Anti-money laundering legislation in Malta

Dr. Maria Chetcuti Cauchi | 13 Sep 2019

Antimoney laundering legislation in Malta

What is Money Laundering?

Money laundering refers to the process of concealing the source of funds obtained from illegal activity, typically through the use of the financial system. In combating the practice of generating income through illegal actions, procedures, law and regulations are typically introduced to ensure that money that is gained through illegal or unethical practices can be detected. Globally, Anti-Money Laundering legislation gained global prominence in the aftermath of the 11 September 2001 attacks.

Traditionally, money laundering is done in three stages. However, depending on the nature of the criminal activity, some steps may be omitted. Since the vast majority of criminal dealings are done in cash, disposal of such cash is typically done through placement, where the money is physically deposited with a financial institution. In the case of non-cash proceeds that are already in the financial system, Placement does not take place

In order to camouflage the illegal sources at a second stage, layering takes place through the carrying out of complex financial transactions between banks and in a cross-border set-up. At the final step, through integration, the funds generated are brought back to use in the regular economy.

Maltese Anti-Money Laundering Legislation

The Maltese Prevention of Money Laundering Act[1] empowers financial institutions and other professionals to identify customers, establish risk-based controls and report suspicious activities. Malta has also adopted the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR), which are modeled on the European Union’s Third Directive on the prevention of money laundering.

Malta’s legislation is supported by Guidance Notes issued by Malta’s sole financial services regulator, the Malta Financial Services Authority, which adopt the principles of the Basel Committee on Banking Supervision. Although not a member of the Financial Action Task Force (FATF), Malta’s laws on anti-money laundering are closely modeled on the 40 Recommendations and 9 Special Recommendations of the FATF.

The Act identifies what constitutes money laundering, establishes the Financial Intelligence Analysis Unit (FIAU) and the means by which the FIAU, the Police and the Attorney General may proceed against a person suspected of being involved in Money Laundering. In November 2011, the FIAU issued procedures which must be adopted by banks to ensure compliance with Anti-Money Laundering Implementation.

Scope of Maltese Anti-Money Laundering Legislation

Under Maltese law, any legal or natural person that is carried out ‘relevant financial business or activity’ is deemed to subject to the Prevention of Money Laundering Act. Since the Maltese Act identifies the opening or management of bank, savings or securities accounts as a relevant activity, inevitably, financial institutions such as bank or e-money institutions fall within the scope of the Act. This includes also any activities carried out by branches of foreign banks in Malta.

Maltese legislation states that banks are deemed to be criminally responsibility when they knowledgably permit the following acts to take place:

i.        Conversion or transfer of property where this is derived directly or indirectly from, or the proceeds of, criminal activity or from an act or acts of participation in criminal activity, for the purpose of or purposes of concealing or disguising the origin of the property or of assisting any person or persons involved or concerned in criminal activity;

ii.        concealment or disguise of the true nature, source, location, disposition, movement, rights with respect of, in or over, or ownership of property, knowing that such property is derived directly or indirectly from criminal activity or from an act or acts of participation in criminal activity;

iii.        acquisition of property knowing that the same was derived or originated directly or indirectly from criminal activity or from an act or acts of participation in criminal activity;

iv.        retention without reasonable excuse of property knowing that the same was derived or originated directly or indirectly from criminal activity or from an act or acts of participation in criminal activity;

v.        Attempting the aforementioned four activities;

vi.        Being an accomplice in the aforementioned five activities.

Anti-Money Laundering measures by banks

Maltese law prohibits banks from carrying out transactions that are suspected or known to be related to money laundering prior to informing the FIAU.[2] In practice, there are situations where the FIAU does not oppose the execution of the transaction. When opposed, banks may proceed with the execution of the transaction only upon the lapse of a twenty-four hour period and provided that no order has been issued by a competent court that would preclude such a transaction. 

Maltese legislation foresees also the possibility that a transaction suspected of being related to money laundering is still carried out. This is allowed only if the delaying of the action is impossible because of the nature of the transaction or because a delay of the action may frustrate investigation efforts of the suspected money laundering operations.[3]

When doing business, banks and their branches or subsidiaries must follow the following procedures:

a.    Ascertainment of the customer’s identity

At the initial stages of a client’s relationship with the bank, the latter is responsible for carrying out customer due diligence procedures which allows it to acquaint itself with the client. To achieve this, all banks are required to have adequate policies, practices and procedures, which include strict Know-Your-Customers (KYC) rules. Banks in Malta must, in this respect, follow the Prevention of Money Laundering and Financing of Terrorism Guidance Notes issued by the Institute of Financial Services Practitioners and endorsed by the FIAU.

The aim of KYC procedures is to allow banks to be in a position to determine who the client is and to verify whether the prospective client is the person he purports to be. The timing of the KYC procedures depends on the nature of the activity that will be carried out. In the case of business which is deemed low-risk, the business relationship may be established prior to the completion of verification procedures.[4]

In certain instances, Maltese law provides that simplified due diligence is adequate for the above purposes[5]. At the opposite end of the spectrum, banks may be obliged to apply enhanced due diligence on a risk-sensitive basis. Additional measures are necessary:

      i.        when the applicant was not physically present for identification;

     ii.        in cross-border correspondent banking relationships;

    iii.        in relation to business relationships or occasional transactions with a politically exposed person residing outside Malta[6]

Complementing internal due diligence procedures, banks must establish customer acceptance policies in accordance with which a bank may determine whether a prospective customer falls within the risk parameters. Should a prospective client be unable to provide the necessary documentation for compliance with the KYC procedures, the banks may:

i.    not continue to carry out transactions through accounts or funds held by their institutions;

ii.   not carry out occasional transactions;

iii.  must terminate the business relationship with the customer;

One must also note that under Malta’s PLMFTR Regulations prohibit individuals or companies from keeping anonymous accounts or accounts in fictitious names.[7]

b.   Establishment of purpose of business relationship

Banks in Malta are also required to obtain information on the purpose and the intended nature of the business relationship, with a view to giving the bank sufficient clarity on the business profile of the prospective customer. This process is not required where the applicant for business is merely seeking to carry out an occasional transaction.

Information that is required includes the:

      i.        nature and details of the business;

     ii.        source of wealth;

    iii.        expected source of funds to be used in the relationship;

    iv.        anticipated level and nature of the activity to be undertaken through the relationship;

     v.        copies of recent and current financial statements, where applicable.


c.     Identification of the Ultimate Beneficial Owner

Within the context of body corporates, trusts or other similar arrangements, banks are also responsible for identifying the ultimate beneficial owner. This must be a natural person who is the ultimate owner of the assets that are related to the business being carried out by the bank. An exception applies in the case of trusts as regulated by Malta’s Trusts and Trustees Act. In this case, the ultimate beneficial owner must be identified in the following three circumstances:

i.      When a beneficiaries have been determined, a natural person(s) who is the beneficiary of at least 25% of the property of the legal entity or arrangement;

ii.     When beneficiaries have not been yet determined, the class of persons in whose main interest the legal entity or arrangement is set up or operates;

iii.    A natural person(s) who controls at least 25% of the property of the legal entity or arrangement.


In the case of trusts, banks must verity the existence of the trust as well as the identity of the trustee and the protector. Typically, this information is obtainable from the trust deed itself.


d.    Client Account Monitoring

In addition to providing information about the client, this information is aimed at putting banks in a position to be able to monitor the business relationship of the customer with a view to identifying any unusual transactions that may involve money laundering.

In the case of accounts that are deemed to pose high-risk, banks must carry out a review of the relationship at intervals that do not exceed eighteen months, unless more regular reviews are not necessitated by any suspect transactions.

Under Maltese legislation, banks are required to examine to the largest extent possible any complex or large transactions which have no apparent, economic or visible lawful purpose and which are likely, by their nature, to be related to money laundering.[8] This examination must be carried out through an analysis of the background and purpose of the transactions, as well as the establishment of their findings in writing.  In the event that the findings indicate a potential money-laundering transaction, the banks must file a report with the FIAU.

e.     Risk Management

The PMLFTR regulation obliges banks to establish procedures on risk assessment and risk management that are appropriate to prevent employees from carrying out operations that may be related to money laundering. Whilst there is no established set of risk categories, Malta IFSP recommends that banks assess customer, product, interface and geographical risk. Maltese legislation also foresees the adoption by banks of a risk-based approach. This is, however, not mandatory, and thus it is at the discretion of the banks whether to direct their resources proportionately in accordance the extent of the money laundering risk posed.

After having set the said procedures, bank must keep them updated, in writing and available for an inspection carried out by the FIAU or the relevant supervisory authority acting on its behalf.

f.      Record-keeping procedures

Maltese regulations oblige banks to retain records, such as documentation and information, for use in an investigation by the FIAU. The records, which typically include documents collected as part of the KYC procedure and the history of the client’s transactions, must be kept for at least five years.

g.    Reporting procedures and obligations

In virtue of the PMLFTR, a bank is required to appoint a Money Laundering Reporting Officer (MLRO) from amongst employees which are in official appointment and of sufficient seniority and command. 

The central role of the MLRO is to act as a contact point to whom a report is to be made by the other employees of any information or other matter which gives rise to a knowledge or suspicion that another person is engaged in money laundering or the funding of terrorism. After receiving a report, it rests with the MLRO to decide whether the report gives rise to knowledge or suspicion that another person is engaged in money laundering or the funding of terrorism. In taking such a decision the MLRO must rely on objective criteria which “extend beyond speculation as to whether an event has occurred or not[9].

It is essential to point out that when any officials or employees of the bank have a suspicion that money laundering is taking place, they are expressly prohibited from disclosing information to the person under investigation or any other third party,[10] unless such disclosure is expressly made permissible in the PMLFTR[11].

Banks must also set procedures for the reporting of suspicious activity, which, must ensure that any knowledge or suspicion of money-laundering activities must be reported as soon as it is reasonably practical provided that it is not later than five working days from when the suspicion first arose. Disclosures are carried out through a Suspicious Transaction Report. Investigations are subsequently carried out by the FIAU, and the MLRO is also required to submit an Annual Compliance Report.

h.     Awareness, training and vetting of employees

Banks, like other institutions subject the Anti-Money Laundering legislation in Malta, are required to ensure that employees are aware of their legal obligations and internal policies related to Anti-Money Laundering. The aim of such training is to ensure that employees are able to recognize and handle transactions carried out  by,  or  on  behalf  of,  any  person  who  may  have  been,  is,  or  appears  to be engaged in money laundering.[12]

Banks must also ensure that appropriate procedures are in place when hiring new employees. Typically this takes place by obtaining professional references, employment history and requesting a recent police conduct certificate.


Confidence in a bank’s ability to identify and prevent fraud is crucial in maintaining a good reputation with clients and prospective clients. Compliance with regulations is also essential from a legal point of view in that lax anti-money laundering procedures inevitably expose employees and corporate officers to fines of up to €2.3 million, imprisonment of up to 14 years, or both. As a defence, it must be proven that all reasonable steps were taken and that due diligence was exercised in avoiding the commission of the offence.

Equally, Maltese law exempts corporate officers such as directors, managers, secretaries or other similar officers, when the offence took place without their knowledge and whether it is proven that all due diligence measures to prevent the commission of the offence were put in place.


[1] Chapter 373 of the Laws of Malta

[2] Article 28 of the PMLA

[3] Regulation 15(7) of the PMLFTR

[4] Regulation 8(2) of the PMLFTR

[5] Regulation 10 of the PMLFTR

[6] Regulation 2 of the PMLTFR defines a Politically Exposed Person as a natural person, or his immediate family members, who is or has been entrusted with prominent public functions. One must note that whilst a distinction applies between PEPs residing locally, or otherwise, in terms of Regulation 7(9) all banks are required to identify all domestic and foreign PEPs as part of their customer acceptance process.

[7] Regulation 7(4) of the PMLFTR

[8] Regulation 15(1)

[9] JMLSG  Guidance  Chapter  6,  Paragraph  6.9  p.  121

[10] Regulation 16(1) of the PMLFTR

[11] Regulation 16(2) of the PMLFTR

[12] Regulation  4(1)(d)  and  (e)  of  the  PMLFTR



Request More Information

Please send me legal and other updates