In 2020, the Company Services Providers (CSP) Act (Chapter 529 of the Laws of Malta) was amended to include certain requirements in order to come in line with Article 47 of Directive 2015/849 of the European Parliament and Council on the prevention of money laundering or terrorist financing.

Company Service Providers can be entities or individuals providing an array of corporate services, including directorship services.

The Maltese Parliament is considering Bill 233 of 2021 which proposes a number of amendments to the Companies Act (Chapter 386 of the Laws of Malta), in order to complement the recent amendments to the CSP Act.

Additional duties of the director

Article 139 of the Companies Act discusses the appointment of directors and Bill 233 envisages that all companies, not just public companies, shall require the proposed director to personally sign the memorandum indicating his consent to act as director, or else to deliver to the Registrar a consent in writing to act as director.

The Bill also proposes the addition of a new sub-article to Section 139. This states the following: "(5) Prior to being appointed director of a company, such person shall be required to declare to the Registrar, in the prescribed form, whether he is aware of any circumstances which could lead to a disqualification from appointment or to hold office as a director of a company under the provisions of this Act or in another Member State."

Further disqualifications for the appointment or holding of office of director

Arguably the most significant change put forward by Bill 233 is the addition of new provisions relating to the removal of directors and casual vacancies. The addition of sub-article (7) to Section 140 would allow the Registrar, once becoming aware that an officer of a company is disqualified or does not hold a licence issued under the Company Service Providers Act - Chapter 386 of the Laws of Malta (where such license is required) to inform the company.

Following this notification, the Company must, within fourteen days, register the removal of such officer. Sub-article (8) adds: "If the company fails to remove such officer, the Registrar shall file an application in court requesting the removal of such officer from office." Sub-article (9) clarifies that the expenses, if the dispute is taken before a Court, shall be borne upon the Company.

One will also note that the Bill suggests the addition of a new paragraph to Article 142(1), which states that a person shall not be qualified to hold office as director or company secretary if "(e) such person is holding such office as a company service provider in terms of the Company Service Providers Act without having obtained the necessary authorisation by the Malta Financial Services Authority (MFSA) to provide such service." This would essentially mean that any person who holds the office of director without the necessary authorization will no longer be able to exercise such role.

Furthermore, the Bill also proposes the following provision be added to article 142: "(6) Apart from the disqualifications for appointment or to hold office of a director of a company under the provisions of this Act, any disqualification that is in force or information relevant for disqualification in another Member State shall be taken into account and the Registrar may refuse the appointment of a person as a director of a company where, at the time, such person would be disqualified from acting as a director in another Member State."

According to the CSP Act, for the MFSA to authorize a person to be a CSP, including a director, the applicant must be a fit and proper person and must be operating in or from Malta. There are different requirements when it comes to legal persons who will be acting as a CSP. They must be registered in Malta or in a reputable jurisdiction, any directors and every person who directly or indirectly holds more than 25% of capital and/or voting rights must be fit and proper in order to be authorized by the MFSA. Moreover, the legal person's objects must include acting as a company service provider and its activities must be compatible with its objects.

Inclusion of the date of birth instead of the identification number

The Bill would see Article 2(5) of the Companies Act amended by requiring that documents to be delivered to the Malta Business Registrar include the date of birth (or registration number in case of a body corporate) of the person whose name and residential address details are included in said documents.

Inclusion of the Company email address in the memorandum

Apart from the inclusion of the company's registered address, the Bill introduces the requirement to include the company's email address in the company's memorandum. it is proposed that Article 69 (1)(d) should state: "(d) the registered office in Malta and the electronic mail address of the company".

This proposed amendment however begs the question as to how, an entity which has not yet been incorporated, should already have an email address, and how, its shareholders or directors would be able to engage service providers to set up an email address for the company.

"Service address" as an alternative to a residential address

An interesting amendment to the Companies Act proposes that the first directors of a company be allowed to provide a "service address" as an alternative to their residential address within the memorandum. "Service address" is defined in the proviso of the proposed Article 123A as "the company's registered or principal office". This is also found in Article 4 of the CSP Act which provides that an application for authorization must indicate an address in Malta for service on the applicant looking for authorization.

Introduction of Article 123A

A notable proposal put forward by the Bill is the introduction of Article 123A. This provision will introduce the obligation to keep a register of the residential addresses of the company's officers and shareholders, which register shall also include the names and email addresses of each of the officers and shareholders. Such register shall be used solely for regulatory purposes and shall not be made available to the public.

Additionally, the directors and company secretary will be responsible for the delivery of a copy of this register to the Registrar of Companies. The Bill fails to mention when and how often the register should be so delivered but limits itself to stating that any changes made to the register must be notified to the Registrar of Companies within fourteen days, and failure to fulfil this obligation will result in a penalty against every officer of the company.

Additional duties of the Registrar

Bill 233 of 2021 also imposes additional obligations on the Registrar by virtue of Article 401. Primarily, the Registrar must, prior to the registering of a new company or the return of a company, take all the necessary steps to ascertain the individuals' identification and the correctness of the information submitted.

The Registrar shall also have the duty of providing competent authorities and subject persons (as defined in the Prevention of Money Laundering and Financing of Terrorism Regulations - Subsidiary Legislation 373.01) with full access to the website maintained by the Registrar. In accordance with the proposed sub-provision (l), the Registrar must "deal with any aspect of online formation of companies, online registration of branches and online filing of documents and information".

The amendments propose to grant the Registrar the authority to issue, where he deems fit and after consultation with the Minister, binding procedures and guidance to companies and their officers.

Processing of personal data

Finally, the Bill proposes the addition of paragraph (18) to Article 401 which regulates the role of the Registrar as a data controller when processing personal data. This stipulates the following: "(18) Where the Registrar, in his capacity of a data controller, processes personal data for the purposes of this Act, he shall comply with the principles relating to processing of personal data pursuant to Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and apply appropriate technical and organisational measures to ensure a level of security appropriate to the risk posed, and to integrate the necessary safeguards into the processing, in order to protect the rights and freedoms of data subjects.".

What should officers do, if the bill becomes law?

Changes to the Company's Memorandum

Every company's memorandum will need to be reviewed and amended, to comply with the law, a new Register of officers will have to be created and maintained, and provided to the Registrar of Companies, and careful compliance with the Company Service Providers Act will be expected.

Clearly, in drafting Bill 233, Parliament took into consideration the risks of ML/FT which are higher in the CSP Sector. In fact, the 2018 National Risk Assessment noted that the CSP Sector not only poses higher ML/FT risk, but that such sector is also known for weak AML/CFT controls. In this regard, it seems that the proposed changes to the Companies Act are an attempt to mitigate such risks. This may not only be evidenced through the additional disqualifications with regards to the role of directors, but also through the further compliance obligations bestowed upon the Registrar. It is fair to say that such proposals are not only appropriate within the current framework, but a necessary development in light of increasing ML/FT awareness.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.