Malta: Banking & Finance (2nd edition)

The In-House Lawyer Logo

This country-specific Q&A provides an overview to banking and finance laws and regulations that may occur in Malta.

This Q&A is part of the global guide to Banking & Finance. For a full list of jurisdictional Q&As visit

  1. What are the national authorities for banking regulation, supervision and resolution in your jurisdiction?

    The Malta Financial Services Authority (“MFSA”) is the national competent authority supervising credit institutions in Malta. Following the transposition of the Bank Recovery and Resolution Directive (Directive 2014/59/EU) (“BRRD”), the Board of Governors of the MFSA also acts as the Resolution Authority and has appointed a Resolution Committee which has all powers assigned to it by virtue of the domestic Recovery and Resolution Regulations (S.L. 330.09). Moreover, the Financial Intelligence Analysis Unit (“FIAU”), also plays a part in banking supervision, namely with respect to anti-money laundering related powers. To this effect, it has the core powers of receipt and analysis of financial reports made by subject persons performing the business of banking, on transactions suspected of involving money laundering, co-operating and exchanging information with local and foreign supervisory authorities and foreign investigation units, as well as monitoring and ensuring compliance by such subject persons with their obligations in terms of the Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01).

  2. Which type of activities trigger the requirement of a banking license?

    The Banking Act (Chapter 371 of the laws of Malta) provides that the business of banking in or from within Malta can only be undertaken by a company which is in possession of a banking licence granted by the MFSA. For this purpose, the business of banking is defined as (i) the acceptance of deposits of money from the public withdrawable or repayable on demand or after a fixed period or after notice, or (ii) the borrowing or raising of money from the public, in either case for the purpose of employing such money in whole or in part by lending to others or otherwise investing for the account and at the risk of the person accepting such money. Additionally, a bank may also be authorised to carry out additional services such as inter alia (i) payment services (under the Directive (EU) 2015/2366 on payment services in the internal market, the “PSD II”); (ii) issuing and administering other means of payment; (iii) trading for account of customers or own account in various products including transferable securities; (iv) portfolio management; and (v) safe custody.

    No credit institution licensed or holding an equivalent authorisation outside Malta may open a branch, agency or representative office or set up any subsidiary in Malta, unless it is in possession of a licence granted by the MFSA. However, a credit institution licensed or holding an equivalent authorisation in an EU Member State or EEA State shall be entitled to exercise its rights under EU passporting laws.

  3. Does your regulatory regime know different licenses for different banking services?

    No. The Banking Act does not contemplate different types of licences for different banking services. Whenever, an institution performs or intends to performs, the business of banking in terms of the Banking Act, it must obtain a licence from the MFSA. Hence, there is only one type of banking licence available irrespective of the banking services offered.

  4. Does a banking license automatically permit certain other activities, e.g., broker dealer activities, payment services, issuance of e-money?

    • The banking licence issued in terms of the Banking Act does not grant automatic permission to per-form other activities, although the MFSA may, upon the applicant’s request and subject to any other law regulating such activities, authorise an institution to carry out all or any of the following additional activities: Financial Leasing;
    • Payment Services;
    • Issuing and administering other means of payment (travellers’ cheques, bankers’ drafts and similar instruments);
    • Guarantees and commitments;
    • Trading for own account or for account of customers in: money market instruments (cheques, bills, certificates of deposit, and similar instruments); foreign exchange; financial futures and options; ex-change and interest-rate instruments; and transferable securities;
    • Participation in securities issues and the provision of services related to such issues;
    • Advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertakings;
    • Money broking;
    • Portfolio management and advice;
    • Safekeeping and administration of securities;
    • Credit reference services;
    • Safe custody services; and
    • Issuing electronic money.

    In any case, the carrying out of the above-listed activities in isolation will not constitute the business of banking in terms of the Banking Act, and the carrying out of any other activity not listed above is prohib-ited unless so authorised by the MFSA. Furthermore, the authorisation to carry on the above additional activities is without prejudice to the credit institution obtaining any other appropriate licence that it might require under any other law, and the MFSA may require the credit institution to carry out such activities through a subsidiary.

  5. Is there a “sandbox” or “license light” for specific activities?

    There is currently no mechanism in place locally although we are aware that this is on the regulator’s radar.

  6. Are there specific restrictions with respect to the issuance or custody of crypto currencies, such as a regulatory or voluntary moratorium?

    Yes. However, in order to determine whether the issuance or custody of crypto-currencies is captured by Maltese law, the crypto-currency would first need to be classified in accordance with a ‘Financial Instru-ment Test’ (the ‘Test’). This was introduced by virtue of the Virtual Financial Assets Act (Cap. 590 of the laws of Malta, the ‘VFAA’), and constitutes a step-by-step assessment of ‘DLT Assets’, defined as as-sets which utilise distributed ledger technology. The Test necessitates the assessment of the characteris-tics, features, and functions of the crypto-currency, and includes an analysis of the underlying technical protocol and software. The crux of the Test is the adoption of a ‘substance-over-form’ approach, cou-pled with a forward-looking schema which takes into consideration the inter-operability, exchangeability and convertibility of the crypto-currency and its underlying technical specifications. This is particularly important owing to the multi-use nature of certain crypto-currencies necessitating a holistic assessment. The Test then leads to the classification of the crypto-currency into one of the four mutually exclusive DLT Asset classes, so as to ascertain whether it falls to be classified as either: (i) a virtual token; (ii) a financial instrument; (iii) electronic money; or (iv) a virtual financial asset. The results of this classification would then determine the applicable regulatory regime.

    Virtual tokens (treated under Maltese law as the legal equivalent of pure ‘utility tokens’, the usage of which is limited to that within the platform on which it was issued, or within a limited network of plat-forms), fall outside the regulatory perimeter. In the case of financial instruments, one would need to comply with the traditional financial services framework, principally the Prospectus Directive (and the impeding Prospectus Regulation) in the case of issuances and MiFID II in the case of custody, in each case as transposed into Maltese law.

    In a report on crypto-assets issued on 9th January 2019, the European Securities and Markets Authority (‘ESMA’) announced its preliminary view that in the case of MiFID II financial instruments, having control of private keys on behalf of clients might be regarded as safekeeping services subject to MiFID II regu-latory requirements. Should the MFSA follow that view, this may trigger the need to obtain a Category 4 Investment Service licence under the Investment Services Act (Cap. 370 of the laws of Malta), and sub-jecting the custodian to the rules applicable to the safekeeping and segregation of client assets. The exact licence category requirement will, however, depend on how the MFSA will interpret and implement ESMA’s advice, and whether it will treat private key custody in the same manner as traditional custody services such as custody of collective investment schemes.

    In the case of classification as electronic-money, the applicable regulatory regime would be the Financial Institutions Act (Cap. 371 of the laws of Malta), transposing the provisions of the Electronic Money Di-rective and the Payment Services Directive, amongst others. Where a crypto-currency classifies as elec-tronic-money, which may be the case with certain ‘stable-coins’, an issuer is required to obtain an elec-tronic money institution licence under the said Financial Institutions Act.

    Finally, where the crypto-currency is classified as a virtual financial asset, the issuance and custody would be subject to the provisions of the VFAA. Having entered into force on the 1st of November 2018, the VFAA regulates three principal aspects of VFAs: (i) the initial offering of virtual financial assets to the public (“IVFAO”); (ii) the admission of virtual financial assets to trading on a VFA Exchange; and (iii) the provision of virtual financial asset services in or from within Malta.

    In the case of an IVFAO, prospective issuers of a VFA are subject to a registration regime, whereby is-suers are required to draw up and register a whitepaper with the MFSA. The whitepaper must conform with the form and content requirements specified by Schedule 1 to the VFAA, and sets out the terms of the public offering, details of the issuer and its technology. In addition to this requirement to register its whitepaper, a VFA issuer is subject to initial and ongoing regulatory requirements, including inter alia: (i) the appointment and retention of a VFA Agent; (ii) I.T. and cyber-security; (iii) board of administration and governance; and (iv) annual filings.

    In relation to custodian services, the VFAA requires service providers to obtain a VFA Service Provider licence where such service falls within the list of VFA Services included in Schedule 2 to the VFAA. In this respect, the VFAA deems the “acting as a custodian, or nominee holder of a VFA and/or private cryptographic keys”, or the “holding of a VFA and/ private cryptographic keys” to be a licensable activi-ty. The Virtual Financial Assets Regulations (subsidiary legislation 590.01, the ‘VFA Regulations’) elabo-rate on the scope of this service by providing that: “the terms "hold", "control", "place", "safeguard" and "deposit" shall be deemed to encompass custody services provided in relation to virtual financial assets, and shall extend to any physical or digital representation of such assets or to a right to transact such assets or any physical or electronic device, keys, codes or any other information which gives the custo-dian control or access to such virtual financial assets, including private cryptographic keys belonging to the client”.

    Consequently, an entity wishing to provide custody services in relation to crypto-currencies that classify as VFAs is required to obtain a VFA Service Provider Licence. In terms of the VFA Regulations this re-quires, as a minimum, a VFAA Class 2 licence, with the licensing conditions attaching thereto including, inter alia, the requirement to: (i) appoint a VFA Agent at licensing stage; (ii) prudential capital and liquidi-ty; (iii) governance and policies; (iv) conduct of business (including client classification and treatment); (v) I.T and cyber-security; and (v) annual filings.

    The VFAA extends the reach of anti-money laundering legislation by acknowledging VFA Issuers and VFA Service Providers as ‘subject persons’, and are thus required to have in place adequate and appro-priate know-your-customer, due diligence, and risk assessment measures in place.

    Lastly, the VFAA contemplates a grandfathering period, temporarily exempting VFA Issuers and VFA Service Providers from the regulatory requirements, subject to prior notification to the MFSA and subject further to compliance on a ‘best-efforts’ basis in the interim. The transitory period is that of three (3) months in the case of VFA Issuers, and twelve (12) months for VFA Service Providers, in each case commencing from the 1st of November 2018.

  7. What is the general application process for bank licenses and what is the average timing?

    The Banking Act requires that any company desirous of commencing the business of banking in or from Malta shall, before commencing any such business, apply in writing to the MFSA for a banking licence, notwithstanding the possibility withdrawing the application, by written notice to the MFSA, at any time before it has been granted or refused. Moreover, the Banking Act prescribes that, in the event of reason-able doubt as to whether the banking activities being transacted in or from Malta by any person and thus require a licence in this regard, the MFSA shall conclusively determine the matter.

    In order to be able to grant a banking licence the MFSA must be satisfied that the minimum criteria relat-ing to prudent conduct, fit and proper persons, integrity and professional staff and safety of potential depositors are fulfilled with respect to the applicant. For this purpose, all applications for such a licence shall be filed in accordance with its official application forms as applicable and shall be accompanied by:

    a) a copy of the Memorandum and Articles of Association of the institution;

    b) audited financial statements for the last three years (if applicable);

    c) a business plan including the structure, organisation and management systems of the prospec-tive bank;

    d) identity of all directors, controllers and managers of the institution and submission of personal questionnaires as applicable;

    e) identity of all shareholders with a qualifying shareholding and submission of qualifying share-holders questionnaires as applicable;

    f) identity of the individuals who will be effectively directing the business of the prospective bank, and submission of personal questionnaires as applicable;

    g) copy of draft material outsourcing agreements; and

    h) duly completed internet and electronic banking questionnaire.

    Notwithstanding the submission of the information and documents indicated above, the MFSA may re-quire an applicant for a licence to submit additional information as it may deem appropriate to determine an application for a licence. Furthermore, it is expected that an applicant for a licence notifies the MFSA immediately of any subsequent additions or alterations with respect to any of the documents or infor-mation submitted as part of the application pack.

    The MFSA must also be satisfied that the Applicant has met the following criteria:

    • An initial capital amounting to no less than five million Euro (€5,000,000) or its equivalent – this applies equally to Maltese registered banks and overseas institutions wishing to set up branches in Malta;
    • At least two (2) individuals who effectively direct the business of the Company – this is in line with the "four-eyes" principle;
    • Must have notified the MFSA of the identities of the shareholders or members whether direct or indirect, that have qualifying holdings and of the amounts of those holdings or, where there are no qualifying holdings, of the twenty (20) largest shareholders or members;
    • Such shareholders or members, controllers and/or persons responsible for the direction of the business of the credit institution, must, to the satisfaction of the MFSA, be suitable persons to ensure its sound and prudent management; and
    • Where there are close links between the Company and another person(s), such links do not, through any law/regulation/administrative provision or in any other manner, prevent it from exer-cising effective supervision of the Company once in possession of a licence.

    The MFSA must determine an application for a licence within six (6) months of receipt of the application. In the case where an application is not filed in compliance with the requirements of the Banking Act or if additional information is requested, the MFSA must determine that application within six months of com-pliance under the respective provisions of the Banking Act or the submission of additional information, whichever is the later.

    In any event, the MFSA is bound to determine an application for a licence – by either granting such un-conditionally, subject to conditions it may deem appropriate, or refusing to grant it a licence all together — within twelve months. In the case of a refusal to grant a licence, the MFSA shall inform the applicant on the reasons for such refusal in writing.

    The MFSA shall also notify the European Banking Authority (“EBA”) of every licence issued to a credit institution in terms of the Banking Act and any regulations or Banking Rules made thereunder.

  8. Is mere cross-border activity permissible? If yes, what are the requirements?

    Cross-border activity by credit institutions is indeed permissible. A Maltese credit institution desirous of engaging in cross-border activities in another EU Member State or EEA State may do so after having notified the MFSA in accordance to the European Passport Rights for Credit Institutions Regulations (S.L. 371.11). In this case, the credit institution would be permitted to exercise its passporting rights in terms of the freedom of establishment and freedom of services regime (explained below), provided that the activities which it carries out in the host EU/EEA State, in exercise of a European Passport Right, shall be limited to those activities which it is authorised to undertake in Malta.

    Freedom of Establishment

    A Maltese credit institution wishing to exercise a European Passport Right to establish a branch in an-other EU/EEA State shall provide the MFSA with a branch passport notification to establish a branch in another Member State, which shall contain (a) the EU/EEA State within the territory of which the Maltese credit institution plans to establish a branch; (b) a programme of operations identifying, inter alia the activities which it seeks to carry out through the branch; (c) the address of the proposed branch from where documents may be obtained; and (d) the proposed organizational structure of the branch and the names of the proposed managers. Within three (3) months of receiving a Branch Passport Notification, the MFSA shall give a notice to the European regulatory authority of the host EU/EEA State, certifying that the Maltese credit institution is authorised to act as a credit institution in Malta, identifying the activi-ties it intends on carrying out, and including information relating to the amount and composition of own funds, and other details relating to any deposit guarantee scheme intended to protect the clients of the branch. Although, the MFSA retains discretion to refuse to give the European regulatory authority of the host Member State notice as aforesaid, although it must give reasons for its decision in writing.

    Moreover, a branch of a Maltese credit institution shall not be established and commence its activities in the host EU/EEA State unless (a) the Maltese credit institution has received a communication from the European regulatory authority acknowledging its establishment in the host EU/EEA Member State and, if necessary, indicating any applicable conditions in the interests of the general good; or (b) two (2) months have elapsed from the date of receipt of the notice referred to earlier, and no communication has been received from the European regulatory authority.

    Where a European credit institution wishes to establish a branch in Malta, the same notification process would apply. To this effect, the institution would need to notify the regulatory authority in its home Mem-ber State via a branch passport notification of its intention to establish a branch in Malta. The MFSA must then receive a notification from the respective home regulator: (i) certifying that the institution is authorised to act as a credit institution; (ii) identifying which activities it intends to carry out; (iii) indicating the amount and composition of own funds and the sum of the own funds requirements; and (iv) contain-ing details of any deposit guarantee scheme which is intended to protect the branch’s clients. The MFSA shall then, within two months of receiving the notice referred to above, prepare for the supervision of the institution and, if necessary, indicate the conditions under which, in the interests of the general good, those activities shall be carried out in Malta.

    Freedom of services

    A Maltese credit institution wishing to exercise a European passport right to provide services in another EU/EEA State shall provide the MFSA with a services passport notification, which shall (a) identify which services it intends to provide; and (b) indicate the EU/EEA State in which it intends to operate. Within one month of receiving a services passport notification, the MFSA give such notification to the European regulatory authority of the host EU/EEA State. A Mal-tese credit institution may exercise its European passport right provided (a) it has given the MFSA the requisite notification; and (b) the MFSA has notified the European regulatory authori-ty of the host EU/EEA State (the MFSA is required to give written notice to the Maltese credit institution that the notification has taken place).

    A European credit institution wishing to exercise a European passport right to provide services in Malta shall provide its home State regulator with a services passport notification to provide services in Malta, and the MFSA must have received a notification to this effect from the home State regulator. The MFSA is then obliged to notify the European credit institution of any appli-cable conditions where appropriate after having received the services passport notification referred to above.

    Cross-border activities in a third country

    Where, however, the credit institution is intending to offer services in a third country jurisdiction, it must not only inform the MFSA but must also have due regard to the applicable regulatory framework of that third country. The same would indeed apply where a third country credit insti-tution intends on offering services in Malta.

    Operating a representative office

    In the event that the credit institution intends to open a representative office overseas, prior written approval from the MFSA is required. Note that in terms of the Representative Offices (Requirements and Activities) Regulations (S.L. 371.04), the business of a representative of office must be confined solely to the conduct of purely liaison activities and must not include the engagement in financial transactions or the execution of any documents relative thereto, except where necessary for and incidental to the maintenance of the office in Malta.

  9. What legal entities can operate as banks? What legal forms are generally used to operate as banks?

    Only a ‘company’ in possession of a licence granted under the Banking Act by the MFSA can operate as a bank in Malta. For the purpose of the Banking Act, ‘company’ means a limited liability company constituted in Malta in accordance with the Commercial Partnerships Ordinance or the Companies Act, or any law which may from time to time be in force, or a company registered, licensed or holding an equivalent authorisation in another country outside Malta under the laws of any country provided that such company, if not constituted in Malta, would qualify to be so registered or licensed under the laws of Malta.

  10. What are the organizational requirements for banks, including with respect to corporate governance?

    The primary objective of bank governance should at all times be the safeguarding of stakeholders’ interests in conformity with public interest in a sustainable manner. Hence, banks differ in the way they must establish their corporate governance structures as their main aim, despite their private nature, is respect of the public interest. To this effect, banks must ensure that their Board of Directors has overall responsibility of the bank, approves and monitors the way management implements the bank’s objectives, governance framework and corporate culture. Therefore, all banks should define appropriate governance practices and methods for carrying them out, permitting the management function of an institution to carry out banking activities in a manner which is consistent with the business strategy, risk appetite and policies. The MFSA has indeed established, in line with EU legislation, various capital and liquidity requirements, measures relating to the fair valuation of assets and the allocation of adequate capital to cover risks associated with losses on credit facilities which have become partly/wholly uncollectible, among others. All in all, the MFSA expects that an authorised credit institution conducts its business in a prudent manner. Credit institutions are required to have robust governance arrangements, including a clear organisational structure, well defined lines of responsibility, effective risk management processes, control mechanisms and remuneration policies. The internal governance arrangements should be appropriate to the nature, scale and complexity of the credit institution. The main responsibility for internal governance lies with the Board of Directors. In this respect, local credit institutions are required to abide by the EBA Guidelines on Internal Governance EBA/GL/2017/11, as well as the Joint ESMA and EBA Guidelines on the Assessment of the Suitability of Members of the Management Body and Key Function Holders EBA/GL/2017/12.

  11. Do any restrictions on remuneration policies apply?

    As part of the internal governance framework, a licensed credit institution should have in place a Board approved structure regarding its policies for the remuneration and compensation of its management and staff members. The absence of a coherent and adequate remuneration policy generates potential risks for a licensed credit institution that need to be adequately analysed and contained.

    When establishing and applying the total remuneration policies, credit institutions shall comply with the principles and regulatory technical standards promulgated by CEBS (as it then was) and the EBA, in a manner and to the extent that is appropriate to their size, internal organisation and the nature, scope and complexity of their activities.

    The remuneration policy, taking into account national criteria on wage setting, makes a clear distinction between criteria for setting: (a) basic fixed remuneration, which should primarily reflect relevant professional experience and organisational responsibility as set out in an employee’s job description as part of the terms of employment; and (b) variable remuneration which should reflect a sustainable and risk adjusted performance as well as performance in excess of that required to fulfil the employee’s job description as part of the terms of employment. Although, the establishment of the latter is no straightforward task – the measures used to determine the variable remuneration are expected to mirror performance which is risk-adjusted and hence, reflective of risks which have not yet materialized. These risks are almost impossible to establish precisely owing to their inherently unpredictable nature and this may thus pose an obstacle in the establishment of the variable portion of remuneration.

    Ultimately however, in the case of the variable elements of remuneration, the following principles and restrictions shall apply:

    • where remuneration is performance related, the total amount of remuneration is based on a combination of the assessment of the performance of the individual and of the business unit concerned and of the overall results of the credit institution and when assessing individual performance, financial and non-financial criteria are taken into account;
    • the assessment of the performance is set in a multi-year framework in order to ensure that the as-sessment process is based on longer-term performance and that the actual payment of perfor-mance-based components of remuneration is spread over a period which takes account of the un-derlying business cycle of the credit institution and its business risks;
    • the total variable remuneration does not limit the ability of the credit institution to strengthen its capital base;
    • guaranteed variable remuneration is not consistent with sound risk management or the pay-for-performance principle and shall not be a part of prospective remuneration plans;
    • guaranteed variable remuneration is exceptional, occurs only when hiring new staff and where the credit institution has a sound and strong capital base and is limited to the first year of employment;
    • fixed and variable components of total remuneration are appropriately balanced and the fixed com-ponent represents a sufficiently high proportion of the total remuneration to allow the operation of a fully flexible policy, on variable remuneration components, including the possibility to pay no varia-ble remuneration component;
    • institutions shall set the appropriate ratios between the fixed and the variable component of the total remuneration, whereby the following principles shall apply: (a) the variable component shall not ex-ceed 100% of the fixed component of the total remuneration for each individual; (b) shareholders of the credit institution may approve a higher maximum level of the ratio between the fixed and variable components of remuneration provided the overall level of the variable component shall not exceed 200% of the fixed component of the total remuneration for each individual; (c) credit institutions may apply the discount rate referred to in the second subparagraph of this point to a maximum of 25% of total variable remuneration provided it is paid in instruments that are deferred for a period of not less than five years.
    • payments related to the early termination of a contract reflect performance achieved over time and do not reward failure or misconduct;
    • remuneration packages relating to compensation or buy out from contracts in previous employment must align with the long-term interests of the credit institution including retention, deferral, perfor-mance and clawback arrangements;
    • the measurement of performance used to calculate variable remuneration components or pools of variable remuneration components includes an adjustment for all types of current and future risks and takes into account the cost of the capital and the liquidity required;
    • the allocation of the variable remuneration components within the credit institution shall also take into account all types of current and future risks;
    • a substantial portion, and in any event at least 50%, of any variable remuneration shall consist of an appropriate balance of the following: (a) shares or equivalent ownership interests, subject to the legal structure of the credit institution concerned or share-linked instruments or equivalent non-cash instruments, in case of a non-listed credit institution, and (b) where possible, other instruments within the meaning of Article 52 or 63 of the CRR or other instruments which can be fully converted to Common Equity Tier 1 instruments or written down, that in each case adequately reflect the credit quality of the credit institution as a going concern and are appropriate to be used for the purposes of variable remuneration;
    • a substantial portion, and in any event at least 40%, of the variable remuneration component is de-ferred over a period which is not less than three to five years and is correctly aligned with the nature of the business, its risks and the activities of the member of staff in question. Remuneration payable under deferral arrangements shall vest no faster than on a pro-rata basis. In the case of a variable remuneration component of a particularly high amount, at least 60% of the amount shall be deferred. The length of the deferral period shall be established in accordance with the business cycle, the nature of the business, its risks and the activities of the member of staff in question.
    • the variable remuneration, including the deferred portion, is paid or vests only if it is sustainable ac-cording to the financial situation of the credit institution as a whole, and justified on the basis of the performance of the credit institution, the business unit and the individual concerned;
    • up to 100% of the total variable remuneration shall be subject to malus or clawback arrangements. Credit institutions shall set specific criteria for the application of malus and clawback. Such criteria shall in particular cover situations where the staff member: (a) participated in or was responsible for conduct which resulted in significant losses to the credit institution; and (b) failed to meet appropriate standards of fitness and propriety;
    • the pension policy is in line with the business strategy, objectives, values and long-term interests of the credit institution;
    • staff members are required to undertake not to use personal hedging strategies or remuneration- and liability-related insurance to undermine the risk alignment effects embedded in their remuneration arrangements;
    • variable remuneration is not paid through vehicles or methods that facilitate the non-compliance with the Banking Act and any regulations and Banking Rules issued there under transposing the CRD, or with the CRR.

    Additionally, there shall be a Remuneration Committee constituted in a manner so as to enable it to exer-cise competent and independent judgement on remuneration policies and practices and the incentives created for managing risk, capital and liquidity. Its responsibilities shall primarily relate to the taking of decisions relating to remuneration, including those which have implications on the risk management of the bank. For reasons of independence and transparency, the members of the Remuneration Committee shall be directors who do not have an executive role in the bank concerned and at all times, whenever making any decisions in relation tio such remuneration, the Committee shall regard highly the long-term interests of shareholders, investors and other stakeholders in the bank and the overall public interest.

    Ideally, information on the process of setting compensation and the amount awarded to top executives should be publicly disclosed by the bank at least annually, especially where the bank is significant in size, internal organisation, and nature, scope and complexity of its activities. To this effect, process-related information ought to include the composition of a Remuneration Committee and ensure that the criteria relied upon when setting compensation, include both performance measurement and risk adjustment. Quantum-related information should include the total amount (including the breakdown into various components), paid to all senior executives and material risk-takers.

  12. Has your jurisdiction implemented the Basel III framework with respect to regulatory capital? Are there any major deviations, e.g., with respect to certain categories of banks?

    The MFSA has implemented the EU CRD IV/CRR package with respect to regulatory capital. No major deviations are to be noted and, in fact, credit institutions are advised to refer to the relevant articles in the CRR, related Regulatory/Implementing Technical Standards and any other Guidelines or any other relevant EU legislation that may be issued from time to time. There are no additional domestic-specific provisions in this respect.

  13. Are there any requirements with respect to the leverage ratio?

    Currently, the MFSA requires credit institutions to monitor and report on their leverage ratio. To this ef-fect, the MFSA provides templates which are to be used for the submission of data relating to the lever-age ratio of credit institutions. One requirement which applies to credit institutions when reporting data required as ratios is that such must be reported using the decimal notation to four decimal places. Once the binding leverage ratio requirement becomes effective, as part of the CRR reforms, credit institutions will be required to comply with the applicable thresholds.

  14. What liquidity requirements apply? Has your jurisdiction implemented the Basel III liquidity requirements, including regarding LCR and NSFR?

    In order to maintain and monitor continuous liquidity, the MFSA expects that every credit institution establishes an active treasury management operation whose functions should include the monitoring of the maturity structure of the institution's receivables and payables as well as its assets and liabilities taking into account the type, scope and risks of the institution's activities.

    A credit institution is expected to maintain continuous liquidity by:

    • holding sufficient available cash or liquefiable assets, subject to the qualification that marketable assets vary in quality in terms of the prices at which they are capable of being sold;
    • securing an appropriately matching future profile of cash flows from maturing assets, subject to the qualification that in practice there may be shortfalls if borrowers are unable to repay;
    • maintaining an adequately diversified deposit base in terms both of maturities and range of counterparties (bank and non-bank) which, depending importantly on the individual credit institution's standing and on the general liquidity situation at the time, may provide the ability to raise fresh deposits without undue cost;
    • maintaining the minimum applicable liquidity ratios.

    Malta has implemented the CRR liquidity requirements, including those around LCR (currently subject to transitory provisions which will be fully implemented later on in 2019), and NSFR requirements.

  15. Do banks have to publish their financial statements? Is there interim reporting and, if so, in which intervals?

    Yes, banks in Malta have to publish their financial statements in accordance with the disclosure require-ments stipulated under the CRR as well as the MFSA Banking Rule 7 of 2014 Publication of Annual Re-port and Audited Financial Statements of Credit Institutions Authorised under the Banking Act 1994. To this effect, the MFSA expects that the published Annual Report shal include a Directors’ Report, a Statement of Directors’ Responsibilities, a Report of the Auditors on Financial Statements, a complete set of financial statements including notes thereto, additional regulatory disclosures set out in the Rules, five year summary figures, and supplementary financial information also set out in the Rules.

    Moreover, with respect to interim reporting requirements applicable to banks, the MFSA Banking Rule 7 of 2014 obliges credit institutions to submit a copy of the auditors’ management letter and the institu-tion’s reply thereto within six (6) months from the closing of its financial year. Also, in the case of a cred-it institution, whose securities are admitted to trading on a regulated market, the MFSA Listing Rule 5.74 would apply. In this regard, credit institutions would need to make public a half-yearly financial report covering the first six (6) months of each financial year. This half-yearly financial report shall contain at least the following items:

    • A condensed set of financial statements;
    • An interim directors’ report;
    • Statements made by the persons responsible within the credit institution, whose names and functions shall be clearly indicated, to the effect that, to the best of their knowledge, the condensed set of financial statements which has been prepared in accordance with the applicable set of accounting standards, gives a true and fair view of the assets, liabilities, financial position and profit or loss of the credit institution, or the undertakings included in the consolidation as a whole and that the interim directors 70 report includes a fair review of the information required in terms of Listing Rules 5.81 to 5.84;
    • When the half-yearly financial report has been audited or reviewed, the Auditors’ report shall be reproduced in full, together with any reasoned qualifications which may have been made; and
    • If the half-yearly financial report has not been audited or reviewed, the credit institution shall make a statement to that effect in its report.

    Additionally, the Banking Act require a credit institution to exhibit and keep so exhibited throughout the year, a copy of its audited financial statements in a conspicuous position in each of its offices and branches in Malta. In the MFSA’s view, this exhibit should also include a Directors’ Report, a Statement of the Directors’ Responsibilities and a Report of the Auditors on Financial Statements and should be accompanied by a note to the effect that the published Annual Report is kept and is made available to any person(s) interested in viewing it. Moreover, in terms of the Companies Act (Cap. 386 of the laws of Malta), credit institutions are expected to adhere to International Accounting Standards and International Financial Reporting Standards as may be issued from time to time by the International Accounting Standards Board and as adopted by the EU when preparing financial statements subject to publication.

  16. Does consolidated supervision of a bank exist in your jurisdiction? If so, what are the consequences?

    Yes and the relevant provisions are set out in the Supervisory Consolidation Regulations 2014 (L.N. 31 of 2014), which implement the relevant articles of the CRD on the matter. In terms of these Regulations, the MFSA shall exercise supervision on a consolidated basis in the follow-ing circumstances:

    a) where the parent undertaking is a parent institution or an EU parent institution, licensed in terms of the Banking Act;

    b) where the parent of an institution licensed in terms of the Banking Act is a parent financial holding company or parent mixed financial holding company in a Member State or an EU parent financial holding company or EU parent mixed financial holding company;

    c) where institutions authorised in two or more Member States, and one of the institutions is an institution licensed in terms of the Banking Act, have as their parent the same parent financial holding company, the same parent mixed financial holding company in a Member State, the same EU parent financial holding company or the same EU parent mixed financial holding company established in Malta;

    d) where institutions authorised in two or more Member States, one of which is Malta, have as their parent more than one financial holding company or mixed financial holding company with head offices in different Member States, one of which is Malta and there is a credit insti-tution in each of these Member States and the credit institution which is licensed in Malta has the largest balance sheet total;

    e) where the parent financial holding company or parent mixed financial holding company is established in a Member State other than Malta and it has more than one institution authorised in the European Union other than the Member State where the financial holding company is set up, one of which is licensed in Malta, and the institution licensed in Malta has the largest balance sheet total.

    In addition to the obligations imposed by the provisions of the Banking Act and any regula-tions or Rules made thereunder transposing the requirements of the CRD, and by the CRR, the MFSA acting as consolidating supervisor, shall carry out the following tasks:

    • coordination of the gathering and dissemination of relevant or essential information in going concern and emergency situations;
    • planning and coordination of supervisory activities in going concern situations, includ-ing in relation to the activities relating to supervision on a consolidated basis in coop-eration with the European regulatory authorities;
    • planning and coordination of supervisory activities in cooperation with the European regulatory authorities involved, and if necessary with European System of Central Banks, in preparation for and during emergency situations, including adverse develop-ments in institutions or in financial markets using, where possible, existing channels of communication for facilitating crisis management;
    • have written coordination and cooperation arrangements in place with European regula-tory authorities responsible for supervising the other members of the group; and
    • establish colleges of supervisors.
  17. What reporting and/or approval requirements apply to the acquisition of shareholdings in, or control of, banks?

    Any person who acquires, directly or indirectly, at least 5% but less than 10% of the share capital or of the voting rights in a credit institution must inform the MFSA in writing, indicating the size of the share-holding.

    Further, all shareholders meeting the definition of a ‘qualifying shareholder’ must be approved by the MFSA prior to effectively becoming a shareholder of a credit institution. For this purpose, a ‘qualifying shareholding’ is defined by the Banking Act as a direct or indirect holding in an undertaking which represents 10% or more of the share capital or of the voting rights, or which makes it possible to exercise a significant influence over the management of the credit institution in which that holding subsists. Qualify-ing shareholders who are individuals must submit a Personal Questionnaire to the MFSA, together with a recent police conduct certificate as well as a certified passport copy and recent utility bill confirming the residential address. Qualifying shareholders other than individuals are required to submit a Corporate
    Questionnaire, accompanied by the audited financial statements of the last three years, as well as copies of applicable constitutional documents.

    In assessing the application for approval as qualifying shareholder, the MFSA aims to ensure the sound and prudent management of the credit institution in which an acquisition is proposed, and have regard to the likely influence of the proposed acquirer on the credit institution. For this purpose, it shall appraise the suitability of the proposed acquirer and the financial soundness of the proposed acquisition.

    Further increases, directly or indirectly, to such qualifying shareholding in a credit institution as a result of which the proportion of the voting rights or of the capital held would reach or exceed 20%, 30% or 50%, would also require MFSA prior approval.

    Any disposals of qualifying shareholdings must be notified to the MFSA in accordance with the applicable thresholds.

  18. Does your regulatory regime impose conditions for eligible owners of banks (e.g., with respect to major participations)?

    Apart from the notification and approval requirements set out in our reply to Q17, eligible owners of banks must keep the MFSA informed of any changes to the information they would have submitted when applying to be approved as qualifying shareholders.

  19. Are there specific restrictions on foreign shareholdings in banks?

    No, as long as the proposed acquirer meets the assessment criteria referred to in our reply to Q17.

  20. Is there a special regime for domestic and/or globally systemically important banks?

    There are three domestic systemically important banks in Malta, referred to as Other Systemically Important Institutions (“O-SII”). Such O-SIIs are subject to an additional capital buffer which is aimed at mitigating the vulnerability of the domestic financial system and the real economy to the failure of systemically important institutions. The O-SII capital buffer is a macro-prudential tool legally embedded in the CRDIV/CRR framework which, in turn, has been domestically transposed in Central Bank of Malta Directive No. 11 and MFSA Banking Rule 15. The O-SII buffer consists of a capital surcharge applied to institutions that may, in the event of failure or impairment, have considerable impact on the financial system and the real economy. This additional capital buffer is applied to domestically significant institutions to increase their resilience by increasing their loss absorbing capacity and thus ensuring that they pose minimal risk to the domestic economy in the form of externalities.

  21. What are the sanctions the regulator(s) can order in the case of a violation of banking regulations?

    In terms of the Banking Act, the MFSA may inter alia, impose restrictions if it considers that the credit institution has failed to comply with any of the provisions of the Banking Act or any regulations or Banking Rules made thereunder, or with the conditions under which the licence is granted. These restrictions may include such restrictions as the MFSA shall consider appropriate for the proper compliance by the credit institution with the provisions of the Banking Act and the conditions, if any, of its licence, and for the protection of depositors. Such restrictions may include requiring or prohibiting the credit institution from undertaking any transaction or transactions or any class of business or be permitted to undertake any transaction or transactions or any class of business only upon such terms as the competent authori-ty may prescribe. Where any person fails to comply with any of the conditions imposed in a licence, and, or where the MFSA is satisfied that a person’s conduct amounts to a breach of any of the provisions of banking regulations, or such person has failed to comply with a directive issued by the MFSA as afore-mentioned, the MFSA may, by notice in writing and without recourse to a court hearing, impose on such person an administrative penalty of:

    • up to twice the amount of the benefit derived from the breach where that benefit can be deter-mined;
    • in the case of a natural person, up to €5,000,000; or
    • in the case of a legal person, up to 10% of the total annual net turnover of the undertaking in the preceding business year including the gross income consisting of interest receivable and similar income, income from shares and other variable or fixed-yield securities, and commissions or fees receivable in accordance with Article 316 of the CRR (provided that, in the case of a subsid-iary of a parent undertaking, the relevant gross income shall be the gross income resulting from the consolidated account of the ultimate parent undertaking in the preceding business year).

    Depending on the seriousness of the breach, the MFSA may also decide to suspend or withdraw the banking licence. More broadly, the MFSA may, whenever it deems necessary, give, by notice in writing, such directives as it may deem appropriate in the circumstances in order to carry out its functions and duties.

  22. What is the resolution regime for banks?

    The resolution regime for banks is governed by the BRRD, which has been transposed locally by means of the Recovery and Resolution Regulations(Subsidiary Legislation 330.09 of the Laws of Malta), in accordance with the Single Supervisory Mechanism (“SSM”) and the Single Resolution Mechanism (“SRM”). These Regulations empower inter alia, require credit institutions to draw up recovery and resolution plans and set out the resolution tools available to the Resolution Committee (established by these regulations) which are to be triggered where the conditions established by these Regulations arise. To this effect, the Resolution Committee is empowered to utilise a range of resolution tools (i.e. sale of business tool, bridge institution tool, asset separation tool, and bail-in tool) depending on the circumstances.

    As part of their obligations under these Regulations, banks are required to draw up and recovery and resolution plans covering the matters set forth in the Regulations, and keep these updated.

  23. How are client’s assets and cash deposits protected?

    Client’s assets are subject to the Investor Compensation Scheme Regulations (S.L. 370.09). Generally speaking, the Investor Compensation Scheme is triggered when an institution stops trading or becomes insolvent, and covers 90% of an institution’s net liability to an investor in respect of investments which qualify for compensation, subject to a maximum payment to any one person of €20,000.

    Cash deposits are subject to the Depositor Compensation Scheme Regulations (S.L. 371.09). If a deposit is unavailable because a credit institution is unable to meet its financial obligations, depositors are repaid by the Depositor Compensation Scheme, in accordance with these Regulations. This repayment covers a maximum of €100,000 for the aggregate deposits of each depositor, provided that a higher compensation of up to €500,000 may be payable in the case of a temporary high balance.

  24. Does your jurisdiction know a bail-in tool in bank resolution and which liabilities are covered?

    Yes, the Recovery and Resolution Regulations provide for a bail-in tool which can be applied by the Resolution Committee for any of the following purposes:

    (a) to recapitalise an institution to the extent sufficient to restore its ability to comply with the conditions for obtaining a licence and to continue to carry out the activities for which it is licensed and to sustain sufficient market confidence in the institution;

    (b) to convert to equity or reduce the principal amount of claims or debt instruments that are transferred:
    (i) to a bridge institution with a view to providing capital for that bridge institution; or (ii) under the sale of business tool or the asset separation tool.

    The bail-in tool may be applied to all liabilities of an institution, excluding the following liabilities whether they are governed by the law of Malta, of another Member State or of a third country:

    a. covered deposits:

    b. secured liabilities including covered bonds and liabilities in the form of financial instruments used for hedging purposes which form an integral part of the cover pool and which according to Maltese law are secured in a way similar to covered bonds;

    c. any liability that arises by virtue of the holding by the institution of client assets or client money including client assets or client money held on behalf of UCITS or of AIF’s, provided that such a client is protected under the applicable insolvency law;

    d. any liability that arises by virtue of a fiduciary relationship between the institution (as fiduciary) and another person (as beneficiary) provided that such a beneficiary is protect-ed under the applicable insolvency or civil law;

    e. liabilities to institutions, excluding entities that are part of the same group, with an original maturity of less than seven days;

    f. liabilities with a remaining maturity of less than seven days, owed to systems or opera-tors of systems designated according to Directive 98/26/EC or their participants and arising from the participation in such a system;

    g. a liability to any one of the following: (i) an employee, in relation to accrued salary, pension benefits or other fixed remuneration, except for the variable component of remuneration that is not regulated by a collective bargaining agreement (provided that this shall not apply to the variable component of the remuneration of material risk takers as identified in Article 92(2) of the CRD); (ii) a commercial or trade creditor arising from the provision to the institution of goods or services that are critical to the daily functioning of its operations, including IT services, utilities and the rental, servicing and upkeep of premises; (iii) tax and social security authorities, provided that those liabilities are preferred under the applicable law; (iv) deposit guarantee schemes arising from contributions due in accordance with Directive 2014/49/EU.
    In exceptional circumstances, where the bail-in tool is applied, the Resolution Committee may exclude or partially exclude certain liabilities from the application of the write-down or conversion powers where:

    • it is not possible to bail-in that liability within a reasonable time notwithstanding the good faith efforts of the Resolution Committee;
    • the exclusion is strictly necessary and is proportionate to achieve the continuity of critical functions and core business lines in a manner that maintains the ability of the institution under resolution to continue key operations, services and transactions;
    • the exclusion is strictly necessary and proportionate to avoid giving rise to widespread contagion, in particular as regards eligible deposits held by natural persons and micro, small and medium sized enterprises, which would severely disrupt the functioning of financial markets, including of financial market infrastructures, in a manner that could cause a serious disturbance to the economy of Malta, of another Member State or of the EU; or
    • the application of the bail-in tool to those liabilities would cause a destruction in value such that the losses borne by other creditors would be higher than if those liabilities were excluded from bail-in.
  25. Is there a requirement for banks to hold gone concern capital (“TLAC”)?

    No, although it is worth noting that there are no globally systemic important banks in Malta. This notwithstanding, under the Recovery and Resolution Regulations, institutions in Malta are required to meet at all times at all times a minimum requirement for own funds and eligible liabilities (“MREL”).

  26. In your view, what are the recent trends in bank regulation in your jurisdiction?

    The MFSA closely follows EU banking regulation and strives to implement this locally in a timely manner. All Maltese banks are expected to comply with guidelines and standards issued by EU bodies, which are generally endorsed by the MFSA as soon as they are issued. From a practical perspective, the MFSA is mindful to deploy its supervision and enforcement strategy in a manner which is proportionate to the nature, scale and complexity of Maltese banks.

    As the regulatory landscape remains in a state of flux, institutions are likely to retain their focus on risk and compliance initiatives specific to the banking regulatory framework but also pay close attention to data protection issues (including data quality and automation) as well as cyber threats, in light of the incumbent general data protection regulation. Similarly, banks in Malta are currently adapting to the new anti-money laundering framework which requires a novel risk-based approach to customer due diligence.

    Moreover, during the past year, Malta has positioned itself as a key player in the world of Distributed Ledger Technologies and Digital Assets. To this effect, local regulators and stakeholders have adopted a broad and open collaborative approach so as to strike a balance between safeguarding Malta as a jurisdiction of financial stability, albeit while fostering an environment in which innovation may thrive. The newly introduced regulatory framework has indeed bolstered Malta into an advantageous, first-mover position, rendering it a jurisdiction of choice for innovators. For instance, the Virtual Financial Assets Act (the “VFA Act”) constitutes the cornerstone of the regulatory framework as it introduces a regulatory regime which encompasses a new class of digital assets as well as ancillary services and product offering relating thereto, including ICOs, Crypto-Exchanges, VFA Agents and VFA Service Providers. The VFA Act constitutes a gateway to the digitalisation of the economy and provides an avenue for new streams of digital alternative finance and investment opportunities. Hence, will be interesting to keep track of the development of virtual financial innovations and assess how certain developments and changes in market trends, tastes and preferences will indeed affect the banking industry.

  27. What do you believe to be the biggest threat to the success of the financial sector in your jurisdiction?

    There are no specific issues which are likely to threaten the success of the Maltese financial sector in Malta. There are, however, a number of challenges which Maltese institutions are likely to face over the coming months and years. Broadly speaking, EU regulation is typically targeted at relatively large and complex institutions, which do not necessarily reflect the nature of Maltese institutions. To this end, Maltese banks may struggle to keep up with the pace of change (due to lack of expert resources) and may also find compliance costs to be too onerous in comparison with their business model. This will continually pose as a threat since although the role of proportionality in banking regulation in this regard is important for the reduction of compliance costs for relatively small institutions, the universal and complete application of banking legislation may be jeopardized. This would in turn generate market distortions and unduly penalise the competitive position of certain entities without strong prudential justification.

    Additionally, technology, particularly fintech initiatives, is another issue of concern to smaller institutions in particular. More specifically, all institutions, irrespective of their size and resources, are expected to invest in technology so as not to be driven out of the market and meet the ever-increasing demands of consumers and regulators. Those institutions that do not have the capacity to do so, may struggle.