Anti-Money Laundering
and Risk Assessment (Part 2)

Malta has actively transposed and continues to implement the latest EU directives targeting money laundering and terrorism financing, relying on acts, regulations, and guidance from the Financial Intelligence Analysis Unit (FIAU). As part of the Anti-Money Laundering (AML) measures, Kyte Consultants emphasize the importance of a risk-based approach, requiring subject persons (entities complying with AML legislation) to conduct and update their Risk Assessments regularly.

Posted on: Friday, October 6th, 2017

Malta has in the past transposed and is currently transposing the latest EU directives aimed to fight Money Laundering and Terrorism Funding. Acts and regulations, together with guidance from the Financial Intelligence Analysis Unit (FIAU) are designed to assure that funds passing through Maltese entities have not originated from any criminal activities and flag any suspicions to be investigated.

As discussed in a previous article, one of the many facets of Anti-Money Laundering (AML) is the Risk Assessment, whereby we compare its similarities to the (assumingly so) simple action of crossing a street.

In order to fully comprehend how an AML Risk Assessment is carried out, one must first understand what it comprises of. Kyte Consultants will explain further:

Risk-based approach

Each subject person (i.e. companies that have to comply with AML legislation) is required to carry out and keep its Risk Assessment up to date. Moreover, the AML and Customer Acceptance Policy of the subject person should mirror the Risk Assessment. The main aim is for it to be an active document, which should be updated whenever a new product (be it a service line, game or payment method) is launched, and otherwise have control mechanisms for its review. Additionally, this must be presented to the Board of Directors and the regulators may demand to see that the Risk Assessment is being done and reviewed.

The below minimum risk factors must be considered in the risk assessment:

  • Customer risk (e.g. Type of customers, Politically Exposed Persons etc.)
  • Product, service or transaction risk – (e.g. service lines, betting products, insurance policy type, funding methods, etc.)
  • Interface risk – (e.g Non face-to-face business, business networks, etc.)
  • Geographical risk – (e.g. origin of customers, where they are accessing the service from, funding method origin, etc.)

Customer-specific risk assessment

Once you’ve analysed your business’ money laundering risks, you need to risk assess and monitor your customer base by:

  • Formulating a client expected activity profile
  • Evaluating the possible risks posed by that client depending on the indicators shown on registration
  • Modifying the risk threat level depending on actions taken by the customer
  • Deviations from the profile that may trigger red flags

To assess your customer risk and maintain the ongoing monitoring you must thus work on policies and procedures for due diligence, ongoing monitoring, re-assessment and reporting workflows. This may be the single largest and most subjective task in the AML legislation as it’s not an obligatory task you do once a year, but practically whenever your customer is doing business with you.

Kyte Consultants can support you in developing internal procedures which ensure that you will be compliant with your legislative obligations and keep you informed on the legislative developments in the area. We will gladly assist you in developing procedures depending on your type of operation and risks your organization may be susceptible to.

For more information, contact us today.


Raising standards since 2006.

Kyte Global, with clients in over 65 countries has established itself as a unique company providing a one-stop-shop to all your information security and compliance requirements.

At Kyte Global we attempt to add value in everything we do. Our services have evolved as a result of the growing needs of our clients. Regulations keep getting stricter, compliance requirements keep getting more onerous and clients find themselves spending more time addressing these issues rather than focusing on their business. At the same time, resources with the right knowledge and experience are hard to come by. Kyte Global tries to tackle these issues by providing a one stop shop to all the client’s needs. Kyte Global understands that Compliance is an effective way of ensuring that controls are implemented.

Internally, Kyte Global is organised in teams, each dedicated to a specific service, usually revolving around a specific standard or regulation. Some of these are PCI DSS, ISO 27001, GDPR, Internal Audit, AML, Gaming, Penetration Testing, Training to name a few. Each team is made up of trained professionals, all experts in their own field.

Over the years, Kyte Global has established partnerships with suppliers that develop and implement industry leading solutions so that it can make recommendations to clients who require such services or products. Kyte is proud to have a network of partners that can assist its clients, big or small, in virtually all of the industries it operates in.