What is an Initial Virtual Finance Asset Offering (IVFAO)? The Maltese Laws

Updated on: April 24th, 2020
This content has been Fact-Checked.
Initial Virtual Finance Asset Offerings and Listing Process under Maltese laws


In light of the various rule books and regulatory updates issued by the Malta Financial Services Authority (hereinafter referred to as “MFSA”) in the recent past, we have prepared an overview of the initial and ongoing requirements applicable to an initial offering of a virtual financial asset (hereinafter referred to as “IVFAO”), in or from within Malta. Such requirements are based on the final version of Chapter 2 of the Virtual Financial Asset Rule Book, titled ‘Virtual Financial Assets Rules for Issuers of Virtual Financial Assets’, as the relevant provisions of the Virtual Financial Assets Act (hereinafter referred to as “the Act”).

What is an Initial Virtual Finance Asset Offering (IVFAO)? The Maltese Laws

General Requirements – Initial Virtual Finance Asset Offering

Chapter 2 of the Virtual Financial Asset Rulebook, applies to Issuers of Virtual Financial Assets (hereinafter referred to as “VFA/s”) who are seeking to provide VFA activity in or from within Malta. Issuers must be legal persons duly formed in Malta, and must adhere to general high-level principles when carrying out their function. This includes inter alia performing duties in an ethical manner, with great integrity, whilst considering the investors’ best interests at all time. The Act seeks to regulate IVFAOs where an issuer issues VFAs in or from within Malta.

Requirements for Issuers :A brief overview – Initial Virtual Finance Asset Offering

The Issuer, whose business must be managed in satisfaction of the dual control principle, must commence the offering of its VFAs to the public or admit its VFAs to trading on a DLT exchange within six (6) months from the date of registration of the whitepaper with the MFSA. Prior to performing the offering or admitting to a DLT exchange, the Financial Instrument Test must be carried out and signed by the Issuer’s Board of Administration and subsequently endorsed by the appointed VFA Agent.  

The Issuer is obliged to draw up an annual compliance certificate in relation to its business – the certificate shall be subsequently reviewed and submitted by the VFA Agent after it is signed off by all members of the Issuer’s Board of Administration. Once the compliance certificate is submitted, the Issuer must pay the applicable supervisory fees to the Authority.

Ongoing Requirements Applicable to IVFAO s and Trading VFAs on DLT Exchanges

VFAs may only be offered to the public in or from within Malta, and subsequently, apply for admission to trading on a DLT Exchange if the Issuer’s Whitepaper complies with the requirements of the Act and is registered with the MFSA Accordingly.

A simplified version of the process has been outlined hereunder for ease of reference:


Undertaking the Financial Instrument Test and determination of the token in question as a VFA, which determination is to be endorsed by the VFA Agent. This should always be the starting point as it is only in the event that that the token in question qualifies as a VFA that the subsequent steps should be undertaken.


Appointment of a registered VFA Agent, which appointment shall be maintained at all times.


The Issuer shall be effectively directed or managed by at least 2 individuals, in satisfaction of the dual control principle. The following principles must also be adhered to:

  • Responsible for ensuring that the Issuer complies with its obligations under the rules and any guidelines;
  • Collective and individual responsibility to acquire and maintain sufficient knowledge and understanding of the Issuer’s business to enable them to discharge their duties;
  • It is the duty of the Board of Administration to inform itself of its activities as a whole, have a proper understanding of its financial condition, and examine documents submitted for its attention;

If Board delegates any of its functions, such delegation shall not absolve the Board from the duty to supervise the discharge of such delegated functions.


The Issuer must be a legal person duly formed under any law for the time being in force in Malta. Accordingly, it will be necessary to incorporate a Maltese Company, typically a private limited company (ltd.) or public limited company (plc.), as the case may be. Furthermore, it is now also possible to use a Foundation, following amendments to the Civil Code.


An Issuer shall appoint, and have at all times appointed, the following Functionaries, who have sufficient knowledge and experience in the field of information technology, DLT assets and their underlying technologies and have a good understanding of the Issuer’s business:

  • Systems Auditor – reviewing and auditing the Issuer’s Innovative Technology Arrangement/s (ITA/s) including cybersecurity arrangements, and shall prepare an annual systems audit report on its ITAs in compliance with guidelines issued by the Malta Digital Innovation Authority (MDIA).
  • VFA Agent – receives confirmations from the Issuer that the Board of Administration has been established, that the investors have been provided with a roadmap establishing the milestones for the IVFAO and also be provided with financial information and profit forecasts.
  • Custodian – shall be considered the ITA if custody of VFAs is being performed through such, however in terms of custody for fiat currencies, this may only be carried out by a central bank, payment institution, money market fund, electronic money institution, bank in a third country or a credit institution.
  • Auditor – draws up a report confirming that AML/CFT/KYC systems are in place.
  • Money Laundering Reporting Officer – carried out by individuals who comprehend the extent of responsibilities attached to the role, must be competent, financially sound and of a good repute, as well as have the adequate knowledge, professional expertise and experiences in traditional financial services as well as the Prevention of Money Laundering Act.


Drawing up of the Whitepaper in accordance with the form and content as prescribed in the First Schedule of the VFAA and any rules issued by the MFSA. This includes requirements relating to the deployment of smart contracts.


  • An Issuer desirous of carrying out the above-mentioned activity/activities must, through its VFA Agent, submit the following to the MFSA:
  • White paper and supplementary documents signed by Board of Administration.
  • Copy of the Financial Instruments’ Test signed by Board of Administration and endorsed by a VFA Agent.
  • Confirmation from the Systems Auditor that the Issuer’s ITA complies with MDIA guidelines.
  • Annual audited Accounts for each of the last three (3) financial years, and/or if the Issuer is part of a Group – the consolidated accounts of the Group.
  • Certified copy of constitutional documents.
  • Registration Fee.


Whitepaper Registration Fees – €8,000

Whitepaper Annual Supervisory Fees – €2,000 (payable upon the submission of the certificate of compliance)


Appointing a Board of Administration

Such board – responsible for ensuring the Issuer complies with Authority’s Rules and obligations – must act honestly, exercise reasonable care when carrying out functions, avoid conflicts of interest, monitor compliance, identify risks and manage them, as well as be responsible for Issuer’s compliance with AML/CFT requirements, whilst being aware of the Issuer’s activities and financial condition.

Establishing a Cyber Security Framework

This shall include various policies, such as; response and recovery plan, business continuity, sensitive data management etc. The framework must comply with internationally recognized cybersecurity standards and shall be in line with GDPR provisions.  

Record Keeping Procedures  

The Issuer shall retain documents and keep available for the MFSA to monitor the Issuer’s compliance in line with the MFSA rules pertaining to VFAs. Such documents are to be retained for at least five (5) years unless MFSA requests that such are kept for seven (7) years. The medium wherein the documents shall be held must be accessible for future reference by the MFSA and in such a form and manner that the following conditions are met:

  • unfettered MFSA access including the ability to reconstitute each stage of the transaction process;
  • amendments and corrections to the contents of the documents must be easily ascertained;
  • documents cannot be manipulated

Robust I.T. Infrastructure

The Issuer shall ascertain that its I.T. infrastructure ensures:

  • the integrity and security of any data stored therein;
  • availability, traceability and accessibility of data;
  • privacy and confidentiality; and
  • is in line with the provisions of the GDPR.

Annual filings – Initial Virtual Finance Asset Offering

The Issuer must make the following annual submissions with the MFSA:

  • the Annual Compliance Statement submitted by VFA Agent on behalf of the Issuer;
  • the Audited Financial Statements; and
  • the Auditor Report.

The issuer shall pay the Annual Supervisory Fees to the MFSA upon submission of the Annual Compliance Statement. Such statement shall include a confirmation that the VFA Agent is satisfied that:

  • Local AML/CFT requirements have been satisfied, which confirmation should be obtained from the Issuer’s MLRO; and
  • Issuer’s technology arrangements comply with any qualitative standards set and guidelines issued by the MDIA applicable to the particular type of arrangement, which confirmation should be obtained from the Issuer’s Systems Auditor.

 Limitations, Enforcement, and Sanctions – Initial Virtual Finance Asset Offering

Cap on the maximum investable amount

An Issuer shall ensure that an investor (who is not considered as experienced) does not invest more than EUR 5,000 in its Initial VFA Offerings over a 12-month period. Please note that an experienced investor does not necessarily equate to a professional and/or accredited investor, but should possess knowledge of the industry and have previous experience with ICOs.

Sanctions when in breach

Where an Issuer/ VFA Agent breaches or infringes a Rule, the MFSA may by virtue of the authority granted to it under Article 48 of the Act impose administrative penalties, without recourse to a court of law, up to a maximum of EUR 150,000.

Jonathan Galea
Jonathan is regarded as a thought-leader in the industry. He’s also the CEO of BCA Solutions, a go-to crypto firm for all regulatory and governance-related matters. He is currently advising the Governments of Malta and Serbia, enabling companies such as exchanges and ICOs to set up in Malta through their VFA Agent license. He is a lawyer and a certified C developer. He also authored one of the world’s first legal theses on the subject, titled “The Effect of Bitcoin in Money Laundering Law”, in 2015. He is also the President and co-founder of Bitmalta, the first and the largest blockchain and DLT association in Malta. The one thing he loves about his job is going around the world and talking about how blockchain is the future and everyone needs to get on board. You can connect with Jonathan on Linkedin.

Like what you read? Give us one like or share it to your friends and get +16

newest oldest most voted

Extremely informative

Ameer Rosic

Great summary

Hungry for knowledge?
New guides and courses each week
Looking to invest?
Market data, analysis, and reports
Just curious?
A community of blockchain experts to help

Get started today

Already have an account? Sign In