FIAU Malta Annual Report 2025: 10,712 STRs, €1.34M in Penalties, and 7 Data-Backed Takeaways for AML Compliance Leaders
Quick Answer
Malta’s Financial Intelligence Analysis Unit (FIAU) received 10,712 Suspicious Transaction Reports (STRs) in 2025, a 13% increase on 2024. The Unit carried out 150 supervisory interventions, issued €1,340,242 in administrative penalties for compliance breaches, and recorded 19 additional penalties under the Use of Cash (Restriction) Regulations. For the first time, Virtual Financial Asset (VFA) service providers overtook remote gaming operators as Malta’s top reporting sector, driven by the EU’s Markets in Crypto-Assets Regulation (MiCA).
For AML compliance leaders — whether operating in Malta or benchmarking against an EU FIU — these figures offer a rare, granular view into how a mature European Financial Intelligence Unit is evolving its supervision model ahead of the EU’s Anti-Money Laundering Authority (AMLA) becoming fully operational.
Why the FIAU Annual Report 2025 Matters Beyond Malta
Malta occupies an outsized position in EU AML/CFT policy discussions because of its role as an EU crypto-asset and remote gaming hub. The FIAU’s 2025 data is therefore a useful proxy for how MiCA, the forthcoming EU Single AML/CFT Rulebook, and AMLA’s direct supervisory powers are already reshaping reporting behaviour across regulated sectors — insights relevant to compliance officers, MLROs, and risk professionals well beyond Malta’s borders.
- Suspicious Transaction Reports (STRs) Climbed 13% Year-on-Year
STR volumes have grown every year since 2022, and 2025 continued that trend:
Year | Total STRs Received |
2022 | 8,740 |
2023 | 9,157 (+5%) |
2024 | 9,430 (+3%) |
2025 | 10,712 (+13%) |
The 10,712 reports filed in 2025 related to over 14,000 natural persons and more than 1,000 legal persons identified as main subjects. Of these, the FIAU itself generated 326 reports, supervisory authorities contributed 120, and other competent authorities and law enforcement agencies contributed 22.
Compliance takeaway: Rising STR volumes at a national FIU typically signal either genuinely higher ML/TF activity, improved detection capability among reporting entities, or both. Compliance teams should benchmark their own STR filing trends against sector-wide growth rates — a flat or declining STR count in a growing-risk environment can itself be a red flag during a supervisory examination.
- VFA Service Providers Overtook Gaming as Malta’s Top Reporting Sector — A MiCA Effect
For the first time, Virtual Financial Asset (VFA) service providers became the leading reporting sector, displacing remote gaming operators, which had consistently topped the list in prior years. The FIAU attributes this shift directly to the EU’s Markets in Crypto-Assets Regulation (MiCA), which became fully applicable in December 2024 and introduced enhanced regulatory and compliance obligations for crypto-asset firms.
Reporting complexity also varies significantly by sector:
- CASPs (Crypto-Asset Service Providers): 96% of reports related to a single natural person
- Remote Gaming: 79% of reports involved a single natural person
- Credit Institutions: Only 54% involved a single person — 39% involved two or more natural persons, and 26% involved at least one legal person, reflecting more complex corporate and multi-party structures
Compliance takeaway: Crypto-asset firms transitioning from national VFA frameworks to MiCA should expect closer scrutiny and should treat 2025’s reporting surge as the new baseline, not an anomaly. Credit institutions and other entities handling complex, multi-party structures should ensure STR narratives capture beneficial ownership and network relationships, not just individual transaction anomalies.
- Predicate Offences: Fraud and Unknown Origin Dominate
Among the top ten suspected predicate offences linked to STRs in 2025 (a report may reference more than one):
- Predicate offence could not be established: 5,366 reports (50%)
- Fraud: 2,969 reports (28%)
- Tax crimes: 858 reports (8%)
- Drug trafficking: 436 reports (4%)
- Sanctions circumvention/evasion/violation: 400 reports (4%)
- Theft/robbery: 390 reports (4%)
- Sexual exploitation: 226 reports (2%)
- Corruption/bribery/misuse of public funds: 225 reports (2%)
- Organised crime: 171 reports (2%)
- Cyber-crime: 141 reports (1%)
The most cited reasons for suspicion were unknown source of wealth/source of funds (54%), a customer becoming uncooperative (31%), and adverse media matches (21%).
Compliance takeaway: Half of all STRs could not be tied to a specific predicate offence at the point of reporting — a reminder that effective SAR/STR quality is measured by the strength of the suspicion narrative and supporting evidence, not by pre-identifying a crime type. Source-of-wealth and source-of-funds verification remains the single highest-yield control area for reducing false negatives.
- Supervisory Interventions: A Strategic Shift Toward Full-Scope Examinations
The FIAU conducted 150 supervisory interventions in 2025, down from 187 in 2024 but consistent with a deliberate strategic shift toward full-scope, more resource-intensive examinations rather than a higher volume of lighter-touch reviews.
Year | Supervisory Interventions |
2022 | 138 |
2023 | 146 |
2024 | 187 |
2025 | 150 |
Breakdown of 2025 interventions by type:
- Thematic reviews: 48 (32%)
- Full-scope onsite inspections: 37 (25%)
- AML/CFT returns-based reviews: 23 (15%)
- Targeted inspections: 13 (9%)
- Thematic inspections: 17 (11%)
- Policies and procedures reviews: 10 (7%)
- Supervisory meetings: 2 (1%)
By sector, Trust and Company Service Providers (TCSPs) were examined most frequently (41 interventions), followed by other DNFBPs (42), investment services firms (22), and gaming operators (22). Notably, 25 interventions were carried out by the Malta Financial Services Authority (MFSA) and 11 by the Malta Gaming Authority (MGA) on the FIAU’s behalf, under Article 27(3) of the Prevention of Money Laundering Act.
Compliance takeaway: A lower headline number of examinations does not mean lighter scrutiny — full-scope examinations assess compliance against all AML/CFT obligations and are significantly more resource-intensive for both regulator and subject person. Firms should prepare for longer, deeper examinations rather than assuming reduced supervisory intensity.
- Enforcement and Sanctions: €1.34 Million in Administrative Penalties
In 2025, the FIAU’s enforcement actions resulted in:
- €1,340,242 in total administrative penalties (32 cases pre-Committee, 21 post-Committee proceedings)
- 71 enforcement measures issued overall
- 57 warning letters issued for late or missing Risk Evaluation Questionnaires (REQs) and untimely responses to Requests for Information (RFIs)
- 19 administrative penalties under the Use of Cash (Restriction) Regulations, which prohibit cash transactions of €10,000 or more
The largest recurring breach categories by penalty value included Enhanced Due Diligence (EDD) failures (€329,685 combined), Customer Risk Assessment (CRA) failures (€146,741), and general risk-related breaches (€112,245).
Appeals: The Courts Have Largely Sided With the FIAU
Since the first appeal was filed in 2018, 45 appeal proceedings have been concluded. In the majority of contested cases, the Court of Appeal upheld the underlying breaches identified by the FIAU, though it frequently reduced the administrative penalty amount:
- 6 cases (7 appeals) had all breaches and the full penalty quantum confirmed, totalling €5,446,250 — with the fine amount unchanged
- 26 cases (25 appeals) had breaches confirmed but penalty quantum reduced, from an original €6,064,779 down to €1,517,875
- 4 cases (3 appeals) had some breaches confirmed and penalties reduced or partially revoked, from €464,699 down to €22,749
Compliance takeaway: Appealing an FIAU sanction is far more likely to reduce a penalty amount than to overturn the underlying finding of breach. Compliance and legal teams should weigh appeal strategy accordingly — contesting quantum (proportionality, mitigating factors, financial capacity) has a materially higher success rate than contesting the breach finding itself.
- CBAR Utilisation Crossed 100,000 Searches
Malta’s Centralised Bank Account Register (CBAR) — the mechanism enabling rapid identification of bank and payment accounts linked to a person under investigation — reached 100,000 cumulative searches in 2025, reflecting continued growth in its use by competent authorities.
Compliance takeaway: As centralised account registers mature across the EU (a requirement under AMLD6), expect faster cross-agency identification of account relationships, which raises the bar for the accuracy and timeliness of a firm’s own account and beneficial-ownership data.
- Looking Ahead: AMLA, the EU Single Rulebook, and 2028
The FIAU’s report repeatedly signals the operational significance of the EU’s new Anti-Money Laundering Authority (AMLA), established under Regulation (EU) 2024/1620, which began operations during the reporting period. Malta is actively contributing to AMLA’s structural set-up and the compilation of the EU’s Single AML/CFT Rulebook, and FIAU officers participated in six AMLA-led working groups in 2025.
Directive (EU) 2024/1640 (AMLD6) will strengthen national mechanisms and cross-border cooperation, and AMLA is expected to take on direct supervision of higher-risk, cross-border entities from 2028. The FIAU also flagged that subject persons should expect greater consistency in supervisory expectations across the EU as the Single Rulebook is phased in — alongside continued caution around the use of artificial intelligence, both as a compliance tool and as a vector increasingly exploited by bad actors.
Compliance takeaway: Firms operating cross-border, or those large/complex enough to fall within AMLA’s future direct-supervision remit, should begin mapping their AML/CFT frameworks against the emerging EU Single Rulebook now, rather than waiting for 2028. Early alignment reduces remediation costs when AMLA supervision becomes binding.
Frequently Asked Questions
How many Suspicious Transaction Reports (STRs) did the FIAU receive in 2025? The FIAU received 10,712 STRs in 2025, a 13% increase compared to 9,430 in 2024.
Which sector filed the most STRs with the FIAU in 2025? Virtual Financial Asset (VFA) service providers became the top reporting sector for the first time in 2025, overtaking remote gaming operators, largely due to enhanced obligations introduced under the EU’s MiCA regulation.
How much did the FIAU fine subject persons in 2025? The FIAU imposed €1,340,242 in administrative penalties through its supervisory enforcement process in 2025, in addition to 19 separate penalties issued under the Use of Cash (Restriction) Regulations.
How many supervisory examinations did the FIAU carry out in 2025? The FIAU conducted 150 supervisory interventions in 2025, including 37 full-scope onsite inspections, 48 thematic reviews, and 23 AML/CFT returns-based reviews.
What is the FIAU’s success rate on appeal at the Court of Appeal? Of 45 concluded appeal proceedings since 2018, the courts have generally upheld the FIAU’s breach findings, though penalty amounts (quantum) were frequently reduced. Only a minority of cases had the full original fine amount confirmed unchanged.
What is AMLA and how does it affect Malta’s AML/CFT framework? The EU’s Anti-Money Laundering Authority (AMLA), established under Regulation (EU) 2024/1620, began operations in the current reporting period and is set to take on direct supervision of certain higher-risk, cross-border entities from 2028. The FIAU is actively contributing to AMLA’s structural development and the EU Single AML/CFT Rulebook.
- #AML
- #AntiMoneyLaundering
- #FinancialCrime
- #Compliance
- #RiskManagement
- #KYC
- #TransactionMonitoring
- #FinancialIntelligence
- #FraudPrevention
- #RegTech