Innovative Technology Arrangements and Services Act in Malta

On the 26 June 2018, Maltese Parliament approved the three bills regulating blockchain technology and cryptocurrencies in Malta. Whilst the Virtual Financial Assets Act creates a framework for the regulation of ICOs, cryptocurrencies, cryptocurrency exchanges and other intermediary services related to cryptocurrencies; the Innovative Technology Arrangements and Services Act (ITAS) which goes hand in hand with the Malta Digital Innovation Act (MDIA) creates a framework for blockchain, distributed ledger technology (DLT) and smart contracts – along with the Malta Digital Innovation Authority (the Authority) which will regulate, monitor and supervise the industry.

The three bills make Malta one of the first countries in the EU to provide a sound and robust legal regime relating to the blockchain industry. This will contribute to the continuous growth and technological innovation which Malta aims to achieve in its robust financial services industry. The publication of these bills puts Malta at the forefront in the global race towards legalizing virtual currencies and DLT. As a result, the world’s largest cryptocurrency exchange Binance and the world’s second largest cryptocurrency exchange, OKEx, will open up its operations in Malta.

In a nutshell, the ITAS provides for the regulation of designated innovative technology arrangements (ITAs), designated innovative technology services (ITSs) and the exercise by or on behalf of the MDIA (herein referred to as ‘the Authority’) of regulatory functions with regard thereto.

Both ITAs and ITSs are found in the first and second Schedule of the ITAS Bill. Technology Arrangements are defined as software and architectures which are used in designing and delivering DLT which (i) uses a distributed, decentralized shared and, or replicated ledger, (ii) may be public or private, (iii) is permissioned or permissionless, (iv) is protected with cryptography and (v) is auditable. The ITA may also include smart contracts and related applications including decentralized autonomous organizations (DAOs) and other similar arrangements. Nevertheless, the Government does not exclude the possibility to extend such a definition in the future to include other arrangements. Technology Services include both review services, provided by system auditors as well as technical administration services, provided by technical administrators.

Any person with the desire to obtain recognition for ITA or ITS may voluntarily apply to the Authority by an application, in writing. The applicant must provide all information, documentation and assurances that the Authority requests, so that, the Authority can determine whether the applicant is suitable. Such decision is dependent upon the ITA or the ITS being the subject of the application.

The Authority will maintain an electronic register, made available to the public, of all the different types of recognition granted to applicants, as well as the necessary information needed to identify applicants and the activities they have been authorised to perform.

The Authority will have the power to certify different ITAs for one or more specified purpose. Once certified, an ITA shall be granted a Certificate which shall state the details of how the ITA is identified, including any public key or a brand name. The ITA shall also post the Certificate of the arrangement in a specific location which shall be notified to the Authority, in an easily accessible and legible format, so it can be viewed and understood by all users of the ITA to increase transparency and certainty.

Certification of an ITA shall be awarded once general and specific requirements are satisfied such as:

The ITA is fit and proper for the purpose for which it has been established;
The software comprising the arrangement has been reviewed by a registered systems auditor who is independent from any person involved in the ITA;
The ITA has a registered technical administrator in office at all times; to satisfy that all pre-requisites for the certification are in place, all standards are met on a continuing basis and can vary any parameters or functionalities which might change in accordance with the law.

It is the duty of an innovative technology authorisation holder, to ensure that the authorisation is kept valid and effective and will have to be renewed in accordance with the time frames specified in the ITAS.

The registration for the provision of one type of service shall not bar the registration of the same person to provide other types of services. Once registered, a service provider shall be granted a Certificate of Registration which shall state its name and address, have a unique number for identification purposes and shall list the class or classes of services which the applicant has been registered to provide.

When a person is making an application for any form of recognition and he is not ordinarily resident in Malta, then such person is required to appoint in writing prior to registration, a resident agent who is habitually resident in Malta and is of good conduct. This agent will act as a channel of communication between the innovative technology authorisation holder and the Authority and any other Maltese government department or authority. Among other duties he will sign and file applications, declarations, notices, returns and any other document required, apply for certification and authenticate documents.

ITS providers registered under the ITAS shall be considered to be professionals acting as fiduciaries in relation to the information submitted to them by any customers and shall also be bound by the provisions of the Professional Secrecy Act. Registration of providers may only be requested by a body corporate or association existing under the laws of Malta, or existing under the laws of another EEA member state if it provides services in Malta.

Furthermore, these providers and every person involved in any ITA, even if not recognised under the ITAS, shall respect the principles of best practice mentioned in the ITAS. This includes the provision that the business of an ITS provider shall be conducted with honesty and integrity and all rights, interests and needs of each customer must be communicated to them in a fair clear and not misleading way. In addition, proper care and diligence shall be carried out and the appropriate arrangements are put in place through human resources for third party delegates, contractors, financial resources and technology facilities so that operational and compliance obligations are put in place.

EMD can assist you with the registration and certification process as well as act a resident agent if required.