Electronic Money Institution (EMI) in Malta
Malta’s Authorised Electronic Money Institution (AEMI) licence, issued by the Malta Financial Services Authority (MFSA) under the Financial Institutions Act and the EU’s Electronic Money Directive, authorises firms to issue electronic money, hold client funds, and provide payment services across the EEA via passporting. Malta applies DORA digital resilience requirements from January 2025 and full PSD2/AMLD alignment.
Key parameters: €350,000 minimum capital, a registered and head office in Malta, resident compliance and MLRO, and a genuine operational footprint. The MFSA review typically takes 4–6 months from a complete file. On tax: Malta’s standard corporate rate is 35%, but a shareholder refund mechanism can reduce the effective rate to 5% for qualifying international structures — one of the lowest in the EU.
An important scope boundary: a Malta AEMI licence does not automatically cover CASP activities under MiCA. Crypto-asset services require separate MFSA/CySEC authorisation. Malta sits within the 18-month MiCA transition window (until 1 July 2026), meaning legacy structures still have a defined runway.
This page covers MFSA-licensed Malta AEMI entities currently available for transfer, with a full breakdown of permitted activities, ongoing compliance obligations, and what the acquisition process involves.
Working with Legasset on a Malta AEMI acquisition means full coverage — MFSA liaison, safeguarding structure, DORA documentation, and post-transfer compliance setup.
Our Ready to Buy Malta EMI Licenses
Maltese EMI Licensed by MFSA For Sale
Main Details:
• Electronic Money Institution licensed by the Malta Financial Services Authority (MFSA)
• EMI status active since 2015
• Passported across the EEA
Authorized Activities:
• Issuance and redemption of electronic money
• Execution of payment transactions
• Money remittance
• Payment initiation services
• Account information services
Core Products & Use Cases:
• Mobile wallet solution
• Micropayments and small electronic payments
• Peer-to-peer transfers
• Merchant payments for online and physical points
Operations & Technology:
• Mobile wallets enabling deposit, holding, and instant transfers of e-money
• Live applications for Android and iOS
• Open banking and open API framework
– Public technical documentation available
– API guidelines and statistics published
Verification & User Limits:
• Low-verification onboarding using a small refundable charge
• Trial mode with limited wallet balance prior to full KYC
Merchant Integration:
• Payment acceptance for online stores and physical merchants
• Structured fees for wallet top-ups and merchant acceptance
• Peer-to-peer transfers without fees
Additional Information:
• Financial information available upon request after NDA/KYC
Related EU e-money licences available for transfer
Related EU e-money licences available for transfer
- What the licence enables. A Malta EMI may issue e-money and provide PSD2 payment services across the EU via passporting, under the Financial Institutions Act and FIR/03, supervised by the MFSA.
- Capital and own-funds logic. Initial capital is €350,000 at authorisation, with ongoing own funds set at the higher of €350,000 or 2% of average outstanding e-money, shaping scale and pricing decisions.
- Safeguarding is central. Client funds must be safeguarded directly with EU credit institutions or via permitted methods, supported by daily reconciliations and an annual safeguarding audit.
- Supervisory intensity post-2025. With DORA effective from 17 January 2025, EMIs face EU-level ICT risk, incident reporting, and third-party oversight alongside Maltese rules.
- Timeline and fees reality. A complete file triggers up to a six-month MFSA decision window, but real projects run 9–12 months end-to-end. The €10,000 application fee and tiered annual supervision apply from 1 January 2025.
- Substance and governance expectations. The MFSA requires effective direction by two individuals in Malta, plus autonomous Compliance and MLRO roles; letterbox models attract remediation or delay.
- Banking remains a constraint. Safeguarding and operating accounts involve risk-based onboarding and enhanced due diligence, often extending go-live timelines and increasing costs.
- How Legasset supports delivery. Legasset manages ready-made acquisitions or new authorisations, aligning governance, safeguarding banks, AML/DORA frameworks, MFSA filings, and go-live so the licence remains workable in daily operations.
What You Need to Know About the EMI in Malta
Table of Contents
An EMI in Malta can issue e-money, redeem at par, and provide PSD2 payment services across the EU under the Financial Institutions Act and FIR/03, supervised by the MFSA. This fits card programs, wallets, remittance apps, and fintechs needing EU passporting with regulated safeguarding. Initial capital €350,000 applies, with ongoing own funds linked to outstanding e-money. Client money must be safeguarded with EU credit institutions and subject to reconciliations and audit. A complete file triggers a six-month decision clock.
Key limitations: stringent AML controls under the FIAU Implementing Procedures, strong governance and outsourcing oversight in FIR/03, and incident reporting and ICT testing under DORA. Banking/PSP onboarding remains risk-based and may require enhanced due diligence.
Why relevant now: DORA has applied since 17 January 2025, and PSD3/PSR is advancing after the Council’s June 2025 position, raising resilience and fraud standards EU-wide. Malta also updated fees from 1 January 2025, including a €10,000 application fee and tiered annual supervision.
Regulatory framework, rules, and tax signals (Malta EMI)
Regulator: Malta Financial Services Authority; conduct rules sit with the Central Bank’s Directive No. 1 on transparency and user rights. Core prudential, safeguarding, governance, ICT, and outsourcing rules are in FIR/03. Applicants follow FIR/01 procedures.
Applicable laws and directives: Financial Institutions Act (Cap. 376); FIR/03 Chapter 3; Directive No. 1; EU DORA. Fees: S.L. 376.03 as amended by L.N. 366 of 2024 from 1 January 2025. Assess corporate tax using Malta’s current regimes with local advice.
You can purchase a ready-made EMI to accelerate mobilisation or apply for a new authorisation. We support both routes end-to-end: strategy, filings, governance, safeguarding, ICT and AML frameworks, and launch readiness aligned with FIR/03, FIR/01, and Directive No. 1.
Eligibility Requirements for Obtaining an EMI License in Malta
Applicants are Maltese companies or EU groups seeking authorisation under the Financial Institutions Act. The MFSA licenses and supervises EMIs; applicants must ensure “effective direction” by at least two individuals and designate key functions, including Compliance and MLRO.
Capital, own funds, and safeguarding
Minimum initial capital €350,000 applies at authorisation. Ongoing own funds must equal the higher of €350,000 or 2% of average daily outstanding e-money. Client funds must be safeguarded with EU-authorised credit institutions or via permitted investment/insurance methods, with reconciliations and an auditable framework.
Local presence and ongoing oversight
Maintain a registered office in Malta and governance commensurate with the business. EMIs must meet ICT risk, incident reporting, and third-party risk obligations under DORA from 17 January 2025. User-facing conduct for payment services follows the Central Bank’s Directive No. 1.
Required documentation and submission flow
The FIR/01 process runs in stages: pre-application engagement, completeness check, assessment with comments, then decision. A complete application triggers a three-month decision window, capped at six months from initial receipt. Core materials include programme of operations, financial projections, governance and outsourcing maps, AML/CFT framework, and detailed safeguarding arrangements.
Approval timelines, fees, and ongoing costs
Budget the €10,000 application fee and tiered annual supervisory fees effective 1 January 2025 under S.L. 376.03 as amended by L.N. 366 of 2024. Expect annual audits, safeguarding reviews, ICT testing, and supervisory reporting. Real-world authorisations depend on file quality and remediation rounds against FIR/03 standards.
Common challenges and how to navigate them
Banking and PSP onboarding are risk-based; governance, source-of-funds, and model risk drive enhanced due diligence. Align AML policies to the FIAU Implementing Procedures, evidence robust transaction monitoring, and document outsourcing and safeguarding end-to-end to reduce MFSA comments.
If you want, we can now enumerate the full document pack and map each item to the relevant FIR/01 and FIR/03 rule so your team can start assembling it immediately.
Pros & Cons of Acquiring an EMI License in Malta
+ Full EU passporting rights. Licensed EMIs can issue e-money and provide PSD2 payment services under the Financial Institutions Act and FIR/03, enabling cross-border operations without extra licensing. This creates access to all 27 EU states once authorised.
+ Defined prudential framework. Capital requirements are predictable: €350,000 initial capital and at least 2% of average daily outstanding e-money as ongoing own funds, ensuring transparent capital planning.
+ Enhanced safeguarding standards. Client funds must be segregated with EU-authorised credit institutions and audited annually under FIR/03 R3-2.9, improving fund protection and partner credibility.
+ Strong regulatory credibility. Supervision by the MFSA and user-rights oversight by the Central Bank of Malta under Directive No. 1 give Malta high regulatory standing within the EU framework.
+ DORA readiness. From 17 January 2025, EMIs must comply with the EU’s DORA rules on ICT resilience and incident reporting, strengthening operational trust with counterparties and payment networks.
+ Transparent fee regime. As of 1 January 2025, the Financial Institutions (Fees) Regulations S.L. 376.03 apply: €10,000 application fee and tiered annual supervisory fees tied to assets or payment volume.
– Lengthy authorisation timeline. The MFSA’s multi-stage process under FIR/01 averages six to nine months for full approval, longer if remediation is required. Applicants should budget time for regulator feedback.
– High compliance overhead. DORA adds ICT testing, risk mapping, and third-party oversight, increasing ongoing costs by 10–20% for most mid-size operators.
– Challenging safeguarding operations. EMIs cannot hold safeguarded funds with intermediaries like other EMIs or PSPs—only directly with EU banks or custodians—making account setup slower.
– Stringent AML reviews. The FIAU Implementing Procedures (2025) mandate detailed source-of-funds and governance vetting; ownership or model complexity can delay onboarding.
– Fixed annual supervisory costs. Annual fees under L.N. 366 of 2024 are not prorated or refundable, adding a recurring cost even during dormant periods.
– Substance expectations. MFSA requires at least two Malta-based controllers and dedicated AML/Compliance officers; foreign-only setups are rarely approved. Firms must budget for local staffing.
How to Get an Electronic Money Institution (EMI) License in Malta
Choose your route first: acquire a ready-made EMI or apply for a new authorisation. A ready-made deal still requires MFSA change-of-control approval and a full compliance refresh before activation. A new application follows the MFSA’s staged review leading to licence activation. We support both paths end to end: entity registration, governance and substance, capital planning, safeguarding and banking, filings, and post-approval obligations.
Step-by-Step Licensing Process in Malta
- Step 1: Decide on route and scope 3-6 weeks
Define services, target corridors, and passporting plan. For ready-made, complete legal and compliance due diligence. For new builds, align the programme of operations with FIR/03 and ICT needs under DORA.
Key Documents: business plan, programme of operations, ownership chart, fit-and-proper packs, ICT overview.
Estimated Cost: €5,000-€20,000 for scoping and due diligence.
Timeline: 3-6 weeks to finalise route and scope. - Step 2: Incorporate entity and set governance 3-5 weeks
Register the Maltese company and appoint at least two individuals for “effective direction”, plus Compliance Officer and MLRO. Map outsourcing and key functions per FIR/03.
Key Documents: constitutional documents, KYC files, governance chart, outsourcing register.
Estimated Cost: €3,000-€7,000 incorporation; €5,000-€15,000 policy drafting.
Timeline: 3-5 weeks for incorporation and initial appointments. - Step 3: Capital and safeguarding setup 2-3 months
Deposit €350,000 initial capital. Design safeguarding with EU credit institutions or permitted custodians, with reconciliations and an annual safeguarding audit. Ongoing own funds must be the higher of €350,000 or 2% of average outstanding e-money.
Key Documents: bank confirmations, safeguarding methodology, reconciliation policy, auditor engagement.
Estimated Cost: €350,000 regulatory capital; €5,000-€15,000 setup and audit prep.
Timeline: 2-3 months for banking and safeguarding structure; longer for complex models. - Step 4: Build AML, conduct, and ICT under DORA 1.5-2 months
Align AML with FIAU expectations and customer disclosures with the Central Bank’s Directive No. 1. Implement DORA controls for ICT risk, incident reporting, and third-party oversight; plan testing cycles.
Key Documents: AML manual, BRA, TM rules, disclosures, ICT risk framework, incident plan.
Estimated Cost: €10,000-€35,000 for AML and ICT frameworks; tools vary.
Timeline: 1.5-2 months to finalise and evidence testing. - Step 5: Assemble the MFSA application pack 2-3 months
Compile FIR/01 deliverables: programme of operations, three-year financials, governance and staffing, outsourcing, ICT and safeguarding, policies, and fit-and-proper files. Use certified copies and apostilles where required.
Key Documents: full application, policies, certified corporate records, translations if needed.
Estimated Cost: €10,000 application fee; €20,000-€60,000 professional fees; €1,000-€5,000 notarisation/apostille.
Timeline: 2-3 months to assemble and quality check the full pack. - Step 6: MFSA assessment and clarifications 6-9 months
MFSA performs completeness checks and detailed assessment. Expect Q&A on governance, AML, ICT, and safeguarding. The Authority has up to 6 months from a complete file to decide, but real cases with clarifications usually take 6-9 months.
Key Documents: responses to comments, updated policies, staffing evidence, third-party contracts.
Estimated Cost: €5,000-€20,000 for remediation and extra expert work.
Timeline: typically 6-9 months from submission to final decision. - Step 7: Pre-licensing conditions and activation 1-2 months
Satisfy in-principle conditions: final hiring, local office, safeguarding go-live, systems tests, and reporting setup for Directive No. 1 and DORA. After activation, file passporting notifications.
Key Documents: employment contracts, premises evidence, live banking letters, reporting procedures.
Estimated Cost: €10,000-€25,000 go-live readiness and testing.
Timeline: 1-2 months after in-principle approval. - Step 8: Post-licensing supervision and recurring costs Ongoing
Budget annual supervisory fees under S.L. 376.03 (effective 1 January 2025). Maintain annual audits, safeguarding reviews, and DORA testing cycles. Plan for periodic MFSA data requests and inspections.
Key Documents: audited financials, safeguarding audit, regulatory returns, ICT test logs.
Estimated Cost: formula-based supervisory fees; €20,000-€60,000 annual compliance and audit, model-dependent.
Timeline: ongoing annual cycle per MFSA schedule.
Final Considerations
- Hidden fees and hurdles to plan for: Banking for safeguarding can be slow and documentation-heavy; high-risk models often face longer KYC reviews. Weak MLRO or governance profiles extend MFSA review periods. Notarisation, apostille, and certified translations add €1,000-€5,000 in cost and several weeks of delay.
- General timeline and cost overview: From kick-off to activation, realistic projects now take 9-12 months, depending on readiness, banking, and remediation rounds. Government fees include the €10,000 application charge. Supervisory fees follow S.L. 376.03 formulas from 1 January 2025. Regulatory capital of €350,000 is required at authorisation, with own funds maintained thereafter.
Post-Licensing Compliance Obligations for an EMI in Malta
Authorisation is the start—not the finish. EMIs must meet ongoing obligations under FIR/03, the Financial Institutions Act, the Central Bank’s Directive No. 1, and EU-wide DORA. Failures can lead to remediation orders, fines, suspension, or licence withdrawal. If you issue e-money tokens, relevant MiCA chapters also apply.
- AML/KYC monitoring. Keep a risk-based framework with periodic KYC refresh, sanctions screening, robust transaction-monitoring, and timely STR/SAR filings to the FIAU. Calibrate scenarios and evidence QA reviews.
- Capital, own funds, and safeguarding. Maintain the higher of the set own-funds threshold or model-based calculations. Perform daily reconciliations, hold safeguarded funds with EU credit institutions or permitted custodians, and arrange an independent safeguarding audit each year.
- Regulatory filings and audits. Submit MFSA returns on capital adequacy, governance, outsourcing, and complaints. Prepare the annual financial audit. Under DORA, record major ICT incidents and notify within required timelines; test third-party and resilience controls on a cycle.
- Conduct and transparency. Provide clear user disclosures and fee transparency under Directive No. 1. Operate an effective complaints process and track metrics for reporting.
- Tax and accounting. File corporate tax and (where applicable) VAT. Monitor transfer-pricing and cross-border PE risks as you passport.
- Governance and business changes. Obtain MFSA pre-approval for qualifying-holding changes, critical outsourcing, or expansions of services. Keep passporting notifications current.
- Renewal and fees. The licence is ongoing, but subject to annual supervisory fees under S.L. 376.03 and continuous compliance.
How we help. We run calendarised reporting, policy upkeep, board training, vendor oversight under DORA, audit preparation, and MFSA engagement—so your EMI stays compliant and inspection-ready.
Common Pitfalls and Challenges of Operating Under an EMI in Malta
An EMI in Malta offers EU reach, but operations are demanding. The points below reflect recurring issues we see—and how to plan for them.
- Banking and safeguarding. Opening safeguarded accounts with EU banks can take months. FIR/03 bars intermediaries for safeguarding, so you must contract directly with credit institutions and evidence reconciliations and the annual safeguarding audit.
- Regulatory change management. DORA is live and PSD3/PSR is progressing. Expect ICT incident reporting, third-party risk testing, and new fraud controls. Maintain a change calendar and test runbooks before go-live.
- Market access limits. Passporting covers the EEA only. UK and US access needs separate analysis. Use geo-blocking, clear T&Cs, and product scoping to avoid prohibited markets.
- Supervisory intensity and cost creep. MFSA requires periodic returns, an annual financial audit, and transparency under the Central Bank’s Directive No. 1. Hidden costs include notarisation, translations, vendor reviews, and independent ICT testing.
- Substance and staffing. MFSA expects effective direction by two individuals in Malta, plus MLRO and Compliance with real autonomy. Weak profiles trigger conditions or delays.
- Change control. Qualifying-holding changes and critical outsourcing need MFSA pre-approval. Plan transactions and vendor switches with notification lead time.
How we help. We secure early bank outreach, map passporting, operationalise DORA controls, prepare audit packs, and shape governance that meets FIR/03 expectations—so you stay inspection-ready while scaling.
FAQ About Purchasing an Electronic Money Institution (EMI) License in Malta
How long does an EMI license Malta take in 2025–2026?
Plan for 9–12 months end-to-end. The MFSA can take up to 6 months after a complete file. Banking, pre-licensing conditions, and testing add several months.
What capital and safeguarding apply to an Electronic Money Institution Malta?
Minimum €350,000 initial capital. Ongoing own funds: the higher of €350,000 or 2% of average outstanding e-money. Safeguard client funds with EU banks or permitted custodians, with daily reconciliations and an annual safeguarding audit.
What are fees and ongoing costs for an EMI license Malta?
Government application fee €10,000. Annual supervisory fees are formula-based under S.L. 376.03. Budget for financial audit, safeguarding audit, DORA testing, policy upkeep, and translations/notarisation where needed.
What substance and governance does an Electronic Money Institution Malta need?
The MFSA expects two individuals providing effective direction in Malta. Appoint Compliance Officer and MLRO with real autonomy. Keep user disclosures aligned with the Central Bank’s Directive No. 1.
What post-licensing obligations apply—does DORA affect an EMI in Malta?
Yes. DORA requires ICT risk management, incident reporting, testing, and vendor oversight. Keep MFSA returns on schedule, maintain capital and safeguarding, and run an effective complaints process under Directive No. 1.
How can Legasset help with a ready-made EMI license Malta or a new application—and with MiCA?
We manage both routes: due diligence and change-of-control for ready-made EMIs, or full new authorisation under FIR/01/FIR/03. We handle entity setup, capital planning, safeguarding banks, filings, and go-live. Post-licence, we maintain AML frameworks, audits, and DORA controls. For crypto groups, we support MiCA scoping and transition where e-money tokens are in scope.
Additional Links and Resources for EMI License in Malta
The core legislation governing electronic money institutions (EMIs) and payment service providers in Malta. It defines authorisation procedures, capital requirements, and ongoing supervisory obligations. Published on the official Malta Government legislation portal.
II. Central Bank of Malta – Directive No. 1
The directive outlining transparency rules, user rights, and conduct of business for EMIs and PSPs operating in Malta. It sets disclosure standards and consumer protection requirements for payment services.
III. EU Digital Operational Resilience Act (DORA)
An EU regulation effective from January 2025 establishing mandatory ICT risk management, incident reporting, and third-party oversight obligations for financial institutions including EMIs.
IV. Financial Intelligence Analysis Unit (FIAU) Malta
Malta’s national AML/CFT authority. Provides implementing procedures, STR/SAR reporting guidelines, and sectoral AML rules applicable to EMIs and other regulated entities.
V. European Banking Authority (EBA) – Payment Services & E-Money
Official EBA portal offering current guidelines on PSD2, e-money operations, and ICT resilience standards under DORA across the EU financial system.
