ARTICLE
19 December 2024

What Is 'The Four-Eyes Principle' That Regulated Companies Need To Adhere To?

MF
MK Fintech Partners

Contributor

MK Fintech Partners Ltd. is affiliated with the prestigious Michael Kyprianou Group, a leading international legal and advisory entity. Renowned for its diverse legal services, the group has become one of Cyprus' largest law firms, with offices in Nicosia, Limassol, Malta, Ukraine, the United Arab Emirates, and the UK.
Stephanie Marinova provides a concise overview of the Four-Eyes Principle, a vital governance strategy requiring dual approval for significant organizational decisions.
Malta Corporate/Commercial Law

Stephanie Marinova provides a concise overview of the Four-Eyes Principle, a vital governance strategy requiring dual approval for significant organizational decisions. This principle enhances security and compliance, particularly in sectors like finance and cryptocurrency, by minimizing risks such as fraud and errors. The article emphasizes its application in financial institutions and Crypto Asset Service Providers (CASPs), especially within Malta's regulatory framework enforced by the Malta Financial Services Authority. As regulatory scrutiny increases, understanding the Four-Eyes Principle is essential for organizations to navigate today's complex business environment effectively

The 'Four Eyes Principle'

Overview

In today's dynamic business environment, ensuring security, compliance, and operational integrity is a non-negotiable priority. Entities across industries strive to minimise errors, prevent misuse, and maintain the highest standards of accountability. One proven strategy that supports these goals is the Four-Eyes Principle, also known as the dual control principle or two-person rule.

At its core, the Four-Eyes Principle emphasises collaboration and oversight by requiring two individuals to approve or confirm critical decisions, processes, or transactions. This approach not only strengthens trust but also serves as an effective safeguard against risks such as fraud, inaccuracies, and operational lapses.

The timeless adage "Four eyes see better than two" perfectly captures the essence of this principle. By fostering collaboration and mutual accountability, it ensures quality control and lessens the likelihood of errors or malpractices. As such, it necessitates the confirmation and approval of the two responsible individuals involved in the process.

Practical Applicability

Industries

Unsurprisingly, this principle has become a cornerstone for industries ranging from finance to software development, finding applications wherever precision and reliability are paramount. In particular, it finds application across different business fields, such as:

  • Fintech: Financial technology companies rely on this principle to secure transactions and approvals. For instance, a corporate payment exceeding a predefined limit might require dual approval – one from the financial manager and another from the CFO – combined with multi-factor authentication to ensure compliance and prevent fraud.
  • Blockchain: Multi-signature wallets are a practical example in the blockchain ecosystem. They require authorization from different private keys, ensuring secure and accountable cryptocurrency transactions.
  • Investment Management: Portfolio managers often collaborate with compliance officers to approve significant investment decisions. For example, acquiring a high-value asset might require validation from both the investment team and a regulatory compliance expert to align with fiduciary responsibilities.
  • Fraud Prevention: To prevent fraud, multi-layered approval systems are implemented. This could be a wire transfer request that may require authentication by a relationship manager and an independent risk officer; thereby, reducing the likelihood of fraudulent activity.
  • Audit and Reconciliation: Internal audits in financial institutions often rely on dual verification. Usually, account reconciliations are cross-checked by two separate teams – one handling account balances and the other confirming transactions.
  • Procurement in Financial Services: The principle offers transparency during vendor selection. When financial institutions procure IT services, proposals are jointly reviewed by the procurement team and the IT department for the purpose of providing impartiality and optimal selection.
  • Financial Reporting: Before financial statements are published, it is required for such to be reviewed and approved by both the accounting team and external auditors, in compliance with any regulatory standards and reporting accuracy.
  • Compliance Monitoring: Regulatory submissions often require sign-off from multiple departments. When it comes to submitting a report to a financial regulator, this may involve review by both the compliance officer and the legal team, guaranteeing alignment with legal and regulatory frameworks.
  • Risk Management: Risk assessments for major financial decisions, such as mergers or acquisitions, involve joint reviews. They can be performed by the risk assessment team and senior executives to evaluate potential impacts, ensuring thorough due diligence.
  • Customer Account Management: Significant changes to customer accounts, such as altering credit limits or approving large withdrawals, usually require dual approval from a relationship manager and a compliance officer, safeguarding against errors or misuse.

The 'Four-Eyes Principles' in Financial Institutions

Processes

Within financial institutions, the Four-Eyes Principle remains a fundamental safeguard, helping entities uphold accuracy, reduce any perils, and maintain strict adherence to regulatory requirements. By requiring the involvement of two individuals in crucial transactions or decisions, the principle minimises vulnerabilities and protects the organization from potential errors or misconduct.

In practice, one individual typically initiates a process, such as preparing or approving a payment or a loan, while another independently reviews and verifies the action. This two-person verification system provides that no single individual can perform high-risk tasks or manage sensitive information without oversight.

Beyond fraud prevention, the Four-Eyes Principle fosters a culture of accountability and transparency. It plays a key role in adhering to important regulatory frameworks like Anti-Money Laundering ("AML") and Know Your Customer ("KYC") protocols, where additional oversight is essential to identify suspicious activities. Additionally, financial institutions use this principle to uphold corporate governance standards in areas such as treasury management, loan approvals, and account reconciliation.

By dividing authority and responsibility, the dual control principle not only minimises conflicts of interest but also enhances the quality of decision-making. Ultimately, this strengthens the trust in the integrity of the institution's operations, making sure that decisions are well-considered and aligned with best practices.

The 'Four-Eyes Principles' in CASPs

CASPS

In the dynamic environment of Crypto Asset Service Providers ("CASPs"), the Four-Eyes Principle assists in safeguarding digital asset transactions and enhancing operational integrity. As CASPs manage services like cryptocurrency exchanges, token custody, and staking, they are entrusted with handling substantial amounts of digital assets in highly volatile and often uncertain regulatory domains. Implementing dual control ensures that no individual can unilaterally execute critical tasks, such as transferring funds, accessing private keys, or authorising system modifications.

A prime example of the Four-Eyes Principle in practice within CASPs is the multi-signature (multi-sig) technology. This mechanism requires multiple authorised users to digitally sign off on a transaction before it is processed, ensuring that no one individual has sole control over the funds. Multi-sig technology provides an additional layer of security against both internal threats, such as fraud, and external threats like hacking.

During high-stakes activities such as Initial Coin Offerings ("ICOs") and token launches, the Four-Eyes Principle is essential for ensuring transparency and accountability. For instance, decisions related to setting token prices, approving smart contracts, or managing investor funds are subject to review and approval by multiple parties to avoid errors or potential conflicts of interest.

As regulatory scrutiny on digital assets intensifies, compliance with AML and Counter-Terrorism Financing ("CTF") regulations has become non-negotiable. Regulatory bodies now increasingly require CASPs to implement dual control mechanisms to provide compliance with these frameworks. It is apparent that it assists in mitigating risks related to illicit financial activities and enhances the credibility of CASPs in a competitive market.

How is the 'Four-Eyes Principle' Applied by the Malta Financial Services Authority vis a vis the companies they supervise?

MFSA

In Malta, the Four-Eyes Principle is firmly integrated into the regulatory framework established by the Malta Financial Services Authority ("MFSA"). The MFSA mandates that significant transactions or decisions, such as fund transfers, loans, or large payments, within financial institutions be subject to dual control. This aligns with the MFSA's commitment to maintaining high standards of governance, risk management, and compliance with EU regulations, such as the Fourth and Fifth Anti-Money Laundering Directives ("4AMLD" and "5AMLD"), which include the need for enhanced oversight in financial transactions.

On the island, the Four-Eyes Principle serves as an essential mechanism to prevent fraud, reduce human error, and comply with stringent EU regulations. Laws such as the VFA Act (Chapter 590 of the Laws of Malta) ("VFA Act"), Financial Institutions Act (Cap. 376 of the Laws of Malta), Investment Services Act (Chapter 370 of the Laws of Malta), Banking Act (Chapter 371 of the Laws of Malta), and Companies Act (Chapter 386 of the Laws of Malta), including also the MFSA rules and guidelines, actively mandate dual control for critical decisions. Particularly, entities operating in the financial sector are encouraged to pay specific attention to the Prevention of Money Laundering & Funding of Terrorism Regulations (Subsidiary Legislation 373.01) ("PMLFTR"), which mandates entities to implement dual control mechanisms to oversee suspicious transactions. The latter legislative document notes that any non-compliance can lead to severe consequences, including fines, penalties, or even the revocation of licenses, underscoring the critical importance of adherence for both legal compliance and preserving trust in operations.

Conclusion

The 'Four-Eyes Principle'

The Four-Eyes Principle not only enforces robust oversight but also fosters collaboration and shared responsibility in decision-making. Its implementation strengthens organisational resilience, ensuring processes are both secure and transparent.

In Malta, this principle serves as a linchpin of governance and regulatory compliance for all companies operating in the financial sector. With the growing complexity of compliance demands, this principle remains indispensable for protecting operations and maintaining stakeholder confidence.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More