Over the past years, regulators have considerably stepped up their enforcement role, and this is evident from the hefty fines being imposed, the publication of such fines, and the subject persons in question. This reality poses not only compliance and financial risks on subject persons but also reputational risks, which might have an even greater adverse effect on the company. Thus, it is natural that the notification of a regulatory visit is met with apprehension by those involved.

Subject persons are informed of a visit from the FIAU, and either the MFSA or the MGA, through a notification letter generally sent three weeks in advance. The FIAU will also request a list of documentation that would need to be provided within one week from the receipt of the notification letter. Visits may take various forms, with the most common being on-site or off-site compliance examinations, full-scope, targeted or thematic reviews, supervisory meetings, and ad hoc visits.

By failing to prepare, you are preparing to fail”, Benjamin Franklin’s wise words perfectly describe the approach which companies should take vis-à-vis regulatory visits. Managing regulatory visits effectively requires careful planning and commitment from senior management. The amount of time and effort required to prepare for such a visit cannot be underestimated. The following are some tips that should help in the preparatory phase of the review.

The review process should be managed by the Money Laundering Reporting Officer (MLRO), who should allocate the time and identify the resources required to prepare the documentation related to the review, as well as to assist the regulators during the course of the visit. Moreover, since the Board as a whole is responsible for compliance, they need to be kept updated with the status of the review. Depending on the nature of the visit, it would perhaps also be beneficial for a member of the Board to be directly responsible for overseeing the process. This will also facilitate communication with the Board.

It is essential to identify objectives, assign responsibilities, and set deadlines. The notification letter relating to the visit will indicate the type of review taking place, and the areas which will fall within its scope. This information should be used to define an action plan and to allocate responsibilities across the team to ensure that deadlines set by the FIAU are met.

An independent third-party review and assistance can add value during the preparatory and the review process. This will allow the company to have the required technical expertise on board within a short period of time, without removing resources from the first and second line of defence and thereby limiting disruptions to operations.

One should allocate sufficient time to collate and carry out a detailed review of the information requested. Reviewing the documentation prior to submission is critical to uncover issues, gaps and inconsistencies. This would give the opportunity for certain issues to be rectified before the documentation is submitted. Subsequently, all requested information should be provided in a clear and structured manner to facilitate review. This process should be subjected to the ‘four eyes’ review principle.

Issues may be uncovered during the preparatory phase or as a result of ongoing compliance monitoring – breaches or errors which cannot be addressed prior to the review. Be transparent and report them upfront, together with a detailed action plan of how the company plans to rectify such issues. This will give comfort to the regulator that the company has the systems in place to identify issues, and that it is also committed to act on them. The plan, however, must be realistic, since it will certainly be followed up by the regulators. Failure to implement an action plan will have negative effects on the company’s reputation with the regulators and may also trigger further reviews and possible sanctions.

Finally, it is vital that the MLRO be on top of their game at all times, especially when it comes to dealing with an official review by the authorities. The person assigned to this role must have a thorough understanding of the risk and control framework of the company with respect to AML. This essentially means understanding the risks the company is exposed to and the drivers resulting in the overall risk. Furthermore, the MLRO should also understand the underlying processes, systems, and tools in place to mitigate those risks, including the methodology used in the business and customer risk assessments.

Theoretically, a company with a robust AML framework should have nothing to fear from a regulatory visit. However, it will generally still present a challenge for companies, particularly due to the resources required and the potential disruption to the operations of the company. On the other hand, a successful outcome of such a visit will add value to the company by providing assurance to the regulators, shareholders, directors, and employees, of the internal standards, maintained and the quality of the AML framework. It will also be a learning experience for the AML compliance team, who will get an insight into the regulator’s point of view.

Alicia Vella is a Senior Manager within the Advisory Department at Mazars in Malta.

'Credit & Financial Institutions' Related News Articles

01
The European Union Global Minimum Level of Taxation for Multinational Enterprise Groups and Large-Scale Domestic Groups Regulations 2024
CSB Group

by CSB Group

5th April 2024

Bank of Valletta has supported this year’s opera by Gioachino Rossini – ‘Armida’
Bank of Valletta

by Bank of Valletta

18th March 2024

Changing the terms of a credit agreement and forbearance policies and measures: new obligations on lenders in consumer and residential property credit agreements
Ganado Advocates

by Ganado Advocates

23rd February 2024

The HSBC Malta Foundation supports Three-Year UM Research Project through RIDT
HSBC Bank Malta p.l.c.

by HSBC Bank Malta p.l.c.

19th February 2024

BOV RETROSPECTIVE EXHIBITION FEATURING WORKS BY NOEL GALEA BASON OFFICIALLY INAUGURATED
Bank of Valletta

by Bank of Valletta

17th January 2024

Goal-line Defenders: Scoring Victory Against Financial Crime with the Three Lines of AML/CFT Defence
CSB Group

by CSB Group

12th January 2024

Agreement reached on the establishment of the Anti-Money Laundering Authority (“AMLA”)
Ganado Advocates

by Ganado Advocates

3rd January 2024

FIAU Thematic Review on Company Service Providers when providing Company Formation Services
Ganado Advocates

by Ganado Advocates

3rd January 2024

Directive 93/13/EEC and mandatory statutory or regulatory provisions in consumer contracts
Ganado Advocates

by Ganado Advocates

3rd January 2024

MiCA Update: Consultation Process on the Proposed Updates to Chapter 3 of the VFA Rulebook
Ganado Advocates

by Ganado Advocates

1st November 2023

Continuing to disclose the topic EU funding for Startups ¦ Startup Definition
Griffiths + Associates Ltd

by Griffiths + Associates Ltd

31st October 2023

EU Court’s Landmark Ruling: Restricting Financial Ties to Combat Money Laundering and Terrorism Financing
Ganado Advocates

by Ganado Advocates

16th August 2023

ESMA issues public statement in relation to sustainability disclosures in prospectuses
Ganado Advocates

by Ganado Advocates

16th August 2023