Everyone operating in the business sector is aware that in the past three years, the financial environment in Malta has been transformed, and subjected to an unprecedented degree of scrutiny by International fiscal monitoring bodies. We have seen Regulatory and other institutions, namely the FIAU, the MFSA, the MBR, the CFR, Banks, and Insurance go into overdrive in the process of upgrading Due Diligence Compliance and Know Your Client (KYC) awareness and data. One might argue that a rather heavy hand was used and equally, it must be said that an upgrade was needed. However, as is customary in this jurisdiction, the vast majority of those concerned in the business and financial sectors responded nimbly and effectively. The resulting upgrade in procedure and processes all across the board were arduous to say the least, but ultimately and without doubt the Maltese regulatory framework has been strengthened.
GDPR
At the same time, lurking in the background is another legislative brute. Since its adoption by the EU in 2016, the General Data Protection Regulation (GDPR) has been in vigor across the EU, with a statute intended to protect personal rights and data. This intricate piece of legislation continues to weigh heavily on both entities and individuals to ensure that, from a data protection perspective now, all the safeguards, checks, and balances are in order to protect personal rights. It is indeed a cause for very serious concern that a vast number of entities and individuals in Malta either ignoring completely the provisions of the GDPR or worse still do not know how bad it can bite. Its provisions are very onerous and contemplate heavy sanctions upon default.
WAY FORWARD – STATUTORY DOCUMENTATION
Combining these two occurrences, as an integral part of this upgrading process we will be sending all our client’s regulatory documentation which we are obliged to keep on file by law. We encourage you to read these carefully and communicate with us if any aspects are unclear to you and you require further assistance. We will be happy to help. We are setting out hereunder an indicative list of these documents. This process is progressive and ongoing, so this is certainly not meant to be an exhaustive list.
- Non-Disclosure Agreement
- Data Processing Agreement
- Entity Service Agreement
- Letters of Engagement
- Corporate Combined Share Register
- Banking – Due Diligence and KYC Requirements and update
- IT Maintenance and Housekeeping – Hardware and Software Frameworks
- IT Cyber Security
- IT Insurance requirements
- IT Breach mitigation and response plan
- IT Policies and Procedures
