Home/Blog/Blog Large Image
23 March 2023 By Fenlex Corporate Services In Compliance Due Diligence News

The Risk Based Approach (RBA) to Customer Due Diligence (CDD) procedures 

The RBA was introduced to subject persons through the 4th Money laundering directive, replacing the previously used ‘tick box’ approach to customer due diligence.

Article 7(6) of the Prevention of money laundering and funding of terrorism regulation (PMLFTR) requires a subject person’s customer due diligence procedures to be implemented on a risk-sensitive basis. This obligation is reinforced in chapter 3 of the implementing procedures part 1.

When utilising a RBA to customer due diligence, subject persons must ensure to understand the inherent risk of business relationships and/or occasional transactions, prior to onboarding and on an ongoing basis. This effectively means that subject persons must understand the particular risks they are being exposed to by onboarding and servicing each of their clients.

Upon understanding their risk exposure, a subject person is then expected to effectively mitigate the risk through the implementation of mitigating measures, which address the unique risks identified through the Customer Risk Assessment process. A subject person therefore cannot solely implement standard mitigating measures across the board, as each client, whether establishing a business relationship or requesting an occasional transaction, will expose the subject person to a unique set of risks.

Should a subject person determine however, that they are not able, or are not sufficiently equipped, to mitigate the risks identified, then the subject person should refrain from onboarding or servicing the client.

Can the RBD affect your business adversely? 

If the RBA is not implemented and utilised as intended, yes, it could hinder business, become time consuming, costly and may cause issues with authorities, due to actual risk exposure not being identified and/or addressed.

The scope of adopting a risk-based approach is to allocate resources where they are most needed and to address specific risks. It is however very common for subject persons to default to obtaining more, or more extensively verified documentation when clients are assessed as being higher risk, most of the time completely overlooking the actual risk being faced.

Although in certain instances further documentation and authentication would be the correct mitigating measure, exposure to certain other risks may not necessarily require further KYC documentation to be collected. Alternatively, a higher level of ongoing monitoring or a different method of ongoing monitoring may need to be implemented and further information may be required (not necessarily from the client).

Obtaining meaningful information, both initially and on an ongoing basis, will help subject persons understand their client, establish what ‘normal’ looks like for that particular client and as a result Identify any unusual behaviour/activity.

Conclusion

It is therefore imperative, for the protection & survival of the subject person, that AML/CFT measures are targeted to address the actual risks being faced, rather than collecting a significant amount of documentation to tick the proverbial box and attempting to present a compliant front to the regulator.

Subject persons need to work smarter by understanding and addressing real risk, making AML/CFT measures meaningful and efficient in their implementation. Although this approach is not infallible, it will ensure that the subject person is addressing risk meaningfully, taking the appropriate action where necessary.

09 March 2023 By Fenlex Corporate Services In Compliance News

The MFSA has issued the Annual Compliance Return (ACR) for completion by Company Service Providers

The MFSA has issued the Annual Compliance Return (ACR) for completion by Company Service Providers (CSP). The revised version has been uploaded on the MFSA’s website: https://www.mfsa.mt/our-work/company-service-providers/?ver=50000

Certain changes have been effected to this year’s ACR and therefore CSPs should seek to download the latest version of the ACR, to ensure that all the necessary fields are completed.

The return will need to be completed and uploaded, together with the required documentation, to the LH portal as follows: 

  • Corporate CSPs, 4 months from the company’s year end
  • Individual CSPs by 30th April 2023

The MFSA has also informed the industry that no extensions will be granted to any of the deadlines.

Further information and assistance please contact us on fenlexcompliance@fenlex.com.

09 March 2023 By Fenlex Corporate Services In Compliance News

The MFSA has issued the Annual Compliance Return (ACR) for completion

The MFSA has issued the Annual Compliance Return (ACR) for completion by Administrators of Foundations, Trustees, and other Fiduciaries. The ACR has been uploaded on the MFSA’s website.

The return will need to be completed and uploaded, together with the required documentation, to the LH portal 4 months from the authorised person’s financial year end.

The MFSA has also informed the industry that no extensions will be granted to any of the deadlines.

Further information and assistance please contact us on fenlexcompliance@fenlex.com

02 March 2023 By Fenlex Corporate Services In AML Compliance News

Outcomes of the FATF Plenary, February 2023

The FATF has published a summary of the outcomes stemming from the Plenary held at the FATF headquarters in Paris, which concluded on the 24th February 2023.

Outcome 1: FATF public statements in relation to the Russian Federation

One year after the Russian Federation’s illegal, unprovoked and unjustified full-scale military invasion of Ukraine, the Russian Federation continues to intensify the war of aggression against Ukraine.

This runs counter to FATF’s principles of promoting security, safety and the integrity of the global financial system and the commitment to international cooperation and mutual respect.

As a result, the FATF Plenary has today suspended the Russian Federation’s membership.

Outcome 2: Alterations to the list of Jurisdictions under Increased Monitoring (Grey list)

The FATF has updated the list of jurisdictions under increased monitoring, removing Cambodia and Morocco and added Nigeria and South Africa to the list.

Outcome 3: Beneficial Ownership

Last year, the FATF agreed on tougher global beneficial ownership standards by requiring countries to ensure that competent authorities have access to adequate, accurate and up-to-date information on the true owners of companies.

As a result, Recommendation 24 on legal persons had been revised, requiring countries to ensure that beneficial ownership information is held by a public authority or body functioning as a beneficial ownership registry, or an alternative mechanism they will use to enable efficient access.

The FATF Plenary has now finalised a guidance document, scheduled for publication in March 2023, which will help countries implement the revised requirements of Recommendation 24.

The Plenary also agreed on enhancements to Recommendation 25 on legal arrangements to bring requirements broadly in line with those for Recommendation 24, to ensure a balanced and coherent set of FATF standards on beneficial ownership.

An additional guidance document will be drafted by the FATF in order to help countries implement the revised requirements of Recommendation 25.

Outcome 4: Disrupting the financial flows from ransomware

The FATF has noted that the scale and number of ransomware attacks has increased significantly in recent years, as criminals are exploiting the latest technologies to develop increasingly powerful tools to carry out their attacks.

Due to this, the FATF has carried out an analysis of the methods criminals use to carry out their ransomware attacks and how they launder ransom payments.

A report in relation to this analysis will be published in March 2023. The report will include a list of risk indicators which can help the public and private sector identify suspicious activities related to ransomware.

Outcome 5: Improving implementation of FATF requirements for virtual assets and virtual asset service providers

Despite the FATF strengthening Recommendation 15, in October 2018, to address virtual assets and virtual asset service providers, many countries have failed to implement these revised requirements, including the ‘travel rule’ which requires obtaining, holding, and transmitting originator and beneficiary information relating to virtual assets transactions. This has led to many countries creating opportunities for criminals and terrorist to exploit virtual assets.

The Plenary has therefore agreed on a roadmap to strengthen the implementation of FATF Standards on virtual assets and virtual asset service providers, which will include a stocktake of current levels of implementation across the global network.

Outcome 6: Money Laundering and Terrorist Financing in the Art and Antiquities Markets

The FATF has finalised a further report, which was scheduled for publication on the 27th of February 2023. The report explores the link between money laundering and art and antiquities.

This report is aimed at exploring how terrorist groups can use cultural objects from areas where they are active to finance their operations and include a list of risk indicators which can help the public and private sector identify suspicious activities in the art and antiquities markets.

The report also includes existing good practices which have been implemented by countries to address the challenges they face.