How Malta's AML/CFT Enforcement Framework Is Changing

While the changes may initially appear procedural in nature, they signal a broader shift in regulatory expectations. The FIAU’s approach is increasingly focused not only on identifying breaches, but also on promoting timely remediation, strengthening governance, and ensuring that compliance frameworks remain effective in practice. 

For Subject Persons, the message is clear: regulatory scrutiny now extends beyond historical shortcoming and places greater emphasis on how organisations respond when deficiencies are identified. 

A More Structured and Transparent Enforcement Process

One of the key developments introduced by the new framework is the formalisation of the enforcement process.

The introduction of the Enforcement Notice Letter (ENL) provides Subject Persons with greater clarity regarding the commencement of enforcement proceedings and the steps that follows. This enhanced transparency reinforces procedural fairness and provides firms with earlier visibility into the enforcement process.

By establishing clearer communication channels between the regulator and the Subject Persons, the revised framework enables organisations to engage more effectively with regulatory authorities and take informed decisions at an earlier stage.

Remediation Takes Centre Stage

Another significant feature of the new framework is its increased focus on remediation.

Historically, enforcement measures primarily addressed past compliance failures. The 2026 amendments introduce mechanisms that place greater emphasis on addressing ongoing deficiencies and reducing current AML/CFT risks. 

The introduction of periodic penalty payments reflects this shift. Unlike traditional administrative penalties, these measures are designed to encourage organisations to take corrective action promptly where material deficiencies continue to exist. 

This approach demonstrates the FIAU’s broader objective of driving sustainable compliance rather than solely imposing sanctions. Organisations that proactively address weaknesses, cooperate with regulatory authorities and demonstrate a genuine commitment to remediation are likely to be positioned when regulatory concerns arise.

The practical implication for firms is clear: compliance should not be viewed as a static exercise. Effective governance requires continuous monitoring, timely corrective action and a culture that prioritises ongoing improvement.

Increased Accountability for Senior Management

The amendments also reinforce the importance of accountability at leadership level. 

While AML/CFT obligations continue to apply to the organisation as a whole, regulatory expectations increasingly focus on the actions of those responsible for oversight and decision-making. Senior Managing Officials (SMOs), Board members, and key function holders are expected to ensure that identified deficiencies are addressed appropriately and without unnecessary delay. 

The framework highlights the critical role of governance structures in managing compliance risk. Where concerns are escalated internally, leadership is expected to take ownership of the necessary remedial actions and demonstrate effective oversight throughout the process.

As a result, AML/CFT compliance can no longer be viewed solely as the responsibility of compliance teams or Money Laundering Reporting Officers (MLROs). It is increasingly becoming a boardroom issue, requiring active engagement from senior management and governance bodies. 

Proportionality and Resolution

The revised framework also seeks to promote consistency and proportionality in enforcement outcomes. 

When determining administrative measures, the FIAU continues to consider a range of factors, including the nature and seriousness of the breach, the organisation’s level of cooperation, remediation efforts, and the overall circumstances of the case.

The framework also retains the possibility of settlement agreements in appropriate circumstance. These arrangements provide a possibility for resolution while maintaining a strong emphasis on remediation and accountability.

importantly, the availability of such mechanisms should not be viewed as a reduction in regulatory expectations. Rather, they reflect the FIAU’s commitment to achieving sustainable compliance outcomes while encouraging constructive engagement between regulators and Subject Persons.

Looking Ahead

Legal Notices 82 and 83 of 2026 reinforce an increasingly important principle within Malta’s AML/CFT framework: AML/CFT compliance is no longer assessed solely on whether policies and procedures exist, but on how effectively organisations respond when weaknesses are identified.

For boards, senior management and compliance professionals, now is the time to ask some critical questions. Are governance structures fit for purpose? Can compliance deficiencies be identified and escalated effectively? Is there a clear remediation framework in place should regulatory concerns arise?

Organisations that wait until an enforcement process begins may find themselves operating from a position of reaction rather than control. Those that act now will be better positioned to demonstrate accountability, reduce regulatory risks and build a stronger compliance culture.

At Grant Thornton Malta, we work closely with Subject Persons to assess existing AML/CFT frameworks, identify areas of vulnerability and implement practical remediation strategies that align with evolving regulatory expectations. In an environment where proactive remediation is increasingly becoming a regulatory expectation, early action can make a significant difference.