Compliance has been a constant focus in the MFSA’s supervisory priorities over the past few years. A recent thematic review carried out by the Authority focused on the compliance function within 49 local Company Service Providers (CSPs), holding different types of authorisation classes and having different legal forms, with the aim of assessing the effectiveness and resilience of this key area within these regulated entities.

The Authority positively noted that CSPs are giving due importance to having an effective Compliance Function in place, and to implementing thorough checks in order to ensure that they are operating in line with applicable legislative and regulatory requirements.

93% of CSPs that participated in this thematic review highlighted that the Compliance Officer attends Board Meetings, while all respondents confirmed that the Board of Directors follows up on any recommendations and action points specified in the compliance reports. The majority of respondents also indicated that the Compliance Officer reports directly to the Board. These good practices are highly significant, since at law, the Board of Directors remains ultimately responsible for the overall compliance of the CSP, including the implementation of any actions addressing compliance findings.

The MFSA is duty-bound to ensure compliance with Malta’s international commitments whilst simultaneously adopting a proportionate regulatory approach, taking into account the nature, size and complexity of authorised persons. The thematic review touched upon other themes relating to the compliance function, including: the role of the Compliance Officer, policies and procedures, the work of the Compliance Officer and oversight over breaches and complaints handling.

Other positive findings highlighted in the thematic review include the following:

• 82% of respondents confirmed that their Compliance Function has written procedures in place.
• 92% have a Compliance Monitoring Programme in place, and the methodology of testing applied to this programme is also documented.
• 80% indicated that the Compliance Function carries out client file reviews and almost all of these entities document the findings.
• 90% of compliance officers attended staff training in the past year.

Through this exercise, the MFSA has also identified certain areas which require further improvement. These include gaps relating to the implementation of written procedures for alternative arrangements in the absence of the Compliance Officer, the broadening of the scope of client file reviews, and the frequency of testing for the purposes of identification of any breaches committed by CSPs.

Deputy Head for Trustees and Company Service Providers Supervision Petra Camilleri said: “Through this thematic review we have noted a commendable improvement by CSPs in the implementation of their compliance function. Nonetheless, CSPs are encouraged to continuously strive to enhance this business function in line with the MFSA’s supervisory expectations, which aim to strengthen and maintain stability within Malta’s financial sector. This is particularly crucial due to the key role which these service providers play, acting as gatekeepers to Malta’s financial system as a whole.”

The main findings of this thematic review have been communicated to authorised CSPs through a Dear CEO Letter which outlines the MFSA’s expectations and provides recommendations on best practice for the gaps that were identified. All CSPs are expected to undertake a gap analysis to ensure that their operations are aligned with the Authority’s expectations as set out in the Dear CEO Letter.