The Company Service Providers Act 2013 came into force on December 24, 2013. It imposed for the first time on corporate or company service providers (CSPs) an obligation to register with the Malta Financial Services Authority. On March 21, MFSA then published the rules that supplement the Act’s legal framework and include the more detailed regulatory requirements binding CSPs.

Now that the working detail of the Act and the full extent of its requirements have been published, practitioners at all levels of the corporate services domain will have a much better understanding of their obligations. Crucially, they may determine whether the services offered or the activities performed render them subject to registration with the MFSA and to its regulatory oversight.

What is a CSP?

A CSP must register with the MFSA if it is a natural or legal person residing or operating in or from Malta and by way of business:

(i) forms companies or other legal entities; or

(ii) acts (or arranges for another person to act) as a director or company secretary or as a partner in a partnership or some similar position or office in other legal entities; or

(iii) provides a company, partnership or other legal entity with a registered office, business correspondence or administrative address or other related corporate services.

Key criteria for registration

The ‘fit and proper person’ test is the criterion by which a person’s suitability to provide the services and to be registered as a CSP will be determined by the MFSA. Its elements are amply described in the rules and, while the test is initially applied at the time of the registration on the basis of answers to a questionnaire, it remains a continuous one.

The directors of the registered CSP and its owning or controlling shareholders (25 per cent or more of the shares or voting rights) are subject to the test, as are also the CSP’s compliance officer and Money Laundering Reporting Officer (MLRO) and its senior managers.

The rules describe clearly the key criteria the MFSA will consider when determining whether company services are being provided ‘by way of business’. Holding oneself out or soliciting for work as a service provider, providing services regularly and habitually, and doing so for direct or indirect remuneration are strong primary indicators, especially when assessed in the light of other factors, such as if the subject operates on a business introduction basis, has no other employment or expends considerable time on activities of this type.

Persons unsure of their position would be well advised to verify it with the MFSA which is empowered to determine conclusively whether a particular activity requires registration under the Act or not.

Registration and exemptions

MFSA licensed persons wishing to also carry out corporate services are not required to submit a formal application but only a notification letter to the MFSA accompanied by the relevant fee. Employees or directors of registered CSPs are not required to register under the Act where they act as an officer for a company pursuant to arrangements made by the CSP.

In the case of joint ventures or outsourcing agreements, it is the entity holding itself out as providing company services in or from Malta that needs to apply for registration.

In addition, specific rules and notice requirements apply to warranted advocates, notaries, legal procurators and accountants as well as to accountancy, auditing and legal firms and licensed trustees and fiduciaries.

De minimis exemption

During the consultation period on the proposed rules, several stakeholders questioned how the de minimis rule would apply in practice, given the proposal that an individual having 10 directorships or less would be considered not to be holding himself out as providing company services by way of business and therefore not bound to register under the Act. The rules now state clearly that a person acting as director and/or company secretary of a number of companies forming part of the same group will count as one appointment for the purposes of determining whether such person falls under the de minimis rule. Also not included in the count is the holding of office in companies licensed, authorised or recognised by the MFSA.

Compliance officer and MLRO

Every registered CSP is now bound to appoint a compliance officer charged with overseeing the application to its activities of the Act and the rules by its staff in practice on a day-to-day basis. It is further obliged to appoint a MLRO, but these two roles may be fulfilled by the same person. In any case, the MLRO must be an officer of the CSP who already satisfies all the requirements set out in the FIAU’s implementing procedures. As CSPs would ordinarily have an MLRO already, the same person may act as MLRO for purposes of this Act. No appointment to any of these two offices may be made without the MFSA’s prior written consent.

Restricted Acts

A number of acts cannot be performed by registered CSPs without prior MFSA approval (such as, the transfer or acquisition of material ownership interests, cessation of business, dissolution or merger), while others require advance or immediate notice (material litigation, resignation or appointment of a director or MLRO).

Organisational requirements

Registered CSPs must be able to display sufficiency of financial means and effective organisational attributes and resources, such as competent staff, staff training, decision-making procedures, clear communication and reporting lines, internal mechanisms of control, adequate business records and sound work, compliance and reporting procedures, including measures to safeguard the security and confidentiality of information. Indeed, several rules impose obligations that demand ongoing fulfilment. Others regulate the circumstances where critical services or important operational functions are outsourced.

Relations with clients

Client engagements must document in writing the services to be provided by the registered CSP, including its fees, a termination clause, a complaints procedure, a statement confirming registration with the MFSA as well as evidence of acceptance by the client. Client funds must also be segregated from the CSP’s own. It is expected that several CSPs will have to revise their standard engagement documentation to come in line with this part of the rules.


A registered CSP must now submit annually to the MFSA a statement that (i) its activities were conducted in accordance with the Act and the rules (stating where it has not done so and documenting matters accordingly) and (ii) the number of complaints it has received, if any, and also those remaining unresolved.

Interface between rules and PMLFTR

Most notably, before taking instructions, the rules obligate a registered CSP to establish that a new client is reputable and to request completion by the client of a questionnaire on his legal status, besides the usual customer due diligence and identification and verification processes (for which a procedures manual is also required under the rules). In short, the obligations outlined in the rules apply in addition to the FIAU’s implementing procedures.

A newly introduced concept is that requiring registered CSPs to establish procedures capable of assessing whether the formation of a company causes reputational risks for Malta, where for instance such company is meant to act as a holding company for financial services business conducted in dubious or less regulated jurisdictions.

What next?

The obligations imposed by the rules are both significant and onerous. Many CSPs will need to implement substantial changes to current practice, but should take the publication of the rules as an opportunity to embed high standards of competence, integrity and corporate governance into their operations. Regulating CSPs is a positive step for a financial services centre that demands to be taken seriously and projects further growth for itself based on the quality of its practitioners and the responsibility and accessibility of its regulators.

While procedures and controls have fittingly been introduced in an area previously unregulated, the regulatory framework for CSPs should not develop later in a way that slowly or incrementally stifles the spirit of key players or new entrants in the local corporate sphere.

Over-regulation, unnecessary paperwork, unproductive reporting and attendant cost burdens easily impact on cost and competitive advantages. The strong preference expressed by the industry during the consultation stage for treating commonly owned or controlled CSPs unitarily as a group for all purposes of the Act was unfortunately not accepted to the extent desired, but there is still time for reconsideration and simplification before CSPs react by potentially costly restructuring. The obligation of registered CSPs forming new companies to identify whether the latter’s activities are legal in the country where they are to be carried out, or require licensing there, is very difficult to apply in practice.

While the potential for a mental divide between ‘regulator’ and ‘regulated’ is a natural concomitant of most regulated environments, generally, their interests will ultimately converge despite different roles and goals.

All the stakeholders of Malta’s services industries (and, in particular, its financial services industry) must remain at all times pragmatic and agile enough to meet and overcome emerging challenges, and to do this through a common strategic approach that is pre-emptive, reinventive and cohesive.


This article was published in The Times Business on the 8 May, 2014.