Wait, don't go!

Sign up to our newsletter to be the first to know about new developments at Diligex!




    I consent to Diligex storing my personal data provided for the sole purpose of responding to my enquiry and administering my request.

    Call the incident response team of our strategic cybersecurity partner, Thomas Murray, on the emergency 24/7 UK line +44 (0) 2074594888, for immediate help from their experts.

    Getting ready for the new Corporate Services Provider (CSP) regime

    This article has first been published in the Times of Malta on 03/02/2021

    Regulatory reform of Malta’s CSPs business is coming to a conclusion.  A revised CSP Act has received Parliamentary approval, and is awaiting Ministerial sign-off before coming into force.  The MFSA has begun consulting on new CSP rules, and the necessary new legal regulations are unlikely to be delayed by controversy.

    Why are we here?

    Both the EU’s supranational risk assessment and Malta’s national risk assessment identify the CSP business as being exposed to a high level of threat and vulnerability to Money Laundering and Terrorist Financing (ML/TF).  Malta’s disappointing performance in the earlier Moneyval evaluation has put the country under intense pressure to introduce stricter supervisory regimes for activities which are deemed vulnerable and lack effective supervision.  The CSP business is in the crosshairs of this regulatory reform.

    What are the changes?

    It is difficult to summarise the regulatory changes to CSPs in a few paragraphs.  The governing principle behind the reforms is to bring more providers within scope of the CSP Act and to raise standards of conduct across the business.  Under the new regime warranted professionals (Advocates, Notaries, Legal Procurators, Accountants, and Auditors) who were previously exempt from the CSP Act, will now come within scope of the Act, or have to cease business, save for two narrow exemptions.  CSPs will now have to develop ‘legal personalities’ and obtain ‘authorisation’ into one of three Classes of CSP licence.  With authorisation comes a series of conduct obligations concerning: governance, risk management, fit and proper tests, and demonstration of effective AML/CFT defences, particularly at client on boarding.  Plus, there are hefty sanctions for failure to comply with the law and rules.

    Whilst the amended law seeks to remove exemptions, one major exemption which is likely to be retained is for persons licenced under the Trusts and Trustees Act, who are expected to be able to continue to offer CSPs services under their existing licence.

    The three Classes of CSP licence may be summarised as follows:

    • Class A – Company formation, provision of registered office, and business address;
    • Class B – Acting or arranging for another to act as a director, secretary, or partner; and
    • Class C – Class A and B combined.

    With the following two exemptions

    • Under threshold Class A – Individual warrant holders restricted to company formations only, the size of their company formations business is capped.
    • Under threshold Class B – Individuals who hold not more than five involvements as a director, company secretary, or partner.

    Some of the more interesting reforms

    CSPs will be obliged to conduct an all risks analysis of their business.  With an all risks business analysis comes the establishment of a risk management function, and the production of a client risk register.

    Class B CSPs will have to undertake a fit and proper assessment of their senior management and candidates for director, secretary, partner, compliance and MLRO roles.  Fitness will be assessed on professional experience, qualifications, and the ability to commit the necessary time to a specific role.  Properness focuses on integrity and solvency.

    A CSP’s authorisation may be cancelled where it is found in breach of its governance and control framework, or having been found liable, by the FIAU, for serious and repeated breaches, or a systematic breach of the PMLA, and PLFTR.  The maximum administrative penalty has increased from €25k to €50k.

    There is also a new obligation on the CSP’s auditor to inform the MFSA of a serious qualification or refusal of the auditor’s report; a material breach in legal or regulatory requirements; or the CSP’s ability as a going concern.

    Transitional provisions

    Article 3(1a) of the amended CSP Act exempts ‘warrant holders’ from authorisation for up to eight months from when the amended Act comes into force.

    In the amended Act there is a new Article 19 – ‘transitory provisions’: which provides for an eight-month extension (from when the amended Act comes into force) for CSP providers not previously required to register, after which they must cease providing these services unless:

    • Within two months of the amended Act going into force they have applied for authorisation, and have been authorised as an under-threshold CSP; or
    • Within two months of the amended Act going into force they have applied for authorisation, and have been provisionally authorised as an over-threshold CSP, subject to the submission of additional information and a fee.

    The MFSA has eight months from when the amended Act comes into force to Authorise under-threshold and pre-Authorise over-threshold CSPs, which were previously exempt from Registration.  During the provisional authorisation process the MFSA will categorise the CSP into one of the three Classes: A, B, or C.

    CSPs previously registered under the Act will be considered as authorised under the amended Act when it comes into force, and then subject to classification under the Act.  They will have six months in which to put in place the necessary measures to comply with the amended Act and MFSA Rules.

    Charles Cronin. CFA, Head of Client Relations and Business Development, Diligex