Through means of a circular published on the 25th February 2019, the Malta Financial Service Authority published the final version of Chapter 3 of the Virtual Financial Assets Rulebook: Virtual Financial Asset Rules for VFA Service Providers. (‘Chapter 3’). It is aimed at VFA service providers wishing to obtain a VFA Services licence under the Virtual Financial Assets Act, Chapter 590 of the Laws of Malta (‘the VFA Act’).
This article summarises the salient features and obligations which arise out of the Chapter, while also outlining a number of significant changes the MFSA made from the consultation document which led to the final version.
From an aerial perspective, Chapter 3 outlines:
- The general scope and high-level principles which serve as guidance in the provision of VFA services;
- Authorisation and Licencing Requirements of VFA Service Providers;
- Ongoing Obligations for VFA Service Licence Holders;
- Enforcement and Sanctions.
There are four types of licences:
- Class 1: Applicable to those receiving and transmitting orders or that provide investment advice or that are placing Virtual Financial Assets (the “VFAs”);
- Class 2: Applicable to those offering any other VFA service except those dealing on own account or offering an exchange. This Class is recommended for Custodian services;
- Class 3: Applicable to those offering any VFA service and that deal on own account, but do not offer an exchange;
- Class 4: Applicable to those offering any VFA service including an exchange.
Classes 2, 3 and 4 are allowed to hold or control clients’ assets or money in conjunction with the provision of a VFA Service. Assets held under the control of a VFA service provider, are deemed by law to constitute distinct patrimony and not subject to setting off debts of creditors of the operator. VFA service providers can only deal with FIAT and VFAs. They cannot deal with financial instruments, electronic money or exchange between FIAT currencies.
An applicant for a licence, must demonstrate to the MFSA that it has sufficient integrity, competence and solvency to run the operation. This assessment shall be applicable to every:
- person that has a qualifying holding in the Applicant;
- beneficial owner;
- member of the Board of Administration of the Applicant;
- Senior Manager;
- Compliance Officer;
- Risk Manager (where applicable); and
- any other person who will effectively direct the VFA business of the Applicant.
Policies and procedures
A consolidated list of the policies and procedures which are required by the VFA Service Provider is as follows:
- Procedure in relation to Security, Integrity and Confidentiality of Information, taking into account the nature of the information in question;
- Business Continuity Process;
- Accounting policies and procedures;
- A procedure governing Personal Transactions by its officials and employees;
- Maintenance of records to be able to demonstrate compliance with the conditions of its VFA services licence as required;
- Adequate security arrangements including inter alia, a Cyber Security Framework.
- A policy on the VFA Assets and Service offered/provided. This should include the characteristics and needs of the clients of the Service Provider;
- A remuneration policy of persons involved in the provision of services to clients aiming to encourage responsible business conduct, fair treatment of clients as well as avoiding conflict of interest in the relationship with clients;
- Risk Management policies and procedures;
- Compliance Monitoring Plan;
- Report Breach Procedure;
- Internal Policy to Categorise Clients;
- Complaints Management Policy;
- AML/CFT Policy;
- Outsourcing Policy (if applicable);
- Conflict of Interest Policy;
- Order Execution Policy.
Licensees are also required to make every effort possible to take out and maintain a professional indemnity insurance covering any loss or damage.
VFA Service Providers operating under Article 62 Transitory Provision
The Rule book adds a section dealing specifically with VFA Service Providers operating under the transitory period. VFA Service Providers benefitting from the transitory provision under the VFA Act remain under an obligation to comply on a best effort basis. Such VFA Service Providers shall apply for a VFA Services License within 12 months from the date of the coming into force of the VFA Act, namely the 1st of November 2018.
It lists some requirements specifically:
- It shall provide evidence to the MFSA that it has successfully passed a fitness and properness assessment
- Provide evidence to the MFSA that it has appropriate systems in place to satisfy the AML/CFT requirements applicable to Licence Holders.
Exchanges are required to abide by the listing criteria prescribed in the rules issued by the MFSA, that include:
- Assessment of the quality of the VFA listed
- Custody requirements
- Monitoring for market manipulation and reporting
- Apply pre-trade and post-trade transparency measures
- Client record keeping
- Reporting of suspicious transactions
- Ensure System Resilience
- Apply streamlined and clear settlement procedures
- Have bye-laws in place
Legal personality of VFA Service Providers
Interestingly, Chapter 3 now requires that all licence holders must be legal persons. The Rulebook now disallows Investment Advisors falling under Class 1 from being natural persons.
Position on Privacy Coins
Chapter 3 adds that Licence Holders shall not perform services in relation to any VFAs which have an inbuilt anonymisation function, unless the holder and transaction history of that VFA can be identified. Privacy and anonymity-oriented VFAs are considered a pervasive and often contentious topic. As a result, the MFSA has cast a distrustful eye on such protocols, rightfully averting the potentiality of a new medium for illicit and illegal activity.
The final version of "Chapter 3 of the Virtual Financial Assets Rulebook: Virtual Financial Asset Rules for VFA Service Providers" can be viewed here.