AI-driven fraud and geopolitical risks among key challenges for MFSA due diligence

The Due Diligence function within the Malta Financial Services Authority has evolved significantly since its establishment in 2020, expanding from a centralised screening unit into a multi-layered function that supports supervision across the entire regulatory lifecycle.

In an interview with BusinessNow.mt, Suzanne Busuttil Naudi explains that the function was initially set up to centralise due diligence processes across supervisory teams, with a primary focus on assessing the integrity and reputational standing of individuals seeking key roles within licensed financial services entities.

Six years on, the function now encompasses specialised teams responsible for onboarding and ongoing due diligence processes, intelligence gathering and cooperation with local and international counterparts, as well as the analysis of complex corporate structures depending on the nature of applications.

She noted that while integrity and reputational checks remain central, these are assessed within a broader Fitness and Properness framework. This includes additional criteria such as competence, conflicts of interest, independence of mind, and time commitment, all evaluated through a holistic and risk-based approach.

Due diligence embedded across the regulatory lifecycle

From the Authority’s perspective, due diligence is not confined to the licensing stage but forms part of a continuous supervisory process.

Ms Busuttil Naudi described the regulatory lifecycle as spanning multiple phases, beginning from the intention stage and authorisation process, through post-authorisation supervision, and ultimately to the surrender of a licence. At each stage, different checks are carried out depending on the specific risks and requirements involved.

“The Authority does not rely on licensing as a final checkpoint,” she said, emphasising that supervision is designed as a multi-layered, continuous system aimed at ensuring firms remain compliant, well-governed, and resilient over time.

She added that this reflects the reality that elements within the Fitness and Properness framework are dynamic and cannot be assessed once or in isolation.

Cross-functional coordination and information sharing

The Due Diligence function operates in close coordination with other internal units, including Authorisation, AML/CFT supervision, prudential supervision, and enforcement teams.

According to Ms Busuttil Naudi, strengthened internal coordination has enabled deeper collaboration between these functions, with each sharing findings arising from different types of assessments. This fosters a more robust and efficient supervisory framework.

She explains that due diligence is relevant across multiple phases of the regulatory lifecycle, making the consideration of new information or developments identified by any function a key part of the process. Follow-up actions may be investigative or supervisory in nature, depending on the findings.

This cross-sectoral communication also enables parallel or separate assessments carried out on key individuals, beneficial owners, and ownership structures to be more consistent, risk-based, and aligned with regulatory requirements.

Use of intelligence tools and international networks

To support its work, the Due Diligence function relies on a combination of internal methodologies, specialised intelligence tools, and external sources.

Ms Busuttil Naudi says the function has developed a tailored methodology based on risk-based screening through industry-leading tools. These are complemented by declarations and submissions received from applicants, documentary reviews, and supervisory knowledge.

The team is trained to conduct open-source intelligence searches as well as other forms of targeted screening using specialised tools. In addition, the Authority leverages local and international networks to make enquiries where necessary.

This multi-source approach allows the function to assess information from various angles, ensuring that conclusions are based on accurate, reliable, and comprehensive data.

AI and geopolitical exposure shaping emerging risks

Among the most pressing challenges facing the Due Diligence function are risks linked to emerging technologies, particularly artificial intelligence.

Ms Busuttil Naudi highlighted that AI is increasingly being used to facilitate fraudulent activity, adding a new layer of complexity to due diligence assessments. This requires the Authority to continuously adapt its tools and methodologies to detect and mitigate such risks effectively.

At the same time, Malta’s position as an open financial services jurisdiction exposes it to external pressures, including geopolitical developments and reputational risks arising from markets with which it has connections.

She noted that the Authority faces challenges similar to those encountered by the industry, making it essential to remain aligned with evolving economic and regulatory landscapes in order to identify and anticipate risks at an early stage.

To address these challenges, the MFSA is investing in advanced technologies while prioritising continuous training and development within its teams. These measures are aimed at strengthening the Authority’s ability to respond to both emerging and evolving risks.

However, she acknowledged that balancing thorough due diligence with the need for timely assessments remains a key challenge, requiring a structured approach that combines both proactive and reactive measures.

Strengthening market integrity and investor protection

Ms Busuttil Naudi emphasised that the Due Diligence function plays a central role in safeguarding the financial services sector.

By assessing individuals entering the market and screening for potential risks, the function acts as a line of defence against misconduct, including filtering out individuals with criminal behaviour or integrity issues. 

This contributes not only to investor and consumer protection but also to the broader objective of safeguarding Malta’s reputation as a financial services jurisdiction.

She added that due diligence checks help reinforce the existing regulatory framework, ensuring that key players in the market act honestly and in the best interests of clients.

Overall, the function’s role has expanded beyond initial screening to become an integral part of the Authority’s continuous supervision model, supporting both risk management and long-term sector resilience.