The Boardroom Brief | MFSA’s Ivan Zammit on Building a Resilient, Data-Driven Regulator for the Future

In the second edition of The Boardroom Brief, we speak with Ivan Zammit, Chief Operating Officer at the Malta Financial Services Authority (MFSA), the regulator tasked with ensuring a stable, innovative, and resilient financial services sector in Malta. Ivan brings a unique blend of engineering expertise and strategic leadership, guiding the MFSA’s digital transformation, strengthening organisational capabilities, and championing a data-driven approach to regulation. His work ensures the Authority is not only operationally robust but also prepared to navigate the evolving landscape of financial services.

Q1. Before moving into commercial leadership in telecommunications, your career was rooted in engineering, and in building and scaling technology at the sharp end of change. How has that combination of hands-on technology experience and commercial leadership shaped the way you lead transformation and drive operational excellence in a regulatory environment?

My career has never really been about moving between sectors for its own sake. It has been about solving complex problems in environments where technology, scale, and people all matter.

Engineering fundamentally wires you to deconstruct complex problems, understand underlying architectures, and build systems that are resilient by design. Transitioning that mindset into commercial leadership taught me how to balance structural rigour with agility, customer value, and a strict focus on tangible outcomes. You learn very quickly that even the best technology or process is meaningless if it does not deliver clear value or align with the broader strategic goal.

That combination has been highly relevant in a regulatory environment. Financial services today are being reshaped by technological disruption, digitalisation, new business models, increasing regulatory complexity, and higher expectations around resilience, governance, and proactive risk management. The MFSA’s own strategic direction reflects that need to be more agile, resilient, and forward-looking as an institution.

That background has shaped how I lead in two important ways: first, by encouraging me to think in terms of systems, capability, and long-term resilience; and second, by keeping me relentlessly focused on outcomes. For me, operational excellence is not about process for its own sake. It is about creating the conditions for people, technology, and governance to work together in a way that allows the organisation to deliver its mandate effectively and sustainably, while stripping away friction and legacy inefficiencies so that teams across the Authority can focus their expertise where it adds most value.

Q2. You bring an unusual combination of engineering depth, technology leadership, and strategic business experience to the role of COO at the MFSA, with oversight across a broad range of operational disciplines. At a time when AI, digital resilience, and new regulatory frameworks are reshaping financial services, how does that background inform the way you think about execution, risk, and long-term organisational capability?

Financial services today operate as complex technology ecosystems. Having built and scaled technical architectures, I view AI and digital resilience not as abstract concepts, but as structural realities that demand disciplined execution.

It is easy to get caught up in the hype, but you cannot put the cart before the horse. For incumbent institutions, including regulators such as the MFSA,  rushing into AI adoption without first reengineering complex business processes to be digitally native, and without strong data governance and high-quality data foundations, introduces significant risk. We are focused on strengthening those fundamentals at pace, while continuing to deliver on our core responsibilities, so that we do not fall behind.

The acceleration of technological disruption also changes how we need to think about change itself. In my view, our current digital transformation should ideally be the last one we treat as a discrete programme. The goal is not to keep launching separate transformation initiatives, but to build an organisation capable of continuous evolution, able to remain at least in lockstep with innovation in digital finance.

In terms of long-term organisational capability, the challenge for any institution is to build beyond the immediate technology cycle. The objective is not to chase every new trend, but to create the underlying capabilities that allow the organisation to adapt with confidence: strong data foundations, resilient infrastructure, clear governance, the right skills mix, and a culture that is open to change but disciplined in execution. Ultimately, that is what enables an institution to evolve continuously while still delivering on its mandate with discipline and confidence.

Q3. The MFSA has been on a deliberate journey to strengthen data governance and enhance data quality across the organisation, a shift you have helped strategically drive from early on. How is that long-term investment helping embed data as a strategic asset across the Authority, and how is it improving decision-making, supervisory insight, and organisational effectiveness today?

Building a significantly more data-driven regulator does not happen overnight. It requires a structural shift in how an organisation thinks about data, governs it, and uses it.

In many large organisations, data tends to be treated as a departmental by-product rather than as an enterprise-wide asset. One of the deliberate strategic moves I made early on was to centralise data governance and management, so that we could begin breaking down those silos, improve data quality, and put in place the governance needed to treat data as a strategic horizontal layer across the Authority.

The real return on that long-term investment is trust and velocity. Trust, because better governance and stronger data quality give decision-makers greater confidence in the information they are relying on. Velocity, because once data is more consistent, connected, and properly governed, the organisation can move faster, prioritise better, and respond more intelligently.

In a regulatory context, that matters enormously. It shifts the dial from reactive oversight to more intelligent, data-led foresight. From an organisational effectiveness standpoint, that capability is transformative, because it improves not only the quality of supervisory insight, but also the way the institution operates as a whole. By embedding data as a strategic asset now, we are helping ensure that the MFSA remains a responsive, credible, and efficient regulator in an increasingly complex financial services environment in the future.

Q4. You’ve said that investment in human capital is at the core of the MFSA’s strategy, and that continued professional development is essential to effective regulation. What does a world-class regulatory culture look like?

A world-class regulatory culture starts with clarity of purpose. Regulation is not simply about process or compliance in the narrow sense. It is about protecting market integrity, supporting financial stability, and safeguarding trust in the system. When that purpose is clear, culture becomes much more than a set of values on paper. It becomes a standard for how decisions are made and how people show up every day.

For me, that culture is defined by professionalism, sound judgment, accountability, curiosity, and continuous improvement. Technical competence remains essential, but it is no longer enough on its own. As the environment becomes more complex, digital, and interconnected, regulators need stronger fluency in data, technology, risk, and organisational change. Adaptability must be embedded across the organisation.

The MFSA’s strategic direction places clear emphasis on investing in people, institutional capability, and a more agile, forward-looking organisation, while Malta Vision 2050 similarly underlines the importance of skills, innovation, and future-ready capacity across financial services. From my perspective, the task is not simply to train people for today’s environment, but to equip them for the one that is emerging. That means investing in professional development, building leadership capacity, and ensuring that as technology becomes more embedded in regulation, human judgment remains central. AI and digital tools can enhance capability, but they do not replace accountability, experience, or professional discernment.

Ultimately, a future-ready regulatory culture is one where high standards and adaptability reinforce each other. If we continue building a workforce that is technically strong, ethically grounded, open to change, and confident in a more data- and technology-driven environment, then we strengthen both the Authority and the credibility of regulation more broadly.

Q5. As COO and a member of the Executive Committee you help shape the institutional capabilities that underpin effective regulation and supervision. Looking ahead, what priorities are you focused on to help ensure that the MFSA, and Malta as a jurisdiction, remain resilient, credible, and future-ready?

Effective regulation is fundamentally enabled by operational strength. You cannot separate strategic direction from the organisational capabilities required to execute it. Looking ahead, my focus is on embedding a state of continuous evolution, so that our infrastructure, processes, and people are always prepared for the next wave of financial innovation.

I am also focused on building the capabilities needed for a more digital and interconnected financial system, particularly as AI and regulatory developments such as Financial Data Access Regulation (FiDA) will reshape the landscape in the future. As the wider regulatory and supervisory environment evolves, we need the operational muscle to supervise increasingly connected, API-driven financial ecosystems. That requires a step change in how we ingest, analyse, and secure data across the sector and within a broader data-driven economy. It is not just about regulating new business models; it is also about having the organisational and technological architecture to do so effectively.

Building on the data and modern process orchestration foundations we are now putting in place, I also see a shift from descriptive analytics towards more predictive insight, using AI responsibly to identify risks earlier and automate routine administrative activity. That allows our people to focus where they add the greatest value: applying judgment to more complex supervisory and regulatory scenarios. The MFSA’s recent supervisory priorities also point to a proportionate approach to AI oversight, with emphasis on governance, controls, and consumer impact.

Ultimately, if Malta is to remain competitive and credible in line with Vision 2050, it needs a regulator that is as resilient, agile, and digitally fluent as the market it oversees. Malta Vision 2050 explicitly positions financial services as a strategic, innovation-led, high-value sector, while the MFSA’s strategic direction places clear emphasis on agility, resilience, innovation, and stronger institutional capability. My priority is to help ensure that the MFSA’s operational backbone is built for that reality, strengthening an institution that can keep pace with financial services innovation and respond to it with confidence, discipline, and credibility.