.svg)
The Malta Financial Services Authority (MFSA) has announced that its Compliance Outcomes-Based Supervision model, initially piloted in 2024, will be extended to all financial services sectors in 2025.
Outlined in its newly published Supervisory Priorities for 2025, the MFSA's approach focuses on measurable compliance outcomes, aiming to ensure that regulated entities achieve tangible results in areas such as market integrity, consumer protection and financial stability.
The framework was first tested in digital finance regulation and trust beneficial ownership registers before the decision to implement it sector-wide.
“Building on the successes of our compliance outcomes-based approach, we aim to deliver measurable regulatory results that support sustainable growth and robust governance and compliance standards within the sector,” said Kenneth Farrugia, CEO of the MFSA.
“Collaboration with national and international stakeholders remains paramount to our mission as we continue to enhance our supervisory effectiveness,” he said.
It is hoped that the expansion will be strategic in “delivering agile and proactive regulation; sustaining a resilient, internationally networked financial sector; promoting good governance and compliance; embracing innovation; and engaging with the public”.
The 2025 priorities also align with the MFSA’s Strategic Statement 2023, focusing on seven key areas: governance, risk and compliance (GRC); financial crime compliance; consumer protection and education; resilience of supervised entities; sustainable finance; digital finance; and cross-border supervision.
According to Christopher P. Buttigieg, chief officer supervision at the MFSA, the “compliance outcomes-based approach to supervision has proven to be an effective tool in achieving regulatory results and complementing our risk-based framework”.
He continued that the focus will “remain on refining this approach, addressing emerging risks, and working closely with stakeholders to further enhance the resilience and integrity of Malta’s financial sector”.
“Our priority also remains on maintaining the effective supervision of cross-border business and aligning with the European Supervisory Authorities’ focus on supervisory convergence,” he said.
“We will continue to ensure our priorities converge with our EU peers, fostering greater supervisory consistency and collaboration across the Union.”
Outcomes v prescriptive
In many ways, Malta is pivoting away from the approach taken by the EU with its financial sector oversight, considering the prescriptive nature of regulatory frameworks such as the Digital Operational Resilience Act (DORA).
The shift to a compliance outcomes-based supervision model signifies a regulatory approach under which authorities focus on the actual results achieved by financial institutions, rather than merely ensuring adherence to prescriptive rules.
This method places an emphasis on assessing whether firms meet desired regulatory outcomes, but also provides them with flexibility in determining how to achieve these goals.
For example, the UK's Financial Conduct Authority (FCA) has been evolving towards outcomes-focused regulation. An example of this is the Consumer Duty, which began to become operational from June 2023.
This regulatory framework requires firms to prioritise delivering good outcomes for retail customers. It goes against a rules-based or prescriptive model, which would seek more strict adherence to pre-defined procedures, leaving little room for flexibility or interpretation by the regulated entities.
Although a rules-based approach provides clarity and uniformity, it can be rigid, which may end up stifling innovation and adaptability. In contrast, focusing on outcomes can allow for continued growth and responsiveness to changing circumstances.
To prepare for the MFSA’s new supervisory focus, payments firms will need to move away from simple adherence to rules, and seek to understand what the regulator is looking for, so that the way that they operate is geared to ensure the "right" outcomes for customers.
Firms should also think about how to provide evidence that they are complying with the spirit of the regulation so that should inspections take place, scrutiny is more limited.
For example, as covered by Vixio, the payments and e-money industry have faced renewed focus from the MFSA regarding safeguarding of funds recently, and will need to be compliant in a way that delivers tangible results.
This will mean going beyond following rulebook compliance and providing measurable ways of protecting funds, with a clear understanding of the process from staffers. This requires strong governance, with a senior executive overseeing safeguarding, regular risk assessments and independent audits.
Firms will also need to have clear escalation procedures for safeguarding issues, and continuous monitoring will be essential. Embedding these measures into internal audit plans will mean that safeguarding remains a priority, not just a compliance checkbox.
