Insights

On 6 April 2022, the Financial Intelligence Analysis Unit (“FIAU”) published a guidance note entitled, “Common issues related to the Money Laundering Reporting Officer” (“Guidance Note”). The Guidance Note seeks to enhance subject persons’ understanding of the importance of this role and to ensure that only individuals who are capable of effectively carrying out the duties and functions of a Money Laundering Reporting Officer (“MLRO”), are tasked with carrying out such role.

Through the Guidance Note, the FIAU highlighted the main areas of concern surrounding the role of the MLRO, these being: (i) independence and autonomy, (ii) conflicts of interest, (iii) outsourcing, secondment, and employment, (iv) knowledge, skills and expertise, (v) personal liability, and (vi) record keeping. This article summarises the most salient features of each of such themes mentioned in the Guidance Note.

Independence and Autonomy: 

• The sensitivity of the function of the MLRO is why independence, autonomy, and the need for the MLRO to carry out his/her function without any undue influence, interference, pressure, and unnecessary disclosure requirements is crucial. This does not mean that the MLRO cannot be answerable to someone other than the Board of Directors and nor does it mean that the MLRO cannot share information within the subject person, or to the extent allowed by law, within a group context, as he/she may deem to be prudent, however, the sensitive and confidential nature of this information demands that it be disclosed solely on a need-to-know only basis.
• What steps can the MLRO take if such independence and autonomy are being compromised? The remedies available to the MLRO include (i) communicating the issue and explaining the requirements at law (vis-à-vis the need to retain independence and autonomy), to his or her seniors, (ii) resorting to the procedures set out in the subject person’s whistleblowing policy, (iii) resigning, in which case the MLRO must disclose the reasons for such resignation to the FIAU directly, and (iv) seeking redress against any detrimental action taken by the subject person in relation to the MLRO for having filed an external report to the FIAU.^[1]

Conflicts of Interest:

• The Guidance Note stresses the importance for the MLRO to be free of any real or potential conflicts of interest which would impinge on the effectiveness of the MLRO’s role. At the same time, the FIAU also recognises that in exceptional cases, avoiding a real or potential conflict of interest on the part of the MLRO may be harder to achieve in practice, and that the ability to do so may be limited and too onerous (by way of example, within the context of small operators). Part I of the FIAU’s Implementing Procedures (“IPs”) notes that in these circumstances, the subject person is required to implement measures that compensate for any potential weakness in the MLRO’s independence and impartiality (e.g., through external reviews of its AML-CFT measures, controls, policies and procedures). In this regard, the Guidance Note clarifies that where the MLRO has a real or potential conflict of interest with any other functions carried out for the subject person, the subject person should undertake regular independent checks and reviews, in order to ensure that the subject person’s AML-CFT measures, controls, policies and procedures are being implemented in an effective manner.

Outsourcing, Secondment and Employment:

• Can the MLRO function be outsourced? The FIAU has re-confirmed that the role of the MLRO can only be outsourced in those instances listed under section 5.1.2(a) of the IPs, which relate to (i) insurance companies, (ii) collective investment schemes, and (iii) certain group companies..
• Can the MLRO function be seconded? The FIAU also re-confirmed that the role of the MLRO can only be seconded in the scenario described under section 5.1.2(a)(iv) of the IPs, which relates to the secondment of employees working with another subject person which operates within the same group of companies to act as an MLRO of the subject person.
• Can the MLRO be employed on a part-time basis? Whilst there is no specific restriction vis-a-vis part-time employment, subject persons must bear in mind that when questioned, they must be able to justify how such MLRO function can be carried out effectively given (i) the reduced time commitment dedicated to the role, and (ii) how confidentiality issues will be avoided.

Knowledge, Skills and Expertise:

• What capabilities must an MLRO have? As detailed in the IPs, an MLRO must (i) have the necessary seniority and command, (ii) be knowledgeable of the ML/FT risks faced by the subject person, and (iii) be knowledgeable of the measures, policies, controls, and procedures implemented by the subject person to mitigate such risks.   
• What must a subject person look out for when appointing an MLRO? A subject person must ensure that the individual being appointed as MLRO has sufficient (i) expertise, experience, skills, and qualifications needed to carry out such role. Being a professional, such as a lawyer, accountant, etc. does not necessarily mean that such individual has the skills required to properly appreciate ML/FT risks, trends, and typologies.
• If the MLRO has been approved by the MFSA, does this mean that the FIAU cannot question such appointment? No, whilst the MFSA assesses the capabilities of the MLRO based on the individual’s past experience, track record and qualifications, the FIAU will assess, on an on-going basis, whether the MLRO is, inter alia, effectively fulfilling the relevant obligations. It is important that sufficient training is given to the MLRO so as to ensure that he/she is constantly being kept up-to-date with any new developments in the field of AML-CFT.

Personal Liability:

• Can the MLRO be held personally liable? Yes, an administrative penalty which may range from a minimum of EUR 1,000 to a maximum of EUR 250,000, may be imposed on a MLRO. In addition, the FIAU may also recommend to the relevant supervisory authority that the MLRO be suspended or precluded from exercising the role within the particular or any other subject person.
• In which instances may such personal liability be triggered? As detailed in Regulation 21(7) of the PMLFTR, two elements must be present for personal liability to be triggered, these being: (i) a breach by a subject person of its AML-CFT obligations, and (ii) the MLRO contributed to, or caused, the said breach wilfully or through gross negligence. The Guidance Note clarifies that personal liability cannot be attributed to the MLRO in terms of the above-mentioned Regulation 21(7) of the PMLFTR where it is evident that the MLRO would have carried out everything within his or her control to address the breaches in question (including, by way of example, where the MLRO would have escalated the matter internally).

Record Keeping:

• The FIAU have reiterated the importance of ensuring proper record keeping which needs to be done in an organised and easily retrievable manner. Records retained on file must contain sufficient information including an explanation as to the reasoning adopted by MLROs when taking any particular decision and/or when refraining from taking a decision.

The full report may be accessed by clicking on this link.

So what are subject persons required to do following the publication of this Guidance Note?

It is recommended that all subject persons take into account the contents of this Guidance Note and ensure that their internal structures are compliant with the contents thereof. In this respect, it is recommended that the senior management of subject persons:

1. ensure appropriate processes and reporting procedures are in place to ensure that the MLRO’s independence and autonomy is not being prejudiced, and if there are instances of undue influence, then the necessary process is triggered to report such undue influence;
2. considers whether the roles undertaken by the MLRO within the subject person may create conflicts of interest and ensure that if such conflict of interest cannot be excluded, at least implement measures to mitigate such conflict of interest;
3. ensures that the manner in which the MLRO has been appointed and the relevant legal arrangements for such appointment are compliant with the IPs and the Guidance Note.
4. ensure that the MLRO has the necessary skill, competence and expertise to fulfil his role in a satisfactory manner, and this through a thorough assessment of the MLRO’s knowledge of the relevant industry and AML-CFT laws and regulations of the sector in which the subject person operates; and
5. ensure that proper record keeping procedures are in place, setting out not only the type of documents to be maintained, but also, inter alia, the manner in which the documents are to be maintained, the retention period, the person responsible for retaining such record and the type of accessibility rights to the records maintained.

Should you require any assistance or additional information in relation to the contents of the Guidance Note or its implementation in practice, kindly contact Dr. Mario Zerafa (mzerafa@ganado.com) or Dr. Luigi Farrugia (lfarrugia@ganado.com) or Dr. Bettina Gatt (bgatt@ganado.com).

^[1] Such redress may be sought by following the procedure prescribed by Regulation 15A of the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01, Laws of Malta) (“PMLFTR”).