Who we are

A small company striving for greatness.

We are servicing some of the biggest names in the industry. We aim to keep it that way without growing out of proportion.

We are working on the edge of progress. (BAM)

We keep pushing play. (BOOM)

We will bring your business to the next level. (and beyond)

We want to go into details. We want to be reachable. To normal hours and to crazy hours. We get up in the morning with our Asian clients and go to sleep with our US clients.

Some information

What I can tell about an ICO in Malta


The queen is dead, long live the queen. The multi billion dollar fable creature from 2017 is merely a ghost of itself. Rose to unimaginable heights,towards the stars. The sun.

Scorched her filigrane wings, lightly feathered,  in the unforgiving heat and came crashing down. Wounded, bruised, hieving. She killed many in the process:

Believers. Idealists. Stupids. Micalculators. Over-Estimaters. Optimists. Experts.

She made a lot of things possible, in fact she might be the reason why we are here today. But she led us here selfishly, fooling many to reach her own private goals. And now she is lying there, crouching backwards, trying to recollect.

Trying to gather old strength.

Out of the ashes?

Raise, raise, distributed Phoenecia! From the ashes of greed and online marketing.

She will raise again and she will fly again although never again so high, never again so bright and never again so such unexplainably and unbelievably vital.  

Malta has provided her with her own articles in the VFAA, in part 2 of the same act. The lawmakers want to aid her back to old strength with 9 articles and 23 pages of regulation.

It’s the set of rules for any person who wants to issue a new token from or within Malta. Notably not a security token,  so do not dare to add anything like an option, a profit share, an asset right or similar “financial instrument” into the token.

Regulated on a seemingly lighter level than the service providers (SIGH) it is still a robust und strict regulation.

Too strict from some.

There are basically three parts to that (at least for our understanding)

  1. The rules  / laws around the white paper
  2. The rules / regulations around the company.
  3. The rules / regulation around the issuing

All three are obviously connected. The rules around the white paper are simple: Refer to the 1st schedule of the VFAA. Read. Comply. Repeat. There is list of just under 40 points and you will have to comply with (some are not applicable for all).

What is regulated in Malta?

Either an offering to the public or the listing in Malta of a “non MT token” on a Maltese exchange.  Yeah, some might say, the ICO in Malta is too complicated (they do have a point!) and perform the TGE through Cayman (example).

If you plan to have this “Cayman” token later listed on a Malta crypto currency exchange (and presumably there will be plenty) the regulation catches up with you and you basically need to have the same things in place as if you would have issued the token through Malta in the first place.

Back to square one

OK, so the regulator has outsmarted us. What is a public offering anyway? Primarily your normal ICO. Soft cap. Hard Cap. Burn. 1% advisors. 10% R&D. 50% public sale etc. But it can also be a mineable token or coin. It can also be token that is generated where required. Any offering to the public of a Virtual Financial Asset.

You thought mainly utility and security token existed. Think again.

Malta has “invented” the Virtual Financial Asset. A sort of utility token that is traded on crypto exchanges AND is not a security token.

Well, what is a security token then?

Let’s start with the name. It’s not called security token in Malta. It is a “financial instrument DLT asset” (Art 2 VFAA, definitions). This definition includes basically any “tokenized” asset class like  

  • Shares
  • Bonds
  • Derivatives
  • Options
  • CFDs
  • Swap
  • Conversions
  • Profit shares
  • Etc

Any feature of the above and you are out. Like in Baseball. If you do not make it base, you’re out.

At least out of the Virtual Financial Asset Act. This does not mean the token cannot be offered at all. It means the token cannot be offered through the Virtual Financial Assets Act but through another, already existing framework (like the Investment Services Act or the Financial Institutions Act). You will find more in our STO section.

So how to you know what you are?

First of all there is the FIT. The financial instrument test. This is like the howie test only more exact. It will give you one result. But (god I hate these “buts”), but… it is not the ONLY measurement. You still need a VFA agent and legal advice for the final determination.

Endorsement through the agent

This determination is so important as the the VFA agent has to endorse the token. Has to shoulder responsibility that it is in fact a virtual financial asset. (R2-2.2.4 Rulebook for issuers). A VFA cannot be issued without this endorsement.

Board of administration

There are a few items on the list that refer to the above mentioned set of rules in 2 and 3. This means, in order to comply you might have do something. Actually, very similar to the VFA service providers, you need persons, a board of persons to be exact. The “board of administration”. And 2 directors.  .

But let’s start with the board of administration

This is a bunch of important people of the ICO (functionaries) that have to make sure all is in line with the law. There are 10 specific “duties” listed in the rulebook (R2-2.3.1) but let’s not go in the details for now. Basically they are a control organ separate and independent to the directors. To name and shame them

  1. Systems Auditor (important!)
  2. VFA agent (hopefully us)
  3. Money Laundering Reporting Officer (needs to be senior EMPLOYEE!!!!! Rulebook R2-
  4. Auditor (accounting etc)

Particularly and notably the “Systems Auditor”

This is a technical person, an accredited and licenced person. This person will “audit” your system, your technology. The DLT. The protocol and the smart contracts of the ICO. We all want to be sure that all is safe and sound.

To make sure that your promises like distribution, soft- and hard cap and token burn do actually exist. They also need to test your gear for cyber threats through penetration testing. To make sure your wallets are safe. Your own, the currency wallets (BTC, ETH, LTD, BCC etc) and the token contract wallets.

This system audit is an intensive exercise and is also not cheap. But the regulator needs to safeguard retail investors funds at all costs. At the end of a systems audit there is (FINGERS CROSSED) a certificate of compliance (Rulebook R2- and 12).

Short note on  the VFA agent

At the time of writing, we are NOT a VFA agent. We want to be and we want to get licenced and we hopefully will be.

The VFA agent (apart from endorsing your token) is the ONLY way of communicating with the MFSA. (Rulebook R2- so it is also kinda important to have a swell relationship with your agent.

Like with the VFA service providers, the VFA agent is key for filing and communication. So important that it needs to be appointed all the way. Not only for the time of issuance but all the way, all the milestones from A to Z.

1. Cyber Security, 2. Record Keeping and 3. IT



ONE:  The cyber security aspect is only naturally very very important. Even if you use bonkers simplification of what you do: a  technological something on the internet somehow. Even for that you probably needed cyber security. So section 5 of the rule books requires all the nitty gritty. You want to make sure, sure, sure, sure that you are not the next DOA, KICK, Coindash, Bitfnex or god forbid Coincheck.

TWO: You must keep and store everything for 7 (seven) years. So yeah, a long term contract with your data or cloud provider is advisable (Rulebook R2-2.6.2)

THREE: All you use in terms of hardware will have be located either in Malta or in the EEA (https://en.wikipedia.org/wiki/European_Economic_Area) or in another country if permitted by the watchdog. Careful:  Any gear not located in Malta will have to “replicated in real time to server located in Malta” (Rulebook R2-2.7.2)

Bureau. Cracy.

There is tons of red tape, bureaucracy and policies going into the application and the governance of the ICO. Take 200 pages and double. BUT: This actually is not just for the papers sake. This is a  an actual “framework of governance”.

About a market abuse prevention policy. Insider trading, restricted persons and regulated information.

This is the MFSA treating the ICO like a proper investment offering.  To make sure, for example, that issuers not just dump tokens they happen to own on the first day they come on an exchange.

Or that you cannot tweet about a potential listing on coinbase (example) when you happen to get wasted with the owners after a blockchain summit in Las Vegas. This is regulated information and you have to be careful. This affects the price of the offering and you have to think outside the box. Three steps ahead. A practical example of what you should not do and the possible consequences can be found here.

Fines, Penalties etc

Even so the fines in Malta will probably and hopefully much less than that, the MFSA have dedicated a whole title in the rule book to “enforcement and sanctions”, title 4 to be exact.

This is about you failing the rules and you to have to pay up to 150k EUR under the rules.  (Rulebook R2-4.2.2) So be a little bit careful. This does not exclude the possibility of other penalties under different rules or law (yes including criminal laws).


Anyone still reading? Any complaints? I am with you, it’s a lot. It’s not very crypto.

Think of it as crypto 2.0.

Think of it as your strong and calm hand to aid Phoenicia back to former glory. To see her back in the skies, sailing through the clouds in all her tangling, vivid colors. Cutting the wind with her wings, producing a steady humming in the process. Keeping her height. Staying away from the gleaming and unforgiving surface of the sun. Keeping her distance. Keeping her safe. Because of you. Because of your care, your efforts and your control.  

Enter your contact details and we will get back to you as soon as possible to make your business fly!

Big Questionmark

All this hassle, is it worth it? Is it justified?

Simple and plain. Yes.

Understand that this licence will give you ultimate credibility.

There is no closer link to a normal regulated financial company.

There is nothing closer to what banks want to work with. Or insurances. Or payment providers.

This is the closest you will get to provide the highest degree of confidence to your clients. Retail and more importantly institutional clients.

The onus of legitimacy is on you and you deliver. Keep. Pushing. Play.

Meet The Team

Executive team

The Cryptico Team combines a passion for esports, industry experise & proven record in finance, development, marketing & licensing.

Philipp M. Sauerborn

Crypto Team Leader

Dragana Nedin

Legal Project Manager

Dr. Michael Calleja LLB LLM

Crypto Lawyer

Ekaterina Avdeeva LLB LLM

Junior Crypto Lawyer

Dr. Rebecca Mifsud LLB LLM

Junior Crypto Lawyer


Get In Touch

Any question? Reach out to us and we’ll get back to you shortly.

  • phone+356 213 777 00
  • mailinfo@drwerner.com