CSP Framework
On the 1st November 2024, the Malta Financial Services Authority ('the MFSA/'the Authority) issued a consultation document proposing updates to the Company Service Providers ('CSP') regulatory framework. In Malta, CSPs act as the gatekeepers to the financial system, being the initial point of contact for individuals seeking to set up business in Malta. However, they are especially susceptible to money laundering and financing of terrorism ('ML/FT') risks. These proposals aim at further mitigating said risks particularly in connection with Class B CSPs (both under threshold and typical Class Bs)
Malta has little visibility on the extent of activities of those individuals carrying out directorship/company secretary services when these do not act 'by way of business'. In view of this, the Authority proposes that a risk assessment would need to be undertaken in relation to such individuals to adequately delineate Malta's risk understanding of this sector. The aim, therefore, is to continue enhancing the risk-based approach holistically, ensuring that the sector is not exposed to unnecessary risks which are not adequately mitigated.
Furthermore, the Authority proposes a notification requirement to CSPs who currently provide directorship and/or company secretarial services but do not do so by way of business. The Authority continues by stating that, since everything indicates that the market has understood the risks which come about when providing CSP services, an increase in the number of involvements not considered to be regular and habitual – i.e. not 'by way of business' – is warranted.
Therefore, the Authority proposes that the number of involvements increases from two to five. In terms of this proposal, individuals currently providing up to two directorships or serving as company secretaries to not more than three companies would be able to hold a maximum of five involvements. This means that they would not be deemed to be providing these services regularly, provided that they are not also holding themselves out as providing such services.
These individuals are not required to seek authorisation or registration but would be required to notify the Authority that they hold these involvements by submitting a Notification Form through the Authority's License Holder Portal. This Form is proposed to contain basic information on the individual providing the service and on the client company/ies.
The proposal brought forward by the Authority is that such information is submitted at notification stage. However, the Authority does not exclude that updated information from this category of individuals is obtained in the future, but this would need to be determined after a risk assessment to be carried out by the Authority upon the collection of data.
The Authority further proposes that individuals acting as director and/or company secretary in a company in the following scenarios will not need to notify the Authority of these particular involvements:
- Individuals required to act as director and/or company secretary through their contract of employment, or
- Persons acting exclusively as director/company secretary of a company in which they hold a beneficial interest;
- Individuals who act exclusively as director/company secretary of a company as a result of a family relationship.
The Authority also proposes that a new category of CSPs be created, which category would be termed 'Registered Persons'. This category would comprise individuals acting, or holding themselves out as acting, as directors by way of business to third parties and providing directorship and/or company secretarial services to companies up to a maximum of ten involvements.
Due to the limited activity carried out by these individuals and the limited degree of risk these persons would pose, the Authority has made a proposal to:
- Create a registration requirement for individuals acting, or holding themselves out to act, as director and/or company secretary in a company and who do so by way of business to third parties but do not exceed ten involvements;
- Waive the requirement of the compliance function, since these individuals are carrying out the compliance function themselves;
- Create an application form catering for Registered Persons which will establish the requirements and obligations imposed on such persons;
- Streamline regulatory submissions both to the Authority and the Financial Intelligence Analysis Unit ('FIAU' ) through the introduction of a single, amalgamated and annual submission applicable to Registered Persons. This would significantly lessen the administrative burden of submissions on Registered Persons. The Authority, therefore, proposes that such individuals would no longer need to submit Risk Evaluation Questionnaires ('REQs') with the FIAU;
- Moreover, for current Class B Under Threshold CSPs, the Authority will convert their authorisation to a registration if requested by the individuals.
The final set of proposals relates to the increase of the number of involvements from 10 to a maximum of 20 in relation to Class B Under Threshold CSPs due to the introduction of the Registered Persons category. To this effect, the Authority provides that Under Threshold Class B CSPs may either:
- Retain their current authorisation, therefore having the opportunity to increase their business to up to 20 involvements; or
- Convert their authorisation to a registration and be classified as Registered Persons, thus being allowed to hold a limited number of directorship and/or company secretarial involvements not exceeding 10 involvements.
By virtue of this consultation paper, the MFSA aims at providing a further layer of protection specifically to Class B CSPs. Moreover, this consultation paper provides for new proposals to lessen certain burdens on such CSPs while keeping their exposure to ML/FT risks at a minimal level.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.