On 1 April 2024, the MFSA published its findings arising from supervisory interactions as part of a thematic review on governance and the compliance function in relation to trustees and Company Service Providers (CSPs). The aim of the Authority’s publication is to promote transparency of its findings within the industry as well as to share its insights for authorised persons to identify areas for improvement and make the necessary changes to their compliance frameworks in an effective manner.
The Thematic Review focuses on matters relating to governance including the role of the Board of Directors, client onboarding and ongoing monitoring, necessary agreements to support resource sharing and outsourcing, and the regulatory requirement to maintain regulatory registers, among others.
The second part of the Thematic Review delves into matters relating to the compliance function and provides valuable insights into the required level of documentation to evidence the work carried out the compliance function on matters such as client files review. As the primary compliance tool utilised by the compliance function, the Thematic Review provides detailed guidance on the implementation of the regulatory requirement to have in place a robust Compliance Monitoring Programme (CMP), which adequately tracks the areas to be tested. The MFSA emphasised that the exercise of maintaining the CMP should not be reduced to a tick-box exercise but should involve active engagement with relevant stakeholders on a continuous basis. Specifically, the Thematic Review stipulates that an enhanced CMP should include:
- A description of the area to be tested;
- The relevant procedure explaining how such areas are tested;
- The finding and/or recommendations; and
- The period of when the testing will be/was carried out.
Furthermore, the Thematic Review reiterates the importance of the independence of the Compliance Officer with unfettered access to all relevant information. Adequate record keeping is also key to ensure good governance in line with internal procedures.
In view of the findings shared through the publication of the Thematic Review, authorised persons are expected to carry out a gap analysis exercise and take prompt action to address any identified shortcomings. This gap analysis should be duly documented and made readily available, to the Authority, upon request.
Read more about the MFSA’s expectations arising from its Thematic Review on Governance and the Compliance Function for TCSPs, here.