STIS Group launches VFA systems audit service

STIS Group launches VFA systems audit service

STIS Group launch their new audit and consultancy service at the Malta AI Blockchain Summit on this day being the 22ndMay 2019.

STIS Group have a history of performing audit and compliance engagements covering, data centre audits, PCI DSS gap analysis and remediation, GDPR audit and compliance. We are now adding MDIA (Malta Digital Innovation Authority) Systems Auditor to our portfolio.

STIS Group have been cleared to perform audits for the MFSA (Malta Financial Services Authority) who require companies dealing in Virtual Financial Assets (VFA) to be audited in line with the MDIA guidelines. And whilst STIS Group are midway through their registration to become full MDIA Systems Auditors, it is a recognition that we have the requisite skills and experience to execute these types of audits.

How We Can Help

The legislation around Virtual Financial Assets and the process of getting accredited is very new and for organisations who just want to get on and run their business can seem complicated and onerous.

STIS Group can help navigate the regulations and perform the audit required to satisfy the MFSA. We can even help organisations prepare for audits by providing everything they need to pass an audit – just don’t ask us to do both, as that isn’t allowed under the regulations.

Unravelling the VFA Act (or VFAA) imposes the requirement to appoint a systems auditor:

Auditors’ Duties

Once a license holder has appointed an auditor, he is obligated to report decisions or facts that could constitute a breach of set regulations immediately and submit annual reports on the licence holder’s security access protocols and systems to the competent authority. An auditor is also required to waiver professional secrecy in view of their reporting obligation.


On an annual basis draw up and submit to the MFSA a certificate of compliance.

And where might you get this Certificate of Compliance (VFA Rulebook R2-

The Issuer shall require its Systems Auditor to prepare on an annual basis a systems audit report on its Innovative Technology Arrangement’s compliance with any qualitative standards set and guidelines issued by the Malta Digital Innovation Authority (‘MDIA’) applicable to the particular type of arrangement (irrespective of whether the said arrangement holds a certification or a ruling of eligibility under the Innovative Technology Arrangements and Services Act, Act XXXII of 2018). A copy of this report shall be held in Malta at the issuers registered address and made available to the MFSA upon request.



In Short – before you launch your VFA you need have had an audit, performed by an approved systems auditor.


Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.