Foundations regulations on central register of beneficial owners

The notorious CRB Regulations for Foundations, Trusts, Associations and Companies have been published as subsidiary legislation on the 20 December, 2017.

1.             Background

The title of the regulations relevant to foundations is the Civil Code (Second Schedule) (Register of Beneficial Owners – Foundations) Regulations 2017 (the ‘Regulations’) and they were published in terms of the Civil Code, as subsidiary legislation, because it is the Second Schedule of the Civil Code (Chapter 16 of the Laws of Malta) that regulates foundations, associations and other types of legal organisations.

The Regulations are stated as entering into force on the 1st January, 2018 and the only sign of a transitory provision is in reg. 5 that imposes a 6-month deadline for the submission in the prescribed form by the foundation of the information required by the Regulations.

This deadline therefore seemingly expires on the 1 July, 2018 for existing foundations to provide such information.

A major let down is the fact that the Regulations appear to have been issued in terms of article 30 of the EU’s 4AMLD (dealing with companies and other legal entities) and not article 31(8) that deals with arrangements similar to trusts, which is what foundations ultimately are.


2.             Which foundations are affected?

All foundations are caught by these Regulations, be they beneficiary foundations, or purpose foundations (whether set up to achieve a social purpose or any lawful purpose on a non-profit basis) (reg. 3(1)) – once again the EU 4AMLD did not specify which foundations would be caught and one would have thought that once a purpose foundation has no beneficiaries, there cannot possibly be a ‘UBO’ as such.  Government-set up and controlled foundations, pious foundations or ecclesiastical entities and other types of foundations designated by notice by the Minister of Justice are, however, excluded (reg. 3(2)(c)).


3.             Obligation on the Foundation

In terms of reg.4 every foundation is obliged to “take all reasonable steps” to obtain and at all times hold adequate, accurate and up-to-date information in respect of the beneficial owners which as a minimum must include:

(a)           name;

(b)           date of birth;

(c)           nationality;

(d)           country of residence (but not residential address);

(e)           an official identification document number including:

a. the type of document (e.g. identity card); and

b. country of issue

(f)            the category of the definition of BO that the person falls under (e.g. founder/protector etc);

(g)           the nature and extent of the benefit and any changes thereto (but excluding reference to Potential Beneficiaries);

(h)           the effective date on which a natural person became or ceased to be a BO of the Foundation or, in the case of a beneficiary, the effective date on which his beneficial interest in the foundation has increased or been reduced.


The term Beneficial Owner is given the same meaning as under 4AMLD and as specifically including:

–               the founder;

–               the administrator(s);

–               the protector or members of a supervisory council (if any);

–               any other natural person exercising ultimate and effective control over the foundation by any means, including any other person whose consent is to be obtained or whose direction is binding in terms of the foundation’s statute (or any other instrument in writing) for material actions  to be taken by the foundation or the administrators.

It is not clear on what basis the above should be regarded as ‘beneficial owners’ of a foundation because none of these persons ever have an interest in the foundation’s assets, unless they too are beneficiaries (in which case they would get caught as ‘beneficial owners’ in their capacity as beneficiaries). It is also not even clear who else can possibly have ‘ultimate and effective control’ over a foundation, other than perhaps a protector or a founder with reserved powers (or, perhaps, a power holder who is a person other than a protector or founder).  However this is all in the EU’s 4AMLD and the problem lies there, not so much with the Maltese Regulations that merely transpose the EU 4AMLD.

The beneficiaries of a foundation are, as is to be expected, also included in the definition of Beneficial Owner and include:

–               the identified beneficiaries; and

–               where the ones benefiting have yet to be determined, the class of persons in whose main interest the foundation is set up or operates;

and if the beneficiary is a legal entity, the beneficiary includes the UBO of such legal entity.  Therefore a look through approach was adopted for corporate beneficiaries, even though this was not dictated by the EU 4AMLD.

Thankfully, in terms of reg. 4(1)(g), if the statute of the foundation or other instrument in writing includes a suspension of the administrator’s duty to inform a beneficiary of:

–               his benefit; or

–               the fact that he forms part of a class of beneficiaries which may so benefit

such person shall not be deemed to be a beneficiary until such time as he is informed of such benefit or receives actual benefit (“Potential Beneficiaries”).

Rules have been introduced to regulate classes of beneficiaries and they are mirrored verbatim in the Trusts Regulations (reg.4(2)).  The provisions require the Foundation to describe the class and declare the members, and the information is stated as being required to be submitted to the RLP “as soon as a beneficiary is determined to form part of a class of beneficiaries or is appointed as a beneficiary of the foundation, whichever is the earlier”.  It is not clear whether forming part of a class refers to the moment in time when, for instance, a beneficiary gets married (and consequently the spouse too falls within the class) or a child is born, in which case the actual details of the individual concerned need to be provided (presumably subject to the exception relating to when the beneficiary is subject to a suspension of information requirement).


4.             Who within the foundation is responsible for maintaining the register?

Regrettably the Maltese legislator opted to place responsibility on the officers of the Foundation jointly and severally with the foundation itself, meaning that the administrators of the foundation become potentially liable with the foundation for any breaches.  Worse still, where the administrator is a legal organisation, then the persons (presumably natural persons?) entrusted with the management and administration thereof become liable (as per the definition of ‘officer’ in the Regulations).  This would therefore seem to catch both the directors of the corporate administrator and potentially also the management thereof (such as a CEO and other members of top management).

The foundation’s internal BO register is required to be kept by the foundation at the registered address of the foundation or at such other place as may be specified in the statute of the foundation (reg. 4(6)).

A new obligation, not found in the EU 4AMLD, is imposed on Foundations not to update the internal register of BO’s (either by adding or updating details) or to notify the RLP when required to do so of the name of any BO, unless it has carried out CDD obligations in terms of applicable AML-CFT laws and regulations in force in Malta.   It is not immediately clear whether this provision is actually imposing an obligation on a foundation to conduct CDD before fulfilling its obligations under the Regulations (which it is not obliged to do as it is not a subject person; the administrators are) or, instead, whether it is intended as a safeguard for foundations and their officers who are effectively exonerated from complying with their obligations under the Regulations until such time as the Beneficial Owners provide the necessary CDD to the foundation.  It is also not clear whether if failure to comply with such CDD requirement would somehow affect the status of that person as a beneficial owner (in whichever capacity he may be acting; i.e. whether as founder, administrator, beneficiary etc).


5.             How does the Foundation gather the information?

The Regulations require the Foundation to obtain the information under paragraph 3 above from:

(a)   the beneficial owners of the Foundation; and/or

(b) from any natural person whom it has reasonable cause to believe to be a beneficial owner.

The latter are required to provide the said information without delay. When the beneficiary is a legal organisation or a fiduciary or other intermediary, the Foundation is required to obtain information on the principal or beneficiary of such intermediary.

Moreover, on every change to a beneficial interest (including an acquisition, disposal, increase or reduction), every person who is appointed or ceases to be a beneficial owner is equally bound to provide information to the Foundation.

The Foundation is also required to verify the information obtained as well as ascertain itself, by obtaining declarations, that the beneficial owner is not acting as an intermediary for another person (e.g. as an agent, nominee or trustee), since the Foundation would otherwise be required to obtain information on the principal or beneficiary of such intermediary.


6.             Changes to the information

The information held in the CRBO is required to be adequate, accurate and up-to-date (reg. 7(1)).  Accordingly, whenever there is a change in the BO or any other change occurs as a result of which any particulars in the CRBO are incorrect or incomplete, the foundation is obliged, within 14 days from the date when the change is recorded with the foundation, deliver to the RLP a notice in the prescribed form (if any) of the change, prioviding the information required by reg.4.

If the change in BO relates to a change in administrators it is the duty of the administrator to incorm the RLP of such change.

Oddly, any such notice sent to the RLP needs to be signed by at least one officer of the Foundation and, in the case of a corporate administrator by at least 2 persons entrusted with the administration and management thereof.

A penalty is prescribed for default in complying (see section below on Offences and Penalties).


7.             Central Register of Beneficiaries

The Registrar for Legal Persons (“RLP”) has been entrusted with the task of maintaining the Central Register of Beneficial Owners (“CRBO”), containing the information provided to the RLP (reg.6(1)).  A distinction is made between the information held by the RLP on the normal register of foundations and that on the CRBO, and the information provided for the latter will not be maintained in the former (reg. 6(2)).

The CRBO shall be interconnected with the system of interconnection of EU and EEA central registers via the European Central Platform and the European e-Justice Portal serving as the European electronic access point as contemplated by the EU 4AMLD (reg. 13(1)).

The Regulations also contemplate the possibility of information needing to be delivered to the RLP in terms of then Regulations, as well as the retention thereof by the RLP, in electronic format in terms of the Electronic Commerce Act (Cap. 426), if so determined by the RLP.


8.             Access to the information on the CRBO

The all important issue of access to the CRBO is regulated by reg.9 and regrettably follows the model for companies in terms of article 30 of the EU 4AMLD, and not article 31 as it should have.

Access to the Register of Beneficial Owners is granted:


(a)   National competent authorities with designated responsibilities for combating money laundering and terrorist financing, or that have the function of investigating or prosecuting money laundering, associated criminal offences and terrorist financing, or of tracing, seizing, freezing and confiscating criminal assets;

(b)   The Financial Intelligence Analysis Units (FIAU);

(c)    National tax authorities;

(d)   Any other national competent authority within the meaning assigned to it under the Prevention of Money Laundering and Funding of Terrorism Regulations not already covered above.

Access will be without prejudice to the relevant competent authority’s obligations under applicable data protection laws and regulations, but unfortunately this requirement is not elaborated on in the Regulations.


Subject persons in terms of the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01) for the purpose of carrying out their customer due diligence obligations in relation to such Foundation.

 Access will be without prejudice to the relevant subject person’s obligations under applicable data protection laws and regulations and laws relating to professional secrecy, once again without this requirement being elaborated upon in the Regulations.

 The possibility of opening access up to subject persons in the course of the conduct by them of Customer Due Diligence procedures is actually only an option given to Member States in the case of trusts and similar arrangements, and this should also have been an option with respect to Foundations.  However, the Maltese legislator, probably as a result of the choice to bring foundations under article 30 of the EU 4AMLD rather than article 31, took up this option.


any person who, or organisation which, satisfactorily demonstrates and justifies (subject also to the requirement of certain documentation to be provided) a legitimate interest (which term is not defined in the Regulations) specifically related to the prevention of money laundering and the financing of terrorism. Apart from the fact that it is unfortunate that Malta did not take the opportunity to define and set limits to what constitutes a legitimate interest, it is especially relevant that in terms of the current version of article 31 of the EU 4AMLD, persons with a legitimate interest are not given access rights to the CRBO in the case of trusts – one therefore struggles to try and find a justification for creating this disparity in access rights for trusts and foundations.  This is all the more so when page 16 of the current draft EU 5AMLD, proposed by the EU Commission, provides the following under the heading ‘trusts and other legal arrangements’: “The beneficial ownership information concerns a wide range of legal arrangements: express trusts specific to common law, but also similar entities such as Treuhand, fiducies or fideicomiso, and all assimilated legal arrangements such as foundations”, in this way clearly equating trusts with foundations in terms of the functions that each institute seeks to fulfil.



The Maltese legislator thankfully took on board the EU 4AMLD option given to Member States to disallow access to beneficial ownership information to those persons mentioned in B and C above where, in exceptional circumstances, to be determined on a case-by-case basis and justified by means of documentary evidence, access would expose the beneficial owner to the risk of:

– fraud

– kidnapping

– blackmail

– violence or

– intimidation or

– where the beneficial owner is a minor or otherwise incapable.

The RLP is empowered to determine any such request and whether access is to be allowed based on information provided by the Foundation when complying with these Regulations.

Refusals to provide information are required to be notified to the applicants by the RLP, and aggrieved persons may appeal to the First Hall, Civil Court within 30 days of a notification of refusal to provide information or, in the absence of a response, within 45 days of having made a request in writing to the RLP.


9.             Access fee?

While access to the Register has, in line with the EU 4AMLD, been indicated as being able to be subject to the payment of a fee (which cannot exceed the administrative costs thereof), this is not yet regulated in the Regulations and the RLP is given the power to establish such a fee by notice (reg. 16).


10.           Offences and Penalties (reg. 12 and Schedule to the Regulations)

The Regulations lay down a criminal offence as well as various administrative offences – the criminal offence relates to the reckless or knowing provision of misleading, false or deceptive (in a material particular) information, statements or declarations to the RLP on the BO of a foundation.  Any officer of the foundation (and therefore including the directors and management of a corporate administrator) or a BO thereof who makes such statement or declaration or otherwise provides the information shall be guilty of the offence and shall be liable on conviction to:

(a)           a fine (multa – and therefore convertible into jail if not paid) of not more than EUR5,000; and/or

(b)           to imprisonment for a term not exceeding 6 months.

Various administrative penalties are laid down and contemplate both an initial penalty due on the day of the default as well as a daily penalty due from the day following the day on which the default occurs.  The following penalties have been established:

  1. Failure by the foundation to maintain the register of BO’s (reg. 4(9));
  2. Failure to deliver the information on the register of BO’s to the RLP (reg. 5(3));
  3. Failure to provide information to the RLP about a change in the BO of a foundation (reg. 7(5)):

– EUR500 penalty and EUR5 daily penalty.

A limited defence has been established in respect of the various administrative penalties in respect of officers who can avoid personal liability if they show that they have “exercised all due diligence to comply with the provisions of this regulation and the default was not due to negligence on his part.” (regs 4(9), 5(3) and 7(5)).  While this is a welcome attempt to safeguard administrators, it is felt that it may not go a sufficiently long way in doing so, and that it would have been a more robust remedy to simply not render the officer liable for the breach but the foundation itself of which he is an officer and where, ultimately, the assets that could potentially be involved in money laundering or terrorist financing (which are the purposes that such a transparency initiative should be targeted at seeking to address) are located.

The prescriptive period applicable to all such offences appears to be 5 years from the day on which the default occurs (reg. 15(3)), although it is not clear whether this also applies to the penalty for the criminal offence which is, presumably, recoverable not by the RLP but by the Police.

A procedure is laid down in the schedule to the Regulations for the contestation of a penalty notified to the foundation or any person, including an obligation for the court to appoint the proceedings for hearing by not later than 30 days from the date of the application, coupled with an obligation to hear the application to a conclusion within 5 working days from the date of the first hearing, with very limited scope for adjournments (Schedule to the Regulations).  A right of appeal to the Court of Appeal also exists, within 6 working days from the date of the decision (with an equivalent term to file a reply).


11.          Prescribed Forms

None of the prescribed forms have been published so far.




[1] The term ‘material actions’ is exhaustively defined in the Regulations as the following actions or any other actions achieving the same result: (a) the amendment of the statute; (b) the addition or removal of any beneficiary, or any person from a class of beneficiaries or any action affecting the entitlement of a beneficiary; (c) the appointment or removal of administrators or protectors or members of the supervisory council; (d) the acceptance of new founders; (e) the re-domiciliation of the foundation; (f) the assignment or transfer of all or the majority of the assets of the foundation; or (g) the termination or revocation of the foundation;