Consultation Document on the Proposed Enhancement to the CSP Framework
Company Service Providers (CSPs) in Malta are essential to the financial system as they serve as the first point of contact for individuals establishing businesses. Due to this, CSPs face heightened risks of being exploited for money laundering and terrorist financing, as they help create legal entities that criminals may misuse to conceal illicit assets and access the financial system.
CSPs provide services like company formation, directorships, and registered business addresses. If they do not adequately fulfill their responsibilities, CSPs can unintentionally enable criminals to conduct transactions with illegally obtained funds.
The Company Service Providers Act, enacted in 2013 in Malta, established a licensing framework for CSPs to mitigate money laundering and terrorist financing risks, in compliance with EU Directive 2005/60/EC and recommendations from the Financial Action Task Force (FATF). This legislation ensures that individuals controlling CSP operations are fit and proper. The Act enhances existing AML/CFT obligations under the Prevention of Money Laundering and Funding of Terrorism Regulation (PMLFTR), creating a stronger supervisory framework for CSPs as gatekeepers.
In 2020, the Company Service Providers (Amendment) Act aimed to improve the regulatory framework by simplifying and streamlining requirements for CSPs, considering their size and business nature. The Malta Financial Services Authority (MFSA) is now proposing further enhancements for individuals providing directorship or company secretary services, including:
2.1 Proposal for Further Enhancement to the Regulatory Framework
The MFSA’s 2021 reform aimed to strengthen the regulatory framework for CSPs in Malta, raising standards for all service providers, including those previously exempt. Following the completion of the reform in November 2022, the Authority continued to seek enhancements by conducting extensive research on CSP operations and regulations in various jurisdictions. Meetings with stakeholders and regulators were held to identify areas for improvement while maintaining high market entry requirements and governance standards. The proposed enhancements aim to adopt a more proportionate regulatory approach, consistent with Malta’s international commitments.
2.2 Current Legislative Framework for Class B CSPs
Under the current framework, individuals acting as directors or company secretaries “by way of business” must be authorised by the MFSA. The 2021 changes introduced some proportionality, allowing individuals with up to 10 directorships to apply for a Class B Under Threshold authorisation instead of a full Class B CSP authorisation.
Summary of Current Framework:
1. 3 to 10 Directorships/Secretarial Roles:
● Individuals who intend to act as directors and/or company secretary on companies, but do not envisage to have a significant portfolio of clients and have a maximum of 10 involvements need Class B Under Threshold CSP authorisation.
● They act as both Compliance Officers and Money Laundering Reporting Officers (MLROs) and are subject to full due diligence and regular reporting submissions such as the MFSA’s Annual Compliance Return (‘ACR’) and the Financial Intelligence Analysis Unit (FIAU)’s Annual Risk Evaluation Questionnaire (‘REQ’).
2. More than 10 Directorships/Secretarial Roles:
● Individuals and/or legal persons who intend to act as director and/or company secretary on companies, with over 10 roles must obtain a Class B CSP authorisation.
● They must appoint an independent Compliance Officer but can act as their own MLRO if they are individuals in terms of the FIAU’s Implementing Procedures.
Certain activities are not considered ‘by way of business’ and do not require CSP authorisation, including:
● Acting as a director for one or two entities.
● Serving as a company secretary for three companies.
● Employment-related directorships or secretarial roles.
● Directorships or secretarial positions where the individual holds a beneficial interest.
● Persons who act exclusively as director/company secretary on a company or group of companies due to a family relationship.
The framework also includes exemptions under the Company Service Providers (Exemption) Regulations, specifying situations where authorisation is not required for providing directorship or secretarial services.
Exemptions from CSP authorisation include:
(a) Individuals authorised as trustees or fiduciaries under the Trusts and Trustees Act.
(b) Individuals registered as Virtual Financial Assets (VFA) Agents under the Virtual Financial Assets Act.
(c) Individuals providing directorship or secretarial services exclusively for companies, partnerships, or entities licensed or authorised by the Authority.
(d) Individuals offering directorship or secretarial services for companies whose financial instruments are listed on a regulated market in Malta under the Financial Markets Act.
2.3 Proposed Enhancements
The proposed enhancements aim to improve visibility into the activities of individuals providing directorship and company secretary services outside the “by way of business” framework. The Authority believes that a risk assessment for these individuals is necessary to enhance Malta’s understanding of the sector and align with international expectations. This will help ensure a comprehensive risk-based approach and better mitigate unnecessary risks within the sector.
2.3.1 Proposed Introduction of a Notification Requirement
The proposed notification requirement targets individuals who provide directorship or company secretarial services but not "by way of business".
In the past three years, the Authority has focused on educating CSPs about their responsibilities and its expectations. The Authority now believes that the industry generally understands the primary risks of CSP services. As a result, it proposes increasing the threshold of non-regular and non-habitual involvements from 2 to 5.
Under this proposal, individuals with up to 5 involvements, such as serving as a director or company secretary for a limited number of companies (up to two groups), will not be considered as acting “by way of business” and thus will not require authorisation. However, they must notify the Authority of their involvements through a Notification Form with basic information on the individual and client companies.
Involvements fully exempt under the CSP (Exemption) Regulations do not trigger this notification requirement. Exemptions also apply to individuals acting as directors or company secretaries due to their employment, beneficial interests, or family relationships. Within the same group, multiple roles are counted as a single involvement, but if an individual has roles in more than two groups, registration under the CSP Act will be required. This change aims to reflect proportionality and is subject to future risk assessments and possible requests for updated information.
2.3.2 Proposed Introduction of a Registration Requirement Resulting in a New Category: Registered Persons
The Authority proposes creating a new category of CSPs called "Registered Persons." This category targets individuals who provide directorship or company secretarial services "by way of business" to third parties, with a limit of up to 10 involvements. This change follows the rigorous assessments and supervisory oversight applied to Class B under-threshold CSPs since the 2021 reform, which have led to a high level of risk awareness and the implementation of effective risk mitigation measures among these CSPs.
The Authority proposes several changes for individuals acting as directors or company secretaries for third parties "by way of business" with up to 10 involvements, considering their limited activity and associated risks. The key components of the proposal include:
● Establishing a registration requirement for the above mentioned individuals.
● Waiving the compliance function requirement, as these individuals will manage compliance themselves.
● Creating a simplified application form specifically for Registered Persons to streamline the process.
● Creating a specific rulebook outlining the requirements and obligations for Registered Persons.
● Streamlining regulatory submissions to the Authority and the FIAU by implementing a single annual submission process for Registered Persons, reducing their administrative burden.
● Allowing current Class B Under Threshold CSPs to convert their authorisation to a registration upon request.
Overall, these changes aim to ease regulatory requirements and simplify compliance for this category of service providers.
2.3.3 Proposed Increase in the Number of Involvements of Class B Under Threshold CSPs
As a result of the introduction of the Registered Persons category, the Authority proposes increasing the maximum number of involvements for Class B Under Threshold CSPs from 10 to 20, following the introduction of the Registered Persons category. Individuals wishing to hold more than 20 involvements will need to obtain full authorisation as a Class B CSP. Current Class B Under Threshold CSPs will have two options:
Option 1: Retain their existing authorisation, allowing them to expand their business up to 20 involvements, as they have already completed the necessary assessments and implemented governance and compliance measures.
Option 2: Convert their authorisation to a registration, categorising them as Registered Persons, which limits their directorship and company secretarial involvements to a maximum of 10.