The impact of the revised FIAU implementing procedures on trusts, foundations, trustees and administrators

On Monday 18 October 2021 the FIAU published a revised version of the Implementing Procedures (IP) Part 1 to ‘transpose’ the proposals that the FIAU had issued for consultation back in March 2021 (and which the Institute of Financial Services Practitioners together with STEP Malta, on which Ganado Advocates is represented, had submitted their feedback).

Some of the amendments made were merely intended to bring the IPs in line with recent legislative changes (such as the inclusion as a relevant activity for estate agents of rentals when the monthly rent is €10,000 or more and the reference to persons trading in works of art and freeports).

Once again the FIAU has published a useful version of the IP with the various changes made tracked for easy identification, as has now become customary for them, and this is very much welcomed by practitioners and subject persons alike.

Other amendments have particular relevance for subject persons that are dealing with structures that involve trusts or foundations or with trustees and administrators of foundations.

1. Establishing the identity of the BO in the case of a corporate customer owned directly or indirectly by a trustee or foundation (Sections and of the IPs)

The FIAU have provided clarifications and additional guidance on two specific instances that relate to the subject person’s duty to establish the identity of the so called UBO (or ultimate beneficial owner), namely:

  1. that where the shares of a corporate customer are owned by a trustee; and
  2. when customers are state-owned entities (in line with the EBA Risk Factor Guidelines).[1]

Whereas previously the example (above Figure 3) in the relevant section of the IPs guided subject persons dealing with a corporate customer whose shares are held on trust by a corporate trustee not to get side-tracked and start seeking to identify the beneficial owners of the corporate trustee, the FIAU have now amended this to clarify that in such an instance, the subject person is not to identify ALL the beneficiaries of the trust in line with the definition of ‘beneficial owner’ for trusts (which would also catch within it the trustee and protector), because the customer is the body corporate and NOT the trust itself.

Instead the FIAU have clarified – and finally put to rest any speculation about the proper test for BO’s that is to be used in cases such as these – that the subject person is to use the test for beneficiaries for companies.  Indeed this clarification has been added in that part of chapter 4 that deals with bodies corporate and not trusts or foundations.  To do this the subject person will need to first establish who the ‘beneficiaries’ of the trust are.  By this one presumes that the FIAU is referring to the actual beneficiaries of the trust – i.e. the persons who may benefit therefrom – and not the persons who fall within the much broader definition of ‘beneficial owner of a trust’ in terms of the PMLFTR since the FIAU specifically clarified that it was not requiring subject persons to identify and verify the identity of all those persons referred to in paragraph (b) of the definition of ‘beneficial owner’ in the PMLFTR.[2]  Indeed, this distinction is recognised by the FIAU itself in a section dealing with trustees (that already existed in the earlier version of the IP’s) in which the FIAU note that “The definition of beneficial owner for trusts under Regulation 2(1) of the PMLFTR should not be confused with the concept of beneficiaries (i.e., those who benefit or who may benefit from the trust) in terms of applicable trust law. The definition of a beneficial owner with respect to trusts has, as stated above, been made to also include the settlor, as well as the protector/s (if one or more are appointed) and the trustee, who typically enjoy no benefit, as such, under a trust.

Having established who the beneficiaries of the trust are the FIAU then invite subject persons to consider whether the said benefit, together with any other direct or indirect interest that individual may have within the body corporate, is sufficient to meet the conditions at law to be considered as a beneficial owner of the said body corporate (i.e the requirement that the beneficiaries are ultimately entitled to 25%+1 or more of the shares, or more than 25% of the voting rights).

The key requirement here are the words ‘entitled to’ meaning that it is an entitlement (albeit indirect, naturally) to the shares in the corporate customer that counts and not any other beneficial interest (such as a discretionary benefit or a mere hope to benefit some day).

Where this is not the case, then the FIAU establishes (rightly so) that:

  1. it is those persons exercising control via other means that would qualify as the beneficial owners, and
  2. in the absence of any such person, then the beneficial owner of the corporate customer would be the senior management officials (“SMOs”) of the customer (which the FIAU clarify to mean the corporate customer and not the trustee).

The latter guidance is welcome practical guidance that, following feedback provided by STEP Malta and the IFSP, goes beyond the version initially published for consultation by the FIAU and actually clarifies who is to be deemed to be a beneficiary if a person entitled to 25% + 1 or more cannot be identified.

Previously the practice allowed some flexibility and a subject person was able to choose whether to indicate the SMO’s of the corporate customer itself or else the directors of the trustee company as the UBOs. With this revision, the FIAU has established a hierarchy that is to apply with persons exercising control via other means being the first category, and the SMO’s of the corporate customer only where no person exercising control via other means can be identified.

The FIAU also clarify that the same approach would also find application in situations where instead of a trust, there would be a foundation directly or indirectly holding the shares in the corporate customer.

2. Subject persons dealing directly with trusts/foundations (sections and of the IPs)

The FIAU has also made important amendments to section 4.3.2 on ‘Identification and Verification of Customers other than Natural Persons’.  This section sets out the steps that a subject person needs to follow in order to identify and verify the identity of a customer other than a natural person, always by adopting a risk-based approach, depending on the respective customer’s risk profile.

Where the subject person’s customer is a foundation (or an association) it needs to be borne in mind that the PMLFTR consider the following as beneficial owners:

  1. the founder;
  2. the administrator or administrators;
  3. the guardian, protector or members of the supervisory council, where applicable;
  4. the beneficiaries or the class of beneficiaries, as may be applicable; and
  5. any other natural person exercising ultimate control over the foundation by means of direct or indirect ownership, or by any other means.

Accordingly, when, any of the persons indicated in points (a) to (d) above, are body corporates, bodies of persons or legal arrangements, the subject person is now required to identify and verify the identity of any such body corporate, body of persons or legal arrangement as provided for in Section to Section of the IP, as may be applicable.

Under the previous version of the IP in the case of founders, administrators and protectors who were bodies corporate, there was no requirement to identify and verify the identity of the beneficial owners of such corporate bodies, and this obligation arose only in the context of beneficiaries (as was to be expected).

This revision means that the subject person is now also required to identify and verify the identity of the respective beneficial owners of any such body corporate, body of persons or legal arrangement. However, there is an important qualification that s restricted to administrators, whereby, should it result to the subject person that a corporate administrator is only allowed to act as such following licensing, authorisation or registration in a reputable jurisdiction, and the said process includes meeting fit and proper requirements, the subject person is not obliged to identify the beneficial owners of the corporate administrator given that the corporate administrator would be acting in a professional capacity and would not be controlling a foundation in which it has a personal interest.

A similar approach is adopted with respect to trusts where once again, in the case of corporate settlors, trustees, protectors and beneficiaries, the revised section of the IP’s requires a subject person dealing with such trust, or trustee to look through the legal organisation and identify the beneficial owners thereof, with a similar exemption applying to corporate trustees that are only allowed to act as such following licensing, authorisation or registration in a reputable jurisdiction.  In this latter case, the following requirements must be satisfied (just like the case for administrators of foundations):

  1. firstly the corporate trustee must be licensed, authorised or registered in a reputable jurisdiction (rather than requiring only a licensing process as the version issued for consultation by the FIAU in March 2021, required); and
  2. secondly, the regulatory process must include meeting ‘fit and proper’ requirements.

The above changes were primarily implemented when it comes to corporate founders, protectors and trustees, in order to address comments highlighted in Malta’s 2nd Round Peer Review Report on the Exchange of Information Upon Request.[3] In this regard the Report says the following:

Where the settlor, protector and/or the trustee are not natural persons, the subject person can limit themselves to consider any body (including legal persons) acting as such as a beneficial owner. Therefore, even though the definition of beneficial owners under the PMLFTR is transposed from the Fourth EU AML Directive, which is in line with the international standard, yet the binding guidance’s interpretation is not in line with the international standard, according to which where any of these persons are not natural persons, information in respect of the natural persons who are the beneficial owners of that entity or arrangement should also be available. This may impact the accuracy of the beneficial ownership information maintained by the AML obliged persons in Malta.”[4] (emphasis added)

This revision is clearly welcome especially insofar as it recognises the need to focus particularly on the settlor of a trust (or founder of a foundation) and, in particular, to look right through a corporate settlor/founder up to the individual beneficial owners thereof, considering that the funds or assets injected into the trust or foundation have originated precisely from such settlor or founder and that the settlor/founder is indeed the single most important figure in a trust or foundation for this reason.

This notwithstanding there is another point that merits consideration following the revision made –indeed, while ‘piercing the corporate veil’ (so to say) and looking through corporate settlors and corporate beneficiaries (to a lesser extent, in the case of trusts and foundations, unlike companies) makes a lot of sense, and whilst the exception made for trustees and administrators when these are ‘subject to licensing’ is noted (which too makes a lot of sense), it is unfortunate that a similar exception is not adapted also to corporate protectors and, instead, the need to look through such corporate protectors and identify the beneficial owners thereof has been applied indiscriminately.  It is relevant here that:

  1. there are protectors who admittedly have pretty extensive fiduciary powers,
  2. and others whose role is restricted to, for instance, merely approving a change of trustee or requesting the trustee to be replaced.


  1. there are protectors who are somehow related or linked to the settlor (where ‘piercing the corporate veil’ would make sense);
  2. and others who would actually be linked to the professional trustee – in fact often professional trustees have separate entities that they use to offer protector services when these are requested of them (or else they actually use the licensed entity itself for this purpose).  While it is true that the separate ‘protector’ entities are not authorised (or licensed) in the way that professional trustees are, they would still be associated with professional trustees and, therefore, this should merit making a distinction between these types of protectors and others.

3. Keeping information on UBOs up-to-date (section 4.5.3 of the IPs)

Another revision to the IP’s emphasise the importance of ensuring that information on UBO’s is kept up-to-date.  Often a subject person may be aware of changes that take place amongst the UBO’s of a corporate customer, including changes within a trust or foundation that lies at the very top of a structure, because the subject person may happen to be assisting the customer with such changes.  However, this is not always the case and, therefore, subject persons need to remain vigilant.

For this purpose the FIAU now expressly place an obligation on subject persons to “enquire from time to time whether the beneficial ownership information obtained at on-boarding is still current or otherwise”.

The FIAU also recommend using the periodic reviews that are already contemplated by the IPs for the purposes of ensuring that information is still current.

4. Other important amendments that are relevant to trustees and administrators in their capacity as subject persons

Although the revisions discussed above are the ones that are directly relevant to trusts, foundations, trustees and administrators, naturally a number of the other revisions will necessarily impact the way in which trustees and administrators that are subject persons for the purposes of Maltese law, perform their own internal customer due diligence or fulfil their AML-CFT obligations at law.  The changes made to the section dealing with the MLRO, in particular, will be relevant.

Besides the new obligation on Subject Person’s to enquire from time to time whether BO information has changed, the revised Implementing Procedures Part 1 have also introduced the following new obligations on subject persons:

  1. the obligation to implement measures to counterbalance any possible conflict of interest or dilution of the MLRO’s independence and impartiality;
  2. that the Subject Person’s policies and procedures relating to the MLRO must now also set out how conflicts of interest will be managed;
  3. the obligation to consider annually (or whenever there are relevant changes) the independence, impartiality etc of the MLRO (and presumably to document it).


[1] In those instances where the customer is a state-owned enterprise or public administration authority, then in line with the EBA’s Risk Factor Guidelines the Senior Managing Officials (SMOs) of the corporate customer will have to be identified as beneficial owners.  The EBA’s Risk Factor Guidelines also provide further guidance on this matter (

[2]…(b) in the case of trusts the beneficial owner shall consist of: (i) the settlor or settlors; (ii) the trustee or trustees; (iii) the  protector  or  protectors,  where applicable; (iv) the beneficiaries or the class of beneficiaries as may be applicable; and (v) any other natural person exercising ultimate control over the trust by means of  direct or indirect ownership or by other means…

[3] – see paragraph 34 also.

[4] Paragraph 147, page 57 of the OECD Report.