MFSA: Call for enhanced cyber security awareness
Due to the ongoing increase of cyber incidents and observed attack patterns, the MFSA notes that financial institutions may be the target of malicious attack campaigns.
FinTech: MFSA Circular addressed to VFAs
FinTech – Circular addressed to VFA Service Providers with respect to amendments to Chapter 3 of the VFA Rulebook. The updates to Chapter 3 shall become applicable as from 1 February 2020.
1. Systems Audit: the definition of ‘systems auditor’ has been amended. The aim is to ensure a fair playing field and an appropriate time for applicants to comply with the relevant requirements.
2. Live Replication Server: in order to avoid confusion and to establish a distinction from the live replication server established by Rule R3-188.8.131.52.6, the MFSA has reworded ‘Live Replication Server’ with ‘Live Audit Log’.
3. Fitness and Proper Test: the definition has been amended by MFSA so as to relieve the requirement of Risk Managers and other persons effectively directing the VFA business of the applicant, by default, to undergo the F&P test. However, MFSA still retains the discretion to request such F&P tests by such individuals. Additionally, CO (proposed) shall not be required to complete a relevant course prior to being approved by the MFSA since said courses are not held on a regular basis. In light of this, the mandatory interview established under Rule R3-184.108.40.206.4 shall become applicable. Again, MFSA retains the discretion to require additional training at the application stage or on-going approval.
4. Exercising a European Right: the LH/Applicant shall be required to maintain a list of all jurisdictions in which the entity is providing, or holding themselves out to provide services. The MFSA delegates to the LH/Applicant the obligation to ensure that the provision/marketing of such services is permissible in such jurisdiction, and therefore the legal opinion shall no longer be required.
5. Matters requiring Approval: Going forward, MFSA shall only be required to receive prior notification of the LH engaging (i) Administrators, (ii) Senior Managers, or (iii) other employees, who would be engaged for portfolio management activities or the provision of investment advice. Yet, MFSA retains the discretion to object to the proposed engagement.
6. Cybersecurity: LHs shall now be required to ensure that their cybersecurity architecture is in line with inter alia any cybersecurity guidelines issued by the MFSA. This amendment has removed Rule R3-220.127.116.11.9.
7. Board of Administration: the rule established in terms of R3-18.104.22.168.2 has been removed by MFSA to ensure that a more principles-based approach.
8. Compliance Certificate: The MFSA shall going forward to review the Compliance Certificate in view of the Compliance Monitoring Plan duly carried out by the entity’s CO. However, the CC shall include
R3-22.214.171.124 establishing additional requirements to CC for Class 4 LHs has been removed.
9. The Financial Instrument Test: the FIT shall be required to be approved by the person responsible for carrying our the said test, and counter-sign the same by at least one Administrator. The obligation for the CO to approve the FIT has been removed.
10. Insurance Requirements: to guarantee a more principles-based approach MFSA requires the LH to ensure that the Professional Indemnity Insurance cover is in line with market standards and adequately cover the risks associated with the business of the LH.
11. Listing Criteria: the MFSA has focused its criteria to technological experience, track record, and reputation of the issuer and its development team. MFSA is considering whether to issue further guidelines in this respect.
12. Capital Requirements: this requisite has been removed.
13. Inducement Rules: R3-126.96.36.199 shall apply across the board and not solely to LH who provides investment advice or portfolio management.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.