In a recent circular addressed to Company Service Providers (“CSPs”), the Malta Financial Services Authority (the “MFSA”) announced a number of changes to the Rulebook for Company Service Providers (the “Rulebook”), effective January 23rd January 2024. These changes aim to simplify and enhance the regulatory submission process for licensed CSPs, impacting submissions due in 2024 and thereafter. The changes to the Rulebook can be viewed here in tracked changes.
A Simplified Approach to Regulatory Submissions
These following changes are in line with the MFSA’s ongoing endeavor of streamlining regulatory procedures, offering a more efficient and consolidated approach for CSPs:
- Under Threshold Class A and Class B CSPs are relieved from the obligation of submitting an Annual Self-Declaration.
- The requirement for submission of the Certificate of Compliance has been removed.
- All individual CSPs will no longer be mandated to submit a Statement of Solvency or a balance sheet.
- The standalone Annual Financial Return is also no longer required.
The four requirements listed above will now be integrated into the updated Annual Compliance Return (the “ACR”).
Furthermore, with respect to CSPs constituted as partnerships (section 1.5 of the MFSA’s circular), the necessity for the submission of the Audited Financial Statements, the Auditor’s Management Letter and the Auditor’s Report has been removed. Instead, specific financial documents are to be submitted within four months of the financial year end.
Holistic Changes to the Rulebook
Apart from changes to the submission requirements of CSPs, the Rulebook has undergone revisions to address other key aspects:
- The timeframe for evaluating internal controls has been extended from a biannual cycle to an annual basis.
- The process for voluntary cancellation of CSP authorisations under Title 9 of Chapter 2 of the Rulebook has been clarified, whereby CSPs must confirm their intended status and submit the relevant documentation when necessary.
- Notification requirements for CSPs using an address other than their registered address for client services have been introduced.
- Breaches reporting requirements have been clarified, emphasising the obligation to report breaches in the ACR. Importantly, the requirement to notify the MFSA if an ACR will be submitted after the due date has been removed.
These changes represent the MFSA’s commitment to refining and improving the compliance landscape for CSPs. Looking ahead, the evolving regulatory landscape demands a proactive approach from CSPs. Embracing these changes not only ensures adherence to updated legal frameworks but also positions a CSP at the forefront of regulatory diligence.