Due diligence process ensures only highly qualified applicants and their family members are admitted into citizenship by investment. It is the core of CBI, protecting the integrity of schemes from abuse preventing criminals, terrorists, traffickers, frauds and those skirting international sanctions.

Due diligence for CBI is conducted by licensed agents, citizenship by investment units (CIUs) and third-party service providers. Governments and Third party companies do a background screening on all applicants and family members applying for Citizenship by investment. The Level of security checks conducted on citizenship applicants can vary depending on the country and its specific immigration policies.

The DD report finally computes a risk profile after verifying all vital information necessary for decision-making and presents insight into:

  • Education credentials
  • Company associations
  • Personal details
  • Employment records
  • Source of wealth
  • Track records
  • Licenses, certificates & awards
  • Potential conflicts of interest
  • Political and criminal links
  • Business background
  • Reputation

CBI Due Diligence (4 Layers)

Applicants pass through due diligence checks before being approved of their citizenship and passport. Based on the four layer checks, a risk profile is calculated by government to make a decision on their application.

1. Authorized Agent

  • KYC (Know Your Client)
  • Initial checks on application forms and validity of documents submitted.
  • Check eligibility and double check no concealed information in forms.
  • Preliminary Due Diligence report
  • Source of funds
  • Screening of all visas, passports, citizenships held by family
  • History of visa refusals (or previous immigration record)

2. Government

These checks are done for all family members (investor, spouse, parents , siblings, children above 16 years) and their owned businesses. Interviews may be conducted at consulates to clarify discrepancies. AI technology can complement the decision-making protocols.

  • Accuracy and completeness of application (full disclosure in application forms)
  • Authenticity and Verification of documents submitted (forging and fake documents)
  • Criminal record (places lived in past 10 years in all countries for more than 6 months)
  • National and international databases (law enforcement and intelligence)
  • Interpol checks, FBI wanted persons.
  • Closer scrutiny of minors and children to protect against trafficking
  • Bankruptcy, Warrants, Imprisonment, Litigation in courts and other regulatory issues
  • Tax evasion, Frozen assets
  • Rejected/Held visas, all previous residency and citizenships (all previous immigration records such as deportation) along with entry/exit stamps in passport (trips to blacklisted countries)
  • Military service records
  • Sanctions checks (UN, OFAC, EU, UK)
  • Name change and alias records
  • Source of Funds (AML/CFT compliance checks)
  • Enhanced vetting checks on High risk subjects (PEPs,  HNW)
  • Monitoring every five years

3. Third Party Due Diligence Firms

The 3rd party international due diligence firms play an important role in vetting of subjects. These highly reputable firms are hired by government on a tender.

  • Ground checks and interviews (verify address, place of birth, personal interview, authenticity of documents, beneficial owners, business address / ownership). Thorough screening of applicant aliases, family members, proxy, banks, references, all beneficial owners of companies attached to client application.
  • Reputation risk (eg. adverse news in press and media)
  • Medical test for illness or disease (HIV, TB, Hepatitis, Covid etc)
  • Source of wealth (property, cash, business, investments, luxury goods, gifts, inheritance, divorce settlement, crypto etc.)
  • Enhanced due diligence (EDD) for high risk persons to identify suspicious and gray areas.
  • Corporate and business history (registry, shareholders, directors, or parties)
  • Banking relationships

4. Banks

Banks do their own AML/CFT compliance checks independent of citizenship investigations. Transferring large sums of money (excess of $100k) will automatically trigger background checks.

  • KYC / Identification
  • Compliance checks (Source of funds, reputation, criminal records)
  • Source of funds
  • Sanction list (international databases)

Risk assessment

Based on all checks Governments / CIU create a risk profile of the applicant (Low, medium, High) based on the scale of 1 to 10

  • Low – 0 to 3
  • Medium – 4 to 7
  • High – 8 to 10

An Example out of Malta

Malta’s due diligence is regarded as ‘gold standard’ in the citizenship by investment industry. A single application gone wrong will break the integrity of the CBI, putting the entire industry at risk. Criminals with the help of passport, can pose a security threat to other countries abusing the visa waiver agreements or open bank account to do money laundering to skirt sanctions.

Malta does efficient vetting on candidates applying for citizenship under investment scheme. The Regulations are enforced with a four-tier due diligence process, which is considered the most stringent, and of the highest standard, in the industry.

Malta Due Diligence Framework (4 Tier)

A four stage vetting framework was developed by Malta. The Regulations are enforced with a four-tier due diligence process, which is considered the most stringent, and of the highest gold standard in the industry. Almost one in three applications are refused by Malta government based on stringent security checks.

First Tier

Standard KYC due diligence is carried out by both the Agency and the Agent through databases such as World-Check.

Second Tier

Clearance is obtained from the Police Authorities following thorough checks through several databases, such as Interpol, Europol and others. Any issues encountered at this stage are reported back to the Agency. It must be pointed out that any Third Country National (TCN) applicant or dependant who requires a visa to be able to visit Malta and, therefore, enter the Schengen zone, is to go through the standard Schengen visa application procedures.

Third Tier

This stage is carried out by the Agency’s assessors. The assessors have a banking and audit background who receive ongoing training in the prevention of Money Laundering and Terrorism Financing. A completeness and correctness check of the application is carried out. This identifies anomalies in the application form that highlight any potential risk. Every kind of accompanying documentation submitted to the Agency is checked to ensure that it has been filled in correctly and that the documents are submitted in the proper format, correctly translated, and apostilled or notarised as the case may require. Where documents are missing or not in the correct format, or errors are identified, a request for submission is made to the agent representing the family applying for Maltese citizenship and the application process is paused until everything is in order. This stage also comprises checks against world-check databases which include searches against major international sanctions, designated and denied persons lists. The sources of funds and wealth are also reviewed at this stage to ensure that sufficient information and supporting documentation has been provided.

Fourth Tier

Once the above processes are completed, the assessors review all the information collected both internally and externally and an internal risk assessment report is compiled using a risk matrix, which was developed by the Agency to standardise the process and ensure that every application is processed comprehensively. However, this may entail raising further questions with the applicant via the agent to seek further clarifications. The assessor may revert to the due diligence companies to obtain their views/observations on the issues raised with the applicant. This will enable the assessor to finalise the risk assessment report. Subsequently, applications are presented during the Agency’s board meeting where a collective decision on the recommendation to be put forward to the Minister for Citizenship is agreed. The Minister’s final decision is then conveyed to the agent by means of either a Letter of Approval in Principle or a Letter of Refusal. All employees working in the due diligence section go for a course on the prevention of Money Laundering and Terrorism Financing to have a better understanding of what is expected of them. In addition, the employees within this section all have previous experience in either Risk and Compliance or Audit.

Malta Risk Matrix (7 Layers)

Let us take a deep look at the risk matrix of Malta

The due diligence process has evolved substantially during the past years. The Agency has developed an internal risk matrix, which ensures that every application is being examined thoroughly in a consistent manner, and that decisions are taken systematically and transparently. The matrix has seven categories, and every application is treated similarly without deviations.

  • Identification and verification – Identification and verification is the first category of the risk matrix and looks at how the identity of the applicants has been established and verified, while considering all the countries the applicants have resided in over the ten years preceding the application.
  • Business and Corporate Affiliations – The second category looks at the Applicant’s business and corporate affiliations and takes into consideration ties with offshore activity, jurisdictions and industries.
  • Politically Exposed Persons (PEPs) – A category in itself is where applicants are politically exposed persons (PEPs) and are or have been on sanctions or watch lists.
  • Source of Funds & Source of Wealth – The fourth category of the risk matrix, which today constitutes of the most significant focus of the due diligence process, looks at establishing how the family have accumulated their wealth, and from where the funds for financing the application originate. The risk assessment under this category has an even stronger focus on documented evidence, at times delving into extremely granular detail such as bank statements, articles of association, share registers and certificates of incorporation, certified copies of contracts, and transactions amongst others. Tax evasion risks are also taken into consideration.
  • Reputation – The applicants’ reputation constitutes the fifth category of the risk assessment matrix, taking into consideration the overall reputation observed through OSINT, reports and on-the-ground intelligence.
  • Legal and Regulatory Matters – We have established that the sixth category would focus on legal and regulatory matters with incremental risk factors based on any charges or convictions for criminal or civil offences, including fines at an incremental interval.
    Relative Impact on the MA’s Immediate Network
  • The six categories of risk mentioned so far are very commonly analysed within the financial sector. However, the seventh category is somewhat bespoke to the industry of CBI and consists of an analysis of the MA’s activities and the relative impact on the MA’s immediate network and society in general. This is to ensure that no stone is left unturned and to enable the team to cover any incidental area, which is deemed essential and was not covered by any of the other previous categories.

All information which is deemed necessary for the processing and due diligence of an application is required, and there is no room for negotiation or ad hoc decisions. Details of all applicants are also submitted to the Financial Intelligence and Analysis Unit (FIAU) for full transparency. Decisions within the Agency are documented and substantiated with the required rationale, and signed off by the responsible person, to ensure transparency and accountability

High Risk Categories

The following categories are classified as high risk (red):

PEPs, Senior government officials, paedophiles, terrorist financing, arms smugglers, human traffickers, subject of interest, wanted person, convicted criminals, conflict minerals, intellectual property violators, sanction list hit, Reapply after denial of visa or citizenship, drugs, organized crime, gambling casinos, hackers, financial fraud, war criminals, involved in bribery or corruption, incarcerated persons, business assets frozen, laundromats, tax evasion, high risk countries


A complete check on all crimes must be screened to get the best possible outcome. For example a World check report checks all crimes listed below:

• Bribery and corruption
• Hostage taking
• Kidnapping
• Piracy counterfeiting and piracy of product
• Human trafficking and other human rights abuse
• Organized crime
• Illicit trafficking in stolen and other goods
• Currency counterfeiting
• Racketeering
• Cyber crime
• Hacking
• Phishing
• Insider trading and market manipulation
• Robbery
• Environmental crimes
• Migrant smuggling
• Slave labor
• Securities fraud
• Extortion
• Sexual exploitation of children
• Money laundering
• Falsifying information on official documents
• Narcotics and arms trafficking
• Smuggling
• Forgery
• Price fixing
• Illegal cartel formation
• Antitrust violations
• Terrorism
• Terror financing
 • Fraud
• Theft
• Cheating
•Pharmaceutical product trafficking
• Illegal distribution
• Illegal production
• Banned/fake medicines
• War crimes
• Tax evasion
• Tax fraud


Refinitiv Due Diligence – Download 
Investment migration Best Practices and DD Recommendations – Download
World Check Brochure – Download
Komunita Malta Due Diligence Process – Download