Fintech 2020

Last Updated January 06, 2020

Malta

Law and Practice

Authors



GTG Advocates assists clients with tailored, efficient and value-added legal solutions. Established in 1997 in Malta’s capital city, Valletta, its founding partners have over 30 years’ experience of working in the legal field. The firm combines experience and knowledge to provide its clients with integrated advice/assistance on blockchain and DLTs, cryptocurrencies, fintech, regtech, citizenship and residence, shipping, corporate law and financial services. A leader in data protection, telecommunications and gaming, GTG Advocates serves a diverse client base that benefits from an international professional network including international firms and banks. GTG Advocates’ founders have also founded the sister company Afilexion Alliance, which provides corporate and advisory services to the technology, fintech, DLT and gaming sectors, and Caledo Group, a joint venture between Afilexion Alliance and Wyzer that acts as a one-stop shop solution for all services related to blockchains and virtual currencies, including legal, technical, corporate, economics and marketing services.

Malta’s innovative legal framework (“the DLT framework”) that regulates virtual currencies (defined as "virtual financial assets", or VFAs), distributed ledger technologies (DLTs) including blockchains, initial coin offerings (defined as "initial VFA offerings", or IVFAOs), VFA-related service providers, innovative technology arrangements (ITAs) such as smart contracts and innovative technology service providers (ITSPs) continued to provide a stimulus for the fintech market in Malta over the last 12 months.

This cutting-edge regulatory framework has continued to attract more DLT exchanges and ICO issuers to Malta. October 2019 also saw the expiry of the transitory period given to VFA service providers such as VFA exchanges and the full licensing regime has now kicked into effect. Following the one-year anniversary of the launch of Malta’s DLT framework, the Malta Financial Services Authority (MFSA) issued a revised rulebook following industry feedback. The new rulebook is set to streamline requirements for licensing and ensure a licensing regime that is more tailor-made for common business models used in fintech.

The MFSA shall also be enhancing its capital markets regulatory regime to cater for security token offerings (STOs) by addressing issues such as the issuance of tokenised equity and the application of corporate governance standards to such offerings. The authority has recently issued a consultation process with stakeholders, with a view to issuing an amended rulebook.

2019 also saw Malta launch a national strategy for artificial intelligence (AI) that takes a holistic approach by focusing on investment in the sector, public sector adoption and private sector adoption.

Legal developments at a European level are expected to have similar effects to those in other EU member states given that Malta is bound by EU legislation since it is a European member state.

The current prominent business models in the DLT sphere in Malta are virtual currency-related service providers that are generally referred to as VFA service providers or financial service providers dealing in virtual currencies qualifying as financial instruments, initial coin offerings (ICOs) (or more typically IVFAOs), STOs and investment funds set up to invest in DLT assets recognised as VFAs.

The introduction of the DLT framework, specifically the Virtual Financial Assets Act (VFAA), has brought in a legislative framework applicable to a specific class of virtual currencies qualifying as VFAs. This legislation has addressed a lacuna under Maltese law, one that largely remains unaddressed on a European level. The classification of whether a cryptocurrency is deemed to be a VFA is dependent on the result of the financial instrument test devised by the MFSA. The financial instrument test can determine any DLT asset to qualify as a virtual token, a financial instrument, electronic money or a VFA. Following the result of the test, the DLT asset is then subject to the relevant rules depending on its legal classification.

The MFSA is the local regulator responsible for applications under the VFAA as well as under the traditional financial services regime where this relates to virtual currencies qualifying as financial instruments.

Where a person is providing VFA services in or from Malta as defined under the Maltese regime, that person needs to be licensed by the MFSA prior to conducting such activities and must also comply with the relevant rules and regulations.

Similarly, where a Maltese issuer under the same regime intends to offer a VFA to the public or admit it to trading on a DLT exchange, the issuer must register the white paper with the MFSA and comply with the relevant rules and regulations.

On the other hand, where a service provider is providing services in relation to virtual currencies that qualify as financial instruments, the service provider must obtain a licence under the traditional investment services regime that transposed Directive 2014/65 on Markets in Financial Instruments (commonly known as MiFID II) into Maltese law.

Collective investment schemes (CIS) licensed in Malta can also be licensed to invest in virtual currencies through specific rules issued in this regard. The MFSA has in this respect issued specific rules on professional investor funds set up to invest in DLT assets recognised as VFAs.

If a local issuer wishes to offer a virtual currency qualifying as a financial instrument to the public, the process is very much akin to that of an IPO and the prospectus must thus be prepared and filed with the relevant authority in line with the prospectus directive. Where the issue of that financial instrument does not qualify as an offer to the public then this issue is deemed to be exempt from the requirement to issue a prospectus. As stated in 1.1 Evolution of the Fintech Market, the MFSA is currently amending its existing security offering regulatory framework to cater for STOs.

No disclosure requirements exist under Maltese law regarding compensation models that industry participants use to charge customers.

The VFAA has provided new and legacy players with specific requirements and limitations when conducting business in this sector. However, no distinction is made in terms of whether a player in this sphere is either a new entrant or a legacy player. The Malta Gaming Authority (MGA) has also contributed in this area.

Following the implementation of the first phase of the MGA’s sandbox regulatory framework, which established the possibility of authorised persons being allowed to accept VFAs as a means of payment, the MGA has now launched the second phase of the framework. During this phase, the MGA will be accepting applications for the use of Innovative Technology Arrangements (ITAs), including DLT platforms and smart contracts. The MGA shall be extending the duration of the sandbox framework until 31 December 2021. This has also occurred in conjunction with an amendment to the Guidance on the use of ITAs and the acceptance of VFAs and virtual tokens (VTs) through the implementation of a sandbox environment. Furthermore, existing licence-holders will now able to apply for the MGA’s approval in order to integrate ITAs within their operation.

ITAs shall be required to be audited by auditors registered with the Malta Digital Innovation Authority (MDIA) in terms of the Innovative Technology Arrangements and Services (ITAS) Act (Chapter 592 of the Laws of Malta), and shall only be accepted by the MGA if the audit report consists of a positive opinion and the MGA is satisfied that the regulatory requirements shall be adhered to by the authorised person.

An approval to participate in the sandbox regulatory framework is conditional on the applicant holding the relevant licence issued by the MGA, without prejudice to any other regulatory requirements stemming from other applicable legislation.

The MGA remains distinct from the MFSA and the MDIA, but through the launch of the Sandbox Regulatory Framework, it has limitedly delved into the field of DLT assets by offering an environment for its licensees to accept and use DLT assets.

The MFSA is the primary regulator for entities engaging in VFA-related services and its jurisdiction over industry participants is highly dependent on the nature of services being offered. With respect to ICOs, no issuer shall offer a VFA to the public in or from within Malta or shall apply for a VFA’s admission to trading on a DLT exchange unless the issuer draws up and registers a white paper in accordance with the VFAA. Thus, the MFSA’s jurisdiction in this aspect ends once the white paper is registered.

Furthermore, no entity shall provide, or hold itself out as providing, a VFA service in or from within Malta unless such person is in possession of a valid licence. The entity shall then be subject to supervision and oversight from such authority until such licence is surrendered.

Additionally, VFA-related services are deemed to be “relevant activity” in terms of Malta’s anti-money laundering and funding of terrorism legislative and regulatory framework. This factor thus brings VFA service providers into the purview of the Financial Intelligence Analysis Unit (FIAU), which is the government agency tasked with the collection, collation, processing, analysis and dissemination of information with a view to combating money laundering and the funding of terrorism and is also responsible for monitoring compliance with the relevant legislative provisions. Thus, the FIAU’s remit is restricted to compliance with the anti-money laundering and funding of terrorism legislative and regulatory framework.

The MDIA, on the other hand, has a mandate to regulate innovative technology arrangements such as smart contracts and ITSPs. The role of the MDIA is to be distinguished from that of the MFSA, with the latter remaining the primary authority issuing licences and authorisations for service providers and public offerings of DLT assets. However, where a Maltese issuer wishes to offer a VFA to the public and is required to register the white paper with the MFSA, the innovative technology arrangement must be audited by a qualified systems auditor that is authorised and supervised by the MDIA.

As previously held, the MGA also offers a platform for its existing licensed entities to use DLT assets in their operations.

The rules issued by the MFSA for VFA service providers require service providers to ensure that when relying on a third party for the performance of any operational function, they must take reasonable steps to avoid undue additional operational risk for the provision of continuous and satisfactory service to clients and the performance of VFA services on a continuous and satisfactory basis.

The outsourcing of important operational functions may not materially impair the quality of the provider’s internal control and the ability of the supervisory body to monitor the licensee’s compliance with all its obligations. Indeed, the licence-holder remains fully responsible for discharging all its obligations and properly managing the risks associated with outsourcing. The outsourcing arrangements may not result in the delegation of the licensee’s senior management responsibility.

The licence-holder must thus carry out an ongoing assessment of the operational risks and the concentration risk associated with all its outsourcing arrangements and it must inform the MFSA of any material developments.

The outsourcing arrangement must be based on a formal, clear, written contract that establishes the respective rights and obligations of the licence-holder and the service provider.

However, licence-holders may not outsource management functions such as the setting of strategies and policies in respect of its risk profile and control, the oversight of the operation of its processes and the final responsibility towards customers. Outsourcing services and activities concerning licensable activities are also subject to satisfying certain specific criteria.

Licence-holders must inform the MFSA of any material outsourcing arrangements and keep the authority updated with any material developments affecting these activities. In turn, the Authority may impose specific conditions on the licensee.

The VFAA, together with its regulations and rulebooks, confers the minister responsible for the regulation of financial services and the MFSA with powers to protect investors’ interests while also overseeing the orderly transaction of business, primarily that of IVFAOs and VFA service providers.

Given that the legislative framework is still being bedded in, no significant enforcement actions have taken place over the last year.

However, the VFAA stipulates that the MFSA has the power to unilaterally impose decisions on any issuer of an IVFAO and on any VFA agent or VFA service provider. The authority is empowered to request information from any person, order the review of the determination of a DLT asset and submit this determination to a test; appoint inspectors to investigate and report on the activities of an issuer, VFA agent or VFA service provider; order an issuer or service provider to cease operations or appoint a person to advise him or her, take charge of his or her assets, or even control his or her business; order the suspension or the discontinuation of the trading of a VFA; and impose administrative penalties.

Furthermore, issuers of VFAs are liable for damages sustained by a person as a direct consequence of such person having bought VFAs, either as part of an IVFAO by the issuer or on a DLT exchange, on the basis of any false information contained in a white paper, on a website or in an advertisement. A statement included in a white paper, on a website or in an advertisement is deemed to be untrue if it is misleading or otherwise inaccurate or inconsistent, either wilfully or in consequence of gross negligence, in the form and context in which it is included.

Furthermore, whenever a VFA licence-holder breaches or contravenes the VFAA, regulations or rules, including through a failure to co-operate in an investigation, the MFSA may impose an administrative penalty of up to EUR150,000 by notice in writing and without recourse to a court hearing. Any such actions made by the MFSA are subject to appeal in front of the Financial Services Tribunal.

Specific cybersecurity rules have been issued under the VFAA for issuers and VFA service providers. The rules stipulate that issuers are required to adopt a cybersecurity framework in place depending on the nature, scale and complexity of their business. The framework must include a business continuity plan, an access management policy, information and data security roles and responsibilities, and a threats management plan and must firmly be in line with international and European cybersecurity standards.

As stated above, VFA-related activity must also comply with EU AML directives and with the local AML rules. It is important to note that owing to their limited nature, issuers of VFAs were not deemed to be subject persons as they were not deemed to pose a large money laundering or funding of terrorism risk.

With respect to privacy law implications, Malta is subject to the General Data Protection Regulation (GDPR) and the general considerations under such directive. Data protection considerations need to be taken into account by a systems auditor when auditing an ITA.

Furthermore, the VFAA imposes certain advertisement restrictions in the case of issuing a VFA or admitting it to trading on an exchange, which is primarily intended to protect retail investors, regardless of the type of media used. Advertisements must thus be clearly identifiable as such and the information contained therein may not be inaccurate or misleading. In the case of issuers of VFAs, the information must be consistent with the contents of the white paper. Issuers may in fact be held liable for civil damages sustained by a person as a direct consequence of that person having bought a VFA on the basis of untrue information advertised (the term "untrue" is deemed to refer to information that is misleading, or otherwise inaccurate or inconsistent).

The VFAA has introduced the role of an intermediary entitled the VFA agent who is to act as a liaison between an applicant for a VFA services licence or a VFA issuer and the MFSA. The VFA agent must be a person who is authorised to carry on the profession of advocate, accountant or auditor; or a firm of such professionals or a corporate services provider; or a legal organisation that is wholly owned and controlled by such persons.

The VFA agent must confirm that the issuer or the VFA services licence applicant (including its officers and ultimate beneficial owners, or UBOs) is competent in that field, and fit and proper. Particularly in the case of IVFAOs, the VFA agent is also responsible to ensure that the DLT asset qualifies as a VFA and that the white paper is compliant with the requirements of the act.

Where a DLT asset is classified as a financial instrument, electronic money or as a VFA, all these areas are regulated in Malta, whether an issuer wishes to offer the DLT assets to the public or whether a service provider wishes to conduct activities related thereto.

As stated above, any advertisements on issued or listed VFAs must be clearly identifiable as such and the information contained therein may not be inaccurate or misleading. Furthermore, in the case of VFA exchanges, operators of such exchanges must examine a VFA issuer’s social media marketing strategies to ensure accuracy and consistency with the rules.

No information is available in this jurisdiction.

When a DLT asset is classified as a virtual token, its issuance and related services shall remain unregulated under Maltese law. VTs are limited in their nature and have no value outside the DLT platform on which they operate and are not exchangeable on third-party platforms. A VT offering may be offered through the same entity that offers VFAs or security tokens given that the offering of virtual tokens is unregulated. Furthermore, VTs are not deemed to be a big AML risk and are not considered to be a “subject person” under FIAU-related rules.

At the present date, the MFSA has yet to issue tailor-made rules regulating robo-advisers. However, the European Securities and Markets Authority (ESMA) has issued guidelines on certain aspects of the MiFID II suitability requirements, which define the concept of robo-advice and provide further clarity on the information to be provided to clients when making use of robo-advice. However, the provision of robo-advice may be deemed a licensable activity as the provision of traditional investment advice under the Investment Services Act, Cap 370 of the Laws of Malta (ISA).

It is estimated that by 2025, around USD16 trillion will be managed with the support of robo-advisory services. Wealth managers will thus need to assess the integration of robo-advisers in their business models. However, bearing in mind Malta’s investment culture, a high level of financial literacy needs to be reached among Maltese investors to introduce robo-advisers in the local market successfully.

Due to the nature of the services being provided, robo-advisers are more suitable for use in long-term investment rather than day trading.

No information is available in this jurisdiction.

No information is available in this jurisdiction.

Online lending remains uncommon in Malta, with more traditional forms of lending continuing to be used. The Maltese lending market continues to be dominated by retail banks, which adopt a risk-averse approach to transactions.

The act of regular or habitual lending is a regulated activity and requires a licence from the MFSA under the Financial Institutions Act (Cap 376 of the Laws of Malta) (FIA) or, if the activity includes financing from consumer deposit-taking, a licence under the Banking Act (Cap 371 of the Laws of Malta) (BA) would be required. The regulation of lending occurs without distinction as to the type of recipient of the loan.

Peer-to-peer (P2P) online lending is not specifically regulated under Maltese law and to date, there are no tailor-made regulatory requirements for P2P lending platforms. However, P2P lending platforms should still consider whether their specific activities trigger licensing requirements under the generic financial services framework, particularly the FIA, and in this respect, amongst others, it should be noted that a money-broking activity would be deemed to be a licensable activity.

P2P platform users who act as lenders within the platform may be deemed to be carrying out a regulated activity if they engage in lending on a regular or habitual basis.

Additionally, it should be noted that underwriting processes for online lenders are not dictated by law.

Due to the limited adaptability of online lending in Malta, syndication of such loans is also very rare.

Payment processors are licensable in Malta under the FIA. However, payment processors of VFAs are, as at today, not licensable under the VFAA.

There is no prohibition for payment processors against creating or implementing new payments rails, or payments infrastructure generally; nevertheless, in practice this is not common.

There is no information available in this jurisdiction.

Fund administrators do not require a licence under Maltese law but any person wishing to provide such fund administration services to a collective investment scheme in or from within Malta shall need to obtain a certificate of recognition from the MFSA. This applies regardless of whether the fund administrator is appointed by the fund itself or by the fund manager.

Certified fund administrators are required to carry out any business relating to a collective investment scheme through a written agreement setting out the basis on which such services are to be provided.

This agreement with the scheme or its manager should include the following:

  • whether the administrator is appointed by the scheme or its manager;
  • the nature of the services to be provided by the administrator;
  • information on the charges to be paid by the customer;
  • the fact that the administrator is recognised by the MFSA; and
  • arrangements to bring the agreement to an end.

Furthermore, the administrator is required to determine the net asset value of the scheme in accordance with the constitutional documents or prospectus of the scheme. These requirements imposed on recognised fund administrators are intended to provide clarity and assurance on the administrator’s operations.

Any evidence of fraud or dishonesty by a member of the recognised fund administrator’s staff must be immediately reported to the MFSA upon becoming aware of the matter. The fund administrator is also required to establish, implement and maintain effective internal reporting and communication of information at all relevant levels. Responsibility for compliance obligations also rests with the board of administrators and the fund administrator must have a compliance officer in place at all times as well as a money laundering reporting officer.

Under the traditional financial services regime in Malta, the major trading platforms for assets are regulated markets (in Malta the sole regulated market is the Malta Stock Exchange), multilateral trading facilities (MTFs) and organised trading facilities (OTFs). In Malta, the Prospects Market is an example of an MTF providing a market for SMEs to raise capital by issuing equity or bonds.

However, the introduction of virtual currencies has led to the rise of new trading platforms, such as VFA exchanges and security token exchanges, which has also brought to light the rise of peer-to-peer exchanges.

In the virtual currency sphere, trading platforms depend on the legal classification of a DLT asset. If a DLT asset is deemed to be a virtual token, it cannot be exchanged on a third-party trading platform as its non-tradability is one of the essential features of this type of DLT asset. If a DLT asset qualifies as a VFA, the VFA regime has created the concept of a VFA exchange, which refers to an exchange where DLT assets qualifying as VFAs can be admitted for trading.

On the other hand, if the DLT asset qualifies as a financial instrument, such as a security token, then this may not be traded on a VFA exchange and instead requires a trading platform, such as an MTF, to be traded on.

Prior to admitting a VFA to listing, a VFA exchange is required to carry out appropriate research to assess its quality. The following factors are thus to be taken into consideration.

  • The technological experience, track record and reputation of the issuer and its development team.
  • The issuer’s AML/CFT and cybersecurity systems and controls.
  • The availability of a reliable multi-signature hardware wallet solution for the asset.
  • The determination of the VFA in accordance with the Financial Instrument Test and the endorsement thereof.
  • The protocol and the underlying infrastructure, including whether it is:
    1. a separate blockchain with a new architecture system and network or it leverages an existing blockchain for synergies and network effects;
    2. scalable, new and/or innovative; or
    3. the VFA has an innovative use case or application.
  • The relevant consensus protocol.
  • The systems auditor’s report on the issuer’s innovative technology arrangement, including any reservations that may have been expressed therein.
  • Developments in markets in which the issuer operates.
  • The geographic distribution of the VFA and the relevant trading pairs, if any.
  • The completeness and reliability of information included in the project website and/or white paper, including whether an ethical or professional code of conduct exists.
  • Whether the VFA has any inbuilt anonymisation functions.
  • Whether the VFA has used or was used with any smurfing technology, mixers or has been traded, or traded on any dark-net marketplace(s).
  • Whether the VFA is or has been traded on any sidechains.
  • Whether the VFA has any inbuilt mechanism that caters for settlement failure, such as resolution mechanisms.
  • Other DLT exchanges on which the VFA is traded, if any.
  • Social media information, including an official website, Telegram, Twitter account and Facebook page.
  • Furthermore, the exchange may not admit a VFA to trading if it has an inbuilt anonymisation function unless the holder of the VFA can be identified.

No information is available in this jurisdiction.

The disintermediation element offered by the blockchain brings about a new reality to the handling of client orders, executing and settling trades. In the traditional markets various parties form part of the settlement chain, including a broker, a clearing member and a settlement agent. Through the use of the blockchain, exchanges tend to settle trades without relying on third parties, making the process far more efficient and at the same time transparent.

The nature of the blockchain also allows the possibility of doing away with the role of the broker, who in traditional markets might make a financial gain for directing orders to different parties for trade execution.

There is no information available in this jurisdiction.

When VFA licence-holders handle client orders, they are required to implement procedures and arrangements that seek to provide an expeditious execution of such orders. There are also obligations imposed on licence-holders to not misuse information relating to pending client orders, and to take all reasonable steps to prevent the misuse of such information. Furthermore, licence-holders may not carry out client orders for own account in aggregation with another client order unless certain conditions are met.

There is no information available in this jurisdiction.

When executing orders, VFA licence-holders are required to take all sufficient steps to obtain the best possible result for their clients, taking into account the best execution factors of price, costs, speed, likelihood of execution and settlement, size, nature or any other consideration relevant to the execution of the order. Licence-holders must also check the fairness of the proposed price through the collection of market data used in the estimation of the price of such VFA and by also comparing with similar VFAs.

In cases of specific instructions from clients, the licence-holder is required to execute the order following such instructions. A licence-holder shall be deemed to have satisfied its obligations in terms of the rules to the extent that it executes an order or a specific aspect of the order following specific instructions from a client relating to the order or the specific aspect of the order.

With respect to non-experienced VFA investors, a clear and prominent warning must be provided by licence-holders stating that any instructions from such clients may prevent the steps specified in the execution policy to obtain the best possible result for the execution of those orders in respect of the elements covered by those instructions. When considering the execution of orders for non-experienced investors, licence-holders must also consider other factors in order to determine the best possible result, such as the total consideration and the costs relating to execution.

There is no information available in this jurisdiction.

Algorithmic trading and high-frequency trading are regulated in Malta under MiFID II. Any person licensed under the ISA whose head office is in Malta and who is entitled to carry out an activity in an EU or EEA state other than Malta in exercise of a European right must have the following procedures in place:

  • effective systems and risk controls suitable to the business it operates to ensure that its trading systems are resilient and have sufficient capacity, are subject to appropriate trading thresholds and limits, and prevent the sending of erroneous orders or the systems otherwise functioning in a way that may create or contribute to a disorderly market;
  • effective systems and risk controls to ensure the trading systems cannot be used for any purpose that is contrary to Market Abuse Regulation (EU) 596/2014 (MAR) or the rules of a trading venue to which it is connected; and
  • effective business continuity arrangements to deal with any failure of its trading systems and it shall ensure its systems are fully tested and properly monitored to ensure that they meet the requirements laid down in the relevant regulations.

There is no information available in this jurisdiction.

Firms engaging in algorithmic trading in Malta or another EU or EEA state must notify their competent authority and the European regulatory authority of the trading venue at which the firm engages in algorithmic trading as a member or participant of a trading venue where this is not established in Malta.

Firms that engage in algorithmic trading and high-frequency trading must also keep sufficient records and make these available to the MFSA.

It is also important to note that where a person is dealing on own account and does not provide any other investment services then that person is exempt from the need for an investment services licence. This exemption applies unless such person is a market maker or deals on own account outside a regulated market or a multilateral trading facility on an organised, frequent and systematic basis by providing a system accessible to third parties in order to engage in dealings with them.

The rules refer to firms that engage in algorithmic trading and high-frequency algorithmic trading on a trading venue, which includes regulated markets, MTFs and OTFs.

A Maltese investment firm that engages in algorithmic trading to pursue a market-making strategy must take into account the liquidity, scale and nature of the specific market, and the characteristics of the instruments traded. The firm is considered to be pursuing a market-making strategy when, as a member or participant of one or more trading venues, its strategy, when dealing on own account, involves posting firm, simultaneous two-way quotes of comparable size and at competitive prices relating to one or more financial instruments on a single trading venue or across different trading venues, with the result of providing liquidity on a regular and frequent basis to the overall market.

A Maltese investment firm that acts as a general clearing member for other persons must have in place effective systems and controls to ensure clearing services are only applied to persons who are suitable and meet clear criteria, and that appropriate requirements are imposed on those persons to reduce risks to the investment firm itself and to the market. The firm must also ensure that there is a binding written agreement between the firm and the person regarding the essential rights and obligations arising from the provision of that service.

There is no information available in this jurisdiction.

There is no information available in this jurisdiction.

MiFID II stipulates standards for firms that charge payment for order flow (PFOF) because such arrangements are deemed to introduce a conflict of interest that is likely to cause harm to clients and markets. MiFID II reinforces restrictions on third-party payments when executing orders on behalf of retail and professional clients and strengthened the conflicts of interest requirements. Firms are thus required to place explicit emphasis on avoiding or preventing conflicts of interest from arising in the first place.

MiFID II was transposed into Maltese legislation via the ISA. Any firm falling within the scope of MIFID II is bound by requirements that are harmonised at EU level, such as not inducing clients to trade by methods such as the bundling of research and the obligation of providing unbundled costs separately identifying and charging for execution, research and other advisory services. There is also the obligation for investment firms to make explicit payments for research and be able to show that the research contributes to better investment decisions and is therefore not an inducement.

Services such as an approved publication arrangement (the service of publishing trade reports on behalf of investment firms), an approved reporting mechanism (the service of reporting details of transactions to competent authorities) and a consolidated tape provider (the service of collecting trade reports for financial instruments from various markets and consolidating the same into a continuous electronic live data stream providing price and volume data per financial instrument) are also regulated activities.

In terms of MiFID II, investment research and financial analysis or other forms of recommendations are considered "ancillary services" and it is to be noted that there is no authorisation that may be granted solely for the provision of ancillary services. Naturally, if the financial research platform also provides transactions in investment products or financial instruments, then such would be deemed to amount to a regulated activity.

In this aspect, one must make reference to the MAR and Market Abuse Directive (EU) 2014/57 (MAD), which have been transposed in Malta. When speculation and market rumours begin to spread, an issuer is bound to assess whether a public disclosure of inside information is necessary. Further obligations in this regard also emanate from the Shareholder Rights Directive and the Transparency Directive, which also stipulate further standards of disclosure.

Generally speaking, other than in the context of MiFID II, in Malta there are no ad hoc provisions specific to the regulation of software or technology used for the purposes of financial research and it must be highlighted that except for some elements of the DLT Framework, Maltese laws are technology neutral.

Curation of user postings may expose a platform to liability if certain conditions are met, leading the platform to be deemed a publisher of such content by extension. A duty to report suspicious or unlawful behaviour such as market manipulation and pump and dump schemes is in place in respect of any person who arranges or executes transactions.

No information is available in this jurisdiction.

In Malta, underwriting processes are carried out directly with the insurance company itself or through a broker, a tied insurance intermediary or an insurance agent. Such processes are subject to the relevant Maltese insurance legislation and MFSA rules, in line with EU legislation.

Long-term insurance, such as life insurance, is regulated in a different manner to other insurance classes. This is primarily due to insolvency issues and a higher degree of knowledge required from those engaging in this type of insurance business. However, there is no distinction in the treatment of the different insurance classes by industry participants.

The regulation of regtech providers is dependent on the nature of their activities. It must be noted that Maltese laws in this aspect apply in a technology-neutral manner (bar some exceptions in relation to DLTs). It is therefore the activity of the regtech provider that triggers regulatory implications and not the specific technologies utilised. Furthermore, if a regtech provider utilises an ITA as defined by the ITASA, then the regtech provider may submit the ITA for recognition by the MDIA.

There is no information available in this jurisdiction.

Regtech providers are not considered to be "gatekeepers" by default but in instances in which they encounter unlawful or suspicious behaviour, they have a duty to report the activity. The duty is triggered when the activity of the regtech provider renders the provider a "subject-person" in terms of anti-money laundering legislation or the regtech provider professionally arranges or executes transactions. Therefore, when regtech providers are only providing their software as a product, no such duty can be triggered. Software-as-a-service (SaaS) regtech providers may, however, be subject to such duties depending on the specific services provided.

Furthermore, financial services legislation would also seek to impose service level agreements (SLAs) on technology providers that require availability of support, such as through a call centre, points of contact, and quality and accuracy levels depending on the type of service rendered. Escalation levels, onsite auditing and obligations to provide information upon request are not uncommon.

There is no information available in this jurisdiction.

As described in 1.1 Evolution of the Fintech Market, Malta’s DLT Framework is now fully in effect with the expiry of the transitory provisions. The DLT Framework addresses VFAs, DLTs, IVFAOs, ITAs and ITSPs. In summary, the DLT regulatory Framework consists of the following pieces of legislation (each substantiated by various rules, guidelines and subsidiary legislation):

  • the Virtual Financial Assets Act, Cap 590 of the Laws of Malta, which establishes regulations in relation to initial coin offerings, VFAs and related service providers;
  • the Malta Digital Innovation Authority Act, Cap 591 of the Laws of Malta, which sets up the Malta Digital Innovation Authority, the Maltese authority primarily responsible for promoting digital innovation; and
  • the Innovative Technology Arrangements and Services Act, Cap 592 of the Laws of Malta, which provides for certification by the MDIA of innovative technology arrangements and authorisations for innovative technology service providers.

As stated in 2.2 Regulatory Regime, the classification of whether an asset is deemed to be a VFA is dependent on the result of the Financial Instrument Test devised by the MFSA. The Financial Instrument Test can determine any DLT asset to qualify as a virtual token, a financial instrument, electronic money or a VFA. Following the result of the test, the DLT asset is then subject to the relevant rules depending on its legal classification.

If the asset in question qualifies as a VFA, any person that conducts any of the following activities in or from within Malta in relation to VFAs requires a licence from the MFSA:

  • the reception and transmission of orders;
  • the execution of orders on behalf of other persons;
  • dealing on own account;
  • portfolio management;
  • custodian or nominee services (of VFAs including cryptographic keys);
  • investment advice;
  • placing of virtual financial assets; and
  • operation of a VFA exchange.

The following four classes of VFA licences are available.

  • Class 1 licence-holders are authorised to receive and transmit orders, and/or provide investment advice in relation to one or more VFAs and/or the placing of VFAs. Class 1 licence-holders are not authorised to hold or control clients’ money.
  • Class 2 licence-holders are authorised to provide any VFA service but not to operate a VFA exchange or deal for their own account. Class 2 licence-holders may hold or control clients’ money in conjunction with the provision of a VFA service.
  • Class 3 licence-holders are authorised to provide any VFA service but not to operate a VFA exchange. Class 3 licence-holders may hold or control clients’ money in conjunction with the provision of a VFA service.
  • Class 4 licence-holders are authorised to provide any VFA service. Class 4 licence-holders may hold or control clients’ money in conjunction with the provision of a VFA service.

An application for a VFA licence can only be made through a VFA agent, namely an agent who is duly registered with the MFSA.

For initial offerings, please see 2.6 Jurisdiction of Regulators.

The VFAA defines a DLT exchange as any trading and/or exchange platform or facility on which any form of DLT asset may be transacted. A DLT asset is any virtual token, virtual financial asset, electronic money, or financial instrument that is intrinsically dependent on or utilises DLT. The term VFA exchange refers to any DLT exchange on which only VFAs may be transacted in accordance with the rules of the platform or facility. Therefore, exchanges on which only financial instruments are traded shall not be licensable in terms of the VFAA but will fall within the remit of the ISA.

The operation of a VFA exchange is one of the VFA services for which a person would need a licence granted by the MFSA as outlined in the VFAA.

CIS wishing to invest in VFAs do not require an additional licence for this purpose, although in such cases there are some VFA-specific supplementary conditions that CIS are expected to comply with on an ongoing basis. As at the date of writing, only professional investor funds (PIFs) are permitted to invest in VFAs. Nevertheless, it should be noted that the MFSA has been considering whether to permit alternative investment funds (AIFs) and notified alternative investment funds (NAIFs) to invest in VFAs by extending the supplementary conditions that apply to PIFs to cover AIFs and NAIFs.

Furthermore, issuers of IVFAOs (typically known as ICOs) are also regulated under the VFAA, in terms of which, no issuer may offer a VFA to the public in or from within Malta, nor apply for a VFA's admission to trading on a DLT exchange, unless a white paper drawn up in accordance with the VFAA has been registered with the MFSA. Similar to a VFA licence-holder, the issuer is, amongst others, required to appoint, and have at all times in place, a VFA agent.

Please see 2.2 Regulatory Regime.

At present, Malta does not have any specific laws or guidelines or position papers issued by the Information and Data Protection Commissioner, the authority tasked with oversight over data protection, privacy and freedom of information in Malta in relation to data privacy in the context of DLTs.

However, it should be noted that the GDPR applies in Malta (together with all other EU data privacy regulations) and, thus, any position that develops at an EU level in relation to privacy will in turn be applied in Malta.

Additionally, the system audit control objectives of security, processing integrity, availability, confidentiality and protection of personal data need to be followed for the purposes of a systems audit in terms of the ITASA.

Regarding the ITASA, it should be noted that the certification of ITAs is a voluntary endeavour that (amongst others) requires a positive assurance from a systems auditor. That said, where an ITA is used in the context of an IVFAO, the auditing by a systems auditor becomes mandatory.

ITAs that can be certified by the MDIA under the ITASA, as at today, consist of the following.

  • Software and architectures that are used in designing and delivering DLT that, ordinarily but not necessarily:
    1. uses a distributed, decentralised, shared and/or replicated ledger;
    2. may be public or private, or hybrids thereof;
    3. is permitted or not permitted, or hybrids thereof;
    4. is secure to a high level against retrospective tampering, such that the history of transactions cannot be replaced;
    5. is protected with cryptography; and
    6. is auditable.
  • Smart contracts and related applications, including decentralised autonomous organisations, as well as other similar arrangements.
  • Any other ITA that may be designated by the relevant minister, on the recommendation of the MDIA, by notice from time to time.

As an EU member state, the Payment Services Directive (EU) 2015/2366 (PSD2) was fully transposed into Maltese legislation in August 2019. The implementation of PSD2 will not oblige a bank or financial institution that is already licensed by the MFSA to provide payment services to seek re-authorisation.

The implementation of PSD2 into Maltese law does not trigger any obligation for a bank or financial institution already licensed by the MFSA as home state regulator to provide payment services to seek any re-authorisation of these activities of any passporting rights exercised by the operator prior to the implementation of these amendments.

Nevertheless, despite banks taking the necessary steps to permit open banking by making available their application programming interface (API) technologies, the practical use of open banking in Malta remains limited.

The number of live and operative account information service providers (AISPs) or payment initiation service providers (PISPs) operating within Malta is small. Thus, the effects of PSD2 continue to remain unfelt in Malta, be it from the perspective of banks coping with data privacy or data security concerns, or practical concerns on a more generic basis.

GTG Advocates

66 Old Bakery Street
Valletta
VLT 1454
Malta

+ 356 21 24 27 13

igauci@gtgadvocates.com www.gtgadvocates.com
Author Business Card

Law and Practice

Authors



GTG Advocates assists clients with tailored, efficient and value-added legal solutions. Established in 1997 in Malta’s capital city, Valletta, its founding partners have over 30 years’ experience of working in the legal field. The firm combines experience and knowledge to provide its clients with integrated advice/assistance on blockchain and DLTs, cryptocurrencies, fintech, regtech, citizenship and residence, shipping, corporate law and financial services. A leader in data protection, telecommunications and gaming, GTG Advocates serves a diverse client base that benefits from an international professional network including international firms and banks. GTG Advocates’ founders have also founded the sister company Afilexion Alliance, which provides corporate and advisory services to the technology, fintech, DLT and gaming sectors, and Caledo Group, a joint venture between Afilexion Alliance and Wyzer that acts as a one-stop shop solution for all services related to blockchains and virtual currencies, including legal, technical, corporate, economics and marketing services.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.