On the 13th November 2020, the MFSA published the  first volume on the nature and art of financial supervision of Banking and credit institutions, examining their operations in the Maltese banking sector and publishing the findings, risks, and challenges, which the MFSA Banking supervision function deemed pertinent. The said publication provides a background on the Banking Supervisory approach undertaken through the Supervisory Review and Evaluation Process (SREP) and the MFSA's supervisory approach. The publication then moves on to detail the findings and prevailing risks and its recommendations in relation thereto. 

The MFSA found that boards of banks lacked proper insight on their bank's risk profile; failed to ensure the ongoing review of policies; failed to improve the customer due-diligence review backlog; or ensure that their ICAAPs covered the risk analysis necessary. A key issue giving rise to these defaults was the fact that banks sought to decrease costs by merging into one: risk, compliance, MLRO, and legal compliance responsibilities. Sufficient resources need to be allocated for each of these responsibilities thereby ensuring adequate oversight of a bank's business model. Additionally, the MFSA found that boards need to significantly improve financial resilience planning, primarily by understanding their business model's resilience in stress scenarios and business planning a proper assessment of all risks different scenarios may pose.

The MFSA found that boards failed to ensure internal control frameworks were operating properly and that internal-governance frameworks did not clearly identify the roles and responsibilities of key persons/functions and how each function complements and operates in parallel with the other. Senior Management and board members must ensure that each function has the necessary staff, skills, and support, as well as proper direction and resources. This failure, coupled with the merging of roles as discussed above and/or otherwise the third line of defence failing in its functions, resulted in weak decision making, risk management and control within banks. The MFSA further found record-keeping failures, and that policies and procedures were not in place, or otherwise when in place were not properly documented. In its recommendations, the MFSA proposed that risk management, compliance, and auditing functions be given proper resources and expertise, enabling boards to ensure proper internal control frameworks. Additionally, the MFSA recommended that boards maintain a diverse and high level of skill-set, enabling them to also challenge management to prepare realistic and tested business plans, based on records of delivery thereby allowing banks to develop effective Risk and Compliance Functions.

The MFSA further proposed that institutions must invest in their staff and provide training to employees to ensure they can perform and avoid any regulatory failures, and this given that in its findings it found that the staff working within the banking sector lacked skills, knowledge, and expertise.

In reporting its findings on credit risk, the MFSA found inappropriate monitoring processes, boards unable to report, challenge, and oversee credit risk, and ineffective collateral management processes. For credit standards to be maintained boards must play an active role in setting them out to senior management and lending teams, whilst at the same time ensuring that the lending process has a sound risk governance oversight.

Finally, the MFSA found several deficiencies concerning  AML and CFT Risk oversight within banks, in particular on the part of the board of directors, MLROs, and compliance officers. The MFSA proposed that institutions ensure that AML/CFT processes are conducted through proper IT structures; that institutions provide AML/CFT training to their employees; that board of directors are knowledgeable and able to ensure adequate control infrastructures within institutions; and that MLROs were properly trained and able to identify AML/CFT risks and given the necessary powers to effectively mitigate risks.

As part of its next supervisory assessment, the MFSA's focus is now on the effectiveness of the implementation of the 5th AML directive, as well as other supervisory areas such as strategic planning, stress testing, COVID-19 impacts and support systems, internal governance efficacy, growth strategies, AML/CFT controls, and mitigation of IT and cyber security risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.