CSP Class C – Risk Management function

In March 2021, the Malta Financial Services Authority (“MFSA”) published the Company Service Providers (“CSP”) Rulebook (“Rulebook”), which was published pursuant to Article 8 of the Company Service Providers Act, Chapter 529 of the Laws of Malta. The scope of the Rulebook is to provide CSPs with appropriate guidance on the various requirements which CSPs are required to satisfy for as long as it remains authorised. One of the newer requirements introduced by the amendments to the Rulebook relates to the establishment and maintenance of a Risk Management function.

In this regard, every Company Service Provider holding a Class C authorisation is required to establish and maintain such function which independently carries out the following tasks:

  • the implementation of policy and procedures as referred to in Rule R3-7.1;
  • The provision of reports and advice to senior management.

It is important to note that depending on the CSP’s size, scale and complexity of its operations, the CSP may avail itself of the derogation to have an independent Risk Management function in place. Instead, and as long as it does not create any conflicts of interest, the CSP may opt to have a senior officer or non-executive director to take on this role.

Whilst all CSP classified as a Class C have until the 16th September 2021 to ensure they have an appropriate Risk Management function in place, new entities with the intention of obtaining such authorisation would be expected to have this in place as part of the authorisation process itself.

In light of the above, RSM has a team to assist you in this process. Why not reach out to us to discuss how best we may support you.