Significant amendments include:
(a) The inclusion within the definition of suspiscion the situation where a person knows or suspects that the transaction (itself) now involves property that may have derived directly or indirectly from, or constitutes the proceeds of, criminal activity – this is discussed further below;
(b) Legal notice 464 of 2014 amending the PMLFTR also includes an amendment to the reporting obligation in Regulation 15 to clarify that this obligation also arises where the subject person has “reasonable grounds to suspect that the funds are the proceeds of criminal activity”, thereby addressing MONEYVAL’s concern that the reporting obligation as previously drafted applied only to “suspicions of money laundering” instead of to “proceeds of criminal offences” generally, and that this might limit the scope of the reporting obligation;
(c) Private Trustees appointed in terms of article 43A of the Trusts and Trustees Act (Cap. 331 of the Laws of Malta) are now no longer treated as subject persons for the purposes of Anti Money Laundering – Combating the Funding of Terrorism (“AML-CFT”) law;
(d) Natural persons who are enrolled as intermediaries acting on behalf of another intermediary are likewise excluded as subject persons;
(e) The core obligations of subject persons are no longer pegged to ensuring that they do not ‘form a business relationship or carry out an occasional transaction with an applicant for business unless that subject person’ fulfils the said core obligations but is now a mandatory obligation on subject persons to ‘ensure that it’ complies with such obligations;
(f) The obligation on subject persons to take appropriate measures from time to time to raise employee awareness in the subject person’s AML-CFT policies and procedures and the applicable provisions of the law, the obligation of training employees in the recognition and handling of suspect transactions, as well as the obligation to ensure that they have in place appropriate procedures for due diligence when hiring employees (under regulation 4(1)(d) and (e) and regulation 4(2)) have been decriminalised;
(g) The administrative offences that can be committed by bodies corporate have been broadened to refer to breaches not just of regulation 4 but of any regulations under the PMLFTR and while the minium administrative penalty has been reduced to EUR1,000 the maximum has been increased considerably from EUR5,000 to EUR46,500. The provision that stated that the penalty could be imposed without recourse to a court hearing and either as a daily cumulative penalty until compliance is achieved or as a one-off penalty was deleted from this provision (as was done in the various other regulations where a similar provision existed) and instead incorporated virtually unaltered in a separate ad hoc regulation (regulation 21).
(h) The reference to regulation 7(3) when dealing with identifying the Ultimate Beneficial Owner (“UBO”) has finally been deleted thereby dispelling any doubts there may have been that Customer Due Diligence (“CDD”) on the UBO was always required and not only when the applicant for business is acting as agent (or otherwise than as principal).
(i) The obligation to establish CDD policies and procedure on a risk-sensitive basis under regulation 7(9) is not restricted to situations of Politically Exposed Persons (“PEPs”) but has been extended to cover beneficial owners also and applies to situations where either of them may pose a higher risk of money laundering or funding of terrorism, including if one of them is a PEP. The reference to PEPs is now only by way of example/illustration of the provision that has a broader application;
(j) The exemption from the obligation to apply CDD measures in respect of certain applicants for business who are legal persons and represent a low risk of money laundering or funding of terrorism in accordance with regulation 8(2) has been deleted;
(k) The position for captive insurance companies has finally been clarified with a detailed provision regulating the CDD obligations that subject persons carrying on ‘affiliated insurance business’ have (new regulation 10(4));
(l) Certain long-overdue typographical errors have been corrected throughout the Regulations (e.g. the reference to relevant financial ‘activity’ has now been correctly substituted with ‘relevant financial business’ and the erroneous reference to ‘corresponding banking relationship’ has been substituted with ‘correspondent banking relationship’);
(m) The penalty for breaching any of the provisions referred to in regulation 15 (which deals with the obligation to report suspicious transactions) has also been increased from a minimum of €250 and a maximum of €2,500 (which was probably not a sufficient disincentive to be effective, in practice) to a minimum of €1,000 and a maximum of €46,500 in respect of every separate contravention;
(n) The so-called ‘tipping off’ offence has been clarified to apply also to a situation where it is the Financial Intelligence Analysis Unit (“FIAU”) that demands information;
(o) Certain important exemptions from the crime of ‘tipping off’ have been added in order to cater for situations where a subject person is ‘constrained’ by circumstances to disclose to a competent court, tribunal or other judicial authority (in or outside Malta) – including disclosures made in any written pleadings or submissions – or to a supervisory authority or professional body exercising supervision or regulatory oversight over that subject person, that the subject person refrained from carrying out a transaction as required by the proviso to article 28(1) of the Prevention of Money Laundering Act (“PMLA”), or that the execution of a transaction had been suspended by the FIAU in accordance with article 28 of the PMLA. The idea behind these provisions is to assist subject persons who may have legal proceedings (or professional conduct complaints) instituted or filed against them as a result of their failure to execute a particular transaction and the previous dilemma they would invariably find themselves in as to whether or not they are at liberty to disclose the reasons for having failed to execute the transaction without breaching the ‘tipping off’ prohibition.
(p) The administrative penalty for any subject person failing to comply with the provisions of any procedures and guidance established in accordance with regulation 17(1) have been increased from a minimum of €250 and a maximum of €2500 (and a possible daily cumulative penalty not in excess of €12,500) to a minimum of €1,000 and a maximum of €46,500 in respect of every separate failuire to comply with such provisions;
(q) A new power has been given to the FIAU to enable it, in certain circumstances, to terminate a business relationship established by a subject person. According to the new regulation 18, where the FIAU knows or has reasonable grounds to suspect that, in connection with a business relationship established by a subject person, money laundering or funding of terrorism is taking place, has taken place or has been attempted, or that such business relationship could increase the risk of money laundering or funding of terrorism, the FIAU may, where the circumstances so warrant, require such subject person to terminate that business relationship within a stipulated period of time.
(r) Furthermore, in terms of a new regulation 19, in fulfillment of its supervisory functions under the Act, the FIAU may require subject persons to submit periodical reports on the internal policies and procedures they maintain and apply pursuant to regulation 4 and any other information or documents as the FIAU may consider necessary;
(s) The new regulations cater for the possibility of electronic submission of information in a new regulation 20 that provides that “Where a subject person is required to provide information to the Financial Intelligence Analysis Unit under the Act, these regulations and any implementing procedures issued thereunder, the Financial Intelligence Analysis Unit may demand that the information is produced electronically and may establish the format within which the information is to be provided”;
(t) The regulation on enhanced CDD has been clarifed to explain that it applies in addition to the due diligence measures referred to in regulation 7;
(u) Finally, insofar as the administrative penalties are concerned, the various references to the method of imposition of such penalties have been deleted in the Regulations and, instead, a new regulation 21 has been introduced that deals with this matter and leaves the principles substantially unaltered. According to regulation 21, administrative penalties under these Regulations shall be imposed by the FIAU without recourse to a court hearing and may be imposed either as a one-time fixed penalty or as a daily cumulative penalty, or both: provided that administrative penalties imposed on a daily cumulative basis shall not be less than €250 and the accumulated penalty shall not exceed €46,500.
(v) Reprimands in writing: a new regulation 21(4) provides that notwithstanding any provision imposing an administrative penalty under these regulations, the FIAU may, where the circumstances so warrant, issue a reprimand in writing instead of an administrative penalty;
(w) In terms of regulation 21, any subject person who fails to comply with any lawful requirement, order or directive issued by the FIAU under these regulations or the Act shall be liable to an administrative penalty of not less than €1,000 and not more than €46,500 in respect of every separate failure to comply with such lawful requirement, order or directive. Furthermore, unless otherwise specifically provided for under any other regulation, a subject person who contravenes any provision of these regulations shall be liable to an administrative penalty of not less than €1,000 and not more than €46,500 in respect of every separate contravention.
With regard to the new focus on ‘proceeds of crime’ both in the definition of ‘suspicion’ as well as in the standard for filing a Suspicious Transaction Report (“STR”), it is worth noting that the old 2003 Financial Action Task Force (“FATF”) recommendation 13 (2012 Recommendation 20) required that “If a financial institution suspects or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing, it should be required, by law, to report promptly its suspicions to the financial intelligence unit (FIU)” with the emphasis being on the funds of the transaction constituting the proceeds of criminal activity rather than in the money laundering process being carried out. Indeed the MONEYVAL Report on Fourth Assessment Visit on Malta of 6 March 2012 remarked that “the reporting obligation under PMLFTR does not refer to funds that are proceeds of criminal opffenses, but transactions that may be related to ML or FT, or persons that may have been or may be connected with ML or FT…However, the referral in the legal text to ‘suspicions of money laundering’ instead of ‘proceeds of criminal offences’ (as worded by FATF standard) might limit the scope of the reporting obligations and set a higher standard for subject persons, restricting their reporting activity.” (although the Report does not say how this may occur).
This amendment essentially aligns the Regulations with the FATF Recommendation and, in practice (one could say), lowers the reporting threshold (or broadens the obligation to report) by referring to whether or not the funds are the proceeds of crime and no longer specifically to whether or not a person was or is or may have been involved in money laundering or the funding of terrorism.
It is useful to note that consequent to the broadening of the interpretation of ‘suspicion’, the following changes have also been introduced to the PMLFTR;
(i) whilst the duties in relation to the carrying out of due diligence in terms of Regulation 7 have remained to a large extent unchanged, the duties of a subject person under Regulation 4(e) – that is to ensure that it takes appropriate measures for the purpose of providing employees with training in the recognition and handling of transactions – has now, in line with the amendment to the interpretation of ‘suspicion’, been extended to include training in the recognition and handling of transactions which may be related to proceeds of criminal activity;
(ii) a subject person’s internal reporting procedures need also be revised to reflect the change in the interpretation of ‘suspicion’, in the sense that:
(1) a report is now also to be made to the reporting officer of any information or other matter which gives rise to knowledge or suspicion that a transaction may be related to proceeds of criminal activity in terms of Regulation 15(4)(a);
(2) said reporting officer, when considering said report now also needs to view it in terms of the wider interpretation of ‘suspicion’ in terms of Regulation 15(4)(b) and
(3) an inclusion must be made to procedures whereby knowledge or suspicion that a transaction may be related to proceeds of criminal activity needs to be reported in terms of clause (iii) below, in terms of Regulation 15(4)(d);
(iii) periodical reporting in terms of Regulation 15(6) now also requires a subject person who knows or suspects or has reasonable grounds to suspect that funds are the proceeds of criminal activity, to disclose said information to the FIAU, as soon as is reasonably practicable, but not later than 5 working days from when the knowledge or suspicion arises;
(iv) it follows that subject persons shall now also refrain from carrying out a transaction that is known or suspected to be related to proceeds of criminal activity until they have informed the FIAU in terms of the regulations in terms of Regulation 15(7);
(v) also, in terms of Regulation 15(9), a supervisory authority is now also bound to disclose facts or information to the FIAU as soon as is reasonably practicable but not later than 5 working days from when facts arise;
(vi) lastly, whenever a report is made (whether internally or to the FIAU) that funds are the proceeds of criminal activity, subject persons (as well as any investigating, prosecuting, judicial or administrative authority) must protect and keep confidential the identity of persons and employees who report such suspicions in terms of Regulation 15(14).