When leading a financial services entity, in particular within the company service provision, one needs to be aware of the consequences of business decisions that could undermine the entity’s business policies, systems and the overall compliance culture. In this 5-part series of articles, I will analyse 5 business decisions, through the legislative references such decisions could fall foul of, the impact on the organisation these decisions could have, and attempt to suggest a course of action.

Conducting appropriate CDD/KYC on clients

A strong and aggressive sales culture within a firm, possibly enabled by a change in senior management or a recent takeover by an international firm, may lead to an increased pressure for Compliance to lower the bar, particularly in conducting CDD/KYC.

Legislative/Competent Authorities’ references

Regulation 7 of the PMLFTR sets out the CDD measures to be undertaken by subject persons in relation to their customers whilst regulation 8 sets out the timing when verification of identity measures is to be implemented. Regulation 10 and 11 set out instances when SDD may and EDD must be undertaken and Regulation 12 provides the possibility to rely on CDD carried out by other subject persons. [1]

Main impact

Breaching any of these regulations carries administrative penalties that could range from €1,000 to €46,500 and which may be imposed not only on the subject person but also on the officers, including the MLRO. Of course, the impact on the firm in not conducting appropriate CDD/KYC goes way beyond the penalties contemplated in the relevant laws.

By disregarding CDD/KYC policies and procedures in place, the firm is exposing itself to onboarding clients that are not who they say they are. They could be PEPs or worse still, sanctioned persons, thereby exposing the firm to drastic consequences as contemplated by the Sanctions Monitoring Board or OFAC.

The 1st line of defence, by succumbing to the pressures of onboarding at all costs, is not providing any defence at all.  By failing to identify any underlying or overlying structures through adequate due diligence processes, a firm will be exposed to the risk of onboarding clients with UBOs who may have criminal records or are subjects of adverse media or worse still, UBOs with ML/FT suspicions or convictions.  Even in the event where a firm is onboarding a legitimate customer with no such inherent risk, the fact that the subject person did not carry out required due diligence as a matter of procedure, exposes the firm to being sanctioned for systemic failings.

In such an instance, the firm would also not be assessing and obtaining appropriate information on the purpose and intended nature of the business relationship. It is also not obtaining source of wealth and funds and consequently, the firm is potentially exposing itself to onboarding clients who have obtained their wealth fraudulently or through money laundering, stemming from all sorts of predicate offences, including tax evasion. This is precluding the firm from really understanding the purpose and nature of the business, which could be primed to conceal ownership and control in order to carry out additional illegal activities of launder proceeds of crime and/or fund terrorism.

The 1st line of defence, being client facing, could in breach of crucial on-going monitoring obligation. They could not be sensitive to or even aware of any changes to the business relationship, or whether the activities or transactions are triggering red flags and consequently the business relationship should be revaluated by escalating this to Compliance, as the 2nd line of defence.

The disregard for CDD/KYC could be exposing an entity to an incremental reputational risk, since as the client list grows, so does the risk of encountering or facilitating ML/FT. The irreparable damage to the entity’s reputation will inevitably impinge upon the operation, as genuine clients might leave, banks make opening bank accounts harder and legal costs suffered to defend the entity from the authorities grasp spiral, besides incurring substantial fines, levied both on the firm and on the officers personally.

Course of action

The Board needs to unequivocally ensure that the tone is set from the top and that senior management responsible for the sales force is aware of the obligations and importance in conducting CDD/KYC.

The 1st line of defence needs to do just that. Senior management responsible for this team needs to make it clear that CDD/KYC can never be compromised. The AML division will assist in this by providing adequate training on conducting CDD and imprint the risks and repercussions that non-compliance subjects the firm and its officers to.

The Board would also be confident that fresh CDD/KYC is being obtained for active clients, as part of its ongoing monitoring obligations.

Outsourcing or automation of processes, especially related to on-going monitoring, could also free up valuable time for the 1st line of defence team. The FIAU will however, always consider the subject person as being ultimately responsible for any processes being outsourced or automated, in compliance with its AML/CFT obligations.[2]


Commercial pragmatism makes one understand that the firm does not operate within a vacuum and is directly influenced by the competitive nature of the industry it is in. The Board needs to ensure that any aggressive growth strategy is in sync with the industry-standard. However, even if this is reaffirmed, any Board needs to diligently establish and maintain a culture of compliance.

About the Author

This article has been authored by Jean-Claude Cardona, CSB Group Operations & Finance Director. Contact us here or on info@csbgroup.com for more information.

[1] FIAU, Implementing Procedures Part 1, Page 64-65.

[2] FIAU, Implementing Procedures Part 1, Page 231.

'Credit & Financial Institutions' Related News Articles

The HSBC Malta Foundation supports Three-Year UM Research Project through RIDT
HSBC Bank Malta p.l.c.

by HSBC Bank Malta p.l.c.

19th February 2024

Bank of Valletta

by Bank of Valletta

17th January 2024

Goal-line Defenders: Scoring Victory Against Financial Crime with the Three Lines of AML/CFT Defence
CSB Group

by CSB Group

12th January 2024

Agreement reached on the establishment of the Anti-Money Laundering Authority (“AMLA”)
Ganado Advocates

by Ganado Advocates

3rd January 2024

FIAU Thematic Review on Company Service Providers when providing Company Formation Services
Ganado Advocates

by Ganado Advocates

3rd January 2024

Directive 93/13/EEC and mandatory statutory or regulatory provisions in consumer contracts
Ganado Advocates

by Ganado Advocates

3rd January 2024

MiCA Update: Consultation Process on the Proposed Updates to Chapter 3 of the VFA Rulebook
Ganado Advocates

by Ganado Advocates

1st November 2023

Continuing to disclose the topic EU funding for Startups ¦ Startup Definition
Griffiths + Associates Ltd

by Griffiths + Associates Ltd

31st October 2023

EU Court’s Landmark Ruling: Restricting Financial Ties to Combat Money Laundering and Terrorism Financing
Ganado Advocates

by Ganado Advocates

16th August 2023

ESMA issues public statement in relation to sustainability disclosures in prospectuses
Ganado Advocates

by Ganado Advocates

16th August 2023

The new notified PIFs framework: MFSA publishes consultation document on regulatory changes
Ganado Advocates

by Ganado Advocates

26th May 2023