Skip to content
DW&P Dr. Werner and Partners

Setting Up a Crypto Exchange in Malta: A Guide to the VFA Class 4 License

Susan MeierSusan MeierUpdated 6 min read.md
Table of contents
  1. 01Introduction
  2. 02The Class 4 License
  3. 03Business Activity and Corporate Structure
  4. 04The Mandatory VFA Agent
  5. 05Audit Requirements
  6. 06Licensing Considerations
  7. 07The Fit and Proper Test
  8. 08Policies and Procedures
  9. 09Capital Requirements & Fees
  10. 10The Business Plan
  11. 11The Reality of "Substance"
  12. 12Conclusion

Introduction

The popularity of crypto exchanges shows no signs of slowing down. With more entrepreneurs looking to establish these platforms, it is worth analysing the role Malta—often referred to as the "Blockchain Island"—plays in this sector.

Despite the perceived "high risk" associated with exchanges, Malta has taken a pioneering step to provide legal certainty. The country has introduced a comprehensive legislative framework designed primarily to offer investor protection, built upon Malta's already robust financial services legislation.

In this article, we outline why establishing a company in Malta is a strategic move for future VFA exchange operators and what the regulatory journey entails.

The Class 4 License

Operators dealing with Virtual Financial Assets (VFA) who wish to manage and run a crypto exchange must obtain a license under Article 8(1) of the Virtual Financial Assets Act. The Malta Financial Services Authority (MFSA) specifies the exact activities a licensee can undertake.

To operate an exchange, you require a Class 4 License. This specific tier allows the license holder to hold or control client assets or money in conjunction with providing a VFA service. This is a critical distinction, as the MFSA views the segregation of client assets as a paramount requirement for operation.

Business Activity and Corporate Structure

The regulator places significant emphasis on the licensee having a genuine presence on the island. The law stipulates that any entity applying for a VFA service license must be a legal person established in Malta. This automatically implies the formation of a Malta Limited company.

The Memorandum and Articles of Association must explicitly reflect that the company's purpose is to operate as a VFA exchange under the Virtual Financial Assets Act (Cap. 590 of the Laws of Malta). Our team at DW&P Dr. Werner & Partners assists specifically with this corporate structuring and incorporation under the Companies Act (Cap. 386), ensuring the foundation is laid correctly before the licensing process begins.

The Mandatory VFA Agent

Anyone seeking a license to operate a VFA exchange must appoint a VFA Agent registered with the MFSA. The legislation uses the word "must," making this a mandatory requirement, not an option. It is the applicant's responsibility to engage such an agent.

The MFSA Rulebook stipulates that all communication, meetings, notifications, and submissions to the authority must be channelled through this VFA Agent. While the agent guides the application process, the relationship changes once the license is granted. Unlike the ongoing role required for Initial VFA Offerings (IVFAOs), the VFA Agent's primary mandatory role for an exchange operator effectively concludes once the license is issued and approved. However, applicants often choose to retain their VFA Agent to handle the ongoing compliance function, although this is optional.

Audit Requirements

For clarity, we can divide the audit function into two categories: 1) Internal/External Auditors and 2) Systems Auditors.

Under the VFA Act, a licensee must appoint an auditor who is obligated to report any facts or decisions to the MFSA that could, for example, lead to a qualification or refusal of the auditor's report. Furthermore, the auditor must report annually on the licensee's systems and security access protocols.

Systems Audit

Given the nature of the business, robust system controls and a cybersecurity framework are non-negotiable for the MFSA. The technology used will be subject to an external technical audit, typically carried out by a Systems Auditor registered with the MDIA (Malta Digital Innovation Authority).

Where an Innovative Technology Arrangement is in place, the authority may require the appointment of a Systems Auditor to prepare a report on the IT infrastructure, a copy of which must be forwarded to the MFSA.

Licensing Considerations

When deciding whether to grant a license, the MFSA looks at several key factors:

  • Protection of investors and the general public.
  • Protection of Malta's reputation.
  • Promotion of innovation and competition.
  • The reputation and suitability of the applicant.

This leads to the most critical hurdle in the application process: the "Fit and Proper" test.

The Fit and Proper Test

All prospective licensees must demonstrate to the MFSA's satisfaction that they meet the criteria of the Fit and Proper (F&P) test. This assessment is based on three pillars:

  1. Integrity
  2. Solvency
  3. Competence

This test applies to the entire governance structure of the company. It covers anyone with a qualifying shareholding, beneficial owners, members of the Board of Directors, Senior Managers, the Money Laundering Reporting Officer (MLRO), the Compliance Officer, the Risk Manager, and anyone else effectively directing the business.

The MFSA requires that these key individuals be thoroughly vetted. The authority will also insist on the "four-eyes principle," meaning the company must be managed by at least two individuals to ensure checks and balances.

Policies and Procedures

Applicants must establish, implement, and maintain robust policies and procedures. The MFSA expects to see comprehensive documentation covering:

  • Cybersecurity Policy
  • Accounting Policy
  • Business Continuity Plan
  • Key Management Policy

These policies must be tailored to the nature, scale, and complexity of the business. Off-the-shelf templates are rarely sufficient.

Capital Requirements & Fees

VFA exchange operators must maintain sufficient initial capital. For a Class 4 License (operating a crypto exchange with custody of funds), the minimum share capital requirement is EUR 730,000, which must be fully paid up.

Note: Lower tiers exist for other services. Class 1 (investment advice) requires EUR 50,000, and Class 2 (holding client assets but not operating an exchange) requires EUR 125,000. However, a full exchange requires Class 4.

Fees

Licensees must pay an application fee (currently EUR 24,000 for Class 4) and an annual supervisory fee. The annual fee depends on revenue. For revenue up to EUR 1 million, the fee is EUR 50,000. For further tranches of EUR 1 million (up to a maximum of EUR 100 million), the fee increases by EUR 5,000 per tranche.

The Business Plan

The MFSA requires a structured, realistic business plan. This is not just a formality; it demonstrates that the management understands the market and the operational requirements. The Board of Directors should be heavily involved in drafting this plan, usually with guidance from the VFA Agent.

The Reality of "Substance"

Based on our experience with regulated entities in Malta, "substance" is the deciding factor for both the MFSA and the tax authorities. You cannot operate a license of this magnitude through a letterbox company.

Substance generally means:

  • Physical Presence: A real office in Malta.
  • Personnel: Key roles (such as the Compliance Officer or MLRO) should ideally be based in Malta.
  • Management: Board meetings and key decisions must take place in Malta.

From a tax perspective, genuine substance is also required to access Malta's corporate tax refund system and to satisfy international banking requirements.

Conclusion

The requirements for setting up a crypto exchange in Malta are rigorous. The need for a VFA Agent, significant capital, and detailed audits may seem daunting. However, this rigour provides exactly what serious operators need: legal certainty.

Malta's framework ensures that investor protection and good governance are at the forefront, offering a stable environment for legitimate businesses to grow. While DW&P does not act as a VFA Agent, we specialise in the foundational corporate and tax structuring that makes these ventures viable. We assist with company formation, local substance, and tax compliance, working alongside your appointed regulatory specialists to ensure your business is built on solid ground.

Disclaimer: The above article is based on independent research by Dr. Werner & Partners and does not constitute legal advice. If you would like to meet with our team to discuss corporate structuring or tax planning, please contact us for an appointment.

Susan Meier

About the author

Susan Meier

Client Relations

Susan Meier looks after clients in the Client Relations department, ensuring that enquiries are routed quickly and reliably to the right specialist teams.

Your situation deserves a personal assessment

In a free 30-minute call, our senior advisers will review your options. Confidential and without obligation.

Book a consultation

Read more

More articles

Digital Independents & Finance

Why More and More Crypto Firms Are Drawn to Malta

3 Min.

Digital Independents & Finance

The Financial Instrument Test: A Brief Analysis

6 Min.

Digital Independents & Finance

Malta Issues Warning on Crypto Scams & Reinforces Blockchain Security

6 Min.
All articles
CSP Licensed Badge

Corporate Services at DW&P Dr. Werner & Partners are provided by DW&P Services Ltd. (C 103208) which is regulated by the MFSA and is licensed under Authorised Person ID: DSER-23577 to carry out the activities of a Class C CSP in terms of the Company Services Providers Act (Cap. 529 of the Laws of Malta).

CallFree Consultation