Blockchain - The Regulatory Framework

Blockchain The
new regulatory
framework
Thursday 26th July

Frank V. Farrugia
President
Malta Chamber of Commerce,
Enterprise and Industry

Silvio Schembri
Parliamentary Secretary
Financial Services, Digital
Economy and Innovation

Gerd Sapiano
Analyst
Securities & Markets Supervision
Unit, MFSA

THE REGULATORY
FRAMEWORK FOR VIRTUAL
FINANCIAL ASSETS
GERD SAPIANO
26 JULY 2018

THE MFSA’S REGULATORY APPROACH

VARYING APPROACHES IN DIFFERENT JURISDICTIONS
UNREGULATED
ENVIRONMENT
E.G. CHINA
BAN
E.G. ABU DHABI, AUSTRALIA, CANADA,
FRANCE, GERMANY, GIBRALTAR, HONG
KONG, JAPAN, LITHUANIA, MALTA,
RUSSIA, SINGAPORE, SOUTH KOREA,
SWITZERLAND, UK & USA
REGULATORY
FRAMEWORKS

…WHY REGULATE?
“TO DEVISE A POLICY FRAMEWORK THAT SUPPORTS THE INNOVATION AND NEW
TECHNOLOGIES FOR FINANCIAL SERVICES IN THE AREA OF VIRTUAL CURRENCIES WHILST
ENSURING EFFECTIVE INVESTOR PROTECTION, FINANCIAL MARKET INTEGRITY AND
FINANCIAL STABILITY.”
MFSA DISCUSSION PAPER ON INITIAL COIN OFFERINGS,
VIRTUAL CURRENCIES AND RELATED SERVICE PROVIDERS

…REGULATORY OBJECTIVES?
- ENSURING INVESTOR PROTECTION
- PROMOTING MARKET INTEGRITY
- SAFEGUARDING FINANCIAL STABILITY

INVESTOR PROTECTION
THE ABSENCE OF REGULATION MAY
CREATE A DEFICIENCY IN INVESTOR
PROTECTION, GIVEN THE
INFORMATION ASYMMETRY
BETWEEN PARTIES.
THE LACK OF A STRONG
REGULATORY FRAMEWORK BRINGS
ABOUT A GREATER RISK OF
FINANCIAL CRIME.

ENSURING INVESTOR PROTECTION
THE FRAMEWORK WHICH IS BEING PROPOSED AIMS TO ENSURE INVESTOR PROTECTION
INTER ALIA BY:
- SUBJECTING OPERATORS IN THE FIELD OF VIRTUAL CURRENCIES TO FITNESS AND
PROPERNESS ASSESSMENTS;
- PROVIDING REQUIREMENTS WHICH SAFEGUARD CLIENTS’ ASSETS;
- SETTING OUT MINIMUM TRANSPARENCY REQUIREMENTS.

MARKET INTEGRITY
A LACK OF REGULATION ALSO
CREATES THREATS TO MARKET
INTEGRITY AND POTENTIAL MARKET
ABUSE DUE TO POSSIBLE
DEFICIENCIES IN GOVERNANCE
STRUCTURES AS WELL AS RISK AND
COMPLIANCE POLICIES AND
PROCEDURES.

PROMOTING MARKET INTEGRITY
THE PROPOSED LEGAL FRAMEWORK WILL:
- CATER FOR INCREASED TRANSPARENCY REQUIREMENTS;
- REPLICATE THE HIGH LEVEL PRINCIPLES OF THE MARKET ABUSE REGULATION; AND
- IMPOSE REQUIREMENTS WHICH EXTEND BEYOND THE FIFTH ANTI-MONEY
LAUNDERING DIRECTIVE

FINANCIAL STABILITY
THE LACK OF REGULATION POTENTIALLY
LEADS MARKET PARTICIPANTS TO REDUCE
THEIR ECONOMIC CAPITAL WHILST
SHIFTING TOWARDS RISKIER BALANCE
SHEET PROFILES TO MAXIMISE
SHAREHOLDER VALUE

SAFEGUARDING FINANCIAL STABILITY
THE REGULATORY FRAMEWORK BEING PUT FORWARD BY THE MFSA, INTER ALIA: - -
- PROVIDES FOR A WATERTIGHT SEGREGATION OF VFA BUSINESS FROM TRADITIONAL
FINANCIAL SERVICES BUSINESS IN ORDER TO MITIGATE ANY RISK;
- ENSURES THAT OPERATORS FOLLOW PRUDENTIAL REQUIREMENTS WHICH ENSURE
THAT MARKET PARTICIPANTS DO NOT REDUCE THEIR ECONOMIC CAPITAL OR SHIFT
TOWARDS RISKIER BALANCE SHEET PROFILES IN ORDER TO MAXIMISE SHAREHOLDER
VALUE:
- ADEQUATE CAPITAL REQUIREMENTS
- ROBUST RISK MEASUREMENT, MONITORING AND MITIGATION INCLUDING AN INTERNAL CAPITAL
ADEQUACY ASSESSMENT PROCESS
- DEDICATED REPORTING AND DISCLOSURE REQUIREMENTS

THE MALTESE APPROACH – A TIMELINE
23
OCT
2017
CONSULTATION ON THE
PROPOSED REGULATION OF
COLLECTIVE INVESTMENT
SCHEMES INVESTING IN
VIRTUAL CURRENCIES
MFSA REF: 06-2017
EXPIRED: 17/11/2017
30
NOV
2017
DISCUSSION PAPER ON INITIAL COIN
OFFERINGS, VIRTUAL CURRENCIES
AND RELATED SERVICE PROVIDERS
MFSA REF: 08-2017
EXPIRED: 11/01/2018
(EXTENDED TO 18/01/2018)
22
JAN
2018
FEEDBACK STATEMENT ON THE
CONSULTATION ON THE
PROPOSED REGULATION OF
COLLECTIVE INVESTMENT
SCHEMES INVESTING IN
VIRTUAL CURRENCIES
BILL ADOPTED BY
PARLIAMENT - THE
“VIRTUAL
FINANCIAL ASSETS
ACT”
13
APR
2018
CONSULTATION PAPER
ON THE FINANCIAL
INSTRUMENT TEST
MFSA REF: 04-2018
EXPIRED: 04/05/2018
29
JAN
2018
SUPPLEMENTARY CONDITIONS
APPLICABLE TO COLLECTIVE
INVESTMENT SCHEMES
INVESTING IN VIRTUAL
CURRENCIES
04
JULY
2018
CONSULTATION PAPER ON
THE VFA RULES FOR VFA
AGENTS:
MFSA REF: 08-2018
CLOSES: 31/07/2018
CONSULTATION PAPER ON THE
REGULATIONS TO BE ISSUED
UNDER THE VFA ACT
MFSA REF: 07-2018
CLOSES: 20/07/2018
04
JULY
2018
12
JULY
2018
20
JULY
2018
PUBLLICATION OF
THE VIRTUAL
FINANCIAL ASSETS
ACT

THE VIRTUAL FINANCIAL ASSETS ACT

THE VIRTUAL FINANCIAL ASSETS ACT
AN ACT TO REGULATE THE FIELD OF INITIAL VIRTUAL FINANCIAL ASSET OFFERINGS
AND VIRTUAL FINANCIAL ASSETS AND TO MAKE PROVISION FOR MATTERS ANCILLARY
OR INCIDENTAL THERETO OR CONNECTED THEREWITH.
DATE OF PARLIAMENTARY APPROVAL – 4TH JULY 2018
DATE OF PUBLICATION – 20TH JULY 2018 - ACT XXX OF 2018
DATE OF COMING INTO FORCE – ON SUCH DATE AS THE MINISTER FOR DIGITAL
ECONOMY MAY BY NOTICE IN THE GAZETTE ESTABLISH

WHAT IS A VIRTUAL FINANCIAL ASSET?
"VIRTUAL FINANCIAL ASSET" OR "VFA" MEANS ANY FORM OF DIGITAL MEDIUM
RECORDATION THAT IS USED AS A DIGITAL MEDIUM OF EXCHANGE, UNIT OF ACCOUNT,
OR STORE OF VALUE AND THAT IS NOT -
(A) ELECTRONIC MONEY;
(B) A FINANCIAL INSTRUMENT; OR
(C) A VIRTUAL TOKEN;
VFA Act – Article 2(2)

WHAT DOES THE VFA ACT REGULATE?
- INITIAL VIRTUAL FINANCIAL ASSET OFFERINGS
- VFA SERVICE PROVIDERS
- VFA AGENTS

INITIAL VFA OFFERINGS
THE ACT SETS OUT THE HIGH-LEVEL PRINCIPLES APPLICABLE TO INITIAL PUBLIC OFFERINGS, THAT MUST
BE ADHERED TO BY AN ISSUER OF VFAS, WHICH WOULD, INTER ALIA, INCLUDE:
 MINIMUM TRANSPARENCY REQUIREMENTS;
 OBLIGATIONS OF THE RELEVANT PARTIES INVOLVED;
 INFORMATION WITHIN WHITEPAPER; AND
 ADDITIONAL TRANSPARENCY REQUIREMENTS APPLICABLE TO VFAS TRADING ON AN EXCHANGE.

VFA SERVICE PROVIDERS
A VFA SERVICE IS ANY SERVICE (FALLING WITHIN THE SECOND SCHEDULE OF THE ACT) WHEN
PROVIDED IN RELATION TO A VIRTUAL FINANCIAL ASSET.
THE ACT INTER ALIA SETS OUT THE LICENSING REQUIREMENTS, ONGOING OBLIGATIONS APPLICABLE TO
SUCH PERSONS, WHICH REFLECT THE HIGH-LEVEL PRINCIPLES ENSHRINED IN EXISTING EU FINANCIAL
SERVICES LEGISLATION.

VFA AGENTS
WHAT IS A VFA AGENT?
A PERSON REGISTERED WITH THE MFSA AND AUTHORISED TO CARRY ON THE PROFESSION OF:(A)
ADVOCATE, ACCOUNTANT OR AUDITOR; OR (B) A FIRM OF ADVOCATES, ACCOUNTANTS OR AUDITORS,
OR CORPORATE SERVICES PROVIDERS; OR (C) A LEGAL ORGANISATION WHICH IS WHOLLY OWNED
AND CONTROLLED BY PERSONS REFERRED TO IN PARAGRAPHS (A) OR (B),
WHETHER IN MALTA OR IN ANOTHER RECOGNISED JURISDICTION, OR ANY OTHERCLASS OF PERSONS
HOLDING AUTHORISATIONS, QUALIFICATIONS AND, OR EXPERIENCE DEEMED BY THE COMPETENT
AUTHORITY AS POSSESSING SUITABLE EXPERTISE TO EXERCISE THE FUNCTIONS LISTED UNDER ARTICLES 7
AND, OR 14
VFA ACT - ARTICLE 2(2)

THE ROLE OF THE VFA AGENT
THE VFA AGENT SHALL INTER ALIA:
- GENERALLY ADVISE AND GUIDE HIS CLIENT;
- PERFORM A FITNESS AND PROPERNESS ASSESSMENT PRIOR TO ONBOARDING A CLIENT;
- ACT AS A POINT OF LIAISON BETWEEN THE MFSA AND HIS CLIENT;
- COOPERATE WITH THE MFSA, WHERE REQUIRED;
- BE CONSIDERED A SUBJECT PERSON UNDER THE PMLFTR

FUNCTIONS AND POWERS OF THE AUTHORITY
PROVISION OF THE NECESSARY REGULATORY AND INVESTIGATORY POWERS LARGELY REFLECTING THOSE
UNDER OTHER NATIONAL FINANCIAL SERVICES LAWS, WHICH WOULD, INCLUDE THE POWER TO:
 ISSUE DIRECTIVES;
 ADOPT AND PUBLISH RULES;
 REQUIRE INFORMATION;
 INTRODUCE THE ‘FINANCIAL INSTRUMENT TEST’;
 SUSPEND EITHER AN IVFAO OR THE TRADING OF A VFA ON AN EXCHANGE;
 COOPERATE WITH OTHER NATIONAL, EUROPEAN AND INTERNATIONAL BODIES; AND
 IMPOSE ADMINISTRATIVE PENALTIES

TRANSITORY PROVISIONS
ISSUERS OF VFAS
ANY PERSON WHO, ON THE DATE OF THE COMING INTO FORCE OF THE ACT IS OFFERING A VFA
TO THE PUBLIC OR APPLYING FOR A VFA’S ADMISSION TO TRADING ON A DLT EXCHANGE, SHALL,
WITHIN THREE MONTHS FROM THE DATE OF COMING INTO FORCE OF THE ACT, DRAW UP A
WHITEPAPER AND REGISTER IT WITH THE MFSA.
THE TRANSITORY PROVISION APPLIES ONLY TO THOSE PERSONS WHO HAVE COMMENCED AN
OFFERING OR HAVE APPLIED FOR ADMISSION TO TRADING IN TERMS OF ARTICLE 3 OF THE ACT BY
NOT EARLIER THAN TWO WEEKS PRIOR TO THE COMING INTO FORCE OF THIS ACT;

VFA SERVICE PROVIDERS
ANY PERSON WHO, ON THE DATE OF THE COMING INTO FORCE OF THE ACT IS PROVIDING
A VFA SERVICE SHALL, WITHIN TWELVE MONTHS FROM THE DATE OF COMING INTO FORCE
OF THE ACT, APPLY TO THE MFSA FOR A LICENCE IN TERMS OF THE ACT.
VFA AGENTS
ANY PERSON WHO, ON THE DATE OF THE COMING INTO FORCE OF THE ACT IS PROVIDING
THE SERVICES OF A VFA AGENT, SHALL, WITHIN ONE MONTH FROM THE DATE OF COMING
INTO FORCE OF THE ACT, APPLY TO THE MFSA FOR REGISTRATION.

NOTIFICATION REQUIREMENT
A PERSON UNDER SUB-ARTICLE (1) MAY, SUBJECT TO A PRIOR NOTIFICATION TO THE COMPETENT
AUTHORITY OF THE ACTIVITY IT IS UNDERTAKING AND, OR SERVICE OR SERVICES IT IS PROVIDING,
IMMEDIATELY UPON THE COMING INTO FORCE OF THIS ACT, CONTINUE TO UNDERTAKE SUCH ACTIVITY OR
PROVIDE SUCH SERVICE OR SERVICES IN OR FROM WITHIN MALTA UNTIL THE WHITEPAPER HAS BEEN
REGISTERED WITH, OR THE APPLICATION HAS BEEN DETERMINED BY, THE COMPETENT AUTHORITY AND, IN
SO DOING, IS NOT TO BE REGARDED AS CARRYING ON SUCH ACTIVITY OR PROVIDING SUCH SERVICE IN
CONTRAVENTION OF THIS ACT.

FINANCIAL INSTRUMENT TEST…WHY?
‘FIRMS INVOLVED IN ICOS MUST GIVE CAREFUL CONSIDERATION AS TO WHETHER THEIR
ACTIVITIES CONSTITUTE REGULATED ACTIVITIES. IF THEIR ACTIVITIES CONSTITUTE A
REGULATED ACTIVITY, FIRMS HAVE TO COMPLY WITH THE RELEVANT LEGISLATION AND
ANY FAILURE TO COMPLY WITH THE APPLICABLE RULES WOULD CONSTITUTE A BREACH.’
EUROPEAN SECURITIES AND MARKETS AUTHORITY
(ESMA50-157-828)

FINANCIAL INSTRUMENT TEST… APPLICABILITY
1. MANDATORY REQUIREMENT UNDER THE VFAA
2. APPLICABLE TO:
 POTENTIAL ISSUERS OF INITIAL VIRTUAL FINANCIAL ASSET OFFERINGS
 VIRTUAL FINANCIAL ASSET LICENCE HOLDERS (INCLUDING EXCHANGES AND INVESTMENT
INTERMEDIARIES
 NON-LICENCED PERSONS PROVIDING A SERVICE OR PERFORMING AN ACTIVITY IN RELATION TO
A DLT ASSET, IN OR FROM WITHIN MALTA

FINANCIAL INSTRUMENT TEST… THREE STAGES
1. FIRSTSTAGE|VIRTUALTOKEN
2. SECONDSTAGE|FINANCIALINSTRUMENT
3. THIRDSTAGE |E-MONEY
IF NOT: DLT ASSET WOULD QUALIFY AS A
VIRTUAL FINANCIAL ASSET UNDER THE VFA ACT

THE VFA REGULATIONS
1. EXEMPTIONS
2. FEES
3. CONTROLOFASSETS
4. ADMINISTRATIVEPENALTIESANDAPPEALS

THE VIRTUAL FINANCIAL ASSETS RULEBOOK

THE VIRTUAL FINANCIAL ASSETS RULEBOOK
1. CHAPTER1|VIRTUALFINANCIALASSETSRULESFORVFAAGENTS
2. CHAPTER2|VIRTUALFINANCIALASSETSRULESFORISSUERSOFVIRTUALFINANCIALASSETS
3. CHAPTER3|VIRTUALFINANCIALASSETSRULESFORVFASERVICEPROVIDERS
THE RULES SHALL PROVIDE FOR THE RESPECTIVE AUTHORISATION PROCESSES,
ONGOING OBLIGATIONS, AND
ENFORCEMENT AND SANCTIONS IN THE CASE OF MISCONDUCT.

NEXT STEPS
- LEGISLATION – PUBLICATION OF FINAL REGULATIONS
- RULES – ISSUANCE OF CHAPTER 2 AND 3 CONSULTATION AND SUBSEQUENT
PUBLICATION OF THE FINAL RULEBOOK
- FINANCIAL INSTRUMENT TEST – REVIEW FOLLOWING TESTING PERIOD
- MFSA TO CONTINUE LIAISING WITH OTHER REGULATORY BODIES, BOTH ON A
NATIONAL AND INTERNATIONAL LEVEL
- FINALISATION OF APPLICATION PROCESSES

INDUSTRY FEEDBACK & SENTIMENT
NUMEROUS RESPONSES
TO THE CONSULTATION &
DISCUSSION PAPERS
OVERALL POSITIVE
FEEDBACK TO THE
MFSA APPROACH
200+ MEETINGS
WITH INTERESTED
PARTIES

CONTACT:
GERD SAPIANO GSAPIANO@MFSA.COM.MT
WEBSITE:
HTTP://WWW.MFSA.COM.MT/PAGES/VFA
THANK YOU

Silvan Mifsud
Senior Manager
Advisory Services, EMCS

Overview of theVirtual
Financial Assets Act
26th July, 2018

THE NEED FOR REGULATION
Harvard Business Review- 17th July 2018- “How Regulation could help Cryptocurrencies Grow”
“Without clear regulations, cryptocurrency innovation in the United States is being stifled. Entrepreneurs sit on
the sidelines for fear of innocently running afoul of the law. Investors, meanwhile, hang back because of
uncertainty regarding valuations. And the commonweal suffers, as other countries lure innovators away from
the United States by creating rules that make their jurisdictions more hospitable to this growing asset
class.
Given the regulatory uncertainty, the United States also risks allowing fraudulent purveyors of
cryptocurrencies to drive out the good. To be sure, federal and state enforcement officials have aggressively
sought to stamp out fraudulent initial coin offerings (ICOs) and cryptocurrency trading platforms. But without
clear and coherent guidelines to attract good actors to the U.S. market, fraudsters might push out the good
actors. At least one estimate pegs the frequency of ICO scams to be as high as 80%.
Although still nascent, cryptocurrencies worldwide are nevertheless on the rise, with money raised by issuers in
the first half of 2018 already exceeding the amounts raised in all of 2017. Yet the growth of this 21st-century
innovation is being hampered in the United States because our regulators are forced to use enforcement tools
created decades ago, well before the internet took off, and in some cases even before World War II. Additionally,
overlapping oversight by various agencies creates a structural barrier to change and drives up costs for creators
of cryptocurrencies. This improvised approach needs to be improved.”

OVERALL DLT REGULATORY FRAMEWORK
Licensing of a DLT asset
(excluding Virtual
tokens) and of a VFA
service provider under
the VFA Act is
mandatory, whilst
licensing under the
ITAS Act is optional.

PROGRESSTIMELINE
• October 2017 – MFSA launches consultation paper on Collective Investment
Schemes investing inVirtual Currencies
• January 2018 – MFSA issues rules for funds investing inVirtual Currencies
• February 2018 – Government issued consultation document on the overall
DLT legislation
• March 2018 – MFSA issues consultation on Financial Instrument test
• April 2018 – Bills are sent to parliament and Binance announce their
relocation to Malta. Okex and Neufund follow in May 2018
• July 2018 – The 3 Bills are fully approved by parliament on the 4th July and
the Acts are published on the 20th July
• July 2018 – MFSA launches Consultation documents on VFA regulations and
Rules forVFA Agents and Guidance Note on Financial Instrument test

• No Act is yet effective.VFA Act is likely
to be effective from 1st October 2017.
• MFSA has to issue Rules on Issuers and
VFA services providers (not just theVFA
agents)
• Issue of specific AML guidelines
• Finalise application documents forVFA
service providers
• Setup and approval ofVFA agentsNo…but getting there!

SO WHAT DOESTHEVFA ACT INCLUDE?
• Definitions of what is aVirtualToken, a Financial Instrument, Electronic
Money and aVirtual Financial Asset
• The Financial Instrument test
• The licensing and requirements and obligations of aVFA agent
• Licensing Process of an InitialVFA Offering (ICO) with list of what a
whitepaper needs to include in the First Schedule
• The licensing of the variousVFA service providers

DEFINITIONS
DLT asset
(a) a virtual token;
(b) a virtual financial asset;
(c) electronic money; or
(d) a financial instrument, intrinsically dependent on, or utilises, Distributed Ledger Technology.
VirtualToken
A form of digital medium recordation whose utility, value or application is restricted solely to the
acquisition of goods or services, either solely within the DLT platform on or in relation to which it was
issued or within a limited network of DLT platforms:
Provided that the term ''DLT platform'' referred to in this definition shall exclude DLT exchanges:
Provided further that a virtual token which is or may be converted into another DLT asset type shall be
treated as the DLT asset type into which it is or may be converted.

DEFINITIONS
Third Schedule of the Financial Institutions Act defines
"Electronic Money" means electronically, including magnetically, stored monetary value as
represented by a claim on the issuer which is issued on receipt of funds for the purpose of
making payment transactions….. and which is accepted by a natural or legal person other than
the financial institutions that issued the electronic money.
"Virtual Financial Asset" or "VFA" means any form of digital medium recordation that is used
as a digital medium of exchange, unit of account, or store of value and that is NOT:
(a) electronic money
(b) a financial instrument
(c) a virtual token

Financial InstrumentTest
Does the DLT asset qualify as aVirtual token as per
definition in theVFA Act?
Does the DLT asset qualify as aTransferable
Security under MiFID?
Does the DLT asset qualify as a Money Market
Instrument under MiFID?
Does the DLT asset qualify as a unit in a Collective
Investment Scheme?
Does the DLT asset qualify as a Financial Derivative
under MiFID?
Does the DLT asset qualify as an Emissions
Allowance under MiFID?
If yes
If yes
If yes
If yes
If yes
If yes
Determination
of FI
(MifID)
If No
If No
If No
If No
If No
Determination
ofVirtual
Financial Asset
(VFA Act)
Exempt
Does DLT asset
have features of
Instrument of
Payment?
If No
Determination of
Electronic Money
if it fulfills
Electronic Money
Checklist
(Financial
Institutions Act)
If yes
If No

EXAMPLE OF FINANCIAL INSTRUMENTTEST –VIRTUALTOKEN
i. EXCHANGEABILITY
Virtual Token should remain
exchangeable either solely within the
DLT platform on or in relation to which
it was issued or within only a limited
network of DLT platforms
ii. PURPOSE
VT should be a form of digital medium
recordation whose utility, value or
application is restricted solely to the
acquisition of goods or services.

EXAMPLE OF FINANCIAL INSTRUMENTTEST –TRANSFERABLE SECURITY
i. EXCHANGEABILITY
The first criterion to be assessed is the negotiability of a DLT asset on the
capital markets. Therefore, it has been established that such a feature is a
sine qua non for a DLT asset’s classification as a Transferable Security. In
this respect, the Test also considers whether the transferability of the DLT
asset is restricted solely to the issuer, given that only under such a scenario
would the DLT asset be considered as non-transferable. For the purposes of
this determination, the negotiability feature shall also apply to DLT assets
which have not yet been issued, should such assets be designed to be
negotiable on the capital market upon issuance.
II. RIGHTS
A DLT asset’s qualification as a Transferable Security is further subject to
the assessment of the rights attached to it in order to determine whether
these effectively render such DLT asset akin to a share in a company,
partnership or other entity, and depository receipt in respect of share/s, or
bond or other form of securitised debt or gives the right to acquire or sell
any such Transferable Securities or gives rise to a cash settlement
determined by reference to, inter alia,Transferable Securities.

VFA AGENT UNDERTHEVFA ACT
• Regulated by Article 7 (Issuing of ICO) andArticle 14 (Application of a service licence) of theVFA Act
• The main role of the VFA agents is twofold i.e. to act as a guide to the VFA issuer or VFA service
provider applicant, but also to act as a first filter for the regulator. Be also a point of liaison between
MFSA and client
• VFA agents have a pivotal role to play in the AML/KYC process being a subject person for PLMFTR
• "VFA agent" means a person registered with the competent authority under this Act and authorised to
carry on the profession of:
(a) advocate, accountant or auditor; or
(b) a firm of advocates, accountants or auditors, or corporate services providers; or
(c) a legal organisation which is wholly owned and controlled by persons referred to in
paragraphs (a) or (b),
whether in Malta or in another recognised jurisdiction, or any other class of persons holding
authorisations, qualifications and, or experience deemed by the competent authority as
possessing suitable expertise to exercise the functions listed under articles 7 and, or 14;
• Transitory provision “VFA agent within the meaning found under this Act, shall, within one month from
the date of coming into force of this Act, apply to the competent authority for registration in terms of
article 7”

PROPOSED RULES –VFA AGENT
• VFA agent shall propose 2 designate persons + Money Laundering reporting Officer
• VFA Agent required to have an initial and on-going capital of 50,000 EUR
• Obtain a Professional Indemnity Insurance (Optional)
• Insurance policy that covers loss of money or loss or damage to any other asset or property belonging
to the VFA Agent or which is in the care, custody or control of the VFA Agent or for which the VFA
Agent is responsible. (Mandatory)
Registration Process
• Preparatory Phase:
Notify Authority of its intention, in writing, of intention to offer VFA agent service. To include description
of proposed structure and whether registration is needed as VFA agent under article 7 or article 14 or
both. MFSA will then schedule a mandatory meeting with applicant and by not later than 60 days from
this meeting, the applicant is to submit an application document with all supporting documents, plus pay
the application fee when submitting this application.
• Pre-registration Phase:
After review of application by MFSA will issue an ‘in principle Registration’ valid for 3 months. During
these 3 months, the applicant needs to settle any outstanding issues raised during application process.

PROPOSED RULES –VFA AGENT
• TheVFA Agent shall be required to prepare and submit to the MFSA, on an annual
basis, a Compliance Certificate in relation to the Issuer. Provided that where there
have been any breaches of the Act, the Regulations or these Rules, theVFA Agent is
required to include a statement regarding such breaches in the Compliance
Certificate.The Compliance Certificate should further include a confirmation that:
(i) All the local AML/CFT requirements have been satisfied, which confirmation
should be obtained from the Issuer’s MLRO ; and
(ii) the Issuer’s Innovative Technology Arrangement complies with any
qualitative standards set and guidelines issued by the Malta Digital
Innovation Authority applicable to the particular type of arrangement
(irrespective of whether the said arrangement holds a certification or
a ruling of eligibility under the Innovative Technology Arrangements and
Services Act), which confirmation should be obtained from the Issuer’s
Systems Auditor .

VFA AGENT - IMPORTANT
• Fitness and Properness
• Substance in Malta
• Adequate Due Diligence Systems (higher level than for traditional finance) with a
robust KYC and cyber security systems and controls.
• Knowledge on different business models
• Liable forAdministrative penalties of up to 150,000 EUR for each infringement
• In case of a convicted criminal offence liable to 500,000 EUR fine and/or
imprisonment of up to six months
• Importance of record keeping, especially for annual certificate and backing of FI test,
which has to be confirmed byVFA agent (signed)
• VFA Agent as part of the AML/CFT obligations is to ensure that with regards the client
there is proper identification and verification; ongoing monitoring; know well the
source of funds/wealth (especially if this source is crypto currencies)

INITIAL VFA OFFERING (ICO)
It is mandatory to have any initial virtual financing offering (ICO) by a Maltese entity to be registered
under theVFA Act by:
- Drawing up a whitepaper and have it delivered to MFSA at least 10 working days before the
intended publication date. This whitepaper needs to include the very extensive list of items
included the First Schedule of the Act. (Very few I have seen for far comply with such a list)
- Appoint a VFA Agent which will guide the issuer on drawing up this whitepaper and be the only
point of contact between the issuer and the MFSA. Such VFA agent will also be responsible to do
all KYC and due diligence procedures on the issuer. VFA agent also needs to submit to MFSA on an
annual basis a certificate of compliance on behalf of the issuer.
- Transitory Provision: Undertaking an activity in terms of article 3 (i.e Initial VFA offering), within
three months from the date of coming into force of this Act, draw up a whitepaper and register it
with the competent authority in terms of the said article, provided that this paragraph shall be
applicable only to those persons who have commenced an offering or have applied for admission
to trading in terms of article 3 by not earlier than two weeks prior to the coming into force of this
Act
- Minimum transparency requirement and additional transparency requirement if trading on a VFA
exchange

LICENSING OF SERVICE PROVIDERS
TheVFA Act lists the following types of service providers:
- Reception andTransmission of Orders
- Execution of orders on behalf of other persons
- Dealing on own account (Trading against proprietary capital)
- Portfolio Management
- Custodian and Nominee Services (Wallet Providers)
- Investment Advice
- Placing ofVFAs
- Operation of aVFA Exchange
Transitory Provision: is providing aVFA service within the meaning found under
this Act shall, within twelve months from the date of coming into force of this
Act, apply to the competent authority for licence in terms of article 14.

SERVICE PROVIDERS – PROPOSED REGULATIONS UNDER THE VFA ACT
Exemptions from needing any service licence under included in the proposed regulation. Some interesting
exemptions include:
• Persons dealing on own account in terms of the Act and not providing any other VFA services or performing
any other activities in virtual financial assets unless such persons:
i. are market makers; or
ii. deal on own account when executing client orders;
For purposes of this exemption, dealing on own account shall mean the trading by a person in its own name
and transactions in one or more virtual financial assets.
This exemption shall not be automatically operative but their applicability shall be subject to the
determination in writing by the competent authority that the requested exemption applies.
• Persons which provide VFA services exclusively for their parent companies, for their subsidiaries or for other
subsidiaries of their parent undertakings. Any person who intends to apply this exemption shall notify the
authority thereof, prior to the application of such an exemption.
• Collective investment schemes licenced under the Investment Services Act or otherwise authorised by a
European regulatory authority, providing services in Malta in exercise of a European right.

SERVICE PROVIDERS – PROPOSED REGULATIONS UNDER THE VFA ACT
TheVFA Service licences listed under the regulation are:
VFAA Class 1 Licence holders authorised to receive and transmit
orders and, or provide investment advice in relation to
one or more virtual financial assets and, or the placing
of virtual financial assets.
VFAA Class 2 Licence holders authorised to provide any VFA service
and to hold or control clients’ money, but not to
operate aVFA exchange or deal for their own account.
VFAA Class 3 Licence holders authorised to provide any VFA service
and to hold or control clients’ money, but not to
operate aVFA exchange.
VFAA Class 4 Licence holders authorised to operate a VFA exchange
and to hold or control clients’ money, virtual financial
assets and, or private cryptographic keys and
custodian or nominee services solely in relation to the
operation and activities of suchVFA exchange.

AML IN THE CRYPTO WORLD – 5TH AML DIRECTIVE
DIRECTIVE (EU) 2018/843 OFTHE EUROPEAN PARLIAMENT AND OFTHE COUNCIL of 30 May 2018
amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes
of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU
(commonly known as the 5th AML directive) states:
(8) Providers engaged in exchange services between virtual currencies and fiat currencies (that is to
say coins and banknotes that are designated as legal tender and electronic money, of a country,
accepted as a medium of exchange in the issuing country) as well as custodian wallet providers are
under no Union obligation to identify suspicious activity. Therefore, terrorist groups may be able to
transfer money into the Union financial system or within virtual currency networks by concealing
transfers or by benefiting from a certain degree of anonymity on those platforms. It is therefore
essential to extend the scope of Directive (EU) 2015/849 so as to include providers engaged in
exchange services between virtual currencies and fiat currencies as well as custodian wallet
providers. For the purposes of anti-money laundering and countering the financing of terrorism
(AML/CFT), competent authorities should be able, through obliged entities, to monitor the use of
virtual currencies. Such monitoring would provide a balanced and proportional approach,
safeguarding technical advances and the high degree of transparency attained in the field of
alternative finance and social entrepreneurship.
• Reference is just for Crypto-to-Fiat and Fiat-to-Crypto exchanges, with no mention of any other VFA
service providers

5TH AML DIRECTIVE – TRANSPOSITION IN MALTA
• Understanding that the 5th AML did not capture the fast pace of this industry and
thus did not go far enough in including all possible players (as already included in
theVFA Act).
• With Malta being a forerunner in this industry it would make sense to include
VFA issuers,VFA agents andVFA service providers (exchanges, market makers
dealing on own account) when transposing the 5th AML directive and thus go
beyond what is included in the 5th AML directive.
• Then FIAU would proceed to issue the corresponding implementing procedures.

ULTIMATE AIM
To have a robust regulatory framework that make sure that……
……the bad apples do not make it into Malta’s fintech industry.

EMCS
Regional BusinessCentre
Level 2
University Heights
Msida MSD 1751 Malta
Tel: +356 2777 2777
Mob: +356 79430077
Your Contact
Silvan Mifsud
Senior Manager
silvan.mifsud@emcs.com.mt

Panel Discussion -
The interaction of
the Banking World
with
Cryptocurrencies
and ICOs

Gordon Micallef
Partner
RSM, Malta

THE POWER
OF BEING
UNDERSTOOD
AUDIT | TAX | CONSULTING

OVERVIEW OF THE MDIA AND ITAS ACTS
Malta Chamber of Commerce, Enterprise and Industry
26th July 2018
Advisory

DLT Regulatory Framework
The trident of laws
• The Maltese Government has approved and
enacted 3 acts to set up a regulatory
framework for Distributed Ledger
Technologies (DLT); which feature the
regulation of merit, affiliation strategies and
mandatory disclosure requirements.
• Acts approved on the 20th July 2018
- The Innovative Technology
Arrangements and Services Act (The
ITAS Act)
- The Virtual Financial Assets Act (The
VFA Act)
- The Malta Digital Innovation
Authority Bill (The MDIA Act)

Offerings of VFAs,
Service Providers in the VFA
space,
Licensing requirements and
obligations of ICO issuers or
those providing services to an
ICO,
Implementation of financial
instrument tests,
Minimum disclosure
requirements for ICO
whitepapers,
Controls on marketing and
advertisement of VFAs.
Certification of Innovative
Technology Arrangements,
Registration of Innovative
Technology Service Providers,
Principles and requirements for
certification and registration,
Outsourcing of auditors,
Appointment of resident agents,
Guiding principles for the MDIA
(Authority) to support the
development of innovative
technology arrangements in
Malta,
Establishment and composition
of the Authority,
Purposes, functions and powers
of the Authority,
Infringements & Fees,
Granting or refusing innovative
technology authorisation.
VFA ACT ITAS ACT MDIA ACT

INNOVATIVE TECHNOLOGY
ARRANGEMENTS AND SERVICES ACT
ITAS

The ITAS Act Act No. XXXIII of 2018
Overview
• The ITAS Act provides a regulatory framework for innovative technology arrangements and
innovative technology services.
• The Act takes into consideration the regulatory functions of the MDIA with regards to the said
arrangements and services.
• Primarily, the purpose of the Act is to lay grounds on which authorisation of an arrangement or
service shall be granted by the MDIA.
• The authorisation is on a voluntary basis.

The ITAS Act
Scope
• The ITAS Act focuses on the Innovative Technology Arrangements and Innovative Technology
Service providers which seek authorisation by the MDIA.
• The ITAS Act should be followed with special regard to the MDIA Act, especially in relation to
grants or refusal of innovative technology authorisations.

The ITAS Act
Part I Definitions
Part II Principles of Recognition
Part III Certification of Innovative Technology Arrangements
Part IV Registration of Service Providers
Part V Miscellaneous Provisions (with regards to the duties of applicants and application holders, the Power of the
Minister, transparency obligations of the MDIA and the role of a resident agent)
The First an
Second
Schedule
Definition of Innovative Technology Arrangements and Innovative Technology Services
The Third
Schedule
Definition of periods of validity for the authorisation of the aforementioned arrangements/services
The Fourth
Schedule
Definition of terms specified in Article 8, 4(a) of the Act, which discusses requirements for authorisation of an
innovative technology arrangement specific to legal organisations

The ITAS Act
Grounds for Classification of an Innovative Technology Authorisation*
First Schedule - Innovative Technology Arrangements
Software/Architectures which are used in designing and delivering DLT, which may;
a) Use a distributed, decentralized, shared and, or replicated ledger;
b) Be public or private or hybrids thereof;
c) Be permissioned or permission-less or hybrids thereof;
d) Be immutable;
e) Be protected with cryptography; and
f) Be auditable;
Smart Contracts and related applications, including decentralised autonomous organisations, as well as other similar arrangements;
Any other innovative technology arrangement which may be designated by the Minister, on the recommendation of the Authority by
notice from time to time.
Type of Authorisation (Third Schedule)
Certification of Innovative Technology Arrangement – Valid for 3 years

The ITAS Act
Grounds for Classification of an Innovative Technology Authorisation*
Second Schedule - Innovative Technology Services
Review services by system auditors regarding arrangements referred to within this Act.
Technical administration services provided by technical administrators with reference to arrangements within this Act.
Type of Authorisation (Third Schedule)
Registration of System Auditors – Valid for 2 years or,
Registration of Technical Administrators – Valid for 3 years.
*These are soft classifiers. The Act lists types of DLT platforms for which the Authority may make an exception and
adapt around these classification grounds in cases of uncertainty.

The ITAS Act
Part II – Principles of Recognition
Eligibility of Recognition
• No type or class of an arrangement or service shall be eligible for recognition if it does not meet the requirements in
Schedules 1 & 2, unless the following hold true;
- There is reasonable doubt as to whether an arrangement/service has the functions and/or characteristics or
falls in a category defined in the Schedules,
- Absolute certainty cannot be obtained as to whether the arrangement/service is sufficiently similar in scope and
functionality to any of those defined in the Act,
- The arrangement includes, but does not solely consist of an agreement or service.
Procedures for Applicants
• Applicants shall be able to apply through the forms provided by the MDIA, or,
• If these are not available, through an application in writing to the Authority,
• All information required by the Authority for the purpose of granting certification/registration should be provided with
the application.

The ITAS Act
Part II – Principles of Recognition
Register of recognitions
• An electronic Register of recognitions (hereinafter “the Register”) should be maintained by the Authority.
• The Register should be divided into parts as necessary to represent the different types of recognition and
populated with all recognitions issued under this Act and the MDIA Act.
• The Register shall provide all information, that the Authority deems necessary, on the authorisation holder.
• The Authority shall make the Register available to the public through its publication on the Authority’s website.

The ITAS Act
Part III – Certification of Innovative Technology Arrangements &
Part IV – Registration of Service Providers
Principles of Authorisation
Part III Part IV
An arrangement may be granted for one or more specified
purpose, and may be based on one or more of the below as
determined by the Authority;
a) qualities;
b) features;
c) attributes;
d) behaviours; or
e) aspects,
A certification based on any of the above shall not serve as a
certification or serve as a guarantee of certification, for any
other quality/feature/attribute/behaviour/aspect.
1. The Authority may accept to register a person/organisation
providing a multitude of services.
2. However, similar to specifications for certifications (left),
the registration of one type of service shall not guarantee
the registration of the same person/organisation to provide
the same type of service.

The ITAS Act
Part III – Certification of Innovative Technology Arrangements
Requirements for Authorisation
Part III Part IV
An innovative technology arrangement shall be certified if;
a) It is fit and proper for the purposes for which it declares to
have been established.*
b) The software (or parts of it) comprising the innovative
technology arrangement has been reviewed by a
registered systems auditor(s) who are in no way involved
with the arrangement.
An innovative technology service provider may be registered
with the MDIA if;
a) Is fit and proper for the provision of the services it is
providing or intends to provide.*
b) Has the qualifications and, or experience required by the
Authority.
*If the arrangement/service provider is an organised legal organisations, the Act specifies further restrictions
on authorisation in the Article 8 (for certifications) and Article 10 (for registrations).

The ITAS Act
Requirements for Authorisation
Part III Part IV
An innovative technology agreement shall be certified if;
c) The arrangement has a registered technical administrator.
d) The arrangement
i. Complies with applicable innovative technology
authorisation rules and regulations,
ii. Carries out obligations imposed by applicable law,
iii. Has the functionality to allow the technical
administrator to intervene in cases of material cause
of loss to any user or material breach of law.
An innovative technology service provider may be registered
with the MDIA if;
c) Has sufficient technical resources to allow it to conform to
any innovative technology authorisation rules and
regulations, guidelines and conditions issued by the
Authority.
d) It does not fall within any of the cases specified in Article
29 of the MDIA Act (Cases where an authorisation may be
refused).

The ITAS Act
Further Guidelines and Specifications
Part III Part IV
The Authority may allow exceptions to the requirements
for certification if any of these cannot be achieved within
short time frames due to technical challenges.
This is applicable only when;
a) The arrangement is already in at a very advanced stage of
development
b) The arrangement is open, decentralised, public and
permission-less.
Irrespective of their registration service providers shall
follow the below best practices;
a) Conduct their business with honesty and integrity;
b) Consider the rights, interests and needs of their customers
and communicate with them in a way that is fair, clear and
not misleading;
c) Manage and control their business effectively, and conduct
its business with due skill, care and diligence;
d) Have effective arrangements in place to be able to meet
operational and compliance obligations.

The ITAS Act
Part III – Certification of Innovative Technology Arrangements &
On Rules & Guidelines of Authorisation by the Authority
Part III Part IV
The Authority shall from time to time establish guidelines on specifications for which it will and, or will not issue certifications.
Similarly for services, the Authority may establish guidelines to specify purposes for which services can be registered.
The Authority may also create and publish standards of certification/registration it will rely on when enforcing this Act.
Additionally, the Authority may review or appoint system auditors to review certifications and registrations to ensure proper
conduct of and compliancy with the obligations of the authorisation holder.

The ITAS Act
Part V – Miscellaneous Provisions
Duties of the Authority
• Transparency during the application progress – All necessary information should be provided during the review of an
application, including reasons for the Authority’s proposal to refuse granting authorisation.
• The right of appeal – If no feedback on an application is given by the Authority 3 months after its submission, the
applicant may assume refusal and has the right to appeal to the Administrative Review Tribunal.
Duties of the Authorisation Holder
• Notification to the Authority of any material changes – This is required when the information initially provided to the
Authority undergoes any material changes (which changes are defined in Article 12, sub-article 1)
• Auditing and review of authorisation - The Act places a responsibility on the authorisation holder to schedule required
audits and reviews to be able to renew a registration/ certification prior to 3 months of its expiration.

The ITAS Act
Resident Agents
• Requirement of a resident agent - Organisations/persons who need a resident agent include those;
– Which are not resident in Malta,
– Who’s technical administrator is also not resident in Malta. In this case, a separate resident agent is also
required for the technical administrator.
• The role of a resident agent – A resident agent should;
– Act as the channel of communication between the authorisation holder and the Authority & other governmental
bodies/departments.
– Sign and file any required declarations and forms required by Maltese law.
– Act as the judicial representative of the authorisation holder.
• The powers of a resident agent – If approved by the authorisation holder, these include the power to;
– Sign and file any document required in terms of Maltese law;
– Apply for an authorisation/revocation/cancellation under this Act;
– Pay all relative fees and taxes payable in terms of Maltese law;

The ITAS Act
Resident Agents
• The powers of a resident agent (continued)
– Participate as required in the certification/registration/ other form of recognition under this Act or for the
maintenance of such recognition;
– Authenticate documents issued by the authorisation holder; and
– Receive formal notification on behalf of the authorisation holder when notifications are required under the
provisions of this Act or any other law or any agreement.
• The rights and duties of the resident agent and the authorisation holder during removal of the resident agent -
Article 18 lists notice periods and procedural steps to be taken by either the resident agent or the authorisation holder
when resigning or removing the resident agent, respectively.
The Minister
• Article 20 of the ITAS Act lists the power of the Authority's Minister to create regulations or change regulations in this Act
with respect to the authorisation of innovative technology arrangements and services.

MALTA DIGITAL INNOVATION AUTHORITY
ACT
MDIA

The MDIA Act Act No. XXXI of 2018
Overview
• The MDIA Act outlines guiding principles for the Authority in supporting the development of innovative
technology arrangements and services in Malta.
• As specified by the Act, the Authority will primarily be responsible for certifying and supervising voluntary
applications managed by:
– Innovative technology service providers,
– Technical administrators,
– Other individuals involved in innovative technology arrangements.
• The Act aims to foster increased collaboration between this public authority and other relevant national
authorities. It encourages the adoption of mutual recognition with regards to organisations/individuals who will
review and audit innovative technology arrangements.
• The Act shall be used to guide the Authority on ramifications and financial charges following infringements and
misconduct with regards to recognised arrangements and services.

The MDIA Act
Scope
• The MDIA Act defines various economic and social sectors within its scope. Although not limited to just these
sectors, these include;
– Financial services,
– Health and education,
– Voluntary organisations,
– Public administration and transport.
• The Act primarily focuses on the MDIA’s recognition, review and supervision of the innovative technology
arrangements and innovative technology services as defined in the ITAS Act, within the aforementioned
sectors.
It should be noted that standards to be used in the new legal framework are yet to be developed. The Authority will
use standards to regulate in such a way that is protects against non-compliance with mandatory laws on the
protection of consumers and investors, the integrity of the market and the public interest.

The MDIA Act
Part I Definitions
Part II Guiding Principles for the Authority
Part III Establishment and Composition of the Authority
Part IV Officers and Employees to act on behalf of the Authority
Part V Financial Provisions, and the Authority’s power to impose fees, rates and payments
Part VI Principles on granting and refusing recognition and additional powers of the Authority
Part VII Regulatory Powers of the Authority related to rules on and suspensions/revocation of authorisations.
Part VIII Enforcement and Sanctions allowed by the Act
Part IX Relationship between the Authority and the Administrative Review Tribunal
Part X Guidance for co-ordination between the Authority and national competent authorities
Part XI Miscellaneous Provisions

The MDIA Act
Part II – Guiding Principles
13 Main Policies and Objectives of the Authority
• As part of the guiding principles, the Act defines the following set of 13 policies and objectives to guide the Authority in
its operation.
– Promote governmental policies that favour the deployment, within the public administration, of innovative
technology arrangements,
– Foster, promote and facilitate the advancement and utilisation of innovative technology arrangements and their
design and uses;
– Promote education on ethical standards and legitimate exploitation of innovative technology arrangements;
– Safeguard, maintain and protect the reputation of Malta in the use of innovative technology arrangements;
– Protect users of innovative technology arrangements, including consumers and the public in general and to
ensure standards to meet their legitimate expectations and protect against misuse;
– Provide a sound financial basis for the Authority to be able to achieve its functions;

The MDIA Act
13 Main Policies and Objectives of the Authority (Continued)
– Harmonise practices, and, where applicable, facilitate the adoption of standards, on innovative technology
arrangements in Malta in line with international norms, standards, rules and, or laws and with those of the
European Union in particular;
– Assist the competent data protection authorities in safeguarding the data protection rights of data subjects and
assist other competent authorities in the protection of vulnerable persons and the promotion of fair competition
and consumer choice;
– Promote, and if required enforce, ethical and legitimate criteria in the design and use of innovative technology
arrangements and any application, software or derivative product from it or intrinsically part of or connected to it as
well as to ensure quality of services and security therein;

The MDIA Act
13 Main Policies and Objectives of the Authority (Continued)
– Through collaboration with other regulatory bodies and competent authorities with responsibility for the prevention
of money laundering and the financing of terrorism and crime in general; Support the prevention of money
laundering, terrorist financing and the commission of any other crime in or through the use of innovative
technology arrangements;
– Promote transparency and auditability in the use of innovative technology arrangements, and any application,
software, or derivative product from it or intrinsically part of or connected to it;
– Promote ease of accessibility to the facilities provided by publicly available innovative technology arrangements
and the recognition and implementation of the right of exit, withdrawal or termination of participation from any
arrangement in the use of innovative technology arrangements; and
– Promote legal certainty in the application of laws, in a national and cross-border context, and the development of
appropriate legal principles for the effective application of law to innovative technology arrangements.

The MDIA Act
Part III – Establishment, Functions and Conduct of Affairs of the Authority
Establishment of the Authority
• The Authority is a corporate body of members.
• The conduct of the affairs of the Authority shall be the responsibility of the Board, which responsibility shall be
exercised through the Chairman.
• The Authority shall assume a distinct legal personality and can be represented by the Chairman or any appointed
member of the Board on behalf of the Authority in any act/contract/instrument/other document.
Composition of the Authority
• A Chairman,
• Minimum of 4 to a maximum of 8 members who are appointed for a term of minimum one year to a maximum of three
years and who may be re-appointed on their term's expiration.
Members of the Board
• The Act lists members who are eligible to become members of the Board. Article 5 also lists list of individuals who cannot
hold office as a member of the board due to their existing position/potential conflicts of interest

The MDIA Act
Part III – Functions and Powers of the Authority
Functions of the Authority
Several commitments that the Authority must fulfil include, but are not limited to;
• Regulate, monitor and supervise any innovative technology arrangements/services/applications regulated by the Act.
• Provide facilities for the recognition, certification, registration for the carrying out of any lawful operation or activity which
the Authority is entitled to administer.
• Establish minimum quality, compliance and security standards for any innovative technology arrangements/services and
regulate the respective sectors to protect the general public.
• Establish minimum qualifications to be possessed by any person/organisation engaged in any activity related by the Act.
Powers of the Authority
The MDIA has the power to;
• Gain access to information on an innovative technology arrangement strictly to regulate or enforce compliance.*
• Hold any wallet, account or other facility in relation to digital assets to carry out regulatory compliance functions.
*This does not include any source code unless required for regulatory purposes and accepted by the holder of the
innovative technology arrangement/service.

The MDIA Act
Part IV – Officers and Employees of the Authority
• Part IV of the MDIA Act specifies that the Authority may appoint Officers and employees to
perform functions on behalf of the Authority.

The MDIA Act
Part V – Financial Provisions
Expenditure
“Expenditure required for the proper performance of [the Authority’s] functions shall, as far as practicable, be met out of its
revenue". Any excess expenditure may be met by the use of reserve funds, and any excess funds may be invested, subject to the
approval of the Minister responsible for finance.
Account Keeping and Reporting
The Authority shall keep proper accounts and other records in respect of its operations such that it can;
• Prepare a statement of accounts covering each financial year,
• Be audited by an auditor/auditors approved by the Minister,
• Provide an Annual Report to the Minister of the Authority and the Minister of Finance, to cover the activities of the Authority
during the financial year.
Money Laundering
• The Authority may impose regulations made under Article 12 of the Prevention of Money Laundering Act,
• It may report any areas/arrangements/services vulnerable to money laundering to the National Coordinating Committee on
Combating Money Laundering and the Funding of Terrorism under Article 12 A.
• The Authority may disclose information to the Financial Intelligence Analysis Unit on transactions which are suspected/known to
be related to criminal activity or the funding of terrorism.

The MDIA Act
Part VI – Principles relating to Recognition, Powers of the Authority
The Power to grant or refuse to issue an innovative technology authorisation
Based on specific grounds defined in the MDIA Act, the Authority has the power to either grant or refuse any form of
recognition voluntarily requested by the applicant.
Documentation and evidence required by the Authority
The Authority may request for any documentation and assurances as necessary or relevant for it to carry out its functions and
grant authorisation. The Authority should publish documentation requirements in due time to allow applicants to prepare,
however the burden to prove credibility is that of the applicants and not the Authority.
The Establishment of rules by the Authority
The Authority shall establish rules and requirements as a basis to guide on conditions and exceptions for the issue of
authorisations and the different types of authorisations which may be given.
Transferability of authorisation
The Act does not allow the authority to approve transfer of an authorisation (which has already been granted); where the
transfer to a subsidiary/legal organisation wholly owned and controlled by the applicant/persons shall not be
considered a transfer.

The MDIA Act
Part VII – Regulatory Powers
Revocations, Cancellations, Suspensions of Authorisations
The Act lists eight specific scenarios for both innovative technology arrangements and innovative technology services, under
which the Authority is to revoke, cancel or suspend an authorisation.
Procedural steps during revocations, cancellations and suspensions
Article 35 lists procedural steps to be taken during the revocation, cancellation or suspension of an authorisation. Other
guidelines in this article relate to interim measures, extension of rectification periods, notification and applicable interest rate on
administrative fines.
Publication and Notification obligations of the Authority
The Act specifies obligations of the Authority to notify the applicant or authorisation holder of a refusal of authorisation, of a
varying condition an existing authorisation is subject to, or of a suspension or revocation to that authorisation.
Allowable Exemptions
The Minister of the Authority shall, subject to the authorisation of the Minister of the relevant Authority, and subject to specific
circumstances defined by the Act, allow several exemptions to the regulations, as specified in the Act.

The MDIA Act
Part VIII – Enforcement and Sanctions
Enforcement of the Provision of Information
The Authority may enforce the provision of information from any person, which information may include any software codes,
protocols and financial information that is considered as necessary for the Authority's supervisory and administrative functions.
Unless required by other applicable law, this power excludes the request for source codes of software which is
commercially sensitive or personally owned cryptographic keys.
Administrative Fines
The Act defines fines and penalties to be punished following misconduct or non-compliance with the Authority’s controls, such
when confidential information is disclosed, or when the required information is not provided.
350,000 Euro Cap - This is enforced on any administrative fine for each infringement, or
12,000 Euro Daily Cap - For each day of infringement.
Administrative fines are to be calculated with regard to the nature and extent of the infringement, its duration and its impact on
the market and consumers.

The MDIA Act
Part IX – Administrative Review Tribunal
Appeals to the Administrative Review Tribunal
The Administrative Review Tribunal shall be competent to hear and determine appeals from decisions of the Authority.
The procedure to be followed for appeals of administrative fines is defined in Article 47.
Appeals that the Tribunal reviews are not only related to the imposition of administrative fines but include appeals on any
decision taken by the Government or any public authority in relation to innovative technology services or arrangements.
Article 48 through 52 discuss the following in relation to any appeal:
– Article 48 - How the Appeals Tribunal confirms or annuls the decision appealed from,
– Article 49 - The Procedure to be performed by the Tribunal to arrive to a final decision,
– Article 50 - The position to be assumed by either affected party with respect to the Authority's proposition, until the
Tribunal or Court of Appeal determines the appeal.
– Article 51 - Guides on the service of notices.
– Article 52 - Specifies how debts due to the Authority may be declared, confirmed and recovered.

The MDIA Act
Part X – Co-ordination with other Competent Authorities; Simplification
Seeking co-ordination with national competent authorities
Article 55 lists cases when the Authority may or should refer to other national competent authorities for the support,
guidance and assistance on the provisions on the Act and of applicable laws enforced by said authorities.
Avoiding duplication of controls and simplification of procedures
Article 56 specifies that the Authority should not accept procedures and controls carried out by a competent authority
if such procedures, controls or other measures do not provide equivalent safeguards to those provided under Maltese
law or as established by the Authority.
Joint Regulatory Efficiency Board
Article 57 states that there should be a Joint Regulatory Efficiency Board to facilitate the co-ordination between the
Authority and other competent authorities.

The MDIA Act
Part XI – Miscellaneous Provisions
The Power of the Minister and of the Authority to issue guidelines
A comprehensive list of controls is provided to guide the Minister in relation to the implementation of the Act, such as;
permissions s/he has to the creation of rules with respect to the Act, the enforcement of additional penalties for any
breaches of the Act.
Additionally, the Act gives the Authority the Power to create rules to ensure high standards of security and integrity in
innovative technology arrangements.

Questions
Gordon Micallef
gordon.micallef@rsm.com.mt
106

THANK YOU FOR
YOUR TIME AND
ATTENTION

Kenneth Farrugia
Chief Business
Development Officer
Bank of Valletta, plc

Information Session on the Blockchain Legislation
Distributed Ledger Technology in Banking -
Opportunities & Challenges for the Industry
Kenneth Farrugia
Chief Business Development Officer
Bank of Valletta plc
The Exchange Buildings
26th July 2018

BOV Start PlusAgenda
1. DLT and Banking – An Introduction
2. The strong case for DLT in the banking sector
– Opportunity Set, Use Cases and Challenges to be managed
3. DLT and Virtual Financial Assets

1. DLT and Banking – Introduction
European Banking Authority Report – July 2018
Opportunity Set
“DLT enables a common and almost real-time view of a trade transaction
stored in a shared ledger for all participants involved, creating a level playing
field for all parties and eliminating their reliance on paper instruments
exchanged among them. A shared view could rationalise the manual effort and
reconciliation processes, with consequent savings in time, money and
resources.”
Risks/Challenges
- Immaturity of DLT Technology – heightened Cyber Security Risk
- Cross jurisdictional conflicts of laws and regulations when DLT nodes
are in different jurisdictions. – recognition of a digitally signed smart contracts in
one jurisdiction may differ from another.
111

Why do Banks need to embrace DLT?
112
Threat of Disintermediation
DLT technology enables a cryptographically secure way of sending digital assets, without
the need for trusted third parties — such as banks
• Payments: no need for intermediaries to approve transactions between consumers. DLT facilitates
faster payments on a p2p basis at lower fees than banks
• Clearance and Settlement Systems: DLT reduces operational costs and bring about real-
time transactions between financial institutions and their clients.
• Fundraising: Through DLT based platforms companies are provided with immediate access to
liquidity through ICOs – unbundles access to capital from traditional financial services channels
• Securities: use of tokenization in traditional securities such as stocks, bonds, and alternative
assets, the blockchain is changing the structure of capital markets.
• Loans and Credit: DLT removes the need for gatekeepers in the loan and credit industry, the
blockchain can make it more secure to borrow money at lower interest rates through DLT based
scorecard applications

BOV Start Plus
4 Key Desired Outcomes
1. Improved Customer Experience and Engagement in terms of speed
and quality of service leading to stronger revenue streams
2. Operational Efficiency through automation
3. Significant Cost Savings
4. Regulatory and Operational Risk Management
2. The Strong Case for DLT in the Banking Sector

Use Case Applications of DLT
Settlement of Payments - State of Play
- Slow and costly process for the settlement of transactions
- Current process costing the industry $65-$80 billion a year – Oliver Wyman
Opportunity Set – a DLT based clearing and settlement process will bring
about cost savings of $10 billion for Investment Banks - Thomson Reuters
Use Case
- UBS has developed a Utility Settlement Coin (USC) which is a digital cash
equivalent of major fiat currencies backed by central banks enabling financial
markets to make payments and settle transactions using DLT
Challenge - Financial regulators acceptance on how DLT can meet technical,
governance, legal and regulatory requirements

BOV Start Plus
How are Banks embracing DLT and their challenges?
Customer Identification / KYC Solutions – State of Play
- KYC requests causing significant delays to banking transactions ranging from days to
sometimes weeks.
- Duplication of KYC efforts by banks in the correspondent chain.
- Cost of KYC obligations average $60 million pa - survey by Thompson Reuters (2016)
Use case
- BBVA, ING and UBS that have developed a proof-of-concept for a DLT shared KYC
registry on a Cordoba Platform
- Platform reduces duplication and costs by eliminating the need for multiple attestations
and repetitive updating of KYC records – still present within different units of some Banks
- Data Privacy and security issues may be addressed through user access rights
Challenge
- Financial regulators accepting the way DLT can meet AML and GDPR legal and
regulatory requirements

BOV Start Plus
Payment Solutions – State of Play
- Banks currently engage with one another to transfer cross border payments using
different systems either SEPA or SWIFT.
- Payments take from 1–2 business days to be transferred passing through a number of
intermediary banks which obviously increases the transaction cost
Use Case
- Santander, has implemented a fully functioning OnePay FX payment system running
on Ripple DLT.
- primary goal is to optimize payments between EU and South America using DLT
- service aimed at accelerating international banking Transaction processing and
reducing the costs
Challenge
- Banks facing scalability and privacy issues which have yet to be addressed
through agreed to standards

Trade Finance – State of Play
117

BOV Start Plus
Trade Finance – State of Play
- Business involves multiple trading partners
- Huge amounts of manual records handling, checking and paperwork
- System fraught with delays, duplication, fraud and high levels of inefficiency
Use Case
- IBM, UBS and several other international banks (including Caixa, CommerzBank
and Bank of Montreal) have formed a trade finance consortium
- Create a global trade finance platform, Batavia, based on blockchain
- Blockchain will be used to digitise sales and other legal contracts, allow the location
of goods to be monitored and facilitate settlement in close to real time.
Challenges
- Banks would have to internally digitize the trade itself
- Requires the involvement of key stakeholders - shipping companies, freight
providers, various agent and ports, along with customs and insurers
- Industry is still highly reliant on significant paper based operations that
drive these players - needs a culture change

119
Trade Finance – Desired State of Play
Smart Contract on the Blockchain linking all operators in the Ecosystem

BOV Start Plus
Syndicated Loans – State of Play
- Daunting process driven by the lengthy discussions leading to the
agreement to be reached between the banks’ legal and credit teams the
various details governing the financing contracts and covenants
Use Case
- Credit Suisse Group formed a consortium that works hand-in-hand with R3
and other DLT start up companies to start issuing syndicated loans on the
blockchain. This would provide an easy way to manage the whole lifecycle of
loans and increase transaction processing.
Challenge - Developers must find a way to make separate blockchains talk to
each other in order to quickly reflect all changes that are made to a loan’s
ownership across all systems.

BOV Start Plus Addressing the Challenges
Regulation
- a clear regulatory environment in the DLT space
- three legislative acts passed in the Maltese Parliament this month are a step
in the right direction
- absence of an international banking framework for DLT solutions and
cryptocurrencies will hamper the adoption of DLT solutions into mainstream
banking activities in the short - medium term
Operational / Technology
- Operational/technological barriers such as different DLTs not
communicating with one another may fragment the market.
- security integrity is required to ensure scalability and widespread take up.
Culture
- Regulatory cultural barriers are still present in the market
- need to ease and facilitate the interaction between DLT / fintech players in
the market and the traditional banking in the financial services industry

Key Challenge
– Cyber Security Risks/Threats to Exchanges
122Lorem Ipsum
• Estimated Loss From Top Hacks and Scams (2011-2018 YTD): $2.3 Billion
• Mt Gox: Bitcoin: Around 800,000 BTC, equivalent of $450 million USD at
time of event was lost.
• The DAO incident: Ethereum: About 3,600,000 ETH, equivalent of $60 million
USD, was lost in this hack
• Coincheck: reported loss of 500,000,000 NEMs equivalent of $400 million
USD.
• Bitcoinica 3 recorded hacks, resulting in a total reported loss of over 78,000
BTC
3. DLT and Virtual Financial Assets
– Other Challenges for the Banking Sector

DLT and Virtual Financial Assets
– Other Challenges for the Banking Sector
Key Issues with Crypto Exchanges and Virtual Financial Assets
- Cybersecurity concerns around crypto exchanges
- So far the sector is largely unregulated
- AML/KYC/Due Diligence gaps when compared to mainstream standards
- Derisking mindset of banks driven by hard coded and stringent regulations
- Sector has attracted a lot of negative PR led by bankruptcies of exchange
service firms, ICO Frauds, Ponzi Schemes amongst others.
123

Bank of Valletta p.l.c. (BOV) is licensed to conduct investment services business by the Malta Financial Services Authority
(MFSA). BOV is enrolled as a tied insurance intermediary of MSV Life p.l.c., regulated by the MFSA. BOV is authorised to
act as a Trustee by the MFSA.
The contents of this document are intended to provide general information only
and cannot substitute legal, tax or any other relevant advice.
Thank you

Stefano Mallia
Vice President
EESC - Employers

Blockchain - The Regulatory Framework

Recommended

Recommended

More Related Content

Similar to Blockchain - The Regulatory Framework

Similar to Blockchain - The Regulatory Framework (20)

More from Silvan Mifsud

More from Silvan Mifsud (10)

Recently uploaded

Recently uploaded (20)

Blockchain - The Regulatory Framework

Editor's Notes