A guide to obtaining a License for a regulated entity in Malta

The application process to obtain a license and become a regulated entity is onerous and lengthy. The process can however be facilitated if the applicant understands what regulators are looking for in the application.  At that point, the applicant must have or procure the knowledge to meet the demands and hence the process is smoother for both the applicant and also the regulatory authority reviewing the license application. This article sets out some of the fundamental concepts which need to be embraced for a license application to meet the regulatory requirements and get approved.  Ownership Structure

  1. Ownership Structure

Transparency in the ownership structure is key. A clear shareholding structure which sets out ownership directly up to the ultimate beneficial owners (UBOs) is expected. The key elements that regulators assess through the ownership structure are an understanding of who is behind the proposed entity, as well as their source of their wealth which gives a clear indication of the origin of the funds used as capital. Substantial information needs to be provided as evidence of the source of wealth of the UBOs. The UBOs are generally assessed from numerous angles including their financial standing, integrity and reputation and, where applicable, their knowledge and experience on the operations of the proposed licensed entity.

2. Business model sustainability

A crucial element in the licensing process is the ability of the applicant to provide sufficient comfort to the regulator that the proposed business model is sustainable in the long term. The applicant needs to demonstrate that the prospective business offers a clear benefit to its customer base.

Various items are considered in this assessment including the forward-looking financial projections. The financial projections need to be based on reasonable and plausible assumptions especially for key performance indicators, such as; return on equity, cost to income ratio and capital adequacy ratios. In the business model sustainability assessment regulators also look at qualitative data, such as a comprehensive competitor analysis, realistic marketing plan for client acquisition and market penetration, as well as stress testing on the resilience of the business model in adverse scenarios.

3. Governance Structure

The composition of the Board of Directors and Committees is an area that has been under increased scrutiny by regulatory bodies. This is no different at the licensing stage, since the Board of Directors are considered as the drivers and the decision makers of the proposed regulated entity. Identifying and nominating the right mix of Board Members is key for the regulator to grant a license. All proposed Directors will be subject to the fitness and properness assessment by the regulatory authority. The applicant’s priority at this stage is to identify the required mix of skill sets to build a strong, capable and independent Board which will lead the proposed entity to achieve its long-term objectives. The combined skill sets of the Board Members need to be commensurate to the complexity of the proposed business model. Gone are the days where the non-executive and independent Board Members were not expected to fully comprehend the operations of the entity.

Board Committees are an added layer towards achieving robust governance. The applicant needs to showcase the right mix of Committees as part of the licensing application. Setting up Committees that work in practice and are active in monitoring the complexities of the proposed business model is a key factor in the application.

4. Internal Controls Framework

A regulated business will be subject to an array of regulations that need to be observed on an ongoing basis. During the licensing process, the applicant will need to demonstrate its knowledge of the regulatory framework of the licensed entity and propose the implementation of adequate operational and control structures to ensure adherence to these regulations once it has secured the license. Policies endorsed by the Board and the adoption of a three line of defense model, which sets out clear lines of responsibilities and segregation of duties, are fundamental first steps towards implementing reliable control mechanisms to ensure ongoing compliance.

5. Risk Management

Different business models are exposed to distinct and unique risks. Understandably regulators need to feel at ease with the business model presented and its risk exposure. Demonstrating an understanding of the risks inherent to the business model of the proposed licensed entity is one of the key challenges for applicants during the licensing process. At this stage, the applicant needs to show that a risk appetite for the proposed entity has already been defined. The risk appetite needs to address the fundamental components of the business model and establish that the regulated entity will not be taking excessive risks through its operations. Moreover, the applicant is expected to propose an adequate risk management framework, which sets out how in practice the regulated entity will identify, assess, manage and report risks.

6. Operational set up

How will the proposed entity function in practice? This is a basic question that the applicant needs to answer in sufficient detail to convince the regulator that they can be trusted to deliver. The starting point is by proposing experienced individuals who will be holding the key control functions such as CEO, CFO, Head of Compliance, MLRO, Head of Operations and Head of Risk. The proposed Senior Management team needs to be sufficiently competent to manage the day to day running of the entity. An indication of the staff complement at inception and during the initial years will also need to be provided. From the operational side, the applicant needs to indicate the key tools and systems that will be implemented for the entity to provide its products and services to clients. Technology has become key for any organisation to function and be competitive, thus regulators expect that sufficient detail is provided on the technology that will be used by the proposed entity. This also includes details on tools that will be used to monitor and control risks such as Financial Crime, Fraud and Cybersecurity. Activities that will be outsourced to third parties have to be identified and draft outsourcing agreements will need to be provided to the regulatory authority.  As a general rule, the regulator needs to be convinced that once the ‘green light’ is given, the entity has all the necessary tools to operate in an efficient and secure environment.

In conclusion, the process to be granted a license is far from a walk in the park. The onerous process reflects the responsibility that comes with running a regulated entity. It requires a lot of dedication and preparatory work from the applicant, as well as continued cooperation with the regulatory authority.  Going to the regulatory authority well prepared and with a comprehensive licensing application pack addressing the fundamental concepts discussed in this article will be a reflection of the competence and the knowhow of the applicant.

At Bridge we can provide tailored assistance with licensing processes of regulated entities in Malta including banks, financial institutions, investment services firms and funds. Find out more about our services at www.bridge.mt or contact us on info@bridge.mt