Malta Financial Services Authority directs boards to embed business resilience and will reinforce expectations through supervisory engagement and inspections

The Malta Financial Services Authority (MFSA) issued a Dear CEO letter instructing boards and senior management at financial institutions to treat business resilience as a strategic priority, following a thematic exercise that identified gaps in firms’ preparedness to protect consumer interests during disruptions. The review highlighted weak financial forecasting where institutions reported sustained multi-year losses despite positive outlooks, concentration risk from over-reliance on a small number of major clients, and risk identification that focused too narrowly on IT threats while overlooking broader operational, financial and reputational risks. It also found shortcomings in annual testing of business continuity arrangements, operational fragilities linked to staff turnover and succession planning, and limited evidence that testing produced documented improvements. The MFSA expects resilience to be embedded in strategy, financial planning and day-to-day operations, supported by broader risk assessment frameworks, annual stress testing across liquidity, financial and operational dimensions, locally owned risk assessments rather than reliance on group-level monitoring, diversification strategies to reduce client concentration, and business continuity plans that are regularly tested, documented and updated. Supervisory follow-up will include integrating thematic findings into supervisory meetings and onsite inspections, with long-standing licensees, particularly those authorised for more than a decade, expected to demonstrate maturity and preparedness proportionate to their tenure.