Revised Financial Institutions Rules

In a bid to ensure a sound and robust regulatory framework for payment institutions, the MFSA has issued a consultation document on the proposed revised financial institutions rules applicable to financial institutions authorised to provide payment services (excluding account information services) or to issue electronic money.

The proposed new rules are modelled on the requirements of the Electronic Money Directive and Payment Services Directive, as currently transposed under the Financial Institutions Act and are intended to replace the current Chapter 3 of the Financial Institutions Rulebook (FIR/03).

The proposed rulebook contains a comprehensive set of rules which include:

  • Matters requiring notification to the MFSA;
  • Requirements relating to prior approval of the MFSA;
  • Passporting;
  • Appointment of agents and distributors;
  • Sound & prudent management;
  • Outsourcing;
  • Safeguarding of Clients’ Funds;
  • Prudential Requirements; and
  • Record Keeping & Reporting Requirements

Some of the highlights from the proposed rulebook are set out below:

Corporate Governance

Among the changes being introduced, the proposed rulebook includes a provision mandating that the Licence Holder’s business is to be effectively directed by at least two individuals from Malta in their role as either an Executive Director and/or Senior Management.

The MFSA has further specified that the Board of Directors shall:

  1. be composed of at least three (3) members;
  2. include at least one (1) Independent Non-Executive Director;
  3. have a balance of executive and non-executive directors; and
  4. have at least one (1) member which is resident in Malta.

The chairperson of the Board of Directors is expected to be an independent non-executive member.

Conflicts of Interest

Instances amounting to a conflict of interest should cover cases where there is a conflict between the interests of the Licence Holder or certain persons connected to the Licence Holder including employees, or the group of which the Licence Holder forms part, or from the performance of services and activities, and the duty the Licence Holder owes to a client; or between the differing interests of two or more of its clients, to whom the Licence Holder owes in each case a duty.

The MFSA has highlighted specific scenarios which could create actual or potential conflicts of interest, including economic interests, personal or professional relationships with the owners of qualifying holdings in the Licence Holder or with the staff of the Licence Holder or related entities, and other employments and previous employments within the recent past (ex. 5 years).

Annual Compliance Report

Annually, Licence Holders are required to submit, together with the audited financial statements, a Compliance Report drawn up by the Compliance Officer. This report shall include the Compliance Monitoring Plan, a list of breaches identified and their status, and a confirmation from the Licence Holder’s MLRO that all the local AML/CFT requirements have been satisfied.

Business Continuity Arrangements

Licence Holders are required to test their Business Continuity Plan and Disaster Recovery Plan annually and update them based on testing results, current threat intelligence and lessons learned from previous events.

Outsourcing

Prior to entering into an outsourcing agreement, the Licence Holder is expected to conduct a pre-outsourcing analysis which includes, inter alia, assessing if the outsourcing arrangement concerns a critical or important function and identifying and assessing all its relevant risks. The Licence Holder is required to assess the potential impact of outsourcing arrangements on their operational risk, take into account the assessment results when deciding if the function should be outsourced and take appropriate steps to avoid undue additional operational risks before entering into outsourcing arrangements. Before entering into an outsourcing arrangement, Licence Holders are also expected to carry out a due diligence exercise to ensure the service provider is suitable.

Licence Holders shall also ensure that service providers, where relevant, comply with appropriate IT security standards in line with the provisions on ‘Security of Data and Systems’ as explained in the EBA Guidelines on Outsourcing.

Financial Institutions Return

Financial institutions captured under this proposed rulebook will also be required to submit a Financial Institutions Return on a quarterly basis; this return will be the subject of an additional consultation exercise. Over the coming months, the MFSA is expected to issue additional consultations on the revision of the other financial institutions rulebooks, including the proposal of a new rulebook relating to account information service providers.

For information or assistance about Financial Services please contact Dr Ian Gauci and Dr Cherise Abela Grech.

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content