Supervision Risks Identified, Weaknesses and Expected Controls – Part I

by , on Mar 09, 2020 04:41:23 AM


The Malta Financial Services Authority (MFSA) published a document on ‘Supervision Risks Identified, Weaknesses and Expected Controls’, which outlines the risks posed by authorized firms, certain weaknesses exhibited in their operation and the controls which are to be put in place to mitigate these risks. This series of three articles will provide an overview of the risks, weaknesses and controls in the areas of Credit and Financial Institutions, Securities and Markets, and Trustees and CSPs.

Part 1 – Credit and financial institutions


The main risks identified with regards to credit and financial institutions are non-financial corporate loans, technology risks, and business models. Dependence on technology by credit and financial institutions using, for example, biometric authentication and big data poses significant risk due to heightened exposure to legal, conduct, cyber security and third-party risks. The third risk identified is the lifecycle and business lines of credit and financial institutions. Since a number of banks and financial institutions are still at the growth stage of their business life cycle, the search for business brings about increased exposure to risk.


The MFSA has identified several reoccurring weaknesses among credit and financial institutions. Firstly, non-performing loans, while on the decline, still negatively impact credit quality. Credit institutions’ exposure to residential real estate is also identified as a weakness, however this has been partly addressed through the MFSA’s issuance of borrower-based measures aimed at safeguarding against vulnerabilities which could arise through economic instability. Another weakness is financial institutions’ failure to provide the required assurances that customers’ funds are kept segregated from the institutions’ own funds as required by the Financial Institutions Act. Another deficiency is the provision of inadequate information regarding bank accounts to customers by bank branch representatives. This is exacerbated by the bank branch representatives’ insufficient knowledge on the credit institutions’ products which hinders their capability of handling customers’ queries. For example, bank branch representatives are not always knowledgeable about the Payment Account with Basic Features (PABF), and information on such is not always offered to customers. Furthermore, credit institutions fail to make information on fees and charges readily available and their websites do not list all the disclosures required under the Payment Account Regulation.

Expected Controls

The MFSA expects licensed entities to have certain controls in place. With regards to technology risk, IT frameworks must be in place which are up to the required standard, and outsourcing must be monitored continuously. Furthermore, IT systems must constantly be monitored to minimize the risk of attacks. With regards to credit risk, credit institutions must ensure good credit quality and maintain a non-performing loan ratio in accordance with European standards. With regards to the provision of information to customers, bank branch representatives must provide sufficient information to customers on the different types of bank accounts available which must include at minimum information on the process of opening an account, the Terms and Conditions, the Fee Information Document and the Depositor Compensation Scheme. In this regard, all branch representatives who come into contact with customers should be provided with adequate training.

Credit institutions with five or more branches in Malta must present the PABF to all customers enquiring on the opening of a bank account, and MFSA material on the PABF must be displayed in the respective branches. Credit institutions must also ensure that the Tariff of Charges is available in all branches and on the website.

The MFSA’s Supervision: Risks Identified, Weaknesses and Expected Controls can be accessed here. For more information, please do not hesitate to contact us on [email protected].