PMLFTR Notes

Terms as defined under Articles 1 and 2:

Term Definition
Act The Prevention of Money Laundering Act
Any natural person(s) who ultimately owns or controls a customer, or on whose
behalf a transaction is conducted. Includes criteria for various entities like body
Beneficial Owner corporates, trusts, legal entities, and their control mechanisms.
A professional or commercial relationship between two or more persons, at
least one of whom is engaged in relevant financial business or activity, with an
Business Relationship element of duration.
Premises where gaming services are provided to the public, as defined in the
Casino Gaming Act.
Collective Investment Defined in the Investment Services Act, referring to investment schemes and
Scheme their units.
Company Defined as per the Companies Act.
Correspondent Relationship between banks providing services to each other or equivalent
Relationship relationships in financial activities.
Criminal Activity Defined in the Act, relating to illegal activities.
A legal or natural person seeking or having a business relationship or
Customer occasional transaction with a relevant financial business or activity.
Money stored electronically, excluding certain specific types of stored value and
Electronic Money payments.
Financial Intelligence
Analysis Unit A designated unit dealing with financial intelligence, as defined in the Act.
Funding of Terrorism Conduct specified in the Criminal Code related to financing terrorism.
Gaming Licensee A person licensed to provide gaming services.
Gaming Service Provision of licensed games of chance as per the Gaming Act.
Group Defined as per the Companies Act.
Long-Term Insurance
Business Business activities defined in the Insurance Business Act.
Refers to the board of directors or an equivalent authority within an
Management Body organization.
Money Laundering Illegal processes of handling money obtained from criminal activities.
Non-Reputable A jurisdiction with deficiencies in its anti-money laundering measures as per
Jurisdiction internationally accepted standards.
Occasional A transaction carried out without a business relationship, meeting specific
Transaction criteria involving various monetary values or specific actions.
Politically Exposed Individuals entrusted with significant public functions, subject to specific roles
Persons and orders issued by the Act.
Professional activities of specific legal or natural persons mentioned in the
Relevant Activity regulations.
Relevant Financial Various financial activities defined under different Acts, including banking,
Business insurance, investment services, etc.
Senior Management Individuals with knowledge of money laundering risks and authority to make
 Term Definition
decisions affecting the risk exposure of an organization.
An institution carrying out financial activities without physical presence in a
Shell Institution jurisdiction and not affiliated with a regulated financial group.
Subject Person Any legal or natural person involved in relevant financial business or activity.
Various entities or boards responsible for supervising compliance with anti-
Supervisory Authority money laundering measures.
Terrorism Defined as per the Criminal Code regarding acts of terrorism.
Trust and Company A person or entity providing fiduciary services or acting as a company service
Service Provider provider, regulated under specific Acts.
VFA Virtual Financial Assets as defined in the Virtual Financial Assets Act.
Original and unique tangible objects, meeting specific criteria for artistic value,
including various forms of artistic expression like paintings, sculptures,
Work of Art photographs, etc.
Article 2(2) Extension of Regulations to Professions and Undertakings:
 These regulations can be extended beyond the initially specified professions and categories of
undertakings.
 If activities from other professions or undertakings are identified as particularly prone to
being used for money laundering or terrorism funding, these regulations will apply fully or
partially based on the extension outlined in the Act.
 The Financial Intelligence Analysis Unit is mandated to notify the European Commission
about any such extensions.
Article 2(3) Central Contact Point Requirement for Entities from Other Member States:
 Entities involved in issuing electronic money or offering payment services, having their
headquarters in another Member State but established in Malta (in forms other than branches),
might be required by the Financial Intelligence Analysis Unit and relevant supervisory
authorities to appoint a central contact point in Malta.
 The purpose of this appointment is to ensure compliance with these regulations on behalf of
the entity, facilitating monitoring and providing requested information and documents to the
Financial Intelligence Analysis Unit and supervisory authorities.
Article 2(4) Application of Regulations to Online or Electronic Activities:
 These regulations are applicable when any relevant financial business or relevant activity, as
defined within the regulation, is conducted through the internet or other electronic means.
Article 2(5) Cooperation with European Supervisory Authorities:
 The Financial Intelligence Analysis Unit is mandated to collaborate with the European
Supervisory Authorities for the purposes outlined in Directive (EU) 2015/849.
 It is required to furnish the European Supervisory Authorities with necessary information to
fulfill their responsibilities under Directive (EU) 2015/849 and under specific regulations
(Regulation (EU) No 1093/2010, Regulation (EU) No 1094/2010, and Regulation (EU) No
1095/2010).
Article 3: Exceptions for Specific Gaming Services
  Following risk assessment, the FIAU, in agreement with supervisory authorities, can exempt
specific gaming services if they pose a proven low risk of money laundering or terrorism
funding.
 If the risk level changes, the exemption can be revoked and communicated to the European
Commission.
 Exceptions don't apply to casinos or electronic forms of casino-type games.
Article 4: Exclusion of Subject Persons on Occasional or Limited Basis
 The FIAU can exempt legal or natural persons involved in financial activities on an
occasional or very limited basis with minimal risk of money laundering or terrorism funding,
subject to specific criteria.
 This includes financial activity turnover, transaction values, activity percentage in total
turnover, direct relation to the main activity, and restricted customer access.
 The FIAU considers specific financial activities inherently prone to money laundering or
terrorism funding regardless of meeting low-risk criteria.
Article 5: Risk Assessment and Subject Person Obligations
 Subject persons must assess and manage risks related to money laundering and terrorism
funding inherent in their business activities.
 They should implement appropriate measures, policies, controls, and procedures in proportion
to their business's nature and size, including customer due diligence, employee training, risk
management, and internal controls.
 Monitoring and regular reviews of risk assessments are mandated and must be documented
and available upon request.
Article 6: Group-Wide Policies and Procedures

 (1) Implementation of Group-Wide Policies:

 Subject persons within a group must establish comprehensive group-wide policies
and procedures.
 These must include measures from regulation 5(5) alongside data protection policies
and protocols for sharing information within the group.
 These policies should effectively operate across branches and majority-owned
subsidiaries in both Member States and third countries.
 A subject person disclosing information as per regulation 15(3) to the Financial
Intelligence Analysis Unit is obligated to share this disclosed information within the
group for preventing and detecting money laundering and terrorism funding unless
instructed otherwise.
 (2) Compliance of Branches and Subsidiaries in Other Member States: Subject persons
with branches or majority-owned subsidiaries in other Member States must ensure
compliance with the national provisions of that Member State, aligning with the provisions of
Directive (EU) 2015/849.
 (3) Implementation of Regulations in Third Countries: Subject persons with branches or
majority-owned subsidiaries in third countries with less stringent anti-money laundering and
counter-terrorism funding measures must ensure these entities implement the provisions of
these regulations, as far as the third country's legislation allows.
 (4) Additional Measures for Non-Compliant Third Country Legislation:
  If the legislation of third countries doesn't permit implementation of policies and
procedures as in (1), subject persons must ensure these branches and subsidiaries
apply extra measures to handle the risk effectively.
 They need to immediately inform the Financial Intelligence Analysis Unit and, if
necessary, the Unit can exercise supervisory actions, even requiring the cessation of
business relationships or operations in that third country.
 (5) Reporting and Cooperation by the Financial Intelligence Analysis Unit: If information
under (4) is obtained, the Financial Intelligence Analysis Unit will inform relevant
supervisory authorities, other Member States' supervisory authorities, and the European
Supervisory Authorities. It will cooperate and coordinate actions with them as needed.
 (6) Compliance with Regulatory Standards: Subject persons conducting relevant financial
business must adhere to regulatory technical standards developed by the European
Supervisory Authorities in line with Directive (EU) 2015/849, setting out minimum actions to
be taken.

Article 7: CDD

 (1) Customer Due Diligence Measures:

 Identification and Verification of Customers: Identification of the customer and
verification of their identity based on reliable and independent sources, including
electronic identification means approved by the Financial Intelligence Analysis Unit.
For legal entities, verification of legal status and identification of directors or
individuals managing the entity is mandatory.
 Beneficial Owner Identification: Subject persons must identify beneficial owners and
understand the ownership/control structure for corporate entities, trusts, etc., and
verify their identity where applicable.
 Purpose and Business Nature Assessment: Assessment of the intended nature of the
business relationship, understanding the customer's business and risk profile.
 Ongoing Monitoring: Continuous monitoring of transactions to ensure consistency
with the known customer profile and updating of held information.

 (2) Ongoing Monitoring Scope:

 Monitoring transaction consistency with customer knowledge and updating
information held by the subject person.
 For VFA (Virtual Financial Assets) agent services, ongoing monitoring focuses on
information updates.

 (3) Third-Party Representatives: Verification that individuals acting on behalf of customers

are duly authorized in writing and their identity is verified.

 (4) Prohibition on Anonymous Accounts: Subject persons are forbidden from keeping
anonymous accounts or fictitious names for accounts or safe-deposit boxes.

 (5) Mandated Due Diligence Measures: Applied when establishing a business relationship,
conducting occasional transactions, or when suspicions of criminal activity arise, irrespective
of any exemption or threshold.

 (6) Triggering Circumstances for Due Diligence Measures: Applies when the subject
person becomes aware of changes in the business relationship or when there's a legal duty to
update beneficial owner information.
  (7) Repeated Due Diligence Measures: Repeats due diligence measures when doubts arise
about previously obtained customer identification information.

 (8) Risk-based Due Diligence: Extent of due diligence measures aligned with the risks
identified through risk assessments, varying case by case.

 (9) Insurance Business Specific Due Diligence: Long-term insurance businesses must
perform specific due diligence measures on beneficiaries when issuing policies and during
payouts, including:
 Named Beneficiaries: If beneficiaries are explicitly named natural persons,
legal entities, or arrangements:
 Identification: Subject persons must identify these beneficiaries.
 General Designated Beneficiaries:
 Information Gathering: For beneficiaries designated by characteristics,
class, or other means, subject persons should collect enough information to
be able to identify them at the time of payout.
 Beneficiaries' Rights Assignment: If beneficiaries assign their rights under
the policy:
 Identity Verification: Subject persons must identify the natural persons,
legal entities, or arrangements receiving the policy's assigned value.
 Verification at Payout: Verification of beneficiary identities at the time of
payout

 (10) Offense for False Declaration: Making false declarations or providing false
documentation for due diligence purposes is an offense with associated penalties.

 (11) Compliance with EU Regulation 2015/847: Subject persons dealing with fund
transfers must comply with the EU Regulation on information accompanying fund
transfers.

 7A. (1) Exemption Criteria for Electronic Money Issuers: Specific criteria for
exempting electronic money issuers from customer due diligence measures based on low
risk, involving various transaction limits and restrictions.

 7A(2) Simplified Due Diligence Measures: Subject persons issuing electronic money
can apply simplified due diligence measures even without exemption if low risk is
identified.

 7A(3) Acceptance of Anonymous Prepaid Instruments: Subject persons acquiring

payment transactions can only accept payments via anonymous prepaid instruments from
other Member States or third countries if they adhere to equivalent criteria as per
regulation (1).

 7A(4) Definitions: Clarifies terms like "acquiring of payment transactions," "payment

transaction," and "remote payment transaction" within this regulation's context.
Article 8: Verification of Identity and Beneficial Owners
  Identity Verification: Subject persons must verify the identity of customers and, where
applicable, the beneficial owner before establishing a business relationship or conducting
occasional transactions.

 Flexibility in Verification Timing: Verification may occur after business relationship initiation
if it doesn't pose high money laundering or terrorism funding risks. Must be completed
promptly after relationship establishment.

 Account Opening and Verification Procedures: Subject persons may open accounts if
verification is pending but must prevent transactions until verification's completion.

 Beneficiaries of Trusts and Legal Entities: Identification and verification of beneficiaries

before relationship establishment or occasional transactions are necessary. Sufficient
information should be gathered beforehand for future identification.

 Non-Compliance with Identity Verification: If unable to comply with verification, subject

persons should not proceed with transactions or relationship establishment. Disclosures to the
Financial Intelligence Analysis Unit might be necessary.

 Funds Return or Termination: In case of non-establishment of relationships due to non-

verification, returning funds to the source is encouraged, unless prohibited by law.
Article 9: Customer Due Diligence for Casino and Gaming Licensees

 Transaction Threshold for Customer Due Diligence: Casino and gaming licensees must apply
customer due diligence for transactions equal to or exceeding €2,000, regardless of the
context.

 Identification Requirements: Satisfactory identification required before casino entry. Identity

verification is essential for transactions exceeding the threshold, ensuring alignment between
chip exchanges and cash transactions.

 Aggregate Transactions: Transactions below the threshold but aggregating to €2,000 or more
must still undergo verification.
Article 10: Simplified Customer Due Diligence

 Conditions for Simplified Customer Due Diligence: Applicable for low-risk activities or
services or where subject persons determine low risks based on their risk assessments.

 Limitations and Monitoring: Simplified due diligence doesn't exempt all measures but allows
tailoring based on identified low risk, ensuring ongoing monitoring.
Article 11: Enhanced Customer Due Diligence

 High-Risk Situations: Enhanced due diligence required for high-risk activities or when
determined necessary by risk assessments, especially for correspondent relationships.

 Correspondent Relationships: Stringent procedures for correspondent relationships from non-

Member States, including assessments, approvals, and monitoring. Restrictions regarding
shell institutions.

 Politically Exposed Persons (PEPs): Rigorous scrutiny for PEPs and their associates,
necessitating source verification and enhanced monitoring.
  Unusual Transactions and Non-Reputable Jurisdictions: Subject persons mandated to examine
and report on complex, large, or suspicious transactions. Specific measures for transactions
involving non-reputable jurisdictions.

 Regulatory Measures: Authorities empowered to implement measures like refusing

establishment or applying external audit requirements in jurisdictions posing high risks.
Article 12: Reliance on Another Subject Person or Third Party
 Reliance Responsibility: Subject persons can rely on another subject or third party for
customer due diligence, but the relying entity is ultimately responsible for compliance.
 Definition of Third Party: Specifies criteria for third parties—consistent application of due
diligence, compliance monitoring, limitations on jurisdictions considered high risk.
Article 13: Record Keeping Procedures
 Retention Requirements: Mandates subject persons to retain various documents and
information, including customer due diligence, transaction records, disclosures made, internal
reports, etc., for up to five years, extendable to ten years if justified.
 Access to Records: Subject persons must provide access to these records upon request by
authorities for investigative purposes.
Article 14: Statistical Data
 Data Collection: Requires the Financial Intelligence Analysis Unit to maintain
comprehensive statistical data related to money laundering and terrorism financing activities.
 Types of Data: Specifies the data to be collected, including sectors under obligations,
suspicious transaction reports, exchange of information, human and technological resources,
compliance examinations, etc.
 Annual Publication: Mandates annual publication of consolidated reviews of this statistical
data.
Article 15: Reporting Procedures and Obligations

 Reporting Procedures:

 Designated Reporting Officer: Subject persons are required to appoint a senior officer as
the reporting officer responsible for receiving and evaluating reports of suspicious
activities related to money laundering or funding of terrorism.
 Internal Reporting: Employees or officers of subject persons are obliged to report any
information or matter that may indicate funds are proceeds of criminal activity or
connected to terrorism financing to the designated reporting officer.
 Access to Information: The reporting officer or designated employee must have
unrestricted access to all relevant information held by the subject person.

 Obligations:

 Disclosure to Financial Intelligence Analysis Unit (FIAU): If the reporting officer or

designated employee determines a suspicion of money laundering or terrorism financing,
a report must promptly be submitted to the FIAU.
  Notification to Authorities: Subject persons must notify both the FIAU and relevant
supervisory authorities about the appointed reporting officer and any changes to this
appointment.
 Restrictions on Transactions: If suspicions arise, subject persons should refrain from
executing transactions linked to suspected criminal activity until reported to the FIAU.
 Documentation and Records: All determinations and reports made internally should be
documented and recorded, including the reasons for not reporting a suspicion to the FIAU
if such a determination is made.

 Supervisory Authority Reporting:

 Internal Procedures: Supervisory authorities overseeing subject persons should maintain

their reporting procedures consistent with those outlined for subject persons.
 Filing Reports: If supervisory authorities obtain information related to suspected money
laundering or terrorism financing, they should promptly disclose this information,
supported by available documentation, to the FIAU.
 Compliance with FIAU Requests: Subject persons and supervisory authorities must
comply with requests from the FIAU for information related to suspected illegal
activities, ensuring timely responses within a reasonable timeframe.
Article 15A: Protection when Reporting Suspicions
 Confidentiality: Emphasizes the need to keep confidential the identity of individuals
reporting suspicions of money laundering or funding of terrorism.
 Protection Against Detrimental Action: Protects individuals from any detrimental action
resulting from making such reports, allowing for legal recourse if reprisals occur.
 Judicial Protections: Outlines the process for individuals to seek legal remedies if they face
detrimental action for reporting suspicions.
 Definition of Detrimental Action: Clearly defines what constitutes detrimental action in this
context, covering various adverse scenarios.
Active Notes on Article 16:
Offense of Unauthorized Disclosure:
 Disclosure of information related to demands by Financial Intelligence Analysis Unit (FIAU)
or ongoing investigations, except as provided for in this regulation, is an offense.
 Violation punishable by a fine up to €115,000 or imprisonment for a maximum of two years,
or both.
Exceptions to Offense (No Liability):
 Disclosures to relevant supervisory authorities or law enforcement agencies as per applicable
law.
 Exchanges between subject persons undertaking similar financial business or activities,
sharing group-wide policies.
 Disclosures among subject persons or equivalent entities in Member States or third countries,
operating within the same structure, sharing ownership or management.
  Disclosures between subject persons or similar entities, sharing the same professional
category and in cases related to the same customer and transaction.
 Disclosures made in court proceedings regarding the failure or delay in carrying out a
transaction.
 Disclosures to supervisory authorities or professional bodies in response to inquiries about
failure to execute a transaction.
 Disclosures in proceedings instituted under regulation 15A.
Additional Clauses:
 A subject person dissuading a client from engaging in illegal activities doesn't constitute an
offense.
 Data subject rights can be partially or completely restricted if necessary for a subject person
to comply with obligations.
Article 17: Implementing Procedures: FIAU, with supervisory authority agreement, can issue
binding procedures and guidance for these regulations' implementation.
Article 18: Power to Terminate Business Relationship: FIAU, suspecting money laundering or
terrorism financing in a business relationship, can demand a subject person to terminate it within a
specified timeframe.
Article 19: Periodical Reporting: FIAU, in its supervisory functions, can demand subject persons to
submit periodical reports on measures, procedures, and any other necessary information.
Article 20: Format of Information: FIAU can demand subject persons to produce information
electronically and set the required format.
Article 21: Penalties:
 Administrative penalties imposed by FIAU for non-compliance can range from €1,000 to
€46,500 per separate failure or contravention.
 Penalties imposed should be effective, proportionate, and dissuasive.
 The Board of Governors establishes policies and procedures for imposing administrative
penalties.
 Specific penalties for minor, serious, repeated, or systematic contraventions.
 Subject persons' directors or officers contributing to contraventions may face penalties
individually or be recommended for suspension.