What is ‘the Four-Eyes Principle’ that Regulated Companies need to Adhere to?

In this Article

Stephanie Marinova provides a concise overview of the Four-Eyes Principle, a vital governance strategy requiring dual approval for significant organizational decisions. This principle enhances security and compliance, particularly in sectors like finance and cryptocurrency, by minimizing risks such as fraud and errors. The article emphasizes its application in financial institutions and Crypto Asset Service Providers (CASPs), especially within Malta’s regulatory framework enforced by the Malta Financial Services Authority. As regulatory scrutiny increases, understanding the Four-Eyes Principle is essential for organizations to navigate today’s complex business environment effectively

soroush-karimi-ZcczBXrkXgA-unsplash

The 'Four Eyes Principle'

Overview

In today’s dynamic business environment, ensuring security, compliance, and operational integrity is a non-negotiable priority. Entities across industries strive to minimise errors, prevent misuse, and maintain the highest standards of accountability. One proven strategy that supports these goals is the Four-Eyes Principle, also known as the dual control principle or two-person rule.

At its core, the Four-Eyes Principle emphasises collaboration and oversight by requiring two individuals to approve or confirm critical decisions, processes, or transactions. This approach not only strengthens trust but also serves as an effective safeguard against risks such as fraud, inaccuracies, and operational lapses. 

The timeless adage “Four eyes see better than two” perfectly captures the essence of this principle. By fostering collaboration and mutual accountability, it ensures quality control and lessens the likelihood of errors or malpractices. As such, it necessitates the confirmation and approval of the two responsible individuals involved in the process.

Practical Applicability

Industries

Unsurprisingly, this principle has become a cornerstone for industries ranging from finance to software development, finding applications wherever precision and reliability are paramount.  In particular, it finds application across different business fields, such as:

  • Fintech: Financial technology companies rely on this principle to secure transactions and approvals. For instance, a corporate payment exceeding a predefined limit might require dual approval – one from the financial manager and another from the CFO – combined with multi-factor authentication to ensure compliance and prevent fraud.
  • Blockchain: Multi-signature wallets are a practical example in the blockchain ecosystem. They require authorization from different private keys, ensuring secure and accountable cryptocurrency transactions.
  • Investment Management: Portfolio managers often collaborate with compliance officers to approve significant investment decisions. For example, acquiring a high-value asset might require validation from both the investment team and a regulatory compliance expert to align with fiduciary responsibilities.
  • Fraud Prevention: To prevent fraud, multi-layered approval systems are implemented. This could be a wire transfer request that may require authentication by a relationship manager and an independent risk officer; thereby, reducing the likelihood of fraudulent activity.
  • Audit and Reconciliation: Internal audits in financial institutions often rely on dual verification. Usually, account reconciliations are cross-checked by two separate teams – one handling account balances and the other confirming transactions.
  • Procurement in Financial Services: The principle offers transparency during vendor selection. When financial institutions procure IT services, proposals are jointly reviewed by the procurement team and the IT department for the purpose of providing impartiality and optimal selection.
  • Financial Reporting: Before financial statements are published, it is required for such to be reviewed and approved by both the accounting team and external auditors, in compliance with any regulatory standards and reporting accuracy.
  • Compliance Monitoring: Regulatory submissions often require sign-off from multiple departments. When it comes to submitting a report to a financial regulator, this may involve review by both the compliance officer and the legal team, guaranteeing alignment with legal and regulatory frameworks.
  • Risk Management: Risk assessments for major financial decisions, such as mergers or acquisitions, involve joint reviews. They can be performed by the risk assessment team and senior executives to evaluate potential impacts, ensuring thorough due diligence.
  • Customer Account Management: Significant changes to customer accounts, such as altering credit limits or approving large withdrawals, usually require dual approval from a relationship manager and a compliance officer, safeguarding against errors or misuse.
jubal-kenneth-bernal-uvdhVGaeem4-unsplash

The 'Four-Eyes Principles' in Financial Institutions

Processes

Within financial institutions, the Four-Eyes Principle remains a fundamental safeguard, helping entities uphold accuracy, reduce any perils, and maintain strict adherence to regulatory requirements. By requiring the involvement of two individuals in crucial transactions or decisions, the principle minimises vulnerabilities and protects the organization from potential errors or misconduct.

In practice, one individual typically initiates a process, such as preparing or approving a payment or a loan, while another independently reviews and verifies the action. This two-person verification system provides that no single individual can perform high-risk tasks or manage sensitive information without oversight.

Beyond fraud prevention, the Four-Eyes Principle fosters a culture of accountability and transparency. It plays a key role in adhering to important regulatory frameworks like Anti-Money Laundering (“AML”) and Know Your Customer (“KYC”) protocols, where additional oversight is essential to identify suspicious activities. Additionally, financial institutions use this principle to uphold corporate governance standards in areas such as treasury management, loan approvals, and account reconciliation.

By dividing authority and responsibility, the dual control principle not only minimises conflicts of interest but also enhances the quality of decision-making. Ultimately, this strengthens the trust in the integrity of the institution’s operations, making sure that decisions are well-considered and aligned with best practices.

The 'Four-Eyes Principles' in CASPs

CASPS

In the dynamic environment of Crypto Asset Service Providers (“CASPs”), the Four-Eyes Principle assists in safeguarding digital asset transactions and enhancing operational integrity. As CASPs manage services like cryptocurrency exchanges, token custody, and staking, they are entrusted with handling substantial amounts of digital assets in highly volatile and often uncertain regulatory domains. Implementing dual control ensures that no individual can unilaterally execute critical tasks, such as transferring funds, accessing private keys, or authorising system modifications.

A prime example of the Four-Eyes Principle in practice within CASPs is the multi-signature (multi-sig) technology. This mechanism requires multiple authorised users to digitally sign off on a transaction before it is processed, ensuring that no one individual has sole control over the funds. Multi-sig technology provides an additional layer of security against both internal threats, such as fraud, and external threats like hacking.

During high-stakes activities such as Initial Coin Offerings (“ICOs”) and token launches, the Four-Eyes Principle is essential for ensuring transparency and accountability. For instance, decisions related to setting token prices, approving smart contracts, or managing investor funds are subject to review and approval by multiple parties to avoid errors or potential conflicts of interest. 

As regulatory scrutiny on digital assets intensifies, compliance with AML and Counter-Terrorism Financing (“CTF”) regulations has become non-negotiable. Regulatory bodies now increasingly require CASPs to implement dual control mechanisms to provide compliance with these frameworks. It is apparent that it assists in mitigating risks related to illicit financial activities and enhances the credibility of CASPs in a competitive market.

How is the 'Four-Eyes Principle' Applied by the Malta Financial Services Authority vis a vis the companies they supervise?

MFSA

In Malta, the Four-Eyes Principle is firmly integrated into the regulatory framework established by the Malta Financial Services Authority (“MFSA”). The MFSA mandates that significant transactions or decisions, such as fund transfers, loans, or large payments, within financial institutions be subject to dual control. This aligns with the MFSA’s commitment to maintaining high standards of governance, risk management, and compliance with EU regulations, such as the Fourth and Fifth Anti-Money Laundering Directives (“4AMLD” and “5AMLD”), which include the need for enhanced oversight in financial transactions. 

On the island, the Four-Eyes Principle serves as an essential mechanism to prevent fraud, reduce human error, and comply with stringent EU regulations. Laws such as the VFA Act (Chapter 590 of the Laws of Malta) (“VFA Act”), Financial Institutions Act (Cap. 376 of the Laws of Malta), Investment Services Act (Chapter 370 of the Laws of Malta), Banking Act (Chapter 371 of the Laws of Malta), and Companies Act (Chapter 386 of the Laws of Malta), including also the MFSA rules and guidelines, actively mandate dual control for critical decisions. Particularly, entities operating in the financial sector are encouraged to pay specific attention to the Prevention of Money Laundering & Funding of Terrorism Regulations (Subsidiary Legislation 373.01) (“PMLFTR”), which mandates entities to implement dual control mechanisms to oversee suspicious transactions. The latter legislative document notes that any non-compliance can lead to severe consequences, including fines, penalties, or even the revocation of licenses, underscoring the critical importance of adherence for both legal compliance and preserving trust in operations.

Conclusion

The 'Four-Eyes Principle'

The Four-Eyes Principle not only enforces robust oversight but also fosters collaboration and shared responsibility in decision-making. Its implementation strengthens organisational resilience, ensuring processes are both secure and transparent. 

In Malta, this principle serves as a linchpin of governance and regulatory compliance for all companies operating in the financial sector. With the growing complexity of compliance demands, this principle remains indispensable for protecting operations and maintaining stakeholder confidence.

If you have any questions regarding the Four-Eyes principles and how to effectively implement it within your organisation, send us an e-mail on contactmkfintech@kyprianou.com or call +356 2016 1010.

Business team present. Photo professional investor working new startup project. Finance meeting.

Key Contact

Stephanie Marinova

Associate

More about MK Fintech Partners Ltd.

Michael Kyprianou Fintech Partners Ltd. is a Maltese company providing services in the FinTech sector. It comprises a team of dedicated experts who provide services such as Legal Advisory, Crypto Licensing, Token Issuers’ Licensing, Investment Services Licensing, and registrations of activities related to Fintech, Crypto, Blockchain & Data Protection, Investment Funds Services & Banking, Company Incorporations, and M&As.

MK Fintech Partners forms part of the Michael Kyprianou Group, a top tier international legal and advisory firm. It has established an enviable reputation as a broad-based legal practice over the years. Mainly by keeping at heart its principle to always exceed its clients’ expectations. MK has grown to become one of the largest law firms in Cyprus with offices in Nicosia, Limassol and Paphos. The MK Group’s international presence also includes fully-fledged offices in Greece (Athens and Thessaloniki), Malta (Birkirkara), Ukraine (Kiev), the United Arab Emirates (Dubai), United Kingdom (London), Israel (Tel Aviv), and Germany (Frankfurt).

The content of this article is valid  at the date of its first publication. It intends to provide a general guide to the subject matter and does not constitute legal advice. We recommend that you seek professional advice on a specific matter before acting on any information you read. For further information, contact us at MK Fintech Partners via email at contactmkfintech@kyprianou.com or by telephone +356 2016 1010.

Share this article:
Facebook
Twitter
WhatsApp
LinkedIn