Fintech 2022 Comparisons

Malta’s innovative legal framework, which regulates virtual currencies (defined as "virtual financial assets" or VFAs), distributed ledger technologies (DLTs) including blockchains, initial coin offerings (ICOs, referred to under the framework as "initial VFA offerings" or IVFAOs), VFA-related service providers, innovative technology arrangements (ITAs), such as smart contracts, and innovative technology service providers (ITSPs), remains one of the prominent legal models for those seeking the ideal jurisdiction from which to launch their project.

Amendments to the Virtual Financial Assets Act

In a bid to streamline the rules surrounding VFAs, the Malta Financial Services Authority (MFSA) enacted a set of amendments to the Virtual Financial Assets Act (Cap 590 of the Laws of Malta) (VFAA). The main changes related to an amendment of the definition of the term “VFA Exchange”, which was intended to further clarify the interplay between VFAs and fiat currencies and to ensure that the scope of the VFAA captures the exchange of one VFA for another, or a VFA for a fiat currency, or vice versa. In this way, the definition adopted by the regulator would also be better aligned with international definitions.

The amendments also saw the addition of a new VFA Service, the transfer of VFAs, in order to explicitly capture such a service within the scope of the VFA framework.

Fintech Regulatory Sandbox

The MFSA had also previously launched the Fintech Regulatory Sandbox, allowing fintech operators to test their innovations within a regulatory environment for a specified period of time and under certain prescribed conditions. The sandbox is open to fintech service providers and fintech suppliers, accepting start-ups, technology firms and established financial services providers that approve of technologically-enabled innovation in their business models, applications or products.

Regulation on Markets in Crypto-assets (MiCA)

As the EU has presented a draft EU Regulation on Markets in Crypto-assets (MiCA) as part of the Digital Finance package, this is expected to have a significant impact on Malta’s homegrown DLT framework. 

The MFSA has announced that it will continue to monitor MiCA developments to ensure that Malta’s VFA framework can evolve in a “seamless manner into the new Regulation once this comes into force”. This is expected to lead to a legislative amendment of the local VFA framework, which is intended to align the VFAA and related legislation with MiCA.

The current prominent business models in the DLT sphere in Malta are virtual currency-related service providers, which are generally referred to as VFA service providers or financial service providers, dealing in virtual currencies qualifying as financial instruments, IVFAOs, security token offerings (STOs) and investment funds set up to invest in DLT assets recognised as VFAs.

The introduction of the DLT framework, specifically the VFAA, brought in a legislative framework applicable to a specific class of virtual currencies qualifying as VFAs. This legislation has addressed a lacuna under Maltese law, one that to date largely remains unregulated on a European level.

Compliance with the MFSA

Deciding whether a cryptocurrency can be considered a VFA is dependent on the result of the Financial Instrument Test devised by the MFSA. The Financial Instrument Test can determine whether any DLT asset qualifies as a virtual token, a financial instrument, electronic money or a VFA. Following the result of the test, the DLT asset is then subject to the relevant rules, depending on its legal classification. 

The MFSA is the local regulator responsible for applications under the VFAA as well as under the traditional financial services regime where this relates to virtual currencies qualifying as financial instruments. 

VFA service providers

Where a person is providing VFA services in or from Malta as defined under the Maltese regime, that person needs to be licensed by the MFSA prior to conducting such activities and must also comply with the relevant rules and regulations. 

Offering or trading of VFAs

Similarly, where a Maltese issuer under the same regime intends to offer a VFA to the public or admit it to trading on a DLT exchange, the issuer must register the white paper with the MFSA and comply with the relevant rules and regulations. 

Services relating to virtual currencies that qualify as financial instruments

On the other hand, where a service provider is providing services in relation to virtual currencies that qualify as financial instruments, the service provider must obtain a licence under the traditional investment services regime that transposed Directive 2014/65 on Markets in Financial Instruments (commonly known as MiFID II) into Maltese law. 

CIS investment in virtual currencies

Collective investment schemes (CIS) licensed in Malta can also be licensed to invest in virtual currencies through specific rules issued in this regard. The MFSA has in this respect issued specific rules on professional investor funds set up to invest in DLT assets recognised as VFAs. 

Offering a virtual currency as a financial instrument to the public

If a local issuer wishes to offer a virtual currency qualifying as a financial instrument to the public, the process is very much akin to that of an IPO and the prospectus must thus be prepared and filed with the relevant authority in line with the prospectus regulation. 

Issuance of a financial instrument not qualifying as an offer to the public

Where the issuance of that financial instrument does not qualify as an offer to the public then this issue is deemed to be exempt from the requirement to issue a prospectus. The MFSA is currently amending its existing security offering regulatory framework to cater more specifically for STOs.

No disclosure requirements exist under Maltese law regarding compensation models that industry participants use to charge customers.

The VFAA has provided new and legacy players with specific requirements and limitations when conducting business in this sector. However, no distinction is made according to whether a player in this sphere is a new entrant or a legacy player. The Malta Gaming Authority (MGA) has also contributed in this area.

The MGA's Sandbox Regulatory Framework

The MGA launched a sandbox framework for the acceptance of cryptocurrencies and the use of DLT by its licensees in 2019. The first phase of the framework established the possibility of authorised persons being allowed to accept VFAs as a means of payment. During the second phase, the MGA started accepting applications for the use of Innovative Technology Arrangements (ITAs), including DLT platforms and smart contracts.

It is to be noted that gaming operators rendering a licensable VFA activity within the parameters of the VFA sandbox must acquire a licence from the MFSA before being able to render such services. In cases where the gaming operator does not acquire an MFSA licence and instead outsources the VFA-related services, the third-party service provider must be in possession of a VFA licence from the MFSA. 

Participants must submit a legal opinion drafted by a VFA agent and they must have control verifications in place for the purpose of verifying ownership of a player’s wallet, and that effectively, the used wallet does belong to the registered player.

In March 2021, the MGA published an update to the sandbox guidelines by primarily extending the framework up to 31 December 2022. The updated guidelines also introduced changes to the criteria to be assessed by operators when accepting VFAs, as well as a clarification relating to additional safeguards that may be imposed by the MGA in order to grant approval to participate in the sandbox framework.

While the MGA remains distinct from the MFSA and the Malta Digital Innovation Authority (MDIA), through the launch of the Sandbox Regulatory Framework, it has delved, in a limited way, into the field of DLT assets by offering an environment for its licensees to accept and use DLT assets.

The Fintech Regulatory Sandbox

On the other hand, the MFSA launched its own Fintech Regulatory Sandbox in July 2020 allowing fintech operators to test their innovations within a regulatory environment for a specified period of time and under certain prescribed conditions. The sandbox is open to fintech service providers and fintech suppliers, accepting start-ups, technology firms and established financial services providers that approve of technologically enabled innovation in their business models, applications or products.

The regulatory sandbox is intended to target technologically enabled financial innovation that could result in new business models, applications, processes or products with an associated material effect on financial markets and the provision of financial services.

Since its launch, the sandbox has seen increased interest with numerous proposals received with diverse innovative technologies for financial services, covering a range of investment service products, market infrastructures and regtech solutions.

The ITA Sandbox

In May 2021 the MDIA launched the Technology Assurance Sandbox (MDIA-TAS) to complement the MDIA’s innovative technology arrangement (ITA) full certification framework. Its aim is to be a key utility for start-ups and smaller companies developing solutions based on innovative technologies, by providing a safe environment to develop their technological solution. The MDIA-TAS aims to ensure that regulatory certainty can be given to ITAs developed by small entities and that a balance is reached between maintaining full certification and the adopted high-barrier entry approach, while addressing financial and technical barriers for smaller entities.

The sandbox framework is intended to guide applicants in the proper development of their solution within the lines of recognised international guidelines and standards, and other regulatory and legal obligations. Applicants are guided for a maximum period of two years, with the end result of being in a position to obtain full MDIA certification.

To participate in the MDIA-TAS, applicants must prove to the authority that their ITA has a reasonable element of substance relevant to Malta, either by proving that the development of the ITA will be carried out in Malta or that its operations will be carried out in or from Malta.

The MFSA and VFAA

The MFSA is the primary regulator for entities engaging in VFA-related services and its jurisdiction over industry participants is highly dependent on the nature of the services being offered. With respect to ICOs or IVFAOs, no issuer will offer a VFA to the public in or from within Malta, or apply for a VFA’s admission to trading on a DLT exchange, unless the issuer draws up and registers a white paper in accordance with the VFAA. The MFSA’s jurisdiction in this regard therefore ends once the white paper is registered. However, the role of the VFA agent, who is ultimately answerable to the MFSA, remains in force until the issuer has met all the milestones listed in the white paper. 

Furthermore, no entity will provide, or hold itself out as providing, a VFA service in or from within Malta unless such person is in possession of a valid licence. The entity will then be subject to supervision and oversight from such authority until such licence is surrendered.

The FIAU

VFA-related services are deemed to be “relevant activity” in terms of Malta’s anti-money laundering and combating the funding of terrorism (AML/CFT) legislative and regulatory framework. This factor therefore brings VFA service providers into the purview of the Financial Intelligence Analysis Unit (FIAU), which is the government agency tasked with the collection, collation, processing, analysis and dissemination of information with a view to combating money laundering and the funding of terrorism. The FIAU is also responsible for monitoring compliance with the relevant legislative provisions. Thus, the FIAU’s remit is restricted to compliance with the AML/CFT legislative and regulatory framework.

The MDIA

The MDIA, on the other hand, has a mandate to regulate innovative technology arrangements such as smart contracts and ITSPs. The role of the MDIA can be distinguished from that of the MFSA, with the latter remaining the primary authority issuing licences and authorisations for service providers and public offerings of DLT assets. However, where a Maltese issuer wishes to offer a VFA to the public and is required to register the white paper with the MFSA, the innovative technology arrangement must be audited by a qualified systems auditor that is authorised and supervised by the MDIA.

The MGA

As previously mentioned (see 2.5 Regulatory Sandbox), the MGA also offers a platform for its existing licensed entities to use DLT assets in their operations.

The MFSA Rules

The rules issued by the MFSA for VFA service providers require them to ensure that when relying on a third party for the performance of any operational function, they must take reasonable steps to avoid undue additional operational risk through the provision of a continuous and satisfactory service to clients and the performance of VFA services on a continuous and satisfactory basis.

Obligations of the Licence Holder

The outsourcing of important operational functions may not materially impair the quality of the provider’s internal control and the ability of the supervisory body to monitor the licensee’s compliance with all its obligations. Indeed, the licence holder remains fully responsible for discharging all its obligations and properly managing the risks associated with outsourcing. The outsourcing arrangements may not result in the delegation of the licensee’s senior management responsibility. 

The licence holder must thus carry out an ongoing assessment of the operational risks and the concentration risk associated with all its outsourcing arrangements and it must inform the MFSA of any material developments.

The outsourcing arrangement must be based on a formal, clear, written contract that establishes the respective rights and obligations of the licence holder and the service provider.

However, a licence holder may not outsource management functions such as the setting of strategies and policies in respect of its risk profile and control, the oversight of the operation of its processes and the final responsibility towards customers. Outsourcing services and activities concerning licensable activities are also subject to satisfying certain specific criteria.

Licence holders must inform the MFSA of any material outsourcing arrangements and keep the authority updated with any material developments affecting these activities. In turn, the MFSA may impose specific conditions on the licensee.

Powers of the Minister and the MFSA

The VFAA, its regulations and rule books confer the minister responsible for the regulation of financial services and the MFSA with powers to protect investors’ interests, while also overseeing the orderly transaction of business, primarily that of IVFAOs and VFA service providers.

Licensees under the VFAA are deemed to be subject persons for AML purposes in terms of the AML/CFT rules. To that end, licensees are required to conduct AML/CFT checks on all users on their platforms and all persons making use of their services. This has also been extended to those entities doing an ICO or IVFAO in terms of the VFAA.

No significant enforcement actions have taken place over the last year.

Powers of the MFSA

However, the VFAA stipulates that the MFSA has the power to unilaterally impose decisions on any issuer of an IVFAO and on any VFA agent or VFA service provider. The authority is empowered to:

• request information from any person;
• order the review of the determination of a DLT asset and submit this determination to a test;
• appoint inspectors to investigate and report on the activities of an issuer, VFA agent or VFA service provider;
• order an issuer or service provider to cease operations or appoint a person to advise them, take charge of their assets, or even control their business;
• order the suspension or the discontinuation of the trading of a VFA; and
• impose administrative penalties.

Liability of VFA Issuers

Issuers of VFAs are liable for damages sustained by a person as a direct consequence of such person having bought VFAs, either as part of an IVFAO by the issuer or on a DLT exchange, on the basis of any false information contained in a white paper, on a website or in an advertisement. A statement included in a white paper, on a website or in an advertisement is deemed to be untrue if it is misleading or otherwise inaccurate or inconsistent, either wilfully or as a consequence of gross negligence, in the form and context in which it is included.

Penalty

Furthermore, whenever a VFA licence holder breaches or contravenes the VFAA regulations or rules, including through a failure to co-operate in an investigation, the MFSA may impose an administrative penalty of up to EUR150,000 by notice in writing and without recourse to a court hearing.

Appeal

Any such actions made by the MFSA are subject to appeal in front of the Financial Services Tribunal.

Cybersecurity Rules

Specific cybersecurity rules have been issued under the VFAA for issuers and VFA service providers. The rules stipulate that issuers are required to adopt a cybersecurity framework depending on the nature, scale and complexity of their business. The framework must include a business continuity plan, an access management policy, a list of information and data security roles and responsibilities, and a threats management plan, and must be firmly in line with international and European cybersecurity standards.

AML Directives and Rules

As stated in 2.8 Gatekeeper Liability, VFA-related activity must also comply with EU AML directives and with the local AML rules. It is important to note that owing to the limited nature of VFAs, issuers of VFAs making a private offer (ie, an offer of VFAs that is not deemed to be an offer to the public) are not deemed to be subject persons as they are not regarded as posing a large money-laundering or funding of terrorism risk.

GDPR

With respect to privacy law implications, Malta is subject to the General Data Protection Regulation (GDPR) and the general considerations under this regulation. Data protection considerations need to be taken into account by a systems auditor when auditing an ITA.

Advertising Restrictions

Furthermore, the VFAA imposes certain advertising restrictions when it comes to issuing a VFA or admitting it to trading on an exchange, which are primarily intended to protect retail investors, regardless of the type of media used. Advertisements must be clearly identifiable as such and the information contained therein may not be inaccurate or misleading. In the case of issuers of VFAs, the information must be consistent with the contents of the white paper. Issuers may in fact be held liable for civil damages sustained by a person as a direct consequence of that person having bought a VFA on the basis of untrue information advertised (the term "untrue" is deemed to refer to information that is misleading, or otherwise inaccurate or inconsistent).

VFA Agent

The VFAA has introduced the role of an intermediary, referred to as the VFA agent, who will act as a liaison between an applicant for a VFA services licence or a VFA issuer and the MFSA. The VFA agent must be a person who is authorised to carry on the profession of advocate, accountant or auditor; or a firm of such professionals or a corporate services provider; or a legal organisation that is wholly owned and controlled by such persons.

The VFA agent must confirm that the issuer or the VFA services licence applicant (including its officers and ultimate beneficial owners, or UBOs) is competent in that field, as well as fit and proper. Particularly in the case of IVFAOs, the VFA agent is also responsible for ensuring that the DLT asset qualifies as a VFA and that the white paper is compliant with the requirements of the act.

While a certain level of competence and experience in the field is required by the MFSA, particularly given the relative novelty of operating in the DLT sphere, no distinction is made in terms of whether a player is either a new entrant or a legacy player.

Systems auditors that are registered with the MDIA are required to abide by the relevant rules and guidelines issued by the MDIA.

When a DLT asset is classified as a virtual token (VT), its issuance and related services remain unregulated under Maltese law. VTs are limited in their nature and have no value outside the DLT platform on which they operate and are not exchangeable on third-party platforms. 

A VT may be offered through the same entity that offers VFAs or security tokens, given that the offering of virtual tokens is unregulated. Furthermore, VTs are not deemed to be a big AML risk, and offerors of VTs are thus not considered to be a “subject person” under AML/CFT rules.

On the basis of its experience as a corporate and financial centre, the Maltese regulator sought to implement AML rules throughout the fintech sector, even before the EU’s 5th AML Directive came into force.

While certain companies operating in the fintech sphere were already deemed to be subject persons under local legislation, on the coming into force of the VFAA the regulator also sought to extend the definition of “subject person” to capture VFAs and the operations of VFA service providers, VFA agents and issuers of VFAs. This was further supplemented by specific implementing procedures issued by the local AML authority, the FIAU, which set out specific additional AML rules to regulate such entities.

This was not only intended to provide a proper AML framework for issuing or offering services in relation to virtual currencies but was also intended to ensure that Maltese AML laws remain abreast of ever-evolving technologies and the ways in which such technologies could be used for money laundering and the funding of terrorism.

This has also meant that operators seeking to operate in or from Malta are required to adhere to such rules, backed by the experience gained by the local regulator over the past years. Although fintech start-ups need to consider the costs they have to bear to be compliant with Maltese and EU AML laws, the rules are ultimately intended to safeguard the subject persons themselves from being used as a vehicle for money-laundering and the financing of terrorism.

Unregulated entities are not typically captured by such AML rules but are nevertheless encouraged to keep abreast with changes to such rules.        

At present, the MFSA has yet to issue tailor-made rules regulating robo-advisers. However, the European Securities and Markets Authority (ESMA) has issued guidelines on certain aspects of the MiFID II suitability requirements, which define the concept of robo-advice and provide further clarity on the information to be provided to clients when making use of robo-advice. It appears that the provision of robo-advice may be deemed a licensable activity, like the provision of traditional investment advice under the Investment Services Act, Cap 370 of the Laws of Malta (ISA). 

Furthermore, in October 2021, the European Commission requested advice from ESMA to prepare a legislative proposal in relation to several focused areas, including robo-advisers.

Companies exploring the use of robo-advisory may also benefit from the MFSA’s Fintech Regulatory Sandbox (see 2.5 Regulatory Sandbox).

No information is available in this jurisdiction on legacy players' implementation of solutions introduced by robo-advisers.

No information is available in this jurisdiction on best execution of customer trades.

Online lending remains uncommon in Malta, with more traditional forms of lending being used. The Maltese lending market continues to be dominated by retail banks, which adopt a risk-averse approach to transactions. 

The regulation of lending occurs without distinction as to the recipient of the loan.

The act of regular or habitual lending is a regulated activity and requires a licence from the MFSA under the Financial Institutions Act (Cap 376 of the Laws of Malta) or FIA. However, if the activity includes financing from consumer deposit-taking, a licence under the Banking Act (Cap 371 of the Laws of Malta) or BA, would be required. 

Additionally, it should be noted that underwriting processes for online lenders are not dictated by law.

Peer-to-peer (P2P) online lending is not specifically regulated under Maltese law and to date, there are no tailor-made regulatory requirements for P2P lending platforms. However, P2P lending platforms should still consider whether their specific activities trigger licensing requirements under the generic financial services framework, particularly the FIA, and in this respect, among others, it should be noted that a money-broking activity would be deemed to be a licensable activity.

P2P platform users who act as lenders within the platform may be deemed to be carrying out a regulated activity if they engage in lending on a regular or habitual basis.

Due to the limited adaptability of online lending in Malta, syndication of such loans is very rare.

Payment processors are licensable in Malta under the FIA. Following recent changes to the VFAA, the transfer of VFAs was also captured as a VFA service. This covers the service of conducting a transaction on behalf of a third party that moves a virtual financial asset from one virtual financial asset address or account to another.

There is no prohibition against payment processors creating or implementing new payments rails, or payments infrastructure generally; nevertheless, in practice, this is not common.

There is no information available in this jurisdiction.

Fund administrators do not require a licence under Maltese law but any person wishing to provide fund administration services to a collective investment scheme in or from within Malta needs to obtain a certificate of recognition from the MFSA. This applies regardless of whether the fund administrator is appointed by the fund itself or by the fund manager.

Certified fund administrators are required to carry out any business relating to a collective investment scheme through a written agreement setting out the basis on which such services are to be provided. 

This agreement with the scheme or its manager should include the following:

• whether the administrator is appointed by the scheme or its manager;
• the nature of the services to be provided by the administrator;
• information on the charges to be paid by the customer;
• the fact that the administrator is recognised by the MFSA; and
• arrangements to bring the agreement to an end.

Furthermore, the administrator is required to determine the net asset value of the scheme in accordance with the constitutional documents or prospectus of the scheme. The requirements imposed on recognised fund administrators are intended to provide clarity and assurance on the administrator’s operations.

Traditional Financial Services

Under the traditional financial services regime in Malta, the major trading platforms for assets are regulated markets (in Malta the sole regulated market to date is the Malta Stock Exchange or MSE), multilateral trading facilities (MTFs) and organised trading facilities (OTFs). In Malta, the Prospects Market is an example of an MTF providing a market for SMEs to raise capital by issuing equity or bonds. These types of exchanges are primarily regulated under the Financial Markets Act and relevant EU regulations. Issuers on such platforms are required to abide by the relevant rules, eg, issuers on the MSE are required to abide by the Listing Rules, whereas those listing on the Prospects Market are required to abide by the Prospects MTF Rules.

Virtual Currencies

The introduction of virtual currencies has, however, led to the rise of new trading platforms, such as VFA exchanges and security token exchanges, and this has also brought to light the rise of peer-to-peer exchanges. 

In the virtual currency sphere, trading platforms depend on the legal classification of a DLT asset. If a DLT asset is deemed to be a virtual token, it cannot be exchanged on a third-party trading platform as its non-tradability is one of the essential features of this type of DLT asset. Where a DLT asset qualifies as a VFA, the VFA regime has created the concept of a VFA exchange, which refers to an exchange where DLT assets qualifying as VFAs can be admitted for trading.

On the other hand, if the DLT asset qualifies as a financial instrument, such as a security token, then this may not be traded on a VFA exchange and instead requires to be traded on a trading platform, such as an MTF.

Prior to admitting a VFA to listing, a VFA exchange is required to carry out appropriate research to assess its quality. The following factors are taken into consideration:

• the technological experience, track record and reputation of the issuer and its development team;
• the issuer’s AML/CFT and cybersecurity systems and controls;
• the availability of a reliable multi-signature hardware wallet solution for the asset;
• the determination of the VFA in accordance with the Financial Instrument Test and the endorsement thereof;
• the protocol and the underlying infrastructure, including whether it is –
1. a separate blockchain with a new architecture system and network, or if it leverages an existing blockchain for synergies and network effects;
2. scalable, new and/or innovative; or
3. the VFA has an innovative use or application;
• the relevant consensus protocol;
• the systems auditor’s report on the issuer’s innovative technology arrangement, including any reservations that may have been expressed;
• developments in markets in which the issuer operates;
• the geographic distribution of the VFA and the relevant trading pairs, if any;
• the completeness and reliability of information included on the project website and/or in the white paper, including whether an ethical or professional code of conduct exists;
• whether the VFA has any inbuilt anonymisation functions;
• whether the VFA has used or was used with any smurfing technology or mixers, or has been traded, or is traded on any dark-net marketplace(s);
• whether the VFA is or has been traded on any sidechains;
• whether the VFA has an inbuilt mechanism that caters for settlement failure, such as a resolution mechanism;
• whether the VFA is traded on any other DLT exchanges; and
• whether the VFA has social media information, including an official website, Telegram and/or Twitter account and Facebook page.

Furthermore, the exchange may not admit a VFA to trading if it has an inbuilt anonymisation function, unless the holder of the VFA can be identified.

The VFAA produced the Financial Instrument Test which helps assess whether a DLT asset qualifies as a virtual token, a financial instrument, electronic money or a VFA.

Where a DLT asset qualifies as a virtual token, its offering is unregulated under Maltese law. The issuing of VFAs and offering of services in relation to VFAs are regulated under the VFAA. 

On the other hand, the issuing and offering of services in relation to financial instruments and electronic money are primarily regulated under MiFID II and the Electronic Money Directive, both as transposed under Maltese law. 

The passing of the VFAA and the establishment of supplementary regulations, rules and guidelines have promoted Malta as one of the first countries to have regulated cryptocurrency exchanges and other cryptocurrency-related services. 

The VFAA regulates VFA exchanges, ie, exchanges that list and trade DLT assets that are classified as VFAs in terms of the Financial Instrument Test. See 7.1 Permissible Trading Platforms for additional information on the regulation of VFA exchanges.

Issuers of VFAs listing on VFA exchanges are required to abide by the listing rules adopted by each respective VFA exchange. 

Issuers of traditional financial instruments (eg, equity securities or debt securities) listing on the local MSE are required to abide by the Listing Rules, whereas those listing on Prospects MTF are required to abide by the Prospects MTF Rules.

When VFA licence holders handle client orders, they are required to implement procedures and arrangements that seek to provide an expeditious execution of such orders. There are also obligations imposed on licence holders not to misuse information relating to pending client orders, and to take all reasonable steps to prevent the misuse of such information. Furthermore, licence holders may not carry out client orders for their own account in aggregation with another client order, unless certain conditions are met.

The increase in cryptocurrency exchanges has highlighted the advantages of peer-to-peer trading platforms. While this has not impacted the regulation of traditional trading platforms, the regulator has sought to cater for such platforms through the enactment of the VFAA.

When executing orders, VFA licence holders are required to take all the necessary steps to obtain the best possible result for their clients, taking into account the best execution factors of price, costs, speed, likelihood of execution and settlement, size, nature or any other consideration relevant to the execution of the order. Licence holders must also check the fairness of the proposed price by collecting market data used in the estimation of the price of such VFA and also, by comparing it with similar VFAs.

Experienced Investors

In cases of specific instructions from clients, the licence holder is required to execute the order following such instructions. A licence holder is deemed to have satisfied its obligations in terms of the rules to the extent that it executes an order, or a specific aspect of an order, following specific instructions from a client relating to the order or a specific aspect of the order.

Non-experienced Investors

With respect to non-experienced VFA investors, a clear and prominent warning must be provided by licence holders, stating that any instructions from such clients may prevent the steps specified in the execution policy to obtain the best possible result for the execution of those orders in respect of the elements covered by those instructions. When considering the execution of orders for non-experienced investors, licence holders must also consider other factors in order to determine the best possible result, such as the total consideration and the costs relating to execution.

There is no information available in this jurisdiction.

Marketplaces, exchanges and trading platforms are required to abide by the principles of the Market Abuse Regulation which aims to prevent and detect market abuse, market manipulation and insider dealing.

These principles have also been enshrined in Malta’s VFA framework and VFA service providers are required to have systems and procedures in place to identify and curb market abuse. 

Furthermore, issuers on the MSE are required to abide by the Listing Rules, whereas those listing on Prospects MTF are required to abide by the Prospects MTF Rules. Both of these sets of rules include specific provisions on inside information and fair disclosure of information to the market. 

Algorithmic trading and high-frequency trading are regulated in Malta under MiFID II. Any person licensed under the ISA whose head office is in Malta and who is entitled to carry out an activity in an EU or EEA state other than Malta, in exercise of a European right, must have the following procedures in place:

• effective systems and risk controls suitable to the business it operates, to ensure that its trading systems are resilient and have sufficient capacity, are subject to appropriate trading thresholds and limits, and prevent the sending of erroneous orders or the malfunctioning of systems in a way that may create or contribute to a disorderly market;
• effective systems and risk controls to ensure the trading systems cannot be used for any purpose that is contrary to Market Abuse Regulation (EU) 596/2014 (MAR) or the rules of the trading venue to which it is connected; and
• effective business continuity arrangements to deal with any failure of its trading systems, to which end, it must ensure that its systems are fully tested and properly monitored and meet the requirements laid down in the relevant regulations.

Firms engaging in algorithmic trading in Malta or another EU or EEA state must notify their competent authority and the European regulatory authority of the trading venue at which the firm engages in algorithmic trading as a member or participant, where this is not established in Malta.

Firms that engage in algorithmic trading and high-frequency trading must also keep sufficient records and make these available to the MFSA.

It is also important to note that where a person is dealing on their own account and does not provide any other investment services, then that person is exempt from the need for an investment services licence. This exemption applies unless such person is a market maker or deals on their own account outside a regulated market or a multilateral trading facility on an organised, frequent and systematic basis by providing a system accessible to third parties in order to engage in dealings with them.

The rules refer to firms that engage in algorithmic trading and high-frequency algorithmic trading on a trading venue, which includes regulated markets, MTFs and OTFs.

Investment Firms that Engage in Algorithmic Trading to Pursue a Market-Making Strategy

A Maltese investment firm that engages in algorithmic trading to pursue a market-making strategy must take into account the liquidity, scale and nature of the specific market, and the characteristics of the instruments traded. 

The firm is considered to be pursuing a market-making strategy when, as a member or participant of one or more trading venues, its strategy, when dealing on its own account, involves posting firm, simultaneous two-way quotes of comparable size and at competitive prices relating to one or more financial instruments on a single trading venue or across different trading venues, with the result of providing liquidity on a regular and frequent basis to the overall market.

Investment Firms that Act as a General Clearing Member

A Maltese investment firm that acts as a general clearing member for other persons must have in place effective systems and controls to ensure clearing services are only applied to persons who are suitable and meet clear criteria, and that appropriate requirements are imposed on those persons to reduce risks to the investment firm itself and to the market. 

The firm must also ensure that there is a binding written agreement between the firm and the person regarding the essential rights and obligations arising from the provision of that service.

There is no information available in this jurisdiction.

There is no information available in this jurisdiction.

MiFID II was transposed into Maltese legislation via the ISA. Any firm falling within the scope of MiFID II is bound by requirements that are harmonised at EU level, such as, not inducing clients to trade by methods involving the bundling of research and the obligation of providing unbundled costs separately identifying and charging for execution, research and other advisory services. There is also an obligation for investment firms to make explicit payments for research and be able to show that research contributes to better investment decisions and is therefore not an inducement.

The following services are also regulated activities:

• offering an approved publication arrangement (the service of publishing trade reports on behalf of investment firms);
• offering an approved reporting mechanism (the service of reporting details of transactions to competent authorities); and
• offering a consolidated tape provider (the service of collecting trade reports for financial instruments from various markets and consolidating the same into a continuous electronic live data stream providing price and volume data per financial instrument).

In terms of MiFID II, investment research and financial analysis or other forms of recommendations are considered "ancillary services". It is worth noting that no authorisation may be granted solely for the provision of ancillary services. Naturally, if the financial research platform also provides transactions in investment products or financial instruments, then this would be deemed to amount to a regulated activity.

In this aspect, it is worth referring to the MAR and Market Abuse Directive (EU) 2014/57 (MAD), which have been transposed in Malta. When speculation and market rumours begin to spread, an issuer is obliged to assess whether a public disclosure of inside information is necessary. 

Further obligations in this regard also emanate from the Shareholder Rights Directive and the Transparency Directive, which also stipulate further standards of disclosure.

Generally speaking, other than in the context of MiFID II, in Malta there are no ad hoc provisions specific to the regulation of software or technology used for the purposes of financial research, and it must be highlighted that except for some elements of the DLT framework, Maltese laws are technology neutral.

Curation of user postings may expose a platform to liability if certain conditions are met, leading the platform to be deemed a publisher of such content by extension. A duty to report suspicious or unlawful behaviour, such as market manipulation and pump-and-dump schemes, is in place in respect of any person who arranges or executes transactions.

In Malta, underwriting processes are carried out directly with the insurance company itself or through a broker, a tied insurance intermediary or an insurance agent. Such processes are subject to the relevant Maltese insurance legislation and MFSA rules, in line with EU legislation.

Long-term insurance, such as life insurance, is regulated in a different manner to other insurance classes. This is primarily due to insolvency issues and the higher degree of knowledge required by those engaging in this type of insurance business. However, there is no distinction in the treatment of the different insurance classes by industry participants.

The regulation of regtech providers is dependent on the nature of their activities. It must be noted that Maltese laws in this respect apply in a technology-neutral manner (bar some exceptions in relation to DLTs). It is therefore the activity of the regtech provider that triggers regulatory implications and not the specific technologies used. 

Furthermore, if a regtech provider utilises an ITA as defined by the Innovative Technology Arrangements and Services Act, Cap 592 of the Laws of Malta (ITASA), then the regtech provider may submit the ITA for recognition by the MDIA.

There is no information available in this jurisdiction.

While local banks have been cautious in their approach to implementing the use of DLT in their current systems, the Malta Business Registry (MBR), responsible for the registration of commercial partnerships and companies in Malta, is expected to roll out its online system operating on the blockchain.

The development of the new system is intended to overhaul the registry’s data scheme to allow for a more accurate and efficient representation of all companies and involved parties.

Malta’s DLT framework came into effect in 2018 and addresses VFAs, DLTs, IVFAOs, ITAs and ITSPs. 

In summary, the DLT regulatory framework consists of the following pieces of legislation (each substantiated by various rules, guidelines and subsidiary legislation):

• the Virtual Financial Assets Act, Cap 590 of the Laws of Malta (VFAA), which establishes regulations in relation to IVFAOs, VFAs and related service providers;
• the Malta Digital Innovation Authority Act, Cap 591 of the Laws of Malta, which set up the MDIA, the Maltese authority primarily responsible for promoting digital innovation; and
• the Innovative Technology Arrangements and Services Act, Cap 592 of the Laws of Malta (ITASA), which provides for certification by the MDIA of innovative technology arrangements and authorisations for innovative technology service providers.

As stated in 2.2 Regulatory Regime, the classification of an asset as a VFA is dependent on the result of the Financial Instrument Test devised by the MFSA. 

The Financial Instrument Test can determine whether a DLT asset qualifies as a virtual token, a financial instrument, electronic money or a VFA. Following the result of the test, the DLT asset is then subject to the relevant rules depending on its legal classification.

If the asset in question qualifies as a VFA, any person that conducts any of the following activities in or from within Malta in relation to VFAs requires a licence from the MFSA: 

• the reception and transmission of orders;
• the execution of orders on behalf of other persons;
• dealing on own account;
• portfolio management;
• custodian or nominee services (of VFAs including cryptographic keys);
• investment advice;
• placing of virtual financial assets;
• operation of a VFA exchange; and
• transfer of virtual financial assets.

If in terms of the Financial Instrument Test, a DLT asset is deemed to be a VFA, then the issue of the VFA as an offer to the public is regulated in terms of the VFAA. The issuer of the IVFAO is required to draw up and register the white paper with the MFSA prior to the launch of the IVFAO. 

On the other hand, if the Financial Instrument Test determines the DLT asset to be a financial instrument, then this is regulated in terms of traditional financial services legislation. The issue of a DLT financial instrument as an offer to the public is regulated in terms of the Prospectus Regulation and the prospectus must be approved by the MFSA prior to issue.

The VFAA defines a DLT exchange as any trading and/or exchange platform or facility on which any form of DLT asset may be transacted. A DLT asset is any virtual token, virtual financial asset, electronic money, or financial instrument that is intrinsically dependent on or utilises DLT. 

The term VFA exchange refers to a DLT exchange for VFAs, within which multiple third-party buying and selling interests for VFAs can interact in a manner that results in a contract, by exchanging one VFA for another or a VFA for fiat currency that is legal tender, or vice versa. Therefore, exchanges on which only financial instruments are traded are not licensable in terms of the VFAA but fall within the remit of the ISA.

The operation of a VFA exchange is one of the VFA services for which a person would need a licence granted by the MFSA as outlined in the VFAA.

Collective investment schemes (CIS) wishing to invest in VFAs do not require an additional licence for this purpose, although in such cases, there are some VFA-specific supplementary conditions that CIS are expected to comply with on an ongoing basis. 

At the time of writing, only professional investor funds (PIFs) are permitted to invest in VFAs. Nevertheless, it should be noted that the MFSA has been considering whether to permit alternative investment funds (AIFs) and notified alternative investment funds (NAIFs) to invest in VFAs by extending the supplementary conditions that apply to PIFs to cover AIFs and NAIFs.

See 2.2 Regulatory Regime.

Discussions have recently arisen on the concept of decentralised finance (DeFi), calling for public awareness of the possible major changes decentralised blockchain platforms, such as decentralised applications (dApps), can bring about. The subject warrants further insight into the risks and liabilities such platforms may carry, such as avoiding centralised control, which could be abused to the detriment of consumers.

However, much more research is required in order to reach a legal framework for such an innovation. It is worth mentioning that the Founders Bank Project is currently in the process of applying for a banking licence. If approved, this will be the first licensed decentralised bank in Malta owned by virtual currency investors.

Maltese law does not define or specifically refer to NFTs or the use of NFT platforms. The VFAA does, however, refer to DLT assets which may be determined to be either a virtual token, a financial instrument, electronic money or a VFA. This classification is determined after conducting the Financial Instrument Test (see 12.3 Classification of Blockchain Assets).

If a platform wishes to offer trading or services in relation to NFTs, it will need to be licensed in accordance with the type of DLT assets that will be offered through the platform. On the basis of the results of the Financial Instrument Test, where the NFTs being offered are deemed to be VFAs, the platform will need to be licensed as a VFA service provider by the MFSA. On the other hand, if the NFT is deemed to be a financial instrument, the platform will need to be licensed under traditional financial services legislation. However, where the NFTs being offered are deemed to be virtual tokens, the platform on which they are to be used does not need to be licensed.        

As an EU member state, Malta fully transposed the Payment Services Directive (EU) 2015/2366 (PSD2) into its legislation in August 2019. 

The implementation of PSD2 into Maltese law did not trigger any obligation for a bank or financial institution already licensed by the MFSA as a home state regulator to provide payment services to seek any re-authorisation of these activities in terms of the passporting rights exercised by the operator prior to the implementation of these amendments.

Nevertheless, despite banks taking the necessary steps to permit open banking by making their application programming interface (API) technologies available, the practical use of open banking in Malta remains limited.

The number of live and operative account information service providers (AISPs) or payment initiation service providers (PISPs) operating within Malta is small. 

Thus, the effects of PSD2 continue to remain unfelt in Malta, both from the perspective of banks coping with data privacy or data security concerns, or practical concerns on a more generic basis.