Skip Navigation
Understanding Anti-Money Laundering (AML) Policies and Their Role in Financial Crime Prevention
Anti-money laundering (AML) policies play a central role in helping financial institutions detect, prevent, and report money laundering and terrorist financing. A risk-based AML compliance program should include robust customer due diligence (CDD), ongoing monitoring, and procedures aligned with directives such as the EU’s 4th Anti-Money Laundering Directive and standards set by the Financial Action Task Force (FATF).
From transaction monitoring to KYC, firms must establish clear responsibilities and processes that support compliance with AML regulation and counter the financing of terrorism. A2CO helps firms of all sizes (including those seeking a policy template for small firms) develop tailored frameworks that meet both local and international regulatory expectations.
Understanding Compliance Visits by Supervisory Authorities for Licence Holders in Malta
A compliance visit is a formal inspection carried out by a regulatory authority to assess whether an organisation is meeting its legal and operational obligations. In Malta, these visits are commonly conducted by the Financial Intelligence Analysis Unit (FIAU), the Malta Financial Services Authority (MFSA) and the Malta Gaming Authority (MGA). At A2CO, we work closely with licence holders to help them prepare for these inspections, avoid non-compliance, and maintain full alignment with supervisory expectations.
AML Compliance and Sanctions Oversight in Malta: What Supervisory Authorities Expect
Understanding Compliance Visits by Supervisory Authorities for Licence Holders in Malta
A compliance visit is a formal inspection carried out by a regulatory authority to assess whether an organisation is meeting its legal and operational obligations. In Malta, these visits are commonly conducted by the Financial Intelligence Analysis Unit (FIAU), the Malta Financial Services Authority (MFSA) and the Malta Gaming Authority (MGA).
At A2CO, we work closely with licence holders to help them prepare for these inspections, avoid non-compliance, and maintain full alignment with supervisory expectations.
What Happens During an AML Compliance Visit in Malta
Regulatory inspections play a key role in monitoring the ongoing compliance of subject persons, licensed entities and businesses that fall under specific legal frameworks. These inspections may be scheduled or unannounced, and often involve:
-
A review of your organisation’s internal policies and procedures
-
Interviews with key personnel such as the MLRO or compliance officer
-
Checks on risk assessments, AML controls and record-keeping systems
-
Inspection of client files, transaction logs and training documentation
Whether you hold a financial, gaming or company service provider licence, you may be selected for a supervisory visit as part of a routine risk-based approach or a thematic review.
Where relevant, a compliance visit may also include elements linked to employment law, such as reviews of work permit processes, employment contracts or documentation involving workers from overseas.
If your organisation operates in the gaming sector, MGA inspections may also evaluate your adherence to Malta Gaming Licence conditions, including responsible gaming measures and internal controls assigned to key function holders.
What to Expect from FIAU and MFSA Compliance Visits
The FIAU is responsible for monitoring AML and CFT compliance in Malta. It carries out inspections of subject persons, including company service providers, financial institutions, legal professionals and tax advisors. The MFSA may also carry out compliance inspections on behalf of the FIAU, particularly where financial services providers are involved.
A typical FIAU compliance visit may involve:
-
A review of your Business Risk Assessment and Customer Risk Assessments
-
Evaluation of your AML policies and procedures
-
Interviews with your Money Laundering Reporting Officer and senior staff
-
Checks on how you monitor client transactions and report suspicious activity
-
Confirmation of staff training on compliance procedures
If deficiencies are identified, the FIAU may issue follow-up directives requiring corrective action. A2CO supports clients with responding to FIAU directives, ensuring that remedial steps are completed accurately and within the prescribed timelines.
The SMB & EU / UN Sanctions obligations
Apart from AML obligations, subject persons are obliged to follow Sanctions obligations as described by the National Interest (Enabling Powers) Act of Malta. The Act obliges subject persons to follow European Union and United Nations Sanctions together with any National sanctions imposed by the Sanctions Monitoring Board (SMB) in Malta. The obligations includes the ongoing monitoring of sanctions, sanction reporting to the SMB and ensuring that policies and procedures are clear in relation to such Sanctions Obligations.
MGA Compliance Audits and Supervisory Reviews
The Malta Gaming Authority conducts several types of audits to ensure that operators meet their licence obligations. These may include:
-
System audits, typically completed prior to launching operations
-
System reviews, which evaluate ongoing procedures and technology setups
-
Compliance audits, which assess operational conduct, AML procedures and adherence to licence conditions
For gaming operators that also offer blockchain-based products, these reviews may intersect with services such as AML and KYC for crypto firms or token compliance advisory, depending on the structure of your business.
Understanding Compliance Visits by Supervisory Authorities for Licence Holders in Malta
A compliance visit is a formal inspection carried out by a regulatory authority to assess whether an organisation is meeting its legal and operational obligations. In Malta, these visits are commonly conducted by the Financial Intelligence Analysis Unit (FIAU), the Malta Financial Services Authority (MFSA) and the Malta Gaming Authority (MGA).
At A2CO, we work closely with licence holders to help them prepare for these inspections, avoid non-compliance, and maintain full alignment with supervisory expectations.
What Happens During an AML Compliance Visit in Malta
Regulatory inspections play a key role in monitoring the ongoing compliance of subject persons, licensed entities and businesses that fall under specific legal frameworks. These inspections may be scheduled or unannounced, and often involve:
-
A review of your organisation’s internal policies and procedures
-
Interviews with key personnel such as the MLRO or compliance officer
-
Checks on risk assessments, AML controls and record-keeping systems
-
Inspection of client files, transaction logs and training documentation
Whether you hold a financial, gaming or company service provider licence, you may be selected for a supervisory visit as part of a routine risk-based approach or a thematic review.
Where relevant, a compliance visit may also include elements linked to employment law, such as reviews of work permit processes, employment contracts or documentation involving workers from overseas.
If your organisation operates in the gaming sector, MGA inspections may also evaluate your adherence to Malta Gaming Licence conditions, including responsible gaming measures and internal controls assigned to key function holders.
What to Expect from FIAU and MFSA Compliance Visits
The FIAU is responsible for monitoring AML and CFT compliance in Malta. It carries out inspections of subject persons, including company service providers, financial institutions, legal professionals and tax advisors. The MFSA may also carry out compliance inspections on behalf of the FIAU, particularly where financial services providers are involved.
A typical FIAU compliance visit may involve:
-
A review of your Business Risk Assessment and Customer Risk Assessments
-
Evaluation of your AML policies and procedures
-
Interviews with your Money Laundering Reporting Officer and senior staff
-
Checks on how you monitor client transactions and report suspicious activity
-
Confirmation of staff training on compliance procedures
If deficiencies are identified, the FIAU may issue follow-up directives requiring corrective action. A2CO supports clients with responding to FIAU directives, ensuring that remedial steps are completed accurately and within the prescribed timelines.
The SMB & EU / UN Sanctions obligations
Apart from AML obligations, subject persons are obliged to follow Sanctions obligations as described by the National Interest (Enabling Powers) Act of Malta. The Act obliges subject persons to follow European Union and United Nations Sanctions together with any National sanctions imposed by the Sanctions Monitoring Board (SMB) in Malta. The obligations includes the ongoing monitoring of sanctions, sanction reporting to the SMB and ensuring that policies and procedures are clear in relation to such Sanctions Obligations.
MGA Compliance Audits and Supervisory Reviews
The Malta Gaming Authority conducts several types of audits to ensure that operators meet their licence obligations. These may include:
-
System audits, typically completed prior to launching operations
-
System reviews, which evaluate ongoing procedures and technology setups
-
Compliance audits, which assess operational conduct, AML procedures and adherence to licence conditions
For gaming operators that also offer blockchain-based products, these reviews may intersect with services such as AML and KYC for crypto firms or token compliance advisory, depending on the structure of your business.
Our Services
At A2CO, we help you stay on top of your compliance obligations with practical, structured support that reflects the expectations of Maltese regulators. We also ensure your wider compliance framework remains aligned, including bookkeeping processes, GDPR and data protection practices, and registered office requirements, all of which may be reviewed during supervisory visits. Our services include:
-
Comprehensive policy and documentation reviews to ensure compliance with current legal requirements
-
Mock audits and inspection simulations to help you prepare and identify any areas of risk
-
Support in developing or updating your AML risk model and CRA
-
Assistance during the visit itself, helping your team present accurate records, explain systems in place, and respond to inspection queries confidently
-
Action planning and support following the inspection, including help with remediation and reporting
Why Choose A2CO
-
A proven track record supporting clients through FIAU, MFSA and MGA inspections
-
In-depth knowledge of AML compliance advisory practices and supervisory frameworks
-
Clear, actionable advice tailored to your licence type and sector
-
Practical insights that improve compliance and reduce risk
-
Full alignment with regulatory expectations, from pre-licence to post-licence stages
Frequently Asked Questions
Regulators will inspect your AML framework, request to see internal documents, carry out interviews, and verify whether your organisation is compliant with its licence obligations.
MGA audits may be carried out by the Authority itself or by appointed audit firms. They are generally conducted during the lifecycle of your licence, often as part of post-licence supervision.
A compliance visit may be broader and include supervisory inspections. An audit tends to focus on operational reviews, systems and policies linked to a specific licence.
You will need to prepare an action plan and demonstrate full adherence to the FIAU’s instructions. A2CO can support you throughout this process.
You should review your AML policies, train your key staff, prepare your risk assessments and ensure that your MLRO is ready to lead discussions with officials.
