MFSA Flags Weaknesses in MAR Compliance Across Investment Services Providers

The review highlights areas where standards have improved, while identifying several persistent weaknesses in the prevention, detection, and reporting of market abuse. 

Summary of Inspections 

Since 2020, the MFSA has carried out on-site inspections with over 80% of Malta Stock Exchange member firms. These inspections covered a broad set of obligations under MAR, including market soundings, detection and reporting of suspicious transactions, training, staff dealing, investment recommendations, and record-keeping. While some progress was noted since earlier compliance meetings, the Authority observed that many ISPs still fall short of fully meeting regulatory expectations. 

Observations and Areas of Concern 

• Market Soundings 

The majority of ISPs either did not carry out market soundings or did so without complying fully with the applicable regulatory framework in place at the time. Inadequate record-keeping, failure to use standard templates, and lack of key disclosures were frequently noted. While the market sounding regime has since become optional, entities are still expected to implement effective internal procedures if such activity is undertaken. 

• Detection and Reporting of Market Abuse 

Many ISPs were found to lack detailed procedures for monitoring suspicious orders and transactions. In some cases, procedures merely restated legal obligations without setting out how checks would be applied in practice. Thresholds used to flag suspicious activity were often unclear or ineffective, contributing to underreporting. The MFSA expressed concern that several firms had never submitted a suspicious transaction and order report (STOR), even where indicators suggested potential abuse. 

• Staff Dealing and Conflicts of Interest 

Arrangements to manage the risks posed by staff dealing varied considerably. Some ISPs had pre-approval procedures in place, while others lacked even basic controls. The absence of proper segregation of duties—where staff involved in advising clients were also responsible for transaction monitoring—was flagged as a potential source of conflict. 

• Record-Keeping and Internal Review 

Article 3(8) of the Delegated Regulation requires firms to retain detailed records of any analysis carried out when assessing potentially abusive transactions. Many ISPs were unable to produce such records during inspection, or maintained only high-level summaries. In several cases, policies and procedures had not been reviewed or updated since initial implementation. 

• Training 

Training on MAR obligations was inconsistent across the sector. Several ISPs had either never provided formal training or delivered only one session. Where training was provided, it often lacked practical guidance on internal processes and focused only on general legislative requirements. 

• Investment Recommendations 

Although most ISPs did not issue investment recommendations, those that did were not always fully compliant. Some omitted basic disclosures, such as the time of publication, as required under the Delegated Regulation. 

MFSA Expectations 

The MFSA expects all ISPs to ensure that their systems, controls, and procedures under MAR are proportionate to their size and business model. The Authority has outlined a set of best practices, including: 

• Ensuring procedures are tailored, detailed, and aligned with actual business activity; 
• Maintaining clear thresholds for monitoring and escalation; 
• Keeping accurate records of transaction analysis and decision-making; 
• Conducting regular audits and updates of internal procedures; 
• Providing role-specific training, including practical examples and references to internal processes; and, 
• Implementing staff dealing controls and avoiding conflicts of interest in monitoring functions. 

The findings underscore the need for more structured and consistent adherence to MAR across Malta’s investment services sector. The MFSA has made clear that future inspections will expect full compliance and that shortcomings could result in regulatory action. 

BDO Malta can support investment firms in reviewing and enhancing their MAR control frameworks, including policies, monitoring systems, record-keeping, and internal reporting procedures. We also offer tailored training programmes designed to equip staff with practical knowledge on identifying and managing market abuse risks, aligned with their roles and responsibilities.

Our team is available to help firms strengthen their compliance arrangements and prepare for supervisory engagement with confidence. 

Get in Touch