Have you come to grips with the FIAU’s revised AML/CFT Implementing Procedures?

Risk news alert

The revised implementing procedures provide important updates and guidance on eight important spheres of regulation

Delivering the Risk Reduction Measures Package

The FIAU revises its AML/CFT Implementing Procedures

The FIAU published much-awaited updates to its implementing procedures on 18 October 2021, bringing into force several guidelines that had been submitted for consultation earlier this year.

The updates to the implementing procedures target eight key areas of the guidelines, including providing clarity on the degree of identification and verification required for beneficial owners in certain situations, and on designated agents. Several important updates have been provided around the role of the Money Laundering Reporting Officer, whilst specific attention has been dedicated to managing adverse media.

Key areas you should be looking into

The updates to the implementing procedures have introduced updates in the following eight key areas:

Get news faster

Being at the forefront of decision making for your business strategy and professional interests means you need access to the very latest news and resources.

Subscribe to receive news by email
Subject matter

Adverse media


Subject persons are expected to apply a risk-based approach when assessing adverse media findings in respect of their customers and their related parties, particularly where it relates to financial crime. Guidance is also provided around managing clients that have been the subject of supervisory or regulatory action.

Beneficial ownership
and (iv)

Further clarity has been provided on the level of identification and verification required on beneficial owners in certain situations, including when shares in a corporate customer are held in a trust, and when the customer is a state-owned enterprise (the latter on the basis of guidelines issued by the European Banking Authority).



The FIAU also provides clarity around CDD requirements for agents acting on behalf of customers, including updates on identification and verification requirements for corporate entities and corporate service providers.

Transaction monitoring

Subject persons that are mandated to manage discretionary portfolios on behalf of their customers (e.g. collective investment schemes or retirement schemes) are not required to monitor the transactions they themselves are initiating, so that monitoring is only required where customer funds held in a portfolio are increased and in specific instances where customers request to withdraw their funds.

Ongoing monitoring


Importance is given to the application of simplified due diligence (SDD) and the ongoing monitoring required to continue classifying a relationship as low risk. Direction is also provided on the conditions for applying SDD on collective investment schemes or nominee or omnibus security accounts.


5.1 and 5.2

Important changes have been made to the function of the MLRO, including establishing that both executive and non-executive directors may be considered for the appointment of MLRO; non-executive directors were previously prohibited from accepting the role. Guidelines are also provided on cases where the MLRO is not located in Malta, and on aspects of impartiality, independence, time commitment and management of conflicts of interest.

Jurisdictional risk assessment


Additional guidance is provided around the determination of high-risk jurisdictions, as well as outlining the qualitative and quantitative factors that should be considered when carrying out a jurisdictional risk assessment.

Fund administrators servicing collective investment schemes

The FIAU provides direction on how AML/CFT record keeping obligations are to be fulfilled where there is a change in the fund administrator servicing a collective investment scheme and where the MLRO and AML/CFT obligations have been outsourced.


How can Deloitte help?

AML/CFT readiness assessment.

Completion of a current state assessment and formulation of an action plan for achieving full compliance with the revised FIAU Implementing Procedures.

Business risk assessment.

Support in the design, documentation and implementation of key AML/CFT and sanctions risk indicators within the organisation, which includes the usage of data analytic tools to support in the ongoing monitoring of risks.

Drafting of policies and procedures.

Assistance in the drafting of the full suite of policies and procedures using our in-house checklist tailored to your business.

Bespoke training and seminars.

Provision of training by Deloitte specialists, including Board and executive training and differentiated learning modules for customer facing and back-office employees.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?