# DORA Reporting in Malta: MFSA Guide for Financial Entities Source: https://www.cyadviso.com/dora-malta-mfsa Last reviewed: 2026-05-01 Country: Malta (MT) Tags: DORA, Malta MFSA — Malta's DORA competent authority for credit institutions, EMIs, PIs, investment firms, insurers and CASPs: scope, ICT reporting and evidence pack today. --- ## Short answer In Malta, the Malta Financial Services Authority (MFSA) is the single integrated supervisor for the financial entities within DORA scope, including credit institutions, EMIs, payment institutions, investment firms, insurance undertakings and CASPs. ## Competent authorities - **Malta Financial Services Authority (MFSA)** (MFSA) — https://www.mfsa.mt/ ## Entities in scope - Credit institutions (banks) - Payment institutions and electronic money institutions (PIs / EMIs) - Investment firms - Crypto-asset service providers (CASPs) authorised under MiCA - Insurance and reinsurance undertakings, where supervised in this jurisdiction - Other financial entities listed in DORA Article 2 ## Jurisdictional nuances - MFSA is the integrated supervisor and operates the licensing register for banking, securities, insurance, gaming-adjacent fintech and pension entities. - Malta has a developed CASP / Virtual Financial Assets Act (VFAA) heritage; the MiCA transition reshapes that regime, and DORA applies once a CASP is authorised under MiCA. - Malta is a small jurisdiction with concentrated supervisory dialogue — operating evidence and remediation tracking are read in detail. ## Primary sources - MFSA — homepage — https://www.mfsa.mt/ - MFSA — Financial Services Register — https://fsr.mfsa.mt/ - Regulation (EU) 2022/2554 — DORA, EUR-Lex — https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554 - European Banking Authority — Digital Operational Resilience Act (DORA) — https://www.eba.europa.eu/activities/direct-supervision-and-oversight/digital-operational-resilience-act --- Canonical HTML: https://www.cyadviso.com/dora-malta-mfsa Authored by Andrey Gubarev — CISO for EU fintechs (CISM, CDPSE, SABSA). CyAdviso · DORA / ICT risk / vCISO programmes for EU-licensed fintechs.