Fintech landscape and initiatives

General innovation climate

What is the general state of fintech innovation in your jurisdiction?

Malta’s reputation as the ‘blockchain island’ is a testament to its positive approach to the fintech industry. Malta was a pioneer in regulating distributed ledger technologies and cryptocurrencies through the enactment of:

  • the Virtual Financial Assets Act (Chapter 590 of the Laws of Malta);
  • the Malta Digital Innovation Authority Act (Chapter 591 of the Laws of Malta) (MDIAA); and
  • the Innovative Technology Arrangements and Services Act (Chapter 592 of the Laws of Malta).

Other prominent fintech areas attracting investment in Malta relate to e-payment services and insurtech.


Government and regulatory support

Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?

The government has always given the industry priority in policy formation. In 2018 the Malta Financial Services Authority (MFSA) established a regulatory sandbox to enable financial service providers to test the viability of their products within the regulatory framework, while keeping in direct contact with the regulators. Further, the MFSA has published a fintech strategy to promote a high standard of innovation in the industry through (among other things):

  • the creation of a Malta Fintech Innovation Hub;
  • the establishment of links across various jurisdictions;
  • the cultivation of a national talent pool in the fintech industry; and
  • the implementation of robust cybersecurity measures.

The Malta Digital Innovation Authority (MDIA) is a new regulator established to act as:

  • a fintech promoter that incentivises ‘investment’ in ‘innovative technology arrangements’, as such terms are defined under the MDIAA; and
  • a supervisory authority that ensures the reliability of such technologies and the integrity of the market.

Financial regulation

Regulatory bodies

Which bodies regulate the provision of fintech products and services?

The MFSA and the MDIA regulate the provision of fintech products and services.

Regulated activities

Which activities trigger a licensing requirement in your jurisdiction?

The local financial services regulatory framework comprises:

  • the Investment Services Act (Chapter 370 of the Laws of Malta) (ISA), which outlines the regulatory requirements of operators wishing to set up investment services undertakings and collective investment schemes. It transposes the EU Markets in Financial Instruments Directive (2014/65/EU) (MiFID II) into Maltese law and regulates services outlined therein when they are carried out in or from Malta and in relation to one or more ‘instruments’, as defined therein;
  • the Banking Act (Chapter 371 of the Laws of Malta), which is the law regulating credit institutions which carry out the ‘business of banking’, defined as:
    • accepting deposits of money from the public which are withdrawable or repayable on demand, after a fixed period or after notice;
    • borrowing or raising money from the public with the purpose of using all or some of such money to lend to others; or
    • otherwise investing for the account and at the risk of the person accepting such money; and
  • the Financial Institutions Act (Chapter 376 of the Laws of Malta) (FIA), which sets out the licensing and ongoing obligations of non-banking institutions. These can be classified in two categories – namely, institutions which carry out:
    • payment services or the issuance of electronic money; and
    • activities such as lending, financial leasing, the provision of guarantees and commitments, foreign exchange services and money brokering.

The FIA, the subsidiary legislation and the regulations promulgated under the FIA transpose the EU Payment Services Directive (2015/2366/EU) (PSD2) and the Second EU Electronic Money Directive (2009/110/EC).

Consumer lending

Is consumer lending regulated in your jurisdiction?

Lending is a regulated activity under the FIA, irrespective of whether it is provided to consumers or otherwise. Article 5 of the FIA outlines the requirements for the authorisation of an institution to carry out lending activities, including:

  • an initial capital in the amount established by the MFSA;
  • at least two individuals effectively directing the business of the institution in Malta;
  • all qualifying shareholders, controllers and all persons effectively directing the institution’s business are suitable persons to ensure its prudent management; and
  • sound and prudent management and robust governance arrangements.
Secondary market loan trading

Are there restrictions on trading loans in the secondary market in your jurisdiction?

There are no particular restrictions applicable to trading loans in the secondary market in Malta.

Collective investment schemes

Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.

Collective investment schemes (CIS) are regulated under the ISA. CIS which fall within the scope of the local regulations are:

  • retail collective investment schemes, primarily undertaking in collective investment transferable securities;
  • professional investor funds;
  • alternative investment funds (AIFs); and
  • notified alternative investment funds.

Investment-based crowdfunding is regulated under a separate regime.

With respect to peer-to-peer (P2P) or marketplace lenders, it is pertinent to refer to the FIA, which regulates ‘money broking’, defined as the activity of introducing counterparties which wish to deal at mutually agreed terms with respect to wholesale and retail financial products. This regulation may have implications for both marketplace lenders and P2P platforms.

Alternative investment funds

Are managers of alternative investment funds regulated?

Managers of alternative investments funds (AIFMS) which operate in or from Malta fall within the scope of the ISA and the Alternative Investment Fund Managers Regulations (Subsidiary Legislation 370.23 of the Laws of Malta), which transpose the EU Alternative Investment Fund Managers Directive (2011/61/EU) into Maltese law. An AIFM may be subject to a lite regime akin to the regime under the MiFID II if it qualifies as a de minimis AIFM. This will be the case where either the assets under management are worth less than:

  • €100 million; or
  • €500 million and the portfolio consists of AIFs that are unleveraged and have no redemption rights in the first five years following the date of initial investment.
Peer-to-peer and marketplace lending

Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.

The FIA stipulates that any person which, as a lender, regularly lends money in or from Malta is carrying out a regulated activity and requires an MFSA licence prior to commencing operations. That said, there is no specific regulation on P2P platforms or marketplaces lending under the local financial services framework.


Describe any specific regulation of crowdfunding in your jurisdiction.

While reward-based and donation-based crowdfunding platforms remain unregulated, the MFSA has introduced a framework under the ISA applicable to investment-based crowdfunding services. Measures under this regime include a licensing requirement under the ISA, which – in addition to capital requirements – encompasses mandatory disclosure obligations. In the case of offers of securities which fall within the scope of the EU Regulation 2017/1129 (in which case, the EU regime would apply), the issuer must provide an information document, which will, however, not be approved or verified by the MFSA.

Invoice trading

Describe any specific regulation of invoice trading in your jurisdiction.

Invoice trading falls within the scope of the FIA. Factoring and invoice discounting are listed as two types of lending activity which in turn trigger a licensing obligation under the FIA if and when they are carried out in or from Malta on a regular basis.

Payment services

Are payment services regulated in your jurisdiction?

The FIA includes a list of the payment services which are regulated in Malta and reflects the services outlined in the PSD2. Institutions engaging in such payment activities must obtain authorisation from the MFSA prior to the provision of such services in or from Malta on a regular basis.

Open banking

Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?

There are no laws or regulations promoting competition among financial institutions through the use of available data. However, the concept of open banking has been locally introduced under the FIA through the regulation of third-party payment service providers – namely, payment initiation services providers and account information service providers.

Insurance products

Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?

Entities that undertake re/insurance or re/insurance distribution activities or market re/insurance services in or from Malta are regulated by:

  • the Insurance Business Act (Chapter 403 of the Laws of Malta); and
  • the Insurance Distribution Act (Chapter 487 of the Laws of Malta).

These acts impose requirements from or with the MFSA depending on the nature of the insurance business activity being provided in or from Malta. These acts, which implement EU Directive 2009/138/EC and EU Directive 2016/97/EU respectively, are supplemented by rulings issued by the MFSA.

Credit references

Are there any restrictions on providing credit references or credit information services in your jurisdiction?

Credit reference agency’ is defined under the Trading Licence Act (Chapter 441 of the Laws of Malta) as any undertaking licensed by the Trade Licensing Unit, whose main business is to prepare, assemble and evaluate credit information and related credit and risk management services concerning legal and natural persons for the purpose of issuing credit scores to be furnished to third parties, provided that the agency is not precluded from carrying out other related tasks. The definition of ‘credit reference agencies’ pursuant to the draft law falls outside the scope of EU Regulation 1060/2009 and therefore the European Securities and Markets Authority would not have supervisory powers over such entities. Further, credit reference services are listed under the Banking Act as one of the additional activities exercisable by credit institutions.

On 7 November 2018 the European Central Bank received a request from the Central Bank of Malta (CBM) for an opinion on a draft law amending the Central Bank of Malta Act and on Draft Directive 15 on the supervision of credit reference agencies, which:

  • gives the CBM new supervisory powers with respect to credit reference agencies; and
  • designates the CBM as the supervisory authority of credit reference agencies solely for the purpose of overseeing and regulating the issuance of credit scores.

Cross-border regulation


Can regulated activities be passported into your jurisdiction?

Regulated activities emanating from EU directives transposed into Maltese law can – subject to regulatory and procedural formalities – be passported into Malta. Credit and financial institutions, investment services providers, collective investment schemes and issuers which are legally established in one member state may passport their services through the establishment of a branch or otherwise, as may be applicable. Conversely, ‘homegrown’ services which are regulated by a standalone legislative framework in EU member states cannot be passported into Malta.

Requirement for a local presence

Can fintech companies obtain a licence to provide financial services in your jurisdiction without establishing a local presence?

Fintech companies cannot obtain a licence without establishing a local presence in Malta. While local presence and substance requirements vary across the different regulatory regimes applicable to the specific services being provided by a fintech company, a decree of substance in Malta is always required.

Sales and marketing


What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?

The Malta Financial Services Authority (MFSA) has the discretional authority to issue marketing guidelines and restrictions which apply to various financial services sectors and to prohibit or alter any kind of promotional activity carried out by any financial services institution. Specific restrictions apply to licence holders which market their services and products to ensure that all information – including marketing communications addressed to retail investors or potential retail investors – is fair, clear and not misleading. The Investment Services Act states that no collective investment schemes, licensed or otherwise, can issue or cause to be issued a prospectus in or from Malta unless it has been approved by the MFSA. The marketing of retail financial services in Malta also falls within the scope of the EU Distance Selling (Retail Financial Services) Regulation (Subsidiary Legislation 330.07), which implements EU Directive 2002/65/EC.

Change of control

Notification and consent

Describe any rules relating to notification or consent requirements if a regulated business changes control.

The Investment Services Act imposes a notification requirement for persons which, directly or indirectly, acquire a ‘qualifying shareholding’ (as defined therein) in an investment services licence holder or increase their qualifying shareholding to an extent that the proportion of the voting rights or the capital held would reach or exceed 20%, 30% or 50% or so that the investment services licence holder would become its subsidiary. The Malta Financial Services Authority (MFSA) can object to such an acquisition. A notification obligation is also triggered in case of disposal or reduction of such qualifying shareholding. Licence holders must obtain written consent from the MFSA before acquiring 10% or more of the voting share capital of another company before agreeing to sell or merge all or any part of its undertaking.

In the context of credit institutions, Banking Rule 13/2009 (‘Prudential assessment of acquisitions and increase of qualifying shareholdings in credit institutions authorised under the Banking Act’) provides a blueprint of the procedural rules and evaluation criteria for the assessment of acquisitions and holdings increases in the financial sector and determines the criteria to be applied by the MFSA in the assessment process of a proposed acquirer. These rules reflect the Joint Guidelines JC/GL/2016/01, which were issued by the Joint Committee of the European Supervisory Authorities in 2016.


Financial crime

Anti-bribery and anti-money laundering procedures

Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?

The regulatory framework which governs anti-money laundering (AML) procedures in Malta falls under the Prevention of Money Laundering Act (Chapter 373 of the Laws of Malta) (PMLA) and the Prevention of Money Laundering and Funding of Terrorism Regulations, which implements EU Directive 2015/849/EU. The European Union extended the scope of its AML regime to digital currencies through EU Directive 2018/8432/EU. Entities which must abide by the AML regulations include those which:

  • provide services to safeguard private cryptographic keys on behalf of customers or to hold, store and transfer virtual currencies; and
  • engage in exchange services between virtual currencies and fiat currencies.

Malta has acknowledged the risks associated with digital currencies and has taken the initiative to anticipate this framework. The new Implementing Procedures issued by the Financial Intelligence Analysis Unit (FIAU) now also cover issuers of virtual financial assets (VFAs), VFA service providers and the activities of safe custody services, even when provided by any person or institution other than those licensed or authorised under the Banking Act or the Investment Services Act. Digital currency exchanges and issuers of VFAs are deemed to be subject persons and must have measures, policies and procedures in place to address the identified risks, including:

  • customer due diligence, record-keeping and reporting procedures; and
  • risk management measures.

Is there regulatory or industry anti-financial crime guidance for fintech companies?

The FIAU has issued a specific rulebook applicable to VFA agents, issuers and licence holders with sector-specific guidance on how these issuers and operators can meet their AML obligations under the PMLA. This document, which is still subject to a consultation process, sets out the proposals of the FIAU in this regard.

Peer-to-peer and marketplace lending

Execution and enforceability of loan agreements

What are the requirements for executing loan agreements or security agreements? Is there a risk that loan agreements or security agreements entered into on a peer-to-peer or marketplace lending platform will not be enforceable?

Loan and security agreements are contracts which are generally governed by Maltese contract law. Parties entering into such an agreement must have the capacity to do so which, in the case of companies, means that the agreement is signed by a director after having obtained proper authorisation from the board. In the case of natural persons, contracts can generally be entered into by anyone over the age of 18, provided that they have not previously been interdicted or incapacitated. Depending on the type of loan or security agreement which is being entered into, special laws may apply. In the context of a pledge of shares, special rules contained in the Companies Act (Chapter 386 of the Laws of Malta) will also apply, which requires the pledge to be constituted by an instrument in writing and notified to the Malta Business Registry.

Given that loan and security agreements are determined by contract between the parties, enforcement depends on the provisions of the respective contracts; however, parties are not precluded from enforcing an agreement before the Maltese courts or instituting arbitration proceedings in Malta.

Assignment of loans

What steps are required to perfect an assignment of loans originated on a peer-to-peer or marketplace lending platform? What are the implications for the purchaser if the assignment is not perfected? Is it possible to assign these loans without informing the borrower?

The assignment of loans and other rights is generally dealt with in the Civil Code (Chapter 16 of the Laws of Malta). The Civil Code provides that an assignment is complete and the ownership of the thing being assigned is acquired by the assignee as soon as the thing is transferred, the price is agreed and when the deed of assignment (which must be in writing) is made. The assignee may not exercise the rights assigned to them, except against third parties after due notice of the assignment (by judicial act) has been given to the debtor; however, notice is not necessary if the debtor has acknowledged the assignment.

However, Malta’s securitisation framework, based on the Securitisation Act (Chapter 484 of the Laws of Malta), operates as an opt-in regime whereby legal entities entering into securitisation transactions may style themselves as securitisation vehicles subject to the Securitisation Act, which aims to facilitate securitisation transactions by, among other things, relaxing some of the requirements regarding the assignment of rights as set out in the Civil Code. An assignment of rights (to a securitisation vehicle) made pursuant to the Securitisation Act:

  • does not require the assignment to have a price;
  • is complete as soon as the assignment is written; and
  • allows notice to be given to debtors by a simple written notice (ie, not a judicial act) or by publication of a notice in a daily newspaper.

An assignment made properly under the Securitisation Act is considered a true sale since the act provides that such an assignment will be treated as final, absolute and binding on the assignor (the originator), the assignee (securitisation vehicle) and all third parties and is not subject to clawback. This implies that an assignment which is not perfected under the Securitisation Act may not be considered a true sale and may be subject to annulment, rescission, revocation or termination.

Securitisation risk retention requirements

Are securitisation transactions subject to risk retention requirements?

The EU Securitisation Regulation (2017/2402) became directly applicable to all EU member states as of 1 January 2019. Article 6 of the Securitisation Regulation directly tackles risk retention, providing that, subject to any exceptions set out therein, the originator, sponsor or original lender of a securitisation must retain, on an ongoing basis, a material net economic interest in the securitisation of no less than 5%. In the circumstance that the retainer of such risk was not agreed, the originator must by law retain such risk.

Securitisation confidentiality and data protection requirements

Is a special purpose company used to purchase and securitise peer-to-peer or marketplace loans subject to a duty of confidentiality or data protection laws regarding information relating to the borrowers?

The Securitisation Act provides that the transfer of any data or information made in the context of a securitisation transaction must remain subject to professional secrecy, confidentiality and data protection laws. However, transfers of personal data made in the context of a securitisation are deemed to have been made for the legitimate interest of the transferee and transferor unless it is shown that such interest is overridden by the interest to protect the fundamental rights and freedoms of the data subject. Transfers of personal data made to a third country that does not ensure an adequate level of protection within the meaning of the Data Protection Act (Chapter 586 of the Laws of Malta) will not require the authorisation of the data protection commissioner, provided that the controller of such data can provide adequate safeguards for the protection of the data subjects’ privacy and fundamental rights and freedoms.

Artificial intelligence, distributed ledger technology and crypto-assets

Artificial intelligence

Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?

AI is not yet a regulated area. However, the government has published a high-level policy document, which is still under consultation, highlighting the vision, scope and policy considerations for the development of a national AI strategy which aims to establish Malta as a model nation in terms of AI policy. A Malta AI Taskforce, commissioned by the government to draft the national AI strategy, also launched a consultation on its proposed ethical AI framework document, seeking public feedback on guiding AI principles and trustworthy AI requirements as set out in the document.

Distributed ledger technology

Are there rules or regulations governing the use of distributed ledger technology or blockchains?

The Innovative Technology Arrangements and Services Act (ITAS) outlines the framework of designated innovative technology arrangements (including blockchain platforms and smart contracts) while catering for the Malta Digital Innovation Authority (MDIA) and its regulatory functions with regards thereto. Under the ITAS, any person may on a voluntary basis request the MDIA to certify eligible arrangements or services on the basis of a number of conditions, including that (among other things) the arrangement is fit and proper for the purposes for which it was set up and its underlying software has been reviewed by a registered systems auditor.


Are there rules or regulations governing the use of cryptoassets, including digital currencies, digital wallets and e-money?

Crypto-assets in Malta are regulated by the Virtual Financial Assets Act (VFAA), which spearheads the implementation of a bespoke financial instrument test, applicable to issuers, agents and licence holders, for the purpose of determining whether a distributed ledger technology (DTL) asset qualifies as:

  • electronic money;
  • a financial instrument;
  • a virtual financial asset (VFA); or
  • a virtual token.

If a person provides any of the services listed in the VFAA in relation to a DLT asset which qualifies as a VFA, licensing obligations apply. The issuance of e-money also mandates a Malta Financial Services Authority (MFSA) authorisation pursuant to the Financial Institutions Act.

Digital currency exchanges

Are there rules or regulations governing the operation of digital currency exchanges or brokerages?

The VFAA imposes a licensing requirement on service providers in the VFA space, including VFA exchanges, custodians of VFAs (include wallet providers) and VFA advisers and brokers which are operating in or from Malta. The MFSA has issued a VFA Rulebook, which is divided into three main chapters. The requirements for a VFA service provider licence include:

  • the setting up of a Maltese entity;
  • the holding of minimum capital;
  • the appointment of various functionaries; and
  • undergoing assessments by the MFSA into (among other things) the entity’s ultimate beneficial owners and board of administration.
Initial coin offerings

Are there rules or regulations governing initial coin offerings (ICOs) or token generation events?

The VFAA states that no issuer can:

  • offer a VFA to the public in or from Malta; or
  • apply for a VFA’s admission to listing on a DLT exchange unless such issuer draws up a white paper which:
    • is dated;
    • states the matters specified in the first schedule to the VFAA;
    • includes a statement by the board of administration confirming that the white paper complies with the act; and
    • is registered with the MFSA.

The white paper must enable investors to make an informed assessment of the prospects of the issuer, the proposed project and the features of the VFA. Issuers must appoint a number of functionaries – including a VFA agent, a custodian and a systems auditor – and ensure that an investor does not invest more than €5,000 in its initial VFA offerings over a 12-month period.

Data protection and cybersecurity

Data protection

What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?

There is no specific law or guidance regulating fintech companies’ use of personal data. The processing and transfer of data is regulated by the Data Protection Act, which implements the EU General Data Protection Regulation (GDPR), alongside any subsidiary legislation, and regulates the processing of personal data with regards to the e-communications sector, thereby implementing EU Directive 2002/58/EC.

The European Commission has issued draft proposals for an e-privacy regulation to supersede the current EU Directive 2002/58/EC, which would be directly applicable in all member states, harmonising data protection laws.


What cybersecurity regulations or standards apply to fintech businesses?

Different cybersecurity standards apply across different business sectors in the financial industry. In the digital assets space, which is regulated by the Virtual Financial Assets Act, licence holders must establish various management policies within their cybersecurity framework. Further, acknowledging that the financial services industry is experiencing a digital and technological transformation, the Malta Financial Services Authority has proposed a new set of guidance notes on cybersecurity, which will apply to key players in this industry, setting out a minimum set of best practices and risk management procedures to be followed in order to effectively mitigate cyber risks.

Outsourcing and cloud computing


Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?

In general, the outsourcing of material activities of a financial services company would lead to the regulatory intervention and oversight of the Malta Financial Services Authority (MFSA). For example, the Banking Act provides that credit institutions cannot outsource their material services or activities, unless the outsourcing service provider is granted recognition by the MFSA. In order to obtain such recognition, the outsourcing service provider must make a written request providing information on:

  • its name and address;
  • the material services or activities to be outsourced;
  • the reasons for outsourcing such service or activities; and
  • the regulatory status, if any, if it is authorised or licensed in a foreign jurisdiction.
Cloud computing

Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?

Various initiatives at both a local and European level seek to govern the evolution of cloud computing. However, these are not necessarily specific to the financial services sector. Locally, the Malta Communications Authority has issued a guidance document entitled “Cloud Computing Guidelines for SMEs & Microenterprises” that highlights considerations to be taken by small and medium-sized enterprises and microenterprises when assessing the suitability of the use of cloud computing in their firm. This guidance document provides further details as to the contractual implications which may arise between small and medium-sized enterprises, microenterprises and cloud computing service providers. Transposing EU Directive 2016/1148/EU, Subsidiary Legislation 460.35 sets out cybersecurity standards and establishes a Critical Information Infrastructure Protection Unit (CIIP Unit). In Malta the CIIP Unit falls under the remit of the Critical Infrastructure Protection Directorate, which also oversees the National Computer Security Incidence Response Team.

Intellectual property rights

IP protection for software

Which intellectual property rights are available to protect software, and how do you obtain those rights?

Software constitutes a literary work which enjoys automatic copyright protection under the Copyright Act (Chapter 415 of the Laws of Malta). A copyright is a non-registrable right which arises as soon as a work considered eligible for copyright protection (which, under Maltese law, includes artistic works, audiovisual works, databases, literary works and musical works) is created. No formal registration of copyright (voluntary or otherwise) in Malta is required. Further, in accordance with the Patents and Designs Act (Chapter 417 of the Laws of Malta) (PDA), schemes, rules and methods for doing business and computer programs are not considered to constitute inventions which are capable of patent protection.

IP developed by employees and contractors

Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?

In terms of works that are eligible for copyright protection, the Copyright Act dictates that such protection will vest initially in the author or joint authors of the particular work. However, particularly in the case of computer programs and databases, where a work is made in the course of the author’s employment, the economic rights arising therefrom will be deemed to be transferred to the author’s employer – subject to an agreement between the parties to the contrary. Other works eligible for copyright (ie, barring computer programs and databases) will always vest in the author or joint authors of the particular work, provided that an agreement to the contrary has not been entered into.

With reference to patentable inventions, the PDA holds that any invention occurring under a contract of employment belongs to the employer; however, the creator of that work (ie, in this context, the employee) would have a right to equitable remuneration for their invention. In the absence of an agreement between the parties as to the remuneration due, this must be ascertained by the Maltese courts.

In view of the various nuances highlighted above, it is always advisable to incorporate a clause regulating the ownership, or otherwise, of intellectual property into a company’s standard contract of employment and service agreements with its contractors or consultants. However, when developing or making use of intellectual property in the course of employment or engagement, there is an argument to be made that the employee or the contractor or consultant engaged to render a particular service must be considered a fiduciary in accordance with Article 1124 et seq of the Civil Code, and must therefore abide by the various obligations specified therein.

Joint ownership

Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?

The Trademarks Act (Chapter 597 of the Laws of Malta) states that where a registered trademark is subject to co-ownership, each joint owner is entitled to – subject to an agreement stating the contrary – an equal undivided share in the registered trademark. Each co-owner is also entitled, personally or otherwise, to perform for their own benefit, without the other co-owner’s consent, any act which would otherwise amount to an infringement of the registered trademark. A co-owner may not grant a licence over the registered trademark or assign or cede control of their share in the trademark without the other co-owner’s consent.

This is also applicable in the case of co-ownership of a registered design under the PDA. Conversely, in the case of joint proprietors of a patent, the law specifies that either party may separately assign or transfer by succession their share of the patent with or without the other patent owner’s agreement. However, in order to surrender the patent or conclude a licensing agreement with third parties, the co-owners must act jointly.

In terms of copyright, a joint author can assign or license copyright unilaterally, provided that where any other joint author is not satisfied with the manner in which such assignment or licence has been granted, they can resort to the Copyright Board within three months from the day on which the terms of the assignment or licence have been communicated to them in writing.


Trade secrets

How are trade secrets protected? Are trade secrets kept confidential during court proceedings?

The Trade Secrets Act (Chapter 589 of the Laws of Malta) (TSA) provides for measures to be taken against the unlawful acquisition, use and disclosure of trade secrets. The TSA allows the competent court to issue precautionary acts against the alleged infringer for the cessation or prohibition of the use or disclosure of the trade secret on a provisional basis. The court may also issue precautionary acts to prohibit the production, offering, placing on the market or use of infringing goods or the seizure of such infringing goods to prevent their entry into or circulation on the market. Once the court has determined that there has been unlawful acquisition, use or disclosure of a trade secret, it can order the cessation of such unlawful behaviour, apply injunctive and corrective measures or impose damages which are appropriate to the actual prejudice suffered as a result of the unlawful acquisition, use or disclosure of the trade secret. The TSA also states that should an application be submitted by an interested party, it is unlawful for any of the parties participating in the legal proceedings to disclose the nature or any details relating to the trade secret in question. This obligation will remain in force even after legal proceedings have ended.


What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?

Trademarks create a distinctive brand and can be obtained by lodging an application with the Malta IP rights directorate outlining the trademark name or image (or combination thereof), as well as the goods and service which such trademark will protect. It is also possible to apply for an EU trademark, which will grant pan-European protection over the trademark. On an international level, it is also possible to lodge an application with the World Intellectual Property Organisation, designating the countries in which trademark protection is sought.

Remedies for infringement of IP

What remedies are available to individuals or companies whose intellectual property rights have been infringed?

The remedies available are enshrined in the acts which regulate specific IP rights. The Trademarks Act provides that a person found guilty of trademark infringement under this act may be liable for:

  • imprisonment for up to three years;
  • a fine of up to €23,293.73; or
  • both.

This liability attaches to any person which, with a view to gain for themselves or another, or with intent to cause loss to another, uses or applies – without the consent of the trademark owner – an infringing sign or else has in their possession or control or offers for sale, hire or distribution goods which bear infringing marks. The Enforcement of Intellectual Property Rights (Regulation) Act (Chapter 488 of the Laws of Malta) provides for measures which may be requested by IP rights holders to enforce their IP rights or to preserve evidence and request information from alleged infringers.


Sector-specific issues

Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?

There are no competition issues which specifically affect fintech companies in Malta. However, in 2019 the European Commission published its Competition Policy for the Digital Era, which tackles competition issues that arise from the digital industries and states how regulation should be tailor-made in order to cater for the specific issues which might arise. The report identified the following characteristics of the industry which might give rise to incentives for dominant digital firms to act in an anti-competitive manner:

  • the extreme returns to scale that the industry brings with it;
  • the convenience of the product being dependant on a large user base; and
  • the pivotal role of data.



Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?

While the Maltese corporate tax environment is attractive to businesses establishing a local presence, there are no tax incentives specifically available for fintech companies. Malta offers several fiscal schemes and incentives in the form of tax credits to companies deemed as being innovative enterprises according to the rules and regulations set out by the Malta Enterprise.

Increased tax burden

Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?

Without prejudice to the regulatory fees payable to the competent authorities in relation to any new licensing obligations imposed on fintech companies, there are no new or proposed tax laws or guidance specific to fintech business which will amplify tax and administrative costs.



Sector-specific schemes

What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?

At present, in Malta there are no immigration regimes specifically targeting fintech businesses aspiring to recruit skilled staff from abroad, which means that the immigration schemes which are available to fintech businesses are no different from the schemes which are available to other business sectors. There are two regimes available, distinguishing EU, EEA and Swiss nationals from non-EU nationals. EU, EEA and Swiss nationals aspiring to work in Malta’s fintech business must apply for residence via CEA Form A submitted on the basis of employment or self-employment pursuant to the Free Movement of EU Nationals and their Family Members Order (LN 191/2007) and the Immigration Regulations (LN 205/2004). The non-EU, EEA and Swiss regime grants two applications to third-country nationals – namely, CEA Form B and the key employee initiative, which is a single work permit for managerial or highly technical posts.

Update and trends

Current developments

Are there any other current developments or emerging trends to note?

The main current development in Malta is the drive and effort with which the Malta Financial Services Authority – as a proactive financial services regulator – is promoting the idea of Malta becoming a global fintech hub. Throughout its long-term fintech strategy, the regulator is not only supporting the financial services industry to harness the opportunities presented by innovation and technology, but is also geared up to harness as much legal and regulatory certainty as possible for industry players to operate in an environment with effective investor protection, market integrity and financial soundness.

Law stated date

Correct on:

Give the date on which the above content is accurate.

25 September 2019.