The new MFSA banking rule 24 on internal governance

Through a circular issued on the 7 January 2022, the MFSA advised that Banking Rules BR/01, BR/12, BR/14[1], BR/15 and BR/21 had been revised primarily to transpose Directive (EU) 2019/878 of the European Parliament and of the Council of 20 May 2019 amending Directive 2013/36/EU (“CRD V”). Additionally, for the first time, the Banking Rules now include a specific banking rule dealing with governance of banks, namely BR/24 on Internal Governance of Credit Institutions. The revisions to the Banking Rules and BR/24 are in force.

BR/24 incorporates:

  • the EBA Guidelines on Internal Governance, (EBA/GL/2021/05)[2] (the “EBA Guidelines”. To-date these guidelines had been incorporated ‘indirectly’ by way of reference in Annex 1 of BR/12 and certain aspects of internal governance had also been addressed in Annex 2B of BR/12 entitled Technical Criteria on Governance Arrangements and the Treatment of Risks (now being repealed);
  • what was previously generally contained in sections 6 to 17 of said Annex 2B in relation Internal Approaches for Calculating Own Funds Requirements and Supervisory Benchmarking in relation to same and the treatment of various risks such as (Credit and Counterparty Risk, Residual Risk, Concentration Risk, Securitisation Risks, Market Risk, Interest Rate Risk Arising from Non-Trading Activities, Operational Risk, Liquidity Risk and Risk of Excessive Leverage); and
  • the EBA Guidelines on product oversight for retail banking products (EBA/GL/2015/18), as Annex I of the Banking Rule.

The governance of banks continues to be a major focal point of regulation and supervision as is also evidenced by the consistent attention to governance matters during the Supervisory Review Evaluation Process (“SREP”) and generally during interactions and dialogue with the regulators. The EBA Guidelines have for some time now constituted the governance cornerstone for banks and the recent revisions reaffirm that governance is very much dynamic and multi-faced and permeates all areas of an organisation.

The salient aspects of the recent revisions to the EBA Guidelines now included in BR/24 include:

  • an express declaration that identifying, managing, and mitigating money laundering and financing of terrorism risk is part of sound internal governance arrangements and a bank’s risk management framework.
  • new provisions in relation to the prudent management of the granting of loans to members of the management body and their related parties as part of the conflicts of interest framework of a bank. New reporting obligations in this regard will also apply.
  • in line with the requirement to have a gender-neutral remuneration policy, new guidance is provided for banks take necessary measures to avoid discrimination, ensure equal opportunities to staff of all genders, and monitor the gender pay-gap.


[1] The minor revisions to BR/14 on Outsourcing do not relate to CRDV.

[2] The revised version entered into force on the 31 December 2021.