The Malta Financial Services Authority (MFSA) released the ‘Guidance on Technology Arrangements, ICT & Security Risk Management and Outsourcing Arrangements’.

The document outlines the importance of technology within the fintech / financial services sectors due to the heightened level of reliance which is being placed upon technology to perform critical business functions.

The Guidance provides governance on areas such as Technology Arrangements, ICT & Security Risk Management, and Outsourcing Arrangements. In addition, it provides the scope and emphasis on the importance of meeting the requirements authorised by said Guidance, with which authorised firms must ensure compliance.

In-scope Entities

The MFSA’s guidance on Technology Arrangements requires the following entities’ compliance:

• Credit Institutions
• Financial Institutions
• Insurance Undertakings and Reinsurance Undertakings
• Captive Insurance Undertakings and Captive Reinsurance Undertakings
• Insurance Intermediaries
• Ancillary Insurance Intermediaries
• Retirement Pension Schemes
• Pension Service Providers
• Investment Services Licence Holders
• Trading Venues
• Central Securities Depositories
• Trustees and other Fiduciaries
• Company Service Providers
• Virtual Financial Assets.

These are without prejudice to sector-specific legislation, including delegated measures, sector-specific guidance, and all other EU and national legislation.