Fintech 2021

Last Updated March 18, 2021

Malta

Law and Practice

Authors



GTG Advocates is considered as a local thought leader in the fintech sector, especially in relation to blockchain and virtual currencies (and technology law generally). The firm is mostly known for advising regulators and public bodies in the fintech sphere, being counsel to the government of Malta and the two relevant fintech authorities, namely the Malta Financial Services Authority (MFSA) and the Malta Digital Innovation Authority (MDIA). In particular, the firm is known for having been instrumental in the drafting of Malta’s fintech legislation as well as the various rulebooks, guidelines and consultations. The firm is also known for its expertise in regulatory matters, especially cryptocurrency exchange licensing and initial coin offering, technology, IP and data protection law generally. Dr Ian Gauci, the firm’s managing partner, was also a member of the National Blockchain Taskforce and a founding member of the Blockchain Malta Association.

Malta’s innovative legal framework that regulates virtual currencies (defined as "virtual financial assets" or VFAs), distributed ledger technologies (DLTs) including blockchains, initial coin offerings (defined as "initial VFA offerings" or IVFAOs), VFA-related service providers, innovative technology arrangements (ITAs), such as smart contracts, and innovative technology service providers (ITSPs), continued to be solidified over the last 12 months with the publication of additional guidance notes and consultation documents.

In June 2020 the Malta Financial Services Authority (MFSA) issued a consultation on a guidance note addressing technology arrangements, ICT and security risk management and outsourcing arrangements, which was officially issued later on in the same year. 

The guidance note issued by the authority is intended for MFSA licensees across several sectors, including VFA service providers, insurance intermediaries, investment services licence holders, trading venues and pension service providers, and is based on four high-level principles: 

  • proportionality;
  • principles-based consistency of outcomes;
  • information assurance (IA) in technology arrangements; and
  • approach to cloud computing.

The MFSA also launched the Fintech Regulatory Sandbox, allowing fintech operators to test their innovations within a regulatory environment for a specified period of time and under certain prescribed conditions. The sandbox is open to fintech service providers and fintech suppliers, accepting start-ups, technology firms and established financial services providers that approve of technologically-enabled innovation in their business models, applications or products.

The authority also issued its feedback statement to the consultation it had issued in 2019 on security token offerings (STOs), and further concrete guidance on this subject is expected from the MFSA in the coming months. 

As the EU has presented a draft EU Regulation on Markets in Crypto-assets (MiCA) as part of the Digital Finance package, this is expected to have a significant impact on Malta’s homegrown DLT framework. 

The MFSA has announced that it will continue to monitor MiCA developments to ensure that Malta’s VFA framework can evolve in a “seamless manner into the new Regulation once this comes into force”. This is expected to lead to a legislative amendment of the local VFA framework, which is intended to align the Virtual Financial Assets Act (Cap 590 of the Laws of Malta) and related legislation with MiCA.

The current prominent business models in the DLT sphere in Malta are virtual currency-related service providers, which are generally referred to as VFA service providers or financial service providers, dealing in virtual currencies qualifying as financial instruments, initial coin offerings (ICOs, or more typically IVFAOs), STOs and investment funds set up to invest in DLT assets recognised as VFAs.

The introduction of the DLT framework, specifically the Virtual Financial Assets Act (VFAA), brought in a legislative framework applicable to a specific class of virtual currencies qualifying as VFAs. This legislation has addressed a lacuna under Maltese law, one that to date largely remains unregulated on a European level. 

Deciding whether a cryptocurrency can be considered a VFA is dependent on the result of the financial instrument test devised by the MFSA. The financial instrument test can determine whether any DLT asset should be qualified as a virtual token, a financial instrument, electronic money or a VFA. Following the result of the test, the DLT asset is then subject to the relevant rules, depending on its legal classification. 

The MFSA is the local regulator responsible for applications under the VFAA as well as under the traditional financial services regime where this relates to virtual currencies qualifying as financial instruments. 

Where a person is providing VFA services in or from Malta as defined under the Maltese regime, that person needs to be licensed by the MFSA prior to conducting such activities and must also comply with the relevant rules and regulations. 

Similarly, where a Maltese issuer under the same regime intends to offer a VFA to the public or admit it to trading on a DLT exchange, the issuer must register the white paper with the MFSA and comply with the relevant rules and regulations. 

On the other hand, where a service provider is providing services in relation to virtual currencies that qualify as financial instruments, the service provider must obtain a licence under the traditional investment services regime that transposed Directive 2014/65 on Markets in Financial Instruments (commonly known as MiFID II) into Maltese law. 

Collective investment schemes (CIS) licensed in Malta can also be licensed to invest in virtual currencies through specific rules issued in this regard. The MFSA has in this respect issued specific rules on professional investor funds set up to invest in DLT assets recognised as VFAs. 

If a local issuer wishes to offer a virtual currency qualifying as a financial instrument to the public, the process is very much akin to that of an IPO and the prospectus must thus be prepared and filed with the relevant authority in line with the prospectus regulation. 

Where the issuance of that financial instrument does not qualify as an offer to the public then this issue is deemed to be exempt from the requirement to issue a prospectus. As stated in 1.1 Evolution of the Fintech Market, the MFSA is currently amending its existing security offering regulatory framework to cater for STOs.

No disclosure requirements exist under Maltese law regarding compensation models that industry participants use to charge customers.

The VFAA has provided new and legacy players with specific requirements and limitations when conducting business in this sector. However, no distinction is made about whether a player in this sphere is a new entrant or a legacy player. The Malta Gaming Authority (MGA) has also contributed in this area.

The MGA's Sandbox Regulatory Framework

The Malta Gaming Authority (MGA) launched a sandbox framework for the acceptance of cryptocurrencies and the use of DLT by its licensees in 2019. The first phase of the framework established the possibility of authorised persons being allowed to accept VFAs as a means of payment. During the second phase, the MGA started accepting applications for the use of Innovative Technology Arrangements (ITAs), including DLT platforms and smart contracts. The sandbox framework is expected to be available until 31 December 2021. 

In a guidance note issued in June 2020, the MGA clarified that gaming operators rendering a licensable VFA activity within the parameters of the VFA sandbox must acquire a licence from the MFSA before being able to render such services. In cases where the gaming operator does not acquire an MFSA licence and instead outsources the VFA-related services, the third-party service provider must be in possession of a VFA licence from the MFSA. 

The guidance note also highlighted the requirement for a legal opinion drafted by a VFA agent and that participants in the sandbox must have control verifications in place for the purpose of verifying ownership of a player’s wallet, and that effectively, the used wallet does belong to the registered player.

While the MGA remains distinct from the MFSA and the Malta Digital Innovation Authority (MDIA), through the launch of the Sandbox Regulatory Framework, it has delved, in a limited way, into the field of DLT assets by offering an environment for its licensees to accept and use DLT assets.

The Fintech Regulatory Sandbox

On the other hand, the MFSA launched its own Fintech Regulatory Sandbox in July 2020 allowing fintech operators to test their innovations within a regulatory environment for a specified period of time and under certain prescribed conditions. The sandbox is open to fintech service providers and fintech suppliers, accepting start-ups, technology firms and established financial services providers that approve of technologically enabled innovation in their business models, applications or products.

The regulatory sandbox is intended to target technologically-enabled financial innovation that could result in new business models, applications, processes or products with an associated material effect on financial markets and the provision of financial services.

The ITA Sandbox

In July 2020 the MDIA issued a consultation document inviting stakeholders to give their feedback on a Technology-Driven Innovative Technology Arrangement Sandbox ("ITA sandbox"), complementing the MDIA’s innovative technology arrangement (ITA) full certification framework.

The MDIA intends to set up an ITA sandbox which will complement Malta’s robust certification framework. The ITA sandbox will ensure that regulatory certainty can be given to ITAs developed by small entities and that a balance is reached between maintaining full certification and the adopted high-barrier entry approach, while addressing financial and technical barriers for smaller entities.

The MFSA and VFAA

The MFSA is the primary regulator for entities engaging in VFA-related services and its jurisdiction over industry participants is highly dependent on the nature of services being offered. With respect to ICOs, no issuer will offer a VFA to the public in or from within Malta, or apply for a VFA’s admission to trading on a DLT exchange, unless the issuer draws up and registers a white paper in accordance with the VFAA. The MFSA’s jurisdiction in this regard therefore ends once the white paper is registered. 

Furthermore, no entity will provide, or hold itself out as providing, a VFA service in or from within Malta unless such person is in possession of a valid licence. The entity will then be subject to supervision and oversight from such authority until such licence is surrendered.

The FIAU

Additionally, VFA-related services are deemed to be “relevant activity” in terms of Malta’s anti-money laundering and funding of terrorism legislative and regulatory framework. This factor therefore brings VFA service providers into the purview of the Financial Intelligence Analysis Unit (FIAU), which is the government agency tasked with the collection, collation, processing, analysis and dissemination of information with a view to combating money laundering and the funding of terrorism. The FIAU is also responsible for monitoring compliance with the relevant legislative provisions. Thus, the FIAU’s remit is restricted to compliance with the anti-money laundering and funding of terrorism legislative and regulatory framework.

The MDIA

The MDIA, on the other hand, has a mandate to regulate innovative technology arrangements such as smart contracts and ITSPs. The role of the MDIA can be distinguished from that of the MFSA, with the latter remaining the primary authority issuing licences and authorisations for service providers and public offerings of DLT assets. However, where a Maltese issuer wishes to offer a VFA to the public and is required to register the white paper with the MFSA, the innovative technology arrangement must be audited by a qualified systems auditor that is authorised and supervised by the MDIA.

The MGA

As previously held, the MGA also offers a platform for its existing licensed entities to use DLT assets in their operations.

The MFSA Rules

The rules issued by the MFSA for VFA service providers require service providers to ensure that when relying on a third party for the performance of any operational function, they must take reasonable steps to avoid undue additional operational risk through the provision of a continuous and satisfactory service to clients and the performance of VFA services on a continuous and satisfactory basis.

Obligations of Licence Holder

The outsourcing of important operational functions may not materially impair the quality of the provider’s internal control and the ability of the supervisory body to monitor the licensee’s compliance with all its obligations. Indeed, the licence holder remains fully responsible for discharging all its obligations and properly managing the risks associated with outsourcing. The outsourcing arrangements may not result in the delegation of the licensee’s senior management responsibility. 

The licence holder must thus carry out an ongoing assessment of the operational risks and the concentration risk associated with all its outsourcing arrangements and it must inform the MFSA of any material developments.

The outsourcing arrangement must be based on a formal, clear, written contract that establishes the respective rights and obligations of the licence holder and the service provider.

However, licence holders may not outsource management functions such as the setting of strategies and policies in respect of its risk profile and control, the oversight of the operation of its processes and the final responsibility towards customers. Outsourcing services and activities concerning licensable activities is also subject to satisfying certain specific criteria.

Licence holders must inform the MFSA of any material outsourcing arrangements and keep the authority updated with any material developments affecting these activities. In turn, the MFSA may impose specific conditions on the licensee.

Powers of the Minister and the MFSA

The VFAA, its regulations and rulebooks confer the minister responsible for the regulation of financial services and the MFSA with powers to protect investors’ interests, while also overseeing the orderly transaction of business, primarily that of IVFAOs and VFA service providers.

Licensees under the VFAA are deemed to be subject persons for AML purposes in terms of the anti-money laundering/combating the financing of terrorism (AML/CFT) rules. To that end, licensees are required to conduct AML/CFT checks on all users on their platforms and all persons making use of their services. This has also been extended to those entities doing an ICO in terms of the VFAA.

No significant enforcement actions have taken place over the last year.

Powers of the MFSA

However, the VFAA stipulates that the MFSA has the power to unilaterally impose decisions on any issuer of an IVFAO and on any VFA agent or VFA service provider. The authority is empowered to request information from any person, order the review of the determination of a DLT asset and submit this determination to a test; appoint inspectors to investigate and report on the activities of an issuer, VFA agent or VFA service provider; order an issuer or service provider to cease operations or appoint a person to advise him or her, take charge of his or her assets, or even control his or her business; order the suspension or the discontinuation of the trading of a VFA; and impose administrative penalties.

Liability of VFA Issuers

Issuers of VFAs are liable for damages sustained by a person as a direct consequence of such person having bought VFAs, either as part of an IVFAO by the issuer or on a DLT exchange, on the basis of any false information contained in a white paper, on a website or in an advertisement. A statement included in a white paper, on a website or in an advertisement is deemed to be untrue if it is misleading or otherwise inaccurate or inconsistent, either wilfully or in consequence of gross negligence, in the form and context in which it is included.

Penalty

Furthermore, whenever a VFA licence holder breaches or contravenes the VFAA regulations or rules, including through a failure to co-operate in an investigation, the MFSA may impose an administrative penalty of up to EUR150,000 by notice in writing and without recourse to a court hearing.

Appeal

Any such actions made by the MFSA are subject to appeal in front of the Financial Services Tribunal.

Cybersecurity Rules

Specific cybersecurity rules have been issued under the VFAA for issuers and VFA service providers. The rules stipulate that issuers are required to adopt a cybersecurity framework depending on the nature, scale and complexity of their business. The framework must include a business continuity plan, an access management policy, a list of information and data security roles and responsibilities, and a threats management plan, and must be firmly in line with international and European cybersecurity standards.

AML Directives and Rules

As stated in 2.8 Gatekeeper Liability, VFA-related activity must also comply with EU AML directives and with the local AML rules. It is important to note that owing to the limited nature of VFAs, issuers of VFAs doing a private offer (ie, an offer of VFAs that is not deemed to be an offer to the public) are not deemed to be subject persons as they are not deemed to pose a large money-laundering or funding of terrorism risk.

GDPR

With respect to privacy law implications, Malta is subject to the General Data Protection Regulation (GDPR) and the general considerations under this directive. Data protection considerations need to be taken into account by a systems auditor when auditing an ITA.

Advertising Restrictions

Furthermore, the VFAA imposes certain advertising restrictions when it comes to issuing a VFA or admitting it to trading on an exchange, which are primarily intended to protect retail investors, regardless of the type of media used. Advertisements must be clearly identifiable as such and the information contained therein may not be inaccurate or misleading. In the case of issuers of VFAs, the information must be consistent with the contents of the white paper. Issuers may in fact be held liable for civil damages sustained by a person as a direct consequence of that person having bought a VFA on the basis of untrue information advertised (the term "untrue" is deemed to refer to information that is misleading, or otherwise inaccurate or inconsistent).

VFA Agent

The VFAA has introduced the role of an intermediary, referred to as the VFA agent, who is to act as a liaison between an applicant for a VFA services licence or a VFA issuer and the MFSA. The VFA agent must be a person who is authorised to carry on the profession of advocate, accountant or auditor; or a firm of such professionals or a corporate services provider; or a legal organisation that is wholly owned and controlled by such persons.

The VFA agent must confirm that the issuer or the VFA services licence applicant (including its officers and ultimate beneficial owners, or UBOs) is competent in that field, as well as fit and proper. Particularly in the case of IVFAOs, the VFA agent is also responsible to ensure that the DLT asset qualifies as a VFA and that the white paper is compliant with the requirements of the act.       

While a certain level of competence and experience in the field is required by the MFSA, particularly given the relative novelty of operating in the DLT sphere, no distinction is made in terms of whether a player is either a new entrant or a legacy player.

Systems auditors that are registered with the MDIA are required to abide by the relevant rules and guidelines issued by the MDIA.

When a DLT asset is classified as a virtual token (VT), its issuance and related services remain unregulated under Maltese law. VTs are limited in their nature and have no value outside the DLT platform on which they operate and are not exchangeable on third-party platforms. 

A VT may be offered through the same entity that offers VFAs or security tokens given that the offering of virtual tokens is unregulated. Furthermore, VTs are not deemed to be a big AML risk, and offerors of VTs are thus not considered to be a “subject person” under AML/CFT rules.

At present, the MFSA has yet to issue tailor-made rules regulating robo-advisers. However, the European Securities and Markets Authority (ESMA) has issued guidelines on certain aspects of the MiFID II suitability requirements, which define the concept of robo-advice and provide further clarity on the information to be provided to clients when making use of robo-advice. It appears that the provision of robo-advice may be deemed a licensable activity, like the provision of traditional investment advice under the Investment Services Act, Cap 370 of the Laws of Malta (ISA). 

In its fintech vision, the MFSA has highlighted the creation of a regulatory sandbox which may be used for robo-advisers. 

No information is available in this jurisdiction.

No information is available in this jurisdiction.

Online lending remains uncommon in Malta, with more traditional forms of lending being used. The Maltese lending market continues to be dominated by retail banks, which adopt a risk-averse approach to transactions. 

The regulation of lending occurs without distinction as to the type of recipient of the loan.

The act of regular or habitual lending is a regulated activity and requires a licence from the MFSA under the Financial Institutions Act (Cap 376 of the Laws of Malta) or FIA. However, if the activity includes financing from consumer deposit-taking, a licence under the Banking Act (Cap 371 of the Laws of Malta), or BA, would be required. 

Additionally, it should be noted that underwriting processes for online lenders are not dictated by law.

Peer-to-peer (P2P) online lending is not specifically regulated under Maltese law and to date, there are no tailor-made regulatory requirements for P2P lending platforms. However, P2P lending platforms should still consider whether their specific activities trigger licensing requirements under the generic financial services framework, particularly the FIA, and in this respect, among others, it should be noted that a money-broking activity would be deemed to be a licensable activity.

P2P platform users who act as lenders within the platform may be deemed to be carrying out a regulated activity if they engage in lending on a regular or habitual basis.

Due to the limited adaptability of online lending in Malta, syndication of such loans is very rare.

Payment processors are licensable in Malta under the FIA. However, payment processors of VFAs are, at the time of writing, not licensable under the VFAA.

There is no prohibition against payment processors creating or implementing new payments rails, or payments infrastructure generally; nevertheless, in practice, this is not common.

There is no information available in this jurisdiction.

Fund administrators do not require a licence under Maltese law but any person wishing to provide fund administration services to a collective investment scheme in or from within Malta needs to obtain a certificate of recognition from the MFSA. This applies regardless of whether the fund administrator is appointed by the fund itself or by the fund manager.

Certified fund administrators are required to carry out any business relating to a collective investment scheme through a written agreement setting out the basis on which such services are to be provided. 

This agreement with the scheme or its manager should include the following:

  • whether the administrator is appointed by the scheme or its manager;
  • the nature of the services to be provided by the administrator;
  • information on the charges to be paid by the customer;
  • the fact that the administrator is recognised by the MFSA; and
  • arrangements to bring the agreement to an end.

Furthermore, the administrator is required to determine the net asset value of the scheme in accordance with the constitutional documents or prospectus of the scheme. The requirements imposed on recognised fund administrators are intended to provide clarity and assurance on the administrator’s operations.

Traditional Financial Services

Under the traditional financial services regime in Malta, the major trading platforms for assets are regulated markets (in Malta the sole regulated market to date is the Malta Stock Exchange or MSE), multilateral trading facilities (MTFs) and organised trading facilities (OTFs). In Malta, the Prospects Market is an example of an MTF providing a market for SMEs to raise capital by issuing equity or bonds. These types of exchanges are primarily regulated under the Financial Markets Act and relevant EU regulations. Issuers on such platforms are in turn required to abide by the relevant rules; issuers on the MSE are required to abide by the Listing Rules; whereas those listing on Prospects are required to abide by the Prospects MTF Rules.

Virtual Currencies

However, the introduction of virtual currencies has led to the rise of new trading platforms, such as VFA exchanges and security token exchanges, and this has also brought to light the rise of peer-to-peer exchanges. 

In the virtual currency sphere, trading platforms depend on the legal classification of a DLT asset. If a DLT asset is deemed to be a virtual token, it cannot be exchanged on a third-party trading platform as its non-tradability is one of the essential features of this type of DLT asset. If a DLT asset qualifies as a VFA, the VFA regime has created the concept of a VFA exchange, which refers to an exchange where DLT assets qualifying as VFAs can be admitted for trading.

On the other hand, if the DLT asset qualifies as a financial instrument, such as a security token, then this may not be traded on a VFA exchange and instead requires to be traded on a trading platform, such as an MTF.

Prior to admitting a VFA to listing, a VFA exchange is required to carry out appropriate research to assess its quality. The following factors are taken into consideration.

  • The technological experience, track record and reputation of the issuer and its development team.
  • The issuer’s AML/CFT and cybersecurity systems and controls.
  • The availability of a reliable multi-signature hardware wallet solution for the asset.
  • The determination of the VFA in accordance with the Financial Instrument Test and the endorsement thereof.
  • The protocol and the underlying infrastructure, including whether it is:
    1. a separate blockchain with a new architecture system and network or it leverages an existing blockchain for synergies and network effects;
    2. scalable, new and/or innovative; or
    3. the VFA has an innovative use case or application.
  • The relevant consensus protocol.
  • The systems auditor’s report on the issuer’s innovative technology arrangement, including any reservations that may have been expressed.
  • Developments in markets in which the issuer operates.
  • The geographic distribution of the VFA and the relevant trading pairs, if any.
  • The completeness and reliability of information included in the project website and/or white paper, including whether an ethical or professional code of conduct exists.
  • Whether the VFA has any inbuilt anonymisation functions.
  • Whether the VFA has used or was used with any smurfing technology or mixers, or has been traded, or traded on any dark-net marketplace(s).
  • Whether the VFA is or has been traded on any sidechains.
  • Whether the VFA has any inbuilt mechanism that caters for settlement failure, such as resolution mechanisms.
  • Other DLT exchanges on which the VFA is traded, if any.
  • Social media information, including an official website, Telegram and/or Twitter account and Facebook page.

Furthermore, the exchange may not admit a VFA to trading if it has an inbuilt anonymisation function, unless the holder of the VFA can be identified.

The VFAA produced the Financial Instrument Test which helps assess whether a DLT asset qualifies as a virtual token, a financial instrument, electronic money or a VFA.

Where a DLT asset qualifies as a virtual token, its offering is unregulated under Maltese law. The issuing of VFAs and offering of services in relation to VFAs are regulated under the VFAA. 

On the other hand, the issuing and offering of services in relation to financial instruments and electronic money are primarily regulated under MiFID II and the Electronic Money Directive, both as transposed under Maltese law. 

The passing of the VFAA and the establishment of supplementary regulations, rules and guidelines have promoted Malta as one of the first countries to have regulated cryptocurrency exchanges and other cryptocurrency-related services. 

The VFAA regulates VFA exchanges, ie, exchanges that list and trade DLT assets that are classified as VFAs in terms of the Financial Instrument Test. See 7.1 Permissible Trading Platforms for additional information on the regulation of VFA exchanges.

Issuers of VFAs listing on VFA exchanges are required to abide by the listing rules adopted by each respective VFA exchange. 

Issuers of traditional financial instruments (such as equity securities or debt securities) listing on the local Malta Stock Exchange are required to abide by the Listing Rules, whereas those listing on Prospects MTF are required to abide by the Prospects MTF Rules.

When VFA licence holders handle client orders, they are required to implement procedures and arrangements that seek to provide an expeditious execution of such orders. There are also obligations imposed on licence holders notto misuse information relating to pending client orders, and to take all reasonable steps to prevent the misuse of such information. Furthermore, licence holders may not carry out client orders for own account in aggregation with another client order, unless certain conditions are met.

The increase in cryptocurrency exchanges has highlighted the advantages of peer-to-peer trading platforms. While this has not impacted the regulation of traditional trading platforms, the regulator has sought to cater for such platforms through the enactment of the VFAA.

When executing orders, VFA licence holders are required to take all sufficient steps to obtain the best possible result for their clients, taking into account the best execution factors of price, costs, speed, likelihood of execution and settlement, size, nature or any other consideration relevant to the execution of the order. Licence holders must also check the fairness of the proposed price by collecting market data used in the estimation of the price of such VFA and also, by comparing it with similar VFAs.

Experienced Investors

In cases of specific instructions from clients, the licence holder is required to execute the order following such instructions. A licence holder shall be deemed to have satisfied its obligations in terms of the rules to the extent that it executes an order or a specific aspect of the order following specific instructions from a client relating to the order or a specific aspect of the order.

Non-experienced Investors

With respect to non-experienced VFA investors, a clear and prominent warning must be provided by licence holders, stating that any instructions from such clients may prevent the steps specified in the execution policy to obtain the best possible result for the execution of those orders in respect of the elements covered by those instructions. When considering the execution of orders for non-experienced investors, licence holders must also consider other factors in order to determine the best possible result, such as the total consideration and the costs relating to execution.

There is no information available in this jurisdiction.       

Marketplaces, exchanges and trading platforms are required to abide by the principles of the Market Abuse Regulation which aims to prevent and detect market abuse, market manipulation and insider dealing.

These principles have also been enshrined in Malta’s VFA framework where VFA service providers are required to have systems and procedures in place to identify and curb market abuse. 

Furthermore, issuers on the MSE are required to abide by the Listing Rules, whereas those listing on Prospects MTF are required to abide by the Prospects MTF Rules. Both of these sets of rules include specific provisions on inside information and fair disclosure of information to the market. 

Algorithmic trading and high-frequency trading are regulated in Malta under MiFID II. Any person licensed under the ISA whose head office is in Malta and who is entitled to carry out an activity in an EU or EEA state other than Malta, in exercise of a European right, must have the following procedures in place:

  • effective systems and risk controls suitable to the business it operates, to ensure that its trading systems are resilient and have sufficient capacity, are subject to appropriate trading thresholds and limits, and prevent the sending of erroneous orders or the malfunctioning of systems in a way that may create or contribute to a disorderly market;
  • effective systems and risk controls to ensure the trading systems cannot be used for any purpose that is contrary to Market Abuse Regulation (EU) 596/2014 (MAR) or the rules of the trading venue to which it is connected; and
  • effective business continuity arrangements to deal with any failure of its trading systems, to which end, it shall ensure its systems are fully tested and properly monitored and meet the requirements laid down in the relevant regulations.

Firms engaging in algorithmic trading in Malta or another EU or EEA state must notify their competent authority and the European regulatory authority of the trading venue at which the firm engages in algorithmic trading as a member or participant, where this is not established in Malta.

Firms that engage in algorithmic trading and high-frequency trading must also keep sufficient records and make these available to the MFSA.

It is also important to note that where a person is dealing on own account and does not provide any other investment services then that person is exempt from the need for an investment services licence. This exemption applies unless such person is a market maker or deals on own account outside a regulated market or a multilateral trading facility on an organised, frequent and systematic basis by providing a system accessible to third parties in order to engage in dealings with them.

The rules refer to firms that engage in algorithmic trading and high-frequency algorithmic trading on a trading venue, which includes regulated markets, MTFs and OTFs.

A Maltese investment firm that engages in algorithmic trading to pursue a market-making strategy must take into account the liquidity, scale and nature of the specific market, and the characteristics of the instruments traded. 

The firm is considered to be pursuing a market-making strategy when, as a member or participant of one or more trading venues, its strategy, when dealing on own account, involves posting firm, simultaneous two-way quotes of comparable size and at competitive prices relating to one or more financial instruments on a single trading venue or across different trading venues, with the result of providing liquidity on a regular and frequent basis to the overall market.

A Maltese investment firm that acts as a general clearing member for other persons must have in place effective systems and controls to ensure clearing services are only applied to persons who are suitable and meet clear criteria, and that appropriate requirements are imposed on those persons to reduce risks to the investment firm itself and to the market. 

The firm must also ensure that there is a binding written agreement between the firm and the person regarding the essential rights and obligations arising from the provision of that service.

There is no information available in this jurisdiction.

There is no information available in this jurisdiction.

MiFID II was transposed into Maltese legislation via the ISA. Any firm falling within the scope of MiFID II is bound by requirements that are harmonised at EU level, such as, not inducing clients to trade by methods involving the bundling of research and the obligation of providing unbundled costs separately identifying and charging for execution, research and other advisory services. There is also the obligation for investment firms to make explicit payments for research and be able to show that research contributes to better investment decisions and is therefore not an inducement.

Services such as an approved publication arrangement (the service of publishing trade reports on behalf of investment firms), an approved reporting mechanism (the service of reporting details of transactions to competent authorities) and a consolidated tape provider (the service of collecting trade reports for financial instruments from various markets and consolidating the same into a continuous electronic live data stream providing price and volume data per financial instrument) are also regulated activities.

In terms of MiFID II, investment research and financial analysis or other forms of recommendations are considered "ancillary services" and it is worth noting that no authorisation may be granted solely for the provision of ancillary services. Naturally, if the financial research platform also provides transactions in investment products or financial instruments, then such would be deemed to amount to a regulated activity.

In this aspect, it is worth referring to the MAR and Market Abuse Directive (EU) 2014/57 (MAD), which have been transposed in Malta. When speculation and market rumours begin to spread, an issuer is obliged to assess whether a public disclosure of inside information is necessary. 

Further obligations in this regard also emanate from the Shareholder Rights Directive and the Transparency Directive, which also stipulate further standards of disclosure.

Generally speaking, other than in the context of MiFID II, in Malta there are no ad hoc provisions specific to the regulation of software or technology used for the purposes of financial research, and it must be highlighted that except for some elements of the DLT framework, Maltese laws are technology neutral.

Curation of user postings may expose a platform to liability if certain conditions are met, leading the platform to be deemed a publisher of such content by extension. A duty to report suspicious or unlawful behaviour, such as market manipulation and pump-and-dump schemes, is in place in respect of any person who arranges or executes transactions.

In Malta, underwriting processes are carried out directly with the insurance company itself or through a broker, a tied insurance intermediary or an insurance agent. Such processes are subject to the relevant Maltese insurance legislation and MFSA rules, in line with EU legislation.

Long-term insurance, such as life insurance, is regulated in a different manner to other insurance classes. This is primarily due to insolvency issues and the higher degree of knowledge required by those engaging in this type of insurance business. However, there is no distinction in the treatment of the different insurance classes by industry participants.

The regulation of regtech providers is dependent on the nature of their activities. It must be noted that Maltese laws in this respect apply in a technology-neutral manner (bar some exceptions in relation to DLTs). It is therefore the activity of the regtech provider that triggers regulatory implications and not the specific technologies utilised. 

Furthermore, if a regtech provider utilises an ITA as defined by the Innovative Technology Arrangements and Services Act, Cap 592 of the Laws of Malta (ITASA), then the regtech provider may submit the ITA for recognition by the MDIA.

There is no information available in this jurisdiction.

While local banks have been cautious in their approach to implementing the use of DLT in their current systems, the Malta Business Registry (MBR), responsible for the registration of commercial partnerships and companies in Malta, is expected to roll out its online system operating on the blockchain.

The development of the new system is intended to overhaul the registry’s data scheme to allow for a more accurate and efficient representation of all companies and involved parties.

As described in 1.1 Evolution of the Fintech Market, Malta’s DLT framework is now fully in effect with the expiry of the transitory provisions. The DLT framework addresses VFAs, DLTs, IVFAOs, ITAs and ITSPs. 

In summary, the DLT regulatory framework consists of the following pieces of legislation (each substantiated by various rules, guidelines and subsidiary legislation):

  • the Virtual Financial Assets Act, Cap 590 of the Laws of Malta (VFAA), which establishes regulations in relation to initial coin offerings, VFAs and related service providers;
  • the Malta Digital Innovation Authority Act, Cap 591 of the Laws of Malta, which set up the Malta Digital Innovation Authority (MDIA), the Maltese authority primarily responsible for promoting digital innovation; and
  • the Innovative Technology Arrangements and Services Act, Cap 592 of the Laws of Malta (ITASA), which provides for certification by the MDIA of innovative technology arrangements and authorisations for innovative technology service providers.

As stated in 2.2 Regulatory Regime, the classification of whether an asset is deemed to be a VFA is dependent on the result of the Financial Instrument Test devised by the MFSA. 

The Financial Instrument Test can determine whether a DLT asset qualifies as a virtual token, a financial instrument, electronic money or a VFA. Following the result of the test, the DLT asset is then subject to the relevant rules depending on its legal classification.

If the asset in question qualifies as a VFA, any person that conducts any of the following activities in or from within Malta in relation to VFAs requires a licence from the MFSA: 

  • the reception and transmission of orders;
  • the execution of orders on behalf of other persons;
  • dealing on own account;
  • portfolio management;
  • custodian or nominee services (of VFAs including cryptographic keys);
  • investment advice;
  • placing of virtual financial assets; and
  • operation of a VFA exchange.

If in terms of the Financial Instrument Test, a DLT asset is deemed to be a VFA, then the issue of a VFA as an offer to the public is regulated in terms of the VFAA. The Issuer of the IVFAO is required to draw up and register the white paper with the MFSA prior to the launch of the IVFAO. 

On the other hand, if the Financial Instrument Test determines the DLT asset to be a financial instrument, then this is regulated in terms of traditional financial services legislation. The issue of a DLT financial instrument as an offer to the public is regulated in terms of the Prospectus Regulation and the prospectus must be approved by the MFSA prior to issue. 

The VFAA defines a DLT exchange as any trading and/or exchange platform or facility on which any form of DLT asset may be transacted. A DLT asset is any virtual token, virtual financial asset, electronic money, or financial instrument that is intrinsically dependent on or utilises DLT. 

The term VFA exchange refers to any DLT exchange on which only VFAs may be transacted, in accordance with the rules of the platform or facility. Therefore, exchanges on which only financial instruments are traded are not licensable in terms of the VFAA but will fall within the remit of the ISA.

The operation of a VFA exchange is one of the VFA services for which a person would need a licence granted by the MFSA as outlined in the VFAA.

Collective investment schemes (CIS) wishing to invest in VFAs do not require an additional licence for this purpose, although in such cases there are some VFA-specific supplementary conditions that CIS are expected to comply with on an ongoing basis. 

At the time of writing, only professional investor funds (PIFs) are permitted to invest in VFAs. Nevertheless, it should be noted that the MFSA has been considering whether to permit alternative investment funds (AIFs) and notified alternative investment funds (NAIFs) to invest in VFAs by extending the supplementary conditions that apply to PIFs to cover AIFs and NAIFs.

See 2.2 Regulatory Regime.

There is no information available in this jurisdiction.

As an EU member state, the Payment Services Directive (EU) 2015/2366 (PSD2) was fully transposed into Maltese legislation in August 2019. 

The implementation of PSD2 into Maltese law did not trigger any obligation for a bank or financial institution already licensed by the MFSA as a home state regulator to provide payment services to seek any re-authorisation of these activities in terms of passporting rights exercised by the operator prior to the implementation of these amendments.

Nevertheless, despite banks taking the necessary steps to permit open banking by making their application programming interface (API) technologies available, the practical use of open banking in Malta remains limited.

The number of live and operative account information service providers (AISPs) or payment initiation service providers (PISPs) operating within Malta is small. 

Thus, the effects of PSD2 continue to remain unfelt in Malta, be it from the perspective of banks coping with data privacy or data security concerns, or practical concerns on a more generic basis.

GTG Advocates

66 Old Bakery Street
Valletta VLT
1454 Malta

+356 2124 2713

info@gtgadvocates.com www.gtgadvocates.com
Author Business Card

Law and Practice

Authors



GTG Advocates is considered as a local thought leader in the fintech sector, especially in relation to blockchain and virtual currencies (and technology law generally). The firm is mostly known for advising regulators and public bodies in the fintech sphere, being counsel to the government of Malta and the two relevant fintech authorities, namely the Malta Financial Services Authority (MFSA) and the Malta Digital Innovation Authority (MDIA). In particular, the firm is known for having been instrumental in the drafting of Malta’s fintech legislation as well as the various rulebooks, guidelines and consultations. The firm is also known for its expertise in regulatory matters, especially cryptocurrency exchange licensing and initial coin offering, technology, IP and data protection law generally. Dr Ian Gauci, the firm’s managing partner, was also a member of the National Blockchain Taskforce and a founding member of the Blockchain Malta Association.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.