Risk Based Supervision: MFSA strengthens Supervisory Approach

The MFSA is responsible for continuously regulating, monitoring and supervising firms in the financial services industry in Malta. This is key to safeguarding the integrity, prosperity, innovation and trust in the Maltese financial services sector.

To increase its supervisory effectiveness, the MFSA adopts a risk-based approach to supervision that considers potential macro and micro prudential, conduct and financial crime risks associated with the firms we oversee. Risk-based supervision revolves around the idea that as a regulator we have a finite number of resources that must be deployed where they can make the greatest difference. Adopting a riskbased approach therefore allows us to allocate resources on firms which are most significant and on the risks that pose the greatest threat to consumers and financial market stability.

Risk-based supervision is a dynamic and continuous process that involves planning, risk assessment, execution of the supervisory programme and regular monitoring and evaluation on a risk-based cycle. Our risk-based supervisory approach is based on three main principles being supervisory judgement-based, forward-looking and focused on key risks. Across all of these principles we apply proportionality to ensure our interventions do not go beyond what is necessary in order to achieve our objectives.

The adoption of a risk-based approach to supervision provides us with a basis for assessing risks across and within sectors. It allows us to assess, within a forward-looking perspective, the most important prudential, conduct and ML/FT risks posed by firms to our supervisory objectives and the extent to which firms can manage and contain these. AML and CFT now sits at the core of our risk assessment framework.

In this aspect, the MFSA has prepared a document to increase its accountability and transparency, enabling industry and consumers to better understand it's supervisory work and priorities. Through this publication, the MFSA describes the principal features of risk-based supervision whilst communicating our risk-based supervisory approach, setting out the future work to be conducted for enhancing its risk-based approach and clarifying how AML and CFT has been integrated therein.

ESMA Updates

ESMA Updates Transparency and Position Limit Opinions for 3rd Country Venues

In a Statement issued recently, announced the publication of updated opinions on post-trade transparency and position limits under MiFID II and MiFIR following its assessment of over 200 third- country trading venues against criteria published in opinions in 2017.

The opinion may be found at https://www.esma.europa.eu/press-news/esma-news/esma-updates- transparency-and-position-limit-opinions-3rd-country-venues

ESMA consults on Cloud Outsourcing Guidelines

On the 3rd June 2020, ESMA published a consultation paper on guidelines on outsourcing to cloud service providers.

The guidelines' purpose is to provide guidance on the outsourcing requirements applicable to financial market participants when they outsource to cloud service providers. In particular, they aim to help firms and competent authorities identify, address and monitor the risks and challenges that arise from cloud outsourcing arrangements.

The guidelines may be found at https://www.esma.europa.eu/press-news/esma-news/esma-consults- cloud-outsourcing-guidelines

ESMA promotes convergence between supervisory fees for UCITS and AIFs

On the 4th June 2020, ESMA published today a supervisory briefing on the supervision by National Competent Authorities (NCAs) of costs applicable to Undertakings for the Collective Investment in Transferable Securities (UCITS) and Alternative Investment Funds (AIFs). This briefing comes in response to the need to improve convergence across NCAs in the approach to undue costs.

The briefing may be found at https://www.esma.europa.eu/press-news/esma-news/esma-promotes- convergence-in-supervision-costs-in-ucits-and-aifs

ESMA provides guidance on Compliance function under Mifid II

On the 5th June 2020, ESMA published the final guidelines on the MiFID II compliance function. These guidelines replace the ESMA guidelines on the same topic issued in 2012 and include updates that enhance clarity and foster greater convergence in the implementation, and supervision, of the new MiFID II compliance function requirements.

The guidelines may be found at https://www.esma.europa.eu/press-news/esma-news/esma-provides- guidance-compliance-function-under-mifid-ii

EBA Updates

EBA publishes Opinion on obstacles to the provision of third-party provider services under the Payment Services Directive

On the 4th June 2020, the European Banking Authority (EBA) published an opinion on obstacles to the provision of third-party provider services (TPPs) under the Regulatory Technical Standards (RTS) on strong customer authentication (SCA) and common and secure communication (CSC). The Opinion aims to support the objectives of the revised Payment Services Directive (PSD2) of enabling customers to use new and innovative payment services offered by TPPs by addressing a number of issues regarding the interfaces provided by account servicing payment service providers (ASPSPs) to TPPs.

The opinion clarifies when mandatory redirection is an obstacle to the provision of TPPs' services and the authentication procedures that ASPSPs' interfaces are required to support. The Opinion also provides clarifications on a number of obstacles identified in the market, including requiring multiple SCAs, the manual entry of the IBAN in the ASPSPs' domain, or imposing additional checks of the consent given by the customer to the TPP. The opinion also explains that requiring re-authentication every 90 days for account information services in accordance with the RTS on SCA&CSC is not an obstacle.

With this opinion, EBA expects that Competent Authorities (CAs) take the necessary actions to ensure compliance of the interfaces offered by ASPSPs with the PSD2 and the RTS and, where obstacles are identified, to ensure that ASPSPs remove them within the shortest possible time. The EBA will monitor the way in which the clarifications provided in this opinion are taken into account. Where the EBA identifies inconsistencies, despite the clarifications provided in this Opinion, it will take the actions needed to remedy them.

The opinion may be found at https://eba.europa.eu/eba-publishes-opinion-obstacles-provision- third-party-provider-services-under-payment-services

EBA starts delivering on the implementation of the new regulatory framework for investments firms

The EBA has outlined today its roadmap for the implementation of the new regulatory framework for investment firms and launched a public consultation on its first set of regulatory deliverables on prudential, reporting, disclosures and remuneration requirements. The roadmap outlines the EBA's work plan for each of the mandates laid down in the IFR/IFD and clarifies the sequencing and rationale behind their prioritisation. Through these mandates, the EBA will contribute to the implementation of a regulatory framework that is calibrated to the size and nature of investment firms. This will strengthen supervision, which will rely more directly on the risks faced by the clients and the investment firms themselves. The consultations run until 4 September 2020.

The first consultation paper on prudential requirements includes three draft Regulatory Technical Standards (RTS) on the reclassification of certain investment firms to credit institutions, five draft RTS on capital requirements for investment firms at solo level, and one draft RTS on the scope and methods of prudential consolidation for investment firms at group level.

The second consultation paper on reporting requirements and disclosures, includes draft Implementing Technical Standards (ITS) on the levels of capital, concentration risk, liquidity, the level of activities as well as disclosure of own funds; and draft RTS specifying the information that investment firms have to provide in order to enable the monitoring of the thresholds that determine whether an investment firm has to apply for authorisation as credit institution.

The third and fourth consultation papers on remuneration requirements include one draft RTS on the criteria to identify all categories of staff whose professional activities have a material impact on the firm's risk profile or assets it manages ('risk takers'); and one draft RTS specifying the classes of instruments that adequately reflect the credit quality of the investment firm as a going concern and possible alternative arrangements that are appropriate to be used for the purposes of variable remuneration of risk takers.

The papers may be found at https://eba.europa.eu/eba-starts-delivering-implementation-new- regulatory-framework-investments-firms

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.