1. PI license legal access conditions and operational substantive requirements
Management Essence and "Four Eyes Principle" (Four-Eyes Principle)
According to the Financial Institutions Act,MFSA strictly regulates entities that lack substantial operations。Organizations must follow the “Four Eyes Principle”,That is, at least two senior executives with relevant qualifications can effectively direct and manage the business in Malta.。Anti-money launderingThe Reporting Officer (MLRO) must be employed directly by the institution in Malta,Report independently to the Board of Directors,Outsourcing is strictly prohibited。
Legal initial capital and continuing own funds
The statutory minimum initial capital is tiered according to the type of services provided:The full business payment is 12.5 million euros;Payment Initiation Service (PISP) is 5 million euros;singleFunds remittancefor 2 million euros。Under practical review and approval,Regulators often calculate business scale based on three-year business plans,Applicants are required to pay actual own funds (Own Funds) that are higher than the legal bottom line.。
suitability assessment (Fit and Proper Test)
Proposed Director、Key functional executives and shareholdings 10% Qualified shareholders above,All are required to submit a Personal Questionnaire (PQ) to the supervisor。MFSA will focus on clean criminal record、Competencies and industry qualifications、Financial soundness (source of capital and wealth) and time spent on performance of duties are invested in four dimensions for substantive verification。
Customer fund isolation mechanism (Safeguarding)
regulatedpayment institutionIt is strictly prohibited to accept deposits from the public。A strict fund protection mechanism must be established in accordance with the law,Before the end of the next working day after receipt of client funds,Deposit the full amount into a "Client Funds Segregated Account" opened in a credit institution regulated by the EU,To prevent ordinary creditor claims in the event of bankruptcy and liquidation of the institution。
2. Malta’s payment institution regulatory dynamics and industry compliance trends
- 2026first quarter of year
Compliance business integration:Gate.io and OKX announce acquisition of Malta in Q1 PI license,Compliant with EU PSD2 and MiCA regulatory frameworkRequire。This license gives licensed institutions the ability to conduct stablecoin-related activities in compliance with regulationspayment serviceslegal qualifications,Promote compliance docking between Web3 business and traditional financial systems。
- 2025Year-2026
DORA Act applicable period:The EU’s Digital Operations Resilience Act (DORA) officially comes into effect。From 2026,The MFSA is required by law to be regulatedpayment institutionMust be between January 1st and March 21st of each year,Submit the Register of Information (RoI) for third-party ICT service providers for the previous year。
- 2025From January
Regulatory Fee Structure Revision:In accordance with the Financial Institutions (Fees) (Amendment) Regulations,2024》,From January 1, 2025,MFSA implements a “fixed floor price + floating ratio” charging mechanism。The application fee for PI license to provide core payment services has been increased to 10,000 EUR;The annual minimum supervision fee is adjusted to 15,000 Euro starts。
3. List of statutory application documents (Submit elements)
Three-year forward-looking financial budget model and own fund calculation report
Internal Control Systems and Anti-Money Laundering/Counter-Terrorism Financing (AML/CFT) Procedures Manual
Client Fund Protection and Physical Segregation (Safeguarding) Written Policy
Comply with the Digital Operations Resilience Act(DORA) Standard ICT security and disaster recovery plan
Personal Questionnaire (PQ) for key functional personnel and Source of Funds (SoF) audit for initial shareholders
4. End-to-end application and compliance process (Evaluation cycle 6-12 months)
Stage one:Preliminary due diligence and declaration of intention (4-8week)
Submit a Statement of Intent to the MFSA。Attend a pre-application meeting,Explain business flow model to regulators、Anti-money laundering compliance framework and fund traceability of initial investors。
Stage 2:Submit formal applications and compliance inquiries (3-6months)
Submit complete statutory application documents。Intensive background checks will be conducted during the supervision period,The applicant entity must respond to multiple rounds of requests for information (RFI) issued by the MFSA on schedule.。
Stage three:Obtain a letter of in-principle approval (In-Principle Approval)
Obtain pre-approval letter with conditions precedent。The applicant must complete the initial capital verification within the specified period、Formal signing of local executive employment contract、Complete an independent system security audit,And open client fund segregation accounts in compliance with regulations。
Stage four:Issuance of licenses and ongoing compliance monitoring (4-8week)
After meeting all prerequisites,MFSA issues official PI license。The institution opens in accordance with the law,And subsequently accepted the anti-money laundering system access review by the Malta Financial Intelligence Analysis Unit (FIAU)。
5. 2025Calculation of annual regulatory fees and compliance operating costs
| Cost category | Statutory fee standards and budget assessment |
|---|---|
| Single application fee (Non-refundable) |
Single core payment institution (PI) The application fee is 10,000 EUR;Covers payment andelectronic money (PI+EMI) The dual business license is 15,000 EUR。 |
| Legal initial capital (License bottom line) |
Minimum payment requirements for all services 12.5million euros;Payment activation service (PISP) lowest 5million euros;Funds remittance service is the lowest 2million euros。 |
| annual supervision fee (Fixed + floating mechanism) |
The base annual fee for a regular PI license is 15,000 to 25,000 EUR,Overlay by total assets 0.02% or transaction amount 0.0003% Calculated floating rate。 |
| Architecture and Compliance Costs (Third-party auditing and agency) |
Include local compliance executives (MLRO) Salary、Independent AML/KYC screening system construction and system security audit, etc.,The preliminary budget estimate range is 15Ten thousand – 30million euros。 |
6. Tips on Application Obstacles and MFSA Refusal Scenarios
Flaws in proving the source of funds: shareholding 10% The original source of funds (SoW/SoF) documents submitted by the above shareholders are incomplete or have legal flaws.,Unable to meet penetration requirements for anti-money laundering compliance review。
Substantive operations are not up to standard: The proposed institution lacks local substantive management capabilities,Failure to have a legally qualified executive director,Or violate regulations by subcontracting the Anti-Money Laundering Reporting Officer (MLRO) overseas。
Fund isolation review blocked: After receiving the pre-approval letter,Due to business model risk rating factors,Failure to successfully open a client fund segregation account (Safeguarding Account) at a regulated credit or financial institution as scheduled。
7. License approval and compliance implementation plan reference
Leading crypto-asset company’s PI license approval case
2026first quarter of year,Gate.io and OKX have successively announced that they have obtained PI licenses from the MFSA。The move marks the headCryptoassetsThe platform falls under the EU PSD2 and MiCA regulatory frameworks,Establish compliance channels for legal currency and related payments in accordance with the law,Reflecting Malta’s legal inclusiveness as a cutting-edge financial hub。
Compliance docking plan for segregated reserve accounts
Aiming at the practical obstacles of traditional credit institutions refusing to open payment business reserve accounts due to internal compliance policies,Hong Kong Huitong assists customers to connect with licensed electronic money institutions recognized by the European Union (such as 3S Money, Moneybase),Establish a fund isolation structure that meets Safeguarding regulatory requirements in accordance with the law。
8. Practical Compliance Q&A (FAQ):Analysis of legal conditions and regulatory procedures
Prohibited by law。The core of regulatory review is whether the institution has local management substance (Mind and Management)。Applicants must strictly implement the Four-Eyes Principle,Ensure that at least two suitably qualified directors and senior officers are resident in Malta,Fulfill decision-making and daily guidance obligations for the organization。
Licensed institutions enjoy the EU’s Payment Services Directive(PSD2) Passporting rights granted。After completing the cross-border service notification procedure to the MFSA,Institutions can legally provide cross-border services or establish branches within the European Economic Area (EEA),No need for secondary licensing by the visited country。
According to the Second Appendix of the Financial Institutions Act,Cover 8 core payment services:Includes transfers and direct debits、Card issuing and acquiring business、Funds remittance、Payment Initiation Service (PISP) and Account Information Service (AISP)。Payment institutions are strictly prohibited from accepting public deposits,It also does not have the legal authority to issue electronic money (EMI)。
The legal minimum limit depends on the type of service:Only provides minimum remittance services 2 million euros;Provide card issuance、Full-service payment services such as acquiring orders require 12.5 million euros。In practice,Regulatory authorities will calculate the results based on the business plan,Applicants are required to pay actual own funds above the bottom line as a compliance buffer。
During the application submission stage, just submit the Personal Questionnaire (PQ) for the proposed person.。But after obtaining the in-principle approval letter (IPA),Must sign a legally binding local employment contract。The Money Laundering Reporting Officer (MLRO) must be directly employed locally by the institution and remain independent,Outsourcing is strictly prohibited。
The statutory review period under the Financial Institutions Act is after receipt of a complete application. 3 months。Combined with due diligence、Multiple rounds of regulatory request for information (RFI) responses、The third-party independent audit of the system and the time-consuming to open an isolated account,In practice, the reasonable end-to-end implementation cycle is between 6 to 12 between months。
MFSA adjusts charging system from 2025。The single PI license application fee is adjusted to 10,000 EUR。The annual ongoing supervision fee implements a fixed floor price plus floating calculation and collection structure.:The base fee for ordinary payment institutions has been raised to 15,000 to 25,000 euro zone,And withdraw floating fees based on total assets or total transaction volume。
To fulfill Safeguarding obligations,In view of the current situation that traditional credit institutions are becoming more strict on the account opening of Fintech companies,Hong Kong Huitong assists customers in submitting account opening applications to licensed electronic money institutions (EMIs) regulated by the EU through compliance audits,Realize physical isolation of funds in special accounts。
Outsourcing of core IT architecture must comply with the EU's Digital Operations Resilience Act (DORA)。Applicant institutions must establish a comprehensive ICT risk management framework。From 2026,Organizations must register outsourcing arrangements with external technology service providers,and submit a Register of Information (RoI) for third-party ICT service providers to the MFSA annually。
Common reasons for rejection are:shareholding 10% The above shareholders are unable to provide proof of initial investment funds (SoF) for a complete chain;Business Risk Assessment Report (BRA) does not meet statutory standards;or the proposed executive fails to pass the suitability assessment,Lack of financial competency and compliance independence。
There is an exemption mechanism for small payment institutions (Small PI) at the legal level,Capital thresholds are lowered and approvals are simplified。However, its legal limitations are:Subject to total transaction limit control,Legally prohibited from exercising EU passport rights,Business only within Malta。
Organizations must hire legally qualified auditors to submit independent financial and system security audit reports every year;Legal access to the CASPAR system of the Financial Intelligence Analysis Unit (FIAU),Submit Risk Assessment Questionnaire (REQ),And undertake suspicious transaction monitoring and statutory reporting obligations (STR)。
