This country-specific Q&A provides an overview of the legal framework and key issues surrounding fintech law in Malta.
This Q&A is part of the global guide to Fintech.
For a full list of jurisdictional Q&As visit http://www.inhouselawyer.co.uk/index.php/practice-areas/fintech-2nd-edition
What are the sources of payments law in your jurisdiction?
One of the main laws regulating payments in Malta is the Financial Institutions Act (Chapter 376) (‘FIA’) which is the key act transposing the EU Payment Services Directive 2015/2366 (‘PSD2’). This Act is complemented with subsidiary legislation, particularly the Credit Institutions and Financial Institutions (Payment Accounts) Regulations, as well as a suite of Financial Institutions Rules issued by the Maltese financial services regulator, the Malta Financial Services Authority (the ‘MFSA’). The enactment of the FIA resulted in the introduction of payment institutions being regulated under Maltese Law under the supervision of the MFSA. PSD2 has been fully transposed into Maltese law, partially through Directive No.1, issued under the Central Bank Act (Chapter 204) and partially through the FIA. The Banking Act (Chapter 371), which provides the legislative framework for credit institutions, cross-references the provisions of the Financial Institutions Act as the applicable law of the payment services provided by banks. Furthermore, the Civil Code of Malta (Chapter 16) regulates the private and civil law aspects relating to payments.
Can payment services be provided by non-banks, and if so on what conditions?
Yes - Payment services may be provided by standalone service providers commonly known as ‘payment institutions’, which are regulated entities under the Second Schedule to the FIA. Payment institutions are defined as companies which have obtained a licence under the FIA or that hold an equivalent authorisation in another country in terms of PSD2, to provide and execute payment services throughout the EU. Once authorised, these entities may engage in activities such as providing services enabling cash to be placed on a payment account, all the operations required for operating a payment account, execution of payment transactions, issuing and/or acquiring of payment instruments as well as money remittance.
Application and ongoing obligations for authorised payment institutions include:
- the submission of an application for authorisation and the required documentation;
- capital holding requirements, which may range from EUR 25,000 to EUR 125,000 depending on the type of payment services being provided;
- at least 2 individuals must effectively direct the licensed entity’s business in Malta;
- all qualifying shareholders, controllers and all persons effectively directing the business are to be suitable persons to ensure the sound and prudent management of the business.
Besides not being allowed to receive deposits or other repayable funds from the public, payment institutions must only use funds to provide payment services.
Payment services may also be provided by electronic money institutions which under the FIA are defined as financial institutions that have been licensed under the FIA and authorised to issue electronic money or that hold an equivalent authorisation to issue electronic money in another country in terms of the Electronic Money Directive.
What are the most popular payment methods and payment instruments in your jurisdiction?
According to a survey conducted by the European Central Bank across the single currency area in July 2016, it was found that 92 per cent of the transactions in Malta involve coins and notes. To corroborate the popularity of cash as the favourite payment method in Malta, the latest statistics issued by the Central Bank of Malta in 2018 also show that cash was the most popular payment instrument. In this latest statistic it was also shown that credit or debit cards and cheques were the second most popular.
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
The concept of open Banking has just been introduced in Malta through the transposition of the PSD2 into Maltese Law, particularly through the introduction of a regulatory framework encompassing providers of account information services (‘AISPs’) and Payment initiation services (‘PISPs’). The latter third party providers may now be granted authorisation under the FIA, which is passported throughout other EU Member States.
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
The regulation of data under Maltese law reflects the provisions of the General Data Protection Regulation (‘GDPR’) which has recently introduced more stringent requirements in relation to the consent which must be provided by data subjects. Consent, based on mere acquiescence or lack of action, is no longer valid for data protection purposes. Under GDPR, consent must be given by a clear affirmative act “establishing a freely given, specific, informed and unambiguous indication of the data subject’s consent to the data processing activities.” The regulation further clarifies the rights of data subject while introducing new rights, such as the right to be forgotten and the right to data portability. Consequent to GDPR, firms in the financial services industry, as data controllers and processors, are now faced with more onerous obligations. Businesses in the insurance sector have to be cautious that any location data collected for car insurance purposes falls within the scope of the said regulation. In terms of enforcement, GDPR, besides exponentially increasing the amount of the fines issued and widens the scope thereof, further provides the data protection authority in Malta with additional investigative powers.
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
On the 1st of January 2019, the Malta Gaming Authority launched a 10-month sandbox environment for the acceptance of virtual financial assets and the use of distributed ledger technology within the Gaming Industry. A sandbox was also established by the MFSA which provides financial service providers with the facility of testing out the viability of their product within the regulatory framework, whilst remaining in direct contact with the regulators. Additionally the MFSA has published a fintech strategy to promote a high standard of innovation within the industry through inter alia the creation of the Malta Fintech Innovation Hub, combined with the establishment of links across various jurisdictions, the cultivation of a national talent pool within the fintech industry and the implementation of robust cyber security measures.
The newly-set up regulator, the Malta Digital Innovation Authority (’MDIA’), was established to act as a fintech promoter incentivising investment on innovative technology arrangements as such terms are defined under the MDIAA, and as a supervisory authority, ensuring reliability of such technologies and integrity of the market.
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
The fintech market in Malta is growing at an accelerated and unprecedented rate, mostly because Malta has positioned itself as a Blockchain-friendly island. Cybersecurity is one of the risks which if not tackled can drive investors to revert back to traditional financial services, thereby reducing the growth prospects of the fintech market. Access to finance might also be a deterrent. Some fintech businesses may not fall within the risk appetite of certain banks in Malta, making it difficult for them to gain access to loan financing. This is a consequence of the fact that the banking sector might not be adapting well to the fast-based growth of fintech, creating funding problems. When it comes to employment, better retention mechanisms need to be enforced to avoid the brain drain of valid employees moving from the regulator to industry.
What tax incentives exist in your jurisdiction to encourage fintech investment?
While there is no specific tax incentive for fintech investments, the Malta Enterprise Act (Chapter 463) (‘MEA’) entails various incentives consisting of tax credits calculated either as a percentage of the capital investment which is typically utilised by capital intensive enterprises, or by reference to the value of wages covering new jobs created, consequent to an investment project. Tax credits are set-off against the income tax due by the enterprise for that year. The Micro Invest Scheme, one of the many tax incentives under MEA, grants eligible undertakings the possibility to claim a tax credit equivalent to 45 per cent of eligible expenditure and wage costs. Malta also provides for attractive tax residency rules for highly qualified individuals and high-net-worth individuals wherein a 15 per cent flat rate on income tax on particular income streams may apply to such individuals provided that certain requirements are met.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
The most prominent fintech areas attracting investment in Malta mostly relate to e-payment services, insurtech, ICOs and blockchain solutions. Many businesses setting up in Malta majorly involve crypto-exchanges, brokers, wallet providers, and ICO issuers. The levels of newly-established fintechs in Malta range from well-established companies with names in other jurisdictions (Series C) who set up their head offices or branches in Malta to other start-ups (Series A and B) who are either in the process of optimising their business models and products or those who are past development stage and invest their resources in expanding their reach.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
On some Fintech fronts, Malta is spearheading innovative and unique reforms particularly in the Blockchain sphere. Lately it has garnered an even faster momentum in pushing forward its status as Blockchain Island by effectively quenching start-ups’ craving for regulation through the setting up of a robust principles-based regime targeting distributed ledger technology (DLT) platforms and related service providers. The new laws fill the legislative gaps in what currently is a legal vacuum, rife with a felt desired of legal certainty. Furthermore, Malta has positioned itself as a reputable centre for financial services, with a comprehensive framework overseen by the MFSA - a solution-oriented regulator, fostering a culture of open dialogue and hands-on regulation. Malta’s attraction is further underscored by its favourable tax regime which, as a result of its extensive double tax treaty network, allows investors to achieve considerable fiscal efficiency when using Malta as a base. It has a well-regulated banking sector, with several multinational banks offering bespoke solutions to clients and boasts of a highly skilled, committed workforce with the majority of students opting to follow post-graduate courses related to ICT or financial services. English as one of Malta’s official languages and Malta’s warm climate, gives fintech entrepreneurs an added incentive to choose Malta as a place to set up shop.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
Being a full member of the EU, Malta respects the principle of freedom of movement within the Union. EU citizens (other than Croatian nationals) do not require a work permit to work and thus may reside in Malta. If such residence exceeds 3 months, an EU citizen must apply for a permit to reside in Malta. This procedure is fairly straightforward and not document intensive. Non-EU citizens and Croatian citizens require a single-work permit to work and reside in Malta, which permit can be obtained within 3 months and is valid for one year. It is also renewable for a further period of 1 year. If a non-EU citizen wishes to be employed in Malta, he must have a genuine prospect of gaining successful employment before entering Malta to work; and the employer will need to prove that the employee’s skills are not easily found within the Maltese talent pool. In addition, Identity Malta has recently launched a new scheme, referred to as the “Key Employee Initiative”, which seeks to facilitate the employment of highly specialised non-EU individuals, who wish to be employed in Malta. The scheme is available to managerial or highly-technical posts which require the relevant qualifications or adequate experience related to the job being offered and where the prospective gross salary is of at least EUR 30,000.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
The constantly-decreasing unemployment rate in Malta, which in July 2019 was at 3.4 per cent in the July 2018, may be a factor which may stress the access to talent in the fintech industry. Notwithstanding, the financial services industry generally is an important pillar of the Maltese economy. To this end, Maltese governments have always given the industry priority in policy formation over the years. The Government has noted that in the coming years Malta will need to significantly increase its workforce by attracting more foreign talent. To this end, Malta has implemented EU Directive 2014/66/EU regarding the Conditions of Entry and Residence of Third-Country Nationals in the Framework of an Intra-Corporate Transfer. This directive seeks to enable the secondment of non-EU key personnel who are already in employment with a group company, to work within another company throughout the EU. This will result in new skills, knowledge, innovation and enhanced economic opportunities for the host entities. Malta also offers attractive tax residency rules for highly qualified individuals and high-net-worth individuals. Provided certain conditions are met, a 15% flat rate of income tax on particular income streams may apply to such individuals.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
Fintech business and solutions are subject to the same intellectual property (‘IP’) laws applicable to any other business in Malta. There is no tailored IP framework targeting fintechs. In this regard, Malta as an EU state upholds European standards of IP protection, and complies with a plethora of international treaties and harmonisation measures, thereby ensuring that it offers the most advantageous position to prospective IP rights holders. The Patents and Designs Act (Chapter 417) governs the protection of patents and designs while the Trademark Act (Chapter 416) regulates trademarks. Copyright owners enjoy automatic protection in terms of the Copyright Act (Chapter 415) without the need of any formal registration. IP rights in general are also subject to the Intellectual Property Rights (Cross-Border Measures) Act (Chapter 414) and the Enforcement of Intellectual Property Rights (Regulation) Act (Chapter 488).
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
Malta’s forward thinking and pioneering approach has led to regulation of distributed ledger technologies and cryptocurrencies through the enactment of three legislative instruments; the Virtual Financial Assets Act, (Chapter 590) (‘VFAA’), the Malta Digital Innovation Authority Act, (Chapter 591) (‘MDIAA’) and the Innovative Technology Arrangements and Services Act, Chapter 592 (‘ITAS’).
The Virtual Financial Assets Act (Chapter 590) (‘VFA’) regulates the realm of cryptocurrencies in Malta. It spearheads the implementation of a bespoke ‘financial instrument test’ applicable to issuers, agents and licence-holders by bestowing the MFSA the power to determine the nature of a DLT asset and whether it qualifies as a virtual financial asset. A virtual financial asset is in turn defined under the VFA as any form of digital medium recordation that is used as a digital medium of exchange, unit of account, or store of value and that is not (a) electronic money; (b) a financial instrument; or (c) a virtual token. The two-layered test primarily focuses on whether the DLT asset is a virtual utility token or otherwise. It then shifts focus on whether the DLT asset satisfies the elements of the various financial instruments under the Directive 2014/65/EU (MiFID). If the asset is a financial instrument, as defined under MIFID, it will fall within scope of the same Directive. Otherwise, by not qualifying as a utility token, a financial instrument, and neither electronic money, the DLT asset will qualify as a virtual financial asset under the VFA, and thus be subject to a light-touch, principles-based regulation in under the same act.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
The VFA regulates the offering of virtual financial assets (or ‘ICOs’) and related service providers. It imposes licensing requirements and on-going obligations to be complied with by ICO-issuers. Akin to the disclosure and regulatory obligations in the securities world, the VFA Act safeguards investors’ rights by mandating a lite regulatory regime for when, an issuer established in Malta, offers VFAs to the public in or from within Malta or applies for a VFA’s admission to trading on a DLT exchange, as such term is defined therein. To complement the VFA Act, the MFSA also published a comprehensive VFA Rulebook entailing a three-tier set of regulations applicable to operators of crypto-financial services and ICO issuers, which provides that in such instances an ICO issuer, while ensuring that the whitepaper entails all the information outlined in the First Schedule of the VFA Act, has to appoint a number of functionaries, including without limitation to, an approved VFA Agent. Furthermore, the VFA Act outlines the manner in which advertisements relating to VFAs are to be carried out.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
One of the live blockchain projects running by the government of Malta is the use of DLT technology to issue education certificates. This is one of many initiatives which the government of Malta has embarked on as part of its mission to establish Malta as a global capital of blockchain expertise.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Up until now Artificial Intelligence (‘AI’) is not yet regulated in Malta, however the Maltese Government has published a high level policy document putting forward the vision and policy considerations in the development of national AI strategy. Albeit such a document is still in its consultation phase, it is paving the way towards establishing Malta as a model nation in AI policy. In light of this, the Government of Malta has commissioned the Malta AI Taskforce to draft the AI National Strategy. This taskforce has already launched a consultation on the proposed ethical AI framework document to seek the public’s feedback on guiding AI principles and trustworthy AI requirements as set out in the mentioned document.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
Insurtech in Malta has recently experienced a healthy level of growth which is expected to continue with most products mainly focused on automated online sales. One of Malta's larger insurance companies launched a highly innovative digital saving product, where mobile technology is used to give clients a fully digital saving experience. Through this product, clients are able to reach their savings goals through an entirely paperless, cash-less and presence-less product, which is deemed to be a breakthrough in the savings market and a major insurtech development at European level. Another insurance company raised $2.3 million in funding from angel investors in a bid to change the way personal insurance is delivered. Through the use of an AI platform which automatically evaluates clients' risks, lifestyles and requirements, customers are given an unbiased view on the most suitable insurance product for them.
Are there any areas of fintech that are particularly strong in your jurisdiction?
Malta is one of the front-running dark horses on the Blockchain front. It is one of the few countries, on a global scale, with the legal and economic foresight to provide a non-intrusive regulatory solution to the delicate market of cryptocurrencies which yearns for certification of quality. Three legislative acts, featuring a well-matched intersection of law and technology, were enacted, re-confirming the important role which Malta is playing in this field. The momentum is reflected in the market with many established names in the industry setting up operations in Malta. New entrants are being announced almost on a weekly basis. Few examples include Binance, which recently relocated its business to Malta, and the setting up of a crypto trading platform to be powered by Bittrex technology. A local fintech company has just struck an exclusive partnership with Bitfury, one of the largest blockchain infrastructure providers in the world. ICOs have been on the rise as many entities have been utilising DLT as a medium to raise finance.
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
Fintech is high on the policy agenda in Malta, therefore financial institutions are encouraged to collaborate with fintechs to ensure that the industry enjoys a positive environment within which it can continue to grow. Reacting to a number of cryptocurrency exchanges and other fintech service providers setting up shop in Malta, some of the well-established players in the local financial services industry have understood the need to keep their status as prime movers in the financial sphere and are thus asserting their vantage point within the industry by exploring innovative technological solutions to their business models. Despite sporadic instances of non-collaboration by some Maltese banks refusing to allow money transfers to and from crypto-exchanges, we are seeing an increase in disrupting fintech companies, mostly infiltrating sectors such as payments, insurance and risk management through robo-advisory.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Large banks have developed their fintech products which have been largely accepted by consumers. One example are mobile applications through which users can bank and transfer money through their phones. Furthermore, the vast majority of banks operating locally have often communicated their intention to keep developing fintech in the years to come. In addition, there have also been initiatives by financial institutions aimed at creating safe spaces within which fintech startups can grow. The Malta Stock Exchange is sponsoring a fintech accelerator programme which aims to develop an ecosystem within which fintech companies can be supported. One of the largest financial services firms in Malta has just recently launched its cryptocurrency trading platform, built upon the model of their trading platform, while offering 24/7 customer support.
Are there any strong examples of disruption through fintech in your jurisdiction?
Fintech companies in Malta have been witnessed to disrupt several sectors such as payments, insurance, investment, and risk management. The vast majority of fintechs in Malta are e-money and payment institutions with the former offering services such as prepaid card services, e-wallet services, and money transfer services; while the latter mainly offer payment processing services, and virtual card payment services.