COVID-19: Guidance issued by the MFSA to Consumers & the Industry: Part I

by , on May 05, 2020 09:55:08 AM

Guidance to Consumers

The Malta Financial Services Authority (the “MFSA”) has issued several guidelines in order to advise consumers on the use of financial services during the COVID-19 pandemic. These guidelines include a guidance document on important information regarding COVID-19, a circular on information for consumers on coverage under insurance policies in the context of COVID-19, and a circular on communication for consumers in relation to cybersecurity, the contents of which will be outlined below.

 Circular on Important Information regarding COVID-19

 In the past weeks the Authority has implemented several measures in order to safeguard consumers after consultation with regulated entities to assess the impact of COVID-19. The circular outlines precautionary measures which consumers should adopt when buying financial products or services.

 Online Banking

 Online or mobile banking services are encouraged in order to adhere to social distancing guidelines, and increased use of such services is likely to take place along with online payments, thus consumers are advised to pay extra attention to their online security. Any queries regarding costs and charges related to banking products should be forwarded to bank representatives. Consumers should also keep up to date with the latest notices issued by Banks about banking services and instructions on visiting bank branches.


 Consumers seeking to invest, buy or sell an investment need to exercise caution when relying on current information due to the fast-paced changes taking place in the market, thus available information may be outdated. The MFSA has even extended certain reporting deadlines thus updated financial information on the issuers may be unavailable. Caution must be exercised especially when dealing with investments involving medical or scientific solutions to the pandemic such as vaccines. Investors are strongly advised to contact a licensed financial intermediary prior to making any investments.


 The general public is urged to be cautious of fraudulent schemes and financial scams taking advantage of the COVID-19 pandemic, such as investments for developing cures, donations, health insurance policies, as well as phishing websites and emails with malicious content. Such scams have certain common features which consumers should be aware of; such as offers of money, requests for personal or account information, and unexpected contact. Consumers should not click on links or emails from unknown senders and not give out personal information such as bank details. Suspicious transactions should be reported on

 Consumers should make sure to only buy financial products or services from regulated entities, which are listed in the Financial Services Register.

 Circular on Coverage under Insurance Policies in the context of COVID-19

 The Authority has also been liaising with authorized insurance companies to assess the impact of COVID-19 on their clients. Through this circular, the Authority seeks to inform consumers on possible affects of the pandemic on various insurance products. Firstly, consumers should note that any changes to the terms and conditions of insurance policies which were issued prior to the outbreak of COVID-19 cannot apply retrospectively. However, new policies may be issued which specifically exclude risks related to COVID-19. Thus, consumers should pay attention to the policies’ wording, terms and conditions and exclusion clauses. Any policy holders who have experienced a change in circumstances due to the pandemic should contact their insurance company to discuss such changes and their potential effect on policies.

 Travel Insurance

 When it comes to travel insurance, in the event of holiday cancellations consumers should contact their travel agent or travel provider and may also refer to the press release issued by the Malta Competition and Consumer Affairs Authority (the “MCCAA”). While exclusions related to COVID-19 may have not been included in Travel Insurance Policies prior to the outbreak, consumers seeking to purchase Travel Policies in the future should request clarification from insurance companies in this regard. In case where a holiday had to be extended due to mandatory requirements for self-isolation, those affected should contact their insurance provider. For those planning to travel, the travel guidelines issued by the Government of Malta must be consulted, and travel contrary to such guidelines may render an insurance policy invalid except in the case of essential travel.




  • Health insurance – Active health insurance policies may offer the possibility of claiming treatment for COVID-19, subject to the policy’s terms and conditions.
  • Home insurance – Policy holders should contact their insurance company if certain activities are being performed from different locations or certain items are being kept in a different location, as this may not be covered by existing home insurance policies.
  • Event cancellations – Ticket operators or event organizers are the main point of contact who may reschedule the event or provide a refund.
  • Product Suspensions – The MFSA does not have the power to prevent firms from discontinuing certain products from the market for new clients. Consumers seeking to purchase insurance coverage should contact authorized insurance companies or intermediaries to find the appropriate products for their requirements.
  • Monthly payment premiums – Consumers performing monthly premium payments under their insurance policy who are unable to make such payments due to financial difficulty are encouraged to contact their insurance company for further guidance based on their specific circumstances.
  • Insurance Policy renewal – In case of insurance policies due for renewal, insurance companies should be contacted in order to allow time for renewal.
  • Scams – Consumers should exercise caution with regard to scams involving the distribution of insurance policies.

 Circular on COVID-19 Cybersecurity

 Social distancing measures introduced to prevent the spread of COVID-19 have increased the general public’s dependence on technology. This increased usage could lead to malicious scams and cybersecurity threats, thus the MFSA has provided guidance on the secure use of the internet for consumers of Financial Services, which is outlined below.

  • Information about COVID-19 should be sought from official sources such as the public health authorities and the World Health Organization (WHO). Caution should be exercised around emails, links, and websites claiming to provide information about the virus.
  • The European Commission is liaising with authorities such as EUROPOL to educate the general public on cybersecurity and mitigate related threats.
  • Passwords should be changed regularly, and different passwords should be used on different devices, accounts and applications. Passwords should also be strong and multiple layers of authentication should be implemented where possible.
  • All devices should be secured through passwords, PINS or biometrics, or a combination of these. Devices should also be set to lock automatically.
  • Consumers should only connect to secure networks, as unsecure network connections could lead to unauthorized access to information.
  • Data should be regularly backed up on separate storage devices.

Guidance to the Industry

The MFSA has issued a number of circulars highlighting its expectations of the measures which licensed entities must implement in light of the COVID-19 pandemic, as well as information which it expects to receive in order to facilitate its supervisory role.

 Circular for Insurance and Reinsurance Undertakings

On the 11th March 2020 the MFSA issued a circular outlining the measures which insurance and reinsurance undertakings were expected to put in place in light of the developments of the COVID-19 outbreak. The MFSA reiterated the requirement that all licensed entities should have contingency plans in place as required under Chapter 6 of the Insurance Rules issued under the Insurance Business Act Chapter 403 of the Laws of Malta. Undertakings were required to test their contingency plans if they had not yet done so and ensure that all regulatory obligations were met. Furthermore, undertakings were required to ensure that policyholders could still receive adequate services, even if such services were provided from backup sites or if staff worked from home.

Undertakings which failed to implement a contingency plan or failed to implement a contingency plan satisfying the MFSA’s requirements were required to notify the MFSA and provide a plan outlining how services will continue to be provided and when an adequate contingency plan will be put in place. Undertakings servicing retail clients were also required to ensure that service continuity procedures took vulnerable customers, such as the elderly, into account.

The Circular also outlined the MFSA’s expectations regarding Policy Terms and Conditions. Undertakings servicing retail clients were requested to inform the MFSA on the interpretation of claims related to COVID-19 under existing policies and the reasons for such interpretation. Information was also required on the effects of this interpretation on current policyholders and the position the undertaking will adopt with regard to the issuance of new policies. Furthermore, information was requested on whether any of these decisions were communicated to the undertakings’ product distributors, and if so, copies of such communication were to be forwarded to the MFSA.

The Circular also outlines that prior to imposing any product restrictions in relation to COVID-19, Conduct Supervision must be informed of such 24 hours prior to implementation. The information requested in this circular was to be submitted to the MFSA by the 18th March 2020.

MFSA’s Expectations in the Context of Coverage Under Insurance Policies for Claims Arising out of COVID-19

This circular issued on the 20th March 2020 lists the MFSA’s expectations for all insurance undertakings providing services to retail clients with regards to claims related to COVID-19 under insurance policies. Firstly, the MFSA reiterates that changes in terms and conditions relating to existing policies cannot be applied retrospectively. Undertakings must clarify the interpretation of claims related to COVID-19 under claims which cover consequential loss; existing policies should not be subject to limitations of consequential loss in the case of claims arising from COVID-19, however such limits may be imposed when issuing new policies. In the case of existing policies, original policy wording is thus applicable. With regard to policies covering medical conditions, blanket exclusions for claims arising from COVID-19 are unacceptable and treatment for such must be covered where the limits established by the policy capture such claims. Regarding travel policies, insurance undertakings may remind policy holders of their obligation to mitigate their loss in order to be covered for cancellation costs. Undertakings should also adapt their client-facing processes to ensure that all necessary information is obtained, thus proposal forms or underwriting decisions may need to be amended.

Any changes made to insurance products due to COVID-19 should be processed through the undertaking’s product approval process.

Customer protection in the event of disruption, suspension of termination of a product or service

In this circular issued on the 25th March 2020 the Authority sets out its expectations regarding the measures which firms must have in place to handle complaints in light of the COVID-19 crisis and the market disruptions it caused. As highlighted in previous Circulars, the MFSA is reviewing Business Continuity Plans, which should include customer communication strategies and plans in place to cater for serious disruptions to the firm’s business, products or services. License Holders should constantly monitor the risks they are exposed to and where a significant risk of disruption is identified, the License Holder should engage with the MFSA and provide any relevant documentation. The MFSA also expects information regarding changes, interruptions or withdrawals of services.

Firms must ensure that adequate resources are available to handle a possible increase in customer complaints, in particular having resources to cater for high call volumes. Customers must also be furnished with information explaining their rights and instructions as to how they may forward their complaints, and any statutory compensation measures they may be entitled to. Customer facing staff should thus be trained accordingly where so required. Firms must ensure that customer records are kept up to date as these may be requested in the event of significant disruption.

License holders are invited to voluntarily provide the MFSA with information regarding increased customer complaints in relation to COVID-19 on [email protected]

COVID-19 Cybersecurity – Communication for the Industry

The MFSA issued a Circular on the 26th March 2020 warning license holders on potential cybersecurity risks brought about by COVID-19. Various organizations are currently exposed to heightened cybersecurity risk, particularly those in the financial services sector. This risk is exacerbated by the adoption of remote working arrangements which is likely to increase exposure if adequate security measures are not put in place. Major cybersecurity organizations such as ENISA, CERT-EU and EUROPOL have reported cases where the pandemic was used for phishing attempts which could lead to theft of data and credentials as well as fraud.

In this light, license holders must ensure that staff are informed about cybersecurity risks and developments in this regard. Firms’ processes and technologies must also be resilient to these risks by ensuring cybersecurity preparedness. License Holders may contact the MFSA Supervisory ICT Risk and Cybersecurity for further guidance on [email protected].

To keep up to date with the latest developments on the legal ramifications of COVID-19, check out our dedicated website page or contact us on [email protected].