MFSA publishes a Guidance for MLROs in the Financial Services Sector

The Malta Financial Services Authority (the “MFSA”) has published a guidance note entitled: “A Guidance for Money Laundering Reporting Officers in the Financial Services Sector” (the “Guidance”) which considers the functions of the Money Laundering Reporting Officer (the “MLRO”).

The MFSA stipulates that this Guidance is to be referred to whenever licence holders establish, implement, and sustain their Financial Crime Compliance Framework. This Guidance is intended to be applied in relation to the function of the MLRO even where the responsibilities for AML/CFT compliance management are vested with another official (to the extent applicable).

Applicability of the Guidance

The Guidance applies to all licence holders that carry out a relevant financial business or conduct relevant activity and fall within the definition of subject persons in accordance with the provisions in the Prevention of Money Laundering Act (Act XIX of 1994 as subsequently amended), the Prevention of Money Laundering and Funding of Terrorism Regulations (Legal Notice 372 of 2017, as subsequently amended) (the “PMLFTR”), and the FIAU’s Implementing Procedures. Interestingly, the Guidance is being drafted on actual observations encountered throughout the MFSA’s approval of proposed individuals as MLROs as well as supervision of approved MLROs.

Key Take-Aways

From this Guidance, licence holders can infer the requirements expected by the MFSA from the MLRO (and/or AML/CFT compliance management officials) in order to satisfy both the expectations of the Authority, as well as satisfy (to the extent provided) the assessments of the MFSA. Obviously, this is a Guidance and reference should primarily be in relation to the legislation. The following principles emanating from the Guidance should be noted:

Knowledge

Knowledge is one of  the key elements to assessing competence and effectiveness of the MRLO role. MLROs should have a full understanding of the fundamental principles and obligatory practices related to AML/CFT. The MLRO should also have the necessary expertise, apart from knowledge. The MFSA points out that the MLRO (and other officials) should have the legislative proficiency of applicable laws and regulations of AML/CFT.

An MLRO should also have an understanding or knowledge of the responsibilities, duties, and legal requirements associated with their function. Knowledge of the MLRO is also being extended to knowledge of the Governance structure that applies to the MLRO’s role in relation to the licence holder. The Guidance stipulates that MLROs should ensure that they are sufficiently familiar with the MFSA’s Corporate Governance Code (including its principles that relate to ML/FT). This also includes knowledge of Internal Processes and Systems. The Guidance provides some examples, as follows:

• Relevant ML/FT risks, trends, and typologies relevant to the country and to the sector within which the appointing subject person operates;
• Relevant guidelines published by the European Banking Authority;
• Relevant responsibilities conferred on the MLRO position by local binding instruments;
• Relevant legislation and regulation that pertains to AML/CFT in Malta; and
• The business and operational model of the licence holder that is being proposed to be the MLRO.

Training, Background & Experience

The MLRO should have adequate education, skills, or qualifications relevant to AML/CFT, aligned appropriately with the requirements related to the MLRO function. This would also include the relevant experience. The Guidance provides that  “achieving academic qualifications and attending regular training does not override the MFSA’s consideration of other factors, such as relevant experience”. The MLRO should have awareness of the relevant Business sector. In this respect, the MLRO should be aware of predicate crimes and/or financial crime typologies (other than ML/FT) that may be relevant to the specific business. Good practices are being proposed as follows:

• MLRO to attend conferences and training events;
• MLRO to challenge and provide an educated perspective to the licence holder’s decision making;
• MLRO is knowledgeable of obligations according to local regulations and with European level publications;
• Licence holder’s staff is provided with specifically tailored training in line with their role and seniority to ensure that their knowledge is adequate. Training content should have practical elements;
• Customer-facing roles are provided with financial crime related training before any interactions;
• Licence holders satisfy themselves that their staff complement is aware of and understands their responsibilities in relation to financial crime compliance; and
• MLRO provides training directly to the staff or oversees the quality of the same.

Sufficient Time and Resources (including Tools)

The MLRO should also have the necessary sufficient time and resources to allocate to the proposed role and should not have other involvements that could hamper the time allocated to the role. Good practices in this regard include:

• Dedicating sufficient time as MLRO in proportion to the needs of the licence holder;
• The MLRO is experienced and qualified on a particular sector within financial services and takes on roles specifically related to their knowledge and expertise; and
• The MLRO is also supported by knowledgeable staff (where applicable) and has access to technological resources.

Autonomy of the Role and Reporting Lines

Another important principle is the autonomy of the role. The MLRO should be independent and have the necessary authority and decision-making power to carry out the responsibilities effectively. In this respect, it was mentioned that a conflict of interest may also materialise due to personal, matrimonial, or business relationships with the beneficial owners and/or directors of the licence holders. The Guidance stipulates that “it is an acceptable practice for the MLRO to report directly to someone other than the Board of Directors” but may be able to report directly to the Board of Directors or a board-appointed Committee. The Guidance provides that direct communication with the Board of Directors or other board-appointed Committees may be particularly useful to mitigate potential situations where:

• The MLRO encounters obstacles from the senior management;
• The MLRO holds concerns about higher management; and
• The MLRO is pressured to collude with a member of the senior management to conceal certain issues.

Good practices in this regard are listed as follows:

• Decisions on accepting or maintaining high risk relationships are reviewed and challenged independently and escalated to senior management/committees;
• Information provided to senior management to inform them of decisions about entering into or maintaining a business relationship such that the MLRO provides an accurate representation of the entity’s risk exposure of a certain business relationship;
• The MLRO function is independent, knowledgeable, robust and well-resourced, and poses effective challenge to the business where needed; and
• MLRO reports directly to the Board or a Board-appointed Committee where applicable or necessary.

No Conflict of Interest

The Guidance provides that the MLRO function needs to be fulfilled separately from other roles that hinder the effectiveness and independence the role. The Guidance provides an example where the MLRO possesses the power to recommend declining and/or onboarding customers or the continuation of business relationships with customers identified as posing financial crime related risks. The MLRO’s role should not conflict with other roles, especially with roles related to the licence holder’s business and/or executive functions. Some good practices are listed as follows:

• Supporting the licence holder’s Financial Crime Compliance Framework;
• MLRO should only fulfil other compliance-related roles that complement their MLRO-related duties (versus business-driven roles); and
• The appropriate internal controls are being applied to mitigate all possible conflict of interest.

It should be noted that the Guidance also provides samples of self-assessment questions related to the above, as well as providing a list of references.