New Issued Guidance, Penalties and Publications on VFASPs Oversight

Author: Jessica Camilleri

The MFSA has continued to enhance the element of transparency in its guidance with regards to penalty administration, to ensure that such penalties are proportionate and dissuasive in nature. In this light, the Authority has recently issued an amended Guidance Note on the Methodology to set Administrative Penalties relating to Non-Material Breaches. In this context, non-material breaches are those breaches which relate to submissions of regulatory reporting to the Authority, which are laid out in a tabular format in Section 3.3 of this Guidance note. The amendment imposes new obligations on VFA Agents, Service Providers and Issuers to submit a variety of regulatory instruments and makes reference to annual audited returns, compliance certifications, CFT reports as well as IT systems report, as well as others which can be found here.

To set the seal on this guidance, the MFSA has also included these penalties in its revised Publication Policy entitled ‘Administrative Measures & Penalties’. This Annex now includes VFA Service Providers, VFA Agents and VFA Issuers and further classifies these non-exhaustive penalties as non-material breaches. More information on the penalties included can be found here.

Finally, it is also pertinent to note that on the 16th of October the MFSA published Volume VIII of the its publication on Virtual Financial Assets entitled ‘The Nature and Art of Supervision’.

The requirements set forth by the MFSA’s regulatory framework for Virtual Financial Asset Service Providers (VFASPs) have demonstrated their efficacy in serving as a filter, verifying that only serious market participants with a solid compliance framework are operating in Malta. Given the high-risk nature of the VFA sector, this Volume puts forward both licensing and supervision requirements which must be complied with in order to operate an entity in or from Malta. In this way, potential newcomers to the market will be subject to fit and proper checks, as well as ongoing AML screening and will be subject regular reputation checks, ensuring that the individuals operating this sector are of good repute and are endowed with the adequate levels of competence and expertise to acquire the required authorization. Furthermore, the Authority has also introduced the concept of Key Risk Indicators (KRIs’) which follow a scoring mechanism based on risk. This mechanism will consider various factors such as the size of the organization, the jurisdictions in which the entity operates, its governance structure as well as its ongoing conduct, to mention a few.
As the crypto industry enters an exciting new chapter in terms of EU regulation, FinTech Supervision has continued to maintain high levels of supervisory engagements for VFASPs through supervisory visits, supervisory meetings, thematic reviews and supervisory reviews of regulatory deliverables. Nonetheless, the focus remains ensuring an adequate level of control and oversight in the sector of financial crime and cybersecurity. Conclusively, the nucleus of these developments remains that, as we witness the VFA framework transition to MICA, Fintech Supervision will continue to enhance its engagement with local stakeholders.