On 19 August 2025, the Malta Financial Services Authority (MFSA) issued a Dear CEO letter to financial institutions offering payment accounts, highlighting the outcome of a thematic review into their compliance with the Payment Accounts Regulations (S.L.371.18) and the relevant EU Implementing Technical Standards. The letter is significant because it underscores the Authority’s supervisory focus on transparency, consumer protection, and the accurate communication of services by licensed entities. This paper examines the background to the letter, the MFSA’s methodology, the regulatory findings, and the implications for financial institutions and their compliance officers.
Background and Legal Framework
The MFSA positions itself as a guardian of consumer trust and market integrity by ensuring that licensed entities uphold high standards of compliance and transparency. Within this framework, the Payment Accounts Regulations (S.L.371.18) establish obligations for financial institutions that provide accounts enabling consumers to deposit funds, withdraw cash, and execute payment transactions.
Two key documents are central to these obligations: the Fee Information Document (FID) and the Statement of Fees (SOF). The FID must be delivered to consumers in good time before entering into a payment account contract, while the SOF must be issued at least once a year, free of charge, detailing all fees incurred. These requirements are reinforced by the Commission Implementing Regulation (EU) 2018/34, which prescribes the standardised format of the FID, and the Commission Implementing Regulation (EU) 2018/33, which sets out the presentation requirements for the SOF.
Additionally, under Regulation 13 of the Payment Accounts Regulations, institutions must ensure that the information provided to the MFSA’s Payment Accounts Fees Comparison Tool remains accurate and up to date. This tool enhances transparency by enabling consumers to evaluate fees across different providers on a comparable basis.
Methodology of the Thematic Review
Unlike a routine inspection of a single entity, a thematic review examines systemic practices across multiple institutions to identify industry-wide issues.
In this case, the MFSA’s Conduct Supervision Function reviewed three financial institutions authorised under the Financial Institutions Act, each offering accounts meeting the regulatory definition of payment accounts. The review assessed the institutions’ FIDs, SOFs, and the information displayed on their websites, alongside the accuracy of data provided to the MFSA’s comparison tool.
Key Findings of the MFSA
The MFSA identified both areas of compliance and shortcomings:
1. Fee Information Document (FID)
Most institutions adhered to the requirements of the FID format. However, the MFSA stressed two refinements. First, when a brand name is used, it must be preceded by the service name to avoid ambiguity. Second, while a glossary of terms is mandatory under Regulation 7 of the Payment Accounts Regulations, it should be provided as a separate document, in English, Maltese, and any other agreed language. This ensures that the FID template is preserved in its standardised form, while still giving consumers accessible definitions.
2. Statement of Fees (SOF)
One institution was found to have issued SOFs that did not comply with the prescribed technical standards. The MFSA reiterated that the SOF must provide a detailed breakdown of all fees in line with the corresponding FID, ensuring full transparency for consumers.
3. Payment Accounts Fees Comparison Tool
The MFSA found that some institutions were failing to update their fee information regularly on the comparison tool. In one case, a discontinued product remained listed. The Authority emphasised that institutions are obliged to notify the MFSA immediately if an account is no longer offered so that outdated information can be removed.
4. Misleading Terminology
The most concerning finding was the inappropriate use of terms such as “bank,” “banking,” “mobile banking,” or “bank account” by institutions that are not licensed as credit institutions under the Banking Act. Such terminology risks misleading consumers into believing they are dealing with a bank rather than a financial institution. The MFSA reminded firms that, while deposits with financial institutions are safeguarded under applicable legislation, they are not protected by the Depositor Compensation Scheme, which applies only to credit institutions. Firms must therefore exercise caution in their communications and avoid any implication that their accounts function as savings or interest-bearing products.
Regulatory Concerns
The letter highlights several risks. Failure to provide properly formatted FIDs and SOFs undermines transparency, while outdated information on the comparison tool risks misleading consumers and distorting competition. Misuse of terminology poses reputational risks and may erode consumer trust if clients later discover that protections normally associated with banks do not apply.
MFSA’s Expectations and Way Forward
In its conclusion, the MFSA called on institutions to conduct a gap analysis against the Payment Accounts Regulations and the applicable EU implementing acts . This proactive step would allow firms to identify deficiencies and implement corrective measures before facing supervisory sanctions. The Authority also signalled that further supervisory engagements will take place, meaning that institutions should expect follow-up inspections and reviews to test compliance.
Implications for Financial Institutions
For compliance officers and executives, the Dear CEO letter serves both as a warning and a roadmap. Institutions must:
- Ensure that their FIDs and SOFs strictly comply with the technical
standards; - Regularly update the MFSA’s comparison tool to reflect current offerings;
- Review all consumer-facing communications, particularly websites and advertisements, to eliminate misleading terminology; and
- Clearly explain the safeguarding obligations of financial institutions
while distinguishing them from deposit-taking banks.
Non-compliance could expose institutions to enforcement action, financial penalties, or reputational damage. Conversely, full alignment with the regulations not only avoids regulatory censure but also builds consumer trust by demonstrating transparency and integrity.
Conclusion
The MFSA’s August 2025 Dear CEO letter on payment accounts illustrates the regulator’s focus on transparency, accuracy, and consumer protection. While most institutions were broadly compliant, the deficiencies identified reveal the ongoing need for vigilance in compliance management. By addressing the issues raised, from fee disclosure to responsible marketing, financial institutions can not only meet regulatory requirements but also strengthen the trust of their clients. Ultimately, the letter serves as a reminder that regulatory compliance is not a box-ticking exercise but a cornerstone of sustainable financial services.
More about MK Fintech Partners Ltd.
Michael Kyprianou Fintech Partners Ltd. is a Maltese company providing services in the FinTech sector. It comprises a team of dedicated experts who provide services such as Legal Advisory, Crypto Licensing, Token Issuers’ Licensing, Investment Services Licensing, and registrations of activities related to Fintech, Crypto, Blockchain & Data Protection, Investment Funds Services & Banking, Company Incorporations, and M&As.
MK Fintech Partners forms part of the Michael Kyprianou Group, a top tier international legal and advisory firm. It has established an enviable reputation as a broad-based legal practice over the years. Mainly by keeping at heart its principle to always exceed its clients’ expectations. MK has grown to become one of the largest law firms in Cyprus with offices in Nicosia, Limassol and Paphos. The MK Group’s international presence also includes fully-fledged offices in Greece (Athens and Thessaloniki), Malta (Birkirkara), Ukraine (Kiev), the United Arab Emirates (Dubai), United Kingdom (London), Israel (Tel Aviv), and Germany (Frankfurt).
The content of this article is valid at the date of its first publication. It intends to provide a general guide to the subject matter and does not constitute legal advice. We recommend that you seek professional advice on a specific matter before acting on any information you read. For further information, contact us at MK Fintech Partners via email at contactmkfintech@kyprianou.com or by telephone +356 9905 6193.
