• Why Companies need a Systems Auditor for Innovative Technology Arrangements (ITA)

    In June 2018, the Maltese government passed three bills that seek to regulate blockchain and cryptocurrency within the country.


Why Companies need a Systems Auditor for Innovative Technology Arrangements (ITA)

22 August 2019

In June 2018, the Maltese Government passed three bills that seek to regulate blockchain and cryptocurrency within the country. One of these acts is the Innovative Technology Arrangements and Services Act (ITAS) which functions asides the Malta Digital Innovation Act (MDIA) and creates a comprehensive framework for blockchain, smart contracts, and DLT.

What are Innovative Technology Arrangements?

ITAs are defined in the bill as architectures and/or software which is designed to use a distributed, decentralised shared, and replicated ledger. It can be public or private, can be permissionless or permissioned, is encrypted with cryptography, and is auditable. Other systems that can also be considered as ITAs include smart contracts or applications such as decentralised autonomous organisations, and it may include additional definitions in the future, at the discretion of the Maltese government. 

Those that wish to attain recognition from the authorities for their ITA are able to apply on a voluntary basis to the MDIA. The applicant is required to provide extensive information and documentation to the Authority, who will then make a decision whether to award recognition.

The Authority will then maintain an electronic register which will contain the details of all those ITAs that have been recognised as well as stating what services they have been authorised to carry out

What is a System Auditor?

A Systems Auditor does not need to be an accountant or auditor, rather any legal organisation or individual can apply to be recognised as one, providing they meet the requirements laid down by the MDIA. When making the decision whether to approve a systems auditor or not the Authority will consider that they are capable, have  good conduct, and are fit and proper. They will also ensure they meet a range of other criteria including relevant academic experience and having experience in the field.

Once registered, the Auditor is authorised to carry out two kinds of audits which are based on predefined standards. The Type 1 Audit is carried out on a specific date and looks at the control design. It is usually carried out when an ITA is looking to get recognition, or when the Authority deems it necessary. The Type 2 Audit is carried out over six months and is designed to attain the operational effectiveness of the controls that are in place. These are carried out periodically and at the behest of the Authority.

Why do you need a Systems Auditor?

A Systems Auditor can help you both prepare for applying for recognition from the MDIA, as well as ensure ongoing compliance once recognition is awarded. The Systems Auditor can then continue to monitor standards, criteria, and compliance to ensure that the ITA maintains the stringent requirements of the MDIA. 

Whilst applying for recognition from the Authority is completely voluntary, for now, it carries a certain prestige. Those who are recognised by the MDIA are approved and considered in line with the world’s first comprehensive crypto and blockchain laws of their type. It provides the ITA with credibility both locally and internationally as well as preparing for a time when the Maltese government could make such applications mandatory.

BDO Malta was one of the first organisations in the country to be recognised as Systems Auditors by the MDIA and the only firm licenced to act as a VFA Agent also.

To find out more about BDO's Technology Advisory services, contact us today.