What are you looking for?

Newsfeed
June 4, 2026

The new anti-money laundering regulation: The time to act is now

Malta’s anti-money laundering and countering the financing of terrorism landscape is on the verge of its most significant transformation. For years, Maltese financial and non-financial sector firms which are subject to AML/CFT obligations – known legally as “subject persons” – have operated under a regime shaped by the transposition of EU Directives into local law. This process naturally allowed for a degree of national flexibility, with the Financial Intelligence Analysis Unit (FIAU) tailoring rules to fit the specific dynamics of the local market.

However, this era of localised regulation is drawing to a close. On 10 July 2027, the EU Anti-Money Laundering Regulation (AMLR) will become directly applicable across all Member States. By establishing a unified “Single Rulebook,” the European Union aims to eliminate cross-border loopholes and enforce strict, uniform compliance standards across the entire bloc.

For Maltese businesses, achieving full alignment with the AMLR by the 2027 deadline is not just a legal obligation – it is a vital component of preserving the island’s international credibility, also in light of the upcoming MONEYVAL assessment. The urgency to act is immediate.

Why July 2027 Demands Immediate Action

A deadline in the summer of 2027 seems deceptively distant, but for compliance professionals, it represents a very brief window to overhaul complex operational systems. Unlike a directive, which requires national transposition and phase-in periods, an EU regulation applies automatically and directly. This means that on the morning of 10 July 2027, any legacy process that fails to meet the explicit standard of the AMLR becomes, instantly, non-compliant.

The scale of the changes introduced by the Single Rulebook are extensive – ranging from changes in governance structures, risk assessments, policies, procedure, customer data, potential changes in IT infrastructures and others. Waiting until the final months to adapt to these changes is risky strategy. Upgrading identity verification platforms, restructuring client onboarding workflows, retraining staff, and modifying internal software systems require extensive planning and testing. Beginning a gap analysis today provides the runway needed to distribute these burdens logically over the next several months and ensuring timely compliance.

The Moving Target: Managing Fluid Regulatory Standards

One of the most complex aspects of preparing for the AMLR is that the legislative text passed by the European Parliament and Council is only the macro-level framework. The practical, micro-level rules – the Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) and guidelines – are still being systematically developed and released by the newly formed Anti-Money Laundering Authority (AMLA).

This means that firms must design and execute a gap analysis within an environment where not all the rules are finalized. While some might view this fluid environment as a reason to delay action, the opposite is true. Waiting for every granular technical standard to be published before starting guarantees an unmanageable bottleneck as 2027 approaches.

Instead, businesses must adopt an agile approach, separating what is certain from what is still evolving. Where provisions in relation to specific areas are certain, subject persons may already start undertaking the necessary measures in order to update the internal framework and start aligning the relevant risk assessments, policies, procedures or control. By auditing what is certain today, entities can resolve a significant portion of their compliance gaps, leaving room to adjust their policies as the specific technical standards are unveiled over the coming months.

A Blueprint for Readiness

To effectively build an AMLR readiness strategy, firms should structure their preparation into four distinct, sequential phases:

Scoping and Asset Inventory

Understand the current operational state by mapping out all lines of business, customer onboarding channels, customer on-boarding data, third-party reliance agreements, outsourcing agreements and existing IT architecture. By undertaking such exercise, one can understand the touchpoints where customer data is captured, screened, and archived. Furthermore, this exercise facilitates the gap analysis process as one is able to determine which provisions of the AMLR will apply based on the operational business model.

Undertake Gap Analysis

Cross-reference existing internal policies and procedures against the incoming requirements in terms of the AMLR. By understanding the gaps, one can start preparing the foundations for complying with the AMLR. Certain changes may be cosmetic and easy to implement. However, others may be more technical and have lengthier timeframes for completion. Through the gap analysis, one would be able to understand which areas require changes.

Operational Deployment and Tech Infrastructure

Based on the outcome of the gap analysis, one may start undertaking the relevant internal changes based on the existing text of the AMLR, and any regulatory technical standards (RTS), implementing technical standards (ITS) and/or guidelines published. Any groundwork in relation to choice of vendors and/or technological tools or means in which the vendors are aligning their systems in line with the AMLR may be undertaken even prior to finalisation of the RTSs. Understanding the gaps with regards to customer data and how customer data will be obtained for new customers, will be key to ensure that on the 10 July 2027, the relevant data is being collected and analysed. Whilst there will be leeway to update data of existing customers, the expectations around customer onboarding for new customers is clear – one needs to be compliant on day one!

Training and Simulation Testing

The proof of the pudding is in the eating. A policy is only as effective as the staff or technology executing it. Once gaps are identified and processes are updated, subject persons must run parallel internal testing programs. This allows staff to start using new systems, implement revised work-flows and escalating alerts under the new standards well before the July 2027 deadline. These trial runs help identify operational bottlenecks and clarify procedures before they are subject to real-world regulatory enforcement.

Turning Regulatory Pressure into Strategic Advantage

The road to 10 July 2027 is a test of operational agility for Malta’s financial services, gaming, corporate services, and professional sectors. The combination of incoming AMLR mandates and upcoming MONEYVAL assessments means that compliance can no longer be viewed as a reactive, check-the-box exercise.

While the staggered rollout of technical standards complicates planning, it does not justify a delay. By launching an immediate, structured gap analysis, Maltese firms can address their core system deficiencies early, leaving ample operational capacity to adapt as the final details of the Single Rulebook emerge.

Ultimately, proactive preparation does more than just protect an organization from regulatory sanctions and heavy fines. It signals to international partners, institutional investors, and global regulatory bodies that Malta remains a highly secure, transparent, and sophisticated jurisdiction for international business.

This article was first published in the ‘Sunday Times’ on 31/05/2026.

Share

Go Back

Author

Mario Zerafa

Senior Associate (Malta)
View Profile

Related Articles

More Insights
Newsfeed image
Publication
May 27, 2026

Balancing Responsibility under the Bill of Lading: Evergreen Marine (UK) Ltd v. Noel Cefai et
Newsfeed image
Events
May 25, 2026

Ganado Advocates to sponsor the 2026 IFSP Annual Conference
Newsfeed image
Firm news
May 22, 2026

Ganado Meets: Five years of conversations
01
image

How can we assist?

Contact us