The Malta Financial Services Authority (MFSA) has published the results of a Thematic Review on Business Resilience among Financial Institutions (FIs). The exercise, led by the FinTech Supervision Function, focused on three key areas: Business Strategy, Financial Resilience, and Operational Continuity.
Key Observations
The MFSA found that most institutions had strategies and continuity frameworks in place. Several shortcomings were identified:
- Business Strategy: While most FIs reported having documented strategies and continuity plans, many cited only IT-related risks when asked about external threats. The MFSA emphasised the importance of monitoring a broader range of risks, including regulatory, financial, and operational, and doing so at the local level, not only at group level.
- Financial Resilience: Some institutions have consistently reported losses while simultaneously projecting positive forecasts, a practice deemed inconsistent. Stress testing was often limited to IT-related issues, with insufficient attention given to liquidity, client dependency, and broader financial vulnerabilities. The MFSA underlined the importance of robust forecasting, stress testing, and capital planning.
- Operational Continuity: High staff turnover and succession planning gaps remain common challenges. Some institutions also lacked adequate contingency arrangements with correspondent banks, leaving them exposed to potential disruptions in safeguarding and settlement processes.
Strengthening Resilience
The MFSA reminded institutions that business continuity planning, crisis management, and disaster recovery testing must be embedded at all levels of the organisation. Regular testing, staff training, and clear contingency measures are essential to ensure operational readiness and mitigate key person risks. The MFSA also stressed that business resilience should be treated as a strategic board-level priority, with adequate resources and continuous oversight to safeguard institutional stability and consumer confidence.
Concluding Remarks and Way Forward
The MFSA will integrate the findings of this thematic exercise into its ongoing supervisory work, including meetings and onsite inspections. Institutions are expected to:
- Maintain and regularly test business continuity and disaster recovery plans;
- Conduct comprehensive stress testing across IT, liquidity, and financial domains;
- Strengthen human resource planning and succession strategies; and,
- Ensure contingency measures are in place for correspondent banking and third-party dependencies.
