In a bid to ensure a sound and robust regulatory framework for payment institutions, the MFSA has issued a consultation document on the proposed revised financial institutions rules applicable to financial institutions authorised to provide payment services (excluding account information services) or to issue electronic money.
The proposed new rules are modelled on the requirements of the Electronic Money Directive and Payment Services Directive, as currently transposed under the Financial Institutions Act and are intended to replace the current Chapter 3 of the Financial Institutions Rulebook (FIR/03).
The proposed rulebook contains a comprehensive set of rules which include:
Some of the highlights from the proposed rulebook are set out below:
Among the changes being introduced, the proposed rulebook includes a provision mandating that the Licence Holder’s business is to be effectively directed by at least two individuals from Malta in their role as either an Executive Director and/or Senior Management.
The MFSA has further specified that the Board of Directors shall:
The chairperson of the Board of Directors is expected to be an independent non-executive member.
Instances amounting to a conflict of interest should cover cases where there is a conflict between the interests of the Licence Holder or certain persons connected to the Licence Holder including employees, or the group of which the Licence Holder forms part, or from the performance of services and activities, and the duty the Licence Holder owes to a client; or between the differing interests of two or more of its clients, to whom the Licence Holder owes in each case a duty.
The MFSA has highlighted specific scenarios which could create actual or potential conflicts of interest, including economic interests, personal or professional relationships with the owners of qualifying holdings in the Licence Holder or with the staff of the Licence Holder or related entities, and other employments and previous employments within the recent past (ex. 5 years).
Annually, Licence Holders are required to submit, together with the audited financial statements, a Compliance Report drawn up by the Compliance Officer. This report shall include the Compliance Monitoring Plan, a list of breaches identified and their status, and a confirmation from the Licence Holder’s MLRO that all the local AML/CFT requirements have been satisfied.
Licence Holders are required to test their Business Continuity Plan and Disaster Recovery Plan annually and update them based on testing results, current threat intelligence and lessons learned from previous events.
Prior to entering into an outsourcing agreement, the Licence Holder is expected to conduct a pre-outsourcing analysis which includes, inter alia, assessing if the outsourcing arrangement concerns a critical or important function and identifying and assessing all its relevant risks. The Licence Holder is required to assess the potential impact of outsourcing arrangements on their operational risk, take into account the assessment results when deciding if the function should be outsourced and take appropriate steps to avoid undue additional operational risks before entering into outsourcing arrangements. Before entering into an outsourcing arrangement, Licence Holders are also expected to carry out a due diligence exercise to ensure the service provider is suitable.
Licence Holders shall also ensure that service providers, where relevant, comply with appropriate IT security standards in line with the provisions on ‘Security of Data and Systems’ as explained in the EBA Guidelines on Outsourcing.
Financial institutions captured under this proposed rulebook will also be required to submit a Financial Institutions Return on a quarterly basis; this return will be the subject of an additional consultation exercise. Over the coming months, the MFSA is expected to issue additional consultations on the revision of the other financial institutions rulebooks, including the proposal of a new rulebook relating to account information service providers.
For information or assistance about Financial Services please contact Dr Ian Gauci and Dr Cherise Abela Grech.