Malta’s 2026 Supervisory Agenda Puts Financial Crime & Consumer Outcomes Front & Center

Key Takeaways

• Financial Crime Compliance Elevated: The MFSA will align supervisory work with the EU’s new AML legislative package and deepen reviews of MLRO effectiveness, governance arrangements, risk assessments, screening processes, and transaction monitoring across financial institutions and crypto-asset service providers.
• Consumer Protection Reinforced: Supervisory focus will continue on value-for-money assessments, transparency, treatment of vulnerable consumers, and clearer credit and insurance disclosures, alongside oversight of pension auto-enrolment and expanded financial education initiatives.
• Digital Finance Scrutiny Continues: The Authority will oversee the transition from VASPs to CASPs under MiCA, monitor readiness for PSD3, and assess ICT and cyber-resilience frameworks in line with DORA.
• Proportionate AI Oversight: AI adoption will be monitored with a focus on governance, internal controls, and consumer impact, particularly in creditworthiness assessments and operational tools.
• Cross-Border Supervision Central to Strategy: The MFSA will maintain close engagement with European counterparts and strengthen oversight of firms operating across multiple jurisdictions.

Deep Dive

In its Supervisory Priorities for 2026, the Malta Financial Services Authority outlines a roadmap that leans heavily into financial crime compliance and consumer protection, while continuing to track digital transformation and cross-border risks. The document reflects a regulator balancing two pressures at once: keeping pace with sweeping EU reforms and reinforcing domestic standards across a diverse financial services landscape.

The structure of supervision remains anchored around seven pillars. These include resilience of supervised entities, sustainable finance, digital finance, governance risk and compliance, financial crime compliance, consumer protection and education, and cross-border supervision. The categories may be familiar, but the emphasis within them signals where supervisory intensity is likely to increase.

Financial Crime as a Defining Theme

Financial Crime Compliance stands out as a central priority for 2026. The MFSA’s supervisory work will align with the EU’s new AML legislative package, showing Malta’s commitment to maintaining high standards in anti-money laundering and counter-terrorist financing, sanctions compliance, and proliferation financing controls.

The Authority plans to deepen its reviews of money laundering reporting officer effectiveness, governance structures, risk assessments, customer screening processes, and transaction monitoring systems. This scrutiny will extend across sectors, including financial institutions and crypto-asset service providers.

The direction is not simply about policy alignment. It is about testing whether financial crime frameworks are genuinely embedded, proportionate, and properly resourced, rather than treated as compliance formalities.

Consumer Protection and Market Confidence

Consumer protection remains firmly in view. In 2026, the MFSA will continue examining value-for-money assessments, transparency of disclosures, and how firms treat vulnerable consumers. It also intends to drive improvements in the quality and clarity of credit and insurance information.

Oversight of Malta’s pension auto-enrollment framework will form part of this agenda, alongside an expansion of national financial education initiatives aimed at strengthening financial capability across the population.

The focus suggests sustained attention on conduct risk and on how products and services translate into real-world outcomes for consumers.

Digital Finance, DORA and AI Governance

Digital finance continues to evolve rapidly, and the MFSA’s priorities reflect that pace. The Authority will oversee the transition of virtual asset service providers into crypto-asset service providers under the EU’s Markets in Crypto-Assets framework. It will also monitor readiness for PSD3 and assess ICT and cyber-resilience frameworks in line with the Digital Operational Resilience Act (DORA).

Artificial intelligence will be monitored proportionately, with attention on governance, internal controls, and potential consumer impact. Particular focus areas include creditworthiness assessments, monitoring tools, and operational efficiencies, where AI adoption may introduce both opportunity and risk.

Cross-Border Supervision and EU Engagement

Cross-border supervision remains integral to Malta’s regulatory posture. In 2026, the MFSA will maintain close engagement with European counterparts, participate in supervisory actions and peer reviews, and strengthen oversight of firms operating across multiple jurisdictions.

Kenneth Farrugia, Chief Executive Officer of the MFSA, said the 2026 priorities reflect a commitment to proportionate, risk-based supervision.

“Strengthening financial crime compliance and consumer protection remains central to our work, while we continue to support innovation and ensure that Malta’s financial sector evolves responsibly and sustainably,” he said.

The Authority has encouraged supervised entities to review the 2026 priorities at board level and assess their preparedness for the year ahead. For firms, the message is straightforward. The regulatory landscape is not standing still, and neither is supervision.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.