End-to-end support for obtaining and maintaining a Crypto-Asset Service Provider (CASP) license in Malta.
Contact us
Advapay Malta
Expert Expert consulting services for companies establishing a crypto-asset services provider company in Malta, with ongoing support to ensure long-term compliance and growth.
Proven Local Regulatory Expertise
Direct experience in financial services, fintech, and regulatory compliance in Malta and close relationships with the regulator.
Comprehensive Licensing Support
Guidance on incorporation, corporate structuring, regulatory compliance, tax considerations, operational setup, and crypto-asset payment infrastructure.
Regulatory Compliant Technology Solutions
Expert guidance on selecting and integrating secure crypto-asset custody, trading, and compliance solutions to meet licensing requirements.
Why Malta
Malta provides a well-established regulatory framework and a thriving financial ecosystem, making it a prime destination for crypto, payment and e-money institutions.
01
Ideal Start-up Location
Malta has a well-regulated banking and non-banking sector. The fintech market in Malta is growing at an accelerated and unprecedented rate, largely because Malta has positioned itself as an alternative finance hub to Dublin, London, and Luxembourg. Malta provides a tailor-made environment highly conducive to fintech firms. The small size of the country and low costs make it an ideal fintech start-up location.
04
Tax Efficiency
A 5% effective corporate profit tax applies if companies are owned by non-residents or residents without domicile in Malta. This unique structure complies with the “subject to tax” regulations of double tax treaties: companies pay a 35% profit tax, and the recipient of dividends receives a 30% refund (or 6/7 if it is a corporation whose beneficial owners are not both resident and domiciled in Malta).
03
Passporting Rights
An authorised CASP by the MFSA can passport its crypto-asset services to other EU/EEA countries under the freedom of establishment and/or the freedom to provide services.
02
English-Speaking and Highly-skilled Workforce
Malta boasts a highly educated, multilingual workforce, with English as one of its official languages. The country is home to skilled professionals in accounting, law, risk, compliance, IT, and financial services.
CASP Services under MiCA
Our services for the licensing of a Crypto-Asset Services Provider (CASP) in Malta
Advapay offers comprehensive services to launch and scale your CASP in Malta.
01
Regulatory Licensing & Corporate Governance
End-to-end assistance with CASP licensing applications, programme of operation development, and regulatory submissions.
Compliance framework design for MiCA, AML/CFT, and DORA.
Corporate Formation & Structuring – Shareholder agreements, governance models, KYC compliance, and entity registration.
Board Governance & Directorship Services.
Corporate bank account setup, safeguarding solutions, and transaction structuring.
General Company Maintenance Services.
02
Ongoing Compliance, AML & Risk Management
Ongoing MFSA/FIAU reporting, audits, and inspections.
AML/CFT Advisory – Risk assessments, transaction monitoring, remediation plans, and sanctions screening.
Compliance Outsourcing & Key Function Holders – MLROs, Risk Officers, Compliance Officers, and Internal Auditors.
Handling regulatory inquiries, assisting in regulatory visits, mock inspections, and audit preparation.
Board & Staff Training.
03
Operational Readiness & Business Support
Technology & IT Infrastructure Guidance
Premises & Business Setup
Senior Management Recruitment – CFOs, CTOs, COOs
Business Continuity & Crisis Management Strategies
04
Data Protection, GDPR and DORA Compliance
DPIAs & Compliance Audits – Internal process reviews and regulatory compliance strategies.
Data Security & Governance Policies – Breach handling and remediation planning.
Regulatory Liaison & Representation – Compliance interactions with the IDPC (Information & Data Protection Commissioner).
Ongoing DPO Support – Training, compliance oversight, and regulatory updates.
DORA Compliance – Ensuring compliance with the Digital Operational Resilience Act for financial services firms, focusing on operational resilience, ICT risk management, and incident reporting.
05
Tax Structuring, Accounting & Financial Services
Tax-efficient structuring for international businesses.
VAT & Tax Compliance – Registration, filings, refund applications, and EU cross-border reporting.
Bookkeeping & Payroll Processing – Financial reporting, employee tax compliance, and salary structuring.
Regulatory Tax Representation – Liaison with tax authorities, objections, and appeals support.
06
Employment, Relocation & Citizenship
Assistance with EU & non-EU employment relocation.
Employer & Employee Registration – Social security, tax, and employment authority filings.
HR Compliance & Advisory – Drafting employment contracts, regulatory guidance, and onboarding processes.
Citizenship by Naturalisation (ESDI) – ID cards, tax advice, and personal affairs.
Fintech Legislation and Regulation in Malta
MiCA Regulation (MiCAR)
The MiCA Regulation (MiCAR) is the EU’s regulatory framework designed to regulate crypto-assets, with specific rules for Crypto-Asset Service Providers (CASPs) and Crypto-Asset Issuers (CAIs).
MiCAR covers:
🔹 Crypto-assets such as asset-referenced tokens (ARTs), e-money tokens (EMTs) and other crypto-assets.
🔹 CASPs and/or CAIs regardless of their location—if they target European residents, they must comply with MiCAR
The regulator and Compliance Overview
The Malta Financial Services Authority (MFSA) oversees entities licensed and regulated under MiCA to ensure they remain compliant. These entities include:
🔹 CASPs – Businesses offering crypto-asset services
🔹 CAIs – Entities that issue or offer crypto-assets to the public or seek their admission to trading
The MiCA and the local rules and reporting framework that derive from it are transposed from the EU’s MiCAR framework. CASPs and CAIs must stay updated on regulatory developments, including guidance from the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA).
CASP License Classes Under MiCA
1
CASP Class
Includes any of the following::
🔹The execution of orders on behalf of clients
🔹The placement of crypto-assets
🔹The provision of transfer services for crypto-assets on behalf of clients
🔹The reception and transmission of orders for crypto-assets on behalf of clients
🔹The provision of advice on crypto-assets. The provision of portfolio management on crypto-assets
2
CASP Class
Includes any Class 1 services and any of the following:
🔹Custody and administration of crypto-assets
🔹Exchange of crypto-assets for fiat
🔹Exchange of crypto-assets for other crypto-assets
3
CASP Class
Includes any Class 2 services and the operation of a crypto-asset trading platform
Fintech Legislation and Regulation in Malta
MiCA Regulation (MiCAR)
The MiCAR is the EU’s regulatory framework designed to oversee crypto-assets that fall outside traditional financial regulations. As part of the European Commission’s Digital Finance Strategy, MiCAR sets clear guidelines for CASPs and Crypto-Asset Issuers (CAIs) operating in Europe.
MiCAR applies to all:
🔹 Crypto-assets, including Asset Reference Tokens (ARTs)
🔹 Electronic Money Tokens (EMTs), and Other Crypto-Assets
🔹 CASPs and/or CAIs regardless of their location—if they target European residents, they must comply with MiCAR
MiCA and the Maltese Crypto-Asset Regulatory Framework
The Malta Financial Services Authority (MFSA) plays a central role in overseeing and regulating entities engaged in the provision of Crypto-Asset Services (CASPs) and the issuance of Crypto-Assets (CAIs) in and/or from Malta. The MFSA ensures that these entities comply with the applicable legislative framework, both at the EU and local level.
🔹 Crypto-Asset Service Providers (CASPs) are persons or other undertakings whose occupation or business involves providing one or more crypto-asset services to clients on a professional basi
🔹 A Crypto-Asset Issuer (CAI), on the other hand, is any legal entity that offers crypto-assets to the public or seeks their admission to trading on a trading platform. Specifically, this includes the issuance of asset-referenced tokens (ARTs), e-money tokens (EMTs), and certain other crypto-assets.
In line with the EU’s regulatory framework, MiCA (Markets in Crypto-Assets Regulation), the MFSA enforces a local crypto-asset regulatory framework that transposes the MiCAR (MiCA Regulation) into Maltese law. This ensures that all relevant entities operating within Malta or from Malta are governed by the same high-level principles as outlined in MiCA.
The MFSA oversees compliance with MiCA by the entities it licenses, ensuring they adhere to the regulations and stay updated with developments from ESMA (European Securities and Markets Authority) and the EBA (European Banking Authority). In doing so, it ensures that the Maltese crypto-asset sector is in line with both EU and local standards for crypto-asset services and issuances.
Crypto Asset Services Provider license (CASP license, MiCA license): main regulatory requirements
Fit & Proper Test
The MFSA requires that all qualifying shareholders holding 10% or more of shares or voting rights—whether directly or indirectly, as individuals or corporate entities—meet stringent fitness and propriety standards. Additionally, individuals responsible for managing and directing the institution must demonstrate high professional, ethical, and business integrity while ensuring prudent and diligent operations.
In assessing ‘fitness and properness’, the MFSA will consider integrity, competence, and solvency.
Company & Local Presence
Establishing a Maltese company is mandatory. Within approximately six months of receiving license approval, the company must set up a local office in Malta with approximately 10 staff members, some based in Malta, some employed, and others engaged through service arrangements, depending on the anticipated scale of operations.
Board of Directors and Management
CASPs in Malta must follow the “four eyes” principle, requiring at least two experienced and reputable individuals to direct the business of the financial institution in Malta effectively.
A balanced board structure should include executive, non-executive, and independent directors, with non-executives overseeing and challenging management decisions.
In accordance with regulatory expectations and corporate governance principles, the company shall maintain a Board of Directors comprising at least three (3) directors. The composition of the Board must include, as a minimum:
🔹One independent non-executive director; and
🔹One local executive director, who shall ordinarily reside in Malta and be actively involved in the management of the company. Executive management board members should possess strong local knowledge of both national and EU rules.
Key executive management board members and senior managers (for example, CEO/CTO/CFO) should be employed and present in the Member State of establishment proportionate to their role, ensuring they can effectively fulfil their responsibilities.
Furthermore, the company shall appoint the following key function holders to ensure robust governance and compliance with applicable regulatory requirements:
🔹Compliance Officer
🔹Money Laundering Reporting Officer (MLRO) (employed)
🔹Risk Officer
🔹Internal Auditor
The MLRO and Internal Auditor must have a direct reporting line to the Board of Directors. Additionally, all key functions, including compliance, risk management, and internal auditing, must maintain independence from commercial operations to ensure impartiality and effective oversight.
All directors, senior managers, and key functions shall be filled by individuals with the requisite expertise, experience, and regulatory standing to discharge their respective duties effectively.
Safeguarding Customers’ Funds
To comply with regulations, a licensed financial must keep client funds separate from the company’s private funds.
Financial Instrument Test
Token issuers must conduct a Financial Instruments Test to determine whether a DLT asset qualifies as a crypto-asset under MiCA, falls under another regulatory framework, or is exempt from regulation.
Own capital
To obtain a CASP license, the minimum initial capital requirements are:
€50,000 (Class 1), €125,000 (Class 2) or €150,000 (Class 3).
Additionally, CASPs must maintain prudential safeguards at all times, equal to the higher of:
🔹 The minimum capital requirement above, OR
🔹 25% of the previous year’s fixed overheads.
Reporting Obligations for CASPs
Quarterly Reports: CASPs must submit the Interim CFASP Return every quarter.
Annual Reports: Within six months after the financial year-end, CASPs must provide:
🔹 Audited financial statements
🔹 Audited Annual CFASP Return
🔹 IT Audit Report
🔹 External Auditor’s Report
Crypto Asset Services Provider license (CASP license, MiCA license): documents and information submitted
01
Application Form
02
Copy of the Memorandum and Articles of Association of the proposed CASP
03
Four Eyes Principle – two individuals direct the business of the CASP in Malta
04
Two Audited Financial Statements for the last three years (if the applicant company has already been incorporated and trading for the past 3 years)
05
A Forecast Budget Calculation (financial projections) for the first three financial years and plans to determine own funds.
06
Description and Proof of Prudential Safeguards
07
Description of Audit Arrangements and Accounting Policies
08
Description of the Structural Organisation
09
Information regarding Internal Control Mechanisms
10
Conflicts of Interest Policy
11
Business Continuity Policy
12
Detection, Prevention, and Risk Management of Money Laundering and Terrorist Financing
Policies and Procedures
13
Identity of and Information regarding Management Body and Officers
14
Identity of and Information regarding all shareholders
15
Description of ICT infrastructure and security arrangements
16
Description of Segregation Arrangements
17
Description of Complaints Handling Procedures
18
Service-Specific Policies and Procedures
Application Process
1
Preparatory and License Application:
🔹Pre-application: Submission of a Statement of Intent to the MFSA
🔹Application Submission
🔹Review and Feedback
2
Licensing Approval in Principle:
🔹Review and Recommendation
🔹Finalising Matters: the applicant must resolve any outstanding issues.
🔹Licence Issuance
3
Post-Licensing/Pre-Commencement:
🔹Pre-Commencement Requirements: The applicant must satisfy all MFSA-imposed conditions, including governance, operational, and compliance requirements, before commencing business operations.
🔹 Commencement of Operations: Upon the MFSA’s confirmation that all pre-commencement requirements have been met, the applicant is authorised to commence its licensed activities.
Schedule a free consultation with our expert
Get personalised guidance on the licensing process for CASPs in Malta.
Talk to our expert
Look at other fintech jurisdictions
we cover
We have a strong focus on fintech businesses like digital banks, e-wallets, fiat-crypto wallets, e-commerce banking and remittance.
