Malta: Foundations Regulations On Central Register Of Beneficial Owners

The notorious CRB Regulations for Foundations, Trusts, Associations and Companies have been published as subsidiary legislation on the 20 December, 2017.

1.             Background

The title of the regulations relevant to foundations is the Civil Code (Second Schedule) (Register of Beneficial Owners – Foundations) Regulations 2017 (the 'Regulations') and they were published in terms of the Civil Code, as subsidiary legislation, because it is the Second Schedule of the Civil Code (Chapter 16 of the Laws of Malta) that regulates foundations, associations and other types of legal organisations.

The Regulations are stated as entering into force on the 1st January, 2018 and the only sign of a transitory provision is in reg. 5 that imposes a 6-month deadline for the submission in the prescribed form by the foundation of the information required by the Regulations.

This deadline therefore seemingly expires on the 1 June, 2018 for existing foundations to provide such information.

A major let down is the fact that the Regulations appear to have been issued in terms of article 30 of the EU's 4AMLD (dealing with companies and other legal entities) and not article 31(8) that deals with arrangements similar to trusts, which is what foundations ultimately are.

2.             Which foundations are affected?

All foundations are caught by these Regulations, be they beneficiary foundations, or purpose foundations (whether set up to achieve a social purpose or any lawful purpose on a non-profit basis) (reg. 3(1)) – once again the EU 4AMLD did not specify which foundations would be caught and one would have thought that once a purpose foundation has no beneficiaries, there cannot possibly be a 'UBO' as such.  Government-set up and controlled foundations, pious foundations or ecclesiastical entities and other types of foundations designated by notice by the Minister of Justice are, however, excluded (reg. 3(2)(c)).

3.             Obligation on the Foundation

In terms of reg.4 every foundation is obliged to "take all reasonable steps" to obtain and at all times hold adequate, accurate and up-to-date information in respect of the beneficial owners which as a minimum must include:

(a)           name;

(b)           date of birth;

(c)           nationality;

(d)           country of residence (but not residential address);

(e)           an official identification document number including:

a. the type of document (e.g. identity card); and

b. country of issue

(f)            the category of the definition of BO that the person falls under (e.g. founder/protector etc);

(g)           the nature and extent of the benefit and any changes thereto (but excluding reference to Potential Beneficiaries);

(h)           the effective date on which a natural person became or ceased to be a BO of the Foundation or, in the case of a beneficiary, the effective date on which his beneficial interest in the foundation has increased or been reduced.

The term Beneficial Owner is given the same meaning as under 4AMLD and as specifically including:

-               the founder;

-               the administrator(s);

-               the protector or members of a supervisory council (if any);

-               any other natural person exercising ultimate and effective control over the foundation by any means, including any other person whose consent is to be obtained or whose direction is binding in terms of the foundation's statute (or any other instrument in writing) for material actions  to be taken by the foundation or the administrators.

It is not clear on what basis the above should be regarded as 'beneficial owners' of a foundation because none of these persons ever have an interest in the foundation's assets, unless they too are beneficiaries (in which case they would get caught as 'beneficial owners' in their capacity as beneficiaries). It is also not even clear who else can possibly have 'ultimate and effective control' over a foundation, other than perhaps a protector or a founder with reserved powers (or, perhaps, a power holder who is a person other than a protector or founder).  However this is all in the EU's 4AMLD and the problem lies there, not so much with the Maltese Regulations that merely transpose the EU 4AMLD.

The beneficiaries of a foundation are, as is to be expected, also included in the definition of Beneficial Owner and include:

-               the identified beneficiaries; and

-               where the ones benefiting have yet to be determined, the class of persons in whose main interest the foundation is set up or operates;

and if the beneficiary is a legal entity, the beneficiary includes the UBO of such legal entity.  Therefore a look through approach was adopted for corporate beneficiaries, even though this was not dictated by the EU 4AMLD.

Thankfully, in terms of reg. 4(1)(g), if the statute of the foundation or other instrument in writing includes a suspension of the administrator's duty to inform a beneficiary of:

-               his benefit; or

-               the fact that he forms part of a class of beneficiaries which may so benefit

such person shall not be deemed to be a beneficiary until such time as he is informed of such benefit or receives actual benefit ("Potential Beneficiaries").

Rules have been introduced to regulate classes of beneficiaries and they are mirrored verbatim in the Trusts Regulations (reg.4(2)).  The provisions require the Foundation to describe the class and declare the members, and the information is stated as being required to be submitted to the RLP "as soon as a beneficiary is determined to form part of a class of beneficiaries or is appointed as a beneficiary of the foundation, whichever is the earlier".  It is not clear whether forming part of a class refers to the moment in time when, for instance, a beneficiary gets married (and consequently the spouse too falls within the class) or a child is born, in which case the actual details of the individual concerned need to be provided (presumably subject to the exception relating to when the beneficiary is subject to a suspension of information requirement).

4.             Who within the foundation is responsible for maintaining the register?

Regrettably the Maltese legislator opted to place responsibility on the officers of the Foundation jointly and severally with the foundation itself, meaning that the administrators of the foundation become potentially liable with the foundation for any breaches.  Worse still, where the administrator is a legal organisation, then the persons (presumably natural persons?) entrusted with the management and administration thereof become liable (as per the definition of 'officer' in the Regulations).  This would therefore seem to catch both the directors of the corporate administrator and potentially also the management thereof (such as a CEO and other members of top management).

The foundation's internal BO register is required to be kept by the foundation at the registered address of the foundation or at such other place as may be specified in the statute of the foundation (reg. 4(6)).

A new obligation, not found in the EU 4AMLD, is imposed on Foundations not to update the internal register of BO's (either by adding or updating details) or to notify the RLP when required to do so of the name of any BO, unless it has carried out CDD obligations in terms of applicable AML-CFT laws and regulations in force in Malta.   It is not immediately clear whether this provision is actually imposing an obligation on a foundation to conduct CDD before fulfilling its obligations under the Regulations (which it is not obliged to do as it is not a subject person; the administrators are) or, instead, whether it is intended as a safeguard for foundations and their officers who are effectively exonerated from complying with their obligations under the Regulations until such time as the Beneficial Owners provide the necessary CDD to the foundation.  It is also not clear whether if failure to comply with such CDD requirement would somehow affect the status of that person as a beneficial owner (in whichever capacity he may be acting; i.e. whether as founder, administrator, beneficiary etc).

5.             How does the Foundation gather the information?

The Regulations require the Foundation to obtain the information under paragraph 3 above from:

(a)   the beneficial owners of the Foundation; and/or

(b) from any natural person whom it has reasonable cause to believe to be a beneficial owner.

The latter are required to provide the said information without delay. When the beneficiary is a legal organisation or a fiduciary or other intermediary, the Foundation is required to obtain information on the principal or beneficiary of such intermediary.

Moreover, on every change to a beneficial interest (including an acquisition, disposal, increase or reduction), every person who is appointed or ceases to be a beneficial owner is equally bound to provide information to the Foundation.

The Foundation is also required to verify the information obtained as well as ascertain itself, by obtaining declarations, that the beneficial owner is not acting as an intermediary for another person (e.g. as an agent, nominee or trustee), since the Foundation would otherwise be required to obtain information on the principal or beneficiary of such intermediary.

6.             Changes to the information

The information held in the CRBO is required to be adequate, accurate and up-to-date (reg. 7(1)).  Accordingly, whenever there is a change in the BO or any other change occurs as a result of which any particulars in the CRBO are incorrect or incomplete, the foundation is obliged, within 14 days from the date when the change is recorded with the foundation, deliver to the RLP a notice in the prescribed form (if any) of the change, prioviding the information required by reg.4.

If the change in BO relates to a change in administrators it is the duty of the administrator to incorm the RLP of such change.

Oddly, any such notice sent to the RLP needs to be signed by at least one officer of the Foundation and, in the case of a corporate administrator by at least 2 persons entrusted with the administration and management thereof.

A penalty is prescribed for default in complying (see section below on Offences and Penalties).

7.             Central Register of Beneficiaries

The Registrar for Legal Persons ("RLP") has been entrusted with the task of maintaining the Central Register of Beneficial Owners ("CRBO"), containing the information provided to the RLP (reg.6(1)).  A distinction is made between the information held by the RLP on the normal register of foundations and that on the CRBO, and the information provided for the latter will not be maintained in the former (reg. 6(2)).

The CRBO shall be interconnected with the system of interconnection of EU and EEA central registers via the European Central Platform and the European e-Justice Portal serving as the European electronic access point as contemplated by the EU 4AMLD (reg. 13(1)).

The Regulations also contemplate the possibility of information needing to be delivered to the RLP in terms of then Regulations, as well as the retention thereof by the RLP, in electronic format in terms of the Electronic Commerce Act (Cap. 426), if so determined by the RLP.

8.             Access to the information on the CRBO

The all important issue of access to the CRBO is regulated by reg.9 and regrettably follows the model for companies in terms of article 30 of the EU 4AMLD, and not article 31 as it should have.

Access to the Register of Beneficial Owners is granted:


(a)   National competent authorities with designated responsibilities for combating money laundering and terrorist financing, or that have the function of investigating or prosecuting money laundering, associated criminal offences and terrorist financing, or of tracing, seizing, freezing and confiscating criminal assets;

(b)   The Financial Intelligence Analysis Units (FIAU);

(c)    National tax authorities;

(d)   Any other national competent authority within the meaning assigned to it under the Prevention of Money Laundering and Funding of Terrorism Regulations not already covered above.

Access will be without prejudice to the relevant competent authority's obligations under applicable data protection laws and regulations, but unfortunately this requirement is not elaborated on in the Regulations.


Subject persons in terms of the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01) for the purpose of carrying out their customer due diligence obligations in relation to such Foundation.

 Access will be without prejudice to the relevant subject person's obligations under applicable data protection laws and regulations and laws relating to professional secrecy, once again without this requirement being elaborated upon in the Regulations.

 The possibility of opening access up to subject persons in the course of the conduct by them of Customer Due Diligence procedures is actually only an option given to Member States in the case of trusts and similar arrangements, and this should also have been an option with respect to Foundations.  However, the Maltese legislator, probably as a result of the choice to bring foundations under article 30 of the EU 4AMLD rather than article 31, took up this option.


any person who, or organisation which, satisfactorily demonstrates and justifies (subject also to the requirement of certain documentation to be provided) a legitimate interest (which term is not defined in the Regulations) specifically related to the prevention of money laundering and the financing of terrorism. Apart from the fact that it is unfortunate that Malta did not take the opportunity to define and set limits to what constitutes a legitimate interest, it is especially relevant that in terms of the current version of article 31 of the EU 4AMLD, persons with a legitimate interest are not given access rights to the CRBO in the case of trusts – one therefore struggles to try and find a justification for creating this disparity in access rights for trusts and foundations.  This is all the more so when page 16 of the current draft EU 5AMLD, proposed by the EU Commission, provides the following under the heading 'trusts and other legal arrangements': "The beneficial ownership information concerns a wide range of legal arrangements: express trusts specific to common law, but also similar entities such as Treuhand, fiducies or fideicomiso, and all assimilated legal arrangements such as foundations", in this way clearly equating trusts with foundations in terms of the functions that each institute seeks to fulfil.


The Maltese legislator thankfully took on board the EU 4AMLD option given to Member States to disallow access to beneficial ownership information to those persons mentioned in B and C above where, in exceptional circumstances, to be determined on a case-by-case basis and justified by means of documentary evidence, access would expose the beneficial owner to the risk of:

- fraud

- kidnapping

- blackmail

- violence or

- intimidation or

- where the beneficial owner is a minor or otherwise incapable.

The RLP is empowered to determine any such request and whether access is to be allowed based on information provided by the Foundation when complying with these Regulations.

Refusals to provide information are required to be notified to the applicants by the RLP, and aggrieved persons may appeal to the First Hall, Civil Court within 30 days of a notification of refusal to provide information or, in the absence of a response, within 45 days of having made a request in writing to the RLP.

9.             Access fee?

While access to the Register has, in line with the EU 4AMLD, been indicated as being able to be subject to the payment of a fee (which cannot exceed the administrative costs thereof), this is not yet regulated in the Regulations and the RLP is given the power to establish such a fee by notice (reg. 16).

10.           Offences and Penalties (reg. 12 and Schedule to the Regulations)

The Regulations lay down a criminal offence as well as various administrative offences – the criminal offence relates to the reckless or knowing provision of misleading, false or deceptive (in a material particular) information, statements or declarations to the RLP on the BO of a foundation.  Any officer of the foundation (and therefore including the directors and management of a corporate administrator) or a BO thereof who makes such statement or declaration or otherwise provides the information shall be guilty of the offence and shall be liable on conviction to:

(a)           a fine (multa – and therefore convertible into jail if not paid) of not more than EUR5,000; and/or

(b)           to imprisonment for a term not exceeding 6 months.

Various administrative penalties are laid down and contemplate both an initial penalty due on the day of the default as well as a daily penalty due from the day following the day on which the default occurs.  The following penalties have been established:

  1. Failure by the foundation to maintain the register of BO's (reg. 4(9));
  2. Failure to deliver the information on the register of BO's to the RLP (reg. 5(3));
  3. Failure to provide information to the RLP about a change in the BO of a foundation (reg. 7(5)):

– EUR500 penalty and EUR5 daily penalty.

A limited defence has been established in respect of the various administrative penalties in respect of officers who can avoid personal liability if they show that they have "exercised all due diligence to comply with the provisions of this regulation and the default was not due to negligence on his part." (regs 4(9), 5(3) and 7(5)).  While this is a welcome attempt to safeguard administrators, it is felt that it may not go a sufficiently long way in doing so, and that it would have been a more robust remedy to simply not render the officer liable for the breach but the foundation itself of which he is an officer and where, ultimately, the assets that could potentially be involved in money laundering or terrorist financing (which are the purposes that such a transparency initiative should be targeted at seeking to address) are located.

The prescriptive period applicable to all such offences appears to be 5 years from the day on which the default occurs (reg. 15(3)), although it is not clear whether this also applies to the penalty for the criminal offence which is, presumably, recoverable not by the RLP but by the Police.

A procedure is laid down in the schedule to the Regulations for the contestation of a penalty notified to the foundation or any person, including an obligation for the court to appoint the proceedings for hearing by not later than 30 days from the date of the application, coupled with an obligation to hear the application to a conclusion within 5 working days from the date of the first hearing, with very limited scope for adjournments (Schedule to the Regulations).  A right of appeal to the Court of Appeal also exists, within 6 working days from the date of the decision (with an equivalent term to file a reply).

11.          Prescribed Forms

None of the prescribed forms have been published so far.



1 The term 'material actions' is exhaustively defined in the Regulations as the following actions or any other actions achieving the same result: (a) the amendment of the statute; (b) the addition or removal of any beneficiary, or any person from a class of beneficiaries or any action affecting the entitlement of a beneficiary; (c) the appointment or removal of administrators or protectors or members of the supervisory council; (d) the acceptance of new founders; (e) the re-domiciliation of the foundation; (f) the assignment or transfer of all or the majority of the assets of the foundation; or (g) the termination or revocation of the foundation;

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:
  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.
  • Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.
    If you do not want us to provide your name and email address you may opt out by clicking here
    If you do not wish to receive any future announcements of products and services offered by Mondaq you may opt out by clicking here

    Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

    Use of

    You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


    Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

    The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


    Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

    • To allow you to personalize the Mondaq websites you are visiting.
    • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
    • To produce demographic feedback for our information providers who provide information free for your use.

    Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

    Information Collection and Use

    We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

    We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

    Mondaq News Alerts

    In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


    A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

    Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

    Log Files

    We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


    This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

    Surveys & Contests

    From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


    If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


    From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

    *** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .


    This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

    Correcting/Updating Personal Information

    If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

    Notification of Changes

    If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

    How to contact Mondaq

    You can contact us with comments or queries at

    If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.

    By clicking Register you state you have read and agree to our Terms and Conditions