The Regulations transpose the provisions contained in PSD2[1] dealing with the exercise of the right of establishment and the freedom to provide services.

The exercise of the right of establishment and the freedom to provide services by European financial institutions: Part 1 of the Regulations addresses European financial institutions[2] that are seeking to:

i) provide payment services and/or issue, distribute or redeem electronic money in Malta under the freedom to provide services; or

ii) establish a branch in Malta in the exercise of a European right; or

iii) provide payment services in Malta through an agent; or

iv) distribute and/or redeem electronic money in Malta through a distributor.

The European financial institution is required to communicate to its European regulatory authority[3] its intention to undertake any of the above. In so doing, the European financial institution is to provide certain prescribed information to its European regulatory authority which in turn will remit this information to the Malta Financial Services Authority (the “MFSA”) for its assessment. Such information is to include, amongst others:

  • the type of payment services activities the European financial institution intends to carry out; and
  • any intended outsourcing of any operational functions of payment services and/or of the issuance, distribution or redemption of electronic money to other entities in Malta.

Information requirements are naturally more onerous where the establishment of a branch is being contemplated, in which case additional information is required such as:

  • the address of the proposed branch in Malta;
  • the identity of those responsible for the management of the proposed branch;
  • a description of the organisational structure;
  • a business plan including a forecast budget calculation for the first three financial years together; as well as
  • a description of the European financial institution’s governance arrangements and internal control mechanisms, including administrative, risk management and accounting procedures, which demonstrates that those governance arrangements, control mechanisms and procedures are proportionate, appropriate, sound and adequate.

The proposed appointment of an agent or a distributor necessitates information which provides visibility on the internal control mechanisms that will be used by the proposed agent or distributor in order to comply with the obligations in relation to money laundering and terrorist financing as well as information on the identity of the directors and persons responsible for the management of the proposed agent or distributor and, for agents or distributors, other than payment service providers, evidence that they are fit and proper persons.

The MFSA will transmit to the European regulatory authority the relevant information in connection with the intended provision of the relative services by the interested European financial institution. On its part, the European regulatory authority is to communicate its decision to the MFSA. Upon receipt of the decision, the MFSA will publish the relative information in relation to the exercise of the European financial institution passport rights in Malta in the public register established and maintained by the MFSA in accordance with article 8D of the Act. The entire procedure is subject to defined timelines and the decision by the European regulatory authority is to be communicated to the MFSA within 3 months from when it received the notification of intention by the European financial institution.

The MFSA, in close cooperation with the Central Bank of Malta (the “CBM”), may require European financial institutions having agents or branches in Malta to report periodically on the activities carried out in Malta. The reports are required for information or statistical purposes and, as far as the agents and branches conduct their activities under the right of establishment, to monitor compliance in relation to articles 11A and 11B of the Act dealing with operational and security risks relating to the payment services provided and the adequacy of the mitigation measures and control mechanisms as well as incident reporting.

The Regulations provide for mechanisms to facilitate the exchange of information between the MFSA, the CBM and the relative European regulatory authority in case of infringements and non-compliance with the provisions of the Act, any other applicable regulations or rules. The Regulations also provide for emergency situations, such as a large-scale fraud, where immediate action is necessary to address a serious threat to the collective interests of those making use of the services of the European financial institution in Malta through an agent, branch or distributor. In such a case, the MFSA, as the host state regulator, may take precautionary measures in parallel to the cross-border cooperation between the MFSA and the European regulatory authority and pending measures by the said European regulatory authority. The MFSA’s powers under the Act are also at its disposal in the event of an infringement or suspected infringement of any applicable regulations or rules by an agent, distributor or branch of a European financial institution exercising the right of establishment. On-site inspections may be carried out by the European regulatory authority in its own right or by the MFSA acting on its behalf.

To facilitate supervision, the MFSA may, in cooperation with the CBM, require European financial institutions operating in Malta through agents under the right of establishment, the head office of which is situated in another Member State, to appoint a central contact point in Malta to ensure adequate communication and information reporting.

The exercise of the right of establishment and the freedom to provide services by a Maltese financial institution: Part 2 of the Regulations then replicate, to a large extent, the provisions of Part 1 of the Regulations for Maltese financial institutions[4] that are seeking to:

i) provide payment services and/or issue, distribute or redeem electronic money in another Member State under the freedom to provide services; or

ii) establish a branch in another Member State in the exercise of a European right; or

iii) provide payment services in another Member State through an agent; or

iv) distribute and/or redeem electronic money in another Member State through a distributor.

The MFSA acts as the home regulatory authority for the Maltese financial institution and the process will be triggered when it receives a notice of intention by the Maltese financial institution seeking to undertake any of the above actions. The notice is to be provided in English or in another language accepted by both the MFSA and the European regulatory authority of the Member State where the Maltese financial institution wishes to provide services. Information requirements, as those set out under Part 1, similarly apply to the Maltese financial institution and the process is also subject to the same timelines. The remittance of this information from the MFSA to the European regulatory authority will culminate in a decision on the part of the MFSA which will be notified to both the European regulatory authority and the Maltese financial institution. The MFSA will also update the public register

referred to above with details regarding the exercise of this freedom by the Maltese financial institution. The date from when the Maltese financial institution commences its activities in the relevant host Member State is to be communicated to the MFSA.

Part 2 of the Regulations also cater for cooperation mechanisms between the MFSA and the regulatory authority of the host Member State. Amongst others, the MFSA is to provide to its counterpart all essential and/or relevant information, in particular in the case of infringements or suspected infringements by an agent or a branch of a Maltese financial institution, and where such infringements occurred in the context of the freedom to provide services. On-site inspections in the territory of the host Member State on the agent or branch may be undertaken by the MFSA itself or by the regulatory authority of the host Member State acting on behalf of the MFSA. In addition, where the MFSA receives information, from any European regulatory authority of a host Member State, that a Maltese financial institution having agents, branches or distributors in the host Member State concerned does not comply with Title II of PSD2[5] or with the national law of that host Member State transposing Titles III[6] or IV[7] of PSD2  in the host Member State, the MFSA may, where applicable, in cooperation with the CBM, take all appropriate measures to ensure that the Maltese financial institution puts an end to its irregular situation.

The Regulations have introduced a revised passporting process aimed primarily at harmonising the approach across the EU and strengthening controls. However, the most notable feature of these Regulations is perhaps the wider powers granted to the host state regulator to scrutinise and oversee both the passporting application itself as well as the subsequent exercise of the passported rights by the relative financial institution, such as the ability to take precautionary measures in the event of an emergency situation and the escalation of any allegations of non-compliance to the home regulator. The latter may potentially reveal differences in the regulators’ interpretation of PSD2.

[1] Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.

[2] A legal person authorised by a European regulatory authority to provide payment services in terms of the Payment Services Directive and, or to issue and, or distribute and, or redeem electronic money in terms of the Electronic Money Directive, or a person registered under the Payment Services Directive to provide solely account information services.

[3] A body that is in another Member State and is empowered by law or regulation to supervise payment institutions, electronic money institutions and/or account information service providers.

[4] A legal person licensed by the MFSA in terms of the Act to provide payment services and/or to issue, distribute or redeem electronic money, or a person registered by the competent authority in terms of the Act to provide solely account information services.

[5] On Payment Service Providers.

[6] On Transparency of Conditions and Information Requirements for Payment Services.

[7] On the Rights and Obligations in relation to the Provision and Use of Payment Services.