Cryptocurrency Regulation in Malta

Crypto Regulation in MaltaMalta, a self-declared blockchain island, is one of the few European Union (EU) jurisdictions to have an explicit regulatory framework for crypto assets and services as several years ago the Maltese government made the decision to formally recognize and regulate cryptocurrency-related businesses for the sake of the development of the innovative technology sector in Malta.

Just like other financial service providers in Malta, cryptocurrency businesses are supervised by the Malta Financial Services Authority (MFSA) who’s responsible for protecting the integrity of the financial services industry and for maintaining stability within the financial sector for the benefit and protection of consumers.

The Malta Digital Innovation Authority Act

The Maltese government aims to accelerate the development of Malta as a centre of excellence for activities related to innovative technologies by enforcing the Malta Digital Innovation Authority Act (the MDIA Act) of the 15th of July 2018. It defines the establishment of the Malta Digital Innovation Authority (MDIA) who supports the development of technological innovation in Malta by being in charge of communication between appropriate national authorities and by enforcing regulation upon digital innovators.

The main objectives and principles of the MDIA are:

  • Promoting governmental policies that favour the deployment of innovative technology arrangements
  • Facilitating the advancement and utilisation of innovative technologies
  • Protecting the reputation of Malta in the use of innovative technologies
  • Harmonising national regulations with the international standards and laws
  • Partnering with other regulatory authorities for AML/CFT, data protection and fair competition
  • Promoting transparency and auditability in the use of innovative technologies

The Innovative Technology Arrangements and Services Act

By passing the Innovative Technology Arrangements and Services Act (the ITAS Act) on the 1st of November 2018, the Maltese government strengthened its focus on the standardisation of the regulation of the swiftly evolving new technologies. The ITAS Act is enforced by the MDIA.

The ITAS Act sets out such rules as:

  • Principles for the registration of innovative technology service providers
  • Guiding principles for the behaviour of innovative technology service providers (integrity, transparency and knowledge)
  • Appointment and functions of a resident agent in case of applicants not being residents of Malta

The ITAS Act determines innovative technology arrangements as software and architectures which are used in designing and delivering DLT which ordinarily but not necessarily:

  • Uses a distributed, decentralised, shared and/or replicated ledger
  • May be public, private or hybrid
  • Is permissioned, permissionless or hybrid
  • Is secure to a high level against retrospective tampering, such that the history of transactions can’t be replaced
  • Is protected with cryptolicence
  • Is auditable

The ITAS Act defines innovative technology services as:

  • The review or audit services referred to in this Act with reference to innovative  technology  arrangements provided by system auditors
  • The technical administration services referred to in this Act with reference  to innovative technology arrangements provided by technical administrators

The Prevention of Money Laundering Act

AML/CFT principles are established in the Prevention of Money Laundering Act of the 23rd of September 1994 and in the Prevention of Money Laundering and Funding of Terrorism Regulations of the 1st of January 2018 and are enforced by the Financial Intelligence Analysis Unit (FIAU) which is functioning as a regulator of the relevant innovative technology services. Additionally, the FIAU possesses Implementing Procedures that are also legally binding.

In order to monitor compliance with the relevant AML/CFT legislation, the FIAU is authorised to collect, process, analyse and disseminate data supplied by the the regulated businesses.

The Virtual Financial Assets Act

The foundation of the Maltese cryptocurrency regulatory framework is the Virtual Financial Assets Act (the VFA Act) of the 1st of November 2018 which covers the classification of Distributed Ledger Technology (DLT) assets, Virtual Financial Assets (VFAs), and sets out rules for companies providing DLT products or services, including cryptocurrency licensing.

According to the VFA Act, DLT assets mean virtual tokens, VFAs, e-money and financial instruments that are intrinsically dependent on or utilise DLT.

A VFA is defined as any form of digital medium recordation that’s used as a digital medium of exchange unit of account, or store of value and that isn’t a virtual token, e-money or a financial instrument.

The VFA regulatory framework distinguishes 3 types of authorisations – registration of VFA agents, registration of whitepapers and applications of VFA service providers.

VFA Agents

When a VFA issuer is intending either to register a whitepaper or to apply for a VFA service provider licence, it’s required to appoint a VFA agent who shall advise the company on its obligations, ensure compliance with all the applicable requirements as prescribed in the VFA Act as well as receive and retain all documentation. A list of registered VFA agents is available on the MFSA’s Financial Services Register.

A VFA agent is authorised to practice the profession of: a) advocate, accountant or auditor, b) a firm of advocates, accountants or auditors or corporate services providers, c) a legal organisation which is entirely owned and controlled by persons referred to in paragraphs (a) or (b) whether in Malta or in another recognised jurisdiction. It can also be any other class  of  persons  holding  authorisations,  qualifications  and/or experience considered by the MFSA as possessing the expertise to exercise the prescribed functions.


Anyone intending to issue a VFA to the public in or from within Malta is required to draw up a whitepaper which complies with the requirements prescribed in the VFA Act and register it with the MFSA. An authorised whitepaper is valid for 6 months.

Every Whitepaper shall be drawn up in English, dated, state required information and include a statement by the board of administration confirming that the whitepaper complies with the requirements of the VFA Act.

The appointed VFA agent shall fill out a whitepaper registration form and confirm to the MFSA that the whitepaper complies with the VFA Act and shall state any assumptions it has made and any reservations it may have on any matter relating to the whitepaper for the consideration of the MFSA.

The registration form is divided in two stages that must be completed by a VFA agent. After the submission of Stage One, the MFSA undergoes a preliminary review of the submitted documentation. Once the review is completed, an applicant will be given permission to proceed to Stage Two of the registration process.

Stage One consists of the following parts:

  • VFA agent and applicant’s details (the applicant can be still in formation at the time of applying)
  • VFA details and whitepaper details
  • Fees and declaration

Stage Two consists of the following parts:

  • Organisational structure
  • Beneficial owners and qualifying unitholders
  • Internal governance
  • Functionaries

All the parts should be supported by documents proving the supplied information. If it’s not sufficient, the MFSA may decide to request the applicant to provide any further information and/or documentation through its VFA agent.

VFA Service Providers

VFA service providers are Malta-based businesses providing VFA-related services determined in the VFA Act. They are obligated to adhere to the following principles:

  • Conduct business with honesty and integrity
  • Communicate with their investors in a fair and not misleading manner
  • Conduct their  business  with  due  skill,  care  and diligence
  • Be able to identify and manage conflicts of interest that may arise
  • Have effective arrangements in place for the protection of investors’ funds
  • Maintain all of their systems and security access protocols to appropriate international standards
  • Be considered as subject persons willingly cooperating with the MFSA and other relevant authorities

VFA Service Provider Licence

Businesses intending to supply VFA services are required to apply for a licence through a registered VFA agent by submitting an online VFA service provider application form.

Types of cryptocurrency licences:

  • Class 1 (required authorised capital – 50,000 EUR or 25,000 EUR with PII) – financial advisors, entitled to receive and transfer VFA-related orders and offer investment advice
  • Class 2 (required authorised capital – 125,000 EUR) – provision of crypto wallets, peer to peer exchange, management of investment portfolios
  • Class 3 (required authorised capital – 730,000 EUR) – over-the-counter traders and transactions, market makers, except for VFA exchange
  • Class 4 (required authorised capital – 730,000 EUR) – the most extensive licence permitting VFA operations related to the control of the customer money as well as cryptocurrency exchange of any type

Registration fees:

  • Class 1 – 3,000 EUR
  • Class 2 – 5,000 EUR
  • Class 3 – 7,000 EUR
  • Class 4 – 12,000 EUR

Annual supervision fees:

  • Class 1 – from 2,750 EUR
  • Class 2 – from 4,500 EUR
  • Class 3 – from 6,000 EUR
  • Class 4 – from 25,000 EUR

Requirements for the Applicants

First of all, an applicant has to either incorporate a company or come from a recognised jurisdiction and open a branch in Malta with the sole purpose of operating as a licensee whose actual activities are compatible with the description of authorised VFA services.

The company’s operational structure should ensure internal monitoring procedures for compliance with the relevant legislation (AML/CFT, safeguarding client assets, cybersecurity, data protection, etc.).

A financial instrument test must be undergone by all applicants through a selected VFA agent to determine if the nature of an applicant’s business falls under the jurisdiction of the VFA Act. The test consists of three categories – virtual tokens, financial instruments and e-money. If an applicant’s business isn’t related to any of these three categories, it will by default fall under the category of VFAs.

Applicants are obligated to take the fitness and properness assessment and meet the criteria of integrity, competence and solvency. Furthermore, these core requirements must be constantly met after the commencement of the business. The assessment must be taken by:

  • A person that has a qualifying holding in the applicant
  • A beneficial owner
  • A member of the board of administration
  • A senior manager
  • MLRO
  • A compliance officer
  • A risk manager
  • Any other person who will manage the VFA business of the applicant

Application Process

Businesses wishing to either register their whitepaper or apply as a VFA services provider have to submit an application through a registered VFA agent. A list of registered VFA agents is available on the MFSA’s Financial Services Register. Depending if the MFSA requires additional documentation, the application process may take 3-6 months.

Steps to take prior to the submission of the application form:

  • Obtain an address in Malta required to send notifications or documents to the applicant in accordance with the law
  • Beneficial owners, qualifying holders, administrators and senior managers of the applicant are required to submit a Personal Questionnaire

The application process is divided into three phases:

  • The preparatory phase
    • An applicant has to send a written notification to the MFSA through the VFA agent of its intention to apply for a VFA licence
    • After receiving the notification the MFSA sets up a preliminary meeting with the applicant who then has 60 days to submit an application
  • The pre-licensing phase
    • If the MFSA is satisfied with the information included in the application and the completion of the fitness and properness assessment, it issues an in-principle approval which is valid for 3 months
    • The applicant has 3 months to resolve any raised issues and meet pre-licensing conditions stated in the in-principle approval
    • Once all the requirements are met, a VFA services provider licence is issued by the MFSA
  • The post-licensing and pre-commencement of business phase
    • New licensees may be demanded to meet post-licensing requirements prior to the start of the business which must be commenced within 12 months of the date of issue of the VFA service provider licence

The following documents have to be attached to the application form:

  • Unitholding structure (information about direct and indirect unitholders as well as beneficial owners)
  • Business plan summary (general business details, rationale for applying for a particular VFA licence, also governance information)
  • Memorandum or Articles of Association and Board Resolution
  • Declaration sheet (related to the declaration of truthfulness of the provided information as well as the privacy notice)
  • A corporate questionnaire to be completed by shareholders (includes authorised person details, regulatory history, corporate structure, etc.)
  • Involvement suitability assessment (details of a proposed individual, competence questions, potential conflicts of interest)
  • Outsourcing assessment (details about outsourced activities, arrangements and responsible persons)

How to Open a Cryptocurrency Company in Malta

One of the most common legal structures of cryptocurrency companies in Malta is a Private Limited Liability Company (Ltd) which can be registered within 9 weeks.

A new company can be registered with the Malta Business Registry (MBR) either by the shareholders or by their authorised representatives such as lawyers or accountants.

Requirements for a Private Limited Liability Company:

  • 1-50 shareholders (no local shareholders required)
  • Minimum authorised capital applicable to a relevant VFA class must be possed
  • A locally registered office address, however an operational office isn’t legally required
  • At least one director
  • A company secretary who doesn’t have to be a resident in Malta
  • A compliance officer, an AML/CFT officer and a risk manager (no nationality requirements)

Required documents:

  • A Memorandum and Articles of Association
  • Form BO1 containing details about the identification of the company’s beneficial owners
  • Proof of locally registered office address
  • Evidence of transferred share capital (e.g. a bank deposit slip)
  • Notarised photocopies of shareholders’ passports

Key steps of opening a cryptocurrency company in Malta:

  • Verifying and reserving a unique company name which must end with an Ltd
  • Opening a bank account
  • Transferring authorised share capital
  • Settling registration fees
  • Submitting registration documents with the MBR
  • Obtaining a certificate of registration from the MBR which enables the start of the company’s activities
  • Applying for a VFA service provider licence
  • Registering for taxes with the Commissioner for Revenue (CFR)

Reporting Requirements

All Maltese private limited liability companies are obligated to prepare annual audited financial statements which are also required for the purpose of the preparation of the annual income tax return form. The audit shall be carried out by independent auditors registered with the local accountancy board and compliant with the International Standards of Auditing (ISA).

An annual return form must be prepared upon each anniversary date of the company’s registration. The return form must be submitted with the MBR within 42 days after the date to which it is made up. A payment of 100-1,400 EUR (depending on the authorised capital) has to be submitted along with the return form.

Moreover, a copy of annual accounts must be also submitted along with a copy of the auditors’ report and the directors’ report. The annual accounts must be approved within 10 months from the end of the financial year, with a subsequent  grace period of 42 days.

Audit exemption is applicable to new businesses meeting the following criteria:

  • The maximum annual turnover of the company doesn’t exceed 80,000 EUR or a pro rata amount if the relevant accounting period is a period other than 12 months
  • All the shareholders in the company meet the criteria of qualifying shareholders; a shareholder is considered qualifying if he/she has completed his/her educational studies at least at MQF Level 3 or an equivalent level as recognised by the Malta Qualifications Recognition Information Centre, and who has completed such studies on a date being not earlier than 3 years from the date of the registration of the company

Taxation Framework

Malta has more than 70 international agreements on the avoidance of double taxation which makes it an attractive jurisdiction. Furthermore, VFA businesses can gain clarity from the crypto-specific taxation guidelines issued by the CFR office. They determine the application of the Income Tax, Stamp Duty and VAT rates to the transactions or arrangements involving DLT assets.

The VFA tax guidelines specify that VAT, Stamp Duty, and Income Tax handling of any DLT asset will depend on the purpose for which the asset is used, not the category of the asset. For example, transactions that are subject to VAT are to be analysed by referencing the nature of the activities, the status of the involved parties and the specific circumstances of the particular case.

For the taxation purposes DLT assets are divided into the following categories:

  • Coins – cryptocurrencies, functionally constituting the cryptolicence equivalent of fiat money (are created to be used as a means of payment or medium of exchange, or function as a store of value)
  • Financial tokens – analogous to equities, debentures, units in collective investment schemes or derivatives
  • Utility tokens – utility, value or application is restricted solely to the acquisition of goods or services either solely within the DLT platform on, or in relation to which they are issued or within a limited network of DLT platforms

Standard tax rates in Malta:

  • Corporate Income Tax – 35%
  • Value Added Tax – 18%
  • Stamp Duty – 2-5%

Examples of tax exemptions and allowances:

  • According to the VFA tax guidelines, the funds that are raised from the issuance of financial tokens during the initial offering aren’t subject to the Corporate Income Tax
  • The tax treatment of transactions involving coins such as Bitcoin is identical to the tax treatment of transactions involving fiat money which is why gains of isolated cryptocurrency transfers aren’t taxed
  • VFA service providers in Malta can apply for the Highly Qualified Persons Rules (HQP) enabling them to benefit from a flat tax rate of 15% up to a maximum income of 5 mill EUR. Any excess on the said sum is exempt from tax

Our highly experienced and reliable lawyers will be delighted to provide you with tailored support in establishing a cryptocurrency company in Malta and in obtaining a VFA service provider licence. We closely monitor local regulations and are therefore well equipped to guide our clients through every stage of the process.

our team







vasilina cryptocurrency Estonia




svetlana cryptocurrency Lithuania











At the moment, the main services of our company are legal and compliance solutions for FinTech projects. Our offices are located in Tallinn, Vilnius, and Warsaw. The legal team can assist with legal analysis, project structuring, and legal regulation.

Company in Estonia OÜ

Registration number: 14153440
Licence number: FIU000186
Phone: + 372 5683 0881
Email: [email protected]
Address: Sepise 1, Tallinn, 11415, Estonia

Company in Lithuania UAB

Registration number: 304377400
Phone: +370 669 55747
Email: [email protected]
Address: Lvovo g. 25, 7th floor, Vilnius, 09320, Lithuania

IT Expert Consultancy Sp. z o.o

Registration number: 38421992700000
Phone: +485 7358 1016
Email: [email protected]
Address: Twarda 18, 15th floor, Warszawa, 00-824, Poland

Please leave your request