Home/ Insights/ Regulatory
Regulatory

Malta MFSA Corporate Services Update: Amended Requirements for 2025

Malta's Financial Services Authority has strengthened its corporate services licensing framework in response to the EU's 6th AML Directive and its own supervisory experience. Here's what changed and what Malta-licensed CSPs must do now.

HC
Head of Compliance, CSP Software
20 November 2025 · 5 min read

Malta's Corporate Services Landscape

Malta operates a sizeable corporate services sector, with the MFSA licensing and supervising company service providers under the Company Service Providers Act. The sector serves a mix of Maltese and international clients, with a particular concentration in gaming, fintech, and shipping-related structures. Malta's position as an EU member state gives its regulatory framework a particular character: EU directives and regulations apply directly or are transposed into Maltese law, making the MFSA's regulatory developments closely linked to the broader EU AML and financial regulatory agenda.

The 2025 updates build on the transposition of the EU's 6th Anti-Money Laundering Directive and the technical standards issued by the European Banking Authority under the EU AML single rulebook project. They also reflect the MFSA's own supervisory experience — including enforcement actions against Malta-based CSPs in 2023 and 2024 that highlighted specific areas of non-compliance.

Key Changes: Enhanced Licensing Conditions

The MFSA has tightened the licensing conditions for new and existing Company Service Providers through updated Regulations issued in mid-2025. The most significant changes are:

Minimum Qualifying Capital

The minimum professional indemnity insurance requirements for Malta-licensed CSPs have been increased. Firms must now maintain PI cover of at least €1.5 million per claim (increased from €1 million) and €3 million in aggregate per year. This affects both new licence applicants and existing licensees at their next renewal.

Organisational Requirements

Malta-licensed CSPs must now maintain at least two individuals with appropriate professional qualifications and relevant experience who are actively involved in the management of the firm. Previously, the qualification requirement applied to the firm's MLRO and compliance function; the 2025 update extends it to the management team more broadly. The MFSA has published a list of qualifying professional qualifications and relevant experience criteria.

Technology Risk Management

Consistent with EBA guidance, Malta-licensed CSPs must now demonstrate adequate technology risk management, including documented cybersecurity controls, data protection procedures, and business continuity arrangements for technology-dependent operations.

AML Framework Updates

The transposition of the 6AMLD into Maltese law has introduced several changes relevant to Malta-licensed CSPs:

  • Expanded predicate offences: The list of offences whose proceeds trigger AML obligations has been expanded to include cybercrime and environmental crime. CSPs serving clients in sectors with significant environmental risk exposure should revisit their risk assessments.
  • Correspondent relationship obligations: Where a Malta CSP maintains a correspondent relationship with another service provider in a third country, enhanced due diligence on the correspondent relationship is now required — including a formal assessment of the third-country provider's AML controls.
  • Real estate sector: Malta-licensed CSPs involved in the administration of property-holding entities are now specifically identified as obliged entities for AML purposes in relation to their real estate activities.

"Malta's 2025 updates are driven by the EU agenda but also reflect the MFSA's own enforcement experience. Firms that have been through MFSA inspections in recent years will recognise the specific areas being tightened."

Licence Renewal Timing

Malta CSP licences are renewed annually. The 2025 changes apply at the next renewal cycle for existing licensees. However, the organisational and capital requirements apply from the date of the Regulation — licensees who do not meet the new standards at their next renewal may face conditions or refusal. Begin the gap analysis now.

Practical Steps for Malta-Licensed CSPs

  • Review your professional indemnity insurance against the new minimum thresholds ahead of your next renewal.
  • Assess your management team against the expanded qualification and experience requirements and identify any gaps.
  • Update your AML risk assessment to reflect the expanded predicate offences, including cybercrime and environmental crime sectors.
  • Review any correspondent relationships with third-country service providers and document your due diligence on their AML controls.
  • If your CSP administers property-holding entities, confirm your AML procedures address the real estate sector obligations now applicable.

Looking Ahead: The EU AML Authority

Malta-licensed CSPs should be aware that the new European Anti-Money Laundering Authority (AMLA), established and operational from 2025, will have direct supervisory powers over certain categories of obliged entities across the EU. While direct AMLA supervision is initially focused on the largest financial institutions, AMLA's technical standards and guidelines will increasingly shape the regulatory requirements applicable to CSPs across all EU member states including Malta. Staying ahead of the AMLA agenda is an important part of Malta CSP compliance planning for 2026 and beyond.

Malta MFSA EU AML Licensing
Keep Reading
Regulatory
Luxembourg CSSF Guidance on Corporate Services: 2025 Update
Compliance
FATF's Updated Recommendations: What They Mean for Corporate Service Providers
Compliance
ESG Reporting for Corporate Structures: What CSPs Must Know in 2025