13e In November 2020, the MFSA published the first volume on the nature and art of financial supervision of banking and credit institutions, examining their operations in the Maltese banking sector and publishing the findings, risks and challenges that the function banking supervision of the MFSA deemed relevant. The said publication provides an overview of the approach to banking supervision undertaken through the Supervisory Review and Evaluation Process (SREP) and the MFSA’s supervisory approach. The publication then details the findings and the predominant risks and its recommendations in this regard.
The MFSA found that bank boards lacked appropriate information about their bank’s risk profile; failed to ensure ongoing review of policies; failed to improve the backlog of customer due diligence reviews; or ensure that their ICAAPs covered the necessary risk analysis. One of the main issues driving these failures was that banks were looking to reduce costs by merging into one: risk, compliance, MLRO and legal compliance responsibilities. Sufficient resources should be allocated to each of these responsibilities, thereby ensuring adequate oversight of a bank’s business model. In addition, the MFSA found that boards need to significantly improve financial resilience planning, primarily by understanding the resilience of their business model in stress scenarios and planning for an appropriate assessment of all the risks that different scenarios may arise.
The MFSA found that boards failed to ensure that internal control frameworks were functioning properly and that internal governance frameworks did not clearly identify the roles and responsibilities of key people/functions and how each function performs. complements and operates in parallel with each other. Senior management and board members must ensure that each function has the necessary staff, skills and support, as well as appropriate direction and resources. This failure, coupled with the amalgamation of roles discussed above and/or the failure of the third line of defense in its functions, has resulted in weak decision-making, risk management and control within banks. The MFSA further found deficiencies in record keeping and that policies and procedures were not in place, or otherwise, where in place, were not properly documented. In its recommendations, the MFSA proposed that risk management, compliance and audit functions should be provided with appropriate resources and expertise, enabling boards to ensure appropriate internal control frameworks. In addition, the MFSA has recommended that boards maintain a diverse and high skill set, also enabling them to require management to prepare realistic and tested business plans based on delivery records, thereby enabling banks to develop effective risk and compliance functions.
The MFSA further proposed that institutions should invest in their staff and provide training to employees to ensure they can perform and avoid any regulatory failures, and this given that in its findings it found that staff working in the banking sector lacked skills, knowledge and competence.
In reporting its findings on credit risk, the MFSA found inadequate oversight processes, boards unable to report, challenge and monitor credit risk, and ineffective collateral management processes. For lending standards to be maintained, boards must play an active role in presenting them to senior management and lending teams, while ensuring that the lending process has good risk governance.
Finally, the MFSA found several shortcomings regarding the monitoring of AML and CFT risks within banks, in particular on the part of the board of directors, MLROs and compliance officers. The MFSA has proposed that institutions ensure that AML/CFT processes are conducted through appropriate IT structures; that institutions provide AML/CFT training to their employees; that boards of directors are knowledgeable and capable of ensuring adequate control infrastructures within institutions; and that MLROs have been properly trained and able to identify AML/CFT risks and have been empowered to effectively mitigate the risks.
As part of its next supervisory assessment, the MFSA is now focusing on the effectiveness of the implementation of the 5e AML Directive, as well as other oversight areas such as strategic planning, stress testing, COVID-19 impacts and support systems, internal governance effectiveness, growth strategies, AML controls /CFT and the mitigation of IT and cybersecurity risks.
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.