The Financial Intelligence Analysis Unit (FIAU) has published a Consultation Document on the Application of Anti-Money Laundering (AML) and Countering the Funding of Terrorism (CFT) Obligations to the Virtual Financial Assets (VFA) Sector

Regulatory framework

The Consultation document is intended to provide Sector-Specific Implementing Procedures supplementing the FIAU’s Implementing Procedures which contain more general provisions applying to all subject persons to assist them in complying with their obligations of AML/CFT. These new Sector-Specific Implementing Procedures are specifically designed for VFA Agents, Issuers of VFAs and VFA Services Licence Holders, collectively referred to as VFA Operators.

In addition, the document offers guidance for better compliance with the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) and the Prevention of Money Laundering Act (PMLA) and participates in the transposition into Maltese law of Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 (5^th AML Directive).

Content of the document

VFAs pose an increased risk to VFA Operators as subject persons mainly because of the anonymity of their holders but also because VFAs allow easier cross-border transfers of funds to and from high risk jurisdictions, almost immediate settlement of transactions and transactions which cannot be reverted.

But not all customers expose the subject person to the same risks.

General rules for VFA Operators

Part 1 of the document contains general rules to be complied with by all VFA Operators. It aims at assisting VFA Operators in carrying out their business risk assessment. It suggests a risk-based approach consisting in the identification of the VFA Operator’s vulnerabilities in money laundering and funding of terrorism and the related risks to which it is exposed.

Thus, VFA Operators must consecutively assess two types of risk:

• the Business Risk (identification, measurement, management and monitoring of the risk); and
• the Customer Risk, to be carried out prior to entering into business with a customer.

The document emphasises the obligation for all subject persons to keep records and to have in place a Money Laundering Reporting Officer (MLRO) to whom any suspicious activities and transactions must be reported.

Specific rules for VFA Agents, Issuers and VFA licence holders

VFA Agents

The VFA Agent must continuously make sure that the VFA Issuer is properly applying its AML/CFT policies and procedures. It must verify the identity of the customer and of its beneficial owners, understand the purpose and intended nature of the business relationship and determine the customer’s source of wealth and the source of funds allocated to the project.

When a VFA Agent outsources the implementation of its AML/CFT obligations, it is important to note that it will remain the one responsible for compliance with these obligations.

VFA Issuers

Issuers should be particularly careful to the possible vulnerabilities of their IVFAO. They are recommended, for example, to cap the amount of funds to be transferred to them by a subscriber.

Also, AML/CFT obligations will be applicable to all occasional transactions between VFA Issuers and their customers and not only those transactions which exceed any specific threshold.

VFA Issuers should distinguish between natural persons and legal persons or arrangements among their customers. They should also determine whether the customer is acting on behalf of any other entity by obtaining information relating to the origin of the instructions received by the customer, the source and destination of funds or the reason for possible delays in answering questions.

The VFA Issuer will also have to verify the customer’s wallet address or account number and ensure that it effectively belongs to the customer.

VFA Services Licence Holder

VFA Services Licence Holders must continuously analyse possible changes to the risk environment in money laundering and funding of terrorism and adjust their services or manage their customer relationships accordingly. They should identify whether their customers are natural or legal persons or arrangements, conduct on an ongoing basis CDD procedures on all the customer’s UBOs and check the customer’s source of wealth (the economic activities producing the customer’s wealth) and the source of funds (source of financing of a specific transaction).

In case the change is determined by the VFA Licence Holders to be sufficiently important, the customer risk assessment will have to be carried out afresh instead of being simply updated.

VFA Services Licence Holders will have to pay attention to complex, unusual or large transactions, which will be determined on a case-by-case basis and depend on the size, type of customers, product and risk profile.

The consultation period is open until 23^rdNovember and all interested parties are encouraged to submit their feedback tothe authority.

Disclaimer: This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.

Article by Dr Samuel Gandin, GTG Advocates