by CSB Group
17th April 2023

When leading a financial services entity, in particular within the company service provision sector, one needs to be aware of the consequences of business decisions that could undermine the entity's business policies, systems and the overall compliance culture. In this 5-part series of articles, I will analyse 5 business decisions, through the legislative references such decisions could fall foul of, the impact on the organisation these decisions could have, and attempt to suggest a course of action.

Reducing the AML division budget

The reduction by the Board of the AML/Compliance division budget is one of the areas of concert within businesses' compliance cultures. Such undermining decision gives rise to the need for processes, systems and staff compliment to be revisited.

Legislative/Competent Authorities' references

The PMLFTR, Section 5(1) clearly states 'that every subject person shall take appropriate steps, proportionate to the nature and size of its business, to identify and assess the risks of ML/FT that arise out of its activities.' The FIAU Implementing Procedures further amplify this specific article when it states that it is important that senior management provides the MLRO and its monitoring function 'with sufficient resources, including appropriate staff and technological means', to ensure that they are able to carry out their obligations effectively.1

Main Impact

It is important to bring to the attention of any Board that abandoning AML systems and process will have dire consequences at an operational, legal and reputational nature. Although screening tools can be deemed to be expensive and an easy target for budget reductions, not screening clients for negative media, criminal and fraudulent activity, imposed sanctions and PEP status will cause a firm to be in breach of the Sanctions Monitoring Board (SMB) requirement for subject persons to effectively screen clients for possible sanctions.2

Without the technological tools that provide automated ongoing monitoring it would be impossible to keep abreast with EU and UN Sanctions screened against the client database. Hefty administrative penalties may be meted out directly by the SMB without recourse to court proceedings for such failures.3

Abandoning systems like the transactional monitoring system will expose an entity to substantial ML risks, as officers will be unable to determine frequency, amount and pattern to identify suspicious transactions. The exposure to ML risks brings with it severe criminal liability both personal i.e., to the officers including the MLRO, and to the firm. Penalties up to €2.5million and 18 years imprisonment for aiding and abetting ML are contemplated in the PMLA.4

These systems also assist the division in replying in a timely manner to regular information requests issued by the Asset Recovery Bureau. Cutting back on certain processes will also impinge on the ability of the division to issue internal and external reports, some of which are required by the competent authorities, such as risk evaluation questionnaires and annual compliance returns.

Course of Action

In line with embracing a culture of compliance, cutting the Division's budget with such drastic effects, will definitely counter the achievement of such an objective. In addition, the penalties and criminal liability risks should also detract from deciding in favour of such cuts. Commercial pragmatism, however, should make AML/Compliance leaders within an entity aware of the cost constraints that this same entity could be facing. Together with the Board, one can undertake a number of risk-based measures to realign the budget.

  • The PMLFTR, explained further in the Implementing Procedures5 allow for outsourcing and together with the Board, one might look into this possibility to free up time of 1st line of defence staff from the rigours of onboarding by engaging external providers to identify and verify clients.
  • Costly and time-consuming risk assessments and jurisdictional risk assessments which require substantial human resources from the 2nd line of defence could also be considered for possible outsourcing.
  • Continue to invest in technological solutions that free up 1st and 2nd line defence staff time, such as online filling of client application forms, SoW and SoF, integrated customer risk assessment with automatic inherent risk scoring and recalculation of the residual risk once mitigation measures are implemented.

About the Author

This article has been authored by Jean-Claude Cardona, CSB Group Operations & Finance Director. Contact us on for more information.


1. FIAU Implementing Procedures Part 1 25/09/20 Page 207.

2. Article 17 (6) (a) (b) and (c) of the National Interest (Enabling Powers) Act, Cap 356 of the Laws of Malta

3. As of 23 April 2020, the Sanctions Monitoring Board is empowered to mete out administrative penalties for any violation of Article 17(6) of the National Interest (Enabling Powers) Act.

4. Prevention of Money Laundering Act Article 3(1).

5. PMLFTR 12 and FIAU Implementing Procedures Part 1 Page 230.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.