Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Implementing Procedures
Issued: 16 December 2020
Issued by the Financial Intelligence Analysis Unit in terms of the provisions of the Prevention of Money Laundering and Funding of Terrorism Regulations
Part II
Company ServiceProviders
Page 2
| Financial Intelligence Analysis Unit
CONTENTS
Abbreviations
1. Introduction to the Implementing Procedures Part II for CSPs 1.1 THE PURPOSE OF THESE IMPLEMENTING PROCEDURES
1.2 MALTA’S NATIONAL ML/FT RISK ASSESSMENT
1.3 DEFINITIONS
1.3.1 Arranging
1.3.2 Formation of Companies and other Commercial Partnerships
1.3.3 The Customer
1.3.4 Distinguishing between the concepts of Introducer, Intermediary and Agent
1.3.5 Distinction between intermediation and reliance
2. Customer Due Diligence 2.1 CDD ON INTERMEDIARIES AND AGENTS
4
5
5
6
6
6
7
7
8
11
13
13
Page 3
Implementing Procedures | Part II – Company Service Providers
2.1.1 A person acting solely as Introducer
2.1.2 A person acting as an Intermediary
2.1.3 A person acting as an Agent
2.2 PURPOSE AND INTENDED NATURE, AND ESTABLISHING THE CUSTOMER’S BUSINESS AND RISK PROFILE
2.3 COMPLYING WITH REGULATION 7(1)(C) WHEN PROVIDING COMPANY FORMATION SERVICES
2.4 ONGOING MONITORING OF BUSINESS RELATIONSHIPS
2.4.1 Scrutiny of Transactions
2.4.2 Keeping CDD data, information and documentation up to date
2.4.3 General Principles applicable to ongoing monitoring
2.4.4 Risk-based approach to ongoing monitoring
2.4.5 Complex and unusual types of transactions
2.5 TIMING OF DUE DILIGENCE PROCEDURES
2.6 TERMINATION OF BUSINESS RELATIONSHIPS FOR THE PURPOSES OF AML/CFT OBLIGATIONS
2.7 SANCTIONS SCREENING
Annex 1: Explanatory Scenarios
13
13
15
18
20
20
20
21
22
23
26
26
27
28
30
Page 4
| Financial Intelligence Analysis Unit
ABBREVIATIONSAML/CFT Anti-Money Laundering and the Combating of Funding of Terrorism
BO BeneficialOwner
CDD Customer Due Diligence
CFT Countering the Funding of Terrorism
CSP Company Service Provider
CSP Act CompanyServiceProvidersAct(Cap.529oftheLawsofMalta)
EDD Enhanced Customer Due Diligence
EUROPOL EuropeanUnionAgencyforLawEnforcementCo-Operation
FATF Financial Action Task Force
FIAU Financial Intelligence Analysis Unit
FT Funding of Terrorism
ID&V IdentificationandVerification
MBR Malta Business Registry
ML Money Laundering
ML/FT Money Laundering and Funding of Terrorism
MLRO MoneyLaunderingReportingOfficer
MONEYVAL Council of Europe Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism
NRA National Risk Assessment
STR Suspicious Transaction Report
Page 5
Implementing Procedures | Part II – Company Service Providers
1. Introduction to the Implementing Procedures Part II for CSPs 1.1 THE PURPOSE OF THESE IMPLEMENTING PROCEDURES
The number of company service providers inMalta has grown exponentially over the past few years, as the islandcontinuestoattractinternationalbusinesstoitsshores.Atthetimeofpublicationofthisdocument,therewerejustunder600professionalsandfirmsprovidingcompanyservicesintermsoftheCompanyServiceProvidersAct(Cap.529oftheLawsofMalta–“CSPAct”).
Theactivitiesthatcanbeperformedbyacompanyserviceprovider(“CSP”)emergefromtheCSPAct,andaredefinedasfollows:
“companyserviceprovider”meansanynaturalor legalpersonwhich,bywayofbusiness,providesanyofthefollowingservicestothirdparties:
a) formation of companies or other legal entities;
b) acting as or arranging for another person to act as director or secretary of a company, a partner in apartnership or in a similar position in relation to other legal entities;
c) provisionofa registeredoffice,abusinesscorrespondenceoradministrativeaddressandother relatedservicesforacompany,apartnershiporanyotherlegalentity.
These Implementing Procedures Part II are applicable to persons and entities carrying out the services envisaged under the CSP Act1.
The purpose of this document is:
a) tointerpretandprovidesector-specificguidanceontheimplementationofparticularanti-moneylaunderingand the combating of funding of terrorism (“AML/CFT”) obligations that warrant further elaboration at anindustry-specificlevel;andalso
b) toprovidedetailedinformationonmoneylaunderingandfundingofterrorism(“ML/FT”)riskstoassistCSPsinformulatingabetterunderstandingoftheML/FTriskstheyfaceandensurethattheyarebetterequippedtodetectandreportML/FTsuspicions.
ItisimportantthatthisdocumentisreadinconjunctionwiththeImplementing Procedures Part I.
ThisdocumenthasbeendraftedfollowingconsultationwiththeInstituteofFinancialServicesPractitionersandtheMaltaFinancial Services Authority.
1TheseImplementingProceduresPartIIareintendedtoprovideAML/CFTguidancetoCSPswhentheyformand/orprovideother services to companies or commercial partnerships. The formation and provision of services to other types of legal entities,eventhougharelevantactivity,doesnotfallwithinthescopeofthisdocument.
Page 6
| Financial Intelligence Analysis Unit
1.2 MALTA’S NATIONAL ML/FT RISK ASSESSMENT
AccordingtotheresultsoftheML/FTNationalRiskAssessment(“NRA”)publishedbytheGovernmentofMaltain2018,theCSPsectorwasidentifiedaspresentingahighriskofML/FTtoMaltainviewoftheinherentriskstowhichthesectorisexposed,coupledwithweakimplementationofAML/CFTcontrols.
TheNRAidentifiedthefollowingkeyinherentriskdriversforCSPs:
i) Significantvolumeofhigh-riskclients–mostnotably thehigh incidenceofnon-residentbeneficialowners(BOs);
ii) Services provided are risky in nature–specificallythesettingupofcorporatestructuresthatarecomplex,andtheholdingofsharesinafiduciarycapacity;
iii) High level of geographical risk–drivenbytheconsiderablenumberofnon-EUresidentBOsofcompaniessetupinMalta,withasignificantexposuretoriskyjurisdictions;
iv) Large volume of international business handled by CSPs; and
v) Higher service interface risk–consideringthatasignificantportionofCSPclientsareon-boardedonanon-face-to-facebasis,withtheinvolvementofintermediaries.
TheNRAmoreoverconcludedthatthelevelofeffectivenessofAML/CFTcontrolsimplementedbyCSPswasweak,whichfurthercontributedtothesector’shighexposuretoML/FTrisks.Thiswasduetoanumberoffactors.
ThenumberofSTRreportssubmittedbyCSPsinproportiontotheML/FTrisksthattheyareexposedtoissignificantlylow.ThismaybeindicativeofaweakawarenessofML/FTrisks.CSPsoftendonothaveexpertiseinunderstandinghowtheirproductsandservicesmaybemisusedforML/FT.ThelowlevelofSTRreportingisalsoindicativeofweakAML/CFTcontrolsand,inparticular,ofineffectiveongoingmonitoringprocedurestoidentifysuspicioustransactions.
CSPsoften lack the resourcesand specialisationof larger financial institutions todedicate to the implementationofeffectiveandrobustAML/CFTcontrolsandalsooftenhavefewindependentchecksandbalancestomonitortheeffectiveimplementationoftheirAML/CFTobligations.
1.3 DEFINITIONS
Under this section, certain terminology that is envisaged under the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01 – “PMLFTR”), as well as the Implementing Procedures Part I, will be specifically defined in the context of company services to ensure consistencyin the interpretation of these terms by CSPs and, consequentially, in the application of their AML/CFTobligations.
1.3.1 Arranging
Whenitcomestoarrangingforanotherpersontoactasadirectororsecretaryofacompany,apartnerinapartnership,orasimilarpositioninrelationtootherlegalentities,CSPsaretorefertothedefinitionof‘arranging’assetoutinanyrulesor regulations issued under the CSP Act. It should be noted that arranging does not include the process of headhunting oradvertisingtofindasuitablecandidateforaposition.Theseserviceswouldtypicallybecarriedoutbyrecruitmentagencies.
Page 7
Implementing Procedures | Part II – Company Service Providers
The mere compilation of statutory forms or the carrying out of other formalities necessary for the appointment of a companydirector, secretaryor similarpositions inother legal entities is not considered tobea serviceof arrangingforsomeonetoactasadirector,secretaryoranequivalentposition.NorisitconsideredtobeacompanyserviceorarelevantactivitythatwarrantstheapplicationofAML/CFTobligations.
1.3.2 Formation of Companies and other Commercial Partnerships
Formationservicesconsist in theprovisionofservices to incorporatecompaniesorsetupcommercialpartnerships,inwhichonewouldbeactivelyassistinginthepreparationandsubmissionofrelevantdocumentationandliaisingwithrelevant registers for the purpose of setting up a company.
When the services only entail the compilation and submission of ancillary statutory forms to set up a company or other commercial partnership (e.g., beneficial ownership declarations), one would not beproviding a formation service for the purposes of the PMLFTR and these Implementing Procedures Part II.
1.3.3 The Customer
ThePMLFTRdefineacustomerasalegalornaturalpersonseekingtoform(i.e.,apotentialcustomer)orhasformed(i.e.,anexistingcustomer)abusinessrelationship,oralegalornaturalpersonseekingtocarryoutanoccasionaltransactionwithasubjectperson.
InthecaseofCSPs,thetypeofcustomervariesdependingontheservicesthatarebeingprovided.Thetablebelowprovidesaninterpretationofwhothecustomerisinthecontextofthevariouscompanyservicesthatmaybeprovidedby CSPs:
Company Service
Formation of a company or a commercial partnership
Actingasadirectororsecretaryofacompany,orapartnerinacommercialpartnership,orarrangingfor another person to act as such
Provisionofregisteredoffice,businesscorrespondence or administrative address or related services to a company or commercial partnership
Who is the Customer?
Theprospectiveshareholder/BO/partner,forwhomthecompany or other legal entity willbesetup
The company or commercial partnershiptowhichsuchservicesareoffered
The company or commercial partnershiptowhichtheseservicesareoffered
Nature of Service
Occasionaltransaction
Business relationship
Business relationship
Page 8
| Financial Intelligence Analysis Unit
ThepersonrequestingtheCSP’sservicesmaybethecustomerhimself/herself.However,theremaybecircumstancesinwhichthecustomerwouldberepresentedbyanotherpersonorentity.IntheCSPcontext,customersmayberepresentedeither by:
a) Intermediaries –who introduce the customer to theCSPand remain involved in thebusiness relationshipbetweenthecustomerandtheCSP,bygivinginstructionstotheCSPonthecustomer’soperationsorbyco-ordinatingworkforthecustomer;or
b) Agents –whoactonbehalf of acustomerandcanbind theunderlyingcustomer, for exampleby signinglettersofengagement (therebycreatingan indirect relationshipbetween theCSPand thecustomerandadirectrelationshipwiththeAgent).Whenthecustomerisacompanyorcommercialpartnership,itsdirectorsandpartners,whoarelegallyempoweredtorepresentandbindthecompanyorcommercialpartnership,arelikewiseconsideredtobeagentswhentheyexercisetheselegalrepresentationpowerstobindthecompanyorcommercial partnership. These individuals are typically involved in the carrying out of an occasional transaction orbusinessrelationshipbygivinginstructionstotheCSPthatbindthecompanyorpartnership,orbytakingactionsthatlikewisebindthecompanyorcommercialpartnership(e.g.,signingcontractsonthecompany’sbehalf).
It should be noted that persons or entities that merely act as introducers by putting a prospective customer in contact withtheCSP,withouthavinganyfurtherinvolvementinthesettingupandoperationofaparticularbusinessrelationshiporthecarryingoutofanoccasionaltransaction,arenotconsideredtobeeitherintermediariesoragents.TheCSPwouldbecreatingadirectrelationshipwiththecustomerfollowingtheintroduction,andtheintroducerwouldplaynofurtherrole,suchasbyrepresentingthecustomerorgivinginstructionsonhisbehalf.Thus,noAML/CFTobligationsariseinrelationtotheintroducer.Withthatsaid,theintegrityandtypeofclientelebroughtforwardbyanintroducerimplicatedincriminalitymaybecompromisedandCSPsmaywishtocarryoutperiodicchecksonopensourcestoensurethereisnosignificantadversemediaontheintroducer.
Inordertobetterunderstandthesetypesofrelationships,theconceptsofAgentandIntermediarymustfirstbeexamined.
1.3.4 Distinguishing between the concepts of Introducer, Intermediary and Agent
1.3.4.1 The Introducer
AnIntroducerisdefinedasapersonwhotypically(thoughnotnecessarily)wouldhaveabusinessrelationshipwithathirdparty(who,inthiscase,wouldbetheIntroducer’sclient)andwhointroducesthatthirdpartytoaCSP.Theintentionwouldbethatthethirdpartywouldformabusinessrelationshiporconductaone-offtransactiondirectlywiththeCSP.InthiswaytheIntroducer’sclientorthirdpartybecomesacustomeroftheCSPdirectly.
The Introducer’s role is solely tomake the introduction, and he would have no further involvement in the businessrelationshipor theoccasional transactionthatwouldbeestablishedorcarriedout. It is the identityof the introducedcustomerthatmustthenbeestablishedandverified,andnoAML/CFTobligationsariseinrelationtotheIntroducer.
1.3.4.2 The Intermediary
TherearesituationswhenanIntroducerintroducesathirdpartytoaCSP,butthenproceedstoremainactivelyinvolvedincarryingout theoccasional transactionor in thebusinessrelationshipestablishedwith theCSP.Thiscouldbe, forinstance,bybeingresponsibleforcommunicatingclientinstructionstotheCSP(bothattheinitialstageswhencarrying
Page 9
Implementing Procedures | Part II – Company Service Providers
1.3.4.3 The Agent
AnAgentisapersonwhoactsonthecustomer’sbehalf(beitthecorporateclientitselfortheprospectiveshareholder,partnerorBO)andhastheauthoritytobindthecustomerwithhis/heractions.Apersonwhoexecutestransactionsforandonbehalfofacustomer(suchaswhendulyappointedtoactassignatoryonthecustomer’sbankaccount)orwhoisdulyauthorisedtosigncontracts/agreementsbindingthecustomer(suchasacompanydirector)areconsideredtobeAgents.
The role of company directors and partners as agents
Thosecompanydirectorswhoare vestedwith the legal and judicial representationof theCompanyandpartnersofCommercialPartnershipswho,withinthecontextofanoccasionaltransactionorabusinessrelationship,actonbehalfoftheCompany(e.g.,signingcontracts,agreementsorlettersofengagement),arelikewiseconsideredtobeagentswhopurport to act on behalf of the respective company or commercial partnership.
IntermsofRegulation7(3)thesewouldthereforeberequiredtobeidentifiedandverified,andtheCSPisexpectedtoensurethattheyareauthorisedinwritingtoactonthecustomer’sbehalf.AsisexplainedinfurtherdetailunderSection2.1.3.1,notalldirectorsandpartnersneedtohavetheiridentityandauthorisationverified;thisappliesonlytothosewhoexercisethelegalpowerstobindthecompanyorcommercialpartnershipswithinthecontextofanoccasionaltransactionorbusinessrelationshipcarriedoutorestablishedwiththeCSP.
out an occasional transaction or setting up a business relationship, or throughout that business relationship,as the case may be) without necessarily being legallyauthorisedtobindthecustomerinthesamewayasanAgentwould.Thisscenarioisexplainedinthefollowingsection.
Insuchascenario, thepersonmaking the introductiondoes not remain an introducer but becomes an Intermediary. An Intermediary may, therefore, bean individual who enjoys the customer’s trust andcommunicates the customer’s intentions, instructionsand decisions in relation to a particular transaction or matter to the CSP, and/or undertakes specific tasksor activities (such as project management, vetting ofdocuments, general co-ordination of the project, andgivinglegalorotheradvicetotheclient),withouthavinganypowerstobindthecustomer.
In this scenario, while the CSP is always, naturally,obligedtocarryoutCDDmeasuresonthecustomer,theCSP must also carry out further due diligence measures ontheIntermediary.GuidanceonhowtocarryoutCDDis provided in Section 2.1 of this document.
Page 10
| Financial Intelligence Analysis Unit
1.3.4.4 Application of the distinction in real-life scenarios
IntermediaryrelationshipstypicallyinvolveanotherlocalorforeignCSP,trusteeand/orwealthmanagementfirm,familyoffice(ormulti-familyoffice),lawfirm,accountancy/auditfirmorotherprofessionalfirm.TheIntermediary,inthiscase,does not stop at merely introducingthecustomer,asexplainedabove,butremainsinvolvedasthepoint of reference to carryoutthatoccasionaltransactionorbusinessrelationship,withoutnecessarilyhavingthecapacitytoactuallybind the customer.
ThefactthatallcorrespondencetakesplacebetweentheCSPandtheintroducinglawfirmorotherprofessionalfirmastheIntermediary(andirrespectiveofwhetherthecustomerisalwaysormostlycopiedin,nevercopiedinorcopiedinonlyrarely),isinitselfindicativeofthelawfirmorotherprofessionalfirmactuallyactingasanIntermediaryandnotmerelyasan Introducer.
Whileeachcasemustnecessarilybeassessedonitsownmerits,theremaybecircumstancesthatwouldindicatethatthepurportedintroducerisnotsimplyanIntroducer,butisactuallyactingasanIntermediary,forinstance:
• instructionsarealwaysormostlyprovidedbyapersonpurportingtobemerelyanIntroducer;
• the letterofengagement isenteredintowiththepurportedIntroducer,whothenendsupco-ordinatingtheproject;or
• theletterofengagementisenteredintowiththecustomerdirectly,butinteractionbetweentheCSPandthecustomer takes place through the purported Introducer.
WhenitcomestodeterminingwhetherapersonisanIntermediaryoramereIntroducer,itisirrelevantwhetheritistheIntermediaryortheunderlyingcustomerwhoultimatelypaysthefeesoristakingtheriskofnon-paymentoffees.Itisalsoirrelevantwhoultimatelydecidesissues;thatis,whethertheunderlyingcustomerhasgiventheIntermediarysomeformalauthoritytotakedecisionsoncertainmattersorwhethertheIntermediaryisrequiredtoreferallmatterstotheunderlyingcustomer for a decision.
Page 11
Implementing Procedures | Part II – Company Service Providers
Inotherwords,anysituationinwhichanindividualorentitycarriesoutadditionalactivitiesbeyondmerelyintroducingthecustomertotheCSPandstoppingthere,rendersthatindividualorentityanIntermediary,therebynecessitatingtheapplication of due diligence measures on that Intermediary.
Itmighttranspirewhile(orevenafter)settingupabusinessrelationshipthatapresumedcustomerorcompanyBOisactingonbehalfofanotherperson,i.e.,aprestanome,fiduciarymandatoryorfrontman.ACSPmaybecomeawareofthesesituationsthroughvariousbehaviouralindicators,suchaswhen:
i) thepresumedcustomer/BOisnotabletoprovideoutrightinstructionsonthecompany’soperationssincehe/she has to refer decisions to someone else;
ii) correspondencebetweentheCSPandthecustomer/BOmightinvolveathirdparty,whichisunknowntotheCSP;
iii) theCSP’sprofessionalfeesarebeingpaidupbysomeoneelseotherthanthepresumedcustomer/BO;or
iv) thepresumedcustomer/BOshowsalackofdetailedunderstandingaboutthecompany’sbusiness.
Intheseinstances,andunlessthereexistsalegitimateexplanation,CSPsshouldconsidersubmittinganSTRtotheFIAUand desist from providing further services to this customer.
1.3.5 Distinction between intermediation and reliance
ItisimportanttodistinguishanIntermediaryorAgentrelationshipfromasituationwhenrelianceisbeingplacedintermsofRegulation12ofthePMLFTR.Thetwoshouldnotbeconfusedsincetheyarecompletelydistinct,andonedoesnotnecessarilyinvolvetheother.Thatis,aCSPcanbedealingwithanAgentoranIntermediarywithoutplacingrelianceonthatAgent/Intermediary,justasaCSPcanrelyonanothersubjectpersonorathirdpartyintermsofRegulation12withoutthatothersubjectperson/thirdpartybeinganAgentoranIntermediarywithregardtotheCSP.
IncertaincircumstancesanIntroducer,IntermediaryorAgentcouldbeanothersubjectpersonorthirdpartysubjecttoAML/CFTobligationsinanotherjurisdictiononwhomtheCSPispermittedatlawtoplacereliancetocarryoutsomeaspectsofCDDinaccordancewithRegulation12ofthePMLFTR.Inthiscase,itisuptotheCSPtodeterminewhethertoplacerelianceor,alternatively,toconductitsownCDDontheunderlyingcustomer(besidesalsoontheIntermediaryorAgent).
Forfurtherguidanceonimplementationoftherelianceprovisions,seeSection4.10oftheImplementing Procedures Part I.
Page 13
Implementing Procedures | Part II – Company Service Providers
2. Customer Due Diligence ThisdocumentwillnotreinterpretorprovideguidanceonthecustomerduediligenceobligationsthatCSPs,assubjectpersons,mustapplyinrelationtotheoccasionaltransactionstheycarryoutandbusinessrelationshipstheyenterinto.ThepurposeofthisdocumentistofocusonspecificaspectsofCDDthatmeritsector-specificguidance.InthisChapter,whichshallfocusonCDDobligations,guidancewillbeprovidedonthefollowingaspects:
• CDD on intermediaries and agents;
• assessing and, as appropriate, obtaining informationon thepurpose and intendednature of thebusinessrelationship,andestablishingthecustomer’sbusinessandriskprofile;
• ongoing monitoring;
• the timing of CDD obligations; and
• the termination of business relationships.
2.1 CDD ON INTERMEDIARIES AND AGENTS
2.1.1 A person acting solely as Introducer
WhenapersonactssolelyasanIntroducer,havingnofurtherinvolvementotherthanintroducingthecustomer,by,forinstance,providinginstructionsorotherwiserepresentingthecustomer,theCSPwouldnotberequiredtocarryoutanyCDD on the Introducer.
2.1.2 A person acting as an Intermediary
CSPsshouldhaveinternalprocessestoreviewandapproveIntermediariesbeforetheCSPstartsservicingcustomerswhoareintroducedandrepresentedbytheseIntermediaries.TheseinternalprocessesarenecessaryforCSPstoensurethattheydealwithIntermediarieswhoarereputableandofgoodstanding,whichwillitselfreflectonthequality,standingand intentionofcustomerswhoare introducedtothem.These internalprocessesshouldrequireseniormanagementapprovalbeforeanyworkingrelationshipswithintermediariesareinitiated.TheseprocessesshouldalsorequirescrutinyandduediligencetobecarriedoutontheIntermediaryfortheseniormanagement’sdeterminationtobewellinformed.Thisscrutinyandduediligenceshouldincludethefollowing:
Page 14
| Financial Intelligence Analysis Unit
Basic checks for all Intermediaries
a) determinewhethertheIntermediarywouldberepresentingendcustomerstowhom/whichcompanyserviceswillbeprovided,orwhethertheIntermediarywillbepassingoninstructionsfromanotherintermediary/otherintermediaries,oneofwhichwouldultimatelyrepresenttheendcustomer(i.e.,“IntermediaryChains”);
b) establish the existence of the Intermediary through public sources;
c) assess, and be satisfiedwith, the Intermediary’s reputability and integrity. Thiswould involve carrying outpublicsearches(e.g.,usingonlinesearchengines,metasearchenginesorcommercialdatabases)toassesswhetheranyadverseinformationexistsontheIntermediary,whichwouldraisedoubtsabouttheIntermediary’sintegrity,suchasinvolvementinanywrongdoing(e.g.,criminaloffencesorbreachesofAML/CFT,prudentialor other professional obligations).Moreover, given that these Intermediaries are typically professional law,accountancyor tax advisory firmsor otherCSPs, theCSPwould alsobe expected to confirm that theseIntermediariesarelicensed,regulatedorareaccreditedprofessionals,asthecasemaybe;and,
d) whentherelationshipwiththeIntermediaryisongoing,CSPsaretocarryoutregularcheckstoensurethattheinformationobtainedatthepointofestablishingtheworkingrelationshipwiththeIntermediaryremainscurrentandtobeawareofanynewinformationthatmightconcerntheIntermediary’sreputabilityandintegrity.Theseongoing checks are expected to be carried out at least on an annual basis.
Additional checks for higher risk Intermediaries
HigherriskIntermediarieswouldincludeIntermediarieswhoare:
• notsubjecttoanylicensing,regulationorprofessionalaccreditation;
• situatedinhigh-riskornon-reputablejurisdictions;or
• lessrenownedandonwhomitisdifficulttofindinformationthroughpublicsources.
BeforeestablishingworkingrelationshipswithhigherriskIntermediaries,CSPsshouldbemorecautiousandshouldcarryout additional and more in-depth checks on these Intermediaries. These additional checks may include:
a) identifying and verifying the Intermediary’s identity by collecting the necessary identification details andverifyingthoseidentificationdetailsonthebasisofdata,documentsorotherinformation,asisexplainedunderSection4.3.1oftheImplementingProceduresPartI. InthecaseofIntermediariesthatarefirmsorentities,CSPsshouldalso identifythedirectors,partnersoradministratorsoftheseIntermediariesandalso identifyandverifytheidentityoftheirultimateBOs.Seesection4.3.2oftheImplementingProceduresPartIforfurtherdetailsonthe identificationandverificationprocedurestobeapplied in thecaseof Intermediaries thatareentitiesorfirms;
b) inthecaseofIntermediariesthatareentitiesorfirms,extendingthereputabilityandintegritychecksenvisagedunderparagraph(c)ofthelistofbasicchecksforIntermediariestocovernotonlytheIntermediary,butalsoitsdirectors,partnersoradministrators,anditsultimateBOs;
c) gathering further information on their internal AML/CFT procedures (where applicable) to formulate anunderstanding of the Intermediary’s compliance culture;
d) holdingintroductorymeetings(physicalorvirtualmeetingsusingavideo-conferencingfacility);
Page 15
Implementing Procedures | Part II – Company Service Providers
e) inthecaseofIntermediaryChains,carryingouttheaboveproceduresoneachandeveryIntermediaryinthechain; and
f) wheretherelationshipwiththeIntermediaryisongoing,CSPsaretocarryoutregularcheckstoensurethattheinformationobtainedatthepointofestablishingtheworkingrelationshipwiththeIntermediaryremainscurrentandtobeawareofanynewinformationthatmightconcerntheIntermediary’sreputabilityandintegrity.Theseongoing checks are expected to be carried out at least on an annual basis.
ThissectionisintendedtoprovideguidanceontheduediligencechecksthataretobecarriedoutbyCSPswhentheyseektoestablishaworkingrelationshipwithanIntermediary.WhenCSPswould,inaddition,beplacingrelianceontheCDDmeasurescarriedoutbyIntermediariesontheendcustomers,CSPsshouldabidebyandfollowtheprovisionsofRegulation12ofthePMLFTR,whichareexplainedinfurtherdetailunderSection4.10oftheImplementing Procedures Part I.
2.1.3 A person acting as an Agent
WhereacustomerisrepresentedbyanAgent,whoactsonhis/herbehalftocarryoutanoccasionaltransactionortosetupabusinessrelationship,orelseisempoweredtoactonbehalfofandbindthecustomerthroughoutthebusinessrelationship, theCSPmustnotonly identifyandverify thecustomerbutmustalsocarryoutspecificCDDmeasuresonthatAgent,whoispurportingtoactonthecustomer’sbehalfinlinewiththerequirementsofRegulation7(3)ofthePMLFTR.
Page 16
| Financial Intelligence Analysis Unit
Thefollowingpersonsorentitieswouldbeconsideredtobeactingforandonbehalfofthecustomer:
a) directorsorpartnerswhoareauthorisedto legally represent thecorporatecustomerandwhotakeactionsthat formallybind thecompanyor legal entitywithin thecontextof anoccasional transactionorbusinessrelationship, suchasby signing lettersof engagementwith theCSPorby signingoffanyoperationsandagreements that bind the company or commercial partnership throughout the business relationship; and
b) otherpersonswhoareempoweredtoactonthecustomer’sbehalf,suchasbycarryingouttransactionsonbehalfofthecorporatecustomerbeingservicedbytheCSP(e.g.,banksignatories),orpersonswho,bymeansofapowerofattorneyorresolution,areauthorisedtotakeanyactionthatbindsthecorporatecustomer.
Inthesecases,theCSPisexpectedtoabidebytherequirementsofRegulation7(3)ofthePMLFTRandSection4.2.1(CustomervsAgent)oftheImplementing Procedures Part I,whichrequiretheCSPtoidentifyandverifytheidentityofanypersonpurportingtoactonthecustomer’sbehalf,andtoalsoensurethatthispersonisauthorisedinwritingtoacton the customer’s behalf.
2.1.3.1 Treatment of directors and partners
WhileCSPsareexpected to identifyalldirectorsorpartnersofcorporatecustomers (seeparagraphs (iii)ofSections4.3.2.1 and4.3.2.3of the Implementing Procedures Part I),CSPsarenot expected to verify the identity of all thesedirectors,butonlythosewhoareauthorisedtolegallyrepresentthecorporatecustomerandwhoexercisethatpowerofrepresentationwithinthecontextofanoccasionaltransactionorabusinessrelationship.
Inthisregard,CSPsmustalsoascertainthatthesedirectorsareactuallyvestedwiththepowertolegallyrepresentthecorporatecustomer.Thesameappliestopartnersofcommercialpartnerships(seeparagraph(iii)ofSection4.3.2.3.ofthe Implementing Procedures Part 1).
In order to ascertain that directors and partners are duly authorised to represent the respective company or commercial partnership,referencemaybemadetotheconstitutivedocumentofthatrespectivelegalentity,suchastheMemorandumandArticlesofAssociationsorotherstatutorydocument,ortoanypowerofattorneyorresolutionauthorisingthepersonconcerned.
Scenario example
Acompanyhasfourdirectors,andthelegalandjudicialrepresentationofthecompanyisvestedinallfourdirectors jointly.Onedirectorsigned the letterofengagementwith theCSP for theprovisionof registeredofficeservices,asauthorisedbyadirectors’resolution.Inthisparticularcase,theCSPisexpectedtoidentifyall directors by collecting their identification details (see paragraph (iii) of Section 4.3.2.1 – Implementing Procedures Part I).
TheCSPishowevernotrequiredtoverifytheidentityofallfourdirectorsbutof that one directorwhoexercisedhispowerofrepresentationtosigntheletterofengagementonthecompany’sbehalf.TheCSPshouldalsoverifythatthisdirectorwasauthorisedtobindthecompany,andsoshouldobtainacopyoftheresolutionthatauthorisedhim/hertosignofftheletterofengagement.
Page 17
Implementing Procedures | Part II – Company Service Providers
2.1.3.2 Provision of instructions by staff members of corporate entities
TheremayalsobeinstanceswhentheCSPisapproachedbyanindividual(suchasaCEOorCFO),actingonbehalfofthecompanyorentity,toestablishabusinessrelationshipwiththeCSP.Asexplainedabove,theCSPisexpectedtoidentifyandverifythisindividual’sidentity,andalsotoascertainthathe/sheisdulyauthorisedtorepresentthecompany.
However,asthebusinessrelationshipprogresses,theCSPstartsreceivinginstructionsfrommembersofstaffworkingwithinthatCEOorCFO’steam.TherequirementtoensurethattheactualpersonsendinginstructionsbindingtheentityissovestedwiththatauthorityisnottobeinterpretedtomeanthattheCSPshouldrequiredocumentationtoascertainthateachstaffmembergivinginstructionsissoauthorised.InthesecasestheCSPshouldverifythelinkbetweenthismemberofstaffandtheentity.Thiscanbedoneby,forexample,ensuringthattherelevantindividual(theCEOorCFO,inthiscase)iscopiedinontherelevantemailssentbythestaffmemberinquestion,whichwouldenabletheCSPtoassumethattheCEOorCFOisawarethatthisstaffmemberisgivingbindinginstructions.
Alternatively,theCSPcouldalsobeconsideredashavingverifiedthelinkbetweenthememberofstaffandtherespectiveentityifthatmemberofstaffwouldhavebeenoriginallycopiedin,orintroducedinearliercorrespondencesentby,orincluding,theCEOorCFO,whooriginallyrequestedtheprovisionofservices,oranyothersuchsituationindicatingthatonehasbeengivenauthoritybytheCEOorCFOtocontinueprovidinginstructions.
Page 18
| Financial Intelligence Analysis Unit
2.2 PURPOSE AND INTENDED NATURE, AND ESTABLISHING THE CUSTOMER’S BUSINESS AND RISK PROFILE
This section provides further guidance and explanation to assist CSPs to adhere to their obligations under Regulation 7(1)(c)ofthePMLFTR,whicharefurtherexplainedunderSection4.4oftheImplementing Procedures Part I. In terms of Regulation7(1)(c),CSPsarerequiredto:
a) assessand,whereappropriate,obtaininformationand/ordocumentationonthepurposeandintendednatureof the business relationship; and
b) establishtheircustomer’sbusinessandriskprofile.
WhenCSPsarerequestedtoincorporateacompanyorestablishacommercialpartnership,theyaretypicallyapproachedby the prospective shareholders, partners or BOs of that prospective company or commercial partnership, or byIntermediaries.Inadditiontoformationservices,CSPsmayalsoberequestedtoprovideadditionalservicesoncethatcompanyorpartnershipisestablished.Thesecouldincludeprovidingacorrespondenceaddress,secretarialservices,aregisteredofficeoradirectorship/s,amongothers.
Initially, therefore, theCSP’s customerwould typically be the prospective shareholder/s or BO/s of that prospectivecompanyorentity(whomayormaynotberepresentedbyIntermediariesorotherpersons)andtheCSPoughttoidentifyandverify the identityof that individualorentityand, in thecaseofa legalentityorarrangement, itsBO/s,andalsoadheretotheotherobligationsenvisagedbyRegulation7(1)(b)ofthePMLFTR,asfurtherexplainedinSection4.3.2ofthe Implementing Procedures Part I.
CSPs who are requested to provide services, such as a registered office, a correspondence address, directorshiporsecretarialservices toorwithincompaniesorpartnershipswhich theCSP itself incorporatesorwhicharealreadyincorporated,wouldbeestablishingabusinessrelationship(seetheTableunderSection1.3.3–‘TheCustomer’),sincethese services are offered over a span of time and hence denote an element of duration. Accordingly, theseCSPsare required to assess, and, as appropriate, obtain informationon thepurposeand intendednatureof thebusinessrelationship being established.
Informationthatwouldberelevantinthiscontextwouldincludethefollowing:
a) Information on the rationale
TherationaleforthesettingupofthecompanyorpartnershipinMaltaand/orfortheprovisionoftherequestedservice/s.Istherealegitimateandeconomic/businessrationaleforthecompanyorpartnershipbeingsetuporserviced?When,forexample,suchacompanyformspartofalargergroupofcompanies,itisimportantfortheCSPtounderstandthecompany’spurposewithinthelargergroup(e.g.,aconglomeratebusinessinwhichthedifferentbusinessstreamsaresetoutunderdifferentcompanies).Thiswouldalso involvegathering informationonthecommercial/tradingactivitiespursuedbythelargergrouporsub-groupthatownstheMaltesecompany.
Whenthecompanyissetuptoholdsharesinanothercompany,theCSPshouldalsoseektounderstandtherationaleforthatset-up.Thisapproachisimportanttoensurethatmulti-tierand/orcomplexstructuresarenotbeingpurposelysetupto conceal ill-gotten gains and to create obstacles to the tracing of these gains.
Assessingthepurposebehindthesettingupofthecompanyorpartnershipisespeciallyrelevantwhennon-residentsareBOsofcompaniesorpartnershipssetuporbeingsetupinMalta.CSPsshouldalsobeparticularlyvigilantwhentheyassistMalteseresidentstosetupcompaniesorlegalentitiesoutsideMalta,orwhentheyprovideotherservicestothesecompaniesorlegalentities.Whenprovidingthisassistanceortheseservices,eitherdirectlythrough,forexample,thedraftingofincorporationdocuments(e.g.,Memoranda&ArticlesofAssociationorotherconstitutivedocuments),orindirectlythroughliaisingandrepresentingtheclientwithforeignCSPs,theMalteseCSPshouldquestionandunderstandthe rationale behind the setting up of that company or other legal entity outside of Malta;
Page 19
Implementing Procedures | Part II – Company Service Providers
b) Information on the activity or purpose
Informationontheactivityorpurposethatthecompanyorpartnership/swillbecarryingoutorservingwouldinvolveunderstandingthetrading/commercialactivitythatistobecarriedoutbythecompany.Whenthecompanyisnotsetuptocarryoutacommercial/tradingactivitybutrathertoholdassets(e.g.,ashareholdinginanotherentity),itwouldnotsufficetosimplydeterminethepurposeofthatcompany,whichmaybequiteself-evidentfromthenatureofthecompanyitself(i.e.,toholdsharesinasubsidiarycompanyorcompanies).
TheCSPprovidingservicestothatcompanywouldbeexpectedtounderstandandgatherinformationonthetrading/commercial activitycarriedoutdirectlyby theholdingcompany’ssubsidiaryor subsidiaries (where theseare tradingcompanies),orindirectlybysubsidiariesofthesesubsidiariesintheownershipchain.ItisonlybydoingsothattheCSPwouldbeabletogetaholisticunderstandingofwhatpurposeoractivitytheholdingcompanywillbelinkedto;
c) The profile of the shareholders or beneficial owners
TheCSPisexpectedtoassesswhetherthisprofiletallieswiththecompany’sorpartnership’sactivityorpurpose.Dotheseindividualshaveexperienceintheareaofbusinessthatthecompanywillbetradingorinvolvedin?Forexample,inthecaseofacompanythatwillbeprovidingconsultancyservices,doanyofthepartiesinvolvedhavetechnicalexpertiseintheareainrelationtowhichthecompanywillbeprovidingconsultancy?
d) The value of share capital or assets of that company or entity
CSPsareexpectedtoobtaininformationonthevalueofthesharecapitalorassets,and,dependingontheML/FTrisksidentified,obtaindocumentationevidencingthesourceof fundsand/orassets formingthecapitalof thecompanyorpartnership.Thesecheckswouldentailgathering informationon thesourceofwealthof theshareholderorBOwhocontributes to the company’s capital.
Thiswouldbe,forinstance,informationonemploymentorbusinessactivity,includinginformationonsalaryinthecaseofindividualsinemployment,orbusinessincomeincaseofcorporateshareholdersorindividualswhosewealthisderivedfrombusinessorcommercialactivities.PrivatecompaniesinMaltacanbeincorporatedwithaminimumsharecapitalof €1,164.69. In these cases,CSPsare not expected toobtain extensive informationor to obtaindocumentation tosubstantiatethesourceofthatminimumsharecapital,anditwouldsufficefortheCSPtosimplyidentifytheemploymentorbusinessactivityoftheshareholder/BOcontributingtothatsharecapital.
CSPsshould,however,seektoestablishhowthecompanywillcontinuetobefinanced, includingwhetheranyothercapital injectionsareprojectedoncethecompany is incorporated.Together, thesemeasureswouldallowtheCSPtoplacemorefocusoneffectivemonitoringofthecompany’sactivitiesonceitstartstooperate.
e) Ongoing monitoring of transactions
CSPswhoprovidedirectorshipservicesoractaspartnersincommercialpartnerships,andwhowouldbeempoweredtolegallyrepresentandbindthecompanyorentity,areexpectedtocarryoutongoingmonitoringofthetransactionsthattheentityundertakes,as isexplainedunderSection2.3of thisdocument.Whenprovidingtheseservices,CSPsshouldobtaininformationontheanticipatedleveloftheactivitythatistobeundertakenthroughtherelationship(e.g.,expectedvolumeoftransactionalactivity,projectedturnover,proposedsuppliersandcustomers)inordertounderstandtheeventualsourceoffundsflowingthroughthecompany.
This information is necessary for the CSP to be able to formulate an understanding of the typical transactional activity thatisexpectedfromthatentity.Thisunderstandingiscrucialtoenableittocarryouteffectiveongoingmonitoringofthecompanies’ or entities’ activities and transactions.
Naturally,theextentofthescrutinyaswellasinformationanddocumentationtobegatheredwillvaryaccordingtotheML/FTrisksconnectedwiththatparticularbusinessrelationship.
Page 20
| Financial Intelligence Analysis Unit
2.3 COMPLYING WITH REGULATION 7(1)(C) WHEN PROVIDING COMPANY FORMATION SERVICES
WhentheCSPwouldbeprovidingsolelycompanyformationservices,withoutanyadditionalcompanyservices,theCSPwouldbecarryingoutanoccasionaltransactionandnotestablishingabusinessrelationship,sincetheCSP’sserviceswillendwiththesettingupofthecompany.
Thisnotwithstanding,CSPsarestill expected tounderstandand,asappropriate,obtain informationon the intendedpurpose of the company or other legal entity being set up. CSPs are expected to ensure that their services are not misused for the setting up of a company or entity intended to facilitate the laundering of proceeds of crime or the financingofterrorism.Thisnotonlyexposesthemtoreputationalrisksandtheriskofbeinginvolvedincriminalacts,butunderminesthereputabilityofMaltaanditsfinancialandbusinesssectors.
CSPsshould,therefore,carryouttheassessmentandobtaintheinformationthatisenvisagedunderparagraphs(a)to(c)abovesincethisistheonlywayinwhichtheriskofbeinginvolvedinanML/FTsetupcouldbemitigated.Asexplainedearlier,whenprivatecompaniesareincorporatedwithlowvaluesharecapital,theduediligencetobecarriedoutwithrespect to thesourceof the fundsof thatcapitalwouldbesimplified,andCSPsshouldseektounderstandhowthecompanywillcontinuetobefinancedandwhetheranyothercapitalinjectionsareprojected.
CSPswhowouldonlybeformingthecompany,andprovidingnoadditionalservicesthatwillleadtotheestablishmentofabusinessrelationship,wouldnotberequiredtomonitorthecompany’sactivitiesonceitstartstooperate.Apartfromgatheringinformationontheemploymentorbusinessactivityoftheshareholder/BOasexplainedabove,itisimportantfortheseCSPstocarryoutopensourcechecksontheindividualsinvolvedinthecompanyorpartnership(i.e.,directors,partners,shareholdersandBOs)ormakeuseofcommercialdatabasestoascertainthatthereisnoadverseinformationthat might link these individuals to criminal activities or participation in criminal organisations.
2.4 ONGOING MONITORING OF BUSINESS RELATIONSHIPS
Effectiveongoingmonitoring isvital tounderstandcustomers’activitiesand isan integralpartofeffectiveAML/CFTsystemsandcontrols. IthelpsCSPs toupdate theirknowledgeof theircustomersanddetectunusualorsuspicioustransactions/activities.OngoingmonitoringintermsofRegulation7(1)(d)ofthePMLFTRiscomposedoftwoaspects:
a) the scrutiny of transactions or activities being undertaken by the CSP’s corporate customers to ensure that these transactionsare in linewith theCSP’sknowledgeandunderstandingof thatcorporatecustomer, inparticular its business and operations; and
b) ensuringthatthedata,documentsandinformationobtainedaspartoftheCDDprocess(i.e.,identificationandverificationinformation,aswellasinformationgatheredonthepurposeandintendednatureofthebusinessrelationshipandthecustomer’sbusinessandriskprofile)arekeptuptodate.
2.4.1 Scrutiny of Transactions
Thepurposeofthefirstaspectofongoingmonitoring(i.e.,monitoringofactivitiesand,insomeinstances,thetransactionsbeingundertaken)enablestheCSPto:
• identify transactionsand/oractivities thatarenot inkeepingwith thecorporatecustomer’soperationsandbusiness for further examination and scrutiny by the CSP;
• generateinternalreportsonunusual/dubioustransactionsoractivitiestobereviewedbytheCSP’sMLRO;and
• ensurethatsuspicionsofML/FTorproceedsofcrimearereportedtotheFIAUinatimelymanner,asrequiredbylaw.
Page 21
Implementing Procedures | Part II – Company Service Providers
Forthepurposeofidentifyingunusualcustomertransactionsoractivities,CSPsshouldtakeintoconsiderationanumberofaspects,including:
a) thenatureandtypeofindividualtransactionsoraseriesoftransactions(i.e.,thepurposeofthetransaction/s–e.g.,atransactionlinkedtoasaleofgoods),andthemannerinwhichthetransactionisconducted(e.g.,banktransferorcashpayment);
b) thevalueofthetransactions,payingspecialattentiontoparticularlysubstantialtransactions;
c) unusual changes or increases in a customer’s activities or turnover;
d) unusual changes in the nature of a customer’s transactions or activities;
e) thedetectionofcertainML/FTtypologies;
f) thegeographicalorigin/destinationofapayment;and
g) the customer’s usual pattern of activities or turnover.
The nature and extent of ongoing monitoring is dependent on the risk posed by the particular business relationship. ReferenceshouldbemadetoSection2.4.1ofthisdocument,whichprovidesguidanceontheapplicationofongoingmonitoringobligationsdependantonthetypeofcompanyservicethataCSPwouldbeoffering.
As isexplainedunderSection2.4.1,notallcompanyservices thatareofferedwillgiveCSPsaccess to informationoncompanytransactions,andthusnotallCSPsarerequiredtocarryoutongoingmonitoringoftransactions.
2.4.2 Keeping CDD data, information and documentation up to date
Throughthesecondaspectofongoingmonitoring,thatisensuringthatdata,informationanddocumentationobtainedaspartoftheCDDprocessarekeptuptodate,theCSPistokeeptheknowledgeabouthiscustomer(e.g.,involvedpartiesandstructure)andthecustomer’sbusinessandriskprofileuptodateandcurrent.
As explained in further detail underSection 4.5.3 of the Implementing Procedures Part I, there are differentways andmethodsCDDdata,informationanddocumentationshouldbekeptuptodate.Reviewsmay,forexample,becarriedoutatregularintervalsorelseontheoccurrenceofaparticulartriggerevent,orboth,dependingonthecircumstances.
TheCSPshoulddeterminethemoresuitableapproachtoensurethatcustomerinformationiskeptuptodate,withthatapproachtakingintoconsideration,andbeingproportionateto,thelevelofriskposedbythatparticularbusinessrelationship.Inanycase,CSPsshouldensurethatCDDdata,informationanddocumentationforhigh-riskbusinessrelationshipsarereviewedatleastonce every year.
ThelistbelowincludesexamplesoftriggereventsthatshouldprompttheCSPtoreviewandassesswhetherCDDobtainedneeds to be updated:
• changesininvolvedpartiesofaparticularcorporatecustomer(e.g.,changeinshareholdersorBOs);
• the monitoring and assessment of transactions undertaken by the corporate customer may indicate a change in,ortheventuringintonew,businessoperations/activitiesofthecorporatecustomer.InthesecasestheCSP
Page 22
| Financial Intelligence Analysis Unit
wouldberequiredtoupdatetheCDDrecordsbyobtaininginformationand/ordocumentationtounderstandthecorporatecustomer’snewbusinessoperationsoractivities;
• thecustomerrequeststhesettingupofnewcorporatestructures;
• thecustomerrequestsservicesthatposeahigherrisk;
• unexplainablefrequentchangesinthenameofthecompany;and/or
• thefilingofanSTRtotheFIAU,whichshouldleadtheCSPtoassesswhetherCDDinformationistobeupdated.
2.4.3 General Principles applicable to ongoing monitoring
ItiscrucialforproperongoingmonitoringtobecarriedoutthattheCSP’sclient-facingmembersofstaff(inthecaseoffirms),aswellascomplianceofficersorotherstaffmemberstaskedwithmonitoringbusinessrelationships,areequippedwiththenecessaryknowledgeandexpertisetoidentifyandflagdubiousorsuspicioustransactionsoractivities,ortriggereventsthatshouldpromptareviewofbusinessrelationships.
CSPsarethusrequiredtoensurethatthey,aswellasseniormanagementandallrelevantmembersofstaff(inthecaseoffirms),receivetrainingonML/FTtrends,methodsandrisksrelevanttotheservicesprovidedbytheCSP.InternationalbodiessuchastheFATF,MONEYVAL,EUROPOL,aswellasthereportsanddocumentspublishedbytheFIAUfromtimetotime,provideinformationonthelatestML/FTtrendsandrisks,includingonthemisuseofcompaniesandotherlegalentities.Apart fromattendingand receiving training,CSPsshouldalsokeep themselves informedaboutML/FT
risks and trends relevant to their business by referring to these publications. CSPs are to refer to Section 7 of the FIAU’s Implementing Procedures Part Ionawarenessand training.
In the case of CSPs that are firms or entities, trainingshouldalsoreflectthespecifictasksthatarehandledbystaffmembers.Forexample,compliancestaffmemberswho are responsible for carrying out transactionmonitoring,shouldbeprovidedwithdetailedandregulartraining to enable them to detect suspicious transactions andbehaviours,andML/FTtrendsastheseevolveovertime. This likewise applies to client-facingmembers ofstaff whose role it is to flag anomalous or suspiciousbehaviourthatistobereviewedbythecomplianceteam.
Similarly, staff members responsible for draftingconstitutive documents or company contracts should receivemoreregularandfocusedtraining,asopposedtostaffmemberswhoareresponsibleforthefillingupandsubmissionof statutory forms. In viewof thenatureoftheirwork,theformertypeofstaffmemberswouldhaveabetteroverviewof thecorporatecustomer’sdealingsand activities, which would therefore enable them toidentify anomalous activities or transactions.
Moreover, and especially for high risk customers,CSPfirmsandentitiesshouldadoptadequateproceduresand
Page 23
Implementing Procedures | Part II – Company Service Providers
mechanismsofinformation-sharingtoensurethatrelevantstaff(e.g.,theMLRO,designatedemployees,front-linestaff,relationshipmanagersandcompliancestaff)areprovidedwithtimelyinformationaboutclientrelationships,suchastheresultofEDDorotheradditionalmeasuresundertaken,anyinformationaboutanyconnectedaccountsorrelationships,andaboutanysuspiciousordubiousbehavioursoractivitiesidentified.
ItisalsoimportantthatCSPsreviewthemonitoringmethodologiesandprocessesadoptedonaregularbasistoensurethey remain adequate sinceML/FT risks andML/FT trends and practices change.Moreover, the results of ongoingmonitoringprocessesshouldalwaysbedocumented,andrecordsmaintained.
2.4.4 Risk-based approach to ongoing monitoring
The extent of monitoring should be commensurate with the particular customer’s risk profile, which risk profile isestablished through the customer risk assessment. For effective monitoring, resources should be targeted towardsbusinessrelationshipspresentingahigherriskofML/FT.
Someservices(suchascompanyformation)maybeprovidedonlyonaone-offbasis,withoutacontinuingrelationshipwith the customer, in which case no ongoing monitoring obligations would apply. Moreover, the CSP’s access todocumentationandinformationaboutthecustomer,his/heroperationsandbusinessactivitieswillvarydependingonwhattypeofcompanyservicethatCSPwouldbeoffering.
Bywayofexample,aCSPofferingonly registeredofficeserviceswouldnothaveaccess to,or visibilityof, specifictransactions or contracts being undertaken by the customer, or of bank records, to enable theCSP tomonitor thetransactionsbeingundertaken.Ontheotherhand,CSPsofferingdirectorshipservicesandbeingvestedwiththelegalrepresentationofthecompanywouldhavevisibilityofcontractsortransactionsthataretobeexecutedbythecorporatecustomer,enablingthemtoconductappropriateongoingtransactionmonitoring.
The company services provided by CSPs enable them to gain access to information and documents relative to the customer,toenablethemtoconductongoingmonitoringandtoidentifysuspiciousactivitiesortransactionscarriedoutusingcompaniesorcommercialpartnerships.Forexample,theirdirectknowledgeof,andaccessto,therecordsandmanagementaccountsofthesestructures,aswellasthroughcloseworkingrelationshipswithtrustees,settlors,managersandBOsinvolvedincorporatecustomers,mayhelpCSPstomonitorthecustomer’sactivitiesinanappropriatemanner.The continued administration andmanagement of companies and commercial partnerships (e.g., account reporting,assetdisbursementsandcorporatefilings)wouldalsoenabletherelevantCSPstodevelopabetterunderstandingoftheir customers’ ongoing activities.
ThelistbelowidentifiesthetypeofongoingmonitoringthatCSPsareexpectedtoundertakedependingontheparticularCSPactivitiestheyprovide.Thelistalsoprovidesexamplesofspecificmonitoringmeasuresthatmaybeundertaken.TheCSPshoulddeterminewhichmeasures to implementbasedon theML/FTriskposedby theparticularbusinessrelationship.
a) AllCSP services (except company formationwhenprovided as one-off services) –CSPs are expected tohave processes in place to monitor and keep CDD documentation up to date. This is intended to ensure that identificationdataanddocumentation(e.g.,thecorporatecustomer’sdetails,suchasitsname,informationonitsstructureandinvolvedparties,suchasbeneficialownershipinformation)andinformationonthecustomer’sbusinessoperationsoractivities (determined through thegatheringof informationand/ordocumentation–refertoSection2.4ofthisdocument),isreviewedtoensurethatitisstillrelevantanduptodate.
Page 24
| Financial Intelligence Analysis Unit
Thiscouldbeachievedthroughmeasuressuchasthefollowing:
i) reviewingfinancialstatementstoevaluatewhetherthecustomeractivitydisclosedattheoutsetremainsunchanged;
ii) reviewingcorporatefilingsthatmaybeprocessedbytheCSPoraccessedthroughcompanyregisters.These may shed light on changes in the customer’s structure or involved parties;
iii) carryingoutmediasearchesonanongoingbasistobeawareofanyadverseorrelevantinformationonthecorporatecustomerandinvolvedparties(suchasshareholdersandBOs),withthefrequencyofthesechecksbeingdependentonthecustomerriskclassification;
iv) makinguseofcommercialdatabasestoscreen,onanongoingbasis,thecorporatecustomerandinvolvedparties; and
v) requestinginformationaboutanychangesfromthecustomeritself.
b) Registeredofficeandholdmail services – noongoingmonitoringof transactions is expectedwhen theseservicesareprovided.Intheseinstances,CSPsareexpectedtocarryoutongoingmonitoringofCDDdata,informationanddocumentsasexplainedunderparagraph(a).Whenprovidingregisteredofficeorholdmailservices,CSPsshouldalsomonitorthecorrespondencebeingreceivedtoensurethatthisisinline,andtallies,withtheCSP’sunderstandingoftheactivitiesbeingcarriedoutbythecorporatecustomer;
c) Directorship services–CSPsofferingdirectorshipservicesandwhowouldbevestedwiththelegalandjudicialrepresentationofthecorporatecustomer,orareotherwiseempoweredtobindthecorporatecustomer,areexpectedtocarryoutbothtypesofongoingmonitoring,i.e.,monitoringoftransactionsandmonitoringandupdatingofCDDdata, informationanddocumentation. In thesecases theCSP’s visibilityofpaymentsortransactionsundertakenbythecorporatecustomerwilldependonanumberoffactors,suchas:
i) whether, asdirector, onewouldhave the legal representation (soleor joint) of the corporate customer,or whether this may be exercised by others without that director’s involvement, for example if legalrepresentation is vested in any one of the directors acting individually; or
ii) whether,asdirector,onewouldhavesignatory rights (soleor joint)on thecompany’sbankorpaymentaccount.
Thelevelofaccessibilityto,andvisibilityof,transactionsandpaymentsundertakenbythecorporatecustomerwill ultimately determine the type of ongoingmonitoring of the company’s transactions and activities thattheCSPmaycarryout.Directorswhoare legal representativesof thecorporateentity (solelyor jointly)orare granted representation powers (e.g., through a Power of Attorney or Directors’ Resolutions) and areresponsibleforapprovingpaymentsorundertakingtransactions(e.g.,signingcontracts)wouldhavevisibilityof all prospective transactions to be undertaken by the corporate customer.
In these cases CSPs are expected to monitor transactions or payments prior to their execution (pre-transaction monitoring) to ensure that they are in line with the corporate customers’ expected business activities.Furthermore, the CSP should request supporting documents and information when this is not clear andnecessitatesfurtherscrutinytoascertainthepurposeandnatureofthetransactionorpaymentand,whereappropriate,thesourceoffunds.
Page 25
Implementing Procedures | Part II – Company Service Providers
CSPsmayactasdirectorsinacompanywhenthelegalrepresentationorotherpowerstobindthecorporatecustomerarevested indifferentdirectorsacting individually. Insuchascenario, the legalrepresentationorbindingpowersmaybeexercisedbyotherdirectorsorindividualswithoutthatCSP’sinvolvement,andthustheCSPactingasdirectorwouldnotbeabletocarryoutpre-transactionmonitoringatalltimes.
Inthesecases,CSPsshouldadoptpost-transactionmonitoring,wherebytheyperiodicallyrequestinformationontransactions,contractsorpaymentsundertakenbythecorporateclienttodeterminewhethertheseareinkeepingwiththecorporateentity’sknownactivity.CSPsofferingdirectorshipservicesshouldalsoensurethatdiscussionsanddecisionsatboardlevelareminuted,andthattheyareinlinewiththecustomer’sexpectedactivities.
WhenCSPsprovidedirectorshipservices,butarenotvestedwiththecustomer’slegalorjudicialrepresentationoranyotherpowertobindthecorporatecustomer, theymightnotalwayshaveaccessto informationanddocumentsontransactions,contractsandpayments.Nevertheless, theyarestillexpectedtocarryout thechecksenvisagedunderparagraph(a)tomonitorthattheCDDdata,informationanddocumentation,includingtheinformationobtainedonthecorporatecustomer’sactivities,remainrelevantanduptodate.
Thisinformationanddocumentationistobescrutinisedand,whendoubtsorconcernsariseonanyparticularactivity or transactions, CSPs are to question and request further information and/or documentation tounderstandtherationaleandpurposeofthetransactionsortheactivityinquestion.CSPsprovidingdirectorshipserviceswouldalsohaveaccesstodiscussionsandminutesoftheboardofdirectors’meetings,andhenceshouldalsouse this informationandpowerof representation toobtain informationon, and scrutinise, thecompany’sactivitytoensurethatitremainsinlinewiththecorporatecustomer’sexpectedlineofactivityandpurpose.
d) Company secretarial services–inadditiontotheongoingmonitoringobligationscontemplatedunderparagraph(a), CSPs offering company secretarial services should ensure that discussions at board level (which, ascompanysecretary,theyarenecessarilyprivyto)areinlinewiththeunderstandingofthecustomer’sbusinessactivities.CSPsofferingtheseservicesarenotexpectedtocarryoutongoingmonitoringoftransactions;
e) Company incorporation–wheretheonlyservicebeingprovidedbyaCSPtoacustomerisacompanyformationservice,noongoingmonitoringobligationsapplysincethisisconsideredasan‘occasionaltransaction’.
In addition to the above checks,which are led by theCSP, itmay bewise for theCSP to hold the customer itselfresponsibleforinformingtheCSPofanychangesinconnectionwiththecustomerandtheownershipstructurethatarerelevantforthepurposeoffulfillingtheCSP’songoingmonitoringobligations.ThisisespeciallyhelpfulwithrespecttocompanyservicesinrelationtowhichtheCSPdoesnotneedtomeetthecustomeronaregularbasisordoesnothaveongoingvisibilityofthecustomer’sbusinessactivities(forexample,theprovisionofregisteredofficeservices).
Thisundertakingcanbeobtainedinthecontractualagreementorletterofengagement,orshouldotherwisebeagreedonbythecustomerinwriting.AlthoughthisprovidesanadditionalsafeguardtotheCSP,itdoesnotinanywayexoneratetheCSPfromitsongoingmonitoringobligationsintermsofthePMLFTRandasexplainedinthisdocument.Inotherwords,theCSPwillalwaysbeheldresponsibleforcarryingoutthenecessaryongoingmonitoring.Thisresponsibilitymaynotbe shifted.
TheFIAUacknowledges thatCSPsprovideancillary services,whicharenotconsideredcompanyservices.Servicessuchasthemanagementofcustomers’funds,accountsorotherassets,oranon-directoractingasasignatoryonabankaccount,maystillexposeCSPstoanelementofAML/CFTrisk,whichtheymaywishtomitigatethroughcarryingout certainmeasures.Goodpractice in this regard includes havingmeasures in place tomonitor and scrutinise thetransactionsbeingundertakenthroughtheclients’accounts,tounderstandtheirnatureandpurpose,andensurethattheyareinlinewiththecustomer’businessactivitiesandtheexpecteduseoftheclients’account.
Page 26
| Financial Intelligence Analysis Unit
CSPsmaywanttorequestadditionalinformationandsupportingdocumentationwhenthepurposeandnatureoftheseservicesortransactionsarenotclearorarenot in linewiththecustomer’sknownactivitiesandtheperceiveduseofthe clients’ accounts. CSPs should avoid relying exclusively on the customers’ declarations in higher risk scenarios. Moreover,CSPsaretobearinmindthatclients’accountsaremeanttoholdfundsorprocesstransactionsrelatedtootherongoing services being provided by the CSP to the customer and that clients’ accounts are not meant to be operated as regularbankaccounts–whichtheyarenot.
2.4.5 Complex and unusual types of transactions
When transactionsarecomplex,unusually large inamountorconducted inanunusualpattern,orhavenoapparenteconomic or lawful purpose,CSPs are expected to examine the background and purpose of those transactions asrequiredbyRegulation11(9)ofthePMLFTRandSection4.5.1(a)oftheImplementing Procedures Part I. Those transactions shouldincludetransactionsbetweentheCSPanditscustomer,aswellastheunderlyingtransactionsbetweentheCSP’scustomeranditsowncustomers,whereapplicable.
Thisobligation isonlyapplicabletothosethatofferCSPservicesthatrequirethecarryingoutofongoingmonitoringof transactions,asexplained inthissection.Thepurposeof theseexaminations is thatofdeterminingwhether thesecomplexor unusual transactionsgive rise to suspicionsofMLor FT,which shouldbe reported to theFIAU, and todeterminewhetherthecontinuationofservicesisappropriate.
ThefindingsandoutcomesoftheseexaminationsshouldbeproperlydocumentedinwritingandbeavailableforinspectionbytheFIAU.ProperrecordsofthedecisionstakenandthereasonsforthedecisionswillhelpaCSPdemonstratethatthemannerinwhichithandlesunusualorsuspiciousactivitiesisappropriate.
Ongoingmonitoringofthebusinessrelationshipshouldbecarriedoutonarisk-sensitivebasis.Thismeansthat:
a) theregularityof transaction/activityscrutinyorCDDreviewsshouldbeproportionate to therisksofML/FTidentified,thoughstillinlinewithspecificrequirementsonthetypeandtimelinessofongoingmonitoringthatisprovidedforinthisdocument;and,moreover
b) theextentofinformationordocumentationbeingrequestedtounderstandthesourceoffundsforparticulartransactions,thepurposeofcertaintransactionsoranychangesinthecustomer’sactivityorbusinessshouldalsobeproportionatetotheML/FTrisksbeingposedbythatcustomer.
ReferenceshouldbemadetoSection4.5.3oftheImplementingProceduresPartIforfurtherguidance.
2.5 TIMING OF DUE DILIGENCE PROCEDURES
IndeterminingtheappropriatetimetocommenceCDDprocedures,CSPsshouldbeprimarilyguidedbytheintroductoryparagraphsofSection4.6.1oftheImplementingProceduresPartI.CSPsarenotexpectedtoinitiateCDDproceduresonanenquirybeingmadebyaprospectivecustomer.Whentheseenquiriesaresimplypreliminary,itwouldbeprematuretocommenceCDDprocedures.Asageneralrule,theCSPisexpectedtoinitiateCDDprocedureswhenthecustomertakes active steps to seek the services of the CSP. CDD measures are then to be completed prior to the setting up of the business relationship or the carrying out of an occasional transaction.
Regulation8(1)ofthePMLFTRrequiresCSPstocompleteverificationprocedurespriortotheestablishmentofabusinessrelationship or the carrying out of an occasional transaction. This notwithstanding, CSPsmay complete verificationproceduresandcarryoutotherCDDmeasuresduringtheestablishmentofthisbusinessrelationship,orthecarryingout
Page 27
Implementing Procedures | Part II – Company Service Providers
ofanoccasionaltransaction,aslongasitisdemonstratedthattheriskofML/FTwithinthatinitialphaseofestablishmentof thebusinessrelationship,or theconductingof theoccasional transaction,anduntilCDDiscompleted, is lowandremainslow.
Completion of CDD – Company Formation
WhereaCSPhasbeenengagedtoincorporateacompany,theCSPneednotobtainallthenecessaryCDDinformation in relation to the company formation on the signature of the letter of engagement. The CSP may commencedraftingtheMemorandum&ArticlesofAssociationandmayaccepttheinitialsharecapital(whenthevalueoftheinitialsharecapitalislowinvalue)priortoreceivingthedocumentationtoverifytheidentityandotherinformationobtainedontheprospectivecompany,shareholdersandBOs.
Itis,however,expectedthat,atthisstage,theCSPwouldhaveobtainedthenecessaryidentificationinformationoftheprospectivecompany’sinvolvedpartiesandBOs,aswellasinformationabouttheprospectivecompany’sstructureandplannedactivities.TheCSPisthenexpectedtoensurethatallthenecessaryidentificationandother documentation to complete the CDD process is obtained prior to the actual incorporation of the company.
Ifthecustomerisnotforthcomingwithdocuments,andCDDmeasuresarenotcompletedwithinareasonableperiodof timeasdeterminedby theCSP in itsproceduresmanualandprior to the incorporationof thecompany, theCSPshouldreturnanyfundsreceivedfromthiscustomertotheirorigin,inlinewiththerequirementsofRegulation8(6)ofthePMLFTR,anddesistfromcarryingoutthecompanyformation,andalsoconsiderwhethertosubmitanSTR.
Itisalsotobenotedthatthedelayincarryingoutverificationproceduresmaynotalwaysbepossible,notwithstandingthelowriskofML/FTwithintheinitialperiodofsettinguptherelationshiporcarryingouttheoccasionaltransaction.Bywayofexample,followingtheintroductionoftheBeneficialOwnershipRegisterandtherequirementtoprovidetheMaltaBusinessRegistrywithdetailsoftheBO(s)/seniormanagingofficial(s)priortothecompanybeingincorporated,alltherequiredduediligencedocumentationmustbeinvariablyobtainedandverifiedpriortosubmittingthenecessaryforms.
2.6 TERMINATION OF BUSINESS RELATIONSHIPS FOR THE PURPOSES OF AML/CFT OBLIGATIONS
Incertaincases,therelationshipwiththecustomercannotbeofficiallyterminated.Forexample,CSPsprovidingregisteredofficeservices,whowishtoceasetheprovisionofthisservicetoacorporatecustomer,wouldnotbeabletodosowhencontactwiththecustomerislostorthecustomerbecomesunresponsiveandtheCSPcannotobtaininformationonanewregisteredofficetobenotifiedtotheMBR.
In thesecases,onlyonce theCSPhasexhaustedallpossiblemeans tocontact thecustomerandhasdocumentedtheactionstakentodoso,theterminationdateofthebusinessrelationshipforthepurposesofthePMLFTRwouldbeconsideredtobethedatewhentheCSPwouldhaveinformedtheMBRthatithaslostcontactwiththecustomerandisnotwillingtocontinueprovidingregisteredofficeservicestothatcustomeranylonger.
Thebusinessrelationshipwouldbeconsideredterminatedasofthatdate,notwithstandingthattheCSP’saddresswouldstillappearasthecorporateclient’sofficialregisteredofficeattheMBR.TerminationassetoutinthissectionistobeunderstoodasterminationofthebusinessrelationshipforAML/CFTpurposesonly;thatis,forthepurposesofongoingmonitoringandtherequirementofrecordkeeping.
Page 28
| Financial Intelligence Analysis Unit
2.7 SANCTIONS SCREENING
CSPsareremindedthattheyarealsosubjecttosanctionsscreening,freezingofassetsandthereportingobligationsenvisaged under the NationalInterest(EnablingPowers)Act,Cap365.Inthisregard,CSPsareencouragedtocontinuouslykeepuptodatewithanysanctionsthatmaybeimposedandwithanyguidance,notices,decisions,recommendationsor rulings that may be issued by the SanctionsMonitoringBoard(‘SMB’). The SMB is the national competent authority responsibleformonitoringtheimplementationof,andensuringcompliancewith,targetedfinancialsanctions.
TheFIAUandtheSMBhavesignedaMemorandumofUnderstandingwherebytheFIAUactsasanagentoftheSMBandassiststheSMBbymonitoringcompliancewiththeobligationsemanatingfromtheNationalInterest(EnablingPowers)Actinrelationtotargetedfinancialsanctionsrelatedtoterrorism,terrorismfinancingandproliferationfinancing.TheFIAUisobligedtoreportitsfindingsonanysubjectpersontotheSMBforanysubsequentenforcementactionasenvisagedundertheNationalInterest(EnablingPowers)Act.
AllCSPsareexpectedtosubscribetothesanctionslist,whichisconstantlyupdatedbytheSMB,[email protected](oranyotherprocedurethatmaybeinitiatedbytheSMB),andtoscreentheirclientsagainstthislistonaregularbasis,oralternativelyhavesoftwarewhichperformsthatfunctiononanautomatedbasis.
Ofparticularimportancetosubjectpersons,includingCSPs,istheGuidanceNoteontheapplicationofArticle17(6)(a),(b)and(c)oftheNationalInterest(EnablingPowers)Act2,whichsetsouttheexpectationsoftheSMBvis-à-visCSPs’internal controls and procedures around sanctions.
2 https://foreignandeu.gov.mt/en/Government/SMB/Documents/Guidance%20Notes/Guidance%20Note%20on%20the%20Application%20of%20Article%2017%20(Systems%20in%20Place).pdf
Page 30
| Financial Intelligence Analysis Unit
Annex 1: Explanatory ScenariosID&VandScrutinyofthePurposeandIntendedNatureof Business Relationships WhenassistingwiththesettingupofcompaniesinMalta,orprovidingadditionalcompanyservicesthereto,theCSPmust,apart from identifyingandverifying the identityof thatcompanyandother involvedparties (assetoutbelow),undertakemeasurestounderstandtherationalefortheestablishmentofsuchacompanyinMalta,andthepurposeswhichthatcompanywouldbepursuing,amongothermeasuresthatareoutlinedinSection2.2ofthisdocument.
This Annex is intended to provide guidance to CSPs on the checks that they are expected to carry out at the point of establishing a business relationship. This Annex should not be interpreted as an exhaustive checklist of CDD measures thataretobeundertakenatonboardingstagebutratheranindicationofpossibleCDDmeasures.Ultimately,CSPsmustensurethattheyundertakeeffectiveandrisk-basedCDDmeasuresaton-boardingstagethatenablethemto:
i) knowwhotheyaredealingwithandtoidentifyanyadverseinformationthatinvolvedpartiesmaybesubjecttoandwhichmaybeindicativeofML/FTrisks;
ii) understand the purpose that the company being set up or servicedwill serve and ensure that there is acommercial rationale for such a set-up and purpose, and also understand the commercial activities ofconnectedcompanies(e.g.,alargergroupowningtheMaltesecompanyand/orsubsidiariesoftheMaltesecompany);
iii) haveanunderstandingofprospectivetransactionsthatwillflowthroughthecompanywhenCSPsarerequiredtomonitor company transactions (seeSection 2.4.1 –Risk-BasedApproach toOngoingMonitoring). ThiswouldenabletheCSPtoeffectivelymonitorthecompanyoncethisbecomesoperational.
This Annex is not intended to provide guidance on ongoing monitoring checks that are to be carried out. For guidance on ongoingmonitoringobligations,referenceshouldbemadetoSection2.4ofthisdocument.
Page 31
Implementing Procedures | Part II – Company Service Providers
Scenario 1
TheCustomerisaFrenchholdingcompany,partofalargegroupinvolvedinprinting.ItwantstosetupacompanyinMalta tohandle its telemarketingandplanstohavepremisesandemployees inMalta.TheCSP isalsorequestedtoprovidedirectorshipserviceswiththepowertorepresentandbindthecompany.
Identification and Verification Requirements
• Obtain the Group’s organisational chart to understand the operational/specific sub-group with which theMaltesecompanywillbeinvolved.
• IdentifyandverifytheFrenchholdingcompany(whichisthecustomerrequestingthecompanyformationinMalta).ID&VinformationontheMaltesecompanywouldbeavailableandcollectedsincetheCSPwouldbeincorporating it. (SeeSection4.3.2.1oftheImplementingProceduresPart I for further informationonID&Vrequirementsinrelationtoprivatecompanies.)
• Identify and verify theBOsof the FrenchHoldingCompany and theMaltese companybeing set up (SeeSection4.3.2.1Paragraph(v)oftheImplementingProceduresPartI).
• Carryoutbackgroundsearches,usingopensourceinformationorcommercialdatabases,ontheGroupandontheFrenchHoldingCompany,aswellastheinvolvedparties(i.e.,directors,shareholdersandBOs),whichareandwillbeinvolvedintheFrenchHoldingCompanyandtheMaltesecompany,tobeawareofanypotentialadverse information.
Understanding the Purpose and Intended Nature of the Business Relationship
• Group’sActivity:obtaininformationand/ordocumentstoshowthatthegroupisindeedinvolvedinprinting.TheGroupfinancialstatementsoropensourcesearchesmayachievethispurpose.
• Activity of the Malta company: obtain information in writing from the customer (via email or through thecompilationofaclientapplicationform)thatitwillbeinvolvedintelemarketing,andverifythisinformationbyreferringtotheobjectsclause(aslongasthisissufficientlyindicativeofthecompany’sspecificactivity)oftheMaltesecompanyand/orbusinessplans(wheretheseareavailable).
• Understand the commercial rationale for the setting up of a Maltese company by a non-resident customer. Use ownjudgmentandexpertisetoevaluatethisrationaleand,ifnecessary,takingintoaccounttheML/FTriskinvolved.Obtaininformation/documentationtoassistinthatevaluation,suchasanexpertopinion.
• SourceofWealth:UnderstandhowtheMaltesecompanywillbefinancedinitsinitialstages,andascertainthatanyfunding, loansor loanguaranteesarederivedand/or linkedtotheGroup.Bevigilantandcautiouswhenfinancingwouldbederivedfromapparentlyunrelatedthirdparties,andunderstandtherationaleandconnectiontotheGroup.ObtaintheconsolidatedfinancialstatementsoftheGroup,wherethisisnecessarytosubstantiateanyinitialfunding,andthecommercialrationaleforsettinguptheMaltesecompany.
• Giventhat, inthiscase,theMaltesecompanywillbecarryingatradingactivity(i.e.,telemarketing)andtheCSPwillbeofferingdirectorshipserviceswiththepowertorepresentandbindthecompany,theCSPshouldalsogatherinformationontheexactactivitiesthatwillbecarriedout,suchasanypotentialcontractingparties(whentheseareknownattheoutset)andexpectedtransactionalactivity.ThiswillenabletheCSPtocarryouteffectiveongoingmonitoringoftransactionsoncethecompanybecomesoperational.
Page 32
| Financial Intelligence Analysis Unit
Scenario 2
TheCustomerisaUnitedStates(US)holdingcompany,partofalargegroupinvolvedinsteelmanufacturing.ItwantstosetupaholdingcompanyinMalta,whichwillinturnhaveaMaltasubsidiary,whichinturnwillownacompanythatholdsthegroup’strademark.TheCSPistosetupthecompanyinMaltaandalsoprovideregisteredofficeservices.
ID&V Requirements
• ObtaintheGroup’sorganisationalcharttounderstandtheoperational/specificsub-groupwithwhichtheMaltacompanieswillbeinvolved.
• ID&VoftheUSholdingcompany(whichisthecustomerrequestingthecompanyformationsinMalta)andID&VinformationontheMaltesecompanieswouldbeavailableandcollectedsincetheCSPwouldbeincorporatingthem.SeeSection4.3.2.1oftheImplementingProceduresPartIforfurtherinformationonID&Vrequirementsin relation to private companies.
• ID&V theBOsof theUSHoldingCompanyand theMaltesecompaniesbeingsetup (SeeSection4.3.2.1Paragraph(v)oftheImplementingProceduresPartI).
• CarryoutbackgroundsearchesusingopensourceinformationorcommercialdatabasesontheGroupandUSHoldingCompany,aswellastheinvolvedparties(i.e.,directors,shareholdersandBOs)thatareandwillbeinvolvedintheUSHoldingCompanyandMaltesecompanies,tobeawareofanypotentialadverseinformation.
Understanding the Purpose and Intended Nature of the Business Relationship
• Group’sActivity:Obtaindocuments toshow that thegroup is indeed involved insteelmanufacturing.TheGroupfinancialstatementsoropensourcesearchesmayachievethispurpose.
• MalteseCompanies’Activities:Obtaininformationinwritingfromthecustomer(evenbyemailorthroughaclientapplicationform)indicatingthatthecompanybeingsetupwillbeaholdingcompany,whichwillultimatelybeholdingtheGroup’strademarkthroughasubsidiarycompanysetup inMalta.Verify this informationbyreferring to theobjectsclauseof theMaltesecompanies (as longas thesearesufficiently indicativeof thecompanies’specificactivities)and/orbusinessplans(wheretheseareavailable).
• UnderstandthecommercialrationaleforthesettingupoftheMaltesecompaniesbyanon-residentcustomer,and for the setting up of amulti-tier company structure (i.e., aMaltese holding company thatwill in turnownanotherMaltesecompanywhichwillholdthegroup’strademark).Useownjudgmentandexpertisetoevaluate this rationaleand, if necessary, taking intoaccount theML/FT risks involved.Obtain information/documentationtoassistinthisevaluation,suchasexpertopinions.
Page 33
Implementing Procedures | Part II – Company Service Providers
Scenario 3
TheCustomerisaGermancompany,partofalargergroupinvolvedinrealestate.ItwantstosetupaholdingcompanyinMaltatoholdinvestmentsthatwillbequotedsecuritiesorstakesinunrelatedprivatecompanies.TheCSPwillalsobeprovidingdirectorshipserviceswiththepowertorepresentandbindthecompany.
ID&V Requirements
Same as previous scenarios.
Understanding the Purpose and Intended Nature of the Business Relationship
• Group’sActivity:Obtaindocumentstoshowthat thegroup is involved inrealestate.TheGroup’sfinancialstatements or open source searches may achieve this purpose.
• MaltaCompany:Obtaininformationinwritingfromthecustomer(evenbyemailorthroughthecompilationofaclientapplicationform)indicatingthatthecompanybeingsetupwillbeholdingsecuritiesorinvestmentsinothercompanies.VerifythisinformationbyreferringtotheobjectsclauseoftheMaltesecompany(aslongas this is sufficiently indicative of the company’s specific activity) and/or business plans (where these areavailable).
• Understand the commercial rationale for the setting up of a Maltese company by a non-resident customer. Use ownjudgmentandexpertisetoevaluatethisrationaleand,ifnecessary,takingintoaccounttheML/FTriskinvolved.Obtaininformation/documentationtoassistinthisevaluation,suchasexpertopinions.
• SourceofWealth/FundingoftheInvestments:AscertainthatthefundingfortheacquisitionoftheinvestmentswillbederivedfromtheGroup,andobtaininformationonthewealthsubstantiatingthoseinvestments(e.g.,groupfinancialstatements).ThiswouldneedtobecarriedoutattheoutsetwhentheinvestmentswillbeheldbytheMaltesecompanyatformationstageoraspartofongoingmonitoringcheckswhentheinvestmentswouldbeacquiredbytheMaltesecompanyatalaterstage.Bevigilantandcautiouswhenfinancingwouldbederived from apparently unrelated third parties.
• Gather information on the investmentsbeingmade in securities and stakes of other unrelated companies(e.g.,volume,valueandtypeofinvestments,pricesofacquisition,dividendspayable,etc.).ThisinformationwouldneedtobegatheredattheoutsetinrelationtotheinvestmentsthatwillbeheldbytheMaltacompanyimmediatelyonformation,oraspartofongoingmonitoringcheckswhentheseinvestmentswouldbeacquiredatalaterstage.ThisinformationwillalsoassisttheCSPtoidentifyanydubiousorsuspiciousactivitiesandtomonitorthetransactionsthatwillgothroughthecompanyonceitbecomesoperational.
Page 34
| Financial Intelligence Analysis Unit
© Financial Intelligence Analysis Unit, 2020
Reproductionispermittedprovidedthesourceisacknowledged. Questions on this document may be sent to [email protected]
65C,TowerStreet BirkirkaraBKR4012 Malta
Telephone: (+356)21231333 Fax: (+356)21231090 Email: [email protected] Website: www.fiaumalta.org