MFSA Guidance on ICT Related Arrangements

The MFSA ICT Guidance regulates Technology Arrangements, ICT & Security Risk Management, & Outsourcing.

MFSA Guidance on ICT Related Arrangements

The Malta Financial Services Authority (MFSA) released the ‘Guidance on Technology Arrangements, ICT & Security Risk Management and Outsourcing Arrangements’.

The document outlines the importance of technology within the fintech / financial services sectors due to the heightened level of reliance which is being placed upon technology to perform critical business functions.

The Guidance provides governance on areas such as Technology Arrangements, ICT & Security Risk Management, and Outsourcing Arrangements. In addition, it provides the scope and emphasis on the importance of meeting the requirements authorised by said Guidance, with which authorised firms must ensure compliance.


In-scope Entities

The MFSA’s guidance on Technology Arrangements requires the following entities’ compliance:

  • Credit Institutions
  • Financial Institutions
  • Insurance Undertakings and Reinsurance Undertakings
  • Captive Insurance Undertakings and Captive Reinsurance Undertakings
  • Insurance Intermediaries
  • Ancillary Insurance Intermediaries
  • Retirement Pension Schemes
  • Pension Service Providers
  • Investment Services Licence Holders
  • Trading Venues
  • Central Securities Depositories
  • Trustees and other Fiduciaries
  • Company Service Providers
  • Virtual Financial Assets.


These are without prejudice to sector-specific legislation, including delegated measures, sector-specific guidance, and all other EU and national legislation.


Want to know more?

Key Contacts

Iverna Mulliah BDO Malta

Iverna Mulliah

Technology Advisory & Assurance Assistant Manager
personView bio