In terms of ongoing obligations, there are new risk management rules to implement. These extend beyond the traditional focus on money laundering and combating terrorist financing risk and require CSPs to conduct appropriate risk assessments, maintain adequate risk management policies, have a risk officer (who must be independent unless certain conditions are met) and keep a risk register in relation to their clients.
Furthermore, in terms of the amendment act, the MFSA is now empowered to revoke any authorisation it has issued where a CSP is found liable by the Financial Intelligence Analysis Unit (FIAU) for a serious, repeated or systematic breach of the prevention of money laundering act and, or any regulations issued thereunder.
Auditors of CSPs are now to immediately advise the MFSA of any matter they become aware of in that capacity which would, among other things, lead to a serious qualification or refusal of the auditor’s report on that CSP’s accounts or which constitutes a material breach of legal or regulatory requirements.
The maximum administrative penalty which the MFSA may impose for any breach or failure to comply with any measures imposed by it has doubled from €25,000 to €50,000.