In October 2019, the Malta Financial Services Authority (MFSA) issued a consultation document on raising the bar for Company Service Providers (CSPs). The Document proposed revisiting the regulatory framework for CSPs extending its scope to eliminate any existing supervisory gaps and harmonise market entry requirements.
The MFSA’s primary proposal was that all persons providing the services of a CSP will require authorisation from the Authority whilst also putting forward a number of new requirements to raise standards for CSPs. Following the expiration of the consultation period, the MFSA has now issued a feedback statement outlining its position.
Extending the Role of CSPs
In order to consolidate the CSP’s role as a gatekeeper in the financial system, the MFSA had proposed extending the role of CSPs to include guidance on, and the submission of, documentation of all prospective applicants for authorisation with the MFSA. This would include applications for a fund licence, investment services licence, licenses issued to insurance entities and insurance intermediaries, as well as credit institution and financial institution licences. In this respect, prospective applicants for authorisation would have been required to engage a specifically authorised CSP to proceed with their application.
Following feedback from the industry, the MFSA has reversed its position and the proposal made in this respect will be revisited separately at a future date.
The MFSA agrees that the provision of professional assistance in the submission of applications for licensing, registration, recognition or any other authorisation issued by the MFSA should be considered as a service which is distinct to that of a CSP and is therefore considering an ad hoc standard in this respect. This would be the subject of a separate consultation exercise that would focus on the quality of applications to be submitted to the MFSA and standards related to the application process.
Categorisation of CSPs
In order to better apply a risk-based approach to regulation and supervision, the MFSA had proposed categorising CSPs into three different classes. Following feedback from the industry, the three classes shall be the following:
The MFSA is to introduce guidance on what constitutes an ancillary activity and matters which are deemed to be incompatible with the services of a CSP.
Market Entry Requirements
With respect to persons requiring authorisation as CSPs, the MFSA had proposed that the authorisation requirement under the CSP Act is widened by removing:
[i] the exemption from registration for advocates, notaries, legal procurators and accountants;
[ii] the notification requirement for persons having a licence or registration to provide company services in an approved jurisdiction and converting it to a full authorisation requirement; and
[iii] revisiting the de minimis rule, in particular those relating to access checks and to eliminate any existing supervisory gaps.
The MFSA also proposed that, given their regulated status, the exemption for persons authorised to act as a trustee or to provide other fiduciary duties in terms of the Trusts and Trustees Act will be retained. An exemption for Insurance Managers, as defined under the Insurance Distribution Act, was also being considered.
The MFSA also proposed that the registration requirement changes to a licensing requirement.
Following feedback received from the Industry, the MFSA has cemented its position. With respect to the removal of the exemption for warranted professionals, the MFSA maintains its position that the exemption from registration for advocates, notaries, legal procurators and accountants should be removed. That being stated, the authority will be giving due recognition to the professional qualification and warrant when assessing competence as part of the fitness and properness assessment conducted by the MFSA. Furthermore, the MFSA acknowledges that some of these practitioners provide corporate services within a wider portfolio of services being provided to clients. In such instances, and based on verifiable information to be obtained by the MFSA, both at application stage and on an ongoing basis, such persons may be subjected to less onerous requirements and controls, wherein the authority, in deciding whether a service provider qualifies for the lighter touch approach or not, will inter alia give due regard to actual and/or projected revenue from CSP activities as part of total services provided or to be provided.
With respect to the proposed removal of the notification requirement for persons having a licence or registration to provide company services in an approved jurisdiction and converting it to a full authorisation requirement, the MFSA is proposing that the notification requirement is slightly amended. In this respect the MFSA will retain the current position with respect to persons having a licence or registration to provide CSP services in EU and EEA States; however, with respect to those persons having a licence or registration to provide services in third countries, it will be made clearer that it is only those persons having such authorisation in a third country which, in the opinion of the MFSA, has an equivalent authorisation framework, which can benefit from this procedure.
Furthermore, with respect to Class B CSPs, in so far as they are acting as director or secretary of a company, a partner in a partnership or in a similar position in relation to other legal entities, the MFSA is proposing that they cannot hold more than 5 involvements.
Persons not exceeding such thresholds, will still be subject to a registration requirement, including access checks and controls; but will be subjected to a lighter touch approach.
Whilst the MFSA is of the view that the exemption for trustees is to be retained it is also considering proposing waivers from registration for:
Legal Personality Requirement
The MFSA considers proper internal governance of CSPs as being critical for the attainment of the objectives set. Notwithstanding, the authority is cognisant of the impact that these requirements may have on smaller businesses and is willing to address the concerns raised by applying these requirements proportionately without compromising on regulatory objectives. In this light, the MFSA envisages the possibility of allowing a CSP to be a natural person provided that, based on the risk presented by the nature, size and complexity of the business, where the MFSA considers, both at authorisation stage and on an ongoing basis, that a CSP cannot meet its governance requirements, it can require the said natural person to establish legal personality.
The Appointment of Designated Persons
The MFSA is of the view that the requirement to appoint a “Designated Person” is no longer necessitated. That being stated, requirements will be introduced within the Rules setting out the obligation for CSPs arranging for another person to act as director or secretary of a company, a partner in a partnership or in a similar position in relation to other legal entities, inter alia to assess the fitness and properness of such person both ex-ante (prior to proposing such person) and ex-post (on an ongoing basis). CSPs will be required to keep a record of such assessments.
Enhanced Competence Assessments
The MFSA shall be maintaining its position that competence assessments are to be enhanced and that such assessments are to be based on two pillars:
[i] experience and educational background; and
[ii] where the MFSA deems it necessary, on the basis of a risk-based assessment, a viva voce assessment.
The MFSA will also seek to ensure that authorised CSPs and their approved officials remain current with their knowledge of changes in the regulatory environment and best practices, by setting out a requirement for continuous professional education.
Assessment of CSP’s client onboarding process
Whilst retaining the view that the CSP’s onboarding process should be thoroughly scrutinised at authorisation stage, CSPs are to ensure that their onboarding processes reflect their internal AML/CFT policies, procedures, and risk management as required by the PMLFTR. Such processes are to be regularly updated and aligned with legal requirements, best practices, and the national and sectoral risk appetite and thresholds current at any given time and should also be effectively implemented. The MFSA and/or the FIAU will retain the right to inspect these policies and procedures at any time in terms of the law.
The Consultation document initially proposed to raise the capital requirements for CSPs. However following feedback, the initial requirements have been lowered to the following:
The MFSA has reaffirmed that the Rules for CSPs will be revisited and governance requirements strengthened. The application of the Rules will be based on the principle of proportionality and the CSP services provided, thereby reflecting a dynamic, risk-based approach.
The requirement for a CSP to appoint a Compliance Officer is one which already exists in the current framework. In this respect, the MFSA shall be strengthening existing rules and inter alia introducing the following requirements:
[i] persons involved in the compliance function of the CSP are not to be involved in the performance of the services/activities which they monitor and, in this respect, shall neither be client-facing nor involved in client on-boarding; and
[ii] the compliance officer of a CSP shall draw up a compliance monitoring programme
The MFSA retains the position set out in the consultation paper that it will be introducing rules to oblige CSPs to perform a quantitative and qualitative assessment of time commitment. This is to ensure that Designated Persons are capable of committing sufficient time to perform their functions efficiently and effectively.
The Way Forward
The MFSA is proposing substantial reforms which are aimed at bringing exempt and non-registered persons within the scope of the CSP Act, raising awareness of AML/CFT risks in the sector and generally raising standards for all persons providing CSP services in or from within Malta. In order to implement the requisite changes, the regulator will proceed to implement amendments to the Act, the CSP Regulations and the Rules for CSPs.
This article was written by Dr Cherise Abela Grech and Dr Luke Mizzi.
For more information on of Company Service Providers Regulation please contact Dr Ian Gauci on firstname.lastname@example.org Dr Cherise Abela Grech on email@example.com and Dr Luke Mizzi on firstname.lastname@example.org
Disclaimer: This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.