The main act is the Prevention of Money Laundering Act (PLMA), Chapter 373 of the Laws of Malta.  Money laundering in Malta is punishable by a fine which does not exceed 2,500,000 euro and / or imprisonment for a period up to eighteen (18) years. Persons charged with money laundering shall be tried either in the Criminal Court or before the Court of Magistrates.

During proceedings, the Court may impose a freezing order on the assets of the accused. Upon conviction, the Courts shall also confiscate all property (whether in Malta or outside Malta) which was acquired utilizing the proceeds of crime.

Prevention of Money Laundering and Funding of Terrorism Regulations

The Prevention of Money Laundering and Funding of Terrorism Regulations(PMLFTR) obliges very subject persons to have in place and implement measures, policies, controls and procedures, proportionate to the nature and size of its business, which address the risks identified as a result of the risk assessment.

In connection with risk assessment, the Prevention of Money Laundering Regulations require every subject person to take appropriate steps, proportionate to the nature and size of its business, to identify and assess the risks of money laundering and funding of terrorism that arise out of its activities or business, taking into account risk factors including those relating to customers, countries or geographical areas, products, services, transactions and delivery channels.

Learn more on Risk & Compliance Services 

The Maltese Financial Intelligence & Analysis Unit (FIAU)

The Maltese Financial Intelligence & Analysis Unit (FIAU) is responsible for monitoring compliance by subject persons with the obligations set out under the PMLA and PMLFTR.

The FIAU adopts a risk-based approach when carrying out its supervisory function. The FIAU conducts risk assessments to understand the risk posed by the various sectors, businesses and professions, and the various entities and individuals operating within these sectors.

Every subject person is obliged to adhere to the Implementation Procedures (IPs) published by the FIAU. The Implementation procedures are not static but updated from time to time to reflect new developments in this field as well as new legislative requirements.

The purpose of the Implementing Procedures is to assist subject persons to understand and fulfil their obligations under the PMLFTR, thus ensuring an effective implementation of the provisions of the PMLFTR. Sanctions and administrative penalties are imposed by FIAU for non-compliance with the IPs.

The IPs are divided into two parts:

Part 1 is applicable to all sectors 

Part II applies to each sector specifically. Part II sectoral specific IPs have been published for the remote gaming sector, virtual financial assets sector, land-based casinos, the banking sector and company service providers.

Learn more on Risk & Compliance Services

The directors of FF International have combined experience in excess of 25 years in financial services. The knowledge and experience gained during all these years enable our firm to provide comprehensive set of AML CFT Compliance Services which include:

• Ongoing compliance support and advisory services
• Drafting and reviewing of AML CFT policies and procedures
• Jurisdictional Risk advisory services (through our SFAI worldwide network)
• Auditing of internal policies and procedures
• Reviewing of records and files
• Gap Analysis
• Enhanced due diligence services
• Assistance in corporate governance

General Data Protection Regulation (GDPR) Compliance in Malta

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. GDPR was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).

GDPR in Malta is regulated by the (new) Data Protection Act, Chapter 586 of the laws of Malta. The Office of the Information and Data Protection Commissioner (www.idpc.gov.mt) is the supervisory authority in Malta. GDPR in Malta is applicable for both electronic and structured hard copy records.

Under the Maltese implementing provisions both controllers and processors must appoint a data protection officer if:

• they are a public authority;
• (ii) their core activities consist of regular and systematic monitoring of data subjects on a large scale; or
• (iii) their core activities consist of processing special category personal data on a large scale (including processing information about criminal offences).

The data protection officer must be involved in all data protection issues and cannot be dismissed or penalised for performing his / her role. The data protection officer is obliged report directly to the highest level of management. The data protection officer must be communicated to the Information and Data Protection Commissioner.

The GDPR contains a general obligation to implement appropriate technical and organisational measures to protect personal data.

FF International provides advisory services in relation to the implementation and compliance requirements of GDPR.

Learn more on Risk & Compliance Services 

Contact us

Contact us for more information about our risk & compliance services that we offer here at FFInternational