Malta is updating its crypto guidelines to match the Markets in Crypto Assets regulation when it’s enacted in December 2024.
The regulatory framework was passed earlier this summer. However, the amendments put forth by Malta will be enacted in a three-month transitory period following the release of the changes to allow virtual financial services (VFA) providers to adjust.
A feedback period for the public is open until Sept. 29.
As part of the changes, the Malta Financial Services Authority (MFSA) can object to the appointment or replacement of a required IT auditor. It also gives the MFSA the ability to order a review or audit of IT systems, which can be done by an outside auditor.
A letter of engagement is also required, ensuring that the auditor and crypto company are clear on their responsibilities.
“The IT Auditor shall also be required to advise the MFSA if there are matters it considers should be brought to the attention of the MFSA,” the framework continued.
In addition, the MFSA will require the company to disclose the “scale, nature and range of VFA services provided.”
While not mandatory, the MFSA added that licensed VFAs can appoint custodians, though it will need to put forth a detailed assessment of the custodian, which includes the systems, controls and experience of the custodian.