New Legislation

• The Digital Operation Resilience Act (DORA)

DORA was published in late December 2022 and entered into force on 16 January 2023 and is now following a 24-month implementation period, thereby becoming applicable during January 2025. Within this two-year period the EBA has been mandated to issue a number of Guidelines as well as Implementing and Regulatory Technical Standards which shall cater for several aspects, including the risk management framework, the reporting of major incidents, and threat led penetration testing.

Credit Institutions are expected to plan accordingly and assimilate the requirements emanating from the Regulation in their institution-wide processes.  The requirements found in DORA aims to aid institutions to become stronger and more resilient in the current digital age.

• The Corporate Sustainability Reporting Directive (CSRD)

The CSRD was published towards the end of 2022 and entered into force on 5 January 2023. The Directive broadens the scope of the Non-Financial Reporting Directive and continues to push forward the green agenda by promoting capital inflows towards sustainable activities within the EU. Under the Directive, institutions are classified into different categories having a staggered approach in terms of applicability, starting with ‘large EU public interest entities’ who shall report from 2025 for financial year starting on or after 1 January 2024.

The CSRD enhances reporting on various fronts, such as, the resilience of the business model and strategy in relation to risks concerning sustainability matters as well as any plans that the entities are expected to follow to ensure that the underlying business model and strategy are compatible with the transition towards a sustainable economy with the objective of limiting global warming.

A new set of related European Sustainability Reporting Standards (ESRS) are currently being developed, with the EU Commission expected to issue delegated acts in the coming months.  These are expected to draw upon the technical advice provided by the European Financial Reporting Advisory Group (EFRAG) and will cover environmental, social, and governance matters, amongst other things.  Following this, EFRAG is expected to continue working on a number of standards which will cover various economic sectors, including a specific set for Small and Medium Sized Enterprises. See under the sub-section ‘Sustainable Finance’ for further information.

Credit institutions are encouraged to carry out the necessary internal analysis to fully understand the implications of the Directive, going forward.

• Covered Bonds Directive

 The Covered Bonds Directive harmonises the supervision and treatment of covered bonds across the EU and aims to regulate the conditions under which credit institutions can issue such instruments as a financing tool, as explained in a Circular issued by the Authority. In this regard, the following Regulations and Rule have been issued and/or amended during the first quarter of the year to complete the transposition of the Directive:

1. Act No. IX of 2023, Financial Markets (Amendment) Act;
2. Financial Markets Act (Covered Bonds) Regulations (LN 59 of 2023);
3. Amendments to Investments Services Rules.

New and Updated Banking Rules

The Banking Rule BR/01 on the Application Procedures and Requirements for Authorisation of Licences for Banking Activities under the Banking Act was amended to include information required in line with the EBA Guidelines on a common assessment methodology for granting authorisation as a credit institution under Article 8(5) of Directive 2013/36/EU (the ‘CRD’).

The Banking Rule BR/02 on Large Exposures was redrafted following the repeal in January 2014 due to the implementation of Regulation (EU) No 575/2013 (the ‘CRR’), in order to implement the provisions of the EBA Guidelines specifying the conditions for the application of the alternative treatment of institutions’ exposures related to ‘tri-party repurchase agreements’ set out in Article 403(3) of the CRR for large exposures purposes, and the EBA Guidelines specifying to criteria to assess the exceptional cases when institutions exceed the large exposure limits of Article 395(1) of the CRR and the time and measures to return to compliance pursuant to Article 396(3) of the CRR.

The Banking Rule BR/09 on Measures Addressing Non-Performing Exposures and Forborne Exposures was updated to amend the quantitative requirements for non-performing exposures and implement the EBA Guidelines on the application of the definition of default under the CRR, the Guidelines on credit institutions’ credit risk management practices and accounting for expected credit losses, the Guidelines on the management of non-performing and forborne exposures, and the Guidelines on the disclosure of non-performing and forborne exposures.

The Banking Rule BR/20 on Recovery Planning was amended to implement the EBA Guidelines on recovery plan indicators under Article 9 of Directive 2014/59/EU (the ‘BRRD’), and the Guidelines specifying the conditions for group financial support under Article 23 of the BRRD.

The Banking Rule BR/23 on the Reporting and Disclosure of Exposures Subject to Measures Applied in Response to the COVID-19 Crisis was repealed at the beginning of the year following developments from the European Banking Authority (the ‘EBA’) that occurred during December 2022. An Explanatory Note was also published to specify the reporting requirements for reference date 31 December 2022.

Check out this MFSA webpage for a list of all the updated Banking Rules published by the Banking Supervision.

Circulars issued and published by the MFSA in 2023 Q1

Check out this MFSA webpage for a list of circulars published by the Banking Supervision.