top of page
Search

Key insights from the MFSA’s “Dear CEO” letter

  • saskiavanvredenbur
  • 5 days ago
  • 2 min read

The Malta Financial Services Authority (“MFSA”) has recently issued a “Dear CEO” letter to all financial institutions (“FIs”) licensed and supervised in Malta, focusing on the criticality of robust business resilience frameworks. The “Dear CEO” letter was published following a ‘Thematic Exercise on Business Resilience’ initiated by the FinTech Supervision Function within the MFSA, in which FIs were requested to complete a questionnaire structured into three categories, namely (i) Business Strategy; (ii) Financial; and (iii) Operational.


Below we outline the key findings per category the MFSA has noted from questionnaires submitted by FIs.


Business strategy

  • Most FIs have a business strategy in place that is reviewed on a cyclical basis ranging from one to three years.

  • Only IT-related risks were cited as FIs top three external threats, overlooking other potential risks.

  • Threat monitoring is conducted solely at group level, which is deemed insufficient by MFSA - threats should be managed at the local institutional level, irrespective of size or support from the group.

  • Despite each FI believing it has distinguishing characteristics vs. other FIs, most institutions were not able to provide differentiating factors through generic responses, lacking in distinctiveness. 

  • Most respondents confirmed having clear and well-documented business continuity arrangements, through three documents in line with the Financial Institutions Rulebook (“FIR/03”): (a) Business Impact Analysis; (b) Business Continuity Plan (“BCP”); and (c) Disaster Recovery Plan (“DRP”). However, not all institutions conduct the required annual testing of their BCP and Disaster Recovery Plan as mandated by the Rulebook.

  • Inconsistencies were also noted where institutions reported testing these plans in FY 2024 but did not disclose any lessons learnt or improvements from such testing.


Financial

  • An inconsistency has been found where several financial institutions have been identified as consistently reporting losses despite claiming regular positive financial forecasting.

  • A number of FIs limit their stress testing to IT-related issues, overlooking other key risks faced by FIs, including liquidity, financial and other essential factors. Furthermore, certain institutions did not perform any stress testing during the financial year 2024.

  • Reliance on a few major clients was acknowledged by some institutions, posing significant risk if a financial institution were to lose large clients.


Operational

  • Some FIs that experience turnover challenges did not accurately report their turnover rates.

  • Succession plans for human resources are not consistent.

  • FIs often struggle to recruit individuals for key function holder positions due to high staff turnover.

  • A small number of FIs reported having no active correspondent banking relationships, limiting their growth opportunities, and no contingency plans in place to manage potential disruptions or termination of correspondent bank agreements.


Article originally from PwC Malta

 
 
 

Comments

Screenshot 2025-04-24 at 17.35_edited.pn

Business News Malta  
Powered by Malta Financial Services Advisory Council 

bottom of page