Malta Company Service Providers Regulations

MFSA issues new rules for Malta Corporate Service Providers

Dr. Maria Chetcuti Cauchi | 14 May 2021

Company Services Providers MFSA Rules for Consultation

By virtue of Legal Notice 96 of 2021, the Malta Company Service Providers (Amendment) Act 2020 (“the Act” or “the Amendments”) came into force on 16 March 2021. This Act also brought with it an overhauled Corporate Services Provider (“CSP”) Rulebook (“Rulebook”). Previously exempt, Malta CSPs must apply for their licences under the impending deadline of 16 May 2021. CSPs who were already listed with the Malta Financial Services Authority (“MFSA” or “the Authority”) prior to this reform need also ensure full compliance with the new amended rules with a deadline expiring on 16 September 2021. Both groups of CSPs must look intensively at their new obligations under the new Rulebook. 

Being part of a larger restructuring exercise undertaken by the MFSA to enhance the financial services industry benchmarks, improve regulation of CSP conduct and safeguard Malta's standing as a reliable financial services centre, these Amendments establish a classification system, assigning CSPs to a particular category by reference to the services provided. The Authority is in control of the authorisation and supervision of CSPs, who are entities or individuals providing corporate services, as a business activity, including company formation, directorship/company secretary services and registered office, business or correspondence address provision for businesses.

Malta Corporate Service Provider Legal Regime

The Main Legislation covering Malta CSPs are:

  • Company Service Providers Act, 2013
  • Various Financial Services Laws (Amendment) Act, 2017
  • Company Service Providers (Amendment) Act, 2020

The Subsidiary Legislation (legal notices) covering Malta CSPs which lays down further requirements relating to the supervision of same are: 

  1. Company Service Providers (Fees) Regulations, 2015 (L.N. 27 of 2015)
  2. Commencement Notice under Various Financial Services Laws (Amendment) Act 2017 (L.N. 384 of 2017)
  3. Company Service Providers (Exemption) Regulations, 2021 (L.N. 105 of 2021)
  4. Company Service Providers Act (Fees) (Amendment) Regulations, 2021 (L.N. 117 of 2021)

Regulations hold the Rules applicable to company service providers issued by the MFSA. These Rules supplement the requirements contained in the Main Legislation and in the Subsidiary Legislation which applies to Malta company service providers. They address in more detail certain requirements including the application process, the fitness and properness criteria, conduct of business, general organization requirements and internal management controls, compliance issues, reporting obligations and disclosure requirements. Company service providers are legally bound to comply with these Rules. 

The New Malta Corporate Services Act (2020)

Through this Act several crucial changes have been introduced to the Malta’s framework regulating providers of company services. Noteworthy adjustments include the exclusion of prior exemptions available to warranted professionals and the end of the de minimis rule. 

The Rulebook is the primary handbook defining the continuing responsibilities and commitments a CSP must follow and abide by. 

Malta Corporate Services Providers Classification

The new CSP class structure is provided below: 

Class A providers are those ​authorised to provide by way of business to third parties formation of companies or other legal entities and / or provision of a registered office, business correspondence or administrative address and other related services to third parties. 

Class B providers are those ​authorised to provide the service of acting as, or arranging for another person to act, as director or secretary of a company, a partner in a partnership or similar position in relation to any other legal entity.​

Class C providers are those ​authorised to provide by way of business all of the services of a CSP mentioned under Class A and Class B above.​

Under threshold Class A, CSPs may only be natural persons or partnerships in possession of a warrant (or equivalent) to carry out the profession of advocate, notary public, legal procurator, or certified public accountant whose revenue from corporate services forms, or is forecast to form, in the upcoming year not more than 

(a) 35% of the combined total revenue in a calendar year from the provision of all professional services; or 
(b) €100,000 whichever is the higher.   

This sub-category class may not provide services of a registered office, business correspondence or administrative address and other related services.

Under threshold Class B, CSPs may only be individuals who hold an aggregate of not more than 10 involvements. Involvements encompass acting as a director, company secretary of company or a partner in a partnership, or any other similar position in a related legal entity. Involvements of the same person within the same group of companies only count as 1 involvement for the purpose of determining the threshold. Furthermore, involvements with entities which are licensed, recognised or authorised by the MFSA do not count as an involvement.   

As part of the application for authorisation procedure, an applicant shall be classified into one of the 3 classes above (Class A, Class B or Class C) at the MFSA's discretion. Where the applicant is classified as a Class A or as a Class B, the MFSA shall also determine whether the applicant is over-threshold or under-threshold.

Malta Corporate Services Providers Rulebook

Prior to the publication of the Act and the corresponding Rulebook, the Maltese financial services community had hoped that a clear delineation of the applicability of the rules or otherwise would be provided. It was hoped that this conclusion would be reached through a clear application of the new CSP classification. However even a cursory look at the new Rulebook discloses no hard and fast demarcation of this kind. 

A couple of main, central responsibilities do assist in differentiating between classes of different service providers, namely rules relating to capital and insurance requirements. However, with reference to other obligations, the Authority has emphasized that the rules are principle-based and should be observed in a manner that is proportionate to the size, risk, and business model of the provider in question. Even though the Rulebook is infused with mentions on how it may be applied by CSPs who are individuals, yet there is no clear outline nor breakdown of the obligations for each class. The Authority also adopts a risk-based approach with respect to the supervision of CSPs. A risk monitoring system is utilised whereby the data collated through the offsite supervision and any other intelligence available is inputted and a risk score is allocated to each CSP. This risk score will determine the nature and frequency of supervision carried out by the Authority.

Malta CSP Authorisation

Moreover, the revised CSP Act now provides that any person operating in or from Malta who acts or holds himself out as acting as a company service provider by way of its business, shall apply for authorization with the MFSA. A paradigm shift is present from the previous regulation of CSPs through a registration legal regime to regulation via an authorization. Additionally, a non-exhaustive list of factors to establish whether a particular activity is being performed by way of business or otherwise is provided but each determination must be tested on its own merits. 

Malta CSP Risk Management 

The Rulebook also introduces new risk management rules which extend beyond the traditional concentration on money laundering and combatting of terrorist financing risks. The new rules require CSPs to carry out adequate risk assessments, preserve sufficient risk management policies, appoint an independent risk officer and maintain a risk register regarding clients.

CSP Key Functions Appointments

Under the new Malta Corporate Services Law, a CSP is required to appoint a set of key individuals that will cover key function holders including a compliance officer; a Money Laundering Report Officer and a Risk Management Officer. 

Malta Corporate Services Exemptions

Under the previous rules, any person in possession of a warrant or equivalent to carry out the profession of advocate, notary public, legal procurator or certified public accountant was exempt. The new rules no longer provide this, and such exemptions have been removed. Such warrant holders must still obtain authorisation from the Authority within 8 months from the coming into force of the Amendment Act if they wish to continue to act as CSPs. 

  • Pursuant to the new Malta Corporate Services Providers (Amendment) Act, the following categories of persons are exempted from obtaining authorisation under the CSP Act:
  • Persons authorised to act as trustee or to provide other fiduciary duties under the Trusts and Trustees Act.
  • Persons registered to act as VFA Agents under the Virtual Financial Assets Act, when providing the activity of a company service provider as part of its main activity provided that the said activity shall not include acting as director or secretary of a company, as a partner in a partnership or of acting in a similar position in relation to any other legal person.
  • Individuals acting as director or secretary of a company, as a partner in a partnership or of acting in a similar position concerning any other legal entity which are licensed, registered or otherwise authorized by the MFSA or by an overseas regulatory authority in a recognised jurisdiction.
  • Individuals acting as director or secretary of a company whose financial instruments have been admitted to listing on a regulated market in Malta or on a regulated market an overseas regulatory authority in a recognized jurisdiction.

In the case of licensed trustees and registered VFA Agents, they are required to notify the MFSA that they shall be acting CSP prior to the carrying out of any CSP activity.

In the case where a CSP is found liable by the Financial Intelligence Analysis Unit (FIAU) for a serious, repeated, or systematic breach of the Prevention of Money Laundering Act and, or any regulations issued thereunder, the MFSA is now empowered to revoke any authorisation it has previously issued. CSP auditors also have the obligation to advise the MFSA promptly of any matter they become aware of in their capacity which would lead to a serious qualification or refusal of the auditor’s report on that CSP’s financial statements, or which constitutes a material breach of legal or regulatory obligations.


In a nutshell, the result of these amendments has been the casting of a much wider net when it comes to the regulation of Malta corporate services. Now the new law catches all types of legal persons and not just companies. It has removed earlier relevant exemptions and de minimis rules, has imposed broader reaching continuing obligations and heavier fines for non-compliance in a bid to raise standards within the industry.

Existing Malta Corporate Services Providers, including the ones who were previously exempt, must take a good look at the revised laws and regulations and digest the new complexities relevant to their operation. Inattention to these new rules might result in a maximum administrative penalty that has doubled from €25,000 to €50,000. It is for this reason that current CSPs and/or prospective CSPs are strongly advised to obtain legal advice with respect to their specific situation and/or to consult with the regulator in this regard.

Should advice be needed on the New Malta Corporate Services Laws, please contact us

Request More Information

Please send me legal and other updates