Practice Areas > Investment Services, Fintech & Capital Markets > Blockchain & ICOs > Crypto Exchange Licensing > Post-Licensing Obligations
Overview
Post-Licensing Ongoing Obligations
Following issue of a licence, the licence holder will be bound by specific compliance and regulatory obligations towards the Malta Financial Services Authority, including governance, risk management and compliance obligations.
Governance Obligations
Ongoing Governance Arrangements
Throughout the whole operational period, the licence holder must ensure that it maintains sufficient governance arrangements, including arrangements in the following areas:
- Effective management and direction of the licence holder by a Board of Directors of at least two persons in satisfaction of the ‘dual control‘ principle.
- Effective measures to ensure continuity and regularity in the performance of its services with proportionate systems, resources and procedures.
- Maintenance of clear decision–making procedures, reporting lines and allocation of functions and responsibilities.
- Adequate internal control mechanisms designed to secure compliance with decisions and procedures.
- Adequate and orderly records of the business and internal organisation.
- Adequate measures to ensure that the performance of multiple functions by its relevant persons does not prevent them from discharging their functions soundly.
- Maintain systems and procedures to safeguard the security, integrity and confidentiality of information; a business continuity process; a cyber-security framework; a ‘personal transactions’ policy applicable to the licence holders’ officials and employees
Risk Management
Ongoing Risk Management Arrangements
The Licence Holder must maintain adequate risk management policies and procedures which identify risks relating to its activities, processes and systems. Where appropriate, it should set the level of risk tolerated.
The risk management framework should allow the Licence Holder to appoint a person to fulfill the risk management function. Generally, this should operate independently from the Licence Holder’s management.
Compliance
Ongoing Compliance Arrangements
The Licence Holder should maintain adequate policies and procedures designed to detect any risk of failure to comply with its obligations. There should be a Compliance Function operating independently from the Licence Holder’s management responsible for the monitoring of the Licence Holder’s compliance with the applicable regulatory framework and implementation of a compliance monitoring plan. The Compliance Officer may also act as the Licence Holder’s Money Laundering Reporting Officer.
Annual Submission of a Compliance Certificate
Each year, the Licence Holder must submit a Compliance Certificate drawn up by the Compliance Officer which must include:
- The outcome of the Compliance Officer’s compliance monitoring plan;
- A confirmation, obtained from the Licence Holder’s MLRO, that all local AML/CFT requirements have been satisfied;
- A list of clients against whom disciplinary action has been taken by the Licence Holder, including a description of the breach in question and the actions taken by the company.
Prudential Requirements
Ongoing Compliance with Prudential Requirements
A Licence Holder is bound by prudential requirements relating to the maintenance of own funds, initial capital, fixed overheads and liquidity.
Client Categorisation
Experienced vs Non-Experienced Investors
A Licence Holder must, before providing its services, classify a client as ‘Experienced‘ or ‘Non-Experienced‘. Non-Experienced investors must be notified with their categorisation and about any right they have to request a different categorisation as well as about any limitations to the level of client protection that such a different categorisation would entail.
Experienced investors may either ‘per se Experienced Investors‘ or ‘Elective Experienced Investors‘. A person may only be treated as an ‘Elective Experienced Investor’ if the Licence Holder’s is assured that the client is capable of making his own investment decisions with full understanding of the risks involved.
Safeguarding Clients' Assets
Segregation of Clients' Assets
If the Licence Holder holds or controls clients’ money and/or virtual financial assets, it must ensure that such assets are kept in segregated accounts. Licence Holders are subject to certain reconciliation measures.
Where the business model of the Licence Holder involves the custody of clients’ assets, the Licence Holder must ensure that such service is provided in line with recognised best practices and cyber security standards.
Insurance Requirements
Insurance Policies & Professional Indemnity Insurance
Licence Holders must take out and maintain an insurance policy that covers loss of money or loss or damage to any other asset or property belonging to the Licence Holder or which is in the care, custody or control of the Licence Holder or for which the Licence Holder is responsible.
The Licence Holder must take out and maintain full Professional Indemnity Insurance cover.
Sector-Specific Conditions
Supplementary Conditions Applicable to Exchanges
Unlike other classes of licence holders, Malta licenced crypto exchanges are subject to supplementary conditions, that include:
- Determination of Asset – Prior to admitting a cryptocurrency to trading on its platform, a Licence Holder must carry out the appropriate research to assess the quality of the virtual financial asset.
- Order Matching – Exchange platforms must ensure expedient and accurate verification of trades and matching settlement instructions. There should be sufficient mechanisms to verify the existence of funds and assets, as applicable, of persons submitting orders.
- Pre/Post Trade Transparency – Exchanges are subject to pre-trade and post-trade transparency requirements, such as requirement to make public the price, volume and time of executed transactions in respect of a virtual financial asset traded on their platforms.
- Client Record Keeping – Data relating to all orders and all transactions in virtual financial assets carried out through a Licence Holder’s systems must be kept and retained for at least five (5) years. Data retained should include details of the names and numbers of the VFA bought and sold, the quantity, the dates and times of execution, the transaction price, and a designation to identify the clients in relation to which that transaction has been executed.
- Suspicious Transaction Reporting – Suspicious transactions should be reported immediately to the MFSA and/or the Financial Intelligence Analysis Unit (FIAU) as applicable.
- System Resilience – There should be an effective framework to ensure that a Licence Holder’s systems are resilient and have sufficient capacity to deal with peak order and message volumes, and to ensure orderly trading under conditions of severe market stress.
- Order Settlement – A Licence Holder should establish procedures that enable the confirmation of orders and to limit the number of settlement fails. The point at which a settlement is final must be clearly defined.
Read more
Previous
Next
How we can help
Gonzi & Associates, Advcocates, has extensive experience in this field and is able to provide specialised assistance to your business at all stages of the Malta Crypto exchange licence application procedure, including:
- Malta Company incorporation and registration;
- Drafting of legal opinions on the legal nature of your service and technology employed to determine the applicable legal framework;
- Collection & preparation of documentation necessary for submission of an Malta crypto exchange licence application, including internal policies;
- Assistance in the drafting of the company’s business plan for submission with the licence application;
- Drafting website T&Cs relevant to your services;
- Assisting in the engagement of Key Functionaries, including VFA Agent, Systems Auditors, Money Laundering Reporting Officers (MLROs), director/s, auditors, and so on;
- Providing post-registration follow-up assistance, including advising on applicable annual compliance exercises;
- Registration of your trade mark in the Malta trade mark register and the register of the European Union Intellectual Property Office as necessary;
- Providing general legal advice and assistance as required.