By Iden Azzopardi, Chief Financial Officer
As Chief Financial Officer at VentureMax Group, I spend a fair bit of time thinking about risk. Not the high-stakes casino kind, but rather the type that keeps businesses running smoothly and reputations intact.
A recent KPMG report on the EU Anti-Money Laundering Regulation (AMLR) brings that sharply into focus, particularly for companies like ours, operating in Malta’s iGaming and tech sectors.
Malta’s grey listing by the Financial Action Task Force in 2021 served as a wake-up call. It prompted key reforms in the AML and Countering the Finance of Terrorism (CFT) frameworks. Only after making significant progress in addressing these deficiencies was the country removed from the grey list, in June 2022.
The resulting strengthened oversight and improved enforcement action are crucial in maintaining Malta’s status as a global finance and trade hub.
Internal Governance Is Now Front and Centre
The AMLR, effective since July 2024, places internal governance firmly in the spotlight. It’s no longer enough to have policies sitting in a binder. The board itself must take ownership of compliance.
The regulation introduces three major shifts:
- Board Accountability: The management body is now explicitly responsible for ensuring AML and CFT measures are properly implemented. It’s not just a job for the Money Laundering Reporting Officer (MLRO) anymore.
- Enhanced Compliance Roles: A designated Compliance Manager from the management board must ensure internal policies reflect the company’s actual risk exposure – and that they’re followed.
- Risk-Driven Policies: Every entity must conduct a business-wide risk assessment and have its policies formally approved by the board. This is not optional admin; it’s strategic governance.
Not Just a Form Check
In Malta, where iGaming contributes significantly to the economy, companies are already subject to regulation from the Malta Gaming Authority (MGA). But the AMLR adds sharper teeth and a paper trail that must pass muster under scrutiny.
Malta-based business MTSecureTrade Limited was fined €53,000 for anti-money laundering breaches, namely inadequate customer due diligence and transaction monitoring. As a direct consequence, the company is no longer trading. It’s a reminder that regulators are watching, and systems must go beyond the superficial.
In short, the AMLR isn’t reinventing the wheel but it’s putting much better brakes (and a few extra cameras) on the vehicle.
What Businesses Should Be Doing Now
Here’s what companies need to prioritise if they want to stay ahead of the curve and off the enforcement lists:
- Embed compliance at the top: The board must actively challenge and lead on AML and CFT, not just nod along in quarterly meetings.
- Appoint the right people: The Compliance Manager and MLRO roles need to have clear authority and the resources to do their jobs well.
- Keep risk assessments live: They need to be reviewed regularly and actually shape internal policy, not collect dust.
- Train your teams: Compliance awareness should be part of the company culture, rather than skimmed through once a year.
- Invest in the right tools: Effective technology for transaction monitoring and identity checks is essential.
A Practical Step Forward
Admittedly, anti-money laundering isn’t the most glamorous part of our sector. It gets a bad rap for adding perceived friction to the player onboarding process and carries an administrative burden.
But AML is a core part of running a responsible, future-facing business. The AMLR gives us a framework to do that better.
For those wanting to dig into the detail, the full KPMG report is worth a read: KPMG: How the AML Regulation Impacts Internal Governance
Let’s treat this as an opportunity – not just to comply, but to lead responsibly in a space where integrity matters more than ever.
