Transactional issues

SPV forms

Which forms can special purpose vehicles take in a securitisation transaction?

While the typical structure employed in the setting up of securitisation vehicles is the limited liability company, a Maltese securitisation vehicle may take various forms. The Securitisation Act allows a securitisation vehicle to be constituted as a company (including an investment company), a commercial partnership, a trust or any other legal structure which the MFSA may, by notice, permit to be used for a securitisation transaction.

In addition, the Civil Code (Chapter 16 of the Laws of Malta) specifically allows for the use of foundations as vehicles for securitisation transactions, with the purpose foundation being the most suitable for use by securitisation vehicles.

SPV formation process

What is involved in forming the different types of SPVs in your jurisdiction?

Irrespective of which form the securitisation vehicle takes, its constitutive document (whether the memorandum and articles of association for companies or the deed of trust or foundation for trusts or foundations) must expressly state that it is a vehicle established under the Securitisation Act and that the objects and purposes of the vehicle will be limited to matters which are necessary to carry out transactions intended or required to implement or participate in a securitisation transaction and all related and ancillary acts.

The timeframe required for registration of a company may be as little as 48 hours from the filing of the organisational documents and the payment of the necessary registration fee. For companies, the amount of the fee depends on the amount of the authorised share capital of the company and ranges from €245 to €2,250. For foundations, the registration fee is tied to the value of the initial assets of the foundation and ranges from €350 to €1,747. No registration fees apply to trusts.

Governing law

Is it possible to stipulate which jurisdiction’s law applies to the assignment of receivables to the SPV?

The Securitisation Act expressly allows the parties to a securitisation transaction to freely select any law to govern the contracts which relate or are ancillary to a securitisation transaction.  While it would be prudent to ensure that the requisite formalities under Maltese law are satisfied, in practice, the assignment of receivables agreements are typically governed by the law of the jurisdiction in which the receivables are situated, which is invariably not Maltese law.

Asset acquisition and transfer

May an SPV acquire new assets or transfer its assets after issuance of its securities? Under what conditions?

No restrictions or conditions apply to the acquisition or transfer of assets by a securitisation vehicle following the issuance of its securities.


What are the registration requirements for a securitisation?

A securitisation vehicle is not required to obtain a licence, permit or authorisation from the MFSA unless it is established as a public securitisation vehicle or as an RSPV. Private securitisation vehicles need not be licensed by the MFSA but must pre-notify the MFSA, on the appropriate form, of their intent to enter into one or more securitisation transactions.

Obligor notification

Must obligors be informed of the securitisation? How is notification effected?

Yes, an obligor must be informed of the securitisation. In effect, until due notice of an assignment of assets to a securitisation vehicle has been given to a debtor, an assignee may not exercise their rights towards third parties.

An assignment is not generally effective against third parties unless due notice has been given to the debtor by means of a judicial act. However, a debtor will be deemed to be notified of an assignment of assets to a securitisation vehicle if they are notified in writing by any means or through the publication of a notice in a daily newspaper circulated wholly or mainly in the jurisdiction in which the obligor or most of the obligors reside.

What confidentiality and data protection measures are required to protect obligors in a securitisation? Is waiver of confidentiality possible?

Under the Securitisation Act, any data or information transferred within the context of a securitisation transaction is transferable without restriction or limitation. However, such data or information will retain its secret and confidential status for other effects and purposes. With respect to obligations deriving from the Data Protection Act (Chapter 586 of the Laws of Malta), the subsidiary legislation issued thereunder and the EU General Data Protection Regulation (GDPR) (2016/679), any transfer of personal data must be deemed to be for a purpose that concerns a legitimate interest of the transferor and the transferee, excluding where such interests are overridden by the interest to protect the fundamental rights and freedoms of the data subject. Any other processing activity carried out in the context of the securitisation transaction must be undertaken in reliance on at least one of the lawful bases of processing under Article 6 of the GDPR.

Data subjects must be notified of:

  • the legal basis for processing their personal data;
  • the transfer of the personal data to a third country (if applicable); and
  • any other mandatory notice requirements as set out in Article 13 or 14 of the GDPR (as applicable) at the point of the data’s collection.

In addition, any entity which is involved in the processing of personal data must comply with the provisions set out in the Data Protection Act and the GDPR, including the general principles relating to the processing of personal data (eg, data minimisation, accountability and transparency).

Maltese securitisation law provides no instances in which the confidential status attached to such data or information may be waived. 

Credit rating agencies

Are there any rules regulating the relationship between credit rating agencies and issuers? What factors do ratings agencies focus on when rating securitised issuances?

The relationship between credit rating agencies and issuers is not subject to regulation or restriction under Maltese law.

When assessing an issuer’s creditworthiness and the viability of its securities, a credit rating agency will typically consider a variety of factors. An in-depth analysis of the credit risk associated with the underlying assets is generally undertaken in order to evaluate any potential risk to cash flow. Credit rating agencies analyse the legal integrity of the structure governing the transaction and the security over, and procedures and mechanism for administering the underlying assets and related cash flows. An assessment is also made with respect to the creditworthiness of the relevant parties to the transaction, such as those providing credit enhancement and liquidity support, as well as those involved in payments to or from the securitisation vehicle.

The loan-by-loan disclosure requirements under the EU Credit Rating Agency Regulation (462/2013) have been reproduced in the Securitisation Regulation.

Directors’ and officers’ duties

What are the chief duties of directors and officers of SPVs? Must they be independent of the originator and owner of the SPV?

Directors of securitisation vehicles are subject to the general fiduciary duties as stipulated in the Civil Code. Under the Companies Act, directors must act honestly and in good faith in the best interests of the company and are responsible for the general governance of the company and its proper administration and management, as well as the general supervision of its affairs. In particular, directors:

  • must exercise a degree of care, diligence and skill that would be exercised by a reasonably diligent person having:
    • the knowledge, skill and experience that may reasonably be expected of a person carrying out the same functions as are carried out by or entrusted to the director in relation to the company; and
    • the actual knowledge, skill and experience that the director has;
  • must not make secret or personal profits from their position without the consent of the company, nor make personal gain from confidential company information;
  • must ensure that their personal interests do not conflict with the interests of the company;
  • must not use any property, information or opportunity of the company for their own or anyone else's benefit, nor obtain benefit in any other way in connection with the exercise of their powers, except with the consent of the company in a general meeting or as permitted by the company’s constitutive document; and
  • must exercise their powers for the purposes for which they were conferred and must not misuse such powers.


Risk exposure

Are there regulations requiring originators and arrangers to retain some exposure to risk in a securitisation?

Securitisation transactions should not be structured in such a way as to avoid retention requirements. The Securitisation Regulation sets out risk-retention requirements which are intended to align the interests of the investors with those of the originator, sponsor or original lender. The regulation states that at least one of these parties must retain a material net economic interest in the securitisation transaction of at least 5% on an on-going basis, which will be measured at the origination and determined by the notional value for off-balance-sheet items. The material net economic interest must not be split among different types of retainer. In the absence of an agreement as to who will be the risk-retention holder, the originator will retain the material net economic interest.

The regulation identifies the following modes of risk retention:

  • the retention of no less than 5% of the nominal value of each of the tranches sold or transferred to investors;
  • the retention of the originator’s interest of no less than 5% of the nominal value of each of the securitised exposures in the case of revolving securitisations or securitisations of revolving exposures;
  • the retention of randomly selected exposures equivalent to no less than 5% of the nominal value of the securitised exposures, provided that selection is made from a pool comprising no less than 100 potentially securitised exposures;
  • the retention of the first loss tranche of no less than 5% of the nominal value of the securitised exposures; or
  • the retention of a first loss exposure of no less than 5% of every securitised exposure in the securitisation.

Notwithstanding the above, securitisation transactions in which the credit risk associated with an exposure (or pool of exposures) is not tranched fall outside the scope of the regulation. Therefore, the aforementioned risk-retention requirement would not apply to a transaction that does not involve tranching of exposures.