The Malta Financial Services Authority (MFSA) has issued a Dear CEO Letter that outlines clear supervisory expectations for licensed financial services firms regarding the responsible use of artificial intelligence. Released recently this month, the comprehensive document from the MFSA provides practical direction as institutions increasingly adopt AI technologies, while ensuring alignment with the EU Artificial Intelligence Act and other European regulatory frameworks.
Financial institutions in Malta are now said to be integrating AI into key operations, including risk assessment, client interactions, anti-money laundering efforts, and internal analytics.
Although current deployment remains at a relatively modest scale, the MFSA expects both the breadth and complexity of AI applications to expand significantly in the coming years.
The regulator emphasizes that the introduction of AI does not alter fundamental supervisory objectives: safeguarding consumers, preserving financial stability, and maintaining market integrity.
Alan Decelis, Head of Supervisory ICT risk and cybersecurity at the MFSA, stressed the importance of proactive preparation.
He urged firms to adopt a forward-looking approach to AI governance, risk management, and operational resilience.
The guidance highlights several essential areas that licensed entities must strengthen.
Boards and senior management are expected to assume direct oversight responsibility for AI initiatives, ensuring robust internal controls and governance structures are in place.
Institutions must also carefully manage risks arising from third-party AI providers, including potential concentration vulnerabilities.
Model validation, continuous monitoring, and reliability testing form another core requirement, alongside rigorous data governance practices that fully comply with applicable regulations.
Furthermore, firms should assess the wider implications for operational resilience and potential systemic concerns.
The MFSA recommends treating AI-related risks as an integral part of existing prudential frameworks rather than addressing them separately.
This integrated approach ensures that governance, risk management, and internal controls comprehensively cover all AI activities.
To assist firms in this process, the Authority has developed a self-assessment toolkit.
This practical resource enables organisations to evaluate their current and future AI projects, review governance arrangements, analyse vendor relationships, and test control effectiveness.
Although completion and submission of the self-assessment are not currently mandatory, senior leadership is expected to examine the results thoroughly, present them at board level, and take prompt action to address any gaps or weaknesses identified.
The MFSA will intensify its supervisory focus on AI.
Planned activities include thematic reviews and on-site inspections that examine governance quality, outsourcing arrangements, customer-facing AI applications, and alignment with each firm’s risk appetite.
In addition to this, the Financial Supervisors Academy will roll out targeted training programs designed to enhance industry-wide knowledge and strengthen oversight capabilities.
This initiative appears to demonstrate the MFSA’s balanced commitment to encouraging technological innovation while mitigating associated risks.
By setting clear expectations at an early stage, the regulatory agency now aims to ensure that Malta’s financial services sector remains both innovative and resilient. The MFSA update has concluded that as AI technologies advance in 2026, institutions that strategically prioritize more sound governance processes today will be well positioned to meet applicable regulatory standards and deliver value to the broader economy and ecosystem.