The most recent fine issued by the FIAU, published on the 7th September 2020, outlines core weaknesses in subject person operations, AML/CFT vulnerabilities across sectors, as well as overall business risk.
The measures imposed related to a remote gaming operator licensed in Malta since 2015 and operating a variety of game types.
Salient key findings leading to the imposition of the administrative measure include:
- Despite a Business Risk Assessment being in place, the quality and applicability in practice was deemed inadequate.
- Non-comprehensive or absent Customer Risk Assessment in the player profiles reviewed.
- Failure to provide a proper Customer Acceptance Policy and failure to meet any such policies in practice when reviewing actual customer base.
- Failure to link player profiles across brands operating under the same license.
- Ineffective monitoring of activity and lack of correct Source of Wealth and Source of Funds measures.
- Transaction Monitoring analysis systems not in place to allow review of unusual or voluminous transactions.
- Lack of evidence of satisfactory checks carried in terms of PEP identification.
- MLRO not considered to have clear assignment of responsibilities for the role nor having direct unlimited access to carry out the AML/CFT duties of an MLRO.
- Incoherent Policies and Procedures between manuals relating to MGA license and other EU-jurisdiction licenses leading to unclear reporting systems and de facto no STR internal reporting effectiveness.
- Weaknesses in AML/CFT Training having been only undertaken by senior management.
Beyond the administrative fine, the FIAU’s CMC directed the Licensee to build and carry out an Action Plan to address and remediate all shortcomings and to ensure not simply having an AML/CFT Framework but which is robust enough to meet all its obligations in line with its operations.
Click on this link to access the Full Report: https://bit.ly/334NXYM