Following a consultation process on raising the bar for Company Service Providers ('CSPs'), the MFSA has, on the 9th April 2020, issued its feedback statement wherein cognisant of the response received from the relevant stakeholders, the MFSA has revisited its proposals on the regulatory framework. However, in so doing, the MFSA has retained as its primary objectives, raising standards for CSPs across the board and addressing concerns raised by MONEYVAL in the Mutual Evaluation Report.

In order to attain these goals, the MFSA had put forward a number of proposals aimed at reviewing the regulatory framework for CSP regulation which proposals have been reviewed by the Authority in light of the feedback received as follows:

  1. Extending the Role of CSPs

The MFSA had initially proposed extending the role of CSPs to include the provision of guidance on, and submission of, the application documents on behalf of applicants for authorisation with the MFSA. In light of the feedback received, the MFSA has parked the proposal which shall be revisited on an ad hoc basis in the future following a separate consultation exercise.

  1. CSP Categorisation

Mindful of the need to apply a risk-based approach to regulation, the Authority is now proposing that CSPs be categorised into the following classes:

-Class A CSP

Authorised to provide, by way of its business, only the following services to third parties:

  • formation of companies or other legal entities; and/or
  • provision of a registered office, a business correspondence or administrative address and other related services for a company, a partnership or any other legal entity.

-Class B CSP

Authorised to provide, by way of its business, only the following service to third parties:

  • acting as, or arranging for, another person to act as director or secretary of a company, a partner in a partnership or in a similar position in relation to other legal entities.

-Class C CSP

Authorised to provide, by way of its business, any CSP service.

The MFSA shall also be introducing guidelines as to what it deems to constitute an ancillary activity and those services which are deemed as being incompatible with that of a CSP.

  1. Revisiting of the exemptions and the de minimis rule

As recognised by the MFSA itself, this proposal was perhaps one of the most significant within the consultation document. Further to the feedback received, the Authority has opted for the following position:

  • Removal of the exemption for advocates, notaries, legal procurators and accountants in any class or classes of CSP services;
  • Conversion of the notification requirement to a full authorisation process in relation to persons having a licence/registration to provide company services in an approved jurisdiction;
  • Re-thinking the de minimis rule in that persons not exceeding the threshold of 5 involvements (director/company secretary/partner in a partnership or similar positions) shall still be subject to a registration requirement but a lighter touch approach will be adopted.
  • Retention of the exemption in favour of trustees whilst proposing a waiver from registration for:
    1. VFA Agents for CSP activities performed as part of their business;
    2. Persons acting as director or secretary solely of entities licensed by the MFSA and whose role is subject to a fitness and properness assessment by the Authority;
    3. Persons acting as director or secretary of entities of which they hold a beneficial interest;
    4. Persons acting as director or secretary solely of entities in which the government of Malta is a shareholder.
  1. Legal Personality

The MFSA has revised its position and shall be entertaining the possibility of a CSP to be a natural person provided that, based on the risk presented by the nature, size and complexity of the business, should the MFSA deem that the CSP cannot meet its governance requirements, the natural person can be required to establish legal personality.

  1. Designated Persons

Given that a person acting as director or company secretary will now be subject to registration, the MFSA has opted to do away with the requirement to appoint Designated Persons. However, should the CSP arrange for others to acts as directors, company secretary or partner in a partnership, it must, inter alia, conduct a fitness and properness assessment and keep a record thereof.

  1. Enhanced Competence Assessment

In this regard, the MFSA has retained its position that competence assessments shall be based on both experience and educational background as well as a viva voce assessment, should the Authority deem it necessary.

  1. Assessments of onboarding processes

In this regard, the MFSA has maintained its position that CSP's client onboarding processes are thoroughly scrutinised at authorisation stage which processes are to be regularly updated in line with legal requirements and best practices.

  1. Capital Requirements

As outlined in the Consultation Document, the MFSA is also proposing to increase the minimum capital requirements of CSPs in an effort to ensure that they retain sufficient operational capital as well as a sufficient buffer in order to cover risk exposure and ensure business continuity. That said, the MFSA gave heed to industry's concerns that the exponential increase in the capital requirements as originally proposed by the MFSA would result in yet another barrier to entry. To this end, it has revised the capital requirements as follows:

  • Class A CSPs: €10,000
  • Class B CSPs: €15,000 + Mandatory PII
  • Class C CSPs: €25,000 + Mandatory PII

Additionally, the Authority is of the view that the equivalent value of immovable property in lieu of liquid capital is not conducive to fulfilling the aim of this requirement and shall, therefore, be disallowed.

  1. Strengthening requirements with respect to governance, compliance and risk management
  • Governance

The Authority is still minded to strengthen governance requirements through a revision of the Rules for CSPs, which revision shall be based on the principle of proportionality.

  • Risk Management

The MFSA has maintained that new rules on risk management shall be introduced within the CSP Rulebook which shall include:

  1. the establishment, implementation and maintenance of policies and procedures which reflect the CSP's activities, processes and systems
  2. setting the level of risk tolerated by the CSP and adoption of effective arrangements, processes and mechanism to manage such risks.
  3. Monitoring the adequacy or risk management policies and procedures and to address any deficiencies identified.
  4. the establishment of a risk management function responsible for the implementation of the abovementioned policies, reporting to the senior management, and drawing up a risk register vis-à-vis the CSP's clients.
  • Compliance

The MFSA has opted to strengthen the existing rules and require, inter alia, the persons involved in the compliance function of the CSP not to be involved in the performance of the services/activities monitored and shall neither be client-facing nor involved in client onboarding and shall require the Compliance Officer to draw up a compliance monitoring programme and present regular compliance report to the CSP's Board.

  • Time Commitment

Following the consultation period, the MFSA maintains its position that CSPs arranging for another person to act as director, company secretary, or partner in a partnership (or equivalent) shall be required to perform a quantitative and qualitative assessment of time commitment in order to ensure that such persons are capable of committing sufficient time to perform their functions efficiently and effectively.

  1. Institutional Architecture for the Supervision of CSPs

Having put forward two alternative options for the supervision of CSPs, the MFSA is still of the view that authorisation, supervision and enforcement should be retained within the Authority's portfolio. Having said that, the Authority shall be proposing that the CSP Act be amended in order to allow for the Minister, acting on the advice of the Authority, to make regulations which cater for Self-Regulatory Organisations ('SROs') and other possible regulatory mechanisms.

Way Forward

In order to implement the required changes, the Authority is proposing the following tripartite approach:

  1. Amendments to the CSP Act;
  2. Revisiting the CSP Regulations; and
  • Rethinking the Rules for CSPs.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.