The European Banking Authority (“EBA”) launches public consultation on draft technical standards on Pillar 3 disclosures of Environmental, Social and Governance (“ESG”) risks
On 1 March 2021, the EBA published a consultation paper on the draft Implementing Technical Standards (“ITS”) on Pillar 3 disclosures on ESG risks. The draft ITS highlight how climate change-related risks and physical risks, including carbon-related assets and assets subject to chronic and acute climate change events, may heighten other risks within institutions. The EBA encourages interested parties to provide their comments to this consultation by 1 June 2021.
Updating of Information contained on MFSA’s Licence Holder (“LH”) Corporate Profile
Further to the circular issued on 8 June 2020, the Authority issued a circular on 2 March 2021 to remind entities licensed under the Company Service Providers Act, 2013, that they are required to ensure that all data available on the LH Corporate Profile is up to date.
Software-as-a-Service (“SaaS”) as an Outsourcing Arrangement
On 8 March 2021, the Authority issued a circular addressed to firms that make use of cloud computing services (and web- or internet-based applications) that are managed by external providers, that is, firms that make use of a SaaS.
In the event that these services are utilized on an ongoing basis and would normally fall within the scope of functions of the LH, then such service being provided by SaaS Third Party Provider qualifies as an outsourcing arrangement. LHs are required to manage the relevant outsourcing risks associated with SaaS arrangements and carry out due diligence both at the initial stage and on an ongoing basis on the SaaS Third Party Provider.
For further guidance in this respect, reference should be made to the MFSA’s Guidance Document on Technology Arrangements, ICT and Security Risk Management, and Outsourcing Arrangements.
The implementation of the Sustainable Finance Disclosure Regulation (“SFDR”)
Further to the circular dated 9 February 2021, on 9 March 2021, the Authority issued another circular addressing the implementation of SFDR. Entities falling in scope are encouraged to make use of the interim period from 10 March 2021 to 1 January 2022 to prepare for the application of the Regulatory Technical Standards (“RTS”).
Building a Compliance Culture
On 9 March 2021, the Authority issued a press release highlighting the foundation upon which CSPs should build their structures. CSPs are expected to establish tailor-made policies and procedures, have clear reporting lines especially in relation to the Compliance and Anti-Money Laundering functions. Senior Management is also expected to carry out oversight on the CSPs operations.
CSPs should also adopt a “three lines of defence” model where:
- The officers and employees who have a direct interface with clients and carry out CSP activities are the first line of defence,
- The monitoring and oversight functions of the Compliance and the AML/CFT functions is the second line of defence; and
- The internal audit assessment on their internal controls, policies, and procedures to identify any deficiencies is the third line of defence.
Circular on the European Markets Infrastructure Regulation (‘EMIR’ or ‘Regulation’)
On 10 March 2021, the Authority issued a circular notifying all entities which enter into derivative contracts and fall within scope of EMIR that the ‘EMIR Reporting Validation Rules’ have been updated and have become applicable as of 8 March 2021. Trade Repositories are required to implement these new validations to ensure that reporting is performed in line with the respective EMIR regime. Reports which are not in line with these requirements will be rejected. In this respect, market participants should ensure that they comply with not only the updated validations but also with their ongoing obligations under EMIR.
Circular addressed to companies and individuals registered to act as CSPs in terms of the Company Service Providers Act
On 10 March 2021, the Authority issued a circular notifying all CSPs on the submission of the Annual Compliance Return (“ACR”) for 2021 and the submission of Financial Statements, Auditor’s Management Letter, and other supporting documentation to the ACR.
CSPs are required to submit the ACR for 2021 using the same template used for the 2020 ACR. The template is available from the MFSA’s website under the following naming “Annual Compliance Return – CSPs 2020“. Supporting documentation being submitted with the ACR such as the organisational chart, shareholding structure, board of directors’ resolution approving the ACR, and compliance reports are to be signed by at least two directors.
Furthermore, CSPs are reminded that 2021 ACR, Financial Statements, and Management Letter are to be submitted through the Licence Holder portal.