Changes in the regulatory environment are constantly evolving, becoming more frequent, more expensive, more time-consuming, and having substantial effect on the customer experience.

In 2017, all European member states adopted the 4th Anti Money Laundering Directive (4AMLD) as national legislation, and in April 2018, the European Parliament welcomed the 5th Anti Money Laundering Directive (5AMLD), which was published on 19th June 2018. The new legislation was proposed to address recent economic innovations and political developments following leaks from Swiss Leaks and the Panama Papers.

The Directive covers current gaps in the existing legislation. Certain High-Risk sectors are either not addressed or are clearly addressed to combat money laundering and terrorist financing. The 5th AMLD must be implemented into the national legislation of all EU member states by January 10th 2020. hat are the main changes brought by 5AMLD?

1 Transparency on Register of Beneficial Owners

The current directive made it mandatory for each Member Competent Authority to establish a beneficial ownership registrar. In 2017, through Legal Notice 375, Malta established regulations on the Register of Beneficial Owners. All registered entities are obliged to keep an internal register of beneficial owners and submit this information to the Malta Business Registry (MBR). With the current legislation, request for information on beneficial owners can be made by demonstrating a legitimate interest to the competent authority. With the 5th AMLD, access to the information will be extended, and it will be made available to the general public. Information from Trusts and similar arrangements will also be kept in a central register, and information will be made available subject to a proven legitimate interest. The register must be made public by 10th Jan 2020, while that of Trusts or similar arrangements by 10th March 2020.

An interconnected mechanism between all members states’ competent authorities will be implemented, where the authorities will be able to address inaccurate or outdated information on beneficial owners as part of ongoing monitoring.

2 Rules for the Crypto Market and Electronic Money

Malta introduced a Virtual Financial Assets (VFA) Act on November 1st, 2018, and the 5th AMLD also will be addressing the virtual currency (crypto) market. The Maltese legislation addresses certain activities that VFA offered to the public, including VFA trading on a DLT exchange, and provision of VFA agents and additional services.

Recent innovations and trends have brought about new challenges in combatting money laundering and terrorist financing. The 5th AMLD addresses the sector and will consider such providers as entities obliged to carry out due diligence on their customers, transaction monitoring and on-going monitoring.  The new directive also refers to an established central database, where all member states’ Financial Intelligence Units will have access to databases containing holders’ identification information.

The limits for electronic money, more specifically prepaid cards, have also changed.  EMIs are now required to carry out appropriate due diligence on any payment transaction exceeding €150 within a month, reducing the limit from €250 to €150. Due Diligence for cashing out has also been reduced from €100 to €50. Anonymous prepaid cards issued in non-EU countries may not be accepted by acquiring banks.

Member states may also be able to refuse territory payments using anonymous prepaid cards, depending on how the Directive will be implemented in the national legislation.

3 Other Rules for Professional Services

Legal entities that provide audit, accounting and tax advisory are also subject to 5AMLD.  In addition, the Directive addresses entities or persons trading in works of art.   Entities and individuals providing such services will have to carry out due diligence on their customers and report any suspicious activity to the competent authority.

4 Enhancements in High-Risk non-EU countries’ Due Diligence

5AMLD will introduce a consistent standard rule when it comes to high-risk country due diligence requirements. The European commission will account for strategic deficiencies, including sanctions, cooperation and exchange of information between member states and non-EU countries. The measures will include the refusal of establishments and their subsidiaries, branches, and representatives’ offices, and prevention from establishing branches or representative offices in countries with strategic deficiencies.


Other new regulations affecting the industry includes GDPR (General Data Protection Regulation), which came into effect on 25th May 2018. GDPR brought significant challenges for the financial industry, as it governs personal data collection and processing, which is obliged to be collected and processed under anti-money laundering regulations. GDPR imposes restrictions on how data should be collected, when it should be collected, and how should be processed and used, therefore while GDPR aims to limit the use of personal data, the AML regulations aim to collect as much as necessary (applicable) information utilizing a risk-based approach. The two regulations may not be aligned in terms of collecting data, so entities have a huge challenge when it comes managing policies and processes both from a GDPR perspective and an AML perspective.

GDPR’s 6 key principles:

  • Process personal data lawfully, fairly and transparently
  • Collect it only for a specified, explicit and legitimate purpose
  • Actions must be adequate, relevant and limited to what is necessary in relation to the purpose for which the data is processed
  • Data must be accurate and, where necessary, kept up-to-date
  • Data must be kept in a form that permits identification of data subjects for no longer than is necessary
  • Privacy by design (appropriate security)

Violations of GDPR may result in huge fines of as much as €20 million, or 4% of global revenue (whichever is the higher).


With all these changes in regulations, the financial sector has no other option other than to invest in more sophisticated automated tools that address and implement the latest regulation updates, as part of applications’ onboarding and customer experience, with the aim of having fast onboarding, adequate ongoing monitoring, and efficient time to revenue. Of course, the technology alone will not work. It is also crucial to invest and engage with the right experts to ensure that the right solutions are in place, and keep pace with regulatory changes and applicable risks.

Elsewhere, the Competent Authorities, including FIUs, also have big challenges ahead of implementing new regulations and all the changes that will be introduced. In order to raise awareness of new obligation and reduce concerns and at fine frustrations within the financial sector it is important for the Competent Authorities to continue having open conversations with all stakeholders, to ensure efficient time for consultation periods and general awareness of the regulatory requirements, which has increased exponentially.

Article originally published on the autumn edition/2019 of the Compliance Matters Magazine, published by Kyte Consultants Ltd, 170, Pater House, Psaila Street, Birkirkara, BKR 9077, Malta.