MACO is to become the recognised standard-setting body for the accreditation, certification and qualification of knowledge, skills and competences of Compliance Officers serving in the Maltese financial services sector. It will also act as a single professional industry voice on matters
related to compliance in Malta.

MACO Values are as follow:


Issue papers of interest from time to time such as for example on the Role of Compliance Officers in FinServ in Malta


Upkeep of online forum for members. Open platform for third party training activities.


Update circular to members. Training events (for members and non-members) in collaboration with sponsors.


Issue of position papers/reactions to proposed legislation/regulation. Social events.


MoU with MFSA and MITC. Networking with sister Organisations and Associations. Sponsorship

Membership of MACO will provide you with a wide range of tools and resources to help you achieve your professional goals.

Learn more
The mission of MACO is to create professional education and knowledge standards for Compliance Officers serving in the Maltese financial services sector, enrich the professional culture and enhance both Maltese and international relations and alliances.

MACO Mission Statement

Insight News

March 13, 2019

Understanding complex company structures – solving the puzzle

Verifying the identity of a customer can be as gloriously simple as meeting a customer face-to-face and taking a copy of their original passport and a utility bill. On the other side of the client due diligence (CDD) spectrum is trying to unravel a complex corporate structure and understanding the identity of the ultimate beneficial owner. The 2016 Panama Papers revelations highlighted issues that anti money laundering (AML) professionals were acutely aware of: complex structures based in offshore tax havens exist and they are often set up in ways which seek to make the identity of the beneficial owner hard to establish. With this in mind, I want to explore some of the challenges that AML professionals in financial institutions face.   Who are beneficial owners? Fundamental to carrying out CDD on any legal arrangement is understanding the ultimate beneficial owner. The Financial Action Task Force (FATF)  defines  a beneficial owner as: The natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes persons who  exercise ultimate effective control over a legal person or arrangement . FATF elaborates further: Reference to “ultimately owns or controls” and “ultimate effective control” refer to situations in which  ownership/control is exercised through a chain of ownership  or by means of control other than direct control.   Identifying the beneficial owner Imagine that you are in a role that requires you to carry out CDD and know your customer (KYC) requirements. The relationship manager has provided you with the file of a potential new client, and stressed how lucrative this account will be to the business. Your initial assumption is that the account shouldn’t be too complex as it’s a UK company. A search on the Companies House website states that the shareholders are a nominee company and a company incorporated in Luxembourg.   Has the beneficial owner been identified? No, because you still do not have an understanding of who the natural person is behind this structure. As you review the file further, you see a copy of the nominee agreement, showing the ABC Nominees Limited holds the shares on behalf of JKL Foundation, based in Lichtenstein. You also can also see the ownership structure of DEF Investments SARL, and you have established the first natural person in the ownership structure, Mr A.   The complete picture? By building on the information you have obtained, you have added to the structure chart. The relationship manager has obtained identification documents for Mr A and is happy that this now completes the file as he has been assured that ABC Investments is Mr A’s company. Is this enough? Not yet, because you haven’t established that Mr A ultimately owns or controls over 25% of the shares of ABC Investments 2016 Limited or who owns and controls JKL Foundation. And there are other aspects of the CDD process still to explore, such as the rationale for the complex structure, the nature of the businesses and the source of wealth and funds.   Complex structures This scenario attempts to illustrate on a small scale how complex company structures can be. In reality there could be many further layers. Setting up a complex corporate structures is not illegal, and most aren’t set up with ill intent. However, it is key to recognise that their very nature can leave them open to misuse for illicit purposes. When complex structures start mixing with jurisdictions that require less transparency or with tax havens, the water starts to become very murky indeed. Invariably it is the responsibility of AML professionals to attempt to unravel these structures.    How can ICT help? We provide practical training and qualifications in AML, KYC and CDD and financial crime prevention, from introductory certificates to diplomas and post graduate diplomas. The  ICA Certificate in KYC and CDD  provides a foundation knowledge of core know your customer (KYC) and customer due diligence (CDD) concepts, an introduction to CDD frameworks and an overview of the key components of working in the KYC environment. The ICA   Advanced Certificate in Practical CDD  explores all aspects of the CDD process, looking at complex structures in detail, assisting students to understanding who the customer is, how to identify and manage customer risk to even creating a KYC file.  We can also deliver bespoke training  in-house  to firms, allowing you to maximise your budget, minimise disruption and tailor the content to your specific needs.
March 4, 2019

How many languages does a financial crime professional need to speak?

It seems not a day goes by at the moment without some mention of Bitcoin, cybercrime, political machinations, Brexit, global instability or the drivers of radicalisation, amongst other things. On top of this, there are even TV dramas about most of these subjects.  What do these developments mean for the financial crime professional? Not all of us would consider ourselves experts when it comes to IT, the Internet, global economics or politics. However financial crime professionals are experts in financial crime risk management. So when it comes to the topics of virtual currencies, cybercrime and Trumponomics to name just a few, this presents an interesting dilemma: to what extent should we be conversant in these areas in order to fully understand the financial crime risks associated with them?     Do I need to learn a new language? Consider this. How easy is it to ask for directions when you’re travelling in a country in which you don’t speak the native tongue? Can you make yourself perfectly understood? How can you be sure you’ve understood the person giving you directions accurately? If you want to get to your destination without getting very lost along the way, mutual understanding is important. Now picture yourself assessing the financial crime risks of virtual currencies. You need to understand the features and vulnerabilities of the product so you try and discuss this with your 15-year-old nephew who loves online gaming. You can’t speak his language and he can’t speak yours. Does this help you get to the right outcome? Starting to think you may need to learn a new language in your financial crime role? Here’s some advice…  Work out which languages you need to speak Think about the nature of your professional role, your personal interests and current levels of awareness. You may need to identify which common topics are worth investing a little time in simply seeking knowledge and understanding of the topic. For example, if you work in, oversee or are responsible for sanctions compliance a better understanding of changing global political situations may serve you well in forecasting how your firm’s sanctions risk landscape may evolve. If you are tasked with finding a way to monitor for potential terrorist activity, understanding the drivers of and behavioural traits underlying those at risk of radicalisation may help you design controls to spot this. Connect with a native speaker What better way to learn than to seek out someone who already speaks the language of the topic you’re interested in. Find a blog, social media feed or a friend or colleague and engage. A little understanding can go a long way in building capability to identify and therefore better manage financial crime risks. Practice, practice, practice! With such a range of issues facing financial crime practitioners every day, it can be easy to stick with what you know. Challenge yourself to move outside of your comfort zone and practice your new language. Reflect on what impact this may have on your ability to manage financial crime risk within your professional sphere of control. Continuous improvement In today’s global environment, we all have access to information like never before. That includes those that wish to carry out criminal endeavours. Risks continually evolve in response to new technologies, new political landscapes, new behaviours. If, as financial crime practitioners, we wish our efforts to continue to be effective we must look ahead, keep pace with change, understand its impacts and evolve our own responses.   Further reading:  Skills and Attributes of a Compliance Officer Which ICA qualification right for me? 10 year challenge: Middle East and North America     This article forms part of the   #BigCompConvo   - Join us as we explore and debate the latest challenges and issues facing you and regulatory and financial crime compliance professionals all over the world. If you’d like to contribute an article as part of the   Big Compliance Conversation   get in touch with us at
February 19, 2019

10 year challenge – Middle East and North Africa

Ten years ago, the Middle East was a different place to the one that we see today. You only have to look at a picture of the Dubai skyline in 2008 and compare it to the current one to appreciate the aesthetic changes that have taken place. But it has not only changed aesthetically: the regulatory progress in the region’s financial sector has been equally discernable. Within the last ten years, the global financial market has seen a huge increase in the number of regulations introduced, the objectives of which were to encourage more transparency and to give accountability to financial institutions. The downside to this growth in regulation is that it has led to more excessive compliance budgets, more fines and more scrutiny. The Middle East and North Africa (MENA) region has experienced more than its fair share of regulatory progress during the last decade, particularly in the development of anti money laundering (AML) programmes. The majority of the financial institutions operating in the region have implemented AML and counter financing of terrorism (CFT) solutions, making it much more difficult for criminals and terrorist organisations to move their money around. Compliance spending has also continued to increase in the region (even when it started to slow down in other parts of the world) yet, despite this ongoing investment, the MENA region still suffers from a global reputation suggesting it is an unfavourable place to do business. So, has the region really made any progress afterall? One could argue that the region’s reputation is getting worse rather than better. If we look at Transparency International’s Corruption Perceptions Index from 2008 , the highest positioned country from the MENA region is Qatar ranked at 28 (from a total of 180). In 2018 , the highest ranked country from the region is the UAE at 23, which is a welcome improvement (see the table below). But the wider picture shows that most countries in the region have a worse ranking in 2018 than in 2008 (highlighted in red), which, given the investment in regulation, suggests a disappointing backwards step.      Part of the problem may simply be down to the geographical location of the region in relation to the ‘home’ of many of the world’s terrorist groups. The perception, perhaps, is that there must be an association of some sort with these organisations by virtue of their proximity, and that this is unlikely to change any time soon.   Another reason could be that the enforcement of AML and CFT programmes are not robust enough. It’s one thing to have the rules in place but it’s quite another to have suitably experienced personnel in place to enforce it. Let’s take a closer look at two of the countries on this list – one who has made the biggest improvement over the last 10 years, Saudi Arabia, which has climbed 22 places, and the other that has experienced the biggest decline, Bahrain, which has dropped 56 places – and try to identify some of the causes of their respective changes. Saudi Arabia In 2010, the Financial Action Task Force (FATF) issued a Mutual Evaluation Report (MER) on Saudi Arabia. The report stated that:  [As regarding] supervision and regulation of financial institutions for AML/CFT purposes, supervisory powers are defined in the AMLS. Supervisory authorities (SAMA and the Capital Market Authority, CMA) have adequate powers to conduct inspections of financial institutions, including onsite inspections. In addition, supervisory authorities have the power to impose limited sanctions against financial institutions. However, some supervisory authorities lack adequate staffing, training, and experience in this field. Concerns exist regarding the adequacy of the supervisory role played in general and in the AML/CFT arena in particular.   Fast-forward to its 2018 MER , which confirms that the Saudi AML/CFT framework has undergone ‘ fundamental changes since 2010’ . The report went on to say that the country ‘has brought its legal system into line with the up-to-date FATF Recommendations, and has successfully addressed almost all of the deficiencies which were present previously’. In terms of effectiveness, Saudi Arabia achieves substantial results on risk understanding and mitigation, on combating terrorist financing and on supervision. These points demonstrate significant strides being made by Saudi Arabia to improve its regulatory effectiveness; however, the link they have with terrorism remains problematic. The 2018 report states:   Saudi Arabia faces a high and diverse risk of terrorism financing, linked to terrorism committed both within Saudi Arabia, and to countries experiencing conflicts within the region. The risk of terrorism and terrorist financing within Saudi Arabia is linked to the presence of cells of Al Qaeda, ISIS, affiliates, and other groups. Bahrain The 2006 MER of the Kingdom of Bahrain confirms that money laundering is a criminal offence under Decree Law 4/2001, extending to any type of property and applying to persons who commit the predicate offence. The financing of terrorism was not an offence at that time. The country was in the process of drafting a law amending the provisions of DL 4/2001 that, if passed, would create that offence. However, under the amendment, the terrorist financing offence would not be fully compliant with international standards as it does not criminalise providing funds to a terrorist or terrorist organisation and only criminalises terrorist financing when the terrorist act, for which funds were provided, actually takes place. If we then move onto 2018, the MER confirms that Bahrain’s terrorism offences include an exemption that is inconsistent with the Terrorist Financing Convention, a United Nations treaty designed to criminalise acts of terrorist financing. This also limits the scope of the terrorist financing predicate offence for money laundering. In terms of any risk assessment procedures, Bahrain has not fully implemented a risk-based approach to allocating resources and implementing mitigating measures. For example, there are no specific provisions requiring designated non-financial business or professions (DNFBPs) to document their risk assessment or to consider all relevant risk factors while determining the overall level of risk and apply mitigating measures. There are also no requirements for financial institutions to ensure that higher risks identified by Bahrain are incorporated in risk assessments. There are many other issues identified in Bahrain’s most recent MER, which, when added together, demonstrate very little progress being made in terms of regulatory advancement. Whilst other jurisdictions across the globe have acted upon and embraced many of the regulatory changes introduced, the MENA region, in general, have not kept up, and for Bahrain, this is reflected in the slide down the CPI table. The Bahraini authorities are determined to tackle this issue, and I am very proud to say that the International Compliance Association is playing an active role in supporting this by facilitating a number of events and training programmes on core regulatory issues in Bahrain itself. Our hope is that, in the near future, this hugely important and influential financial region can reach a point where it is able to play its part in actively denying organised criminals and terrorist groups an outlet for their illegal activity.

MACO Sponsorship Partners