Implementing Procedures - Home - FIAU Malta

Implementing Procedures

Issued: 16 December 2020

Issued by the Financial Intelligence Analysis Unit in terms of the provisions of the Prevention of Money Laundering and Funding of Terrorism Regulations

Part II

Company ServiceProviders

Page 2

| Financial Intelligence Analysis Unit

CONTENTS

Abbreviations

1. Introduction to the Implementing Procedures Part II for CSPs 1.1 THE PURPOSE OF THESE IMPLEMENTING PROCEDURES

1.2 MALTA’S NATIONAL ML/FT RISK ASSESSMENT

1.3 DEFINITIONS

1.3.1 Arranging

1.3.2 Formation of Companies and other Commercial Partnerships

1.3.3 The Customer

1.3.4 Distinguishing between the concepts of Introducer, Intermediary and Agent

1.3.5 Distinction between intermediation and reliance

2. Customer Due Diligence 2.1 CDD ON INTERMEDIARIES AND AGENTS

4

5

5

6

6

6

7

7

8

11

13

13

Page 3

Implementing Procedures | Part II – Company Service Providers

2.1.1 A person acting solely as Introducer

2.1.2 A person acting as an Intermediary

2.1.3 A person acting as an Agent

2.2 PURPOSE AND INTENDED NATURE, AND ESTABLISHING THE CUSTOMER’S BUSINESS AND RISK PROFILE

2.3 COMPLYING WITH REGULATION 7(1)(C) WHEN PROVIDING COMPANY FORMATION SERVICES

2.4 ONGOING MONITORING OF BUSINESS RELATIONSHIPS

2.4.1 Scrutiny of Transactions

2.4.2 Keeping CDD data, information and documentation up to date

2.4.3 General Principles applicable to ongoing monitoring

2.4.4 Risk-based approach to ongoing monitoring

2.4.5 Complex and unusual types of transactions

2.5 TIMING OF DUE DILIGENCE PROCEDURES

2.6 TERMINATION OF BUSINESS RELATIONSHIPS FOR THE PURPOSES OF AML/CFT OBLIGATIONS

2.7 SANCTIONS SCREENING

Annex 1: Explanatory Scenarios

13

13

15

18

20

20

20

21

22

23

26

26

27

28

30

Page 4


ABBREVIATIONSAML/CFT Anti-Money Laundering and the Combating of Funding of Terrorism

BO BeneficialOwner

CDD Customer Due Diligence

CFT Countering the Funding of Terrorism

CSP Company Service Provider

CSP Act CompanyServiceProvidersAct(Cap.529oftheLawsofMalta)

EDD Enhanced Customer Due Diligence

EUROPOL EuropeanUnionAgencyforLawEnforcementCo-Operation

FATF Financial Action Task Force

FIAU Financial Intelligence Analysis Unit

FT Funding of Terrorism

ID&V IdentificationandVerification

MBR Malta Business Registry

ML Money Laundering

ML/FT Money Laundering and Funding of Terrorism

MLRO MoneyLaunderingReportingOfficer

MONEYVAL Council of Europe Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism

NRA National Risk Assessment

STR Suspicious Transaction Report

Page 5


1. Introduction to the Implementing Procedures Part II for CSPs 1.1 THE PURPOSE OF THESE IMPLEMENTING PROCEDURES

The number of company service providers inMalta has grown exponentially over the past few years, as the islandcontinuestoattractinternationalbusinesstoitsshores.Atthetimeofpublicationofthisdocument,therewerejustunder600professionalsandfirmsprovidingcompanyservicesintermsoftheCompanyServiceProvidersAct(Cap.529oftheLawsofMalta–“CSPAct”).

Theactivitiesthatcanbeperformedbyacompanyserviceprovider(“CSP”)emergefromtheCSPAct,andaredefinedasfollows:

“companyserviceprovider”meansanynaturalor legalpersonwhich,bywayofbusiness,providesanyofthefollowingservicestothirdparties:

a) formation of companies or other legal entities;

b) acting as or arranging for another person to act as director or secretary of a company, a partner in apartnership or in a similar position in relation to other legal entities;

c) provisionofa registeredoffice,abusinesscorrespondenceoradministrativeaddressandother relatedservicesforacompany,apartnershiporanyotherlegalentity.

These Implementing Procedures Part II are applicable to persons and entities carrying out the services envisaged under the CSP Act1.

The purpose of this document is:

a) tointerpretandprovidesector-specificguidanceontheimplementationofparticularanti-moneylaunderingand the combating of funding of terrorism (“AML/CFT”) obligations that warrant further elaboration at anindustry-specificlevel;andalso

b) toprovidedetailedinformationonmoneylaunderingandfundingofterrorism(“ML/FT”)riskstoassistCSPsinformulatingabetterunderstandingoftheML/FTriskstheyfaceandensurethattheyarebetterequippedtodetectandreportML/FTsuspicions.

ItisimportantthatthisdocumentisreadinconjunctionwiththeImplementing Procedures Part I.

ThisdocumenthasbeendraftedfollowingconsultationwiththeInstituteofFinancialServicesPractitionersandtheMaltaFinancial Services Authority.

1TheseImplementingProceduresPartIIareintendedtoprovideAML/CFTguidancetoCSPswhentheyformand/orprovideother services to companies or commercial partnerships. The formation and provision of services to other types of legal entities,eventhougharelevantactivity,doesnotfallwithinthescopeofthisdocument.

Page 6


1.2 MALTA’S NATIONAL ML/FT RISK ASSESSMENT

AccordingtotheresultsoftheML/FTNationalRiskAssessment(“NRA”)publishedbytheGovernmentofMaltain2018,theCSPsectorwasidentifiedaspresentingahighriskofML/FTtoMaltainviewoftheinherentriskstowhichthesectorisexposed,coupledwithweakimplementationofAML/CFTcontrols.

TheNRAidentifiedthefollowingkeyinherentriskdriversforCSPs:

i) Significantvolumeofhigh-riskclients–mostnotably thehigh incidenceofnon-residentbeneficialowners(BOs);

ii) Services provided are risky in nature–specificallythesettingupofcorporatestructuresthatarecomplex,andtheholdingofsharesinafiduciarycapacity;

iii) High level of geographical risk–drivenbytheconsiderablenumberofnon-EUresidentBOsofcompaniessetupinMalta,withasignificantexposuretoriskyjurisdictions;

iv) Large volume of international business handled by CSPs; and

v) Higher service interface risk–consideringthatasignificantportionofCSPclientsareon-boardedonanon-face-to-facebasis,withtheinvolvementofintermediaries.

TheNRAmoreoverconcludedthatthelevelofeffectivenessofAML/CFTcontrolsimplementedbyCSPswasweak,whichfurthercontributedtothesector’shighexposuretoML/FTrisks.Thiswasduetoanumberoffactors.

ThenumberofSTRreportssubmittedbyCSPsinproportiontotheML/FTrisksthattheyareexposedtoissignificantlylow.ThismaybeindicativeofaweakawarenessofML/FTrisks.CSPsoftendonothaveexpertiseinunderstandinghowtheirproductsandservicesmaybemisusedforML/FT.ThelowlevelofSTRreportingisalsoindicativeofweakAML/CFTcontrolsand,inparticular,ofineffectiveongoingmonitoringprocedurestoidentifysuspicioustransactions.

CSPsoften lack the resourcesand specialisationof larger financial institutions todedicate to the implementationofeffectiveandrobustAML/CFTcontrolsandalsooftenhavefewindependentchecksandbalancestomonitortheeffectiveimplementationoftheirAML/CFTobligations.

1.3 DEFINITIONS

Under this section, certain terminology that is envisaged under the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01 – “PMLFTR”), as well as the Implementing Procedures Part I, will be specifically defined in the context of company services to ensure consistencyin the interpretation of these terms by CSPs and, consequentially, in the application of their AML/CFTobligations.

1.3.1 Arranging

Whenitcomestoarrangingforanotherpersontoactasadirectororsecretaryofacompany,apartnerinapartnership,orasimilarpositioninrelationtootherlegalentities,CSPsaretorefertothedefinitionof‘arranging’assetoutinanyrulesor regulations issued under the CSP Act. It should be noted that arranging does not include the process of headhunting oradvertisingtofindasuitablecandidateforaposition.Theseserviceswouldtypicallybecarriedoutbyrecruitmentagencies.

Page 7


The mere compilation of statutory forms or the carrying out of other formalities necessary for the appointment of a companydirector, secretaryor similarpositions inother legal entities is not considered tobea serviceof arrangingforsomeonetoactasadirector,secretaryoranequivalentposition.NorisitconsideredtobeacompanyserviceorarelevantactivitythatwarrantstheapplicationofAML/CFTobligations.

1.3.2 Formation of Companies and other Commercial Partnerships

Formationservicesconsist in theprovisionofservices to incorporatecompaniesorsetupcommercialpartnerships,inwhichonewouldbeactivelyassistinginthepreparationandsubmissionofrelevantdocumentationandliaisingwithrelevant registers for the purpose of setting up a company.

When the services only entail the compilation and submission of ancillary statutory forms to set up a company or other commercial partnership (e.g., beneficial ownership declarations), one would not beproviding a formation service for the purposes of the PMLFTR and these Implementing Procedures Part II.

1.3.3 The Customer

ThePMLFTRdefineacustomerasalegalornaturalpersonseekingtoform(i.e.,apotentialcustomer)orhasformed(i.e.,anexistingcustomer)abusinessrelationship,oralegalornaturalpersonseekingtocarryoutanoccasionaltransactionwithasubjectperson.

InthecaseofCSPs,thetypeofcustomervariesdependingontheservicesthatarebeingprovided.Thetablebelowprovidesaninterpretationofwhothecustomerisinthecontextofthevariouscompanyservicesthatmaybeprovidedby CSPs:

Company Service

Formation of a company or a commercial partnership

Actingasadirectororsecretaryofacompany,orapartnerinacommercialpartnership,orarrangingfor another person to act as such

Provisionofregisteredoffice,businesscorrespondence or administrative address or related services to a company or commercial partnership

Who is the Customer?

Theprospectiveshareholder/BO/partner,forwhomthecompany or other legal entity willbesetup

The company or commercial partnershiptowhichsuchservicesareoffered

The company or commercial partnershiptowhichtheseservicesareoffered

Nature of Service

Occasionaltransaction

Business relationship

Business relationship

Page 8


ThepersonrequestingtheCSP’sservicesmaybethecustomerhimself/herself.However,theremaybecircumstancesinwhichthecustomerwouldberepresentedbyanotherpersonorentity.IntheCSPcontext,customersmayberepresentedeither by:

a) Intermediaries –who introduce the customer to theCSPand remain involved in thebusiness relationshipbetweenthecustomerandtheCSP,bygivinginstructionstotheCSPonthecustomer’soperationsorbyco-ordinatingworkforthecustomer;or

b) Agents –whoactonbehalf of acustomerandcanbind theunderlyingcustomer, for exampleby signinglettersofengagement (therebycreatingan indirect relationshipbetween theCSPand thecustomerandadirectrelationshipwiththeAgent).Whenthecustomerisacompanyorcommercialpartnership,itsdirectorsandpartners,whoarelegallyempoweredtorepresentandbindthecompanyorcommercialpartnership,arelikewiseconsideredtobeagentswhentheyexercisetheselegalrepresentationpowerstobindthecompanyorcommercial partnership. These individuals are typically involved in the carrying out of an occasional transaction orbusinessrelationshipbygivinginstructionstotheCSPthatbindthecompanyorpartnership,orbytakingactionsthatlikewisebindthecompanyorcommercialpartnership(e.g.,signingcontractsonthecompany’sbehalf).

It should be noted that persons or entities that merely act as introducers by putting a prospective customer in contact withtheCSP,withouthavinganyfurtherinvolvementinthesettingupandoperationofaparticularbusinessrelationshiporthecarryingoutofanoccasionaltransaction,arenotconsideredtobeeitherintermediariesoragents.TheCSPwouldbecreatingadirectrelationshipwiththecustomerfollowingtheintroduction,andtheintroducerwouldplaynofurtherrole,suchasbyrepresentingthecustomerorgivinginstructionsonhisbehalf.Thus,noAML/CFTobligationsariseinrelationtotheintroducer.Withthatsaid,theintegrityandtypeofclientelebroughtforwardbyanintroducerimplicatedincriminalitymaybecompromisedandCSPsmaywishtocarryoutperiodicchecksonopensourcestoensurethereisnosignificantadversemediaontheintroducer.

Inordertobetterunderstandthesetypesofrelationships,theconceptsofAgentandIntermediarymustfirstbeexamined.

1.3.4 Distinguishing between the concepts of Introducer, Intermediary and Agent

1.3.4.1 The Introducer

AnIntroducerisdefinedasapersonwhotypically(thoughnotnecessarily)wouldhaveabusinessrelationshipwithathirdparty(who,inthiscase,wouldbetheIntroducer’sclient)andwhointroducesthatthirdpartytoaCSP.Theintentionwouldbethatthethirdpartywouldformabusinessrelationshiporconductaone-offtransactiondirectlywiththeCSP.InthiswaytheIntroducer’sclientorthirdpartybecomesacustomeroftheCSPdirectly.

The Introducer’s role is solely tomake the introduction, and he would have no further involvement in the businessrelationshipor theoccasional transactionthatwouldbeestablishedorcarriedout. It is the identityof the introducedcustomerthatmustthenbeestablishedandverified,andnoAML/CFTobligationsariseinrelationtotheIntroducer.

1.3.4.2 The Intermediary

TherearesituationswhenanIntroducerintroducesathirdpartytoaCSP,butthenproceedstoremainactivelyinvolvedincarryingout theoccasional transactionor in thebusinessrelationshipestablishedwith theCSP.Thiscouldbe, forinstance,bybeingresponsibleforcommunicatingclientinstructionstotheCSP(bothattheinitialstageswhencarrying

Page 9


1.3.4.3 The Agent

AnAgentisapersonwhoactsonthecustomer’sbehalf(beitthecorporateclientitselfortheprospectiveshareholder,partnerorBO)andhastheauthoritytobindthecustomerwithhis/heractions.Apersonwhoexecutestransactionsforandonbehalfofacustomer(suchaswhendulyappointedtoactassignatoryonthecustomer’sbankaccount)orwhoisdulyauthorisedtosigncontracts/agreementsbindingthecustomer(suchasacompanydirector)areconsideredtobeAgents.

The role of company directors and partners as agents

Thosecompanydirectorswhoare vestedwith the legal and judicial representationof theCompanyandpartnersofCommercialPartnershipswho,withinthecontextofanoccasionaltransactionorabusinessrelationship,actonbehalfoftheCompany(e.g.,signingcontracts,agreementsorlettersofengagement),arelikewiseconsideredtobeagentswhopurport to act on behalf of the respective company or commercial partnership.

IntermsofRegulation7(3)thesewouldthereforeberequiredtobeidentifiedandverified,andtheCSPisexpectedtoensurethattheyareauthorisedinwritingtoactonthecustomer’sbehalf.AsisexplainedinfurtherdetailunderSection2.1.3.1,notalldirectorsandpartnersneedtohavetheiridentityandauthorisationverified;thisappliesonlytothosewhoexercisethelegalpowerstobindthecompanyorcommercialpartnershipswithinthecontextofanoccasionaltransactionorbusinessrelationshipcarriedoutorestablishedwiththeCSP.

out an occasional transaction or setting up a business relationship, or throughout that business relationship,as the case may be) without necessarily being legallyauthorisedtobindthecustomerinthesamewayasanAgentwould.Thisscenarioisexplainedinthefollowingsection.

Insuchascenario, thepersonmaking the introductiondoes not remain an introducer but becomes an Intermediary. An Intermediary may, therefore, bean individual who enjoys the customer’s trust andcommunicates the customer’s intentions, instructionsand decisions in relation to a particular transaction or matter to the CSP, and/or undertakes specific tasksor activities (such as project management, vetting ofdocuments, general co-ordination of the project, andgivinglegalorotheradvicetotheclient),withouthavinganypowerstobindthecustomer.

In this scenario, while the CSP is always, naturally,obligedtocarryoutCDDmeasuresonthecustomer,theCSP must also carry out further due diligence measures ontheIntermediary.GuidanceonhowtocarryoutCDDis provided in Section 2.1 of this document.

Page 10


1.3.4.4 Application of the distinction in real-life scenarios

IntermediaryrelationshipstypicallyinvolveanotherlocalorforeignCSP,trusteeand/orwealthmanagementfirm,familyoffice(ormulti-familyoffice),lawfirm,accountancy/auditfirmorotherprofessionalfirm.TheIntermediary,inthiscase,does not stop at merely introducingthecustomer,asexplainedabove,butremainsinvolvedasthepoint of reference to carryoutthatoccasionaltransactionorbusinessrelationship,withoutnecessarilyhavingthecapacitytoactuallybind the customer.

ThefactthatallcorrespondencetakesplacebetweentheCSPandtheintroducinglawfirmorotherprofessionalfirmastheIntermediary(andirrespectiveofwhetherthecustomerisalwaysormostlycopiedin,nevercopiedinorcopiedinonlyrarely),isinitselfindicativeofthelawfirmorotherprofessionalfirmactuallyactingasanIntermediaryandnotmerelyasan Introducer.

Whileeachcasemustnecessarilybeassessedonitsownmerits,theremaybecircumstancesthatwouldindicatethatthepurportedintroducerisnotsimplyanIntroducer,butisactuallyactingasanIntermediary,forinstance:

• instructionsarealwaysormostlyprovidedbyapersonpurportingtobemerelyanIntroducer;

• the letterofengagement isenteredintowiththepurportedIntroducer,whothenendsupco-ordinatingtheproject;or

• theletterofengagementisenteredintowiththecustomerdirectly,butinteractionbetweentheCSPandthecustomer takes place through the purported Introducer.

WhenitcomestodeterminingwhetherapersonisanIntermediaryoramereIntroducer,itisirrelevantwhetheritistheIntermediaryortheunderlyingcustomerwhoultimatelypaysthefeesoristakingtheriskofnon-paymentoffees.Itisalsoirrelevantwhoultimatelydecidesissues;thatis,whethertheunderlyingcustomerhasgiventheIntermediarysomeformalauthoritytotakedecisionsoncertainmattersorwhethertheIntermediaryisrequiredtoreferallmatterstotheunderlyingcustomer for a decision.

Page 11


Inotherwords,anysituationinwhichanindividualorentitycarriesoutadditionalactivitiesbeyondmerelyintroducingthecustomertotheCSPandstoppingthere,rendersthatindividualorentityanIntermediary,therebynecessitatingtheapplication of due diligence measures on that Intermediary.

Itmighttranspirewhile(orevenafter)settingupabusinessrelationshipthatapresumedcustomerorcompanyBOisactingonbehalfofanotherperson,i.e.,aprestanome,fiduciarymandatoryorfrontman.ACSPmaybecomeawareofthesesituationsthroughvariousbehaviouralindicators,suchaswhen:

i) thepresumedcustomer/BOisnotabletoprovideoutrightinstructionsonthecompany’soperationssincehe/she has to refer decisions to someone else;

ii) correspondencebetweentheCSPandthecustomer/BOmightinvolveathirdparty,whichisunknowntotheCSP;

iii) theCSP’sprofessionalfeesarebeingpaidupbysomeoneelseotherthanthepresumedcustomer/BO;or

iv) thepresumedcustomer/BOshowsalackofdetailedunderstandingaboutthecompany’sbusiness.

Intheseinstances,andunlessthereexistsalegitimateexplanation,CSPsshouldconsidersubmittinganSTRtotheFIAUand desist from providing further services to this customer.

1.3.5 Distinction between intermediation and reliance

ItisimportanttodistinguishanIntermediaryorAgentrelationshipfromasituationwhenrelianceisbeingplacedintermsofRegulation12ofthePMLFTR.Thetwoshouldnotbeconfusedsincetheyarecompletelydistinct,andonedoesnotnecessarilyinvolvetheother.Thatis,aCSPcanbedealingwithanAgentoranIntermediarywithoutplacingrelianceonthatAgent/Intermediary,justasaCSPcanrelyonanothersubjectpersonorathirdpartyintermsofRegulation12withoutthatothersubjectperson/thirdpartybeinganAgentoranIntermediarywithregardtotheCSP.

IncertaincircumstancesanIntroducer,IntermediaryorAgentcouldbeanothersubjectpersonorthirdpartysubjecttoAML/CFTobligationsinanotherjurisdictiononwhomtheCSPispermittedatlawtoplacereliancetocarryoutsomeaspectsofCDDinaccordancewithRegulation12ofthePMLFTR.Inthiscase,itisuptotheCSPtodeterminewhethertoplacerelianceor,alternatively,toconductitsownCDDontheunderlyingcustomer(besidesalsoontheIntermediaryorAgent).

Forfurtherguidanceonimplementationoftherelianceprovisions,seeSection4.10oftheImplementing Procedures Part I.

Page 13


2. Customer Due Diligence ThisdocumentwillnotreinterpretorprovideguidanceonthecustomerduediligenceobligationsthatCSPs,assubjectpersons,mustapplyinrelationtotheoccasionaltransactionstheycarryoutandbusinessrelationshipstheyenterinto.ThepurposeofthisdocumentistofocusonspecificaspectsofCDDthatmeritsector-specificguidance.InthisChapter,whichshallfocusonCDDobligations,guidancewillbeprovidedonthefollowingaspects:

• CDD on intermediaries and agents;

• assessing and, as appropriate, obtaining informationon thepurpose and intendednature of thebusinessrelationship,andestablishingthecustomer’sbusinessandriskprofile;

• ongoing monitoring;

• the timing of CDD obligations; and

• the termination of business relationships.

2.1 CDD ON INTERMEDIARIES AND AGENTS

2.1.1 A person acting solely as Introducer

WhenapersonactssolelyasanIntroducer,havingnofurtherinvolvementotherthanintroducingthecustomer,by,forinstance,providinginstructionsorotherwiserepresentingthecustomer,theCSPwouldnotberequiredtocarryoutanyCDD on the Introducer.

2.1.2 A person acting as an Intermediary

CSPsshouldhaveinternalprocessestoreviewandapproveIntermediariesbeforetheCSPstartsservicingcustomerswhoareintroducedandrepresentedbytheseIntermediaries.TheseinternalprocessesarenecessaryforCSPstoensurethattheydealwithIntermediarieswhoarereputableandofgoodstanding,whichwillitselfreflectonthequality,standingand intentionofcustomerswhoare introducedtothem.These internalprocessesshouldrequireseniormanagementapprovalbeforeanyworkingrelationshipswithintermediariesareinitiated.TheseprocessesshouldalsorequirescrutinyandduediligencetobecarriedoutontheIntermediaryfortheseniormanagement’sdeterminationtobewellinformed.Thisscrutinyandduediligenceshouldincludethefollowing:

Page 14


Basic checks for all Intermediaries

a) determinewhethertheIntermediarywouldberepresentingendcustomerstowhom/whichcompanyserviceswillbeprovided,orwhethertheIntermediarywillbepassingoninstructionsfromanotherintermediary/otherintermediaries,oneofwhichwouldultimatelyrepresenttheendcustomer(i.e.,“IntermediaryChains”);

b) establish the existence of the Intermediary through public sources;

c) assess, and be satisfiedwith, the Intermediary’s reputability and integrity. Thiswould involve carrying outpublicsearches(e.g.,usingonlinesearchengines,metasearchenginesorcommercialdatabases)toassesswhetheranyadverseinformationexistsontheIntermediary,whichwouldraisedoubtsabouttheIntermediary’sintegrity,suchasinvolvementinanywrongdoing(e.g.,criminaloffencesorbreachesofAML/CFT,prudentialor other professional obligations).Moreover, given that these Intermediaries are typically professional law,accountancyor tax advisory firmsor otherCSPs, theCSPwould alsobe expected to confirm that theseIntermediariesarelicensed,regulatedorareaccreditedprofessionals,asthecasemaybe;and,

d) whentherelationshipwiththeIntermediaryisongoing,CSPsaretocarryoutregularcheckstoensurethattheinformationobtainedatthepointofestablishingtheworkingrelationshipwiththeIntermediaryremainscurrentandtobeawareofanynewinformationthatmightconcerntheIntermediary’sreputabilityandintegrity.Theseongoing checks are expected to be carried out at least on an annual basis.

Additional checks for higher risk Intermediaries

HigherriskIntermediarieswouldincludeIntermediarieswhoare:

• notsubjecttoanylicensing,regulationorprofessionalaccreditation;

• situatedinhigh-riskornon-reputablejurisdictions;or

• lessrenownedandonwhomitisdifficulttofindinformationthroughpublicsources.

BeforeestablishingworkingrelationshipswithhigherriskIntermediaries,CSPsshouldbemorecautiousandshouldcarryout additional and more in-depth checks on these Intermediaries. These additional checks may include:

a) identifying and verifying the Intermediary’s identity by collecting the necessary identification details andverifyingthoseidentificationdetailsonthebasisofdata,documentsorotherinformation,asisexplainedunderSection4.3.1oftheImplementingProceduresPartI. InthecaseofIntermediariesthatarefirmsorentities,CSPsshouldalso identifythedirectors,partnersoradministratorsoftheseIntermediariesandalso identifyandverifytheidentityoftheirultimateBOs.Seesection4.3.2oftheImplementingProceduresPartIforfurtherdetailsonthe identificationandverificationprocedurestobeapplied in thecaseof Intermediaries thatareentitiesorfirms;

b) inthecaseofIntermediariesthatareentitiesorfirms,extendingthereputabilityandintegritychecksenvisagedunderparagraph(c)ofthelistofbasicchecksforIntermediariestocovernotonlytheIntermediary,butalsoitsdirectors,partnersoradministrators,anditsultimateBOs;

c) gathering further information on their internal AML/CFT procedures (where applicable) to formulate anunderstanding of the Intermediary’s compliance culture;

d) holdingintroductorymeetings(physicalorvirtualmeetingsusingavideo-conferencingfacility);

Page 15


e) inthecaseofIntermediaryChains,carryingouttheaboveproceduresoneachandeveryIntermediaryinthechain; and

f) wheretherelationshipwiththeIntermediaryisongoing,CSPsaretocarryoutregularcheckstoensurethattheinformationobtainedatthepointofestablishingtheworkingrelationshipwiththeIntermediaryremainscurrentandtobeawareofanynewinformationthatmightconcerntheIntermediary’sreputabilityandintegrity.Theseongoing checks are expected to be carried out at least on an annual basis.

ThissectionisintendedtoprovideguidanceontheduediligencechecksthataretobecarriedoutbyCSPswhentheyseektoestablishaworkingrelationshipwithanIntermediary.WhenCSPswould,inaddition,beplacingrelianceontheCDDmeasurescarriedoutbyIntermediariesontheendcustomers,CSPsshouldabidebyandfollowtheprovisionsofRegulation12ofthePMLFTR,whichareexplainedinfurtherdetailunderSection4.10oftheImplementing Procedures Part I.

2.1.3 A person acting as an Agent

WhereacustomerisrepresentedbyanAgent,whoactsonhis/herbehalftocarryoutanoccasionaltransactionortosetupabusinessrelationship,orelseisempoweredtoactonbehalfofandbindthecustomerthroughoutthebusinessrelationship, theCSPmustnotonly identifyandverify thecustomerbutmustalsocarryoutspecificCDDmeasuresonthatAgent,whoispurportingtoactonthecustomer’sbehalfinlinewiththerequirementsofRegulation7(3)ofthePMLFTR.

Page 16


Thefollowingpersonsorentitieswouldbeconsideredtobeactingforandonbehalfofthecustomer:

a) directorsorpartnerswhoareauthorisedto legally represent thecorporatecustomerandwhotakeactionsthat formallybind thecompanyor legal entitywithin thecontextof anoccasional transactionorbusinessrelationship, suchasby signing lettersof engagementwith theCSPorby signingoffanyoperationsandagreements that bind the company or commercial partnership throughout the business relationship; and

b) otherpersonswhoareempoweredtoactonthecustomer’sbehalf,suchasbycarryingouttransactionsonbehalfofthecorporatecustomerbeingservicedbytheCSP(e.g.,banksignatories),orpersonswho,bymeansofapowerofattorneyorresolution,areauthorisedtotakeanyactionthatbindsthecorporatecustomer.

Inthesecases,theCSPisexpectedtoabidebytherequirementsofRegulation7(3)ofthePMLFTRandSection4.2.1(CustomervsAgent)oftheImplementing Procedures Part I,whichrequiretheCSPtoidentifyandverifytheidentityofanypersonpurportingtoactonthecustomer’sbehalf,andtoalsoensurethatthispersonisauthorisedinwritingtoacton the customer’s behalf.

2.1.3.1 Treatment of directors and partners

WhileCSPsareexpected to identifyalldirectorsorpartnersofcorporatecustomers (seeparagraphs (iii)ofSections4.3.2.1 and4.3.2.3of the Implementing Procedures Part I),CSPsarenot expected to verify the identity of all thesedirectors,butonlythosewhoareauthorisedtolegallyrepresentthecorporatecustomerandwhoexercisethatpowerofrepresentationwithinthecontextofanoccasionaltransactionorabusinessrelationship.

Inthisregard,CSPsmustalsoascertainthatthesedirectorsareactuallyvestedwiththepowertolegallyrepresentthecorporatecustomer.Thesameappliestopartnersofcommercialpartnerships(seeparagraph(iii)ofSection4.3.2.3.ofthe Implementing Procedures Part 1).

In order to ascertain that directors and partners are duly authorised to represent the respective company or commercial partnership,referencemaybemadetotheconstitutivedocumentofthatrespectivelegalentity,suchastheMemorandumandArticlesofAssociationsorotherstatutorydocument,ortoanypowerofattorneyorresolutionauthorisingthepersonconcerned.

Scenario example

Acompanyhasfourdirectors,andthelegalandjudicialrepresentationofthecompanyisvestedinallfourdirectors jointly.Onedirectorsigned the letterofengagementwith theCSP for theprovisionof registeredofficeservices,asauthorisedbyadirectors’resolution.Inthisparticularcase,theCSPisexpectedtoidentifyall directors by collecting their identification details (see paragraph (iii) of Section 4.3.2.1 – Implementing Procedures Part I).

TheCSPishowevernotrequiredtoverifytheidentityofallfourdirectorsbutof that one directorwhoexercisedhispowerofrepresentationtosigntheletterofengagementonthecompany’sbehalf.TheCSPshouldalsoverifythatthisdirectorwasauthorisedtobindthecompany,andsoshouldobtainacopyoftheresolutionthatauthorisedhim/hertosignofftheletterofengagement.

Page 17


2.1.3.2 Provision of instructions by staff members of corporate entities

TheremayalsobeinstanceswhentheCSPisapproachedbyanindividual(suchasaCEOorCFO),actingonbehalfofthecompanyorentity,toestablishabusinessrelationshipwiththeCSP.Asexplainedabove,theCSPisexpectedtoidentifyandverifythisindividual’sidentity,andalsotoascertainthathe/sheisdulyauthorisedtorepresentthecompany.

However,asthebusinessrelationshipprogresses,theCSPstartsreceivinginstructionsfrommembersofstaffworkingwithinthatCEOorCFO’steam.TherequirementtoensurethattheactualpersonsendinginstructionsbindingtheentityissovestedwiththatauthorityisnottobeinterpretedtomeanthattheCSPshouldrequiredocumentationtoascertainthateachstaffmembergivinginstructionsissoauthorised.InthesecasestheCSPshouldverifythelinkbetweenthismemberofstaffandtheentity.Thiscanbedoneby,forexample,ensuringthattherelevantindividual(theCEOorCFO,inthiscase)iscopiedinontherelevantemailssentbythestaffmemberinquestion,whichwouldenabletheCSPtoassumethattheCEOorCFOisawarethatthisstaffmemberisgivingbindinginstructions.

Alternatively,theCSPcouldalsobeconsideredashavingverifiedthelinkbetweenthememberofstaffandtherespectiveentityifthatmemberofstaffwouldhavebeenoriginallycopiedin,orintroducedinearliercorrespondencesentby,orincluding,theCEOorCFO,whooriginallyrequestedtheprovisionofservices,oranyothersuchsituationindicatingthatonehasbeengivenauthoritybytheCEOorCFOtocontinueprovidinginstructions.

Page 18


2.2 PURPOSE AND INTENDED NATURE, AND ESTABLISHING THE CUSTOMER’S BUSINESS AND RISK PROFILE

This section provides further guidance and explanation to assist CSPs to adhere to their obligations under Regulation 7(1)(c)ofthePMLFTR,whicharefurtherexplainedunderSection4.4oftheImplementing Procedures Part I. In terms of Regulation7(1)(c),CSPsarerequiredto:

a) assessand,whereappropriate,obtaininformationand/ordocumentationonthepurposeandintendednatureof the business relationship; and

b) establishtheircustomer’sbusinessandriskprofile.

WhenCSPsarerequestedtoincorporateacompanyorestablishacommercialpartnership,theyaretypicallyapproachedby the prospective shareholders, partners or BOs of that prospective company or commercial partnership, or byIntermediaries.Inadditiontoformationservices,CSPsmayalsoberequestedtoprovideadditionalservicesoncethatcompanyorpartnershipisestablished.Thesecouldincludeprovidingacorrespondenceaddress,secretarialservices,aregisteredofficeoradirectorship/s,amongothers.

Initially, therefore, theCSP’s customerwould typically be the prospective shareholder/s or BO/s of that prospectivecompanyorentity(whomayormaynotberepresentedbyIntermediariesorotherpersons)andtheCSPoughttoidentifyandverify the identityof that individualorentityand, in thecaseofa legalentityorarrangement, itsBO/s,andalsoadheretotheotherobligationsenvisagedbyRegulation7(1)(b)ofthePMLFTR,asfurtherexplainedinSection4.3.2ofthe Implementing Procedures Part I.

CSPs who are requested to provide services, such as a registered office, a correspondence address, directorshiporsecretarialservices toorwithincompaniesorpartnershipswhich theCSP itself incorporatesorwhicharealreadyincorporated,wouldbeestablishingabusinessrelationship(seetheTableunderSection1.3.3–‘TheCustomer’),sincethese services are offered over a span of time and hence denote an element of duration. Accordingly, theseCSPsare required to assess, and, as appropriate, obtain informationon thepurposeand intendednatureof thebusinessrelationship being established.

Informationthatwouldberelevantinthiscontextwouldincludethefollowing:

a) Information on the rationale

TherationaleforthesettingupofthecompanyorpartnershipinMaltaand/orfortheprovisionoftherequestedservice/s.Istherealegitimateandeconomic/businessrationaleforthecompanyorpartnershipbeingsetuporserviced?When,forexample,suchacompanyformspartofalargergroupofcompanies,itisimportantfortheCSPtounderstandthecompany’spurposewithinthelargergroup(e.g.,aconglomeratebusinessinwhichthedifferentbusinessstreamsaresetoutunderdifferentcompanies).Thiswouldalso involvegathering informationonthecommercial/tradingactivitiespursuedbythelargergrouporsub-groupthatownstheMaltesecompany.

Whenthecompanyissetuptoholdsharesinanothercompany,theCSPshouldalsoseektounderstandtherationaleforthatset-up.Thisapproachisimportanttoensurethatmulti-tierand/orcomplexstructuresarenotbeingpurposelysetupto conceal ill-gotten gains and to create obstacles to the tracing of these gains.

Assessingthepurposebehindthesettingupofthecompanyorpartnershipisespeciallyrelevantwhennon-residentsareBOsofcompaniesorpartnershipssetuporbeingsetupinMalta.CSPsshouldalsobeparticularlyvigilantwhentheyassistMalteseresidentstosetupcompaniesorlegalentitiesoutsideMalta,orwhentheyprovideotherservicestothesecompaniesorlegalentities.Whenprovidingthisassistanceortheseservices,eitherdirectlythrough,forexample,thedraftingofincorporationdocuments(e.g.,Memoranda&ArticlesofAssociationorotherconstitutivedocuments),orindirectlythroughliaisingandrepresentingtheclientwithforeignCSPs,theMalteseCSPshouldquestionandunderstandthe rationale behind the setting up of that company or other legal entity outside of Malta;

Page 19


b) Information on the activity or purpose

Informationontheactivityorpurposethatthecompanyorpartnership/swillbecarryingoutorservingwouldinvolveunderstandingthetrading/commercialactivitythatistobecarriedoutbythecompany.Whenthecompanyisnotsetuptocarryoutacommercial/tradingactivitybutrathertoholdassets(e.g.,ashareholdinginanotherentity),itwouldnotsufficetosimplydeterminethepurposeofthatcompany,whichmaybequiteself-evidentfromthenatureofthecompanyitself(i.e.,toholdsharesinasubsidiarycompanyorcompanies).

TheCSPprovidingservicestothatcompanywouldbeexpectedtounderstandandgatherinformationonthetrading/commercial activitycarriedoutdirectlyby theholdingcompany’ssubsidiaryor subsidiaries (where theseare tradingcompanies),orindirectlybysubsidiariesofthesesubsidiariesintheownershipchain.ItisonlybydoingsothattheCSPwouldbeabletogetaholisticunderstandingofwhatpurposeoractivitytheholdingcompanywillbelinkedto;

c) The profile of the shareholders or beneficial owners

TheCSPisexpectedtoassesswhetherthisprofiletallieswiththecompany’sorpartnership’sactivityorpurpose.Dotheseindividualshaveexperienceintheareaofbusinessthatthecompanywillbetradingorinvolvedin?Forexample,inthecaseofacompanythatwillbeprovidingconsultancyservices,doanyofthepartiesinvolvedhavetechnicalexpertiseintheareainrelationtowhichthecompanywillbeprovidingconsultancy?

d) The value of share capital or assets of that company or entity

CSPsareexpectedtoobtaininformationonthevalueofthesharecapitalorassets,and,dependingontheML/FTrisksidentified,obtaindocumentationevidencingthesourceof fundsand/orassets formingthecapitalof thecompanyorpartnership.Thesecheckswouldentailgathering informationon thesourceofwealthof theshareholderorBOwhocontributes to the company’s capital.

Thiswouldbe,forinstance,informationonemploymentorbusinessactivity,includinginformationonsalaryinthecaseofindividualsinemployment,orbusinessincomeincaseofcorporateshareholdersorindividualswhosewealthisderivedfrombusinessorcommercialactivities.PrivatecompaniesinMaltacanbeincorporatedwithaminimumsharecapitalof €1,164.69. In these cases,CSPsare not expected toobtain extensive informationor to obtaindocumentation tosubstantiatethesourceofthatminimumsharecapital,anditwouldsufficefortheCSPtosimplyidentifytheemploymentorbusinessactivityoftheshareholder/BOcontributingtothatsharecapital.

CSPsshould,however,seektoestablishhowthecompanywillcontinuetobefinanced, includingwhetheranyothercapital injectionsareprojectedoncethecompany is incorporated.Together, thesemeasureswouldallowtheCSPtoplacemorefocusoneffectivemonitoringofthecompany’sactivitiesonceitstartstooperate.

e) Ongoing monitoring of transactions

CSPswhoprovidedirectorshipservicesoractaspartnersincommercialpartnerships,andwhowouldbeempoweredtolegallyrepresentandbindthecompanyorentity,areexpectedtocarryoutongoingmonitoringofthetransactionsthattheentityundertakes,as isexplainedunderSection2.3of thisdocument.Whenprovidingtheseservices,CSPsshouldobtaininformationontheanticipatedleveloftheactivitythatistobeundertakenthroughtherelationship(e.g.,expectedvolumeoftransactionalactivity,projectedturnover,proposedsuppliersandcustomers)inordertounderstandtheeventualsourceoffundsflowingthroughthecompany.

This information is necessary for the CSP to be able to formulate an understanding of the typical transactional activity thatisexpectedfromthatentity.Thisunderstandingiscrucialtoenableittocarryouteffectiveongoingmonitoringofthecompanies’ or entities’ activities and transactions.

Naturally,theextentofthescrutinyaswellasinformationanddocumentationtobegatheredwillvaryaccordingtotheML/FTrisksconnectedwiththatparticularbusinessrelationship.

Page 20


2.3 COMPLYING WITH REGULATION 7(1)(C) WHEN PROVIDING COMPANY FORMATION SERVICES

WhentheCSPwouldbeprovidingsolelycompanyformationservices,withoutanyadditionalcompanyservices,theCSPwouldbecarryingoutanoccasionaltransactionandnotestablishingabusinessrelationship,sincetheCSP’sserviceswillendwiththesettingupofthecompany.

Thisnotwithstanding,CSPsarestill expected tounderstandand,asappropriate,obtain informationon the intendedpurpose of the company or other legal entity being set up. CSPs are expected to ensure that their services are not misused for the setting up of a company or entity intended to facilitate the laundering of proceeds of crime or the financingofterrorism.Thisnotonlyexposesthemtoreputationalrisksandtheriskofbeinginvolvedincriminalacts,butunderminesthereputabilityofMaltaanditsfinancialandbusinesssectors.

CSPsshould,therefore,carryouttheassessmentandobtaintheinformationthatisenvisagedunderparagraphs(a)to(c)abovesincethisistheonlywayinwhichtheriskofbeinginvolvedinanML/FTsetupcouldbemitigated.Asexplainedearlier,whenprivatecompaniesareincorporatedwithlowvaluesharecapital,theduediligencetobecarriedoutwithrespect to thesourceof the fundsof thatcapitalwouldbesimplified,andCSPsshouldseektounderstandhowthecompanywillcontinuetobefinancedandwhetheranyothercapitalinjectionsareprojected.

CSPswhowouldonlybeformingthecompany,andprovidingnoadditionalservicesthatwillleadtotheestablishmentofabusinessrelationship,wouldnotberequiredtomonitorthecompany’sactivitiesonceitstartstooperate.Apartfromgatheringinformationontheemploymentorbusinessactivityoftheshareholder/BOasexplainedabove,itisimportantfortheseCSPstocarryoutopensourcechecksontheindividualsinvolvedinthecompanyorpartnership(i.e.,directors,partners,shareholdersandBOs)ormakeuseofcommercialdatabasestoascertainthatthereisnoadverseinformationthat might link these individuals to criminal activities or participation in criminal organisations.

2.4 ONGOING MONITORING OF BUSINESS RELATIONSHIPS

Effectiveongoingmonitoring isvital tounderstandcustomers’activitiesand isan integralpartofeffectiveAML/CFTsystemsandcontrols. IthelpsCSPs toupdate theirknowledgeof theircustomersanddetectunusualorsuspicioustransactions/activities.OngoingmonitoringintermsofRegulation7(1)(d)ofthePMLFTRiscomposedoftwoaspects:

a) the scrutiny of transactions or activities being undertaken by the CSP’s corporate customers to ensure that these transactionsare in linewith theCSP’sknowledgeandunderstandingof thatcorporatecustomer, inparticular its business and operations; and

b) ensuringthatthedata,documentsandinformationobtainedaspartoftheCDDprocess(i.e.,identificationandverificationinformation,aswellasinformationgatheredonthepurposeandintendednatureofthebusinessrelationshipandthecustomer’sbusinessandriskprofile)arekeptuptodate.

2.4.1 Scrutiny of Transactions

Thepurposeofthefirstaspectofongoingmonitoring(i.e.,monitoringofactivitiesand,insomeinstances,thetransactionsbeingundertaken)enablestheCSPto:

• identify transactionsand/oractivities thatarenot inkeepingwith thecorporatecustomer’soperationsandbusiness for further examination and scrutiny by the CSP;

• generateinternalreportsonunusual/dubioustransactionsoractivitiestobereviewedbytheCSP’sMLRO;and

• ensurethatsuspicionsofML/FTorproceedsofcrimearereportedtotheFIAUinatimelymanner,asrequiredbylaw.

Page 21


Forthepurposeofidentifyingunusualcustomertransactionsoractivities,CSPsshouldtakeintoconsiderationanumberofaspects,including:

a) thenatureandtypeofindividualtransactionsoraseriesoftransactions(i.e.,thepurposeofthetransaction/s–e.g.,atransactionlinkedtoasaleofgoods),andthemannerinwhichthetransactionisconducted(e.g.,banktransferorcashpayment);

b) thevalueofthetransactions,payingspecialattentiontoparticularlysubstantialtransactions;

c) unusual changes or increases in a customer’s activities or turnover;

d) unusual changes in the nature of a customer’s transactions or activities;

e) thedetectionofcertainML/FTtypologies;

f) thegeographicalorigin/destinationofapayment;and

g) the customer’s usual pattern of activities or turnover.

The nature and extent of ongoing monitoring is dependent on the risk posed by the particular business relationship. ReferenceshouldbemadetoSection2.4.1ofthisdocument,whichprovidesguidanceontheapplicationofongoingmonitoringobligationsdependantonthetypeofcompanyservicethataCSPwouldbeoffering.

As isexplainedunderSection2.4.1,notallcompanyservices thatareofferedwillgiveCSPsaccess to informationoncompanytransactions,andthusnotallCSPsarerequiredtocarryoutongoingmonitoringoftransactions.

2.4.2 Keeping CDD data, information and documentation up to date

Throughthesecondaspectofongoingmonitoring,thatisensuringthatdata,informationanddocumentationobtainedaspartoftheCDDprocessarekeptuptodate,theCSPistokeeptheknowledgeabouthiscustomer(e.g.,involvedpartiesandstructure)andthecustomer’sbusinessandriskprofileuptodateandcurrent.

As explained in further detail underSection 4.5.3 of the Implementing Procedures Part I, there are differentways andmethodsCDDdata,informationanddocumentationshouldbekeptuptodate.Reviewsmay,forexample,becarriedoutatregularintervalsorelseontheoccurrenceofaparticulartriggerevent,orboth,dependingonthecircumstances.

TheCSPshoulddeterminethemoresuitableapproachtoensurethatcustomerinformationiskeptuptodate,withthatapproachtakingintoconsideration,andbeingproportionateto,thelevelofriskposedbythatparticularbusinessrelationship.Inanycase,CSPsshouldensurethatCDDdata,informationanddocumentationforhigh-riskbusinessrelationshipsarereviewedatleastonce every year.

ThelistbelowincludesexamplesoftriggereventsthatshouldprompttheCSPtoreviewandassesswhetherCDDobtainedneeds to be updated:

• changesininvolvedpartiesofaparticularcorporatecustomer(e.g.,changeinshareholdersorBOs);

• the monitoring and assessment of transactions undertaken by the corporate customer may indicate a change in,ortheventuringintonew,businessoperations/activitiesofthecorporatecustomer.InthesecasestheCSP

Page 22


wouldberequiredtoupdatetheCDDrecordsbyobtaininginformationand/ordocumentationtounderstandthecorporatecustomer’snewbusinessoperationsoractivities;

• thecustomerrequeststhesettingupofnewcorporatestructures;

• thecustomerrequestsservicesthatposeahigherrisk;

• unexplainablefrequentchangesinthenameofthecompany;and/or

• thefilingofanSTRtotheFIAU,whichshouldleadtheCSPtoassesswhetherCDDinformationistobeupdated.

2.4.3 General Principles applicable to ongoing monitoring

ItiscrucialforproperongoingmonitoringtobecarriedoutthattheCSP’sclient-facingmembersofstaff(inthecaseoffirms),aswellascomplianceofficersorotherstaffmemberstaskedwithmonitoringbusinessrelationships,areequippedwiththenecessaryknowledgeandexpertisetoidentifyandflagdubiousorsuspicioustransactionsoractivities,ortriggereventsthatshouldpromptareviewofbusinessrelationships.

CSPsarethusrequiredtoensurethatthey,aswellasseniormanagementandallrelevantmembersofstaff(inthecaseoffirms),receivetrainingonML/FTtrends,methodsandrisksrelevanttotheservicesprovidedbytheCSP.InternationalbodiessuchastheFATF,MONEYVAL,EUROPOL,aswellasthereportsanddocumentspublishedbytheFIAUfromtimetotime,provideinformationonthelatestML/FTtrendsandrisks,includingonthemisuseofcompaniesandotherlegalentities.Apart fromattendingand receiving training,CSPsshouldalsokeep themselves informedaboutML/FT

risks and trends relevant to their business by referring to these publications. CSPs are to refer to Section 7 of the FIAU’s Implementing Procedures Part Ionawarenessand training.

In the case of CSPs that are firms or entities, trainingshouldalsoreflectthespecifictasksthatarehandledbystaffmembers.Forexample,compliancestaffmemberswho are responsible for carrying out transactionmonitoring,shouldbeprovidedwithdetailedandregulartraining to enable them to detect suspicious transactions andbehaviours,andML/FTtrendsastheseevolveovertime. This likewise applies to client-facingmembers ofstaff whose role it is to flag anomalous or suspiciousbehaviourthatistobereviewedbythecomplianceteam.

Similarly, staff members responsible for draftingconstitutive documents or company contracts should receivemoreregularandfocusedtraining,asopposedtostaffmemberswhoareresponsibleforthefillingupandsubmissionof statutory forms. In viewof thenatureoftheirwork,theformertypeofstaffmemberswouldhaveabetteroverviewof thecorporatecustomer’sdealingsand activities, which would therefore enable them toidentify anomalous activities or transactions.

Moreover, and especially for high risk customers,CSPfirmsandentitiesshouldadoptadequateproceduresand

Page 23


mechanismsofinformation-sharingtoensurethatrelevantstaff(e.g.,theMLRO,designatedemployees,front-linestaff,relationshipmanagersandcompliancestaff)areprovidedwithtimelyinformationaboutclientrelationships,suchastheresultofEDDorotheradditionalmeasuresundertaken,anyinformationaboutanyconnectedaccountsorrelationships,andaboutanysuspiciousordubiousbehavioursoractivitiesidentified.

ItisalsoimportantthatCSPsreviewthemonitoringmethodologiesandprocessesadoptedonaregularbasistoensurethey remain adequate sinceML/FT risks andML/FT trends and practices change.Moreover, the results of ongoingmonitoringprocessesshouldalwaysbedocumented,andrecordsmaintained.

2.4.4 Risk-based approach to ongoing monitoring

The extent of monitoring should be commensurate with the particular customer’s risk profile, which risk profile isestablished through the customer risk assessment. For effective monitoring, resources should be targeted towardsbusinessrelationshipspresentingahigherriskofML/FT.

Someservices(suchascompanyformation)maybeprovidedonlyonaone-offbasis,withoutacontinuingrelationshipwith the customer, in which case no ongoing monitoring obligations would apply. Moreover, the CSP’s access todocumentationandinformationaboutthecustomer,his/heroperationsandbusinessactivitieswillvarydependingonwhattypeofcompanyservicethatCSPwouldbeoffering.

Bywayofexample,aCSPofferingonly registeredofficeserviceswouldnothaveaccess to,or visibilityof, specifictransactions or contracts being undertaken by the customer, or of bank records, to enable theCSP tomonitor thetransactionsbeingundertaken.Ontheotherhand,CSPsofferingdirectorshipservicesandbeingvestedwiththelegalrepresentationofthecompanywouldhavevisibilityofcontractsortransactionsthataretobeexecutedbythecorporatecustomer,enablingthemtoconductappropriateongoingtransactionmonitoring.

The company services provided by CSPs enable them to gain access to information and documents relative to the customer,toenablethemtoconductongoingmonitoringandtoidentifysuspiciousactivitiesortransactionscarriedoutusingcompaniesorcommercialpartnerships.Forexample,theirdirectknowledgeof,andaccessto,therecordsandmanagementaccountsofthesestructures,aswellasthroughcloseworkingrelationshipswithtrustees,settlors,managersandBOsinvolvedincorporatecustomers,mayhelpCSPstomonitorthecustomer’sactivitiesinanappropriatemanner.The continued administration andmanagement of companies and commercial partnerships (e.g., account reporting,assetdisbursementsandcorporatefilings)wouldalsoenabletherelevantCSPstodevelopabetterunderstandingoftheir customers’ ongoing activities.

ThelistbelowidentifiesthetypeofongoingmonitoringthatCSPsareexpectedtoundertakedependingontheparticularCSPactivitiestheyprovide.Thelistalsoprovidesexamplesofspecificmonitoringmeasuresthatmaybeundertaken.TheCSPshoulddeterminewhichmeasures to implementbasedon theML/FTriskposedby theparticularbusinessrelationship.

a) AllCSP services (except company formationwhenprovided as one-off services) –CSPs are expected tohave processes in place to monitor and keep CDD documentation up to date. This is intended to ensure that identificationdataanddocumentation(e.g.,thecorporatecustomer’sdetails,suchasitsname,informationonitsstructureandinvolvedparties,suchasbeneficialownershipinformation)andinformationonthecustomer’sbusinessoperationsoractivities (determined through thegatheringof informationand/ordocumentation–refertoSection2.4ofthisdocument),isreviewedtoensurethatitisstillrelevantanduptodate.

Page 24


Thiscouldbeachievedthroughmeasuressuchasthefollowing:

i) reviewingfinancialstatementstoevaluatewhetherthecustomeractivitydisclosedattheoutsetremainsunchanged;

ii) reviewingcorporatefilingsthatmaybeprocessedbytheCSPoraccessedthroughcompanyregisters.These may shed light on changes in the customer’s structure or involved parties;

iii) carryingoutmediasearchesonanongoingbasistobeawareofanyadverseorrelevantinformationonthecorporatecustomerandinvolvedparties(suchasshareholdersandBOs),withthefrequencyofthesechecksbeingdependentonthecustomerriskclassification;

iv) makinguseofcommercialdatabasestoscreen,onanongoingbasis,thecorporatecustomerandinvolvedparties; and

v) requestinginformationaboutanychangesfromthecustomeritself.

b) Registeredofficeandholdmail services – noongoingmonitoringof transactions is expectedwhen theseservicesareprovided.Intheseinstances,CSPsareexpectedtocarryoutongoingmonitoringofCDDdata,informationanddocumentsasexplainedunderparagraph(a).Whenprovidingregisteredofficeorholdmailservices,CSPsshouldalsomonitorthecorrespondencebeingreceivedtoensurethatthisisinline,andtallies,withtheCSP’sunderstandingoftheactivitiesbeingcarriedoutbythecorporatecustomer;

c) Directorship services–CSPsofferingdirectorshipservicesandwhowouldbevestedwiththelegalandjudicialrepresentationofthecorporatecustomer,orareotherwiseempoweredtobindthecorporatecustomer,areexpectedtocarryoutbothtypesofongoingmonitoring,i.e.,monitoringoftransactionsandmonitoringandupdatingofCDDdata, informationanddocumentation. In thesecases theCSP’s visibilityofpaymentsortransactionsundertakenbythecorporatecustomerwilldependonanumberoffactors,suchas:

i) whether, asdirector, onewouldhave the legal representation (soleor joint) of the corporate customer,or whether this may be exercised by others without that director’s involvement, for example if legalrepresentation is vested in any one of the directors acting individually; or

ii) whether,asdirector,onewouldhavesignatory rights (soleor joint)on thecompany’sbankorpaymentaccount.

Thelevelofaccessibilityto,andvisibilityof,transactionsandpaymentsundertakenbythecorporatecustomerwill ultimately determine the type of ongoingmonitoring of the company’s transactions and activities thattheCSPmaycarryout.Directorswhoare legal representativesof thecorporateentity (solelyor jointly)orare granted representation powers (e.g., through a Power of Attorney or Directors’ Resolutions) and areresponsibleforapprovingpaymentsorundertakingtransactions(e.g.,signingcontracts)wouldhavevisibilityof all prospective transactions to be undertaken by the corporate customer.

In these cases CSPs are expected to monitor transactions or payments prior to their execution (pre-transaction monitoring) to ensure that they are in line with the corporate customers’ expected business activities.Furthermore, the CSP should request supporting documents and information when this is not clear andnecessitatesfurtherscrutinytoascertainthepurposeandnatureofthetransactionorpaymentand,whereappropriate,thesourceoffunds.

Page 25


CSPsmayactasdirectorsinacompanywhenthelegalrepresentationorotherpowerstobindthecorporatecustomerarevested indifferentdirectorsacting individually. Insuchascenario, the legalrepresentationorbindingpowersmaybeexercisedbyotherdirectorsorindividualswithoutthatCSP’sinvolvement,andthustheCSPactingasdirectorwouldnotbeabletocarryoutpre-transactionmonitoringatalltimes.

Inthesecases,CSPsshouldadoptpost-transactionmonitoring,wherebytheyperiodicallyrequestinformationontransactions,contractsorpaymentsundertakenbythecorporateclienttodeterminewhethertheseareinkeepingwiththecorporateentity’sknownactivity.CSPsofferingdirectorshipservicesshouldalsoensurethatdiscussionsanddecisionsatboardlevelareminuted,andthattheyareinlinewiththecustomer’sexpectedactivities.

WhenCSPsprovidedirectorshipservices,butarenotvestedwiththecustomer’slegalorjudicialrepresentationoranyotherpowertobindthecorporatecustomer, theymightnotalwayshaveaccessto informationanddocumentsontransactions,contractsandpayments.Nevertheless, theyarestillexpectedtocarryout thechecksenvisagedunderparagraph(a)tomonitorthattheCDDdata,informationanddocumentation,includingtheinformationobtainedonthecorporatecustomer’sactivities,remainrelevantanduptodate.

Thisinformationanddocumentationistobescrutinisedand,whendoubtsorconcernsariseonanyparticularactivity or transactions, CSPs are to question and request further information and/or documentation tounderstandtherationaleandpurposeofthetransactionsortheactivityinquestion.CSPsprovidingdirectorshipserviceswouldalsohaveaccesstodiscussionsandminutesoftheboardofdirectors’meetings,andhenceshouldalsouse this informationandpowerof representation toobtain informationon, and scrutinise, thecompany’sactivitytoensurethatitremainsinlinewiththecorporatecustomer’sexpectedlineofactivityandpurpose.

d) Company secretarial services–inadditiontotheongoingmonitoringobligationscontemplatedunderparagraph(a), CSPs offering company secretarial services should ensure that discussions at board level (which, ascompanysecretary,theyarenecessarilyprivyto)areinlinewiththeunderstandingofthecustomer’sbusinessactivities.CSPsofferingtheseservicesarenotexpectedtocarryoutongoingmonitoringoftransactions;

e) Company incorporation–wheretheonlyservicebeingprovidedbyaCSPtoacustomerisacompanyformationservice,noongoingmonitoringobligationsapplysincethisisconsideredasan‘occasionaltransaction’.

In addition to the above checks,which are led by theCSP, itmay bewise for theCSP to hold the customer itselfresponsibleforinformingtheCSPofanychangesinconnectionwiththecustomerandtheownershipstructurethatarerelevantforthepurposeoffulfillingtheCSP’songoingmonitoringobligations.ThisisespeciallyhelpfulwithrespecttocompanyservicesinrelationtowhichtheCSPdoesnotneedtomeetthecustomeronaregularbasisordoesnothaveongoingvisibilityofthecustomer’sbusinessactivities(forexample,theprovisionofregisteredofficeservices).

Thisundertakingcanbeobtainedinthecontractualagreementorletterofengagement,orshouldotherwisebeagreedonbythecustomerinwriting.AlthoughthisprovidesanadditionalsafeguardtotheCSP,itdoesnotinanywayexoneratetheCSPfromitsongoingmonitoringobligationsintermsofthePMLFTRandasexplainedinthisdocument.Inotherwords,theCSPwillalwaysbeheldresponsibleforcarryingoutthenecessaryongoingmonitoring.Thisresponsibilitymaynotbe shifted.

TheFIAUacknowledges thatCSPsprovideancillary services,whicharenotconsideredcompanyservices.Servicessuchasthemanagementofcustomers’funds,accountsorotherassets,oranon-directoractingasasignatoryonabankaccount,maystillexposeCSPstoanelementofAML/CFTrisk,whichtheymaywishtomitigatethroughcarryingout certainmeasures.Goodpractice in this regard includes havingmeasures in place tomonitor and scrutinise thetransactionsbeingundertakenthroughtheclients’accounts,tounderstandtheirnatureandpurpose,andensurethattheyareinlinewiththecustomer’businessactivitiesandtheexpecteduseoftheclients’account.

Page 26


CSPsmaywanttorequestadditionalinformationandsupportingdocumentationwhenthepurposeandnatureoftheseservicesortransactionsarenotclearorarenot in linewiththecustomer’sknownactivitiesandtheperceiveduseofthe clients’ accounts. CSPs should avoid relying exclusively on the customers’ declarations in higher risk scenarios. Moreover,CSPsaretobearinmindthatclients’accountsaremeanttoholdfundsorprocesstransactionsrelatedtootherongoing services being provided by the CSP to the customer and that clients’ accounts are not meant to be operated as regularbankaccounts–whichtheyarenot.

2.4.5 Complex and unusual types of transactions

When transactionsarecomplex,unusually large inamountorconducted inanunusualpattern,orhavenoapparenteconomic or lawful purpose,CSPs are expected to examine the background and purpose of those transactions asrequiredbyRegulation11(9)ofthePMLFTRandSection4.5.1(a)oftheImplementing Procedures Part I. Those transactions shouldincludetransactionsbetweentheCSPanditscustomer,aswellastheunderlyingtransactionsbetweentheCSP’scustomeranditsowncustomers,whereapplicable.

Thisobligation isonlyapplicabletothosethatofferCSPservicesthatrequirethecarryingoutofongoingmonitoringof transactions,asexplained inthissection.Thepurposeof theseexaminations is thatofdeterminingwhether thesecomplexor unusual transactionsgive rise to suspicionsofMLor FT,which shouldbe reported to theFIAU, and todeterminewhetherthecontinuationofservicesisappropriate.

ThefindingsandoutcomesoftheseexaminationsshouldbeproperlydocumentedinwritingandbeavailableforinspectionbytheFIAU.ProperrecordsofthedecisionstakenandthereasonsforthedecisionswillhelpaCSPdemonstratethatthemannerinwhichithandlesunusualorsuspiciousactivitiesisappropriate.

Ongoingmonitoringofthebusinessrelationshipshouldbecarriedoutonarisk-sensitivebasis.Thismeansthat:

a) theregularityof transaction/activityscrutinyorCDDreviewsshouldbeproportionate to therisksofML/FTidentified,thoughstillinlinewithspecificrequirementsonthetypeandtimelinessofongoingmonitoringthatisprovidedforinthisdocument;and,moreover

b) theextentofinformationordocumentationbeingrequestedtounderstandthesourceoffundsforparticulartransactions,thepurposeofcertaintransactionsoranychangesinthecustomer’sactivityorbusinessshouldalsobeproportionatetotheML/FTrisksbeingposedbythatcustomer.

ReferenceshouldbemadetoSection4.5.3oftheImplementingProceduresPartIforfurtherguidance.

2.5 TIMING OF DUE DILIGENCE PROCEDURES

IndeterminingtheappropriatetimetocommenceCDDprocedures,CSPsshouldbeprimarilyguidedbytheintroductoryparagraphsofSection4.6.1oftheImplementingProceduresPartI.CSPsarenotexpectedtoinitiateCDDproceduresonanenquirybeingmadebyaprospectivecustomer.Whentheseenquiriesaresimplypreliminary,itwouldbeprematuretocommenceCDDprocedures.Asageneralrule,theCSPisexpectedtoinitiateCDDprocedureswhenthecustomertakes active steps to seek the services of the CSP. CDD measures are then to be completed prior to the setting up of the business relationship or the carrying out of an occasional transaction.

Regulation8(1)ofthePMLFTRrequiresCSPstocompleteverificationprocedurespriortotheestablishmentofabusinessrelationship or the carrying out of an occasional transaction. This notwithstanding, CSPsmay complete verificationproceduresandcarryoutotherCDDmeasuresduringtheestablishmentofthisbusinessrelationship,orthecarryingout

Page 27


ofanoccasionaltransaction,aslongasitisdemonstratedthattheriskofML/FTwithinthatinitialphaseofestablishmentof thebusinessrelationship,or theconductingof theoccasional transaction,anduntilCDDiscompleted, is lowandremainslow.

Completion of CDD – Company Formation

WhereaCSPhasbeenengagedtoincorporateacompany,theCSPneednotobtainallthenecessaryCDDinformation in relation to the company formation on the signature of the letter of engagement. The CSP may commencedraftingtheMemorandum&ArticlesofAssociationandmayaccepttheinitialsharecapital(whenthevalueoftheinitialsharecapitalislowinvalue)priortoreceivingthedocumentationtoverifytheidentityandotherinformationobtainedontheprospectivecompany,shareholdersandBOs.

Itis,however,expectedthat,atthisstage,theCSPwouldhaveobtainedthenecessaryidentificationinformationoftheprospectivecompany’sinvolvedpartiesandBOs,aswellasinformationabouttheprospectivecompany’sstructureandplannedactivities.TheCSPisthenexpectedtoensurethatallthenecessaryidentificationandother documentation to complete the CDD process is obtained prior to the actual incorporation of the company.

Ifthecustomerisnotforthcomingwithdocuments,andCDDmeasuresarenotcompletedwithinareasonableperiodof timeasdeterminedby theCSP in itsproceduresmanualandprior to the incorporationof thecompany, theCSPshouldreturnanyfundsreceivedfromthiscustomertotheirorigin,inlinewiththerequirementsofRegulation8(6)ofthePMLFTR,anddesistfromcarryingoutthecompanyformation,andalsoconsiderwhethertosubmitanSTR.

Itisalsotobenotedthatthedelayincarryingoutverificationproceduresmaynotalwaysbepossible,notwithstandingthelowriskofML/FTwithintheinitialperiodofsettinguptherelationshiporcarryingouttheoccasionaltransaction.Bywayofexample,followingtheintroductionoftheBeneficialOwnershipRegisterandtherequirementtoprovidetheMaltaBusinessRegistrywithdetailsoftheBO(s)/seniormanagingofficial(s)priortothecompanybeingincorporated,alltherequiredduediligencedocumentationmustbeinvariablyobtainedandverifiedpriortosubmittingthenecessaryforms.

2.6 TERMINATION OF BUSINESS RELATIONSHIPS FOR THE PURPOSES OF AML/CFT OBLIGATIONS

Incertaincases,therelationshipwiththecustomercannotbeofficiallyterminated.Forexample,CSPsprovidingregisteredofficeservices,whowishtoceasetheprovisionofthisservicetoacorporatecustomer,wouldnotbeabletodosowhencontactwiththecustomerislostorthecustomerbecomesunresponsiveandtheCSPcannotobtaininformationonanewregisteredofficetobenotifiedtotheMBR.

In thesecases,onlyonce theCSPhasexhaustedallpossiblemeans tocontact thecustomerandhasdocumentedtheactionstakentodoso,theterminationdateofthebusinessrelationshipforthepurposesofthePMLFTRwouldbeconsideredtobethedatewhentheCSPwouldhaveinformedtheMBRthatithaslostcontactwiththecustomerandisnotwillingtocontinueprovidingregisteredofficeservicestothatcustomeranylonger.

Thebusinessrelationshipwouldbeconsideredterminatedasofthatdate,notwithstandingthattheCSP’saddresswouldstillappearasthecorporateclient’sofficialregisteredofficeattheMBR.TerminationassetoutinthissectionistobeunderstoodasterminationofthebusinessrelationshipforAML/CFTpurposesonly;thatis,forthepurposesofongoingmonitoringandtherequirementofrecordkeeping.

Page 28


2.7 SANCTIONS SCREENING

CSPsareremindedthattheyarealsosubjecttosanctionsscreening,freezingofassetsandthereportingobligationsenvisaged under the NationalInterest(EnablingPowers)Act,Cap365.Inthisregard,CSPsareencouragedtocontinuouslykeepuptodatewithanysanctionsthatmaybeimposedandwithanyguidance,notices,decisions,recommendationsor rulings that may be issued by the SanctionsMonitoringBoard(‘SMB’). The SMB is the national competent authority responsibleformonitoringtheimplementationof,andensuringcompliancewith,targetedfinancialsanctions.

TheFIAUandtheSMBhavesignedaMemorandumofUnderstandingwherebytheFIAUactsasanagentoftheSMBandassiststheSMBbymonitoringcompliancewiththeobligationsemanatingfromtheNationalInterest(EnablingPowers)Actinrelationtotargetedfinancialsanctionsrelatedtoterrorism,terrorismfinancingandproliferationfinancing.TheFIAUisobligedtoreportitsfindingsonanysubjectpersontotheSMBforanysubsequentenforcementactionasenvisagedundertheNationalInterest(EnablingPowers)Act.

AllCSPsareexpectedtosubscribetothesanctionslist,whichisconstantlyupdatedbytheSMB,[email protected](oranyotherprocedurethatmaybeinitiatedbytheSMB),andtoscreentheirclientsagainstthislistonaregularbasis,oralternativelyhavesoftwarewhichperformsthatfunctiononanautomatedbasis.

Ofparticularimportancetosubjectpersons,includingCSPs,istheGuidanceNoteontheapplicationofArticle17(6)(a),(b)and(c)oftheNationalInterest(EnablingPowers)Act2,whichsetsouttheexpectationsoftheSMBvis-à-visCSPs’internal controls and procedures around sanctions.

2 https://foreignandeu.gov.mt/en/Government/SMB/Documents/Guidance%20Notes/Guidance%20Note%20on%20the%20Application%20of%20Article%2017%20(Systems%20in%20Place).pdf

https://legislation.mt/eli/cap/365/eng/pdf

https://foreignandeu.gov.mt/en/Government/SMB/Pages/Sanctions-Monitoring-Board.aspx

mailto:[email protected]

https://foreignandeu.gov.mt/en/Government/SMB/Documents/Guidance%20Notes/Guidance%20Note%20on%20the%20Application%20of%20Article%2017%20(Systems%20in%20Place).pdf

https://foreignandeu.gov.mt/en/Government/SMB/Documents/Guidance%20Notes/Guidance%20Note%20on%20the%20Application%20of%20Article%2017%20(Systems%20in%20Place).pdf

Page 30


Annex 1: Explanatory ScenariosID&VandScrutinyofthePurposeandIntendedNatureof Business Relationships WhenassistingwiththesettingupofcompaniesinMalta,orprovidingadditionalcompanyservicesthereto,theCSPmust,apart from identifyingandverifying the identityof thatcompanyandother involvedparties (assetoutbelow),undertakemeasurestounderstandtherationalefortheestablishmentofsuchacompanyinMalta,andthepurposeswhichthatcompanywouldbepursuing,amongothermeasuresthatareoutlinedinSection2.2ofthisdocument.

This Annex is intended to provide guidance to CSPs on the checks that they are expected to carry out at the point of establishing a business relationship. This Annex should not be interpreted as an exhaustive checklist of CDD measures thataretobeundertakenatonboardingstagebutratheranindicationofpossibleCDDmeasures.Ultimately,CSPsmustensurethattheyundertakeeffectiveandrisk-basedCDDmeasuresaton-boardingstagethatenablethemto:

i) knowwhotheyaredealingwithandtoidentifyanyadverseinformationthatinvolvedpartiesmaybesubjecttoandwhichmaybeindicativeofML/FTrisks;

ii) understand the purpose that the company being set up or servicedwill serve and ensure that there is acommercial rationale for such a set-up and purpose, and also understand the commercial activities ofconnectedcompanies(e.g.,alargergroupowningtheMaltesecompanyand/orsubsidiariesoftheMaltesecompany);

iii) haveanunderstandingofprospectivetransactionsthatwillflowthroughthecompanywhenCSPsarerequiredtomonitor company transactions (seeSection 2.4.1 –Risk-BasedApproach toOngoingMonitoring). ThiswouldenabletheCSPtoeffectivelymonitorthecompanyoncethisbecomesoperational.

This Annex is not intended to provide guidance on ongoing monitoring checks that are to be carried out. For guidance on ongoingmonitoringobligations,referenceshouldbemadetoSection2.4ofthisdocument.

Page 31


Scenario 1

TheCustomerisaFrenchholdingcompany,partofalargegroupinvolvedinprinting.ItwantstosetupacompanyinMalta tohandle its telemarketingandplanstohavepremisesandemployees inMalta.TheCSP isalsorequestedtoprovidedirectorshipserviceswiththepowertorepresentandbindthecompany.

Identification and Verification Requirements

• Obtain the Group’s organisational chart to understand the operational/specific sub-group with which theMaltesecompanywillbeinvolved.

• IdentifyandverifytheFrenchholdingcompany(whichisthecustomerrequestingthecompanyformationinMalta).ID&VinformationontheMaltesecompanywouldbeavailableandcollectedsincetheCSPwouldbeincorporating it. (SeeSection4.3.2.1oftheImplementingProceduresPart I for further informationonID&Vrequirementsinrelationtoprivatecompanies.)

• Identify and verify theBOsof the FrenchHoldingCompany and theMaltese companybeing set up (SeeSection4.3.2.1Paragraph(v)oftheImplementingProceduresPartI).

• Carryoutbackgroundsearches,usingopensourceinformationorcommercialdatabases,ontheGroupandontheFrenchHoldingCompany,aswellastheinvolvedparties(i.e.,directors,shareholdersandBOs),whichareandwillbeinvolvedintheFrenchHoldingCompanyandtheMaltesecompany,tobeawareofanypotentialadverse information.

Understanding the Purpose and Intended Nature of the Business Relationship

• Group’sActivity:obtaininformationand/ordocumentstoshowthatthegroupisindeedinvolvedinprinting.TheGroupfinancialstatementsoropensourcesearchesmayachievethispurpose.

• Activity of the Malta company: obtain information in writing from the customer (via email or through thecompilationofaclientapplicationform)thatitwillbeinvolvedintelemarketing,andverifythisinformationbyreferringtotheobjectsclause(aslongasthisissufficientlyindicativeofthecompany’sspecificactivity)oftheMaltesecompanyand/orbusinessplans(wheretheseareavailable).

• Understand the commercial rationale for the setting up of a Maltese company by a non-resident customer. Use ownjudgmentandexpertisetoevaluatethisrationaleand,ifnecessary,takingintoaccounttheML/FTriskinvolved.Obtaininformation/documentationtoassistinthatevaluation,suchasanexpertopinion.

• SourceofWealth:UnderstandhowtheMaltesecompanywillbefinancedinitsinitialstages,andascertainthatanyfunding, loansor loanguaranteesarederivedand/or linkedtotheGroup.Bevigilantandcautiouswhenfinancingwouldbederivedfromapparentlyunrelatedthirdparties,andunderstandtherationaleandconnectiontotheGroup.ObtaintheconsolidatedfinancialstatementsoftheGroup,wherethisisnecessarytosubstantiateanyinitialfunding,andthecommercialrationaleforsettinguptheMaltesecompany.

• Giventhat, inthiscase,theMaltesecompanywillbecarryingatradingactivity(i.e.,telemarketing)andtheCSPwillbeofferingdirectorshipserviceswiththepowertorepresentandbindthecompany,theCSPshouldalsogatherinformationontheexactactivitiesthatwillbecarriedout,suchasanypotentialcontractingparties(whentheseareknownattheoutset)andexpectedtransactionalactivity.ThiswillenabletheCSPtocarryouteffectiveongoingmonitoringoftransactionsoncethecompanybecomesoperational.

Page 32


Scenario 2

TheCustomerisaUnitedStates(US)holdingcompany,partofalargegroupinvolvedinsteelmanufacturing.ItwantstosetupaholdingcompanyinMalta,whichwillinturnhaveaMaltasubsidiary,whichinturnwillownacompanythatholdsthegroup’strademark.TheCSPistosetupthecompanyinMaltaandalsoprovideregisteredofficeservices.

ID&V Requirements

• ObtaintheGroup’sorganisationalcharttounderstandtheoperational/specificsub-groupwithwhichtheMaltacompanieswillbeinvolved.

• ID&VoftheUSholdingcompany(whichisthecustomerrequestingthecompanyformationsinMalta)andID&VinformationontheMaltesecompanieswouldbeavailableandcollectedsincetheCSPwouldbeincorporatingthem.SeeSection4.3.2.1oftheImplementingProceduresPartIforfurtherinformationonID&Vrequirementsin relation to private companies.

• ID&V theBOsof theUSHoldingCompanyand theMaltesecompaniesbeingsetup (SeeSection4.3.2.1Paragraph(v)oftheImplementingProceduresPartI).

• CarryoutbackgroundsearchesusingopensourceinformationorcommercialdatabasesontheGroupandUSHoldingCompany,aswellastheinvolvedparties(i.e.,directors,shareholdersandBOs)thatareandwillbeinvolvedintheUSHoldingCompanyandMaltesecompanies,tobeawareofanypotentialadverseinformation.


• Group’sActivity:Obtaindocuments toshow that thegroup is indeed involved insteelmanufacturing.TheGroupfinancialstatementsoropensourcesearchesmayachievethispurpose.

• MalteseCompanies’Activities:Obtaininformationinwritingfromthecustomer(evenbyemailorthroughaclientapplicationform)indicatingthatthecompanybeingsetupwillbeaholdingcompany,whichwillultimatelybeholdingtheGroup’strademarkthroughasubsidiarycompanysetup inMalta.Verify this informationbyreferring to theobjectsclauseof theMaltesecompanies (as longas thesearesufficiently indicativeof thecompanies’specificactivities)and/orbusinessplans(wheretheseareavailable).

• UnderstandthecommercialrationaleforthesettingupoftheMaltesecompaniesbyanon-residentcustomer,and for the setting up of amulti-tier company structure (i.e., aMaltese holding company thatwill in turnownanotherMaltesecompanywhichwillholdthegroup’strademark).Useownjudgmentandexpertisetoevaluate this rationaleand, if necessary, taking intoaccount theML/FT risks involved.Obtain information/documentationtoassistinthisevaluation,suchasexpertopinions.

Page 33


Scenario 3

TheCustomerisaGermancompany,partofalargergroupinvolvedinrealestate.ItwantstosetupaholdingcompanyinMaltatoholdinvestmentsthatwillbequotedsecuritiesorstakesinunrelatedprivatecompanies.TheCSPwillalsobeprovidingdirectorshipserviceswiththepowertorepresentandbindthecompany.

ID&V Requirements

Same as previous scenarios.


• Group’sActivity:Obtaindocumentstoshowthat thegroup is involved inrealestate.TheGroup’sfinancialstatements or open source searches may achieve this purpose.

• MaltaCompany:Obtaininformationinwritingfromthecustomer(evenbyemailorthroughthecompilationofaclientapplicationform)indicatingthatthecompanybeingsetupwillbeholdingsecuritiesorinvestmentsinothercompanies.VerifythisinformationbyreferringtotheobjectsclauseoftheMaltesecompany(aslongas this is sufficiently indicative of the company’s specific activity) and/or business plans (where these areavailable).

• Understand the commercial rationale for the setting up of a Maltese company by a non-resident customer. Use ownjudgmentandexpertisetoevaluatethisrationaleand,ifnecessary,takingintoaccounttheML/FTriskinvolved.Obtaininformation/documentationtoassistinthisevaluation,suchasexpertopinions.

• SourceofWealth/FundingoftheInvestments:AscertainthatthefundingfortheacquisitionoftheinvestmentswillbederivedfromtheGroup,andobtaininformationonthewealthsubstantiatingthoseinvestments(e.g.,groupfinancialstatements).ThiswouldneedtobecarriedoutattheoutsetwhentheinvestmentswillbeheldbytheMaltesecompanyatformationstageoraspartofongoingmonitoringcheckswhentheinvestmentswouldbeacquiredbytheMaltesecompanyatalaterstage.Bevigilantandcautiouswhenfinancingwouldbederived from apparently unrelated third parties.

• Gather information on the investmentsbeingmade in securities and stakes of other unrelated companies(e.g.,volume,valueandtypeofinvestments,pricesofacquisition,dividendspayable,etc.).ThisinformationwouldneedtobegatheredattheoutsetinrelationtotheinvestmentsthatwillbeheldbytheMaltacompanyimmediatelyonformation,oraspartofongoingmonitoringcheckswhentheseinvestmentswouldbeacquiredatalaterstage.ThisinformationwillalsoassisttheCSPtoidentifyanydubiousorsuspiciousactivitiesandtomonitorthetransactionsthatwillgothroughthecompanyonceitbecomesoperational.

Page 34


© Financial Intelligence Analysis Unit, 2020

Reproductionispermittedprovidedthesourceisacknowledged. Questions on this document may be sent to [email protected]

65C,TowerStreet BirkirkaraBKR4012 Malta

Telephone: (+356)21231333 Fax: (+356)21231090 Email: [email protected] Website: www.fiaumalta.org

mailto:[email protected]