How to obtain an E-money and Payment Institution license in Malta

If you are looking to obtain an Authorised Payment Institution or Electronic Money Institution license in Malta, then Advapay can support your business. Advapay provides Maltese start-ups with legal, technical and business assistance to start a fintech business in this country:

  • 1) Business planning & consultancies
  • 2) Document preparation and submission, communication with the regulator
  • 3) Assistance in setting up a business and opening a safeguarding account
  • 4) Deployment of the technical solution and payment infrastructure
  • 5) Assistance in finding business partners

Regulator and legislation

The Malta Financial Services Authority is a single regulator for the financial services sector in Malta. One of the main laws regulating payments in Malta is the Financial Institutions Act (Chapter 376) ('FIA') which is the key act transposing the EU Payment Services Directive 2015/2366 ('PSD2').

Malta’s regulatory framework places great emphasis on anti-money laundering and anti-fraud measures.

Malta`s regulator is very supportive of promoting fintech services. The MFSA’s FinTech Strategy aims to establish Malta as an international FinTech hub which supports and enables financial services providers to infuse technologies into product and service offerings to drive innovation.

The MFSA is open and approachable and offers face-to-face meetings with international companies seeking to operate from Malta.

Overview of the fintech industry in Malta

Malta has a well-regulated banking and non-banking sector. The fintech market in Malta is growing at an accelerated and unprecedented rate, mostly because Malta has positioned itself as an alternative finance hub to Dublin, London, and Luxembourg. Malta provides a tailor-made environment vastly conducive to fintech firms. The small size of the country and low costs make it an ideal fintech start-up location.

An electronic money institution authorised by the MFSA may exercise its European right to issue electronic money in another Member State or an EEA State either through the establishment of a branch or under the freedom to provide services.

Malta is very highly regarded as one of the world centres for gaming, gambling and betting. Therefore, it might be very beneficial for you if your business is related to these industries. Additionally, Malta has introduced an organized framework for the use of cryptocurrencies.

There are 18 e-money institutions and 24 payment institutions authorised by the MFSA to operate in Malta (up to June 2020).

Doing business in Malta

  • The corporate tax rate in Malta is 35%. The taxable income for companies that are both residents and domiciled in Malta is calculated summing up income and capital gains worldwide.
  • Various incentives are provided to motivate enterprises to engage in Research & Development (R&D). For example, tax credits calculated as a percentage (10.5% to 35%) of qualifying R&D expenditure are available as a deduction from the tax liability.
  • English is one of Malta's official languages.
  • There is a highly skilled, committed workforce in Malta.

Requirements

  • 1) Initial Capital Requirements range from EUR 25,000 to EUR 125,000 depending on the type of a payment service being provided or EUR 350,000 for E-money Institutions.
  • 2) At least 2 individuals must effectively direct the licensed entity's business in Malta. Such persons must be of good reputation and have sufficient knowledge and experience to perform their duties. They are subject to specific due diligence procedures (e.g., Fitness and Properness Test) performed by the MFSA.
  • 3) EMIs and PIs companies based in Malta are allowed to outsource services subject to the MFSA’s evaluation on their own merits.

Fees

  • Application fee. A financial institution applying for a license pays to the competent authority the sum of €3,500 as an application and processing fee.
  • Supervision fee. A financial institution licensed under the Act shall pay to the competent authority an annual supervision fee equivalent to 0.0002 of the total assets as reported in the statutory schedules under Banking Directives BD/06 or Banking Rule BR/06 of the year immediately before the year when the fee is payable. The annual amount payable by a financial institution by way of supervision fee shall in no case be less than €2,500.

Application process

  • 1) A pre-application meeting with the MFSA is organized.
  • 2) If required, further preliminary details of the application may be submitted for consideration and comments.
  • 3) The applicant submits the completed application form together with supporting documentation.
  • 4) The MFSA acknowledges the receipt of the application within 3 working days after receiving the application.
  • 5) The MFSA checks whether the application form and documentation submitted contains all the key information and required documentation.
  • 6) Within 10 working days of receipt of the application, the MFSA informs the applicant of the Application status – whether it includes all the required information.
  • 7) When all the required documents are received, the authority proceeds to the assessment phase. The MFSA informs the Applicant of the assessment phase that usually lasts three months.
  • 8) The application will be formally approved or declined within 3 months from the receipt of the complete application. Failure by the Authority to approve the application within this period of time shall be deemed to constitute a refusal.

The Fitness and Properness Test

The accepted application and license obtained don’t authorise the company to start operations. Every staff member must be authorised as well.

The Fitness and Properness Test is an integral part of the MFSA’s licensing process by means of which the suitability of the persons in question to run the proposed business is gauged. There are three criteria which must be met, to pass the “fit and proper” test: integrity, competence, and solvency.

Documents

  • Programme of operations and overview on the type of activities
  • Copy of the constitutive documents of the proposed institution
  • Proposed level of initial capital
  • Business plan including the structure, organisation, management systems, governance arrangements and internal control systems of the institution for the first three financial years
  • Description of the procedure in place to monitor, handle and follow up a security incident and security related customer complaints, including incidents reporting mechanism which takes account of the notification obligations of the financial institution whenever there are any operational - or security incidents
  • Where applicable a description of the process in place to file, monitor, track or restrict access to sensitive payment data
  • Description of business continuity arrangements including a clear identification of the critical operations, effective contingency plans and a procedure to regularly test and review the adequacy and efficiency of such plans
  • Description of the principles and definitions applied for the collection of statistical data on performance, transactions and fraud
  • Where applicable, a security policy document, including a detailed risk assessment in relation to its payment services, and a description of security control and mitigation measures taken to adequately protect payment service users against the risks identified, including fraud and illegal use of sensitive and personal data
  • Where applicable, a description of the internal control mechanisms which the applicant will establish in order to comply with obligations in relation to money laundering and terrorist financing
  • Description of the structural organisation, including, where applicable, a description of the intended use of agents and branches and a description of outsourcing arrangements, and of participation in a national or international payment system
  • Audited Financial Statements for the last three years, if applicable
  • Identity of all officers and controllers
  • Identity of all shareholders holding directly or indirectly a qualifying shareholding and the size of their holdings and evidence of their suitability, the current financial position of the proposed shareholders as well as the source of such funds
  • Identity of the individuals who will be effectively directing the business of the institution and persons responsible for the management of the activities of the institution that they are of good repute and possess appropriate knowledge and experience
  • Identity of statutory auditors and audit firms
  • Applicant`s legal status
  • Address of applicant`s head office
  • Detailed report verified by a qualified Systems Auditor, covering the salient aspects of the proposed technological arrangement, including cyber security framework and other measures aimed at mitigating cyber risk
  • Description of the measures to be taken to safeguard payment service users` funds