MFSA Publishes New Code Of Conduct For Decision Makers

The Malta Financial Services Authority ("MFSA") has published a new General Code of Conduct for Decision Makers in the Financial Services Industry, reinforcing its supervisory expectations around governance, leadership behaviour and decision-making at senior levels.

While the Code is principles‑based and non‑prescriptive, it is intended to serve as an important reference point in supervisory engagement and inspections, particularly where governance arrangements, organisational culture or the quality of judgement are under scrutiny.

Who is Affected by the Code?

The Code applies broadly to Decision Makers, including:

• Board Members
• Senior executives and members of management
• Any individuals exercising decision-making authority

Importantly, the Code extends beyond formally MFSA‑approved roles. It applies, on a proportional basis, to decision makers within:

• MFSA-authorised, licensed or supervised entities
• Listed entities

This reflects the MFSA’s focus on substance over form, ensuring that those who influence outcomes are held to consistent standards of conduct.

Regulatory Context and Supervisory Approach

The MFSA has clarified that the Code:

• Does not introduce new legal or regulatory obligations
• Does not override existing laws, rules or regulatory requirements
• Will be considered in supervisory interactions, inspections and governance assessments

Material shortcomings against the Code may inform supervisory measures where weaknesses in governance, conduct culture or decision‑making frameworks are identified.

Key Conduct Expectations Under the Code

The Code is built around five core values, which together illustrate how the MFSA expects decisions to be taken, challenged and owned at senior levels.

01 Integrity

Decision makers are expected to act honestly and ethically at all times. Information provided to regulators and stakeholders should be accurate, complete and not misleading.

Conflicts of interest must be identified early, disclosed transparently and appropriately managed, while positions of influence should never be misused to obtain an improper advantage.

02 Informed and Independent Decision-Making

The MFSA places strong emphasis on the quality of judgement supporting decisions. Decision makers are expected to:

• Base decisions on adequate information and robust risk assessment
• Dedicate sufficient time and attention to their role
• Exercise independent judgement, including the willingness to challenge peers or senior colleagues when necessary

This reinforces the regulator's expectations around active engagement rather than passive approval. 

03 Accountability and Transparency

The Code makes it clear that decision makers must be prepared to own their decisions and outcomes, including where outcomes are adverse.

Collective governance structures do not dilute individual accountability, and decisions should be transparent, well‑documented and defensible if subject to supervisory scrutiny.

04 Leadership Responsibility for Compliance

Compliance is framed as a leadership responsibility, not a function that can be fully delegated.

The Code explicitly draws attention to sustained and emerging risk areas, including:

• AML / CFT
• Data protection
• ESG
• Cybersecurity and technology-driven risks

Boards and senior management are expected to demonstrate active oversight, engagement and understanding, rather than reliance on second‑line functions alone.

05 Respect, Fairness and Organisational Culture

Decision makers are expected to actively foster a culture of respect, openness and constructive challenge.

The MFSA explicitly links decision‑making quality to organisational culture, signalling that governance environments which discourage challenge or debate may raise supervisory concerns.

Practical Takeaways for Firms

While many well‑governed entities may already align with the principles set out in the Code, it provides a clear supervisory benchmark against which governance arrangements may be assessed.

In practice, firms should consider whether they can clearly demonstrate:

• Robust decision‑making processes and well‑reasoned outcomes, particularly for high‑impact decisions
• Effective challenge and debate within boards and committees
• Appropriate documentation supporting judgement calls and risk trade‑offs
• Clear ownership of decisions and accountability for outcomes
• Ongoing board‑level engagement with key compliance and risk areas

Conclusion

The MFSA's General Code of Conduct reinforces a clear regulatory message: good governance is not only about structures, policies and frameworks, but about how decisions are made, challenged and owned at senior levels.

Firms that can evidence thoughtful, transparent and accountable decision‑making will be better positioned to meet supervisory expectations in an increasingly complex regulatory environment.

Contact us today to see how we can support your business.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.