Regulations for VASP license in Malta

Malta has developed a robust and forward-thinking regulatory framework, making it a global leader in the cryptocurrency and digital asset sectors. With its innovation-friendly legal environment, Malta is an attractive destination for businesses operating in the crypto space. The Malta Financial Services Authority (MFSA) plays a key role in enforcing regulations and ensuring full compliance with local and international standards.

Malta’s regulatory approach focuses on transparency, security, and investor protection. The country enforces strict Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) measures to protect businesses and investors from financial risks.

This guide provides essential details on the key regulatory requirements for obtaining a VASP license in Malta. Below are the main areas businesses need to comply with to secure their crypto license.

1. Registration and Licensing

1. Registration and Licensing

  • All companies engaged in cryptocurrency activities, including exchanges and wallet providers, are required to register with the Malta Financial Services Authority (MFSA) under the Virtual Financial Assets (VFA) Act.
  • The specific crypto license in Malta depends on the type of services provided. In Malta, companies offering services related to the exchange, custody of crypto assets, or wallet solutions must obtain a Virtual Asset Service Provider (VASP) license.
  • With the upcoming full implementation of the MiCA (Markets in Crypto-Assets) regulation across the European Union, VASP licenses are expected to be replaced by CASP (Crypto Asset Service Provider) licenses. The CASP license in Malta will include the same fundamental requirements as the VASP license, along with additional obligations as stipulated by MiCA.
2. Anti-Money Laundering (AML) and Know Your Customer (KYC)

2. Anti-Money Laundering (AML) and Know Your Customer (KYC)

  • In Malta, all cryptocurrency-related businesses must comply with strict Anti-Money Laundering (AML) regulations under the Prevention of Money Laundering Act (PMLA). These regulations are also aligned with European directives, such as AMLD5, to ensure that businesses follow the highest standards in combating money laundering and terrorist financing.
  • Businesses must also adhere to comprehensive Know Your Customer (KYC) procedures. This includes verifying customer identities through personal information collection, conducting background checks, and ongoing transaction monitoring. High-risk clients or transactions may require enhanced due diligence.
  • Additionally, companies are obligated to report any suspicious activities to the Financial Intelligence Analysis Unit (FIAU), which collaborates with international agencies and financial institutions to ensure transparency and the enforcement of financial regulations.
3. Financial Reporting and Auditing

3. Financial Reporting and Auditing

  • Licensed cryptocurrency businesses operating in Malta are required to conduct regular financial audits in compliance with both Maltese and European Union (EU) regulations. These audits must be conducted at least annually and include both financial and non-financial reporting to ensure compliance with Anti-Money Laundering (AML) and other regulatory standards.
  • Furthermore, businesses must submit periodic financial reports to the Malta Financial Services Authority (MFSA) and the Financial Intelligence Analysis Unit (FIAU). These reports detail the company’s financial activities, including transaction volumes, compliance with AML policies, and other regulatory obligations.
4. Consumer Protection

4. Consumer Protection

  • Companies offering cryptocurrency services in Malta must meet strict consumer protection standards, ensuring transparency, security, and accountability in all transactions. This includes providing detailed, publicly available information on services, fees, risks, and the terms of agreements with customers, in compliance with both Maltese and EU regulations.
  • Cryptocurrency businesses are required to implement robust measures to safeguard customer funds. These measures include the use of insured custodial services, adopting technologies that prevent fraud, theft, and loss of assets, and establishing clear procedures for compensation in case of customer asset loss. Moreover, businesses must ensure compliance with local and EU-wide AML/KYC regulations to protect consumer interests and secure their digital assets.
5. Cybersecurity Standards

5. Cybersecurity Standards

  • Cryptocurrency companies in Malta are required to adhere to rigorous cybersecurity standards. These standards include encryption, multi-factor authentication, regular internal and external system audits, and secure data handling protocols. Companies must also implement thorough audit trails and secure data storage mechanisms to prevent unauthorized access.
  • Businesses operating under a Virtual Asset Service Provider (VASP) license in Malta must be prepared to promptly report any data breaches or cybersecurity incidents to the relevant Maltese regulatory authorities, such as the Malta Financial Services Authority (MFSA). Compliance with both local and EU-wide cybersecurity frameworks ensures robust defense mechanisms against unauthorized access and cyber threats. Furthermore, companies are required to develop and maintain incident recovery plans to ensure swift responses to cybersecurity breaches.
6. Operational Requirements

6. Operational Requirements

  • Companies seeking a VASP license in Malta must demonstrate sufficient financial resources and establish robust governance policies. These include internal controls, risk management, and audit procedures to mitigate risks and maintain compliance with MFSA regulations.
  • Additionally, VASP license holders are required to keep detailed records of all transactions, including phone conversations and electronic communications, for at least five years. These records must be available for regulatory review to ensure proper transaction execution and compliance.
7. International Cooperation

7. International Cooperation

Businesses operating internationally must comply with Maltese regulations and adhere to the legal frameworks of the jurisdictions in which they conduct operations. Compliance with international standards, such as those set by the Financial Action Task Force (FATF) and the Common Reporting Standard (CRS), is essential to ensure transparent and secure cross-border transactions.

Maltese authorities, including the Malta Financial Services Authority (MFSA), work closely with international regulatory bodies, such as the European Securities and Markets Authority (ESMA) and the European Commission, to ensure cross-border compliance in the cryptocurrency and digital asset industry. This cooperation fosters trust and operational efficiency, ensuring that businesses licensed as Virtual Asset Service Providers (VASP) can operate seamlessly across multiple jurisdictions.

8. Innovation and Adaptability

8. Technological Infrastructure and Innovation Support

  • Malta is a leading jurisdiction in fintech and cryptocurrency innovation, demonstrated by its MFSA FinTech Regulatory Sandbox. This environment allows businesses to test cutting-edge technologies within a controlled regulatory framework, ensuring compliance, operational efficiency, and faster adaptation to evolving regulations.
  • Additionally, businesses in Malta are required to implement advanced technological solutions such as secure blockchain infrastructures and stringent data protection measures to meet both operational and regulatory standards. Compliance with international standards, such as ISO 27001 for information security, is expected.
  • The Malta Digital Innovation Authority (MDIA) plays a crucial role in overseeing and certifying these emerging technologies, ensuring that Malta remains at the forefront of digital asset industry advancements and the development of innovative technological solutions.

Types of Crypto licensing in Malta

Currently, crypto businesses in Malta operate under the Virtual Financial Assets (VFA) framework, which regulates activities related to cryptocurrencies and digital assets. The Malta Financial Services Authority (MFSA) issues licenses for Virtual Asset Service Providers (VASPs) under this framework, and businesses must apply for the appropriate license depending on the nature of the services they provide.

There are four main classes of VFA licenses in Malta:

License typeDescription of license

Class 1 VFA

This license is ideal for businesses offering investment advice and ancillary services related to virtual financial assets without holding or controlling clients’ funds. Companies applying for this license must maintain a minimum share capital of EUR 50,000, or alternatively EUR 25,000 if supplemented by professional indemnity insurance (PII).

Class 2 VFA

Companies providing custodial services or acting as exchanges for virtual assets will need this license. Proprietary trading is not permitted. The minimum share capital requirement for this license is EUR 125,000.

Class 3 VFA

For businesses engaging in proprietary trading of virtual assets on their own account, this license is required. Companies must have a minimum share capital of EUR 730,000.

Class 4 VFA

This is the most comprehensive license, allowing businesses to act as exchanges or custodians while also engaging in proprietary trading. Class 4 license holders can operate trading platforms for third-party buyers and sellers and must meet a minimum share capital of EUR 730,000.

Overview of requirements to Obtain a Crypto license in Malta

To successfully apply for a crypto license in Malta, businesses must follow specific regulatory requirements set by Maltese authorities, ensuring compliance with both local and EU regulations. Below are the key points businesses need to adhere to:

  • The business must be incorporated in Malta and registered with the Malta Business Registry (MBR).
  • A local Compliance Officer must be appointed and approved by MFSA to oversee AML and CFT compliance.
  • The company must meet minimum share capital requirements, for example, EUR 50,000 or EUR 25,000 with professional indemnity insurance (PII) for Class 1 licenses
  • Full compliance with the Prevention of Money Laundering Act (PMLA) is required, including regular reporting to the Financial Intelligence Analysis Unit (FIAU).

    By ensuring the business meets these requirements, companies can streamline the process of acquiring a crypto license in Malta while ensuring ongoing compliance with Maltese and EU regulations.

Estimated time frames

Gathering documents

1-2 weeks

Company formation

1-2 weeks

Pre-application process and analyses

3-5 weeks

Crypto license obtainment from MFSA

4-6 months

*The timeline may vary depending on the completeness of the documentation and the responsiveness of Maltese regulatory bodies. These figures align with the general expectations for regulatory processes within the EU, particularly under MiCA and Maltese regulations.

Detailed Requirements for Crypto license in Malta

Obtaining a crypto license in Malta requires thorough preparation and compliance with the country’s regulatory framework. Malta offers a favorable environment for businesses dealing in virtual assets, with its robust regulatory standards designed to protect both investors and the wider financial system. This guide will provide a detailed list of the documents needed to apply for a license, ensuring compliance with the Malta Financial Services Authority (MFSA) regulations.

List of Required Documents

  • AML and KYC Compliance Procedures:
    • Companies must implement robust Anti-Money Laundering (AML) and Know Your Customer (KYC) procedures in compliance with the Prevention of Money Laundering Act (PMLA) and requirements set by the MFSA. This includes conducting due diligence, transaction monitoring, and reporting suspicious activity to the Financial Intelligence Analysis Unit (FIAU).
  • Application Form:

    A detailed application form that outlines the business model, services offered (e.g., trading, exchange, custody), and target markets must be submitted. This document is essential for initiating the VASP license application process.
  • Memorandum and Articles of Association (MAA)
    • Applicants must submit the MAA, which contains details of the company’s structure, governance, registered office, share capital, and internal regulations. This must be submitted to the Malta Business Registry (MBR) for corporate compliance.
  • Appointment of a VFA Agent

    A licensed VFA Agent must be appointed to oversee the crypto licensing process in Malta. The agent serves as the intermediary between the applicant and the MFSA, ensuring all regulatory obligations are met.
  • Business Plan

    A comprehensive business plan is required, detailing the company’s structure, services, strategic direction, and financial forecasts. This must include operational processes to demonstrate the company’s ability to meet regulatory requirements and sustain long-term operations.
  • Internal Governance Framework

    Companies must submit a document detailing their internal governance framework, including risk management procedures, internal controls, and audit processes. This ensures regulatory compliance and operational integrity.
  • Risk Management Policies

    A formal risk management policy must be provided, outlining how the company will identify, assess, and manage operational and financial risks.
  • Insurance Policy

    Companies must present a professional indemnity insurance (PII) policy that meets MFSA’s requirements. For Class 1 VFA licenses, a minimum cover of EUR 25,000 can be submitted if supplemented with insurance.

Share Capital and Government Fees

  • The minimum share capital required for a Virtual Financial Assets (VFA) license in Malta varies by license class. For example, a Class 1 License requires EUR 50,000, or alternatively EUR 25,000 when coupled with Professional Indemnity Insurance (PII). A Class 4 License, which allows businesses to operate exchanges, requires a minimum of EUR 730,000.
  • Government fees also vary depending on the license class. The application fee ranges from EUR 6,000 for Class 1 to EUR 24,000 for Class 4.
  • Supervisory fees for Class 1 start at EUR 5,500 for revenue up to EUR 50,000, while for Class 4, the fees start at EUR 50,000 for revenue up to EUR 1,000,000, with additional fees applicable for higher revenue thresholds.
  • Own Funds Requirements: At least 56% should be composed of Common Equity Tier 1 capital. Up to 44% can be made up of Additional Tier 1 capital. Up to 25% may consist of Tier 2 capital.

Personnel Requirements

  • A Compliance Officer must be appointed to ensure adherence to AML and CFT regulations, as outlined by the MFSA.
  • The appointment of a VFA Agent is mandatory
  • At least two individuals must be appointed as directors of the company, with at least one having a strong background in financial services, blockchain, or digital assets.
  • The appointment of an Money Laundering Reporting Officer is mandatory, whose primary role is to ensure that the business complies with AML and CFT requirements.
  • Key Function Holders may also be necessary for larger companies, ensuring compliance with governance standards and internal controls.

Business premises requirements

  • Companies applying for a crypto license in Malta must maintain a local registered address, as required by the MFSA. This address serves for official communication and regulatory compliance. While a physical office may not be mandatory, especially for lower-tier licenses, maintaining a local address is essential for regulatory purposes. Virtual offices or co-working spaces may also be acceptable if they meet MFSA requirements.
  • Additionally, the premises must adhere to MFSA standards on infrastructure, data protection, and security, ensuring compliance with Maltese law. We assist in establishing fully compliant premises for businesses operating in Malta.

Step-by-Step Guide to Obtaining a Crypto License in Malta

To successfully obtain a crypto License in Malta, businesses must follow a structured process that aligns with both Maltese and European regulatory frameworks. This ensures that all cryptocurrency operations are conducted in full compliance with local regulations, maintaining security and transparency in line with the stringent standards set by the Malta Financial Services Authority (MFSA).

With extensive experience in both blockchain technology and regulatory compliance, our head of blockchain and crypto, Eriks Fijalovs, ensures that each step of the licensing process is seamless, fully compliant with MFSA standards, and tailored to meet your business needs.

Eriks Fijalovs

Head of Blockchain and Crypto

1

Client Assessment and Business Model Review

The process starts with gathering essential documents from the client, including information about the business model and the corporate structure. We ensure that all documents are in order, particularly if another company acts as a shareholder. This stage includes an initial analysis to ensure the company’s compliance with Maltese regulations.

2

Company Incorporation in Malta

After reviewing the business model, we proceed with the official company registration in Malta. This involves preparing and submitting the Memorandum and Articles of Association (MAA) to the Malta Business Registry (MBR), securing the legal foundation for the company, and obtaining the required Tax Identification Number (TIN).

3

Preparation of Licensing Documentation

Following incorporation, we help prepare all the necessary documentation for the VFA license. This phase includes drafting compliance policies, AML/KYC procedures, and appointing key individuals such as the Compliance Officer and VFA Agent. We ensure that all documentation is ready to meet the requirements set by the MFSA.s.

4

Submission of the License Application to MFSA

Once all documents are prepared, the complete application for the VFA license is submitted to the Malta Financial Services Authority (MFSA). This submission includes the company’s business model, compliance procedures, and all supporting documents. The MFSA will then assign a case officer to oversee the application review process.

5

Application Review and Compliance Checks

During the review process, the MFSA may request additional documentation or clarifications. We maintain regular communication with the regulator, ensuring that all queries are resolved promptly. Any necessary adjustments are made to ensure full compliance with the VFA regulatory framework.

6

Opening a Corporate Bank Account

After submitting the license application, we assist the company in setting up a corporate bank account with a local Maltese bank. This step is essential for handling the company’s financial operations and meeting regulatory standards in Malta.

7

Operational Launch After License Approval

Once the MFSA approves the VFA license, the company can begin its operations. We provide further assistance to ensure the business complies with ongoing regulatory requirements and sets up robust compliance monitoring systems to adapt to any future regulatory changes.

Detailed Time Frames to Obtain a VASP License in Malta

The timeline for obtaining a VASP License in Malta can vary based on the complexity of the business and the responsiveness of the Malta Financial Services Authority (MFSA). Below is an approximate breakdown of the key stages involved in the process:

1.  Initial Preparation and Documentation

Time Frame: 3-5 weeks

2.  Application Submission

Time Frame: 1-3 days

3.  Regulatory Review by MFSA

Time Frame: 3-6 months

4.  Final Registration and License Issuance

Time Frame: 1-2 weeks

Once pre-licensing conditions are fulfilled and approved, the MFSA will grant the official VASP license. The company is then authorized to commence its VFA services within the stipulated regulatory framework in Malta.

Overall Estimated Time Frame – Approximately 6-9 months

Factors Influencing the Time Frame

By paying close attention to these factors, the application process for a VASP License in Malta typically takes anywhere between 6 to 9 months, depending on the complexity of the business and the responsiveness of both the applicant and the MFSA. Working with professional service providers ensures all regulatory requirements are met, minimizing the risk of unnecessary delays.

Advantages of the VASP license in Malta

Links for Legislation Related to Crypto Business in Malta

The MFSA is the primary regulatory body overseeing financial institutions in Malta, ensuring compliance for both Virtual Financial Assets (VFA) and VASP license holders. It provides guidance and enforcement for businesses applying for a crypto license in Malta.

The FIAU focuses on anti-money laundering (AML) regulations and countering the financing of terrorism (CFT). It plays a critical role in ensuring compliance for companies operating under the VASP and VFA license frameworks.

The MBR manages the incorporation and registration of all businesses in Malta, including those in the cryptocurrency space. Companies applying for a crypto license in Malta must ensure their operations meet the corporate legal requirements of the MBR.

The IRD handles taxation matters in Malta, including corporate tax, income tax, and tax rebates for companies holding a VASP license. This department ensures that crypto businesses in Malta comply with the local tax regulations.

This legislative framework governs businesses providing services related to virtual financial assets in Malta. It applies to service providers, including VASPs, and outlines the licensing, compliance requirements, and classification of crypto assets.

This Act governs the certification of blockchain technology and distributed ledger technology (DLT) platforms in Malta. It ensures compliance and transparency in tech-related services, which are critical for companies applying for a crypto license in Malta.

The Companies Act establishes the legal framework for setting up businesses in Malta, including those involved in the crypto space. It covers governance, structure, and operational requirements necessary for obtaining a VASP license.

These directives set forth regulatory requirements for anti-money laundering measures applicable to businesses in the EU, including Malta. Compliance with these directives is crucial for obtaining a crypto license in Malta.

The MiCA Regulation is the forthcoming EU-wide framework governing virtual financial assets and crypto businesses. It aims to harmonize the issuance, trading, and regulation of crypto-assets across Europe, including those under the VASP framework in Malta.

is Malta’s primary law aimed at preventing money laundering and terrorist financing. It requires businesses to implement AML policies, conduct due diligence, and report suspicious activity to the FIAU.

CASP license in Malta

Taxation of Cryptocurrency Companies in Malta

Taxation plays a crucial role in Malta’s regulatory compliance framework for cryptocurrency businesses. The Maltese government has developed a taxation system that integrates digital assets into the broader financial ecosystem, ensuring transparency and legal compliance. Below are the key areas detailing how cryptocurrency companies are taxed in Malta:

1. Corporate Tax

1. Corporate Tax

  • Cryptocurrency companies in Malta are subject to a corporate tax rate of 35% on their profits. However, Malta offers a favorable tax regime that can significantly reduce the effective tax rate to as low as 5% under specific conditions. This makes Malta an attractive jurisdiction for cryptocurrency businesses aiming to reduce their tax liabilities while remaining compliant with local tax regulations.
2. Dividend and Withholding Tax

2. Dividend and Withholding Tax

  • Malta does not impose withholding tax on dividends distributed to shareholders, whether they are resident or non-resident. Under Malta’s full imputation system, shareholders can claim significant tax refunds on the corporate tax paid by the company, potentially reducing the effective tax rate to as low as 5%. This tax advantage makes Malta an especially attractive jurisdiction for virtual asset companies or those seeking to obtain a VASP license in Malta, providing tax efficiency while ensuring compliance with local regulations.
3. Value Added Tax (VAT)

3. Value Added Tax (VAT)

  • Crypto businesses operating in Malta are generally exempt from Value Added Tax (VAT). This aligns with the European Court of Justice’s ruling, which classifies cryptocurrency transactions as financial services and thus not subject to VAT. This VAT exemption applies across the European Union, including Malta, allowing crypto-related operations to benefit from tax relief, making Malta a tax-efficient jurisdiction for cryptocurrency companies.
4. Capital Gains Tax

4. Capital Gains Tax

  • For individuals: In Malta, individuals who engage in crypto trading for personal purposes (not as part of a professional or business activity) are typically exempt from paying capital gains tax on their profits from the sale of cryptocurrencies.
  • For Companies: Companies involved in cryptocurrency trading or profiting from digital asset transactions are generally subject to corporate tax. These profits are taxed at the corporate income tax rate of 35%, though Malta’s tax refund system could effectively reduce this burden, potentially lowering the effective tax rate under specific conditions, particularly through Malta’s imputation tax system.
5. International Transactions

5. International Transactions

Cross-border cryptocurrency transactions in Malta must adhere to OECD guidelines on transfer pricing, ensuring profits are taxed based on their origin. Additionally, Malta has established a comprehensive network of double taxation treaties with numerous countries, helping businesses mitigate the risks of double taxation on international earnings.

6. Tax Reporting and Compliance

6. Tax Reporting and Compliance

  • Cryptocurrency businesses in Malta must adhere to strict tax reporting and compliance regulations, including periodic tax filings and robust AML adherence. The Malta Financial Services Authority (MFSA) and the Commissioner for Revenue work together to ensure that companies operating in the crypto sector fulfill both local tax and compliance obligations. This level of oversight is essential to maintaining the legitimacy of businesses within Malta’s crypto space.
7. Personal Income Tax

7. Personal Income Tax

  • In Malta, personal income is taxed progressively, with tax rates ranging from 0% to 35%, depending on the individual’s income bracket. Cryptocurrency professionals are subject to the same tax regime. Non-residents working in the cryptocurrency sector may experience varying tax treatments based on double taxation agreements (DTAs) Malta has with other countries.
8. Regulatory Guidance and Updates

8. Regulatory Guidance and Updates

  • The Malta Financial Services Authority (MFSA) provides ongoing updates on cryptocurrency regulations and tax obligations. Staying informed with MFSA notices ensures compliance with the latest legal amendments concerning AML (Anti-Money Laundering), KYC (Know Your Customer) policies, and cryptocurrency-specific tax requirements. Businesses operating in the cryptocurrency sector can avoid regulatory risks by following these updates closely.

FAQ about Crypto license in Malta

1. What is a VASP License in Malta, and why is it essential for my crypto business?

A VASP license allows businesses in Malta to legally offer cryptocurrency services. It ensures compliance with local and EU regulations, promoting trust and security in the crypto market.

2. What are the primary requirements for obtaining a cryptocurrency license in Malta?

You need to submit an application, appoint a Compliance Officer and VFA Agent, meet share capital requirements, and establish AML/KYC procedures.

3. How long does it take to obtain a VASP license in Malta?

The process typically takes 6 to 9 months, depending on the complexity of your business and the completeness of your application.

4. What are the tax benefits for cryptocurrency companies in Malta?

Malta offers a favorable tax environment for crypto businesses, including reduced tax rates and access to the EU market.

5. Is it mandatory to appoint a Compliance Officer and AML Manager for my crypto business in Malta?

Yes, appointing a Compliance Officer and Money Laundering Reporting Officer is mandatory for all VASP applicants.

6. What are the minimum capital requirements to apply for a VASP license in Malta?

The minimum share capital ranges from €50,000 for Class 1 licenses to €730,000 for Class 4 licenses, depending on the services provided.

7. Do I need to establish a physical office in Malta to obtain a Crypto License?

Yes, you need a registered office in Malta, but virtual offices are allowed as long as they meet regulatory standards.

8. What are the benefits of obtaining a VASP License in Malta compared to other jurisdictions?

Malta offers a crypto-friendly legal framework, access to the EU market, and a stable regulatory environment.

<< 1 >>


EMI license in Lithuania 2024

Business activity: Payment institution, Digital bank

EMI license in Cyprus 2024

Business activity: Payment institution, Digital bank

MSB License in Canada 2024

Business activity: Payment institution, Digital bank