MACO is to become the recognised standard-setting body for the accreditation, certification and qualification of knowledge, skills and competences of Compliance Officers serving in the Maltese financial services sector. It will also act as a single professional industry voice on matters
related to compliance in Malta.

MACO Values are as follow:


Issue papers of interest from time to time such as for example on the Role of Compliance Officers in FinServ in Malta


Upkeep of online forum for members. Open platform for third party training activities.


Update circular to members. Training events (for members and non-members) in collaboration with sponsors.


Issue of position papers/reactions to proposed legislation/regulation. Social events.


MoU with MFSA and MITC. Networking with sister Organisations and Associations. Sponsorship

Membership of MACO will provide you with a wide range of tools and resources to help you achieve your professional goals.

Learn more
The mission of MACO is to create professional education and knowledge standards for Compliance Officers serving in the Maltese financial services sector, enrich the professional culture and enhance both Maltese and international relations and alliances.

MACO Mission Statement

Insight News

January 7, 2019

10 ways to instil a culture of compliance

This blog is brought to you by Duff & Phelps - a global advisor that protects, restores and maximizes value for clients in the areas of  valuation,   corporate finance ,  investigations ,  disputes ,  cyber security ,  compliance and regulatory  matters, as well as other governance-related issues.  Despite significant investment in compliance, we still see incidents where things go wrong. In many cases the root cause is the wrong culture and values. How do you drive the right culture across your organisation? How do you ensure everyone is accountable for compliance matters? Below we provide some tips to help support a successful compliance ‘change programme’.  1. Tone from the top The best way to change and create an environment where compliance is a core value is having authority figures that lead by example. Help your leaders be genuinely engaged and motivated by doing the right thing. Provide your senior managers with key messages so they are always talking about compliance successes/changes with their teams and giving those key messages as part of their wider updates. Timely internal actions from the top, whether it be reward or discipline, play a large part in influencing employee behaviour. Additionally, ensuring senior managers lead the way with completing their compliance training assists in setting the right tone and expectations. 2. Align your business strategy and objectives with your desired compliance culture A compliance culture change programme will be undermined if your firm’s business strategy and objectives do not orient towards compliance. Ensure you as the compliance representative have a seat at the table when strategic objectives are set or new products designed so that you can work collaboratively with the business to develop compliant solutions. If a senior manager is perceived to prioritise other performance measures over compliance measures, then this behaviour will be replicated across their team members. For example, if a highly profitable area receives an adverse audit report due to lack of compliance with regulations and yet this area receives further investment for expansion, this sets the tone that compliance is not a priority. 3. Integrate robust compliance outcomes into employee performance management This helps ensure everybody understands the importance of compliance and that they are individually accountable for ‘doing the right thing’. This will also drive discussion around what contributions each individual can make. Lead by example and share your SMART compliance objectives and metrics with the wider organisation. 4. Ensure you have the investment to be successful Often people will be asked to deliver change programmes as part of their daily activities with no additional investment for system solutions or resourcing. Take the time to build a robust business case demonstrating what investment you need to ensure that change happens smoothly and set yourself up for success. 5. Focus on a few critical messages and delivering engaging communications Employees are constantly bombarded with new campaigns, changes and development. To help ensure your compliance messages stick, keep them simple and focus on a few critical messages which people can understand and relate to their work. Make sure you keep the communications tied to the vision, purpose and expectations. Additionally, do not be afraid of repeating key messages in different formats as this will help ensure everybody has heard and digested these key takeaways. 6. Celebrate positives already in place in your organisation Before you start your change programme, take time to engage with the business and review what’s working, gaps and areas for improvement and examples of good practice aligned to the culture that you’re trying to create. Build on what is already in place in the organisation and reward and celebrate these positives. Most employees come to work to do a good job; there will already be great examples of where people have gone the extra mile to ensure a customer is supported, and protected the company through doing what is right. Not undermining what is already being delivered will ensure your employees are motivated and engaged with this change. Some firms will say ‘we have to do something because of the FCA/PRA’. This dilutes the sincerity of the message and can also encourage a tick box approach. Make sure the message is clear that the firm is accountable for delivering compliant outcomes and is committed to making the change as it’s the right thing to do. 7. Ensure there are formal as well as informal interventions Too many times, change programmes are a series of formal interventions, where employees are told what is expected of them. Make sure there is a blend of informal and formal interventions. Informal conversations establish a stronger connection and sense of trust between the compliance function and the employees. It can be tempting to hide yourself away in your office, but this will only reinforce the wrong culture. So be visible, engage with the business on a regular basis and get people talking about compliance. The more people are encouraged to talk about compliance, the more this will support the change and build trust to report when things go wrong. Build quarterly themes of compliance topics and share these through both formal and informal channels. Some organisations have found that compliance champions, when embedded into the first line, can act as positive enablers for the change. Compliance champions can also provide you with constructive feedback as to how your change initiatives are working across the wider teams and whether they are being understood and embraced. 8. Make it personal Training sessions are best when short, frequent and interactive. They should be engaging to an individual by showing how compliance affects their specific role. Where possible, utilise interactive ways of making compliance training more engaging; consider workshops, the use of actors, real scenarios, etc. to bring the topics to life. Use it as an opportunity to mix people from across teams so they can discuss the training topics and learn different approaches from outside of their normal ‘silo’ and spend time with different teams. Be open, and encourage your senior leadership team to share personal stories where a compliance matter has gone well or not so well. Having an emotional connection with your employees will help build trust and a stronger belief in the change. Run workshops to hear interesting and authentic stories from other people or to improve the current compliance control environment together as a team. Celebrate compliance successes through senior management updates, newsletters and intranet/wall boards – even consider having a compliance week each year. 9. Monitor and measure the change Hold yourself accountable for being honest as to how things are progressing and objectively measure success against your defined objectives and metrics. For example, are you seeing a decrease in customer complaints? Consider using your employee survey to determine how successfully culture is being embedded. Foster collaboration between the compliance and the HR functions, since compliance is ultimately about employee behaviours.  10. Changing culture is tough but worth the effort As you progress on your change journey, there will inevitably be bumps along the road – but don’t get disheartened: changing culture is a challenge and can take at least 12–18 months. It will take time to see results and making change stick is even harder. Engage with senior management and the business, and keep listening to what people are saying. Learn and adapt when things don’t work and ensure your leadership team are always leading by example. By sticking with your vision and making adjustments to the approach where needed, your business will benefit from being able to be agile and remain compliant. Good luck. - Gain our internationally recognised, industry-standard qualification, the  ICA International Diploma in Governance, Risk and Compliance , and approach your compliance role with confidence.   This article forms part of the   #BigCompConvo   - Join us as we explore and debate the latest challenges and issues facing you and regulatory and financial crime compliance professionals all over the world. If you’d like to contribute an article as part of the   Big Compliance Conversation   get in touch with us at
December 17, 2018

Top 5 fines of 2018: Lessons Learned from Enforcement Action

In keeping with  tra d i tion , I’m  taking a look  at some of the big enforcement actions by regulator s  over   the past year.   As Father Christmas prepares his list of who has been naughty or nice, I thought it would be interesting to take look at enforcement action in 2018 from around the world and consider some New Year’s resolutions that compliance professionals may want to make in 2019.     5) Commonwealth Bank of Australia    The largest fine  ever  issued by Australian Transaction Reports and Analysis Center (AUSTRAC)  was  agreed with  the Commonwealth Bank of Australia for AUD$700 million.    In the agreement,  Commonwealth Bank of Australia  a dmitted  to breaching the Anti-Money Laundering and Counter-Terrorism  Financing Act 2006 on 53,750  occasions .    The investigation centered  on  the bank’s Intelligence Deposit Machines (IDMs), which are a type of ATM allowing customers to deposit cash and cheques directly into their accounts. IDMs were identified as being used to launder the proceeds of crime, including several millions of dollars by criminal syndicates[ PDF ].   The Commonwealth Bank of Australia’s controls were weak and didn’t appropriately identify , mitigate or manage  the  money laundering and terrorist financing risks . In addition, a  software error  with the IDMs led to the failure to repor t  threshold transaction reports .    New Year’s Resolution:   C arry out a full risk assessment of all new products and services, ensure  assessments are kept  up to date and  that controls are in place that   appropriately manage  the risk.       4) INGBank NV   ING were fined  €775,000,000  by the Netherlands ’  Public Prosecution Services for violations of the Anti-Money Laundering and Counter Terrorism Financing Act.    The bank was accused of culpable money laundering, as during the period between 201 0  and 2016 they failed to prevent bank accounts  from  being used to launder ‘hundreds of millions of  euros’ .  ING  reportedly took insufficient action to identify that cash flows through bank accounts may have originated as a result of crime. The investigation into ING came after the subjects of  a number of  criminal investigations were found to have held accounts at ING, leading to concerns around the adequacy of the bank’s controls.    The notice from the Dutch prosecutor detailed four cases  where  criminals were able to use ING accounts,  including alleged bribes paid by  VimpelCom to Uzbek officials   and an underwear trade r   who laundered approximately   € 150,000,000  using ING accounts. These cases, and other s  which  were   n o t  detailed in the notice, highlighted that ING failed to identify suspicious activity and have adequate controls in place.    New Year’s Resolution:  Always consider how criminals can misuse your firm.  Anti  m oney   l aundering is not theory or a checklist to be complied with  –  ultimately, it’s about ensuring that criminals are not able to benefit from their criminally derived assets.      3) Canara Bank  The  UK regulator, the Financial Conduct Authority ( FCA ) ,  fined  Canara Bank  £896,100 .   W hilst  one of the smallest fines on our list , the Final Notice [ PDF ] does provide fascinating insight into what can go wrong at a firm when the senior leaders do not place fighting financial crime as a priority.     In addition  to the fine , a restriction was imposed on Canara Bank which prevented them from accepting deposits from new customers for a period of 147 days.    The FCA detailed that Canara Bank had systematic failings across almost all levels of its business in its ability to manage the risk of money laundering and financial crime. Notably, the senior management failed to  understand both  AML risks and regulatory requirements, allowing a culture of min imal or  non-compliance to persist.    The UK regulator had previously raised concerns over Canara Bank’s systems and controls, highlighting the importance of ensuring that warnings are heeded, and any action plans are adequately implemented.    Perhaps the New Year’s resolution for this one should be to  read the full final notice , however if we had to narrow it down to one…   New Year’s Resolution:   Ensure that senior managers fully understand their regulatory responsibilities regarding financial crime and embed a culture of compliance.      2) Tesco Personal Finance    The FCA’s largest fine of the year was imposed on Tesco Personal Finance PLC at  £16,400,000  for failures relating to a cyberattack that occurred in November 2016 in which its personal current account holders were left vulnerable.    The attack didn’t result in the loss or theft of any customer data, but involved attackers generating authentic  b ank debit cards numbers, most likely using an algorithm. Those ‘virtual cards’ were then used to carry out  unauthorised  transactions, ultimately netting the attackers £2.26 million.    The FCA found that the  cyber   attackers  exploited deficiencies at Tesco Bank in an attack lasting over 48 hours, which was deemed to be largely avoidable.     New Year’s Resolution:   Ensure that systems are in place to reduce the risk of cyberattacks occurring, and  in the event that  one does occur,  ensure  you have a response plan to protect customers as quickly as possible.      1) Société Générale S.A. In the second largest fine ever imposed for violations of US economic sanctions, Société Générale S.A. were fined  $1.3 billion  as part of a global settlement, including a deferred prosecution agreement, with a number of US authorities.    $53,966,916.05 of the fine was issued by  The US Department of the Treasury’s Office of Foreign Assets Control (OFAC)  for processing US dollar transactions that violated OFAC sanctions on Cuba, Sudan and Iran. [ PDF ].    The period spanned 5 years up to 2012, w ith  Société Générale wilfully violat ing  US sanctions law and conceal ing  those violations.    The conduct in question involved Société Générale processing transaction s  for individuals and entities subject to OFAC sanctions, removing references to the sanctioned parties in the information sent to US financial institutions involved in the transaction.    New Year’s Resolution:   In the  words  of US Attorney Geoffrey S. Berman:  ‘ Other banks should take heed: Enforcement of U.S. sanctions laws is, and will continue to be, a top priority of this Office and our partner agencies.’     What does this mean for 2019? Enforcement action is set to continue, with  scrutiny on Danske Bank  following a money laundering scandal involving its Estonian Branch and HSBC’s  2018 interim results  detailing $632 million which has been set aside for settlements arising from various investigations regarding tax evasion and money laundering, which could rise to $1.5   billion.    Although we have concentrated o n  enforcement action against firms, it’s also important to remember that individuals are targeted too. The FCA recently fined the former CEO of Sonali Bank (UK) Limited  £76,400  for his part in the  bank’s AML failings .    To me, this enforcement action highlights that understanding the financial crime threat your firm faces, and your own responsibilities, remains critically important.
December 13, 2018

Navigating the bribery risk this Christmas

Navigating the bribery risk this Christmas Christmas – the season of gifts and giving. Nobody needs reminding that we already hurtling our way full speed towards the Big Day, but for businesses it is the time of year when a useful reminder on the dangers of bribery is required. How does one navigate bribery risk? The answer can be found in the criteria outlined by the UK government in its guidelines accompanying the Bribery Act 2010. Six ‘principles’ are outlined in the guidance intended to help businesses and individuals show that they have the ‘adequate procedures’ in place to prevent bribery from occurring – something particularly helpful to return and consult at a busy time of year for gift giving. Number one on its list is proportionality – in other words, the size of the risk you face, as well as the size of your business, should be considered before any action is taken. The second is top level commitment : those at the summit of an organisation are responsible for establishing and maintaining an anti-bribery culture across the company. That the management level is understood to be hostile to bribery is a powerful message to broadcast to members of staff. Risk assessment is third. An assessment of the kind of bribery risks that confront you will give you a sensible idea of how to mitigate that risk. Fourth on the list of principles is due diligence – knowing who you are doing business with is perhaps the most politic measure you can take to reduce your bribery risk. At five is communication . Talking with members of staff and spreading the anti-bribery message will help ensure that it is at the forefront of staff-member’s minds at a hectic time of year for gift giving. Finally, monitoring and review . As your organisation changes and develops so must your bribery risk assessment. Looking at where you can tweak your risk assessment to ensure you are satisfied with it keeps the bribery risk as low as possible. These criteria may not settle your nerves on the approach to the Christmas period, so simply remember that the government will consider: the level of hospitality offered the way in which it was provided, and the level of influence the person receiving it has on the business decision in question. As ever, the three crucial points to remember for giving gifts are ‘intention’, ‘timing’ and ‘value’. The intention is based upon your motivation for giving a gift.    Timing looks at whether the gift is given, say, during a tender process. If so, then the timing is significant. Finally, is the value of the gift proportionate? Are you giving somebody a bottle of wine from a supermarket, or one of the world’s rarest and most expensive bottles? These may seem self-explanatory but the recent conclusion of the Serious Fraud Office’s first Deferred Prosecution Agreement (DPA) with Standard Bank at the end of last month demonstrates that anti-bribery is still a government priority even during the Brexit process. In the UK, the Bribery Act specifies that bribery will have occurred if a gift is given with the intention of influencing behaviour, either by encouraging an individual to perform an activity or as a reward for having done so, or in the words of the Act, when the ‘financial or other advantage’ to the person is to: (i) induce a person to perform improperly a relevant function or activity, or (ii) to reward a person for the improper performance of a such a function or activity 1.2.b.i.ii. It should always be borne in mind that gift giving itself is not prohibited, at this or any other time of year. If you are still concerned, look at what the government states in its official guidance : The Government does not intend that genuine hospitality or similar business expenditure that is reasonable and proportionate be caught by the Act Distinguishing between genuine hospitality and gift giving and bribery will be decided by the government based on the outlines provided above. To conclude and to keep things clear in your own mind, remember the following questions to ask yourself before giving or or receiving gifts and hospitality this Christmas. What is the timing around the giving or receiving of the gift? Do you reasonably think it could be seen to be being given to influence a timely decision? Consult the policy of your organisation or talk to the compliance department and see what the guidance is on giving and receiving gifts. Ask yourself whether the gift is really an appropriate one to give or receive, and how others might view it. If all the risks are considered, and you follow the appropriate guidelines, then gift giving should leave you with just the one, common headache we all face at Christmas time: gifts for friends or family.

MACO Sponsorship Partners