Skip to main content
NewsResources

FIAU Reinforces Risk-Based Enforcement with Detailed Overview of Corrective Action Directives

By August 7, 2025No Comments

The Financial Intelligence Analysis Unit (FIAU) has released its June 2025 Corrective Actions Paper, offering a comprehensive account of its enforcement strategy between 2020 and 2024. The report details the use of administrative directives to strengthen anti-money laundering and counter-terrorism financing (AML/CFT) compliance across Malta’s regulated sectors.

Administrative Directives: A Dual-Track Approach

The FIAU uses two distinct types of directives to ensure that subject persons (SPs) take appropriate and timely corrective actions following identified AML/CFT breaches:

  • Remediation Directives: Issued in less severe cases, these often require SPs to update policies and procedures, with minimal FIAU oversight.
  • Follow-Up Directives: More intensive, requiring structured action plans, recurring meetings with the FIAU, system walkthroughs, and file testing to verify implementation.

From 2020 to 2024, the FIAU imposed 101 directives across 134 subject persons, consisting of 60 Remediation Directives and 41 Follow-Up Directives. These enforcement actions spanned multiple sectors, with the highest concentration in the remote gaming and TCSPs sectors.

Phased Oversight for Control Validation

Each directive undergoes a two-phase process designed to assess and ensure both technical design and operational effectiveness:

During Phase One – Technical Compliance and Design, the FIAU reviews updated AML/CFT policies, procedures, risk assessments, and systems. SPs may be asked to perform live walkthroughs to demonstrate implementation in practice. In Phase Two – Control Effectiveness Testing: the FIAU conducts sampling of customer files, assesses transaction monitoring, and verifies remediation measures using a risk-based scope based on the outcomes of the first phase.   System walkthroughs are often requested in both phases, particularly when SPs rely on automated compliance tools. These walkthroughs validate how systems manage onboarding, screening, risk profiling, and alert handling.

Directive Meetings and Common Areas of Focus

Between 2020 and 2024, the Corrective Actions Team held 151 meetings with SPs, covering 262 topics. These meetings provide a platform to clarify issues, demonstrate systems, and discuss progress. The most frequently addressed topics were Customer Due Diligence, Business Risk Assessments, Customer Risk Assessments, Ongoing Monitoring and Scrutiny, as well as Policies and Procedures. These focus areas point to recurring deficiencies across core AML/CFT obligations. Several case studies included in the paper illustrate how directives have translated into meaningful AML/CFT improvements:

SPs Encouraged to Engage Proactively

The FIAU places strong emphasis on collaboration throughout the Directive process. SPs are expected to provide clear and relevant documentation, communicate delays or challenges transparently, set realistic timelines, and proactively engage with the Corrective Actions Team throughout the process.

As the report states, “The purpose of a Directive is not to assess past performance but to ensure long-term, future-oriented compliance.” Many SPs have voluntarily requested additional meetings or submitted broader remediation efforts beyond what was legally required, a practice the FIAU strongly encourages.

Consequences for Non-Compliance

When SPs fail to meet the requirements of a directive, the FIAU may take further action by notifying the prudential regulator or its Supervision Section, imposing administrative or daily fines, or issuing a closure with reservations if effective remediation cannot be confirmed. The report makes clear that directives are legally binding, and the failure to implement sustainable solutions may have broader regulatory implications.

Ten Key Takeaways for SPs

The FIAU concludes the report with 10 best-practice principles, among them:

  1. Focus on future compliance over retrospective fixes
  2. Tailor controls to real risk exposure
  3. Maintain open communication during the process
  4. Ensure documentation is relevant and clearly labelled
  5. Avoid vague or excessive submissions
  6. Set realistic timelines and monitor progress
  7. Test transaction monitoring tools, focusing on alert quality
  8. Interlink controls such as monitoring, CDD and CRA
  9. Use historical data to inform risk assessments
  10. Treat directives as a collaborative opportunity

These recommendations are designed to support SPs in building sustainable, risk-based frameworks that go beyond superficial compliance.

FIAU Promotes a Compliance Culture of Continuous Improvement

The paper closes with a strong call for shared responsibility. “The fight against ML/FT lies at the heart of the FIAU’s mission. However, this effort cannot succeed in isolation.” By fully engaging in the corrective action process, SPs contribute to both the protection of their own operations and the integrity of Malta’s wider financial system.  In an evolving regulatory landscape, the FIAU views directives not as penalties, but as tools for strategic reform, thereby ensuring that Malta remains a jurisdiction of good standing, backed by robust, effective AML/CFT frameworks.