As from the 1st of November 2018, the new framework regulating DLT technology was promulgated. This entailed the introduction of three Acts covering the fundamental aspects underpinning this ever-changing and innovative industry.
Several jurisdictions have been, to a greater or lesser extent, working towards embracing DLT and participants therein. Over the past two years, most of the business and regulatory focus has been on cryptocurrencies and crypto-assets issued on top of blockchains, as well as initial coin offerings (ICOs).
The Acts essentially covers three core aspects:
- the Malta Digital Innovation Authority (MDIA) Act (Chapter 591 of the Laws of Malta) covers the establishment of a regulatory authority, called the Malta Digital Innovation Authority (MDIA), dedicated towards the supervision and certification of DLT platforms and smart contracts, which are referred to as technology arrangements under the said Act;
- the Innovative Technology Arrangements and Services (ITAS) Act (Chapter 592 of the Laws of Malta) covers the setting-up of a registration & certification mechanism for any technology arrangements which voluntarily decide to register themselves as such, which technology arrangements shall be certified by approved Systems Auditors; and
- the Virtual Financials Assets (VFA) Act (Chapter 590 of the Laws of Malta) lays out a financial instruments test for all so-called DLT assets, ergo cryptocurrencies, and determine whether such DLT assets fall under existing Maltese and/or EU regulation. Should they be classified as financial instruments or e-money, they would fall within the scope of applicable EU legislation. A classification as a virtual token, ergo a pure utility token, meaning it would fall outside the scope of any applicable legislation. Lastly, the VFA Act has seen the birth of a new fourth category, that of virtual financial assets, which would be caught under the aforementioned VFA Act.
This three-pronged approach places Malta in a very favorable position when compared to its peers, mostly due to the creation of the MDIA, which is the first regulatory authority of its kind in the world. The MDIA serves as a seal of quality for any DLT-based platforms or applications, separating the wheat from the chaff. The voluntary nature of any applications by those constructing DLT-based platforms ensures that any development taking place in Malta is not stifled, and only those who wish to obtain regulatory approval would be invited to tender their applications and submit themselves to regulatory and technical scrutiny. System auditors need not be based in Malta and can operate through resident agents, meaning that the doors are open for anyone with a legitimate interest in aiding the regulatory framework covering DLT-based projects.
The new legislative framework under the VFA Act under supervision of the Malta Financial Services Authority (MFSA) gives further security to investors and platform developers & issuers alike vis-à-vis the ICO offering at hand and the listing of DLT assets on crypto-exchanges, now known as VFA exchanges under the VFA Act. Apart from exchanges, other service providers of VFAs, such as brokers and custodians, are also covered. The financial instruments test ensures that any cryptographic token issued during the ICO stage, or in relation to which a service is being offered, would either be within the confines of existing regulation or not. This is the cause of frustration for most entities seeking a jurisdiction within which to launch and run an ICO due to the regulatory uncertainty, which uncertainty leads to an unstable environment for business. The Maltese VFA framework sought to eliminate such uncertainty and provide the perfect legal ecosystem for both established companies as well as up and coming start-ups to thrive and prosper without stifling innovation.
Virtual Financial Assets Act (VFAA) – FAQ
What does the VFAA cover?
The VFAA covers the issuance of DLT assets through an ICO, token generation events, or other similar events which need not necessarily involve the collection of funds; the DLT assets need to qualify as virtual financial assets in order to fall within the remit of the VFAA. The VFAA also covers VFA services, namely the following:
- The reception and transmission of orders for buying/selling/subscribing to VFAs;
- Execution of orders on behalf of other persons;
- Dealing on own account i.e. against proprietary capital;
- Portfolio management of third parties;
- Custodian or nominee services;
- Investment advise in a professional capacity;
- Placing of VFAs to specified persons and that are not admitted to trading on a VFA exchange; and
- The operation of a VFA exchange.
What is the Financial Instruments Test?
The Financial Instruments Test (FIT) is a four-tiered categorization of DLT assets, which consists of the following:
- Financial Instruments – these include transferable securities, money market instruments, units in collective investment schemes, derivatives, etc. that are regulated by the Investment Services Act i.e. the Maltese legislative act that transposes the MiFID II European legislation
- Electronic Money – regulated by the E-Money Directive, e-money may broadly be defined as the digital representation of fiat money, with specific criteria that need to be met at all times.
- Virtual Tokens – these are DLT assets that are solely used for the acquisition of goods/services on the platform on which they are issued, are not traded on secondary markets, and are used within a limited network with no possibility of cross-chain swapping/transfers.
- Virtual Financial Assets – should a DLT asset not classify as a financial instrument, e-money, or a virtual token, it will automatically classify as a VFA.
Therefore, the VFA category is an umbrella one which captures those coins/tokens that, by exclusion, do not classify as a financial instrument or e-money, and therefore are not regulated under EU law.
How does one apply for a license under the VFAA?
One can apply for a license under the VFAA, for the abovementioned activities, through a VFA Agent. The VFA Agent has various responsibilities under the VFAA, and needs to be an advocate, account, auditor, or any other person holding the required authorizations, qualifications, and experience deemed by the MFSA to constitute adequate expertise.
What are the different license categories/classes for VFA Service Providers?
Which type of crypto-exchanges will be covered under the VFAA?
Both crypto-to-crypto and fiat-to-crypto exchanges will be covered under the VFAA.
However, if the exchange is handling fiat currency deposits directly, rather than through approved payment service providers, then it would require the necessary license under other applicable legislation, along with the license under the VFAA.
Can a VFA exchange trade financial instruments as well?
If an exchange wishes to trade both VFAs as well as financial instruments, such as security tokens, it would need to obtain a separate license, using a separate corporate entity, under the Investment Services Act.
Can I offer the ICO or VFA service only to Maltese residents?
No, you can offer the ICO or VFA service in any other jurisdiction where such an activity is not prohibited or regulated in a ring-fenced manner. This would mean that the offering of a VFA in an ICO, for example, can be made in any country where ICOs are not prohibited or already regulated. On the contrary, the offering of security tokens can only be made in each and every jurisdiction where the applicable license or concession is obtained since security tokens are already regulated in most jurisdictions.
What do I need to do to run an ICO?
You would need to do the following:
- Set up the required legal entity, such as a company, to conduct the ICO;
- Obtain a legal opinion from a Malta-warranted advocate, later on with such person being a licensed VFA Agent, stating that the token being offered is not a financial instrument;
- Draw up a whitepaper which is compliant with the First Schedule of the VFAA;
- Appoint a Systems Auditor, VFA Agent, Custodian, Financial Auditor, and Money Laundering Reporting Officer; and
- Conduct the ICO in line with the VFAA and relevant obligations.
The MDIA Act and the ITAS Act – FAQ
The reason why both the MDIA Act and the ITAS Act will be dealt with together is that both are reliant on one another; the MDIA Act covers the set-up and structure of the MDIA, while the ITAS Act covers the technical requirements and the set-up of system auditors.
Will the MDIA replace other regulatory authorities?
No – the MDIA will complement other authorities such as the MFSA, the Malta Gaming Authority, the Malta Communications Authority, and so on. It will provide its technical assistance in any matter as required by such other authorities.
Do I need to register with the MDIA whenever developing anything in relation to blockchain technology?
No – registration with the MDIA is completely voluntary. However, it is recommended to have one’s platform audited and certified by the MDIA as it will serve as an official regulatory stamp of approval. The only instance where certification from the MDIA may be mandated is if a separate regulatory authority, such as the MFSA or the MGA, require such certification.
How will the auditing process work?
The audit of the DLT platform or application, known as a technology arrangement under the said Acts, will be conducted by a third party system auditors approved by the MDIA. The system auditors can be located both within Malta as well as within any EU/EEA state. Blockchain Advisory shall be offering such a service.
What are the requirements to have a technology arrangement certified under the ITAS Act?
The requirements are various as listed under the First Schedule of the ITAS Act. The technology arrangement shall be considered as such if it meets one or more of the following criteria:
- software and architectures which are used in designing and delivering DLT which ordinarily, but not necessarily: (a) uses a distributed, decentralized, shared and, or replicated ledger; (b) may be public, private or hybrids thereof; (c) is permissioned, permissionless or hybrids thereof; (d) is immutable; (e) is protected with cryptography; and (f) is auditable;
- smart contracts and related applications, including decentralized autonomous organizations (DAOs), as well as other similar arrangements;
- any other innovative technology arrangement which may be designated by the Minister, on the recommendation of the Authority, by notice from time to time.
Moreover, the technology arrangement needs to appoint both an administrator and a technical administrator and the term of validity of such certification is for a period of 2 years.
Are any other service providers covered under the ITAS Act?
Apart from administrators and technical administrators, technology service providers are covered under the ITAS Act. Technology service providers are classified as such if they offer the following:
- the review services referred to in the ITAS Act with reference to innovative technology arrangements provided by system auditors;
- the technical administration services referred to in the ITAS Act with reference to innovative technology arrangements provided by technical administrators.