Circular to VFA Service Providers on Updates to Chapter 3 of the VFA Rulebook

Circular to VFA Service Providers on Updates to Chapter 3 of the VFA Rulebook

The Malta Financial Services Authority (MFSA) has recently introduced some changes in the regulations governing Virtual Financial Asset (VFA) Service Providers which align Maltese legislation with the Markets in Crypto-Assets (MiCA) Regulation.

IT Audit Requirements

The revised Chapter 3 of the Rulebook places an obligation on the Service Providers to appoint an IT Auditor, and to conduct and submit an annual IT Audit which will consider IT risk areas such as ICT risk management; Use of third-party providers; ICT Project and Change Management; Business continuity management etc.

Additional provisions allow the MFSA to object to certain appointments of IT Auditors and to impose further reporting requirements. These changes are applicable on 1st January 2024 and remove the obligation to appoint a Systems Auditor and submit a Systems Audit report in line with MDIA guidelines. This change impacts the processes related to the systems’ review and audit of a VFA Service Provider, including engagement terms and reporting obligations.

How can BDO Malta help?

At BDO, we understand the complexities and challenges posed by these regulatory changes. Leveraging our extensive experience and comprehensive service offerings, we are well-equipped to help you manage these evolving requirements. Our specialised services include:

If you have any inquiries or require further assistance in adapting to these changes, please do not hesitate to contact us. We are dedicated to providing the support and expertise necessary for successfully managing these evolving requirements.

Want to know more?
Get in touch

Key Contacts

Get in touch with our Technology Experts