The Malta Financial Services Authority (MFSA) issued a comprehensive letter on 25 September 2025 addressing the regulatory expectations for investment firms authorized in Malta engaging in cross-border activities within the EU/EEA under MiFID II passporting rights. The letter aims to strengthen governance, operational frameworks, and supervisory cooperation to enhance investor protection and market integrity.
Notification and Operational Oversight
Firms must submit detailed notification forms prior to providing investment services in other EU/EEA states by freedom of services or establishment. The MFSA applies a risk-based supervisory approach, rigorously assessing governance frameworks, compliance monitoring, marketing oversight, and clarity in cost and product disclosures. Operational setups should be adequate for passported services, with continuous monitoring of client types, transaction volumes, and revenues. High turnover, weak controls, and unclear outsourcing roles are areas of concern needing remediation.
Marketing and Communications Compliance
The MFSA highlights common deficiencies found during inspections, particularly among online brokers providing CFDs. Marketing communications must be fair, clear, and non-misleading, with accurate multilingual translation where applicable. Firms are required to have tailored marketing policies reflecting their actual practices, with all materials approved by appointed Compliance Officers before dissemination. Record keeping of any deficiencies and corrective actions in marketing materials is mandatory. The MFSA actively monitors cross-border marketing, focusing on risk disclosures, licensing accuracy, and compliance officer oversight.
Cost Disclosure and Product Governance
Transparent disclosure of all costs and charges, including implicit and ongoing fees, is critical for investor decision-making. The MFSA found firms often mix disclosure formats, reducing clarity. Product Oversight and Governance (POG) policies must incorporate sustainability preferences explicitly, as set out by MiFID II Delegated Regulation Article 27. The MFSA stressed that target market assessments should not be generalized but address product-specific and sustainability factors, especially for complex products like CFDs.
Client Categorisation and Elective Professional Status
Client classification into retail, professional, or eligible counterparty categories is strictly regulated. The MFSA identified issues with firms applying blanket classifications without proper individual assessments or evidence, especially for Elective Professional Clients. Firms must document transaction history accurately, verify portfolio size properly (including instruments, not just cash), and ensure employment evidence meets regulatory standards. Rigorous compliance checks are expected to resolve contradictions and protect investors from inadequate classification.
Supervisory Cooperation and Enforcement
The MFSA actively cooperates with other National Competent Authorities (NCAs) across Europe and globally, sharing detailed information and conducting joint oversight activities to detect and mitigate cross-border risks. Enhanced transparency and coordination reduce regulatory arbitrage and ensure consistent investor protection irrespective of client location.
Additional Findings and Expectations
- Reporting innovations like new underlying assets or AI trading signals must be accurate and current.
- Due diligence and oversight of partners and introducing brokers are essential to control client acquisition and conflicts of interest.
- Customer complaints processes must be clear, accessible, and multilingual.
- Accurate marketing regarding zero commission models and fees, along with client cooling-off periods, are mandated.
In conclusion, the MFSA’s letter makes clear that Maltese investment firms must uphold robust governance, transparent marketing, precise client classification, and active compliance monitoring while ensuring strong collaboration with EU regulators to maintain the integrity and sustainability of cross-border MiFID II passporting activities.
This detailed supervisory framework is designed to close observed gaps, protect investors, and align Maltese firms with evolving EU standards.
