Malta has established itself as the ‘first mover’ in the regulation of businesses utilising distributed ledger technology (DLT), more commonly known as blockchain.
Recognising the potential behind blockchain, Maltese lawmakers sought to develop a regulatory environment that addresses the risks arising from sinister uses of the technology while, at the same time, encouraging innovation in this field.
This recognition led to the development of legislation that, at its core, strikes a crucial balance between, on the one side, the strictures posed by current laws related to public offerings and investor protection and, on the other, the potential risks that may arise from lack of regulation. This balance underpins the regulatory framework enacted by the Maltese legislator in the following key acts:
1. Malta Digital Innovation Authority Act;
2. Innovative Technology Arrangements and Services Act;
3. Virtual Financial Assets Act.
The Malta Digital Innovation Authority Act (MDIAA)
The MDIAA establishes a new authority to be named the ‘Malta Digital Innovation Authority’ (the Authority). In accordance with the MDIAA, the Authority will operate as an independent body and will be responsible to certify technology arrangements and to register technology service providers as the ‘competent authority’, in accordance with the Innovative Technology Arrangements and Services Act.
In addition, the MDIAA also establishes the Joint Regulatory Efficiency Board whose role will be to ensure adequate cooperation between the relevant authorities in Malta with respect to the use of innovative technology arrangements.
Innovative Technology Arrangements and Services Act (ITASA)
The ITASA sets out the regulatory framework through which interested persons may, on a voluntary basis, certify eligible innovative technology arrangements or services. In accordance with the First Schedule of the ITASA, the following are considered as eligible innovative technology arrangements:
i. Software and architectures which are used in designing and delivering DLT which ordinarily, but not necessarily:
a. Uses a distributed, decentralised, shared and, or replicated ledger;
b. May be public or private or hybrids thereof;
c. Is permissioned or permissionless or hybrids thereof;
d. Is immutable;
e. Is protected with cryptography; and
f. Is auditable.
ii. Smart contracts and related applications, including decentralised autonomous organisations, as well as other similar arrangements;
iii. Any other innovative technology arrangement which may be designated by the responsible Minister, on the recommendation of the Authority, by notice from time to time.
Certification of an innovative technology arrangement from the Authority may be sought for one or more specified purposes and with reference to one or more specified qualities, features, attributes, behaviours or aspects which will be determined by the same Authority and stated in the certification.
In this regard, the Authority must be satisfied that:
i. The innovative technology arrangement is fit and proper for the purposes for which it declares to have been established and having the qualities, attributes, features, behaviours or aspects also declared;
ii. The software comprising the innovative technology arrangement has been reviewed by a registered systems auditor who is independent from all persons owning, administering, operating or otherwise involved in the innovative technology arrangement;
iii. The innovative technology arrangement has a registered technical administrator in office at all times, and who, amongst other things, is able to demonstrate to the Authority its ability to:
a. satisfy all pre-requisites for certification;
b. meet standards on a continuing basis and to address any critical matters stated in any guidelines issued by the Authority;
c. vary functionalities where the objective of the system is to address legal requirements which may reasonably be predicted to change over time.
In accordance with the Second Schedule of ITASA, the following are considered as eligible technology services:
i. The review services with reference to innovative technology arrangements provided by system auditors;
ii. Technical administration services related to innovative technology arrangements provided by technical administrators.
Certification of innovative technology service providers is issued provided that the Authority is satisfied that the innovative technology service provider:
i. Is fit and proper for the provision of the services to be provided;
ii. Has the qualifications and/or experience which the Authority requires for the registration as a provider of services in the particular class applied for;
iii. Has sufficient technical resources or third party support and is in a position to comply with and observe any innovative technology authorisation rules, guidelines and regulations applicable to him.
The Virtual Financial Assets Act (VFAA)
The VFAA establishes the regulatory framework for issuers of DLT assets/ ICOs (Issuers) and service providers of DLT assets (Related Service Providers).
Of principal importance, is the provision in the VFAA that grants the Malta Financial Services Authority (MFSA) the power to prescribe a test to be known as the ‘financial instrument test’ (FI Test).
The purpose of the FI Test is to determine the regulatory regime applicable to Issuers and Related Service Providers. By applying the FI Test on the properties of a particular DLT asset, they are able to conclude whether an offering/ issuance or a Related Service falls under existing legal institutes such as the Prospectus Directive or the Markets in Financial Instruments Directive (MiFID), or whether it falls under the new regime prescribed by the VFAA.
The FI Test is essentially a two-layered test which works by exclusion such that if a coin or a token does not fall within any one of the two layers, then it can be concluded that such coin or token is a ‘Virtual Financial Asset’ (VFA) and, consequently, the offering/ issuance or the Related Service would be regulated by the VFAA.
A summary of the proposed FI Test is available here.