On 16 March 2021, Act No. L of 2020 (the “CSP Act”), which amends the Company Service Providers Act, Chapter 529 of the laws of Malta, came into force. The CSP Act has brought about various amendments to the regulatory framework for Company Service Providers (“CSPs”) which will require all persons providing services as a CSP to apply for authorisation from the MFSA. The CSP Act has also put forward various new requirements which raises the bar for CSPs, such as implementing the categorisation of CSPs into different classes and the removal of previous exemptions applicable to warranted professionals and de minimis operators.
In parallel with the coming into force of the CSP Act, the Malta Financial Services Authority (the “MFSA”) issued a circular announcing the revisions to its Rulebook for CSPs (the “Rulebook”), with the main changes being summarised below.
Authorisation Requirements
A person who, by way of business, provides services as a director or company secretary of one or more companies, a partner in a partnership or a similar position in other legal entities, is subject to authorisation as a CSP in his own name. The Rulebook further adds that in so far as such director or company secretary is acting in a private capacity, meaning that such person is considered as a beneficial owner or has a substantial financial interest in, or possesses special voting rights in a company, partnership or other legal entities in which he holds such position(s), then that person will not be subject to authorisation in terms of the CSP Act.
The MFSA has further clarified that persons who already are in possession of a registration as a CSP do not need to apply for authorisation and will be contacted by the MFSA with respect to their class categorisation.
Under threshold Class A and Under threshold Class B
Under this new regime, the MFSA has introduced certain requirements and thresholds that must not be exceeded in order for practitioners to be classified as Class A and Class B under thresholds. Prior to the newly updated Rulebook, for under threshold Class A, only individuals in possession of a warrant to carry out the profession of advocate, notary public, legal procurator or certified public account could apply. However, the Rulebook has now included civil partnerships to the list. In the case of Class B under threshold, in so far as they are acting as director or secretary of a company, a partner in a partnership, or in a similar position in relation to other legal entities, the limit on the number of involvements such individuals may hold has been changed from five to ten.
Furthermore, if on a calendar year basis, an under threshold Class A CSP or under threshold Class B CSP, exceeds the applicable threshold for under Class A CSP or Class B CSP as set out in the Rulebook, such CSP must inform the MFSA immediately and in writing. Within a period of three months, such CSP must take reasonable steps to determine whether an application for authorisation as an over threshold Class A CSP is required and if so, upon expiry of the three months, the CSP must inform the MFSA and proceed to apply for authorisation accordingly.
Compliance Officer
The Rulebook has included a rule which holds that in the case where a CSP is a natural person and is authorised under threshold Class A or under threshold Class B, then such person shall himself be considered as being the compliance officer. Additionally, such CSPs are now required to prepare a compliance report which upon request, must be presented to the MFSA on an annual basis.
Money Laundering Reporting Officer (MLRO)
In relation to CSPs that are individuals, they must undertake the role of the MLRO themselves, and may or may not be the compliance officer. The latter rule previously also included ‘and/or managing director’, but this has been removed. With respect to applications for multiple roles by legal persons, these will continue to be assessed on a case-by-case basis by the MFSA. Moreover, where a CSP appoints an MLRO and approval by the MFSA is given, the CSP must inform the FIAU and will need to register themselves as the entity’s MLRO through the FIAU CASPAR platform. While the MFSA expects that MLROs possess both relevant qualifications and experience, the MFSA may consider, if sufficient, an application based on experience alone.
Risk Management
In managing its risks, the Rulebook holds that CSPs holding a Class C authorisation must establish and maintain a risk management function which independently implements policies and procedures as specified therein, as well as undertakes the task of the provision of reports and advice to senior management. Prior to the revisions in the Rulebook, these actions related to CSPs as a whole and not just Class C CSPs.
For any further information on the application for authorisation as a CSP and the changes implemented within their legal framework, please do not hesitate to contact us.
