The obligations of an MFSA Regulated Subject Person

When a firm is authorised by the Malta Financial Services Authority, its officers, who must also be approved by the MFSA, are committing themselves to ensuring that it will comply with all Maltese Laws and Regulations


When a firm is authorised by the Malta Financial Services Authority (MFSA), its officers, who must also be approved by the MFSA, are committing themselves to ensuring that it will comply with all Maltese Laws and Regulations.

This commitment is taken very seriously by the Authority and is considered to be an essential aspect of the privilege of being authorised.

This commitment includes a commitment to be compliant with Anti-money Laundering Laws and Regulations.

Understanding all the obligations that firms and subject persons are required to follow may be daunting for some, even though ensuring that one remains compliant is quite an uncomplicated manner. To that end, here is a quick summary of a firm’s obligations and legal commitments.

At the outset, a firm’s obligations function at three basic levels:


This level encapsulates both an ongoing and an event-driven dimension. Firstly, the firm needs to be aware of the risk it is taking on when it accepts customers, as well as what needs to be done to monitor and mitigate that risk.

Secondly, if an event occurs, then this immediately triggers an obligation on the firm’s part to revise both the risk element, as well as its monitoring processes. There may also be circumstances where the firm will be obliged to notify the MFSA and file a Suspicious Transaction Report with the FIAU about certain customers.


The firm is required to have arrangements and procedures in place to keep internal checks, and to ensure that its processes are functioning properly. This means that each firm must have documented policies and procedures in place, as well as individuals who will be held accountable to make sure that these policies and procedures are adhered to. Furthermore, the firm is also obliged to carry out checks for evidence to substantiate this.


The management has ultimate accountability for all the firm’s activities, and is also expected to take prompt, proactive action if something goes wrong. At times this may include the filing of Suspicious Transaction reports to the competent authorities, if the management come into possession of information that those authorities should be made aware of, even if it is not necessarily clear to the management what is going on.

These are three basic obligations that cannot be underestimated or dismissed. In fact, as the MFSA Head of Conduct Supervision, Emily Benson said, “these obligations lie at the core of any modern reputable financial system and its sustainability, quality and reputation. They are not optional, and firms cannot self-select compliance”.

There may be the possibility that, in carrying out their duties, a firm or an officer may find themselves grappling between their relationship with their client, their tipping-off obligations, and their obligations to notify competent authorities. In such instances, one can call upon legal advice to support them in their decision-making, but ultimately, the obligations belong to the subject person alone.

As a recap, the obligation is to report information that raises a suspicion that money laundering, terrorist financing or other criminal activity may take place or has done so. To make a report, it is not necessary to understand what that criminal activity is or to apply any kind of evidential test. Things “looking odd” can be enough.

There are multiple avenues one can look for help, but ultimately, four key areas need to be kept in mind:

Policies, Procedures and Records

It is a legal (and an MFSA) requirement for a firm to have documented policies and procedures in place, and to keep records of all aspects of the business. There are myriad reasons for this, but one of them is that word-of-mouth simply does not work as a replacement in this instance. If policies and procedures aren’t documented, internal disagreements may arise about what should have been done if things go wrong, which can be avoided with a clearly defined set of policies and procedures.

This also applies to client relationships and records relating to services provided through third parties. It is the Subject Person’s responsibility to ensure that they are reputable and carry on business legally and that they have good records. If things go wrong the accountability is of the Subject Person.


It is essential for firms to have an officer who is directly accountable for compliance, and who will report regularly to the board of directors. In many instances this officer would be the Money Laundering Reporting Officer (MLRO). In such case it is important to bear in mind that he or she would be the firm’s right-hand person when it comes to ensuring compliance in this area, and that competence and adequate time commitment are essential criteria. However, even when a firm does not need an MLRO, it is vital for there to be clarity and accountability surrounding all roles and responsibilities.


Staff need to be constantly trained and informed on the risks which the firm may face – which are constantly changing and evolving – as well as the firm’s planned responses, the procedures in place, and the guidance available. Regular training sessions go a long way towards lowering the potential risks, while also proving that the firm has taken all the steps necessary to avert said risks.

Independent Review

An independent review at regular intervals is worth its weight in gold. After all, it is very difficult, if not impossible, for anyone to adequately judge their own efforts. If the review recommends some changes, these should be acted upon immediately. If not, the review should be kept available for use just the same, since it would come in handy as evidence of a firm’s commitment towards compliance in the event of an inspection by the MFSA or the FIAU.

More in Business