AML/CFT – Prevention and Supervision

The Malta Gaming Authority (MGA) acts as the supervisory authority over the land-based and the remote gaming sectors in terms of the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01 of the Laws of Malta) (PMLFTR) and is thus considered an ‘agent’ of the Financial Intelligence Analysis Unit (FIAU) in terms of the Prevention of Money Laundering Act (Cap. 373 of the Laws of Malta) (PMLA). More specifically, the MGA is responsible for monitoring compliance of casino and gaming licensees with the PMLA, the PMLFTR and any Implementing Procedures or guidance issued thereunder, and for reporting non-compliance with the same to the FIAU.

The primary sources of Maltese law on money laundering as a criminal activity and the prevention thereof, are the Prevention of Money Laundering Act (Cap. 373 of the Laws of Malta) (PMLA) and the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01 of the Laws of Malta) (PMLFTR). The Implementing Procedures issued by the FIAU as per its powers under Regulation 17 of the PMLFTR are likewise legally binding instruments.

Land-based casinos have become subject to AML/CFT obligations with the transposition of Directive 2001/97/EC of the European Parliament and of the Council of 4 December 2001. With the introduction of Directive 2015/849 of 20 May 2015, providers of gambling services offering the wagering of a stake with monetary value in games of chance, including those with an element of skill such as lotteries, casino games, poker games, betting transaction which are provided in a physical location or by any means at a distance by electronic means, were also brought into scope.

The transposition of the aforementioned Fourth Anti-Money Laundering Directive brought about a revamp of the Maltese AML regulatory framework, whereby ‘gaming licensees’ were included within the definition of ‘subject person’ in the PMLFTR with effect from the 1st of January 2018. Subsequently, the FIAU and the Malta Gaming Authority (MGA) collaborated together to issue legally binding guidance specific to the remote gaming sector with the aim of aiding the sector in understanding and adhering to their AML/CFT obligations emerging from the aforementioned regulations. This resulted in the coming into force of the Implementing Procedures Part II on the 19th of July 2018, which legal instrument was last revised on the 2nd of July 2020 and will continue to be revised periodically to cater for the legal and practical changes in the AML/CFT regulatory sphere.

The AML/CFT obligations require casino and gaming licensees, more specifically B2C licensees offering Type 1, 2 and 3 games, to apply a risk-based approach in applying AML/CFT measures, controls, and procedures. They are primarily required to appoint a Money Laundering Reporting Officer (MLRO) of sufficient seniority and command whose main responsibility is to analyse unusual or suspicious activity or transactions observed within the business activity, and to follow up the same as necessary through the filing of a suspicious transaction report (STR) with the FIAU. In addition, the appointed MLRO has to be registered with the FIAU and an approved Key AML Function by the MGA, in line with the Gaming Authorisations and Compliance Directive (Directive 3 of 2018) and the Directive on the Key Function of the Prevention of Money laundering and the Financing of Terrorism (Directive 3 of 2020).

The basis of ensuring AML/CFT compliance is to carry out a Business Risk Assessment to understand the risks and vulnerabilities the licensee may be exposed to. Following this, the licensee has to devise a Customer Acceptance Policy and transcribe its AML/CFT policies and procedures outlining how the company will be abiding with its Customer Due Diligence and other various AML/CFT obligations.

While licensees are required to carry out identification procedures and ongoing monitoring from the initiation of a business relationship, the majority of the obligations are triggered once the client reaches a threshold of €2,000 in accrued deposits throughout the business relationship or over a rolling period of 180 days. More specifically, subject persons are required to conduct a customer specific risk assessment and verification procedures and build a business and risk profile of the customer, including by obtaining source of wealth and source of funds information and documentation on a risk sensitive basis. Furthermore, within the context of a business relationship, subject persons need to ensure that proper ongoing transaction monitoring is carried out on a risk-based approach throughout the course of the business relationship.

The MGA has a vested interest to ensure that licences are issued or renewed only if it is reasonably satisfied that the applicant has the necessary policies, procedures and systems in place to effectively manage any AML/CFT risks inherent within its business, and that all the persons involved in the applicant company are fit and proper persons.

To this end, the applicant is required to provide the MGA with the necessary due diligence documents in respect of its beneficial owners, directors and key functions. This due diligence exercise ensures the suitability of all persons involved in the conduct of gaming operations in and from Malta. As an additional measure, an applicant for the key AML/CFT function, also appointed by the company to hold the MLRO role, would need to undergo an appraisal which is aimed at assessing the applicant’s competence and knowledge to occupy such role.

The MGA’s supervisory functions, however, go beyond initial onboarding and are exercised on an ongoing basis. In view of this, an AML Unit was set up in 2018, comprising of a team of AML/CFT specialists, whose primary responsibility is to conduct supervisory examinations on gaming licensees, jointly or on behalf of the FIAU. The scope of these examinations is to assess the licensees’ compliance with the AML/CFT obligations and the implementation of their AML/CFT policies, measures, controls and procedures. The examination process is three-fold and involves documentation review and analysis, the interviewing of licensee representatives as well as the testing of a sample of customers. The supervisory plans for such examinations are devised on a risk-based approach and jointly agreed with the FIAU.

The MGA constantly supports the FIAU with the publications of guidelines such as the sector specific Implementing Procedures. The MGA also provides training sessions, discussions and forums to educate further the sector on AML/CFT matters. As an authority, the MGA collaborates closely with other regulators, international governmental organisations and national competent authorities, such as the Asset Recovery Bureau (ARB), the Sanctions Monitoring Board (SMB) and the National Coordinating Committee on Combating Money Laundering and Funding of Terrorism (NCC) for intelligence sharing purposes and to align international and national standards of approach.

Outreach & Guidance for Operators

Click here for relevant news updated related to Anti-Money Laundering

MGA & FIAU Webinars

Both the Malta Gaming Authority as well as the Financial Intelligence Analysis Unit hold a number of outreach events during the year.

In order to stay abreast with the most recent updates, make sure to subscribe to both the MGA newsletter, and the FIAU newsletter.