What is adverse media screening?

Adverse media screening is associated with monitoring for negative news and reputational risks on a person or business as part of a company’s onboarding, KYC and AML process. The screening can be conducted manually which is usually more time-consuming and yields limited results or batch screening technology can be applied. Batch screening helps evaluate and identify the most relevant content in a quick and cost-effective manner and overcome potential language barriers, resulting in a global overview of the subject’s coverage that otherwise might have been unnoticed.

Adverse media screening can reveal involvement with various wrongdoings – from terrorism, organized crime, modern slavery, financial crime and fraud, bribery and corruption, to emerging types of crime, such as cybercrime as well as many other possible offenses. Such linkages of a potential client, distributor, intermediary or investor can pose a serious reputational challenge for a company’s business reputation and lead to legal and regulatory proceedings.

Sources of adverse information include public data sources, media outlets – both online and offline, press releases by government bodies, publications by NGOs, investigative journalists, watchlists, blacklists and additional sources.

Regulatory requirements for adverse media screening

Several regulatory bodies and institutions globally have emphasized on the importance and benefits for mitigating risks of adverse media screening. For example, the EU’s 4th Anti Money Laundering Directive requires businesses to perform adverse media searches for natural persons or legal persons established or residing in high-risk countries and other high-risk situations. The Directive also mentions adverse media screening in the context of enhanced customer due diligence for high-risk clients which includes “open source or adverse media searches or commissioning a third-party intelligence report[1].

The intergovernmental organization in the field of anti-money laundering policy making – the Financial Action Task Force (FATF) lists “verifiable adverse media searches[2] in its enhanced due diligence and simplified due diligence measures in its guidance for a risk-based approach in the banking sector.

Furthermore, US’s Financial Crimes Enforcement Network (FinCEN) indicates in its bulletin “adverse media, negative news, and other forms of derogatory information continue to trend as a basis for submitting a suspicious activity report (SAR)[3].

Conducting effective adverse media screening

The first step for conducting effective adverse media screening process is leveraging technology and automated screening techniques. As mentioned above, manual negative media checks have limited effectiveness and are time-consuming, especially when running a fast-growing business with a strong inflow of new customers or a business having multiple partners worldwide. Apart from yielding more accurate results, automated solutions also contribute to less false positives during the screening process.

The second step for effective negative media checks involves checking any aliases of the subject and analyzing global multilingual coverage. Multilingual checks are very important for regions such as MENA and APAC where the subject’s name in English may have multiple local aliases and without checking them as well, the results may be incomplete. For effective screening, it is also important to select a screening solution which also supports automated alias checks, not just name checks, so any important information associated with an entity or an individual can be uncovered.

The third step is using categorization, as not every positive result for adverse media coverage has the same importance for the subject’s risk profile. The categorization of adverse media can be made easier by setting up categories of offenses as defined in international and national legislation or a company’s internal compliance policy. This would allow for easier interpretation of the adverse media coverage and segmentation of customer risk profiles. 

The fourth step is checking the credibility and independence of the source of negative news. Adverse media sources can be broadly separated into two groups – official (derived from government and institutional) sources and non-official (derived mostly from media outlets) sources. Thus, coverage of the key institutions and regulators in multiple jurisdictions is a strong asset for negative media screening. However, when it comes to unofficial sources, it is important to note that the lack of news coverage on criminal convictions alone might not be enough to discount crime allegations.

The final good practice involves using an ongoing monitoring solution which allows the tracking of the news flow associated with clients constantly and ensure the consistency of their risk profiles. The ongoing monitoring functionality puts one in a position where they can review adverse media screening results and update risk profiles for any changes as an apparently harmless news allegation may evolve and require a more serious compliance response.

Consequences of a positive adverse media match

A positive adverse media match usually leads to a higher risk rating of the subject’s risk profile which could result in the filing of a suspicious activity report; conducting further enhanced due diligence; or, terminating the business relationship. The action taken is dependent on a company’s risk and compliance policy. This is how adverse media screening can help mitigate reputational and regulatory risks for business, but also – this type of screening provides the intelligence necessary to handle any business relationship – both expected and existing.


Whilst there are clear regulatory requirements to perform on-going screening of a business’s relationships for any potential changes throughout the relationship, it also makes good business sense from a reputational risk perspective.  The culture of compliance should focus on the bigger picture of seeking to ensure ‘bad actors’ are not able to integrate ‘dirty money’ into the financial system and on-going screening using high quality data sources is a fundamental component of a business’ overall risk mitigation framework.

[1] https://esas-joint-committee.europa.eu/Publications/Guidelines/Guidelines%20on%20Risk%20Factors_EN_04-01-2018.pdf

[2] http://www.fatf-gafi.org/media/fatf/documents/reports/Risk-Based-Approach-Banking-Sector.pdf

[3] https://www.fincen.gov/sites/default/files/sar_report/SAR_Stats_2_FINAL.pdf

By Nick Parffit, Acuris Risk Intelligence


Interview with MGA

You can read all the articles here: http://cm-2.kyte.global

Question 1 – One of the novelties in the new Gaming Act and subsidiary legislation is the Corporate Group Licence. Can you briefly explain the thinking behind this type of licence.

One of the main aims of the regulatory overhaul that took place in 2018 was to reduce unnecessary bureaucratic processes in order to focus efforts on checks that provide added value in line with a risk-based approach. This resulted, amongst other changes, in the introduction of the corporate group licence. Corporate groups that have multiple entities providing licensable activities may apply for such a licence in order to further reduce administrative burdens.  One of the principal examples of its use is when an entity only provides a critical gaming supply to other entities within the same group.  When the entities are all eligible for, and included within, a corporate group gaming service (B2C) licence, there is no need for the entity providing the critical gaming supply to obtain a B2B licence provided it is only providing such supply to entities within the corporate group licence.

Question 2 – What does the process relating to the addition or removal of an entity from such a licence entail?

The addition or removal of an entity from the corporate group licence can be made via the MGA’s Licensee Relationship Management System. The addition of an entity within the corporate group entails the submission of documentation, including the proposed corporate structure. The MGA would also conduct any relevant checks, including due diligence checks on the newly added entities and natural persons behind such entities. Where an entity is removed from the corporate group licence, the MGA would similarly require the submission of the proposed corporate structure. Further to this, the MGA retains the discretion to ask for additional documentation and conduct any checks which it may deem necessary to ensure that the addition or removal of the corporate group entity is being made in accordance with applicable legislation.

Question 3 – Can a group that operates with companies outside of Malta use the Corporate Group Licence instead of obtaining Recognition Notices?

Any entity that is eligible to apply for a licence may be included under the purview of a corporate group licence. If the aforementioned entity is included in the corporate group licence, it can operate by virtue of such licence without having the need to obtain a recognition notice from the MGA.

Question 4 – Has this type of licence been popular amongst licencees?

Following the introduction of the new regulatory regime in 2018, the corporate group licence has been adopted to by a number of authorised persons. For the purpose of statistical data, the Authority considers the entities that fall under a corporate group licence to be one operating company. As of February 2020, there were 27 corporate group licences in total; 16 out of such corporate group licences were issued for B2C-related operations whilst the remaining 11 were issued to B2B-related operations.

Question 5 – What are the regulatory obligations of entities within the Group? E.g. audited financial statements, industry performance reports, etc.

The corporate group entity which is designated as the ‘reporting entity’ is required to fulfil a number of regulatory obligations in order to ensure that the operation is being carried out in accordance with the law, including, inter alia, the fulfilment of reporting requirements. The reporting requirements pertaining to the such operations include the submission of the annual audited financial statements, interim financial statements, monthly player fund reports, monthly tax reports, industry performance reports and also, the payment of the applicable licence fees and compliance contribution. It is pertinent to note that, notwithstanding the designation of one reporting entity, every entity within the corporate group licence is deemed to be jointly and severally liable vis-à-vis the MGA.

Question 6 – Will a company within a group automatically become a Subject Person under the AML/CFT regulations?

In accordance with the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01), a subject person is defined as all legal and natural persons carrying out either relevant financial business or relevant activity. Additionally, in accordance with the Implementing Procedures (Part I) published by the FIAU, gaming licencees are deemed to be subject persons and accordingly, this would include corporate group licence holders. However, it is important to clarify that such licence can either be a B2C or a B2B corporate group licence and in this regard, only entities that offer a gaming service (B2C) are deemed to be subject persons. The MGA provides information to the FIAU for the purpose of determining which entities within the corporate group licence may not be providing a gaming service and which therefore, would not be deemed to be subject persons.

Question 7 – Apart from the 90% shareholding requirement for a group entity are there any other specific requirements that need to be satisfied?

Corporate group licence holders are subject to the same regulatory obligations as any other licence holder and therefore, the same requirements which are applicable to licence holders in general need to be satisfied by all of the entities included within the corporate group licence.

Question 8 – Does a Corporate Group licence cost more than a B2C or B2B licence?

The Gaming Licence Fees Regulations (S.L. 583.03) do not make any specific reservations for corporate group licences, as the only differentiation made in relation to the payable fees is related to whether the licence is a gaming service licence or a critical gaming supply licence. Therefore, the fees applicable to a corporate group licence will depend on whether the said licence is a B2C or a B2B corporate group licence. The B2B licence has a fixed licence fee. On the other hand, in the case of B2C licences, the gaming revenue of each entity included within the corporate group licence is taken into consideration for the purpose of determining the applicable licence fee.

By Brandon Debattista
Legal Counsel, MGA

Anti-Money Laundering and Risk Assessment (Part 2)

Malta has in the past transposed and is currently transposing the latest EU directives aimed to fight Money Laundering and Terrorism Funding. Acts and regulations, together with guidance from the Financial Intelligence Analysis Unit (FIAU) are designed to assure that funds passing through Maltese entities have not originated from any criminal activities and flag any suspicions to be investigated.

As discussed in a previous article, one of the many facets of Anti-Money Laundering (AML) is the Risk Assessment, whereby we compare its similarities to the (assumingly so) simple action of crossing a street.

In order to fully comprehend how an AML Risk Assessment is carried out, one must first understand what it comprises of. Kyte Consultants will explain further:

Risk-based approach

Each subject person (i.e. companies that have to comply with AML legislation) is required to carry out and keep its Risk Assessment up to date. Moreover, the AML and Customer Acceptance Policy of the subject person should mirror the Risk Assessment. The main aim is for it to be an active document, which should be updated whenever a new product (be it a service line, game or payment method) is launched, and otherwise have control mechanisms for its review. Additionally, this must be presented to the Board of Directors and the regulators may demand to see that the Risk Assessment is being done and reviewed.

The below minimum risk factors must be considered in the risk assessment:

  1. Customer risk (e.g. Type of customers, Politically Exposed Persons etc.)
  2. Product, service or transaction risk – (e.g. service lines, betting products, insurance policy type, funding methods, etc.)
  3. Interface risk – (e.g Non face-to-face business, business networks, etc.)
  4. Geographical risk – (e.g. origin of customers, where they are accessing the service from, funding method origin, etc.)

Customer-specific risk assessment

Once you’ve analysed your business’ money laundering risks, you need to risk assess and monitor your customer base by:

  • Formulating a client expected activity profile
  • Evaluating the possible risks posed by that client depending on the indicators shown on registration
  • Modifying the risk threat level depending on actions taken by the customer
  • Deviations from the profile that may trigger red flags

To assess your customer risk and maintain the ongoing monitoring you must thus work on policies and procedures for due diligence, ongoing monitoring, re-assessment and reporting workflows. This may be the single largest and most subjective task in the AML legislation as it’s not an obligatory task you do once a year, but practically whenever your customer is doing business with you.

Kyte Consultants can support you in developing internal procedures which ensure that you will be compliant with your legislative obligations and keep you informed on the legislative developments in the area. We will gladly assist you in developing procedures depending on your type of operation and risks your organization may be susceptible to.

For more information, contact us today.