In preparation for the coming into force of the Virtual Financial Assets Act, the MFSA has issued a consultation paper on the third part of the VFA Rulebook covering the rules intended to guide VFA Service Providers. The rules cover the different set of standards which are expected from a VFA Service Provider, both prior to coming being licensed and while maintaining a VFA Services licence.

Title 1 of the Rulebook covers the high-level principles which are to guide VFA Service Providers in the provision of the VFA service in or from within Malta. Such principles impose upon the Service Providers the requirement to be ethical, honest, fair and also compliant to any relevant laws and regulations. Additionally, they must also take into consideration investor protection, market integrity, financial soundness and more importantly, they must act in Malta’s best interests.

Title 2 of the Rulebook sets out the Licensing requirements along with the authorisation process for those who intend to become VFA Service Providers. Any person seeking to obtain a VFA Services licence must be a legal person established in Malta, with an exception being made to persons wishing to provide solely Investment Advice as per point 6 of the Second Schedule of the Virtual Financial Assets Act, where the person may be a natural person resident in Malta.

Any person seeking to acquire a licence must also appoint a VFA Agent to represent the applicant in all discussions and dealings with the authority. The role of the VFA Agent is to present the licence application to the MFSA and to act as an intermediary between the licensee and the MFSA.

VFA Service Providers must have in place an initial capital as set out below:

VFA Services Licence Initial Capital Requirement (EUR)
Class 1 €50,000; or

€25,000 and PII

Class 2 €125,000
Class 3 €730,000
Class 4 €730,000

Title 3 of the Rulebook outlines the ongoing obligations which VFA Service Providers must adhere to. Amongst the array of obligations set out in the Rulebook, each and every Service Provider must establish, implement and maintain systems and procedures that safeguard security and information along with a Cyber-Security Framework. Subsequently, every applicant must undertake the Financial Instrument Test to determine whether a DLT asset qualifies as a Virtual Financial Asset and prior to offering a VFA service in relation to such DLT asset.

As part of the ongoing obligations, it must also be made certain that clients’ assets are properly safeguarded and in relation to this, any clients’ records shall be kept for a minimum of 10 years and for the first two years they shall be kept in a place where they can be produced within 24 hours of them being requested.

Title 4 of the Rulebook provides for enforcement and sanctions in the event of misconduct by VFA Service Providers with maximum fines of €150,000 being imposed for breaches.

The Scope of this consultation is to obtain industry feedback in relation to the Authority’s proposals and interested parties are encouraged to send their feedback to the MFSA by no later than the 14th September 2018.

For more information on ICOsVirtual Financial AssetsBlockchainSmart Contracts and related areas please contact Dr Ian Gauci on and Dr Gabriel Fenech on

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content