On the 15th June 2024 the MFSA published a “Dear CEO” letter focusing on Money Laundering Reporting Officers (“MLRO”) within Corporate Service Providers (“CSPs”). This follows the carrying out of an exercise by the MFSA’s Financial Crime Compliance function with the objective of identifying common trends and practices related to the practices of MLROs within CSPs, and analysing how these compare to MFSA’s regulatory expectations.
In the letter, the MFSA outlines the following regulatory expectations:
- MLROs are expected to provide relevant and appropriate information to management, to facilitate management’s understanding of their AML/CFT risk exposure. This can include statistical trends related to external reporting to the FIAU, although such information should not include case-specific details.
- MLROs are expected to be independent and should operate within governance structures that facilitate direct reporting to the Board or a Board appointed committee
- MLRO’s should ensure that CSP staff members receive appropriate training tailored in line with their respective responsibilities. MLRO’s should oversee the training, and are encourage to participate directly in the provision of training.
- MLROs should have full and unlimited access to all records, data and information within the entity.
- While the role requires independence, MLROs nevertheless are also accountable to their management body for the manner in which they carry out their functions. The MFSA therefore encourages the performance of quality assurance exercises on the functions of the MLRO from time to time.
- MLROs should be mindful of conflicts of interest. The MFSA acknowledges that a dedicated MLRO function may not be practical in all circumstances, however in such cases the CSP should apply proportionate and effective controls to mitigate the risk of conflict of interest.
- The MFSA expects CSPs to maintain a risk based approach, adopting measures that reflect the varying degrees of risk that CSPs are exposed to when dealing with different situations.
- MLROs should have sufficient levels of knowledge and expertise to fulfil their functions. MLRO’s should also have sufficient time to dedicate to their function.
In our view the regulatory expectations stated by the MFSA reflect broadly accepted good practices that are also reflected in the FIAU Implementing Procedures. Subject Persons should take steps to ensure that their MLRO and overall AML/CFT functions are adhering to these regulatory expectations.
Read the MFSA’s Dear CEO Letter on MLROs within Corporate Service Providers, here.