Remote gaming operator fined €49,802 for AML/CFT lapses by Malta’s FIAU

Malta’s Financial Intelligence Analysis Unit (FIAU) has levied a €49,802 penalty on a remote gaming operator licensed in Malta, following breaches of anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations. The fine was imposed, the FIAU said in a public notice, after a thorough off-site thematic review conducted in 2020 uncovered multiple compliance shortcomings.

Key Findings

The FIAU identified several critical issues in the operator’s Customer Risk Assessment (CRA) methodology. Although the company had a documented CRA process, it lacked rigour and comprehensiveness, the national agency noted. The CRA failed to adequately assess and document risks associated with different business relationships, the FIAU added, particularly regarding:

• Interface risk: The company did not adequately consider risks associated with the delivery method, despite using the same channel of delivery.
• Geographical risk: The assessment did not account for the origins of funds processed through various jurisdictions, potentially linking the business to high-risk areas.
• Transaction risk: Insufficient consideration was given to the types and frequencies of transactions and payment methods, failing to differentiate between high-value and low-value transactions adequately.
• Customer risk: The CRA only included Politically Exposed Persons (PEP) and sanctions screening, neglecting factors like economic activity, reputation, and customer behaviour.

The review also revealed that the CRA was not updated in a timely manner to reflect changes in customer activity, leading to incorrect risk ratings. For instance, a customer who deposited €161,483 and withdrew €9,610 over three months remained classified as low risk, highlighting the operator’s failure to re-evaluate risk profiles based on transactional behaviour.

Further shortcomings were noted in establishing customer business and risk profiles. The operator’s policies did not mandate the collection of source of wealth (SoW) information for medium-risk customers, nor did they gather anticipated activity levels for customers depositing over €2,000 within 30 days. Additionally, the company failed to scrutinise transactions effectively. Significant deposits and losses were not investigated, and no measures were in place to detect or act on unusual transactions.

Response and Remedial Actions

The company has taken several steps to address the identified deficiencies. Notably, it has surrendered its operating licence, indicating a cessation of its business activities in Malta. This precluded the necessity for a Follow-Up Directive from the FIAU, which would typically ensure compliance with local AML/CFT laws and monitor the implementation of corrective measures.

The operator retains the right to appeal the decision before the Court of Appeal (Inferior Jurisdiction) within the prescribed period. The fine will become final upon the lapse of the appeal period or upon the court’s final determination.