Governance expectations in Malta continue to evolve as regulators place greater emphasis on evidence, accountability, and the interaction between control functions. Both the Malta Financial Services Authority and the Financial Intelligence Analysis Unit have signalled a clear shift toward assessing how governance operates in practice, with scrutiny now extending beyond structures to include decision making, challenge, cultural indicators, and the quality of oversight documentation. This evolution reflects broader European regulatory trends that prioritise transparency, risk awareness, and the effectiveness of internal controls.
This series examines those developments through practical insights. Each article focuses on a key governance theme that regulators have highlighted, such as Board engagement, follow up on risk decisions, and the application of the three lines model. The series also explores emerging expectations around AML reporting quality, the role of internal audit as a governance partner, and how training frameworks can demonstrate a firm-wide commitment to AML culture. The aim is to provide clear guidance on how firms can strengthen their governance evidence and demonstrate effectiveness during supervisory reviews.
WHAT SUPERVISORS ARE WATCHING IN 2026
The Regulatory Context
The Malta Financial Services Authority (MFSA ) Supervisory Priorities for 2026 set a clear tone: governance and control effectiveness remain central to supervisory attention across funds, fund managers, investment firms, financial institutions, payment service providers, and MiCA firms. In response to evolving regulatory trends, including heightened expectations for transparency, accountability, and operational resilience across Europe, the MFSA has sharpened its focus on governance substance over form. Recent inspections have highlighted recurring weaknesses in governance documentation, oversight evidence, and the interaction between control functions.
MFSA supervisors expect governance to be demonstrable, data-driven, and traceable, moving beyond static frameworks, to evidence-based practices. Reviews will concentrate on Board effectiveness, escalation mechanisms, and how risk and compliance information drives decisions.
Our Observations
Our Malta regulatory services team has noted that the firms that fare best under MFSA scrutiny are not those with the most polished documentation, but those where governance genuinely informs decisions. The MFSA is increasingly assessing whether Boards understand their key risks, whether control functions are empowered, and whether follow-up on findings is both timely and evidenced. The clear focus is on transparency and accountability in action.
Key Areas of Supervisory Focus
1. Board Awareness and Accountability
The MFSA will be testing whether Boards can demonstrate ownership of strategic and operational risks. During inspections, supervisors request Board packs, risk dashboards, and follow-up logs to assess whether the Board has been engaged in control oversight.
Practical tip: Ensure Board minutes explicitly reference discussions on key risks, safeguarding, ICT incidents, or audit findings, and document the actions taken.
2. Strengthening the Three Lines Model
The regulator continues to emphasise the distinction and collaboration between the first line (operations), second line (risk and compliance), and third line (internal audit). MFSA inspections show that unclear accountability remains a key weakness.
Observation: Firms that align their risk and audit plans, ensuring complementary rather than overlapping coverage, demonstrate stronger governance maturity.
3. Evidence of Control Function Independence
Independence is more than reporting lines. The MFSA reviews how independence operates in practice. One example would be whether control functions have unfettered access to the Board and whether findings are ever diluted or deferred.
Practical insight: Establish direct reporting sessions between control function heads (Risk, Compliance, Internal Audit) and the Board, without management present, and document them.
4. From Governance Frameworks to Governance Evidence
Supervisors are increasingly asking firms to prove that frameworks are being applied. Having a governance policy or structure chart is not enough; there must be traceable evidence of decisions, escalation, and review.
Practical example: Maintain a central governance evidence folder, including minutes, action trackers, and risk updates, to facilitate inspection readiness.
5. Culture and Challenge: The MFSA’s New Focus Area
The MFSA’s 2025 inspection findings hinted at an emerging area of focus: Board culture. Supervisors are now paying attention to how challenge is exercised during meetings, particularly where Boards are dominated by executive members or founder-led management teams.
Observation: The regulator considers a culture of constructive challenge a hallmark of effective governance. Firms should ensure independent non-executive directors are empowered to question and influence.
Practical Steps for Quarter 1, 2026
To stay ahead of MFSA expectations and strengthen governance evidence , prioritise these actions:
- Review and update governance frameworks, including committee terms of reference and reporting lines.
- Document all instances of Board-level challenge, decisions, and follow-up actions.
- Schedule a governance review session to test Board effectiveness and oversight evidence.
- Ensure all three control functions can demonstrate independence and escalation paths.
- Prepare a consolidated 'Governance Evidence Pack', in preparation for any future regulatory inspections.
How We Can Help
At Trident Trust, we help firms move from governance frameworks to governance proof. Our governance readiness reviews identify gaps in Board oversight, evidence documentation, and control alignment. We help Boards and Committees strengthen their decision-making records in order to ensure that governance is clear, credible, and complete.
For more information on our Malta regulatory services, please download our regulatory services brochure, or reach out to Jesmar Ciappara, Senior Manager – Regulatory Services.
MFSA References
- MFSA Supervisory Priorities for 2026 (Dec 2025)
- MFSA Financial Institutions Rulebook (FIR/03)
- EBA Guidelines on Internal Governance (EBA/GL/2021/05)
- MFSA Corporate Governance Code (2023)