published on our website) is accurate as at the time of publication, FFI nor any of their respective directors, partners, officers, employees, or agents make any representation or warranty (express or implied) or accept or will accept any responsibility or liability in relation to the accuracy or completeness of the information contained published in our articles / publications / memos / updates (including any information published on our website) or any other written or oral information made available or published on our articles / publications / memos and updates. Any responsibility or liability in respect of any such information or any inaccuracy or omission arising from any article / publication / memo is expressly disclaimed. In particular, but without prejudice to the generality of the foregoing, no representation or warranty is given as to the achievement or reasonableness of any future projections, estimates, prospects or returns published on our articles / publications / memos / updates (including any information published on our website) . The content of the above article / publication / memo / update and any information published on our website is intended to serve solely as general information only and its purpose is not to provide any specific professional advice whether of a financial, legal, tax or other nature. Since it is recommended that business decisions be based only on qualified professional advice, neither FFI nor any related company belonging to FFI nor any of the respective directors, partners, officers, employees, or agents of FFI will be held liable for any damages which might result as a consequence of relying on the information contained within. FFI including any directors, partners, officers, employees, or agents of FFI and / or any entity related to FFI accept no liability whatsoever for the content of this article / publication / memo / update for the consequences of any actions taken on the basis of the information provided. If you have any questions relating to the accuracy and correctness of the above article / publication / memo / updates or any information published on our website you are kindly requested inform us by sending us an email on info@ffinternational.com.mt