Continuing initiatives in Malta against abuse in the innovative technology sector

Back in June 2018, legal ambiguity dominated the innovative technology sector. Before any new laws came into force in Malta to create some legal certainty relating to innovative technology arrangements, there was a concerted effort to make sure that one thing was clear: that the laws on the prevention of money laundering and terrorist financing would apply to persons acting within this new space relating to innovative technology, notwithstanding the vacuum in the area around the world.

Through collaboration between local industry players and the local Financial Intelligence Analysis Unit (FIAU), sector specific amendments were made to the PMLFTR[1] and to the FIAU implementing guidelines (Part I) to clearly state that all intermediaries in relation to virtual financial assets would be considered to be subject persons and bound by all the laws on the prevention of money laundering and terrorist financing. The guidelines went even further and extended also to issuers of cryptocurrencies, going beyond the EU 4th and 5th AMLD at the time. These were in turn followed by FIAU stand-alone implementing guidelines (Part II – Virtual Financial Assets Sector) which focused on the application of anti-money laundering and countering the funding of terrorism obligations to the virtual financial asset sector, published in February 2020, and further amended in September 2020.

Part II of the FIAU guidelines also provide a number of red flags which serve as guidance to subject persons on when they are expected to further question conduct of clients and when, if at all, they are expected to file a suspicious transaction report. The red flags included are in line with the report issued by the Financial Action Task Force (FATF) in September 2020, which report focused on Money Laundering (ML) and Financing of Terrorism (FT) red flag indicators associated with virtual assets. These are intended to help subject persons operating in the field to carry out a comprehensive risk assessment for purposes of identifying and reporting potential ML and FT activities which involve virtual assets.

The FIAU guideline was then confirmed through Legal Notice 372 of 2017 to ensure it had the force of law. The FIAU implementing procedures (Part I) and legal notice were supported by the Fourth Schedule of the Innovative Technology Arrangements and Services Act[2] which addressed the problem of how to define the owners and controllers of a digital platform – basically a blockchain arrangement with smart contracts. It used parallels to a legal organisation to elicit answers to the basic questions as to who would be subject to due diligence, assessments and verification when one finds the ambiguity posed by decentralised and autonomous innovative technology platforms, locally called “innovative technology arrangements” or “ITAs”. Finding who the client is, who is controlling the arrangement and who has a relevant percentage of ownership are not easy issues for a subject person, with duties under the prevention of money laundering laws, to determine.

June to November 2018 was not a time when many countries did impose such conditions on this sector and this led to the expected outcome – that many who expressed initial interest in Malta and what Maltese law had to offer, in terms of certification of ITAs based on registered systems audits and technical elements to ensure ability to react to losses or breaches of mandatory law, looked to other countries to do business. It was only those developers who welcomed the demanding regulatory requirements who proceeded with establishing some developing projects in Malta. Few appreciate this even today.

Since then, many countries have taken similar initiatives and these continue, including at EU level where the Malta model is indeed recognisable in the proposals. At local industry level we naturally continue with the analysis of legal developments and maintain momentum in this area even though the volume of interest has reduced dramatically, spurred further by the local reputational problems from Government failures in governance, COVID-19 repercussions and related events.

The rules on the issue of cryptocurrencies and intermediary services are administered by the Malta Financial Services Authority and to date very few authorisations have been issued. The concerns of abuse in this sector are undoubtedly having an influence and the Moneyval review is certainly having a significant impact. This has resulted in very muted activity in this area till now. .

In June 2019, the Financial Action Task Force (FATF) issued additional guidance for a risk-based approach to virtual assets and virtual asset service providers, which include a number of recommendations with the aim of addressing AML and CFT issues within global and national VFA sectors.  These guidelines also include a travel rule which stipulates that virtual financial asset service providers (VFSAPs) are required to obtain, from their customers, information on the originator or beneficiary of a virtual asset transferred or deposited into their customers account or wallet, or withdrawal from customer accounts or wallets. The VFASPs must in turn verify accuracy of the required originating transaction information. This is extremely important from a prevention of money laundering and terrorist finance angle and will be even more important, and probably very controversial from a privacy angle as well, when sovereign states start issuing their own digital currencies as lawful tender, including the EU with a digital Euro. This will start happening in 2021 as several states now have very advanced projects in this regard. This is to some extent possible with virtual financial assets. It was never possible with regular money/cash.

The FATF has just issued a new publication on Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing. It is based “on more than 100 case studies collected by members of the FATF Global Network” and reflects what is happening in the global scene where a lot of information flows freely on the internet every time something happens in any corner of the globe. The publication gives the reasons for its issue : “The ability to transact across borders rapidly not only allows criminals to acquire, move, and store assets digitally often outside the regulated financial system, but also to obfuscate the origin or destination of the funds and make it harder for reporting entities to identify suspicious activity in a timely manner.”

Digital assets pose the same problem as cash, plus a few more, but also open up the potential for regtech – designed technology operating in the same space and language as the digital assets we do not see or touch – to monitor them. This is very difficult with cash, which is fungible, one note being equivalent to and exchangeable for the rest.

The FATF publication focuses on RED FLAGS which is a first step in creating awareness of operators in a sector where there could be low levels of activity and awareness as a result. Digital assets similar to currencies have been a red flag for a long time and although many years have passed since the launch of Bitcoin, we still continually read about it being used in criminal activities, no different from cash of course, but still a concern. The legal and legitimate use of these digital asset, although far outstripping the criminal use, is hardly ever the subject of news reports.

The Red Flags are summarised in an introductory note under the following headings:

  • Technological features that increase anonymity – such as the use of peer-to-peer exchanges websites, mixing or tumbling services or anonymity-enhanced cryptocurrencies
  • Geographical risks – criminals can exploit countries with weak, or absent, national measures for virtual assets
  • Transaction patterns – that are irregular, unusual or uncommon which can suggest criminal activity
  • Transaction size – if the amount and frequency have no logical business explanation
  • Sender or recipient profiles – unusual behaviour can suggest criminal activity
  • Source of funds or wealth – which can relate to criminal activity

This is of great help to those in the sector who are recently engaging in a diversification drive by adding this new business sector to their portfolio of services. It is of course also helpful to those focusing on it since 2018 or earlier as no one organisation can ever have enough exposure to reflect on all these areas of risk. The document is therefore very useful for all operators. The publication naturally goes into a lot of detail which will be further discussed in future reviews.


[1] Prevention of Money Laundering and Funding of Terrorism Regulations, Chapter 373.01 of the Laws of Malta.

[2] Chapter 592 of the Laws of Malta.