Malta Financial Services Authority sets AI governance and prudential expectations for supervised licence holders

The Malta Financial Services Authority has issued a Dear CEO letter setting supervisory expectations for the adoption and use of artificial intelligence across Malta’s financial services sector. The expectations apply to all MFSA-supervised licence holders and position AI as a prudentially relevant risk area that should be embedded within existing governance, risk management and internal control frameworks, in the context of the evolving European framework following the EU Artificial Intelligence Act. The letter highlights board and senior management accountability for AI systems, governance and oversight arrangements, third-party dependencies and concentration risk, model validation and monitoring, data governance and regulatory compliance, and operational resilience and systemic risk. To support supervisory engagement, the MFSA has developed a structured self-assessment framework covering current and anticipated AI use cases, governance arrangements, third-party dependencies and control environments. Firms do not currently have to submit the results, but they are expected to be able to show that the assessment has been completed, reviewed at board and senior management level, and followed by remedial action where gaps are identified. AI-related issues will remain part of the MFSA’s ongoing supervision, including thematic reviews and onsite inspections. Supervisory attention will focus in particular on governance frameworks, outsourcing arrangements, the use of AI in customer-impacting processes, and whether AI adoption is aligned with firms’ risk appetite. The authority also plans targeted AI training and capacity-building through the Financial Supervisors Academy.