This country-specific Q&A provides an overview to Fintech law in Malta.

It will cover open banking, regulation of data, cryptocurrencies, blockchain, AI and insurtech.

This Q&A is part of the global guide to Fintech. For a full list of jurisdictional Q&As visit

1. What are the sources of payments law in your jurisdiction

One of the main laws regulating payments in Malta is the Financial Institutions Act (Chapter 376) ('FIA') which is the key act transposing the EU Payment Services Directive (Directive 2007/64/EC) ('PSD') This Act is complemented with subsidiary legislation, particularly the Credit Institutions and Financial Institutions (Payment Accounts) Regulations, as well as a suite of Financial Institutions Rules issued by the Maltese financial services regulator, the Malta Financial Services Authority (the 'MFSA'). The enactment of the FIA resulted in the introduction of payment institutions being regulated under Maltese Law under the supervision of the MFSA. The revised EU Payment Services Directive 2015/2366 ('PSD2') has been partially transposed into Maltese law through Directive No. 1, issued under the Central Bank Act (Chapter 204). The Banking Act (Chapter 371), which provides the legislative framework for credit institutions, cross-refers to the provisions of the FIA as the applicable law of the payment services provided by banks. Furthermore, the Civil Code of Malta (Chapter 16) regulates the private and civil law aspects relating to payments.

2. Can payment services be provided by non-banks, and if so on what conditions?

Yes - Payment services may be provided by standalone service providers commonly known as 'payment institutions', which are regulated entities under the Second Schedule to the FIA. Payment institutions are defined as companies which have obtained a licence under the FIA or that hold an equivalent authorisation in another country in terms of PSD, to provide and execute payment services. Once authorised, these entities may engage in activities such as providing services enabling cash to be placed on a payment account, as well as all the operations required for operating a payment account, execution of payment transactions, issuing and/or acquiring of payment instruments as well as money remittance.

Application and ongoing obligations for authorised payment institutions include:

  1. the submission of an application for authorisation and the required documentation;
  2. capital holding requirements, which may range from EUR 25,000 to EUR 125,000 depending on the type of payment services being provided;
  3. at least 2 individuals must effectively direct the licensed entity's business in Malta;
  4. all qualifying shareholders, controllers and all persons effectively directing the business are to be suitable persons to ensure the sound and prudent management of the business. Besides not being allowed to receive deposits or other repayable funds from the public, payment institutions must only use funds to provide payment services.

Payment services may also be provided by electronic money institutions which under the FIA are defined as financial institutions that have been licensed under the FIA and authorised to issue electronic money or that hold an equivalent authorisation in another country in terms of the Electronic Money Directive to issue electronic money.

3. What are the most popular payment methods and payment instruments in your jurisdiction?

According to a survey conducted by the European Central Bank across the single currency area in July 2016, it was found that 92 per cent of the transactions in Malta involve coins and notes. To corroborate the popularity of cash as the favourite payment method in Malta, the latest statistics issued by the Central Bank of Malta in 2015 also show that cash was used for 88 per cent of the transactions. In this latest statistic it was also shown that credit cards and debit cards were each taking up only 4 per cent of the payments.

4. What is the status of open banking in your jurisdiction (i.e. access to banks' transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?

Open Banking is not mandated by law in Malta. The full transposition of the PSD2 into Maltese law is still underway and will likely be completed by end of 2018.

5. How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?

The regulation of data under Maltese law reflects the provisions of the General Data Protection Regulation ("GDPR") which has recently introduced more stringent requirements in relation to the consent which must be provided by data subjects. Consent, based on mere acquiescence or lack of action, is no longer valid for data protection purposes. Under GDPR, consent must be given by a clear affirmative act "establishing a freely given, specific, informed and unambiguous indication of the data subject's consent to the data processing activities." The regulation further clarifies the rights of data subject, while introducing new rights, such as the right to be forgotten and the right to data portability. Consequent to GDPR, firms in the financial services industry, as data controllers and processors, are now faced with more onerous obligations. Businesses in the insurance sector have to be cautious that any location data collected in car insurance will fall within scope of the said regulation. In terms of enforcement, GDPR, besides exponentially increasing the amount of the fines issued and widening the scope thereof, it further provides the data protection authority in Malta with additional investigative powers.

To view the full article, please click here

Originally published in The Legal 500 & The In-House Lawyer Fintech Guide

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.