The deadlines for submission of the 2022 REQ are as follows:
13 April 2022
Virtual Financial Assets Agents
Virtual Financial Assets Service Providers
Real Estate Agents
Notaries
Gaming Operators
20 April 2022
Trustees and Fiduciaries
Company Service Providers
Accountants and Auditors
Tax Advisors
Advocates
27 April 2022
Credit institutions
Financial Institutions
Investments Service & Securities Markets
Insurance and Pensions
As from 1 March 2022, subject persons have been granted access to start completing the 2022 REQ in the Compliance and Supervision Platform for Assessing Risk (CASPAR) portal.
As opposed to last year, there will not be sector specific guidance documents available, as the FIAU will be providing guidance for each question throughout the questionnaire itself. Another evident development from last year’s situation, is that different questionnaires are being provided to company service providers in line with the newly authorised CSP classes issued by the MFSA following the revision of the CSP regime introduced in 2021. The creation of different REQs for each CSP class highlights FIAU’s efforts to tailor the questions in accordance with the customer portfolios of different CSPs and with the specific services being offered by each CSP in question.
Register on the CASPAR portal without further delay if this has not been done yet;
Update the ‘Subject Person Profile’ module which requires subject persons to provide information, such as on the subject person’s ownership and structure, on the group that the subject person makes part of (if applicable), details of shareholders, beneficial owners and directors of the subject person, information on the turnover and net asset values and information on the target markets; and
Start collecting and collating the necessary information to be able to complete the REQ in a timely manner.
Subject persons are also required to carry out a Business Risk Assessment (BRA) in line with Section 3.3 of the FIAU Implementing Procedures Part I. The BRA is a process whereby the subject person identifies the threats and vulnerabilities that it is exposed to and assesses the likelihood and impact of ML/FT risks. On the basis of this assessment, it will be able to determine which areas to prioritise in terms of AML/CFT and ensure that its AML/CFT measures, policies, controls and procedures are commensurate with the ML/FT risks it faces in order to mitigate them.
The obligation for subject persons to carry out and document their BRA has been drawing increased scrutiny from the regulator, so much so that the FIAU requires each subject person to provide a copy of the BRA on a yearly basis as part of the completion of the above-mentioned Subject Person Profile.
Over the next couple of months, it is crucial that subject persons dedicate time to the population of the REQ together with the update of respective BRAs. Particular care should be paid to ensuring correlation between the information provided in both submissions and the actual records maintained.
We set out three practical steps to guide subject persons through:
Start planning the allocation of tasks required and human resources to be employed to avoid bottlenecks and last-minute pressure. Collation of information is key, and this should be prioritised.
Year on year subject persons should aim to build on processes designed and implemented. However, care should be taken to always keep such processes aligned to recent regulatory changes to ensure that business risks are holistically assessed and evaluated.
Timely submission of REQ and BRA is key to avoid potential sanctions and hefty penalties.
Our Financial Crime Compliance team is equipped to assist you in ensuring timely updates to BRAs that meet regulatory requirements, as well as assisting you with quality reviews of REQs prepared.
If you would like more information, feel free to get in touch with us.