‘Don’t wait until the last minute’: Credit institutions urged to stay abreast of regulation requirements

Managers of local credit institutions have been urged to stay up to date about regulatory changes in the financial services space, as failing to do so can be detrimental to the future of their businesses.

This was emphasised by Catherine Galea, Malta Financial Services Authority (MFSA) Head of Banking Supervision, during the ninth edition of the Annual Banking & Payments Law Seminar, recently held by Ganado Advocates in collaboration with the Malta Bankers’ Association (MBA). The event served as an opportunity for individuals in the banking and payments industry to learn more about the latest updates to their practice, as well as share insights into particular issues.

During her presentation, titled ‘Evolving financial regulation: Challenges for banks,’ Ms Galea pinpointed a number of key milestones within the financial services industry, while also highlighting various regulatory updates that are coming into force over the coming months and years.

Ms Galea, who has worked at the MFSA for over 20 years, remarked that given there are so many regulatory changes taking place within the industry, she limited her presentation to four key ones: Markets in Crypto Assets (MiCA), Digital Operational Resilience Act (DORA), Environmental, Social and Governance principles (ESG), as well as Capital Requirements Regulation (CRR III) and Capital Requirements Directive (CRD VI).

She affirmed that it is important for credit institutions to remember that “all changes in regulation are ultimately made with the aim of strengthening the resilience of entities.”

MiCA

The EU’s MiCA regulation came into force in June 2023 with the aim of encouraging the use of innovative technologies through the setting up of a regulatory framework that covers crypto-assets, crypto-assets issuers, and crypto-asset service providers. The rules cover aspects such as transparency and disclosure requirements for the issuing, offering to the public, and admitting of crypto-assets to a trading platform, as well as the authorisation and supervision of crypto-asset service providers, among others.

Ms Galea stressed that the regulation is applicable partly in June 2024 and the rest in December, with a transitional phase up to July 2026. She acknowledged that this regulation is primarily there to provide legal certainty and financial stability in an area that has experienced sharp growth in recent years.

She pointed out that while after the implementation of MiCA, some credit institutions can also apply to undertake such activities, this comes with its risks. “One should not only be very familiar with the benefits of these additional activities, but should also have the controls in place before entering this spectrum,” Ms Galea said.

DORA

Similarly, DORA, forming part of the EU’s Digital Finance Package, is a regulation that entered into force in January 2023, and will apply as of 17th January 2025. DORA aims to strengthen the IT security of financial entities such as banks, insurance companies and investment firms in a bid to create a more resilient financial sector in Europe. It covers areas such as ICT risk management, ICT third-party risk management, digital operational resilience testing, and information sharing, among others.

The regulation was introduced as a result of the financial sector’s increased dependence on technology and on tech companies to deliver financial services, thus making them more vulnerable to cyberattacks.

Ms Galea referred to the fact that earlier this year, the MFSA launched a public consultation on the national implementation of DORA, featuring sections highlighting the requirements for different credit firms and institutions.

ESG

The third set of regulations cover ESG, a topic that has grown in prominence in the business world in recent years, repeatedly making headlines. Ms Galea highlighted that credit and financial institutions have a fundamental role to support and finance a successful ESG transition within all industries and economies.

In order to effectively undergo this transition, credit and financial institutions are supported by a number of European Banking Authority (EBA) guidelines, European Central Bank (ECB) reports, and banking packages.

Ms Galea said that in this respect, while many first and foremost look at the environmental aspect of ESG, it is also crucial to also take into account the social and governance elements. She added that in 2025, another report is expected from the EBA on this, while in 2022, the MFSA released a thematic review, stressing that banks in Malta need to strengthen controls against climate related and environmental risks, among other areas.

CRR III and CRD VI

Lastly, Ms Galea also highlighted that there will be changes in CRR and CRD, widely known as the banking package, in the coming months. CRR III requires banks and investment firms to integrate environmental risks into their risk management framework, while CRD VI will bring minimum requirements for third-country branches providing banking services in the EU.

Ms Galea said that while CRD VI will be enforceable 18 months after publication of the official journal, CRR III will become applicable from the start of 2025, less than a year away. Therefore, she urged the management of credit institutions to start their preparations for it.

The changes that will take place primarily include a contribution to a green transition and ESG implications, such as how banks should manage sustainability. CRR III is seeking to make standardised approaches more risk-sensitive, while CRD VI aims to harmonise the supervision of third-country branches, splitting them into different classes.

In her presentation, Ms Galea remarked that once the final text for CRD VI is issued, the MFSA plans to issue a letter to all credit institutions, mainly to gauge the preparedness of banks.

“Wearing the regulator hat, I need to highlight the importance for banks and credit institutions to look at the requirements and see how they will impact their business. Do not wait until the last minute, as doing so can be very dangerous for the bank,” she said, in reference to all of the aforementioned regulatory changes.

“These regulations are challenging to implement, but it is important to keep in mind that these regulations are there to make organisations more resilient and more able to withstand new crises. The objective is always to make institutions stronger,” Ms Galea concluded.