MFSA issues guidance to banks on terrorism financing and sanctions risks

The Malta Financial Services Authority (MFSA) has published a Dear CEO Letter outlining the findings of a thematic review into how credit institutions manage risks related to terrorist financing, proliferation financing and the evasion of targeted financial sanctions.

The review examined the frameworks and controls adopted by banks to identify, assess and mitigate these risks, which the regulator described as significant and constantly evolving threats to the integrity of the financial system.

In its letter, the MFSA highlighted a number of supervisory observations, examples of good industry practice and areas where further improvements are expected. The exercise builds on a similar review carried out in 2025 among financial institutions and crypto-asset service providers.

The authority noted that recent reports by the Financial Action Task Force (FATF) point to increasing links between traditional financing methods and emerging digital technologies, as well as growing sophistication among those seeking to evade sanctions and proliferation financing controls.

Against this backdrop, the MFSA said credit institutions must maintain robust and adaptable systems capable of effectively addressing terrorist financing, proliferation financing and sanctions-evasion risks.

Among its key observations, the regulator found that banks generally demonstrated strong alignment with Malta’s National Risk Assessment. It said institutions should continue incorporating both national and supranational risk assessments into their business-wide and jurisdictional risk frameworks.

The authority also stressed the importance of giving terrorist financing, proliferation financing and sanctions-evasion risks distinct consideration within internal risk-management systems, while continuing to apply proportionate and risk-based measures to prevent breaches or circumvention of restrictive measures.

The use of artificial intelligence was another area highlighted in the review. The MFSA said institutions deploying or considering AI solutions should have a clear understanding of how such systems operate, including their limitations, and should maintain comprehensive audit trails of alerts and decisions.

The regulator also underscored the need for ongoing, role-specific training programmes, particularly for employees working in higher-risk areas.

The MFSA encouraged credit institutions to review the findings alongside existing guidance issued by both the authority and the Financial Intelligence Analysis Unit (FIAU), with a view to strengthening their compliance frameworks and maintaining alignment with regulatory expectations.

The authority said insights gathered during the exercise may help shape its future supervisory approach to financial crime compliance.