ACCOUNTANT_SUMMER18_AMENDED_PG12
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
TECHNOLOGICAL<br />
TECHNOLOGICAL<br />
INSIGHTS<br />
INSIGHTS<br />
IN<br />
IN<br />
THE<br />
THE<br />
FINANCIAL<br />
FINANCIAL<br />
WORLD<br />
WORLD<br />
www.theaccountant.org.<br />
NEWSPAPER POST<br />
10. NEWSPAPER DRIVERS POST OF THE DIGITAL ERA:<br />
10.<br />
STAY<br />
DRIVERS<br />
AHEAD<br />
OF<br />
OF<br />
THE<br />
THE<br />
DIGITAL<br />
COMPETITION<br />
ERA:<br />
by STAY Dr Wayne AHEAD Pisani OF THE COMPETITION<br />
by Dr Wayne Pisani<br />
15. ANTI-MONEY LAUNDERING - TRENDS<br />
15.<br />
AND<br />
ANTI-MONEY<br />
CHALLENGES<br />
LAUNDERING<br />
IN THE DIGITAL<br />
- TRENDS<br />
ERA<br />
AND by Dr CHALLENGES Rakele Gauci IN THE DIGITAL ERA<br />
by Dr Rakele Gauci<br />
54. CYBERSECURITY IN THE AGE<br />
54.<br />
OF DIGITALISATION<br />
CYBERSECURITY IN THE AGE<br />
by<br />
OF<br />
Dr<br />
DIGITALISATION<br />
Keith Cilia Debono<br />
by Dr Keith Cilia Debono
Accounting Outsourcing: Still thinking about it?<br />
At KPMG we have a wealth of experience in assisting our clients overcome the challenges they face in today’s dynamic<br />
environment. We are committed to working alongside our clients to provide them with a range of services that are<br />
tailored to best fit their needs and to help their business succeed.<br />
We will be there to assist you when you don’t have the staff, the time or the knowledge to do it all yourself. Whether<br />
you need short term assistance such as a temporary secondment of accounting staff or ongoing services such as<br />
bookkeeping and payroll, we will be there to help you.<br />
What’s in it for you:<br />
Accounting<br />
Out/Co-sourcing<br />
Audit Readiness<br />
VAT and Income<br />
Tax Compliance<br />
Secondment of<br />
Accounting Staff<br />
Payroll Services<br />
Continuity,<br />
Reliability and<br />
Technical Expertise<br />
To learn more about how we can support your strategic goals and maximise<br />
the value provided by our Accounting Support Services team send an email<br />
to clifforddelia@kpmg.com.mt or ericpadovani@kpmg.com.mt<br />
Follow KPMG Malta:<br />
www.kpmg.com.mt<br />
© 2018 KPMG, a Maltese Civil Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”),<br />
a Swiss entity. All rights reserved.
NEWSPAPER POST<br />
10. DRIVERS OF THE DIGITAL ERA:<br />
STAY AHEAD OF THE COMPETITION<br />
by Dr Wayne Pisani<br />
15. ANTI-MONEY LAUNDERING - TRENDS 54. CYBERSECURITY IN THE AGE<br />
AND CHALLENGES IN THE DIGITAL ERA OF DIGITALISATION<br />
by Dr Rakele Gauci<br />
by Dr Keith Cilia Debono<br />
CONTENTS<br />
summer 2018 | theaccountant.org.mt p.03<br />
p.04<br />
PRESIDENT’S ADDRESS<br />
news<br />
TECHNOLOGICAL<br />
INSIGHTS IN THE<br />
FINANCIAL WORLD<br />
p.05<br />
MIA NEWS<br />
p.07<br />
MIA FORTHCOMING CPE EVENTS<br />
p.08<br />
MIA FORTHCOMING CONFERENCE<br />
FEATURES<br />
p.10<br />
DRIVERS OF THE DIGITAL ERA: STAY AHEAD OF THE COMPETITION<br />
by Dr Wayne Pisani<br />
COVER<br />
Issued quarterly,<br />
The Accountant is<br />
published by<br />
MBR Publications Ltd<br />
on behalf of<br />
The Malta Institute of<br />
Accountants<br />
EDITOR<br />
The Editorial Board<br />
technical@miamalta.org<br />
DESIGN<br />
MBR Design<br />
Sales Manager<br />
Margaret Brincat<br />
margaret@mbrpublications.net<br />
All correspondence, articles for<br />
publication and enquiries are to<br />
be addressed to:<br />
The Editor<br />
MIA Services Limited<br />
Level 1, Tower Business Centre<br />
Tower Street, Swatar<br />
BKR 4013<br />
Malta<br />
ADVERTISING INQUIRIES<br />
Margaret Brincat<br />
(+356) 9940 6743<br />
margaret@mbrpublications.net<br />
p.12<br />
REGULATING THE FUTURE CRYPTO ECONOMY<br />
by Dr Cherise Abela Grech<br />
ANTI-MONEY LAUNDERING - TRENDS AND CHALLENGES IN THE DIGITAL ERA<br />
by Dr Rakele Gauci<br />
p.15<br />
p.18<br />
WHY DATA GOVERNANCE MATTERS<br />
by Mr Ivan Grech<br />
p.20<br />
DIGITISATION – ETHICAL AND SOCIAL CONSIDERATIONS<br />
by Mr Joseph Zahra<br />
p.24<br />
DIGITALISE OR DIE<br />
by Mr Kenneth Farrugia<br />
p.29<br />
USING DATA ANALYTICS FOR AUDIT EVIDENCE<br />
by Mr Christopher Azzopardi<br />
p.54<br />
CYBERSECURITY IN THE AGE OF DIGITALISATION<br />
by Dr Keith Cilia Debono<br />
p.58<br />
AN IT AUDIT APPROACH TO DIGITAL<br />
by Mr Michael Azzopardi & Mr Joseph P. Galea<br />
BLOCKCHAIN TECHNOLOGY AND TRIPLE ENTRY - A GAME CHANGER IN ACCOUNTING<br />
by Dr Joshua Ellul & Mr Nathaniel Borg<br />
p.62<br />
TECHNICAL<br />
p.32<br />
BLOCKCHAIN – THE NEW DIGITAL CONCEPT IN iGAMING<br />
by Mr Mauro Magro<br />
p.36<br />
ICO'S - A WEALTH OF OPPORTUNITIES<br />
By Dr Joseph F Borg & Ms Tessa Schembri<br />
GETTING IT RIGHT - PAYROLL PROCESSING: WHAT DOES IT REALLY INVOLVE?<br />
by Ms Christabelle Aguis, Ms Nicky Albanazzo, Mr Christopher Caruana, Ms Jacqueline McIntyre<br />
p.40<br />
p.44<br />
TAX AND TECHNOLOGY - THE STATE OF PLAY<br />
by Mr Luca Pace<br />
p.48<br />
DIGITALISATION IS HERE – AN INDIRECT TAX PERSPECTIVE<br />
by Mr Saviour Bezzina<br />
THE RELEVANCE OF IPSAS AND THE IPSASB CONCEPTUAL FRAMEWORK FOR MALTA<br />
by Mr Karl Cachia & Ms Maria Grech<br />
p.52<br />
what's on?<br />
p.64<br />
WE ARE RECRUITING!<br />
p.66<br />
MIA SOCIAL LEARNING & MORE<br />
The Institute does not necessarily concur<br />
with the views expressed in the articles<br />
published in this journal. Articles are<br />
published without responsibility on the<br />
part of the publishers or authors for<br />
loss occasioned in any person acting or<br />
refraining from action as a result of any<br />
view expressed therein. The Accountant<br />
can now be accessed from the website at<br />
www.theaccountant.org.mt
PRESIDENT’S ADDRESS<br />
WILLIAM SPITERI BAILEY<br />
PRESIDENT’S ADDRESS<br />
WILLIAM SPITERI BAILEY<br />
Dear Esteemed Members,<br />
The Greek Philosopher, Heraclitus had said ‘ The only<br />
constant is change’ and never has this been more apt<br />
and true than in this fast moving and dynamic digital<br />
world we live in.<br />
The evolution is said to be in its fourth era thus keeping<br />
up with the dizzying speed of change can be at times<br />
overwhelming and challenging. The Malta Institute<br />
of Accountants has embraced this phenomenon and<br />
is finding ways to support its members by setting up<br />
various initiatives.<br />
One of such efforts was forming a Digitisation<br />
Committee with the sole aim of bringing together<br />
members from the field where the emerging trends<br />
and issues are discussed. Together, solutions are<br />
explored and then shared with our wider members.<br />
One of the areas of focus is Cryptocurrency and<br />
Blockchain, which in spite of the strategic prominence<br />
given by the government still remains elusive to most<br />
of us. In this regard the Institute endeavours to stay<br />
ahead of developments in legislation and regulation<br />
with the ultimate intent to offer guidance and insights<br />
to the profession when dealing with what could be<br />
unchartered waters.<br />
Global forces and technological trends are reshaping<br />
the accountancy profession across the whole world.<br />
New ways of doing business, shaped by technology<br />
and shifting regulatory environments, mean<br />
accountants in business and practice are facing tough<br />
challenges and exciting opportunities. While some of<br />
these are not new, the scale of the change and speed<br />
of transformation is without precedent. These are<br />
increasingly challenging and exciting times for the<br />
accountancy profession. Changes, driven by a range<br />
of factors, will transform all aspects of business and<br />
society in the coming years, and are reshaping how<br />
accountants at all levels interact with one another,<br />
their boards and clients.<br />
with the skills needed to deal with these changes.<br />
With increasing adoption of new technologies<br />
such as cloud computing, digital accounting and<br />
automation, what does an evolving world mean for<br />
the profession? As companies and advisors face up to<br />
challenges from big data to artificial intelligence and<br />
the greater connectivity of the internet of things, how<br />
can accountants make sure they have the skills to do<br />
today’s job, while also preparing themselves and their<br />
juniors for the challenges of tomorrow?<br />
In order to ensure that our esteemed members are<br />
kept abreast of all the changes, MIA has dedicated<br />
its upcoming Biennial Conference to the impact of<br />
digitisation on the practitioners’ profession in the<br />
financial world.<br />
We have invited a varied number of speakers who<br />
are very relevant to rapidly changing times for the<br />
profession. The conference includes panel discussions<br />
which would focus on the regulatory, digital tax and<br />
accounting aspects of blockchain, and cyber risk in the<br />
financial services sector.<br />
During the afternoon we will have an interesting twist<br />
where attendees are at will to choose an interactive<br />
session on subjects closer to their heart. The<br />
participants reassemble once again for more topical<br />
subjects such as distributed ledger technologies and<br />
AI amongst others.<br />
We encourage you to mark Friday 16th November in<br />
your diary as this Biennial is definitely one to attend.<br />
We are striving very hard to ensure that the event will<br />
both inspire and unlock the digital riddle.<br />
We look forward to seeing you there.<br />
Firms and businesses, professional accounting bodies<br />
and educational establishments need to adjust<br />
training, to equip the next generation of accountants<br />
William Spiteri Bailey<br />
President<br />
04 Summer 2018
MIA NEWS<br />
MIA NEWS<br />
developments in International Financial Reporting<br />
Standards, specifically: IFRS 15 ‘Revenue from<br />
Contracts with Customer’ and IFRS 16 ‘Leases’.<br />
The implications of Britain’s split from the EU bloc on<br />
the accounting sector were also discussed by experts.<br />
The theme of digitalisation in the accounting<br />
profession was also a main topic of interest in this<br />
year’s edition of the ACCA-MIA joint conference.<br />
ACCA – MIA Joint Conference<br />
The accounting profession in Malta keeps raising its<br />
standards to meet the challenges and possibilities facing<br />
the sector. The fifth annual joint conference co-hosted<br />
by the Association of Chartered Certified Accountants<br />
(ACCA) and the Malta Institute of Accountants (MIA) on<br />
July 3 focused on some of the most pressing issues in<br />
the accountancy profession today.<br />
A remarkable line-up of guests addressed the event,<br />
discussing different themes such as the professional<br />
scepticism approach, forensic accountancy,<br />
digitalisation in the profession and International<br />
Public-Sector Accounting Standards (IPSAS).<br />
Participants could also learn about the latest<br />
Head of ACCA Wales Mr Lloyd Powell congratulated the<br />
hosts on the successful conference which he described<br />
as important to build and sustain connections. Mr<br />
Powell added that the agenda of the event indicates<br />
increasing emphasis on ethics and trust, two important<br />
factors in business and the profession.<br />
Ms Maria Cauchi Delia, MIA CEO, said that<br />
professional accountants typically aspire to drive<br />
sound financial management within organisations<br />
and that events like the ACCA-MIA conference help<br />
the profession to uphold its trusted position.<br />
“We deal with facts and present solutions to our<br />
clients and employers. Our practicality, adaptability<br />
and expertise enable us to become business' most<br />
trusted advisors” said Ms Cauchi Delia.<br />
theaccountant.org.mt<br />
05
MIA NEWS<br />
They joined the following Council members, whose<br />
term expires in 2019: Mr Franco Azzopardi, Mr<br />
Etienne Borg Cardona, Mr Simon Flynn, Ms Maria<br />
Micallef, Mr Noel Mizzi, Mr Franz R. Wirth and Mr<br />
William Spiteri Bailey.<br />
MIA President, William Spiteri Bailey, thanked<br />
outgoing Council members, Anthony Doublet and<br />
Stephen Paris for their dedication and contribution<br />
towards the Institute and the local profession. Both<br />
had served on Council for a long period of time. Mr<br />
Shawn Falzon and Ms Annabelle Zammit Pace were<br />
welcomed as new Council members.<br />
During this meeting, all resolutions pertaining to the<br />
change in Statute have been approved.<br />
In his address, the MIA President, William Spiteri<br />
Bailey made reference to changes in Bye-Laws which<br />
will be communicated to Members in due course.<br />
At the first meeting of the new Council, Mr William<br />
Spiteri Bailey was elected as President, Mr Fabio Axisa<br />
as Vice-president, Mr David Delicata as Secretary and<br />
Mr Noel Mizzi as Treasurer.<br />
MIA Annual Social Event<br />
The MIA Social Event held on 21st June 2018 at Villa<br />
Mdina, Naxxar, was a huge success with over 800<br />
attendees. It was an occasion for all the members<br />
of the Institute to get together in an informal<br />
atmosphere.<br />
The sum of €2,855 was collected in aid of Dar Tal<br />
– Providenza and was topped by the Institute to<br />
amount to €4,000. The donation was presented to<br />
Fr. Martin Micallef by the president of the Institute<br />
William Spiteri Bailey.<br />
AGM<br />
The 54th Annual General Meeting of the Institute<br />
was held on the 12th July, at the Tower Training<br />
Centre in Swatar.<br />
The following members were elected for the two-year<br />
term 2018 - 2020: Mr Fabio Axisa, Mr Christopher<br />
Balzan, Mr David Delicata, Mr Jonathan Dingli, Mr<br />
Shawn Falzon, Dr Ivan Grixti and Ms Annabelle<br />
Zammit Pace.<br />
06 Summer 2018
Course slides will be available for the attendees online, following the CPE Course<br />
to place your booking, visit www.miamalta.org/events.aspx and click On “ALL”
DRIVERS OF THE DIGITAL ERA<br />
DRIVERS OF THE DIGITAL ERA:<br />
Stay ahead of the competition<br />
The quest for digitisation may be deemed elusive by some, however<br />
in switching from postal mail to fax and eventually to email, from<br />
paper-ledger to spreadsheet or even to fully fledged process<br />
automation, the road to digitisation has already been embarked<br />
upon by organisations. Staying ahead of the competition, however,<br />
is not about the technology itself, but a matter of strategy.<br />
DR. WAYNE PISANI<br />
DR. WAYNE PISANI IS A<br />
PARTNER SPECIALISING IN TAX<br />
AND REGULATORY ADVISORY<br />
SERVICES AT GRANT THORNTON,<br />
LEADING THE CORPORATE AND<br />
FINANCIAL SERVICES TEAM.<br />
HE IS ALSO THE PRESIDENT OF<br />
THE INSTITUTE OF FINANCIAL<br />
SERVICES PRACTITIONERS.<br />
“Strategy is the art of making use of time and space.<br />
I am less concerned about the latter than the former.<br />
Space we can recover, lost time never.” (Napoleon<br />
Bonaparte)<br />
The strategy resorted to by US clearing houses over<br />
the past century places the “use of time and space”<br />
conundrum into perspective. In an age were mail is<br />
transmitted in milliseconds, a two-day settlement<br />
(T+2) delay for securities comes as a surprise when<br />
considering the possibility of live trading and automatic<br />
(T+0) clearing houses. Interestingly, the move from<br />
T+3 to T+2 in Europe, Australia, Hong Kong, Canada<br />
and the US over the past decade is reminiscent of<br />
trading on the New York Stock Exchange (NYSE) in<br />
the 1930s. Before 1933, next day settlement (T+1)<br />
was standard on the NYSE. Going slower was all a<br />
matter of strategy. As trades increased, and backoffice<br />
operations struggled to cope, recruiting more<br />
people would have entailed more costs that would, in<br />
turn, have been recharged to investors. The solution<br />
was to slow down the settlement process, reaching<br />
T+5 in 1968. Today technology is a core component<br />
of settlements, and even though real-time settlement<br />
is possible, the strategy set by settlement houses and<br />
exchanges has settled for T+2, allowing a netting-out<br />
window for brokers to conserve on transaction costs.<br />
The digital era is driven by the ability to innovate.<br />
Jumping onto a trend bandwagon just for the sake of<br />
it is unlikely to place an organisation in a position to<br />
experience the digital era at its full potential.<br />
An organisation’s strategy should ensure a competitive<br />
edge in its identified marketplaces through information<br />
dominance, that is, employing superior automated<br />
data collection, analysis and processing techniques,<br />
enabling real-time, contextually relevant insights<br />
which can support data-driven decision making based<br />
on full situational awareness.<br />
Process efficiency should be at the core of any<br />
strategy, and this is achievable through a bird’s eye<br />
view of one’s organisation such that synergies can<br />
be identified and exploited. Many businesses hold<br />
and view their available data in isolation, without<br />
reaping the benefits of what each data set represents<br />
in the context of another. Going forward, successful<br />
enterprises will thus focus on the big picture and<br />
plan for the adoption of interrelated technologies.<br />
Interconnecting brokers for automated netting-off of<br />
balances across NYSE transactions could lead to T+0<br />
settlement. Similarly, organisations are to interconnect<br />
their static repositories of data as well as their software<br />
applications into a structured solution.<br />
Digital democratisation via distributed ledger<br />
technology, robotics and artificial intelligence is<br />
transforming entire industries. Future technology<br />
adoption strategies are to be set now, tapping into the<br />
right skill set and employing technology to implement<br />
efficient processes which enable sustainable growth.<br />
It is time to get on board and embark on the path<br />
towards the innovation horizon from manual to<br />
cognitive enterprise. Cognitive enterprise would<br />
entail the use of technologies that are adaptive and<br />
interactive, capable of understanding context and<br />
learning from their environment, freeing up human<br />
resources to perform high-value activities, automating<br />
the manual execution of high-volume repetitive and<br />
routine tasks, and curbing human error.<br />
Those in the lead can collect and analyse data that<br />
competitors following suit will lack and possibly<br />
achieve at a later point in time. Resorting to the tools<br />
in the arsenal that drive digital transformation is<br />
therefore vital. Some technologies relevant to this are:<br />
10 Summer 2018
DRIVERS OF THE DIGITAL ERA<br />
• Robotic Process Automation (RPA): A<br />
machine or software that manages, acts on or<br />
processes high-volume, repeatable tasks that<br />
previously required a human to perform.<br />
• Internet of Things (IoT): Interactive software<br />
components that have their own function, or<br />
interface to interconnect devices to other enterprise<br />
systems for the creation of business orchestration<br />
across complex data, technology, processes and<br />
functions.<br />
• Data Analytics: Data modelling focused on<br />
specific business problems or outcomes to identify<br />
patterns and anomalies. They provide actionable<br />
insight. Models improve over time based on<br />
feedback from actual results of prediction.<br />
• Natural language processing (NLP): The<br />
advanced ability of a computer or program to<br />
understand human speech (speech recognition)<br />
or written text (unstructured text) and derive<br />
intelligence, take action or present results that<br />
normally require manual interpretation.<br />
• Blockchain: A ledger where activities are recorded<br />
in ’blocks’ as a chronological ‘chain’ providing an<br />
immutable audit trail. A public type blockchain<br />
replaces central authority with a decentralised<br />
consensus-driven approval process. Blockchain<br />
offers trust, transparency and a consistent approach<br />
to supply chain integration, which constitutes a<br />
significant advantage for risk management.<br />
• Chatbots: A computer program that conducts a<br />
conversation via auditory or text methods, designed<br />
to simulate human conversation and are typically<br />
used in dialogue systems, such as customer service<br />
or information acquisition.<br />
• Artificial intelligence (AI): Systems and<br />
software able to perform tasks that typically<br />
require human intelligence, such as reconciliation,<br />
investigation, validation and repair within complex<br />
and multi-input processes.<br />
• Augmented reality (AR): Interactive<br />
visualisation that superimposes computergenerated<br />
information into real life using glasses or<br />
projection to assist in real time activities, layering<br />
data sets into processing.<br />
Cognitive enterprise would identify the resources<br />
available and adopt the best-suited technologies to<br />
implement its strategy. AI is likely to build upon RPA,<br />
data analytics, NLP and other technologies. Long term,<br />
the digital transformation will impact enterprise through<br />
data, cost efficiency and risk management.<br />
This is exemplified in the AI processes built into<br />
today’s mobile phones. Data collected via AI is<br />
analysed, and improvements are pushed onto the<br />
phones via automated (RPA) updates, a three-way<br />
technology collaborative approach that enables<br />
such enterprise to stay ahead of the competition.<br />
Similarly, in a compliance environment, predictive<br />
modelling tools used in data analytics could monitor<br />
data collected via RPA and chatbots, possibly applying<br />
natural language processing techniques to decode<br />
the information. The process could be run entirely<br />
off an AI solution.<br />
It all lies on the horizon. There is an opportunity cost<br />
to miss out on taking stock of the current state, setting<br />
a strategy, and implementing it at a manageable pace<br />
commensurate with available resources.<br />
The strategy is to be set on precise data. It is likely<br />
that most businesses are not starting from scratch.<br />
Data collection and retention policies are typically in<br />
place, together with solid reporting foundations that<br />
are still maturing, possibly hosted on a scalable data<br />
centre with reliable cyber defence mechanisms. The<br />
data may, however, need to be restructured, possibly<br />
introducing automation solutions in operations<br />
coupled with machine learning data analytics.<br />
Just like the shift from manual ledgers (analogue<br />
data) to bookkeeping software solutions (static digital<br />
data) facilitated the cross-mapping and reconciliation<br />
of various accounting entries, the technology arsenal<br />
is to be implemented as part of a cohesive holistic<br />
strategy, enabling precise cognitive data for the<br />
furtherance of the entrepreneurial spirit into a digital<br />
era based on live data analysis; a far cry from ex<br />
post facto management accounts or annual financial<br />
statements compiled after month- or year-end.<br />
Staying sharp in the digital era is crucial. This is the<br />
information age; be it precise business data analytics<br />
or continued personal education, it is a quest for<br />
knowledge to maximise one’s potential in the digital<br />
era and stay ahead of the competition.<br />
theaccountant.org.mt<br />
11
CRYPTO ECONOMY<br />
DR CHERISE ABELA GRECH<br />
DR CHERISE ABELA GRECH<br />
IS AN ASSOCIATE AT GTG<br />
ADVOCATES SPECIALISING IN<br />
FINANCIAL SERVICES, DLTS AND<br />
CRYPTOCURRENCIES.<br />
Regulating the Future<br />
Crypto Economy<br />
Malta is often being touted as the “Blockchain Island” and as being crypto-friendly,<br />
attracting a lot of interest from the DLT and Cryptocurrencies sphere for its proposed<br />
legislation and rules. Blockchain is hailed as revolutionary in the way business is<br />
conducted and Malta’s ambitious plan is to be a leader in this new modern era.<br />
The proposed Virtual Financial Assets Act (VFAA),<br />
which has been approved by the Maltese Parliament<br />
will regulate cryptocurrencies qualifying as Virtual<br />
Financial Assets (VFA) and related VFA services.<br />
The Act aims to establish a solid legal framework<br />
which is not only intended to attract legitimate<br />
operators seeking accreditation and transparency,<br />
but also to create stability in a sector which has in<br />
the past months been marked by hype and in certain<br />
instances, abuse.<br />
VIRTUAL FINANCIAL ASSETS<br />
The concept of a VFA under Maltese law refers to<br />
any form of digital medium recordation used as a<br />
digital medium of exchange, unit of account or store<br />
of value that excludes electronic money, financial<br />
instruments and virtual tokens. In order to determine<br />
the legal framework applicable to a coin or token, the<br />
MFSA has proposed a Financial Instrument Test to<br />
establish whether a DLT Asset would be considered<br />
as a financial instrument and thus falling under<br />
current financial services legislation, a virtual token<br />
which falls outside the scope of the VFAA (and<br />
financial services) or a VFA which is regulated under<br />
this new Act.<br />
The concept of a virtual token, more commonly<br />
referred to as a utility token, is limited in its nature<br />
under the VFAA, as it refers to a DLT Asset which has no<br />
utility, value or application outside of the DLT Platform<br />
on which it was issued. On the other hand, coins and<br />
tokens are considered to be financial instruments if<br />
they qualify under the definition provided by MiFID<br />
which includes: (1) transferable securities; (2) money<br />
market instruments; (3) units in collective investment<br />
schemes; (4) financial derivative instruments, which<br />
include a number of financial instruments; and (5)<br />
emission allowances consisting of units recognised<br />
for compliance with the requirements of Directive<br />
2003/87/EC (Emissions Trading Scheme). In order<br />
to supplement the VFAA, over the next few months<br />
the MFSA will also be issuing additional rules and<br />
guidelines on its implementation.<br />
INITIAL VIRTUAL FINANCIAL ASSET OFFERINGS<br />
One primary element of the Maltese regulation is<br />
the regulation of ICOs which are termed as Initial<br />
Virtual Financial Asset Offerings. The lack of regulation<br />
worldwide has allowed the market to be infiltrated by<br />
fraudulent platforms allowing seemingly legitimate<br />
entrepreneurs seeking crowdfunding to accumulate<br />
millions of investor funds only to then disappear with<br />
that money and leaving bona fide investors in the dark.<br />
The VFAA is intended to address this need for<br />
regulation and investor protection. It sets out<br />
the requirements when offering VFAs to the<br />
public, including obligations when presenting<br />
advertisements, as well as the ensuing liability should<br />
any statements used be misleading, inaccurate<br />
or inconsistent. The Act also sets out specific<br />
information that must be included in the Whitepaper<br />
which must be registered with the MFSA. The role<br />
of the Whitepaper can be compared to that of a<br />
12 Summer 2018
www.mazarscareers.com/mt<br />
AT MAZARS, IF YOU BELIEVE<br />
YOU CAN DO IT,<br />
WE HELP YOU ACHIEVE IT.<br />
YOUR YEARS AT MAZARS<br />
YEARS THAT COUNT.<br />
MAZARS IS AN INTERNATIONAL, INTEGRATED AND INDEPENDENT ORGANISATION, SPECIALISING IN AUDIT,<br />
ACCOUNTANCY, TAX, LEGAL AND ADVISORY SERVICES. AS OF 1 ST JANUARY 2018, MAZARS OPERATES<br />
THROUGHOUT THE 84 COUNTRIES THAT MAKE UP ITS INTEGRATED PARTNERSHIP. WE DRAW ON THE<br />
EXPERTISE OF 20,000 PROFESSIONALS TO ASSIST MAJOR INTERNATIONAL GROUPS, SMEs, PRIVATE INVESTORS<br />
AND PUBLIC BODIES AT EVERY STAGE OF THEIR DEVELOPMENT.<br />
www.mazars.com.mt - #LookingForTalent<br />
MAZARS MALTA<br />
32, Sovereign Building,<br />
Zaghfran Road, Attard ATD 9012,<br />
Malta<br />
Tel: +356 21345 760<br />
E-mail: careers@mazars.com.mt<br />
theaccountant.org.mt<br />
13
CRYPTO ECONOMY<br />
prospectus in a traditional IPO 1 . The requirements in<br />
the Act aim to enhance the Whitepaper’s objective of<br />
offering clarity to potential investors on the proposed<br />
project, while instilling trust and legitimacy in the<br />
minds of investors to fund it.<br />
VFA SERVICES<br />
The provision of services related to VFAs is also<br />
regulated under the Act. Brokers, wallet providers,<br />
asset managers, custodians, investment advisors<br />
and market makers offering services related to VFAs<br />
all require a licence to be issued by the MFSA as the<br />
competent regulatory authority.<br />
portfolio management and investment advice under<br />
the VFAA in this limited case. These service providers<br />
are required to notify the MFSA prior to acting on the<br />
basis of this exemption.<br />
The Regulations also set out the Licence Categories<br />
for VFA Services. These are modelled very similarly<br />
to the licensing categories set out in the Investment<br />
Services Act, and under the VFAA, services are<br />
classified under four different categories. Operators<br />
of a VFA Exchange, including the holding of VFAs and<br />
private cryptographic keys require a Class 4 licence<br />
by the authority.<br />
Crypto-exchanges, referred to as VFA exchanges, have<br />
also been classified as a VFA service and are thus<br />
deemed to be a licensable activity. This will therefore<br />
regulate those exchanges converting fiat money (such<br />
as the Euro, USD, GBP etc) to cryptocurrencies qualifying<br />
as VFAs and vice-versa, as well as those exchanges<br />
converting one type of cryptocurrency to another.<br />
The MFSA’s Consultation Paper on the VFA<br />
Regulations sets out a number of exemptions from<br />
the requirement to obtain a licence under the<br />
Act. Persons who are trading in VFAs on their own<br />
account are not required to obtain a VFA Services<br />
Licence if they are solely conducting that activity<br />
and they are neither market makers nor dealing<br />
on own account when executing client orders. This<br />
exemption however is not automatically operative<br />
and is subject to the MFSA’s written determination as<br />
to the applicability of that exemption.<br />
The proposed VFA Regulations also exempt<br />
custodians of collective investment schemes from<br />
the requirement of a VFA Services Licence solely for<br />
the purposes of providing the custody of VFAs to a<br />
collective investment scheme. A similar exemption<br />
applies to investment managers of collective<br />
investment schemes with regards to offering<br />
THE ROLE OF THE VFA AGENT<br />
Issuers of VFAs and applicants for VFA Services<br />
Licences are required to appoint a VFA Agent to<br />
advise them on their responsibilities and obligations<br />
under the Act and to act as a liaison between them<br />
and the MFSA. The VFA Agent’s role is an onerous<br />
one as it must ensure that the applicant has satisfied<br />
all the requirements specified by the Act as well as<br />
those set out in the MFSA’s rules, while also ensuring<br />
that the applicant is a fit and proper person. These<br />
obligations have been set out more clearly in the<br />
recently issued MFSA Consultation Document on the<br />
VFA Rules for VFA Agents. VFA Agents are required<br />
to be authorised by the MFSA and must abide by the<br />
ongoing obligations as set out in the proposed rules.<br />
Failure to abide by these rules can lead to liability on<br />
the part of the Agent.<br />
TRANSITORY PROVISIONS<br />
The law also provides a transitory provision for<br />
persons who are already operating when the Act<br />
comes into force in the coming months. This means<br />
that persons that are set up and trading in or from<br />
within Malta may benefit from a grandfathering<br />
provision, allowing them to continue to act within<br />
the remit of the VFAA, provided that they apply for<br />
the licence or authorisation from the MFSA within<br />
the specified period of time.<br />
These are exciting times for Malta as we are embracing<br />
the proliferation of new and emerging technologies<br />
to turn the island into a hub for digital technological<br />
innovation. As the MFSA rolls out additional rules and<br />
guidelines to supplement the new Act, and once the<br />
VFAA comes into force, it is hoped that authorities<br />
and service providers, on all levels, adopt a pragmatic<br />
and not overly prescriptive approach to enable, and<br />
not stifle, technological innovation.<br />
14 Summer 2018<br />
1<br />
Initial Public Offering
ANTI-MONEY LAUNDERING<br />
Anti-Money Laundering -<br />
Trends and challenges in the Digital Era<br />
‘Digitalisation’ has become a buzz word in discussions within the organisation and in external<br />
communications with our clients, regulators, suppliers and other third parties. At times, these<br />
discussions are ‘demanded’. What is the impetus of these discussions? How does this impact<br />
our operations, predominantly in relation to Anti-Money Laundering (“AML”) compliance?<br />
Comparing a snap shot of the way business was<br />
conducted a few years (if not months) back to one<br />
taken today would bring out great differences.<br />
What changed? Over the past 20 years, one<br />
may witness enormous AML compliance shifts<br />
with increasing regulatory layers. Our firms have<br />
evolved: globalisation of businesses, the building<br />
of substantial compliance operations, changes in<br />
policies and processes, new supporting IT systems,<br />
and considerable overheads.<br />
In relation to supporting systems, the development<br />
strides have been great. Responding to these<br />
continuing regulatory changes, organisations have<br />
built substantial operations to simplify compliance<br />
and mitigate the risks of money laundering, terrorist<br />
financing and financial crime in general. These activities<br />
have consisted of modifications to processes, research<br />
for new supporting IT systems and the development of<br />
entirely new operational areas.<br />
Procedures (“IPs”) introduced technological<br />
alternatives for conducting customer due diligence,<br />
for example, through the use of video conferencing<br />
tools, e-IDs and other additional measures for<br />
verification of the identity details and residential<br />
address of customers and their beneficial owners. In<br />
terms of ongoing monitoring, digitalisation may also<br />
assist in improving on mapping customers’ trends,<br />
the scrutiny and filtering of transactions, together<br />
with overseeing the expiry of data and documents<br />
which subject persons are legally obliged to retain.<br />
At the same time, subject persons are being faced<br />
with the task of standardising and facilitating a<br />
process that ensures AML compliance together with<br />
customer delivery. There is a constant drive to deliver<br />
a more efficient and appealing customer experience<br />
with least ‘disruption’. This is most evident where<br />
different subject persons form part of the same group<br />
or are assisting customers in the same transaction.<br />
DR RAKELE GAUCI<br />
DR GAUCI IS A LAWYER BY<br />
PROFESSION, CURRENTLY<br />
HEADING THE RISK &<br />
COMPLIANCE DEPARTMENT<br />
WITHIN BDO MALTA.<br />
There are a number of sectors where digitalisation can<br />
be seen to facilitate AML compliance. At the fore is the<br />
role of digitalisation in subject persons’ obligations<br />
of customer onboarding and ongoing monitoring.<br />
Operators tend to find this an expensive, lengthy and<br />
disruptive process. In a 2017 report detailing the<br />
findings from a study into new technologies in AML<br />
compliance by the PA Consulting Group on behalf of<br />
the Financial Conduct Authority in the UK (FCA), it<br />
resulted that the “vast majority of respondents” to<br />
the study (across all industries) were of the opinion<br />
that “customer onboarding and maintenance were<br />
two of the areas where technology offered the most<br />
promise”. Furthermore, “a number of regulated firms<br />
[made it clear that] a move to truly paperless working<br />
was a priority in the short to medium term”.<br />
In Malta, the 2017 updates to the Financial<br />
Intelligence Analysis Unit (“FIAU”)’s Implementing<br />
This would also tie in with the reporting obligations<br />
of subject persons in AML compliance. Without the<br />
necessary tools, employees may not be in a position<br />
to be able to detect proceeds of crime, money<br />
laundering or suspicions thereof. This may bring<br />
about a failure on the firm’s duty to report through<br />
the right channels and within the short statutory<br />
time-period. On the other hand, technology may<br />
not be seen as the be-all and end-all solution<br />
for reporting. The role of the Money Laundering<br />
Reporting Officer remains key in this process, helping<br />
to determine whether the internal report submitted<br />
does constitute sufficient information to merit the<br />
filing of a suspicious transaction report to the FIAU.<br />
At least annually, all Maltese subject persons are<br />
required to give an account to the FIAU of details on<br />
their AML compliance policies and procedures. This<br />
is known as the ‘Annual Compliance Report’.<br />
theaccountant.org.mt<br />
15
ANTI-MONEY LAUNDERING<br />
Additionally, this is sustained with ad hoc data<br />
requests from various authorities. The trend seen<br />
is that the questionnaires that subject firms are<br />
receiving and compiling are becoming more frequent<br />
and lengthier. The automation of reports coming<br />
from strong tools used by an organisation can save it<br />
large volumes of man-hours.<br />
Distributed Ledger Technology (DLT) is currently a hot<br />
topic within the industry as financial institutions are<br />
looking for efficient solutions to cumbersome and<br />
costly regulatory burdens in AML compliance. While<br />
DLT may offer certain efficiencies (decentralisation,<br />
immutability, removal of intermediaries), certain<br />
challenges in AML still remain (lack of standardisation,<br />
permissions, different stakeholders’ input). However,<br />
it is safe to state that discussions on DLT for AML<br />
compliance have only just begun.<br />
With the enactment of EU’s Directive 2015/849/EU<br />
on the prevention of the use of the financial system<br />
for the purposes of money laundering or terrorist<br />
financing (known as the 4th directive), the Prevention<br />
of Money Laundering and Funding of Terrorism<br />
Regulations (S.L. 373.02) (the “Regulations”) have<br />
been amended to introduce the obligation on<br />
every subject person to carry out a risk assessment:<br />
this may be achieved by the subject person taking<br />
“appropriate steps, proportionate to the nature and<br />
size of its business, to identify and assess the risks of<br />
money laundering and funding of terrorism that arise<br />
out of its activities or business, taking into account<br />
risk factors including those relating to customers,<br />
countries or geographical areas, products, services,<br />
transactions and delivery channels and shall<br />
furthermore take into consideration any national<br />
or supranational risk assessments relating to risks<br />
of money laundering and the funding of terrorism”.<br />
There is also the responsibility to carry out this<br />
assessment at different stages of a subject person’s<br />
activities – the assessment is to remain up-to-date.<br />
This coordination of statistics, relevant to each and<br />
every subject person, requires the input of the best<br />
technologies to ensure that, on the one hand, this<br />
assessment is carried out to satisfy AML compliance,<br />
but also, on the other hand, for the firm itself to reap<br />
other different benefits from its self-assessment.<br />
Ignoring AML compliance brings regulatory<br />
and financial risks: recent revisions to the local<br />
Prevention of Money Laundering Act (Chapter 373<br />
of the Laws of Malta), the Regulations and the IPs<br />
issued thereunder have enhanced the sanctioning<br />
regime with a significant increase in penalties that<br />
may be prescribed against subject persons (amongst<br />
others). These serve both as a deterrent and against<br />
actual breaches by local subject persons in their AML<br />
compliance obligations.<br />
In this respect, firms should make best use of<br />
technological advances to aid in their obligations<br />
to detect and deter money laundering and funding<br />
of terrorism. There are different approaches to<br />
digitisation: it may either be rejected in certain areas<br />
but rejected in the right way, for example in smaller<br />
firms with a focus on “a personal touch” towards a<br />
certain portfolio of their clientele; digital change may<br />
be embraced cautiously, from the top-most level<br />
within the organisation first and then implemented<br />
throughout; finally, a firm may be open to investing<br />
in experimenting, exploring and creating innovative<br />
solutions to place it at the forefront of the industry.<br />
Closing your eyes totally to digitalisation may no<br />
longer remain on the agenda. Putting in place suitable<br />
tools, frameworks, and policies is essential for staff to<br />
help in mitigating the AML risks that are ever-evolving.<br />
16 Summer 2018
DATA GOVERNANCE<br />
Why Data Governance Matters<br />
There is no doubt that most organisations, large and small, have realized the power of using affordable data<br />
analytics tools in an environment where most business activity is recorded digitally. One characteristic that<br />
is often overlooked or not discovered soon enough is the reliability or otherwise of the data. Many realise<br />
that good data governance is a prerequisite for exploiting the opportunities in data; whether that is more<br />
insightful management information, driving operational decision making or capitalising on your relationships<br />
with suppliers and customers. It all boils down to having reliable data.<br />
IVAN GRECH<br />
IVAN GRECH IS AN ADVISORY<br />
SENIOR MANAGER AT PWC.<br />
HE HAS OVER FIFTEEN YEARS<br />
EXPERIENCE IN IT GOVERNANCE<br />
AND ASSURANCE. HE IS<br />
ALSO A MEMBER OF THE MIA<br />
DIGITALISATION COMMITTEE.<br />
Why is there a difference between the sales in our<br />
management accounts and the sales report by region<br />
and customer type? Can you explain why the total<br />
number of active suppliers in our suppliers’ directory<br />
and creditors listing is different? How did we end up with<br />
wrong contact details for over 20% of our clients? Why is<br />
our data warehouse not up to date?<br />
Any of these questions sound familiar on a Monday<br />
morning? Given the recent explosion of data and the use<br />
and reliance of such data, organisations need to have the<br />
right setup to ensure the correct data quality. You are not<br />
alone in this journey. One of the conclusions of a recent<br />
PwC survey around Data governance in European banks<br />
was that banks are failing to address Data Governance<br />
in a structured way, with a lack of an overall Data<br />
Governance Framework across surveyed banks. This<br />
leads to redundant costs and inefficiencies. The survey<br />
also concluded that banks generally invest a lot of effort<br />
in the reconciliation of data, perform a lot of manual data<br />
collection and data granularity is often not appropriate.<br />
Although most of the banks surveyed have implemented<br />
a central Data Warehouse they are suffering from poor<br />
data quality. These findings reflect the reality in most<br />
industries. Many organisations struggle to build the<br />
necessary data governance capability that will provide<br />
the necessary level of trust in the data.<br />
Data is often collected for a specific purpose and when<br />
organisations look at reusing data, they tend to focus and<br />
place responsibilities to address the security aspects of<br />
data. The question as to who is responsible for the quality<br />
of the data is often not answered. Should it be the finance<br />
team; marketing; operations; IT? This article will not solve<br />
your data related problems and issues but it should point<br />
you in the right direction to start taking the first steps in<br />
your journey to improve data quality in your organization.<br />
A good data governance approach needs to recognise<br />
the context in which it operates. The way the business<br />
is run, its chains of command, what data it has, its<br />
commercial and regulatory priorities, are all critical to<br />
the design and to building trust. Many organisations<br />
struggle to find the right place to start or only begin<br />
thinking about data governance when a critical issue<br />
occurs. The key here is to set priorities for data in terms<br />
of what the organisation, across the various functions<br />
and units, wants to achieve, start with those and build<br />
out from there. Priorities change from time to time and<br />
your data priorities should reflect this. For example,<br />
locally, a number of organisations recently undertook a<br />
number data governance related initiatives focusing on<br />
the impact of GDPR. It is important to establish clear<br />
objectives that will drive the design and operation of your<br />
data governance capability.<br />
Everybody in the organisation has a responsibility for<br />
data. However, good data governance has some essential<br />
features:<br />
1. Clear sponsorship from the leadership and with this,<br />
in larger organisations, we are seeing an emergence<br />
of the role of the chief data officer;<br />
2. Ownership and accountability for data which<br />
reflects the responsibilities for process;<br />
3. Integration of activity with related disciplines of<br />
security and<br />
4. Records management and information privacy.<br />
Successful data management involves taking a holistic<br />
approach to risk, controls and assurance. You cannot<br />
18 Summer 2018
DATA GOVERNANCE<br />
effectively manage every data point, so a risk-based<br />
approach will help you focus on the data that matters<br />
most to your business. This approach, when combined<br />
with a ‘lines of defence’ assurance framework will help<br />
you manage and sustain the quality of your data.<br />
The scope and “rules” for populating the Data Directory<br />
form part of the Policy for Data Quality. A Data Deficiency<br />
Log can be used to manage potential issues with data<br />
quality or controls that are identified through the<br />
monitoring process.<br />
Assurance, encompassing self-assurance (1st Line),<br />
management compliance review (2nd Line) and internal<br />
audit (3rd Line), is needed to give you confidence that<br />
your data controls are appropriately designed, embedded<br />
and effectively operating.<br />
Common and well understood principles are at the<br />
heart of a successful data governance framework. These<br />
should be well articulated and aligned to the values and<br />
needs of the business. A robust governance structure will<br />
also consider all lines of defence:<br />
• The business as Information Owners and Stewards;<br />
• The Data Governance Centre of Excellence<br />
managing policy<br />
• Internal or external audit, assessing overall<br />
effectiveness<br />
Wherever possible, data governance responsibilities<br />
should be embedded within existing structures rather<br />
than building new ones.<br />
Cultural and behavioural changes are also crucial to<br />
improving both the underlying quality of data and proactively<br />
managing data issues. Where required, these<br />
expectations should be agreed, formalised and monitored<br />
as part of a formal individual performance management<br />
process. Additional skills and resources will be required to<br />
design, operate and monitor data governance which can<br />
be developed through training or recruitment.<br />
The success of any data quality project depends on<br />
the adoption of a data governance model across the<br />
organisation. The implementation of such model<br />
typically follows a multi-year, multi-phase approach;<br />
therefore, it is essential to factor time and resources<br />
upfront for establishing a governance model. That model<br />
should to be scalable, flexible, and adaptable to the<br />
different needs of the organisation. The objective is to<br />
change how the organisation manages information, so it<br />
The Data Directory is<br />
one of the cornerstones<br />
2 nd Line of defence<br />
can be effectively used to<br />
help to achieve business<br />
of effective Data<br />
Business Governance<br />
goals such as, driving<br />
Governance. It<br />
down business costs,<br />
Data Governance Board<br />
describes the following<br />
Business and IT Representatives<br />
improving competitive<br />
in clear business terms:<br />
Data Governance Framework<br />
position, or meeting<br />
• The uses of data<br />
Principles based 'rules' or 'values' by which you<br />
risk and compliance<br />
manage information<br />
– in this case the<br />
objectives. The approach<br />
uses of the data in<br />
Policy &<br />
Data Dictionary Deficiency<br />
Standards<br />
& Business & Change to achieve data quality is<br />
the data book<br />
Glassary Management<br />
• The quality<br />
Data Governance Centre of Excellence<br />
not different to achieving<br />
requirement of<br />
Support and on-going compliance monitoring<br />
quality in other parts of<br />
the data based<br />
on those uses –<br />
this is typically<br />
defined in terms<br />
of completeness,<br />
accuracy and appropriateness<br />
Business - Data Owners and Steward<br />
Processes, Controls, Procedures and Systems<br />
continuous improvement.<br />
an organization. Defining<br />
clear targets, monitoring,<br />
measuring and providing<br />
a feedback mechanism for<br />
• The sources of data and how these are mapped to<br />
the uses – this allows the generation of the data<br />
residency matrix and of data flows<br />
If you want your organisation to excel further in the digital<br />
age, data governance matters.<br />
• The controls and metrics that are in place that<br />
•<br />
support the achievement of the required data quality<br />
References:<br />
The monitoring that is required of these controls<br />
https://www.pwc.fr/fr/assets/files/pdf/2016/05/pwc_<br />
and metrics to inform the Data Deficiency process<br />
a4_data_governance_results.pdf<br />
1 st Line 2 nd Line<br />
theaccountant.org.mt<br />
19
ETHICAL AND SOCIAL CONSIDERATIONS<br />
DIGITISATION – ethical and social considerations<br />
We are living in challenging times, as the pace of technological change as we know<br />
it in the modern age that goes back to the industrial revolution of the eighteenth<br />
century, takes a new turning point as Industry 4.0 is now characterised by a<br />
combination of technological innovations and applications including digitisation,<br />
robotics, nanotechnology, biotech and neuroscience.<br />
JOSEPH F X ZAHRA<br />
JOSEPH F X ZAHRA IS DIRECTOR<br />
OF SURGEADVISORY LIMITED,<br />
WORKING ON GOVERNANCE,<br />
HR AND BUSINESS STRATEGY<br />
MATTERS. HE SITS ON THE BOARD<br />
OF BOTH PRIVATE AND LISTED<br />
COMPANIES.<br />
There is much to be gained from technological<br />
innovations and the exponential growth in<br />
computing power. Digitisation has improved<br />
efficiency and productivity at work, opened doors<br />
for global communication, and made the world<br />
safer and more secure. The process of innovation is<br />
continuous and spreads now to data management,<br />
blockchains and cryptocurrencies, and the rise of<br />
artificial intelligence and robotics. Digitised start-ups<br />
became a normal phenomenon with low barrier to<br />
entry for entreprenneurs as the need for “brick and<br />
mortar” and stockpiling of inventory is substituted<br />
by virtual work and communication and just-in-time<br />
manufacturing to delivery.<br />
This rapid technological innovation has created new<br />
business opportunities through a process of creativity<br />
through destruction. We speak today of disruption<br />
in the way institutions – business, governments and<br />
consumers think, decide, behave and act. Digitisation<br />
has demanded new business models which are<br />
providing scope for improved efficiency and business<br />
growth. Well established businesses are changing<br />
their business models to survive, consumers buy<br />
through alternative channels, governments utilise<br />
(and hopefully not abuse) data management,<br />
algorithms are used in providing services and<br />
improving user communication.<br />
Innovators, policy makers and users are mistaken<br />
if they do not consider as an underlying factor in<br />
their equation the human element, and human<br />
relationships in society. The person is more than<br />
a data profile that is downloaded into algorithms.<br />
The person has human dignity, rights and freedom.<br />
The unconditional respect of the person is the only<br />
essential feature to be taken into account when<br />
considering policy, taking decisions and acting in<br />
an economic environment. Social interaction and<br />
human touch and dialogue which is open and sincere<br />
but always interactive must be a permanent feature<br />
in the deliberation process. Human dignity demands<br />
solidarity, justice and mercy.<br />
Two points usually come to mind – first, is technology<br />
abusive, manipulative and addictive? Second, is<br />
digitisation and its various technological ramifications<br />
a threat to human work?<br />
There is truth in the addictive and manipulative nature<br />
of technology. Take Facebook which is designed<br />
to exploit human vulnerabilities including tech<br />
addiction – the dopamine reaction behind a “social<br />
validation feedback loop”. Former Google employees<br />
have set an advocacy group to encourage resistance<br />
to the way technology platforms “hijack our minds”.<br />
Depression, cyberbullying and eating disorders have<br />
been identified as potential harm from excessive<br />
use of social media. Consider the dependence on<br />
addiction by the i-gaming and i-betting industries.<br />
Another threat emerges from the monopolistic<br />
nature of these technological operators and the<br />
difficulty in regulation to catch up with their speed<br />
and fast-adaptability.<br />
The question to be raised here is “what is the<br />
purpose of this industry?” What were the initial<br />
intentions of the entrepreneur and consequently of<br />
management? How much have stakeholders rather<br />
than shareholders been considered? What about the<br />
common good? Is there an ethical compass in the<br />
decision-making process?<br />
Some criteria that investment analysts struggle<br />
with today which go beyond economic and financial<br />
criteria centre around the nature of the business<br />
model, its scalability, the long-term benefits of the<br />
enterprise, and its sustainability at the wake of both<br />
social acceptance and social resistance.<br />
Answering the question on the impact of digitisation<br />
on work is as complex. One starts by pointing at the<br />
20 Summer 2018
BE THE SOLUTION—BE A CISA ®<br />
In today’s fast-paced and ever-more complex business environment,<br />
information has become the most valuable currency for enterprises<br />
around the globe. Information systems professionals play vital roles in<br />
leveraging the value, and assuring the security and integrity of the massive<br />
volumes of information that drive business. For those professionals and<br />
the enterprises they serve the world over, the CISA®—Certified<br />
Information Systems Auditor®— is recognized as proof of competency<br />
and experience in providing assurance that critical business assets are<br />
secured and available.<br />
www.isaca.org/CISAsuccess<br />
With more than 140,000 professionals in over 180 countries, ISACA® is the<br />
trusted source of knowledge, standards, networking, and career development<br />
for information systems audit, control, security, cybersecurity, risk, privacy and<br />
governance professionals. ISACA advances and validates business-critical skills<br />
and knowledge through its globally respected certifications.
ETHICAL AND SOCIAL CONSIDERATIONS<br />
digital divide in our society. Somebody born in the digital<br />
world enjoys the benefits which are self-perpetuating<br />
as the child is educated and socialized in a digital<br />
environment. On the other hand, being deprived of this<br />
reality will place people at a disadvantage. An uneven<br />
distribution of opportunities creates differences,<br />
prejudice and rejection. This is how minorities are<br />
ostracized – due to their lack of opportunities to learn<br />
and be qualified in what is demanded by the new world.<br />
Will there ever be a replacement of the human person<br />
by technology? What are the implications of this on<br />
employment and social conditions? It is easy to fall<br />
into a pessimistic view and a sense of hopelessness.<br />
Indeed, facts are showing the opposite in terms of<br />
employment opportunities. On the other hand, it is<br />
also true that technology has increased anxiety and<br />
stress and psychological health problems.<br />
Which is the other side of the story?<br />
Digitisation, artificial intelligence and robotics can<br />
offer more time to persons for the family, friends and<br />
relaxation. A more balanced individual with time to<br />
work, love and play.<br />
Digitisation and consequent improved productivity,<br />
releases work time for creativity in the arts and<br />
sciences. More time for the appreciation of visual arts,<br />
literature, theatre and performances, while time and<br />
money are invested in research and development.<br />
At each stage of the process we are basing our<br />
judgements on responsibility and trust. Responsibility<br />
of the various social and economic actors in the ecosystem,<br />
whether it is the state, business, worker or<br />
consumer. This responsibility in decision-making and<br />
policy-making goes beyond that of awareness of not<br />
harming others (creating unemployment or a digital<br />
divide), but that of encouraging, cooperating and<br />
developing others in not falling backwards in this<br />
movement of technological progress.<br />
It is also a matter of trust. Do we trust business,<br />
financial institutions, the state, the judiciary, the<br />
regulators? We are living in a period of extreme<br />
cynicism if not repugnance of the “establishment”<br />
which has disappointed people mostly because of its<br />
hypocrisy and its invariable attitude of exclusiveness,<br />
greed, rejection of accountability and dishonesty.<br />
This trust in leadership needs to be regained if we are<br />
to rebuild a society open to technology and having<br />
faith in what is good and of benefit to society.<br />
In the concluding document called “The Madrid<br />
Conclusions for the Common Good” as part of the<br />
Dublin Process – A Dialogue on the Economy and<br />
the Common Good (www.centesimusannus.org)<br />
held at the Universidad Pontificia Comillas in Madrid,<br />
a number of practical proposals were presented to<br />
strengthen the link between responsibility and trust<br />
in modern technology:<br />
1. Dialogue between business, employees’<br />
representatives and civic society on the value of<br />
technological innovation and the way that this can<br />
improve productivity, job security and well-being.<br />
2. New ways of cooperation to be explored between<br />
the public and the private sector to design “transition<br />
projects” to mitigate the risks on employment and<br />
to incentivize leadership in the digital economy.<br />
22 Summer 2018
ETHICAL AND SOCIAL CONSIDERATIONS<br />
Cloud Payroll,<br />
Leave & Attendance<br />
Management<br />
Optimise the payroll process<br />
Automate leave procedures<br />
Manage attendance<br />
Engage employees with<br />
self service portal<br />
Work from anywhere<br />
Best B2B<br />
Application<br />
MCA eBusiness<br />
Award Winner<br />
Make the Switch<br />
shireburn.com/indigo<br />
3. Priorities in education must be reviewed in the<br />
context of the changes in the future of work.<br />
4. The invasion of privacy because of data gathering<br />
enterprises (including financial institutions<br />
and technology firms) demands the design of<br />
simple, understandable and trusted forms of<br />
consent for data treatment.<br />
5. The use of big data can also be promoted by banks<br />
and business in collaboration with international<br />
organisations and universities for “common<br />
good” projects, such as natural disaster damage<br />
prevention, job market exchanges or data access<br />
on business opportunities for small companies<br />
in developing countries.<br />
6. The need for a continuous dialogue amongst<br />
social ethics specialists, economists, politicians,<br />
employees’ representatives and business with the<br />
aim of developing an understanding of the new<br />
ethical issues surrounding the various challenging<br />
questions arising from the digital economy.<br />
Business that has become global both in ownership<br />
and outreach has become so important to a large<br />
number of people that we all accept that the business<br />
paradigm is changing, more so as digitisation plays<br />
an even more important part in this transformation.<br />
To start with, maximisation of stakeholder value<br />
takes priority over shareholder value, encompassing<br />
benefits to customers, suppliers, employees and<br />
communities where the business serves.<br />
In conclusion, there are a few points that must be<br />
kept in mind. Human dignity and freedom cannot be<br />
brushed aside. Digitisation is a reality now that we<br />
must embrace. The important point here is what and<br />
how should the computer decide when faced with<br />
a critical situation. In decision making the human<br />
person cannot be substituted by a machine. In the<br />
process of digitisation, all people should have the<br />
opportunity to participate and therefore education,<br />
vocational training and accessibility to the internet<br />
is a must. Matters of privacy and data ownership<br />
cannot be understated as they are closely linked to<br />
human freedom and this is why we must consider a<br />
proposal for a common ownership of data, as we do<br />
for climate and the oceans. At the end, all depends<br />
on our reply to the question: How do we want to<br />
develop our future?<br />
theaccountant.org.mt<br />
23
BANKING<br />
Digitalise or Die<br />
T<br />
he word “digital” is today imprinted in bold on the strategic plans<br />
of many credit institutions. However, I was somewhat surprised<br />
when ahead of putting my fingers to the keyboard, I asked a<br />
few colleagues in the banking sector for their views on banking and the<br />
importance of digital transformation. Their replies to digital transformation<br />
strategies very much centered around the development of online and<br />
mobile functionality to customers. Surely there is more to that, as traditional<br />
banks also need to combine digital speed and convenience with human<br />
interactions, that are both thoughtful and caring at crucial moments in the<br />
customer journey.<br />
KENNETH FARRUGIA<br />
KENNETH FARRUGIA JOINED BANK<br />
OF VALLETTA PLC IN 1985 AND HE<br />
CURRENTLY HOLDS THE POST OF<br />
CHIEF BUSINESS DEVELOPMENT<br />
OFFICER. KENNETH IS ALSO THE<br />
CHAIRMAN OF FINANCEMALTA,<br />
MALTA'S NATIONAL PROMOTIONAL<br />
BODY FOR FINANCIAL SERVICES,<br />
AND ALSO SERVES AS CHAIRMAN<br />
OF THE MALTA FUNDS INDUSTRY<br />
ASSOCIATION. HE IS ALSO<br />
THE CHAIRMAN OF MALITA<br />
INVESTMENTS PLC.<br />
I have recently come across a compelling research<br />
by Boston Consulting Group, where four out of five<br />
financial institutions believe that digitalisation will<br />
fundamentally change banking and completely<br />
transform the industry’s competitive landscape.<br />
What’s worrying is that according to this research,<br />
less than half of those interviewed (43%) don’t even<br />
have a firmly anchored digital strategy. This research<br />
is even more compelling as it emerged that one-infive<br />
banking executives consider their bank to be<br />
“market leading” when it comes to digitalisation. This<br />
is far from the truth.<br />
In this fast-changing technological and digital<br />
environment, a number of Banks are somewhat<br />
at a loss and evidently so. Over the last two<br />
decades thay have clearly underinvested in their<br />
technological platform capabilities, resorting to oneoff<br />
uncoordinated initiatives driven by individual<br />
units within the Bank, as against the development of<br />
a holistic digital transformation program covering a<br />
comprehensive enterprise-wide digital strategic plan.<br />
The starting point has to be modeled on the Bank’s<br />
business strategy, market position and capabilities,<br />
keeping an open mind how to reshape the distribution<br />
models, improve the value propositions in the process<br />
and develop end-to-end consumer-centric journeys<br />
to increase growth and customer satisfaction. The<br />
strategy has to be driven and spearheaded by the<br />
CEO, who needs to be at the helm of the process<br />
driving a top-down and integrated approach that<br />
involves every aspect of the organization.<br />
Today’s bank customers have developed a strong<br />
affinity to digitally enabled banking and financial<br />
solutions. In come digital wallets, mobile and<br />
internet banking platforms and the latest fintech<br />
driven app solutions that are changing the face of<br />
traditional banks, if not gradually disintermediating<br />
them. Within this context, clients are seeking the<br />
necessary confidence and functionality control to<br />
bank online, with a strong degree of peace of mind<br />
– not necessarily through a Bank.<br />
This is easier said than done, particularly minded of<br />
the guarantees that clients expect from their banks<br />
to protect their money against online fraud or losses<br />
and equally important for their digital payment<br />
instructions, that they process through their mobile<br />
and internet banking platforms to be paid on time<br />
and in a highly cost-effective manner.<br />
In the process, clients are becoming increasingly<br />
sensitive on the need for their personal information<br />
to be safeguarded through the presence of strong<br />
encryption and security protocols, with GDPR placing<br />
further onerous responsibilities on the Banks insofar<br />
as data breaches and data control and processing are<br />
concerned. To make matters increasingly complex,<br />
in also come powerful new tools such as robotics,<br />
big data, AI and Blockchain. So this context begs the<br />
question - what should traditional banking providers<br />
do to address their changing customer preferences?<br />
Just like with any major transformational initiative,<br />
having a clearly articulated digital strategy is of critical<br />
importance. The strategy can’t be a series of one-off à<br />
la carte initiatives taken on by separate and individual<br />
business units. This is the kind of undertaking that<br />
will require banks to tackle digital transformation as<br />
a comprehensive, enterprise-wide strategy — one<br />
that is lead from the very top by the C-suite, with<br />
the CEO firmly at the helm. Without a top-down<br />
integrated approach, that involves every aspect of<br />
24 Summer 2018
BOV CARDS<br />
time to reward<br />
yourself at Montblanc<br />
compliments of your<br />
BOV premium cards<br />
Earn points in the BOV Loyalty Rewards<br />
Programme every single time you use your<br />
BOV Visa Platinum, BOV Visa Gold or your<br />
BOV Skypass.<br />
More information is available from www.bov.com or<br />
contact 2131 2020.<br />
Issued by Bank of Valletta p.l.c., 58, Triq San Żakkarija, Il-Belt Valletta VLT 1130<br />
Bank of Valletta p.l.c. is a public limited company regulated by the MFSA and is licensed to carry out<br />
the business of banking in terms of the Banking Act (Cap. 371 of the Laws of Malta).
BANKING<br />
the organization, traditional banking providers will<br />
struggle to take advantage of powerful new tools<br />
such as robotics, big data, AI and blockchain.<br />
well as Revolut plans to launch in the U.S., Singapore<br />
and Australia later this year, with India, Brazil, South<br />
Africa and the UAE also in sight.<br />
There are various initiatives that need to be<br />
undertaken by the banking sector, but two key<br />
initiatives revolve around, firstly the need to reengineer<br />
the consumer journey, and secondly to<br />
leverage the power of data mining.<br />
Re-engineering the consumer journey requires<br />
banks to completely detach themselves from legacy<br />
processes and procedures – to think without the<br />
box not just outside of it. Frictionless is the most<br />
common term one comes across in the customer<br />
journey process parlance. I find it very compelling to<br />
compare customer journey processes at a Bank, with<br />
those in non-bank outfits and clearly a compelling<br />
one is Amazon – a customer journey as frictionless<br />
as it can get through one-click ordering platforms<br />
- see it, like it, click it, buy it. Revolut is another<br />
classic example of the benefits of digitalization and<br />
has become one of the fastest European companies<br />
to reach the so-called "unicorn" status. It is not<br />
surprising that Revolut now manages around $1.5<br />
billion in transactions every month, up 700 percent<br />
year over year, and this number should increase as<br />
Now try to transpose this frictionless process within<br />
the banking sector and you come across a “frictionfull”<br />
process, taking days and sometimes weeks<br />
to be provided with say a credit card, a loan and<br />
opening of a bank account. Through enough, the<br />
current regulatory environment has not helped,<br />
apart from the customer deep pocket syndrome<br />
with litigations flying against banks – “because they<br />
can afford it” which has brought about a document<br />
fraught process.<br />
Despite all these challenges, coupled as well with the<br />
legacy IT architecture which is today not fit (or possibly<br />
not fully fit) for purpose, justifiably, consumers<br />
are looking at the likes of Amazon and asking why<br />
banks are not trying to replicate their processes<br />
and completely digitize the consumer journey from<br />
start to finish, by introducing rapid onboarding and<br />
automated digital service and product propositions.<br />
The ramifications of such a solution frees up staff for<br />
more valuable tasks, like cross-selling and relationship<br />
building, while simultaneously saving the institutions<br />
money by streamlining processes.<br />
26 Summer 2018
BANKING<br />
Maybe the million dollar question revolves around<br />
the way to digitize the consumer journey, which<br />
in essence revolves around and requires, a carte<br />
blanche re-engineering process, which is completely<br />
driven and centered around the UX – the user or<br />
customer experience. Here again, easier said than<br />
done particularly considering the complexities of<br />
multiple system architectures found in banks. As<br />
the new CEO of Deutsche Bank had pledged in<br />
his address when newly appointed, he vowed to<br />
“untangle the spaghetti ball of its operating systems<br />
and scores of applications and platforms that had<br />
built up over the years”. Let’s be clear that it is surely<br />
an overwhelming and costly process to try to map<br />
and change multiple consumer journeys, and why<br />
it is strongly recommended that this is done in a<br />
phased approach.<br />
The second most important initiative in the<br />
digitalisation process revolves around the benefits of<br />
data mining, which is underestimated and found to<br />
be a challenge by the banking community as a result<br />
of the presence of multiple disparate IT systems. Data<br />
mining capabilities should not only be used from a<br />
1<br />
Application Programme Interface<br />
business development angle, but through the use of<br />
behavioral analytics identify the next best offer to<br />
clients in different clusters and at the various stages<br />
of their lifecycle. Data mining is an invaluable tool for<br />
banks to manage risks, such as that inherent in loan<br />
portfolios in order to better anticipate loan defaults.<br />
In conclusion, the journey to morph a traditional bank<br />
into a digital-driven one requires a clearly articulated<br />
strategy, funding, talent, agile ways of working and<br />
an equally important organizational culture that<br />
engages senior management ensuring they are<br />
fully committed to radically changing the bank.<br />
Fintechs are first class case studies and deemed to<br />
be important partners, for traditional banks seeking<br />
to scale digital initiatives across the institution.<br />
Challenges will be abound particularly driven by the<br />
inability to integrate digital applications with the<br />
legacy infrastructure, in a relatively straightforward<br />
manner even through the use of APIs 1 . Nonetheless,<br />
the message is clear for the Banks - Digitalise or<br />
Die. This requires a discipline phased execution, of<br />
channel based high impact projects within a holistic<br />
digital strategic plan.<br />
theaccountant.org.mt<br />
27
AGILIS<br />
New Challenges for the MLRO<br />
The introduction of the new Prevention<br />
of Money Laundering and Funding<br />
of Terrorism Regulations (PMLFTR)<br />
presents huge challenges to the Money<br />
Laundering Reporting Office (MLRO).<br />
Under the old regime, the application of Simplified<br />
Due Diligence (SDD) was clearly established under<br />
regulation 10. Under the new PMLFTR, in terms of<br />
Regulation 10(1)(b), it is now the obligation of the<br />
Subject Person to determine whether SDD can be<br />
applied and to document those instances which call<br />
for simplified due diligence.<br />
The introduction of the Risk Based Approach (RBA)<br />
is by far the biggest challenge. Regulation 5 clearly<br />
states that the internal assessment of the RBA<br />
must be properly documented and the Financial<br />
Intelligence Analysis Unit (FIAU) can at any time<br />
request a copy of this document.<br />
Documenting a RBA is not an easy task. Initially,<br />
an internal risk assessment by the Subject Person<br />
must be undertaken. A review of the Supervisory<br />
Guidance paper issued jointly by the FIAU and the<br />
Malta Financial Services Authority (on 2nd February<br />
2018) will help in the process. This then will be<br />
followed up by a customer risk appetite framework<br />
modelled on the four risk pillars (customer, product,<br />
jurisdiction and delivery channels) providing suitable<br />
scoring criteria in order to determine the applicable<br />
risk tier (Low/Medium/High) being applied for<br />
each client. In addition to this, the RBA must also<br />
document the process of ongoing monitoring of all<br />
client relationships. The solution is to automate this<br />
process as otherwise it would be rather messy to<br />
keep adequate control.<br />
The concept of non-face to face has completely<br />
disappeared from the new PMLFTR. This does not<br />
mean that non- face to face should no longer be<br />
considered as not being subject to Enhanced Due<br />
Diligence (EDD). The application of EDD should still<br />
be applicable for Politically Exposed Persons (PEPs),<br />
high risk jurisdictions and high risk transactions.<br />
In terms of PMLFTR a Subject Person must now<br />
also appoint a person of a managerial grade whose<br />
duties shall include the monitoring of the day-today<br />
implementation measures and controls and<br />
procedures adopted. The PMLFTR allows the MLRO<br />
to assume this monitoring function.<br />
Another new measure introduced by the PMLFTR is<br />
that of setting up an independent audit mechanism.<br />
While no exemptions are in place, the PMLFTR<br />
require that a Subject Person should ‘implement,<br />
where appropriate with regard to the size and<br />
nature of the business, an independent audit<br />
function to test the internal measures, policies,<br />
controls and procedures.' No guidance has yet been<br />
issued on what determines size and nature of the<br />
business and hopefully the much awaited revised<br />
Implementing Procedures to be issued by the FIAU<br />
will throw more light on this matter.<br />
The National Interest (Enabling Powers) Act has<br />
been revised in May 2018 and hardly any noise<br />
heard. The previous regulations under the main act<br />
(subsidiary regulation 365.01) are now repealed, as<br />
the ‘old regulations’ are now practically embedded<br />
under the main legislation. In terms of Article 17(6)<br />
of this Act, a Subject Person is required to regularly<br />
check the EU and UN sanction lists and ‘have in<br />
place and effectively implement internal controls<br />
and procedures to ensure compliance arising from<br />
this act and any relevant European Union or United<br />
Nations resolutions’. Obviously, there are fines for<br />
breaches of this Act.<br />
The days of the MLRO will be surely exciting.<br />
28 Summer 2018
DATA ANALYTICS<br />
USING DATA ANALYTICS FOR AUDIT EVIDENCE<br />
T<br />
echnology is shaping<br />
and changing our lives.<br />
Answering machines<br />
are long gone as people feel<br />
the need to be connected at<br />
all times. Information needs to<br />
be on tap as even looking up<br />
a book takes too long. Some<br />
employees who traditionally<br />
worked from their desk at the<br />
office, now work remotely<br />
from home or even from<br />
a different country, as staff<br />
mobility is not even about<br />
relocation anymore.<br />
The audit profession is also re-inventing itself but<br />
maybe not at the pace we’d like to believe. Whereas<br />
auditing has been around in one form or other, for<br />
around 3,000 years, Mautz and Sharaf started to give<br />
shape to the theory of auditing in 1961 with their<br />
publication of The Philosophy of Auditing. Since then,<br />
we have seen a significant increase in guidance on<br />
how to conduct an audit as standards were issued<br />
by bodies such as the International Auditing and<br />
Assurance Standards Board (IAASB) and the American<br />
Institute of CPAs (AICPA). However, questions<br />
continue to be raised by the public as to whether<br />
such the bodies are doing enough to ensure that the<br />
profession keeps with the pace of technology.<br />
In considering whether International Standards on<br />
Auditing (ISAs) are outdated given that they were<br />
drafted before the availability of data analytics<br />
techniques, during September 2016, the IAASB’s<br />
Data Analytics Working Group (DAWG) felt the<br />
need to issue a call for comments through its paper<br />
entitled Exploring the Growing Use of Technology in<br />
the Audit, with a Focus on Data Analytics. The general<br />
consensus was that ISAs were not ‘broken or a barrier<br />
to the application of data analytics in the audit’.<br />
IAASB’s DAWG defines data analytics largely on the<br />
definition used in an AICPA publication entitled Audit<br />
Analytics and Continuous Audit - Looking Toward<br />
the Future. The DAWG states that The quality of a<br />
financial statement audit can be enhanced by the use<br />
of data analytics. Data analytics, when used to obtain<br />
audit evidence in a financial statement audit, is the<br />
science and art of discovering and analyzing patterns,<br />
deviations and inconsistencies, and extracting other<br />
useful information in the data underlying or related<br />
to the subject matter of an audit through analysis,<br />
modelling and visualization for the purpose of<br />
planning or performing the audit.<br />
The use of Audit Data Analytics (ADAs) is thus seen as<br />
an enhancement to and not as a replacement of audit<br />
evidence. It can assist during the entire audit workflow.<br />
In the risk assessment process, ADAs can be used<br />
to provide better insight and support to the auditor<br />
in identifying and assessing the risks of material<br />
misstatement in terms of ISA 315 Identifying and<br />
Assessing the Risks of Material Misstatement through<br />
Understanding the Entity and Its Environment. Such<br />
ADAs may constitute preliminary general ledger<br />
account transaction analysis, correlation of revenue<br />
against industry expectations and analysis of betting<br />
behaviours in an Internet Gaming (iGaming) company.<br />
In testing controls, an entire year’s financial<br />
information may be used in order to:<br />
• evaluate whether segregation of duties policies are<br />
being followed by checking whether transactions<br />
are authorised by an appropriate employee;<br />
CHRISTOPHER AZZOPARDI<br />
CHRISTOPHER AZZOPARDI IS<br />
HEAD OF INFORMATION RISK<br />
MANAGEMENT AT KPMG. HIS<br />
SPECIALISATION LIES IN AUDITING<br />
IT SYSTEMS IN SUPPORTING<br />
FINANCIAL STATEMENTS AUDITS.<br />
HE IS ALSO A MEMBER OF THE<br />
MIA DIGITALISATION COMMITTEE.<br />
theaccountant.org.mt<br />
29
DATA ANALYTICS<br />
• evaluate whether commissions given to<br />
merchants involved in electronic payments are<br />
in accordance with set expectations, given the<br />
associated risks of the business relationships<br />
and intermediaries involved; and,<br />
• determine whether divergencies exist between<br />
sales (or purchase) orders, invoices and payments.<br />
Substantive analytical procedures are defined by ISA<br />
520 Analytical Procedures paragraph 4 as evaluations<br />
of financial information through analysis of plausible<br />
relationships among both financial and non-financial<br />
data. ADAs using predictive models can determine<br />
whether transactions recorded are in accordance<br />
with pre-set expectations using regression models.<br />
If the auditor has the capacity and capability to<br />
access and handle large volumes of data, he can,<br />
for example, analyse an iGaming company’s betting<br />
transactions in more detail and better determine<br />
which transactions may need further investigation on<br />
the basis of correlations with other player behaviour,<br />
gaming logic and probability of outcome. Whereas<br />
statistical sampling techniques provide the auditor<br />
with an understanding within a statistical confidence<br />
level and materiality thresholds for the sampled<br />
population relying on the assumption of homogeneity,<br />
ADAs single out anomalies that warrant further<br />
investigation. This may be compared to choosing<br />
the coloured marble in a transparent jar, rather than<br />
selecting a sample of marbles blindly, on the back of<br />
statistical models, and concluding on the number of<br />
coloured marbles in the jar on the basis of the sample<br />
selected. Sampling techniques can assist in forming<br />
a conclusion on the population being tested, though<br />
ADAs can provide further insight as to whether there<br />
are any transactions that are unexpected given the<br />
auditor’s understanding of the business.<br />
With electronic data being used as audit evidence,<br />
the auditor needs to evaluate the reliability of the<br />
information to be used as audit evidence in terms<br />
of ISA 500 Audit Evidence. ISA 500(9) states that<br />
for information produced by the entity to be relied<br />
upon for audit purposes, the auditor needs to obtain<br />
audit evidence that it is complete and accurate, and<br />
that it is of sufficient precision and detailed to merit<br />
its use. In an electronic dimension, information can<br />
be changed at will without any trace, unless systems<br />
are appropriately supported with sufficient relevant<br />
controls. Just as spreadsheets can be modified<br />
entirely without any tracking of their source,<br />
system databases can also have the same pitfalls<br />
without adequate manual and automated control<br />
infrastructures. Likewise, if management promotes<br />
a culture to circumvent controls to get things done, it<br />
would increase an auditor’s professional skepticism<br />
as to the reliance that can be placed on that data for<br />
ADAs. In a corporate environment where physical<br />
manual controls are given more importance than<br />
their automated counterparts, ADAs would have<br />
little validity in providing audit evidence on their<br />
own, without being able to extend the assurance<br />
attained through manual controls testing over<br />
underlying data used.<br />
Auditors using ADAs may fall in the pitfall of relying on<br />
the data as if it is authoritative solely on the basis that<br />
numbers reconcile between them or the accounts<br />
they represent. Like any other piece of information<br />
paper provided by the client, electronic data needs to<br />
be verified using the guidance of ISA 500. The source<br />
of the data, the processing and the output need to be<br />
understood and controls verified to confirm that the<br />
audit procedures are based on reliable information.<br />
Also, auditors are required to design and perform<br />
audit procedures to obtain sufficient appropriate<br />
audit evidence (ISA 500 (1)), and therefore they need<br />
to be knowledgeable of the process applied by the<br />
tools including any algorithms which may not be<br />
immediately visible to the user.<br />
The audit profession needs to mature even further. In<br />
their report Audit Quality Thematic Review – The use<br />
of data analytics in the audit of financial statements,<br />
the Financial Reporting Council noted ADA practices<br />
adopted by a number of audit teams. They noted<br />
that audit teams need to review their existing audit<br />
30 Summer 2018
DATA ANALYTICS<br />
approaches to identify testing that ADA replaces as<br />
it seems that auditors are reluctant to trust the tools<br />
given the inexperience in using them to generate<br />
primary audit evidence. At times auditors used ADAs<br />
solely for adding value to their audit committee<br />
reports without constituting any audit evidence in<br />
arriving at their opinions, with the risk of verging into<br />
providing non-audit services.<br />
It is clear that audits need to evolve further into<br />
embracing technology and the benefits that ADA<br />
bring. In 50 years we have gone from paper ledgers<br />
to databases to cloud computing and now to<br />
blockchain technologies. Auditors need to re-invent<br />
themselves. They need to be ready to embrace the<br />
future of technology and not just the challenges<br />
brought about by the current ones. Audit procedures<br />
need to be revisited in order to ensure that they<br />
are leveraging upon the possibilities available<br />
with today’s technology. Is it still efficient to adopt<br />
statistical sampling techniques in environments<br />
where millions of transactions are processed daily?<br />
The regulators, the Malta Institute of Accountants,<br />
The Accountancy Board and international bodies<br />
need to discuss and share knowledge on what is<br />
acceptable, best approaches and considerations<br />
in adopting ADAs. As we get to terms with the<br />
technology, we need to make sure that our audit<br />
methodologies are enhanced to make use of current<br />
techniques to provide better insight to the auditor<br />
and audit committees.<br />
In the words of Robert M. Pirsig, ‘If you run from<br />
technology, it will chase you.’<br />
Save the date<br />
MIA and ICaEW<br />
Joint Event<br />
Tuesday, 4th December 2018<br />
theaccountant.org.mt<br />
31
BLOCKCHAIN<br />
BLOCKCHAIN –<br />
The New Digital<br />
Concept In iGaming<br />
MAURO MAGRO<br />
KPMG AUDITOR - IGAMING<br />
INDUSTRY<br />
iGaming industry as we know it, is<br />
steadily evolving around the digital world<br />
of blockchain technology. To date, the<br />
technology is commonly known by the<br />
general public for the cryptocurrency<br />
Bitcoin, however blockchain technology<br />
brings a far more useful agenda to the<br />
table that could potentially be a gamechanger<br />
for online gambling.<br />
WHAT IS BLOCKCHAIN?<br />
Blockchain is a decentralized database of transactions<br />
or assets, otherwise referred to as a distributed<br />
ledger, where each participant has an identical copy<br />
of the ledger that is protected by their own digital<br />
signature. The distributed ledger can be shared across<br />
multiple nodes (touchpoints) of the network and any<br />
alteration made to either one of the ledgers will be<br />
time-stamped and securely linked to the previous<br />
transaction within the network, creating a chain of<br />
activity almost simultaneously. Blockchain technology<br />
applies to any online digital asset transaction where<br />
each entry is validated, safeguarded and preserved<br />
through historical records that can be verified at any<br />
time in the future. Furthermore, blockchain makes<br />
use of cryptographic signatures so as not to comprise<br />
the privacy of digital assets and the identity of the<br />
parties involved.<br />
BITCOIN AND BLOCKCHAIN<br />
Let us consider Bitcoin to understand how blockchain<br />
processes information and maintains its data<br />
integrity across the network. Initially, Bitcoin places<br />
transactions in groups (otherwise known as blocks)<br />
and these blocks are then linked to one another in the<br />
blockchain. Each block is considered to happen at a<br />
particular time period where each one contains a hash<br />
of the previous block, allowing them to be linked in a<br />
chronological order. However, there may be instances<br />
where there would be nodes creating multiple blocks<br />
at the same time that would result in having several<br />
blocks, each with its own unique order, on different<br />
nodes in the network. Bitcoin addresses these<br />
instances by establishing a mathematical puzzle, one<br />
where each block is only accepted in the blockchain if<br />
it answers to a special mathematical problem.<br />
Blockchain technology makes it even harder for<br />
fraudulent activity to take place. In the event that<br />
someone tries to enter a fraudulent transaction in<br />
the system, that transaction would not only need to<br />
solve the mathematical puzzle to join the network<br />
but would also have to mathematically surpass all the<br />
‘good’ nodes to generate all the blocks subsequent to<br />
that block. Hence, this would then require all the other<br />
nodes to accept the transaction and block the valid<br />
one in its place. However, this is considerably difficult<br />
to achieve as blocks share a cryptographic connection.<br />
BASIS FOR BLOCKCHAIN RECOGNITION<br />
Currently, traditional gaming platforms store sensitive<br />
data such as player information and game-play<br />
history, together with corporate game technology on<br />
their servers. These central hosting servers are the<br />
32 Summer 2018
A GLOBAL OUTLOOK<br />
FOCUSED ON LOCAL NEEDS<br />
Vertical integration built on broad experience<br />
Alter Domus is a fully integrated provider of Fund and Corporate<br />
Services dedicated to international private equity & infrastructure<br />
houses. real estate firms, private debt managers, multinationals,<br />
capital market issuers and private clients. Our vertically integrated<br />
approach offers tailor-made administration solutions across the<br />
entire value chain of investment structures, from fund level down to<br />
Special Purpose Vehicles.<br />
Alter Domus Malta now counts on the support of 150 employees<br />
and holds over $1.5 billion funds under administration and over 500<br />
structures under administration.<br />
www.alterDomus.com<br />
YOU INVEST, WE SET UP.<br />
YOU DEVELOP, WE ADMINISTER.
BLOCKCHAIN<br />
primary focal point for cyber-attacks and information<br />
security breaches when considering possible<br />
data leaks within the system. At present, iGaming<br />
platforms not only have full control over the games’<br />
software and commands they use, but also privately<br />
withhold the outcome logs from the general public.<br />
Nonetheless, the payment processing fees incurred<br />
by players when making deposits and withdrawals<br />
are seen as an unnecessary burden as these have<br />
become even more expensive than other online<br />
e-commerce services. The desire for faster payments<br />
is paving the path for companies to evolve from the<br />
traditional payment system as we know it towards<br />
an innovative way of doing things, through the<br />
application of blockchain technology.<br />
THE FUTURE OF IGAMING WITH BLOCKCHAIN<br />
Blockchain-based iGaming platforms are what<br />
could potentially be leading the iGaming industry<br />
in the next few years. With the recent acceptance<br />
of blockchain based companies such as Funfair<br />
and Unikrn in Gibraltar’s online gambling market,<br />
blockchain technology has gained greater traction<br />
amongst online players as they experience what<br />
could possibly become the new digital gaming<br />
environment. Blockchain technology brings several<br />
changes to the online gambling market, the most<br />
prominent of which are:<br />
1. Inducing More Transparency<br />
Across the blockchain network, online gambling<br />
operators are transparent to their players as<br />
there is full disclosure of gambling odds and<br />
of subsequent results of bets placed on their<br />
platform. In addition, the parameters used to<br />
generate games’ outcomes when operating on<br />
the Ethereum blockchain, gives players strong<br />
assurance that the RNG (random number<br />
generator) is not being manipulated by the<br />
operator in any way.<br />
2. Establishing Smart Contract Agreements<br />
Smart contracts are digital agreements<br />
between parties that execute payments when<br />
a preprogrammed condition is triggered by<br />
the outcome of an event. These are basically<br />
a set of instructions – ‘if this, then that’ –<br />
which entails all participants to a transaction.<br />
Smart contracts provide a more secure and<br />
trustworthy arrangement between the player<br />
and the operator since they are based on<br />
verifiable and publicly available immutable<br />
contracts. If you apply this to a casino, a case in<br />
point would be the Roulette, if I bet on red and<br />
the ball stops on red, I win and the casino pays<br />
me my winnings. If the ball stops on black, I lose<br />
and the casino takes my money. By introducing<br />
these smart contracts, there would be less need<br />
for interference from top-level administration as<br />
everything would be integrated through digital<br />
agreements and processes would have become<br />
fully automated and verified.<br />
3. Shift to a ‘Pay-As-You-Go’ Platform<br />
This payment scheme has already experienced<br />
substantial growth within several iGaming<br />
companies and a considerable number of<br />
individuals are also making use of Bitcoin,<br />
Ethereum, Litecoin and other cryptocurrencies to<br />
make payments. In comparison to the traditional<br />
method of payment via banking systems, these<br />
cryptocurrency transactions are faster and easierto-use<br />
while at the same time do not make use of<br />
any intermediary throughout the transaction. With<br />
cryptocurrency transactions, the blockchain itself<br />
acts as an intermediary processor for transactions<br />
incurred by its participants which also explains the<br />
lower transaction costs borne by its users.<br />
4. Cutting-edge Data Security<br />
Since blockchain is built on a decentralized<br />
structure, having a cryptographic secured<br />
network makes it even more difficult for hackers<br />
to attack. Without a central focal point to exploit,<br />
hackers face even higher levels of resilience<br />
when attempting to hack the system.<br />
BLOCKCHAIN AND THE MALTA GAMING AUTHORITY<br />
(MGA)<br />
So far the MGA has only issued consultation<br />
requirements, thus, it has not granted licensing to<br />
any blockchain gambling related activity. At present,<br />
MGA remarks that the Authority supports companies<br />
“that are hosted fully or partially on a Blockchain<br />
environment” under the condition that the operator<br />
ensures that the gaming service it provides to<br />
its customers will not be unduly disrupted by its<br />
operational setup.<br />
The MGA is working towards having a regulated<br />
licensing system for gaming developers with<br />
standards set out for cryptocurrency payments and<br />
digital currency wallets. The recently issued guidance<br />
34 Summer 2018
BLOCKCHAIN<br />
Are you a student looking<br />
for an opportunity?<br />
Join our team and explore what the professional<br />
world has to offer by beginning to build a strong<br />
foundation for you and your future.<br />
E. info@nouv.com.mt<br />
135, ‘Kyle Building’, Triq il-Mediterran,<br />
St. Julian’s, STJ 1870 Malta<br />
nouv.com.mt<br />
T. (356) 2134 5009/10<br />
NOUV MT is an independent member of TGS an international<br />
network of professional business advisors focused on delivering<br />
excellence around the world.<br />
on the use of distributed ledger technology and on<br />
the acceptance of virtual currencies is meant to serve<br />
as a potential ‘test and learn’ live environment as part<br />
of the preliminary acceptance of an online gambling<br />
regulated environment.<br />
The MGA strategy to be at the forefront of<br />
remote gaming regulation while embracing<br />
innovation, is balanced with the recognition<br />
that a prudent approach in this area is sensible<br />
and needed<br />
THE IMPLICATIONS FOR THE MALTESE<br />
<strong>ACCOUNTANT</strong><br />
As blockchain oriented start-up companies are set up<br />
in Malta, other globally renowned gaming companies<br />
have become compelled to plan their next move in<br />
light of blockchain technology. What this implies for<br />
professional accountants is that, while blockchain<br />
allows for greater efficiency in the accountant’s work,<br />
it opens up the possibility for the accountant to focus<br />
time and resources towards the value-adding areas<br />
that are becoming increasingly dependent upon by<br />
these companies.<br />
Blockchain technology brings to the table clarity<br />
across the ownership of assets and existence of<br />
obligations. Furthermore, ledger reconciliation as<br />
we know it is changing, with verifiable blockchain<br />
records automating the bookkeeping process for<br />
the accountant. Henceforth, the accountant directs<br />
attention on the significance of the data itself and its<br />
implications, while keeping a professional skeptical<br />
mindset when applying their professional judgement.<br />
Additionally, blockchain opens up the possibility for<br />
‘real-time reporting’ as distributed ledgers enable<br />
more timely recordings of corporate cash positions.<br />
As advancements in digital technology continue<br />
to evolve and regulations are set out, the auditors’<br />
role will also progress towards the digital era; one<br />
where auditors’ express governance over the types<br />
of blockchains being used within the online gambling<br />
industry. While it has already started to take effect<br />
at present, there is no doubt that in the near future,<br />
auditors need to provide an exhaustive level of<br />
assurance on the digital systems being used by these<br />
businesses, rather than solely focusing their testing<br />
on the transactions themselves.<br />
theaccountant.org.mt<br />
35
INITIAL COIN OFFERINGS<br />
ICOs –<br />
a wealth of opportunities<br />
DR JOSEPH F. BORG<br />
DR JOSEPH F. BORG IS AN<br />
ADVOCATE AND PARTNER AT<br />
WH PARTNERS, HEADING THE<br />
BLOCKCHAIN AND THE GAMING<br />
AND GAMBLING ADVISORY<br />
SECTIONS OF THE FIRM.<br />
TESSA SCHEMBRI<br />
TESSA SCHEMBRI IS A LEGAL<br />
TRAINEE WHO FORMS PART OF<br />
THE BLOCKCHAIN AND GAMING<br />
AND GAMBLING ADVISORY TEAMS<br />
AT WH PARTNERS.<br />
I<br />
nitial Coin Offerings (ICOs) are by-products<br />
of the larger cryptocurrency phenomenon,<br />
which began with the conception of Satoshi<br />
Nakomoto’s Bitcoin back in 2009. With blockchain<br />
technology on the rise, we are continuously seeing an<br />
increase in start-up and mature companies pursuing<br />
a novel path to raise capital: the so-called ICOs,<br />
sometimes referred to as a ‘token generating events’<br />
or simply ‘token sales.’<br />
An ICO is an application which enables organisations of<br />
any size to raise money, in a peer-to-peer manner akin<br />
to crowdfunding, by offering cryptocurrency tokens in<br />
a new venture, project or network. Developers draw<br />
up a ‘whitepaper’ in which they outline their business<br />
idea to potential buyers and then sell tokens to those<br />
willing to contribute. Contributors participate in the<br />
fundraising by transferring fiat currencies like the<br />
euro, or cryptocurrencies like bitcoin and ether, to<br />
the issuer in exchange for a token. The very first token<br />
‘Maidsafe’ was launched via an ICO in 2013 on the<br />
Mastercoin blockchain, but most ICO tokens which<br />
followed were created through the deployment of<br />
a smart contract built on top of an already existing<br />
blockchain. Currently, the most popular blockchains<br />
used for ICOs are the Ethereum, Waves NEO and the<br />
new EOS platforms. The issuing company then designs<br />
digital tokens that can grant any bundle of rights and<br />
obligations for the token holders. When the rights<br />
which stem from tokens embody rights to profits or<br />
voting rights, the ICO may be likened to a traditional<br />
Initial Public Offering (IPO).<br />
The attractiveness of ICOs was spurred by the sudden<br />
rise in the value of bitcoin and the strong expansion of<br />
the overall cryptocurrency market, which resulted in a<br />
widespread media coverage of the blockchain space.<br />
The staggering increase in price which some tokens<br />
experienced following their launch on secondary<br />
market exchanges, continued to serve as an attraction<br />
for businesses and investors with a risk appetite to<br />
invest in these innovative technologies. Nevertheless,<br />
the great decline in the value of the cryptocurrency<br />
market since its high in December 2017, coupled with<br />
the continuing increase in the number of ICOs currently<br />
taking place, is clear evidence that the opportunities<br />
of ICOs extends far beyond market speculation. As<br />
ICOs provide a facility for leveraging cryptocurrencies<br />
and smart contract technology, it has now become<br />
possible to replace traditional venture capital and<br />
other funding models with a more direct, automated,<br />
and decentralised solution. As a result, blockchainbased<br />
ventures have turned to ICOs as a mechanism for<br />
funding, realising these are easier, faster and cheaper<br />
than pursuing seed rounds through traditional venture<br />
capital models. From a token purchaser’s perspective,<br />
ICOs have also presented an opportunity of gaining<br />
access to technology companies at their very early<br />
stages; an opportunity which has traditionally been<br />
limited to venture capitalists and accredited investors.<br />
The turning point for ICOs occurred in July 2017, when<br />
the United States Security and Exchange Commission<br />
(SEC) issued an investigative report cautioning market<br />
participants partaking in ICOs, that such activities are<br />
subject to the requirements of the federal securities<br />
laws. The SEC’s report was issued in response to the<br />
tokens offered during ‘The DAO’ 1 ICO and which were<br />
consequently held to qualify as securities that must<br />
necessarily comply by US securities legislation. The<br />
ramifications of this seminal decision led regulators<br />
and policy-makers worldwide to issue similar warnings<br />
and opinions on the legal requirements, future<br />
enforcement actions and the potential dangers<br />
pursuant to ICOs. Within the European Union, the<br />
European Securities and Markets Authority (ESMA)<br />
issued a statement stressing that firms involved in<br />
ICOs qualifying as financial instruments, are carrying<br />
out regulated activities and must comply with EU<br />
investment services legislation such as the Prospectus<br />
Directive, the Markets in Financial Instruments<br />
Directive (MiFID II) and the now Fifth Anti-Money<br />
Laundering Directive (5AMLD).<br />
Malta was and is the first and only Member State<br />
to go a leap further than just publishing warnings,<br />
consultation documents and discussion papers. The<br />
Maltese Government revealed its ambitious legislative<br />
plan back in February 2018 when it proposed the<br />
introduction of three pieces of legislation which would<br />
regulate the Maltese blockchain ecosystem as a whole.<br />
These are the Malta Digital Innovation Authority Act,<br />
36 Summer 2018<br />
1<br />
Decentralised Autonomous Organisation
Enhance your Responsible Gaming capabilities with a<br />
real-time focus on fairness, player protection, and security<br />
+<br />
Ongoing player<br />
behaviour monitoring<br />
Extension to your<br />
platform functionality<br />
Real-time alerts<br />
and notifications<br />
Flexible and<br />
robust rules engine<br />
www.computimesoftware.com/axon-gaming +356 2149 0700 info@computimesoftware.com
INITIAL COIN OFFERINGS<br />
the Innovative Technology Arrangements and Services<br />
Act and the Virtual Financial Assets (VFA) Act which<br />
were consequently adopted by the Maltese Parliament<br />
on the 4th of July 2018 and are expected to come into<br />
force in October of the same year.<br />
The main legal instrument regulating ICOs issued in or<br />
from within Malta is the VFA Act. This Act distinguishes<br />
between three types of tokens (referred to as ‘DLT<br />
assets’): (1) the ‘Virtual Token,’ (2) the ‘Virtual<br />
Financial Asset’ (VFA) and (3) a ‘Financial Instrument.’<br />
A Virtual Token is defined as ‘a form of digital medium<br />
recordation that has no utility, value or application<br />
outside of the DLT platform on which it was issued<br />
and may only be redeemed for funds on such platform<br />
directly by the issuer of such DLT asset’ and excludes<br />
electronic money. Such tokens fall outside the scope<br />
of the VFA Act. ‘Financial Instruments’ are also not<br />
caught by the VFA Act but fall within the remit of<br />
Maltese rules which transpose the abovementioned<br />
EU investment services legislation.<br />
Therefore, the ICO-specific rules contained in the VFA<br />
Act apply only the issuers of VFAs (referred to as an<br />
‘Initial Virtual Financial Asset Offering’). The Act defines<br />
a VFA as ‘any form of digital medium recordation that is<br />
used as a digital medium of exchange, unit of account,<br />
or store of value and that is not – (a) electronic money;<br />
(b) a financial instrument; or (c) a virtual token. The<br />
litmus test which will distinguish between Financial<br />
Instruments and a VFA is the so-called ‘Financial<br />
Instruments Test’, which explicitly requires that a VFA<br />
functions as a means of exchange and therefore has<br />
a payment function and does not create any rights<br />
which may be exercised by the VFA holder against the<br />
issuer. Under these rules, the issuer of such an ICO<br />
must comply with high level principles and necessarily<br />
draw up a ‘whitepaper’ to be registered with the<br />
Malta Financial Services Authority. The First Schedule<br />
of the Act prescribes disclosure requirements which<br />
must feature in the whitepaper including, inter alia,<br />
a detailed technical description of the protocol,<br />
platform and/or application, the characteristics and<br />
functionality of the VFA, the project, the issuer and its<br />
team, the VFA agent and any service providers used by<br />
the issuer, as well as the applicable exchange rate of the<br />
VFA and any proposed security safeguards. Auditors<br />
should in particular take note of Part VIII of VFA Act, in<br />
which they are imposed reporting obligations in their<br />
auditor reports on the accounts of the issuer.<br />
Furthermore, under the MFSA’s very recent Virtual<br />
Financial Assets Regulations, it is being proposed<br />
that VFA issuers must pay a one-time registration fee<br />
of €4,000 for their whitepaper, as well as an annual<br />
supervisory fee of €1,000, upon the submission of a<br />
certificate of compliance.<br />
According to one of the leading news portals in<br />
this space, globally ICOs have raised over $5billion<br />
in 2017 and over $6billion in the first quarter of<br />
2018. Considering ICOs a wealth of opportunities<br />
is an understatement. Malta, being one of the first<br />
jurisdictions to regulate ICOs has a great potential<br />
of attracting a large share of them over the coming<br />
months and years.<br />
38 Summer 2018
Efficiency in business is<br />
core. So is taking control<br />
over your payments.<br />
When business is moving fast, managing your payments efficiently<br />
and conveniently becomes even more essential. With HSBCnet<br />
you can view the balances of all your business accounts, in one<br />
place – as well as effect multiple payments online with just one<br />
log in. This makes it the ideal tool for transferring money, paying<br />
suppliers or your team’s salaries, at one go… without the need to<br />
pay in either cash or cheques, thus saving your business money as<br />
well as time.<br />
HSBCnet – making payments simpler.<br />
Speak to us today by calling 2380 8000 or visiting<br />
www.business.hsbc.com/mt/HSBCnet<br />
Together we thrive<br />
Approved and issued by HSBC Bank Malta p.l.c., 116 Archbishop Street, Valletta VLT 1444 which is regulated by the Malta Financial Services Authority. (Ref No. 101501 – 04/2018)
GETTING IT RIGHT<br />
GETTING IT RIGHT<br />
PAYROLL PROCESSING: What does it really involve?<br />
limit of EUR 5,000.00) in respect of every child<br />
if the income is from employment. This also<br />
applies in the case of self-employment. Specific<br />
forms will need to be enclosed with the Personal<br />
Income Tax Return so that the tax credit can<br />
be availed of. Lastly, it is important that once<br />
a woman returns to work a revised FS4 should<br />
also be submitted.<br />
CHRISTABELLE AGIUS<br />
TEAM LEADER – ACCOUNTING<br />
SERVICES AT CSB GROUP<br />
NICKY ALBANAZZO<br />
ACCOUNTS ASSISTANT – CSB<br />
GROUP<br />
Payroll is not simply a payroll run exercise<br />
using a software package, which automatically<br />
calculates the employees’ taxation and social<br />
security contributions, produces the monthly<br />
FS5s, and the annual FS3s and FS7s. Besides<br />
ensuring that the employees are registered with<br />
Jobsplus and the Inland Revenue Department<br />
(IRD), that they are taxed at the correct and<br />
most beneficial rates of taxation (single, married<br />
or parental rates as applicable) and deducting<br />
the National Insurance contributions (NI), as<br />
well as paying its employer’s share of NI and<br />
maternity fund contributions in time, the<br />
employer must also be well versant with the<br />
various regulations/legal notices in place, that<br />
may affect its employees’ level of taxation and<br />
hence the whole payroll run.<br />
A few of these to be considered are the following:<br />
1. Women returning to employment<br />
It is important to be well aware of the rule that<br />
benefits women returning to work after their<br />
maternity leave, or after a certain number<br />
of years. A tax credit of up to a maximum of<br />
EUR 2,000, is available for women who have<br />
been absent from work for 5 years and have<br />
a child under the age of 16, or for every child<br />
born from 1st January 2007 onwards. The tax<br />
credit may not only be set-off against the tax on<br />
employment income, but may be availed of over<br />
a period of two consecutive years of assessment,<br />
commencing from the year of assessment<br />
during which the return to employment occurs.<br />
Instead of utilising the tax credit of EUR 2,000, a<br />
mother can opt for one year tax credit (up to a<br />
2. Highly Qualified Persons<br />
Employing companies licensed with the Malta<br />
Financial Services Authority (MFSA), the Malta<br />
Gaming Authority (MGA) or Transport Malta<br />
(TM) may employ senior individuals occupying<br />
certain key positions (specifically outlined in the<br />
regulations), who may avail from tax benefits<br />
pertaining to the Highly Qualified Persons Rules.<br />
Such senior employees may opt to pay tax at<br />
the Flat Rate of 15% on employment income<br />
and fringe benefits, derived in respect of work<br />
or duties carried out in Malta (or in respect of<br />
any period spent outside Malta in connection<br />
with such work or duties). Certain conditions<br />
need to be fulfilled before this beneficial tax rate<br />
can be applied. An RA17 form would need to<br />
be completed and endorsed by the respective<br />
authority.<br />
3. Fringe Benefits<br />
The term Fringe Benefit refers to any benefit<br />
provided or deemed to be provided by reason<br />
of an employment or office.<br />
Only fringe benefits listed in the regulations<br />
are subject to tax. The regulations determine<br />
the value of the benefit for tax purposes. Most<br />
common fringe benefits relate to company<br />
cars, car cash allowances and provision of<br />
accommodation to employees.<br />
A recent change occurred in the Share option<br />
Scheme.<br />
40 Summer 2018
GETTING IT RIGHT<br />
The value of the benefit is the excess, if any, of<br />
the market price of the shares if sold on the date<br />
when benefit is provided over the option price of<br />
the same shares. This benefit is being taxed at the<br />
special flat tax rate of 15%.<br />
Not all fringe benefits are subject to tax: Below is<br />
a list of just a few exemptions:-<br />
• The cost of travel for business purposes<br />
including a reasonable subsistence<br />
allowance;<br />
• Cost of travel between Malta and Gozo;<br />
• Cost of business related training;<br />
• Subscriptions in respect of an employee’s<br />
membership to a professional body;<br />
4. Part Time Rules<br />
These apply to full-time students, apprentices,<br />
full-time employees and pensioners.<br />
The benefits and conditions to apply these rules<br />
are namely the following:<br />
• Income from part time employment is taxed<br />
at 15% up to a maximum of Euros 10,000 /<br />
Euro 12,000 i.r.o. self-employment.<br />
• Once the above thresholds are exceeded,<br />
normal tax rates will apply,<br />
• Part time activity can be either employment<br />
or self-employment,<br />
• Employee must be registered with Jobsplus,<br />
• Full time and part time employment must<br />
not be carried out with the same employer<br />
or employers within the same group of<br />
companies,<br />
• Part time employment cannot exceed 30<br />
hours per week.<br />
In Payroll processing, one is processing significant<br />
personal data and this also brings us to the important<br />
subject of GDPR which cannot be left unmentioned<br />
when speaking about payroll processing. GDPR came<br />
into full force on 25 May 2018, and although handling<br />
of personal data was always considered important,<br />
now payroll providers had to undergo a radical change<br />
in all their internal processes to ensure they are<br />
compliant. These include:<br />
A. Completion of data registers specifying what<br />
personal data is being processed, how it is being<br />
processed, who is responsible for it, etc.,<br />
B. Implementing a data retention policy ensuring<br />
personal data is not kept longer than necessary<br />
(legal minimum retention periods would<br />
supersede GDPR retention requirements),<br />
C. Consolidating personal and payroll data in one<br />
location,<br />
D. Creation of a GDPR readiness plan,<br />
E. Undergoing GDPR audits to make sure all<br />
processes and systems are GDPR compliant,<br />
F. Considering appointing a Data Protection Officer,<br />
G. Giving employees full visibility of the data you<br />
hold on them,<br />
H. Creating GDPR-compliant privacy notes for your<br />
employees.<br />
Organisations are responsible for their own data and<br />
to ensure it is protected. Third-party relationships with<br />
HR/payroll partners/providers could present both a<br />
risk and opportunity.<br />
It is important that a GDPR data processing agreement<br />
is put in place outlining clearly the duties and<br />
obligations of the data controllers and the data<br />
processors. Very often the data controller is the client<br />
who gives the instructions and the payroll providers/<br />
partners are the data processors. The agreement<br />
should stipulate various matters including, that the<br />
latter shall process personal data solely in accordance<br />
with the agreement, they shall ensure that personal<br />
data is not disclosed or transferred to any third<br />
party without the prior explicit written consent of<br />
Data Controller, except as specifically stated in this<br />
Agreement or as explicitly required by law. The Data<br />
Processor shall not engage another processor (subprocessor)<br />
without prior written authorisation of Data<br />
Controller. The latter should be informed in writing who<br />
shall approve or disapprove any such other processor.<br />
The Data Processor shall inform Data Controller of the<br />
location of the Personal Data upon the request of the<br />
Data Controller. The Data Processor shall allow for and<br />
contribute to audits, including inspections, conducted<br />
by an authorised auditor appointed by Data Controller.<br />
Due to the above and many other considerations that<br />
one needs to be aware of during payroll processing,<br />
outsourcing the payroll to a professional service<br />
provider whose payroll and tax department work<br />
hand in hand and are continually updated with new<br />
regulations could be the way forward. Strong HR/<br />
payroll partners/providers can assist organisations<br />
in being also GDPR compliant and take away a<br />
part of the burden and risk, because their systems<br />
and processes would ensure protection of your<br />
employees’ personal data.<br />
CHRISTOPHER CARUANA<br />
ASSISTANT TEAM LEADER –<br />
ACCOUNTING SERVICES AT CSB<br />
GROUP<br />
JACQUELINE MC INTYRE<br />
ACCOUNTS EXECUTIVE – CSB<br />
GROUP<br />
theaccountant.org.mt<br />
41
Make nights<br />
even more beautiful<br />
The Multi range. For storing, for living, for sleeping.<br />
Designed and manufactured to order in Germany. Locally brought to you exclusively by Joinwell.<br />
www.joinwell.com.mt info@joinwell.com.mt +356 2278 2000 Mill Street Qormi QRM 3102
TAXATION<br />
TAX AND TECHNOLOGY –<br />
the state of play<br />
In recent years, the tax sphere has been blighted by a number<br />
of controversies, which have brought the tax strategies adopted<br />
by multinational enterprises under the spotlight. Events such<br />
as the Luxembourg leaks, as well as the European Commission<br />
investigations into state aid granted by member states to<br />
multinational enterprises, have resulted in a period of the biggest<br />
changes to international corporate tax rules.<br />
LUCA PACE<br />
LUCA IS A MANAGER WITHIN THE<br />
INTERNATIONAL TAX TEAM AT<br />
DELOITTE MALTA, HAVING JOINED<br />
AFTER READING FOR A MASTER<br />
IN ACCOUNTANCY DEGREE AT<br />
THE UNIVERSITY OF MALTA,<br />
WITH MAIN AREAS OF FOCUS<br />
BEING TAX TRANSPARENCY AS<br />
WELL AS THE DIGITAL ECONOMY,<br />
SUCH AS DISTRIBUTED LEDGER<br />
TECHNOLOGIES.<br />
This has led to the OECD (Organisation for economic<br />
corporation and development) to pursue the base<br />
erosion and profit shifting (BEPS) project. The<br />
latter being an ambitious task of reviewing existing<br />
international tax rules and principles, to set out<br />
recommendations, as well as establish minimum<br />
standards in order to ensure a fairer system of<br />
taxation, with the aim of taxing profits where<br />
economic activities leading to value creation are<br />
conducted. As a result of the work carried out by<br />
the OECD as part of the BEPS project, one theme<br />
emerged where present tax rules, when applied<br />
within the context of a global economy with<br />
increased mobility of capital and resources, which<br />
was adopting increased digitalised processes, were<br />
not up to the task of successfully bringing to tax<br />
income where value was created.<br />
The sourcing rules laid out within the OECD Model<br />
Tax Convention, on which most double tax treaties<br />
are based including the majority of those entered<br />
into by Malta, contracting states typically have the<br />
right to tax income sourced within their jurisdiction<br />
by a foreign enterprise through a fixed place of<br />
business, which carries out the business activity.<br />
However, an exception to this rule found application<br />
towards certain specific activities conducted by an<br />
enterprise in a jurisdiction, such as warehousing,<br />
which were considered to constitute preparatory<br />
and auxiliary services and therefore outside of<br />
the source jurisdiction to tax the profits from such<br />
activities, if any. Such loopholes have been exploited<br />
and further enforced the need, to truly understand<br />
the digital changes happening within the economy<br />
and establishing a way to tax profits where value is<br />
truly created.<br />
On the 16 March of this year, following work previously<br />
carried out in the area of the digital economy as part<br />
of BEPS Action 1, the OECD published the highly<br />
anticipated interim report on tax challenges arising<br />
from the digital economy (the ‘Interim Report’). The<br />
Interim Report considers certain digital business<br />
models and how and where value is created within<br />
the global digitalised economy, as well as the views<br />
of the different members of the Inclusive Framework<br />
on BEPS (a group of around 100 countries which<br />
collaborate on the implementation of BEPS<br />
measures), on whether and to what extent changes<br />
to international tax rules should be made in order to<br />
cater for a digitalised economy. The salient takeaways<br />
from the Interim Report include a lack of consensus<br />
by the Inclusive Framework, with a commitment to<br />
deliver a final report by 2020 on a proposed solution,<br />
as well as short-term solutions being perceived as the<br />
wrong approach to the issue at hand.<br />
The challenge posed by digital business activities, has<br />
also been of interest to the European Commission.<br />
Shortly after the publication of the Interim Report<br />
by the OECD, on 21 March 2018, the European<br />
Commission published two proposed directives<br />
with the intention to address the need for a fair and<br />
effective taxation of the digital transformation within<br />
the economy.<br />
The first proposed council directive intends to lay<br />
down rules relating to the corporate taxation of a<br />
significant digital presence (COM/2018/147/FINAL).<br />
This proposed directive aims at establishing a<br />
taxable nexus for businesses with a digital presence<br />
in jurisdictions, without any physical commercial<br />
presence, i.e. a significant digital presence. Further<br />
44 Summer 2018
A banking partner you can rely on,<br />
giving you the power to succeed.<br />
At Sparkasse Bank Malta plc we have introduced an extensive suite of banking services geared<br />
towards Financial Practitioners, Corporate Service Providers and their clients’ individual needs.<br />
Our services deliver private, personal and efficient solutions to professionals and are supported by<br />
a highly skilled and dedicated team of Private Bankers.<br />
For Private and Corporate Banking, Wealth Management and Fund Custody, talk to Sparkasse Bank Malta plc.<br />
Call +356 2133 5705 or email us on info@sparkasse-bank-malta.com.<br />
www.sparkasse-bank-malta.com<br />
Sparkasse Bank Malta plc, 101 Townsquare, Ix-Xatt ta’ Qui-si-Sana, Sliema SLM3112, Malta<br />
Sparkasse Bank Malta plc is licensed and regulated in Malta by the Malta Financial Services Authority (MFSA)<br />
to provide Banking, Investment and Custody services.<br />
Part of the Austrian Savings Banks - Banking since 1872
TAXATION<br />
to the formation of what is being labelled as a ‘digital<br />
permanent establishment’, this proposal further<br />
sets out principles for the attribution of profits to<br />
qualifying significant digital presence. In terms of<br />
the proposal, the threshold for a significant digital<br />
presence in a member state to subsist would require<br />
for a digital service to be provided through a digital<br />
interface, which generates revenues in a Member<br />
State during a taxable period in excess of €7million,<br />
to users in excess of 100,000 and through the<br />
conclusion of 3000 business contracts for the supply<br />
of a digital service in a member state during a taxable<br />
period. This threshold led to numerous comments<br />
on the proposal, where it has been considered to<br />
be low, considering the size of the European market.<br />
Furthermore, the proposed attribution of profits<br />
to a significant digital presence is akin to a physical<br />
permanent establishment, with modifications to<br />
reflect the virtual nature of the significant digital<br />
presence, taking into consideration the economically<br />
significant activities performed.<br />
The second proposed directive (COM/2018/148/<br />
FINAL), seeks to establish tax on revenues from<br />
certain digital services and is labelled as a quick fix,<br />
to the problem of having international corporate tax<br />
rules designed prior to today’s digital era. Set to be<br />
an interim solution, the European Commission is<br />
proposing a digital sales tax (DST) of 3% on revenues<br />
from the provision of certain digital services by<br />
qualifying multinationals, with a total worldwide<br />
revenue in excess of €750m and revenue from<br />
within the EU in excess of €50million. The proposed<br />
DST, should it be adopted, would be levied on gross<br />
revenues (net of VAT) from certain online advertising,<br />
transmission of collected user data, as well as from<br />
digital platforms which facilitate user interaction.<br />
The aim of the European Commission, through the<br />
DST, is to hit digital firms that rely heavily on user<br />
participation as a means to generate revenue, a move<br />
which some have labelled as specifically targeting<br />
digital giant multinationals headquartered within<br />
the United States, at a time when the United States<br />
has pushed through the biggest federal tax reform<br />
in a generation. Whilst the DST is only expected to<br />
find application until a long-term solution can be<br />
found, many fear that such an interim measure could<br />
potentially become a permanent fix, along with the<br />
perceived issues which have been identified so far.<br />
The developments broadly discussed above ought to<br />
be carefully considered from a Malta perspective, given<br />
the importance which digitalised business continue<br />
to play within the economy. As the EU proposed<br />
directives go through the different consultations and<br />
discussions, along with the OECD’s report set to land<br />
in 2020, the impact which these will have on Malta’s<br />
competitiveness should be fully understood. This is<br />
essential, especially with the increased importance<br />
that the iGaming and IT sectors play within the<br />
economy and considering further Malta’s recent<br />
commitment in developing a regulatory framework<br />
for the blockchain industry to flourish.<br />
46 Summer 2018
Reminder:<br />
Get your dream job.<br />
Now.<br />
For the past 30 years, MGI Malta has been delivering an<br />
inclusive, specialised and friendly service to its clients in<br />
the accountancy, assurance, tax, gaming and business<br />
consulting fields.<br />
Our strength lies in employing high-calibre human<br />
resources who endorse our passion in providing excellent<br />
service to our clients.<br />
We are constantly looking for people who enjoy<br />
working within a specialised team in a forward-looking<br />
organisation servicing a diverse portfolio of mostly<br />
foreign clients.<br />
If you are a qualified or partly qualified accountant, this is<br />
your time to fast forward your prospects. Our HR partner<br />
will be more than happy to meet you in confidence to<br />
explore a possible career at MGI Malta.<br />
MGI Malta,<br />
Central Business Centre,<br />
Level 1, Suite 2,<br />
Mdina Road,<br />
Żebbuġ ZBG 9015, Malta.<br />
Tel: +356 2180 2044 (4 lines)<br />
Fax: +356 2167 5418<br />
Email: info@mgimalta.com<br />
www.mgimalta.com
INDIRECT TAX<br />
DIGITALISATION IS HERE<br />
An indirect Tax perspective<br />
SAVIOUR BEZZINA<br />
SAVIOUR BEZZINA IS A SENIOR<br />
MANAGER RESPONSIBLE FOR<br />
INDIRECT TAX MATTERS AT THE<br />
EY MALTA OFFICE AND LECTURES<br />
REGULARLY ON VAT AND INDIRECT<br />
TAX MATTERS.<br />
Digitalisation is disrupting the<br />
conventional methods in which<br />
business used to be conducted,<br />
hence presenting new scenarios on<br />
various indirect tax fronts mainly VAT and<br />
equally/more important a new concept of<br />
Digital Turnover Tax<br />
VAT<br />
As part of the Digital Single Market strategy a legislative<br />
proposal was made to modernise and simplify VAT<br />
for cross-border e-commerce which was adopted by<br />
ECOFIN on 5 December 2017 in the form of:<br />
• Council Directive (EU) 2017/2455 of 5 December<br />
2017 amending Directive 2006/112/EC and<br />
Directive 2009/132/EC as regards certain value<br />
added tax obligations for supplies of services<br />
and distance sales of goods<br />
• Council Implementing Regulation (EU) 2017/2459<br />
of 5 December 2017 amending Implementing<br />
Regulation (EU) No 282/2011 laying down<br />
implementing measures for Directive 2006/112/<br />
EC on the common system of value added tax<br />
The new rules will come into force in two stages.<br />
First (2019), a much-requested threshold will<br />
be introduced for the application of the existing<br />
MOSS (Mini One Stop Shop) system for TBEs<br />
(Telecommunications, broadcasting and electronic<br />
services), as well as a simplification regarding the<br />
evidence businesses need for determining the<br />
location of their customers.<br />
Two years later (2021), the (M)OSS system for VAT<br />
reporting and payment will be extended to all types<br />
of services (B2C) as well as to distance sales of goods.<br />
The current import VAT exemption for low value<br />
consignments will be removed (current Article 23<br />
of Council Directive 2009/132/EC). New rules will<br />
be introduced with regards to the VAT implications<br />
of electronically facilitating certain types of distance<br />
sales and the payment of import VAT.<br />
The EU is also looking at the concept of a Single VAT<br />
Area encompassing:<br />
• the introduction of a definitive system for<br />
taxation between Member states (shift from<br />
origin to destination principle)<br />
• proposals with regards to certain exemptions for<br />
Intra Community Transactions<br />
• the introduction of the concept of Certified<br />
Taxable Person<br />
Moreover, earlier this year the EU submitted<br />
additional proposals with respect to more VAT Rates<br />
flexibility and less red tape for small businesses<br />
At a domestic level, online VAT services are<br />
continuously being expanded to cover a wider<br />
array of services. From a technical perspective, the<br />
authorities are updating various guidelines with<br />
respect to certain areas which are experiencing<br />
continuous changes, whilst developing new guiding<br />
principles regarding new industries currently being<br />
developed in conjunction with all involved parties.<br />
TAXATION OF DIGITALISED ACTIVITIES<br />
On 21 March 2018, the European Commission issued<br />
two proposals for new Directives regarding new ways<br />
to tax digitalized forms of business activity.<br />
The proposals focus on a two-phased approach:<br />
• an interim solution - Digital Services Tax (DST –<br />
3% turnover tax across all EU Member States -<br />
will apply only until the SDP solution has been<br />
implemented.)<br />
• a long-term solution – New Corporate taxation<br />
rules of a Significant Digital presence (SDP - new<br />
concept/definition of digital PE (Permanent<br />
Establishment) and revised profit attribution rules).<br />
DIGITAL SERVICE TAX<br />
It will tax revenues created from activities where<br />
users play a major role in value creation (difficult to<br />
capture with current tax rules) including:<br />
• Selling online advertising space<br />
• Digital intermediary activities which allow users<br />
to interact with other users and which can<br />
facilitate the sale of goods and services between<br />
them<br />
• The sale of data generated from user-provided<br />
information SDP<br />
For DST to apply the company must have total annual<br />
worldwide revenues of €750 million (or more) AND<br />
annual EU revenues of €50 million (or more). This<br />
will help to ensure that smaller start-ups and scaleup<br />
businesses remain unburdened. An estimated €5<br />
48 Summer 2018
Is the most<br />
transformative<br />
perspective the<br />
one you don’t have?<br />
In this Transformative Age, the opportunities<br />
that emerge from disruption are ready<br />
to be seized.<br />
ey.com/consulting #BetterQuestions<br />
© 2018 EYGM Limited. All Rights Reserved. ED 0419.
INDIRECT TAX<br />
With respect to profit attribution the view is that<br />
the Authorized OECD approach (AOA), remains<br />
the underlying principle for attributing profits to a<br />
significant digital presence. However, it needs to be<br />
adapted in a consistent manner, to reflect the way<br />
value is created in digital activities.<br />
The proposed rules lay down the general principles<br />
for allocating profits to a significant digital presence<br />
building on the current corporate tax rules which<br />
look at the risks managed, the functions performed,<br />
and the assets used by a permanent establishment<br />
and the criteria for allocating profits.<br />
billion in revenues a year could be generated for<br />
Member States if the tax is applied at a rate of 3%.<br />
It will be based on a system of self-declaration by<br />
taxpayers. A One-Stop-Shop digital portal will be set<br />
up to help companies comply allowing a member<br />
state to identify the taxpayer, collect the tax and<br />
allocating it to other member states as appropriate.<br />
SIGNIFICANT DIGITAL PRESENCE<br />
It defines Digital services as services which are<br />
delivered over the internet or an electronic network<br />
and the nature of which renders their supply<br />
essentially automated, involving minimal human<br />
intervention. They are also impossible to ensure in<br />
the absence of information technology and identifies<br />
two lists of specific services which are covered (or<br />
not) by the said definition.<br />
A company will be considered to have an SDP if one<br />
of the following three criteria is met:<br />
• It exceeds €7 million in annual revenues from<br />
digital services in a member state<br />
• It has more than 100,000 users who access its<br />
digital services in a member state in a taxable year<br />
• Over 3000 business contracts for digital services<br />
are created between the company and business<br />
users in a taxable year<br />
It also includes additional tests in the profit allocation<br />
process to reflect the fact that a significant part of<br />
a digital business’ value, is created where users are<br />
based and data is collected.<br />
The proposal does not contain information<br />
regarding tax rates applicable under the SDP, with<br />
the indications being that member states would<br />
apply their national corporate income tax rules with<br />
respect to the profits attributable to a digital PE in<br />
their jurisdiction.<br />
Both DST and SDP proposals will require unanimity<br />
in order to be implemented via new Directives with<br />
the Commission, hoping for final adoption by 31<br />
December 2019, and transposition into national law<br />
on 1 January 2020.<br />
All this is shaping up in a very dynamic indirect tax<br />
environment, wherein some major changes might<br />
be in store in the near future for operators acting<br />
in the digital business sphere. Such a sector is fast<br />
developing into one of the main pillars of the local<br />
economy. Hence the importance that both operators<br />
and authorities are continuously up to speed with<br />
respect to such changes and their wide-ranging<br />
implications, with a view to be well prepared, take<br />
timely and appropriate decisions, and collaborate<br />
together in the interest of all involved parties.<br />
50 Summer 2018
INTERNATIONAL PUBLIC SECTOR ACCOUNTING STANDARDS<br />
The Relevance of IPSAS and the IPSASB<br />
Conceptual Framework for Malta<br />
The article is based on a dissertation presented in partial fulfillment of the Master<br />
in Accountancy degree programme at the University of Malta. The study focused<br />
on the relevance of the IPSASB (International Public Sector Accounting Standards<br />
Board) Conceptual Framework for the changeover to accrual accounting in the<br />
public sector. Findings were collected through interviews performed with local<br />
Maltese experts and academics.<br />
KARL CACHIA<br />
KARL CACHIA IS A CERTIFIED<br />
PUBLIC <strong>ACCOUNTANT</strong> AND IS A<br />
VISITING LECTURER WITHIN THE<br />
ACCOUNTANCY DEPARTMENT AT<br />
THE UNIVERSITY OF MALTA.<br />
MARIA GRECH<br />
MARIA GRECH STUDIED FOR HER<br />
BACHELOR OF COMMERCE AT<br />
THE UNIVERSITY OF MALTA AND<br />
MAJORED IN ACCOUNTANCY<br />
AND BANKING AND FINANCE.<br />
SHE SUCCESSFULLY COMPLETED<br />
HER MASTER IN ACCOUNTANCY<br />
AND CURRENTLY WORKS AS<br />
AN ASSISTANT MANAGER AT<br />
SHELTONS MALTA.<br />
A BRIEF HISTORY OF THE ACCOUNTING REFORM<br />
IN THE PUBLIC SECTOR<br />
The Government of Malta is currently undertaking a very<br />
important accounting reform. The central government<br />
will start reporting its accounts using the accrual basis,<br />
replacing the long-outdated cash accounting basis.<br />
Cash accounting for central government emerged from<br />
the Departmental Accounting System (DAS) introduced<br />
in 1996.<br />
The financial reporting duties of the Government<br />
increased substantially with Malta’s membership in<br />
the European Union and the Eurozone. In 2012 it<br />
was decided to start the International Public Sector<br />
Accounting Standards (IPSAS) project, where the IPSAS<br />
Committee was established locally. In that same year, the<br />
Financial Policy and Management Directorate under the<br />
Ministry for Finance, organised a seminar to introduce<br />
IPSAS and identify the way forward for Malta to adopt<br />
and implement the accounting standards.<br />
Meanwhile the EU was moving towards a state of<br />
harmonisation. The European bloc decided not to<br />
implement IPSAS and instead develop its own set of<br />
standards – the European Public Sector Accounting<br />
Standards (EPSAS). In 2013, the Treasury commissioned<br />
the CIPFA (Chartered Institute of Public Finance and<br />
Accountancy) which performed a ‘gap analysis’ on the<br />
transition from cash to accrual accounting. The analysis<br />
concluded that full accrual accounting and reporting<br />
principles were needed since the Government was using<br />
solely cash accounting principles. Since the EPSAS project<br />
was still in progress, CIPFA also recommended to use<br />
IPSAS as a basis for the new accounting system locally and<br />
to later adapt the system to the requirements mandated<br />
by EPSAS, once the standards were finalised.<br />
In the wake of this report, the Ministry for Finance set<br />
up the IPSAS Project Board and the IPSAS Project Team in<br />
2014. Currently, IPSAS are in the process of being adapted<br />
in the local context. Each IPSAS is being assessed in terms<br />
of its impact on government procedures, reporting and<br />
legislation. Once the assessments are concluded and<br />
guidelines are developed, the IPSAS have to be approved<br />
by the IPSAS Project Board.<br />
In July 2017 a contract was entered into by the Ministry<br />
for Finance, that commenced the change of the<br />
financial operations of Central Government, effectively<br />
introducing accrual accounting based on IPSAS as<br />
adopted by the Maltese Government. The project is<br />
planned to have three implementation phases, with the<br />
first phase planned to be finished by January 2019.<br />
THE IPASAB CONCEPTUAL FRAMEWORK<br />
The IPASAB conceptual framework is predominantly based<br />
on the IASB (International Accounting Standards Board)<br />
framework. One of the questions posed to interviewees<br />
was, whether this was ideal since the IASB framework<br />
was predominantly designed for the private sector. It<br />
transpired that for the most part, the amendments to<br />
the IASB framework that resulted in the codification of<br />
the IPASAB framework, are enough to cater for the public<br />
sector’s needs. The only issue identified by respondents<br />
was that the IPASAB framework does not conceptualise<br />
‘stewardship’ in the context of the public sector. While<br />
the concept of ‘accountability’ applies to any entity,<br />
‘stewardship’ is particularly relevant to the public sector.<br />
Having said that, the IPSASB Conceptual Framework was<br />
deemed applicable and was in fact adopted in toto by<br />
the Government.<br />
Interviewees pointed out that accrual accounting is the<br />
way forward for Malta, and it was due time for this reform<br />
to finally take shape. With accrual accounting, a more<br />
inclusive set of financial information will be presented.<br />
It was also highlighted that the IPSASB Conceptual<br />
Framework is relevant to the changeover and is being<br />
referred to when adapting the IPSAS standards to the<br />
local context. The framework acts as a sounding board to<br />
the adaptation of IPSAS to the local scenario.<br />
WHAT ARE THE ALTERNATIVES?<br />
When it comes to the accrual changeover, there are<br />
other routes that the Government could have taken.<br />
International Financial Reporting Standards (IFRS) could<br />
have been implemented and adopted specifically for<br />
the Maltese public sector needs. However, IFRS are<br />
predominantly based on private sector organisational<br />
52 Summer 2018
INTERNATIONAL PUBLIC SECTOR ACCOUNTING STANDARDS<br />
Public Sector<br />
Financial Reporting Transparency<br />
Communication<br />
IPSAS<br />
Financial Management<br />
Good Goverment<br />
Accountability<br />
International Standards<br />
and accountability characteristics. Adapting IFRS to the<br />
local public sector would have therefore required much<br />
more effort and resources.<br />
Another option would have been to develop local<br />
reporting standards which would have catered for<br />
issues unique to the public sector in Malta. This option<br />
would also have required a lot of resources, not to<br />
mention that the changeover has been long overdue<br />
and the development of a new set of standards would<br />
have delayed the changeover even further.<br />
Malta’s approach was seen by respondents as a natural<br />
application of what was already available off the shelf,<br />
adapted to the local context: IPSAS as adopted by the<br />
Maltese Government. In this way, the limited resources<br />
will be used for adapting what is already available and<br />
internationally recognised to the local scenario. The<br />
IPSAS Project Team is analysing each individual IPSAS<br />
to apply it to the local context. Guidelines specific to<br />
Malta will also be issued.<br />
Since IPSAS originated from private sector standards,<br />
they will require the same level of technical knowhow<br />
from its users, particularly preparers of financial reports.<br />
There should be more focus on training public sector<br />
employees and on engaging qualified accountants to<br />
maintain the new reporting system.<br />
The adoption of IPASAB framework and IPSAS is<br />
the starting point of the Government’s move to<br />
accrual accounting. The Government can re-visit the<br />
implementation of IPSAS after a few years, whilst<br />
assessing the implications surrounding the eventual<br />
development of EPSAS.<br />
DR KEITH CILIA DEBONO<br />
DR KEITH CILIA DEBONO IS A<br />
CONSULTANT AT MITA, WITH<br />
OVER 25 YEARS OF STRATEGY<br />
SPECIALISATION IN VARIOUS<br />
FIELDS OF NATIONAL INTEREST.<br />
CYBERSECURITY IN THE AGE<br />
OF DIGITALISATION<br />
Synopsis: Digitilisation has brought about fundamental changes in global society<br />
and the economy. Whilst ushering progress it has also brought about threats and<br />
vulnerabilities that challenge cyber security and thus, overall stability. In the process,<br />
cyber security cannot adopt a traditional ‘fortressed city’ approach but calls for<br />
innovative measures that muster in strategic, legal, technical as well as behavioural<br />
energies for effectiveness.<br />
Digitilisation has permeated all spheres of society;<br />
including politics and economics, as well as science<br />
and culture. It has changed the way people live and<br />
interact in their day to day lives. Technologies such<br />
as the cloud, big data analytics, mobile computing,<br />
the blockchain, Internet of Things (IoT) and Artificial<br />
Intelligence (AI) are transforming the way of how<br />
organisations manage their day to day business,<br />
from decision making to customer service. They<br />
have extended beyond the confines of traditional<br />
ICT systems and functions, such as through their<br />
access to sensitive data and in their conduct of<br />
decentralised activities which may be critical in their<br />
own right. Thus, digitalisation knows no personal,<br />
functional, organisational and even national bounds;<br />
creating in effect new challenges including those of<br />
privacy and security. The resulting paradox is that<br />
whilst society is more efficient as digitalisation<br />
progresses, it is increasingly more fragile and<br />
vulnerable to cyber related attacks.<br />
Data breaches are increasingly one main<br />
consequence of cyber-attacks, especially in business<br />
domains that handle sensitive data, such as medical<br />
and financial institutions. They may be a result of<br />
social engineering methods which maliciously trick<br />
users to provide unauthorised access or data; loss or<br />
theft of mobile devices or media carrying sensitive<br />
data; insider accidents by employees who may<br />
mistakenly provide access to sensitive information<br />
or lack of cybersecurity preparedness by business<br />
partners.<br />
54 Summer 2018
theaccountant.org.mt<br />
55
CYBERSECURITY<br />
Worst of all, especially due to their least expectation,<br />
although viewed as one of the most common cyber<br />
related data breaches, are insider frauds within<br />
organisations by the employees themselves or insider<br />
snooping whereby sensitive data is accessed by<br />
unauthorised employees.<br />
Additionally, traditional ICT systems are increasingly<br />
coexisting with user-managed devices such as BYOD<br />
(Bring your own device) and with a vast number of<br />
other data management systems. Their deployment in<br />
potentially vulnerable environments such as hospitals<br />
and power generation plants, compound their risk to<br />
human welfare through cyber-attacks. Similarly, the<br />
disruption of one single market entity through a cyberattack<br />
may carry risks across multiple countries and<br />
financial infrastructures, damaging trust in banking<br />
and payment services, thus leading to damage in the<br />
smooth functioning of society.<br />
Within the EU, the latest legal initiatives are one means<br />
of assisting in countering the new digital security threats<br />
in the long run. Whilst the General Data Protection<br />
Regulation (GDPR) aims to protect EU citizens<br />
personal data, the Network and Information Systems<br />
Directive aims to assist in protecting critical European<br />
infrastructure. They are good and necessary initiatives<br />
that will have a favourable impact on EU Member States<br />
data protection capabilities and cyber resilience over<br />
the coming years.<br />
occurs in the most secure and holistic manner. This<br />
involves technology as well as strategy, processes and<br />
ultimately people themselves.<br />
Indeed, cyber security requires strategy and<br />
prioritisation. Digital transformation projects may<br />
look attractive at a business case level viewing them<br />
from their characteristics of change, ability, speed,<br />
connectivity and customer experience. Security is<br />
however often seen as a stumbling block. It is true that<br />
security is not always an easy feat and unfortunately<br />
the relationship between security and emerging<br />
technologies is not always a great one. Rather than<br />
looking solely at the return on investments made in<br />
such technologies, it would therefore be best to factor<br />
in at the onset potential losses should there be a failure<br />
to properly assess and protect those areas which need<br />
securing. Cyber security cannot be an afterthought.<br />
Cyber security professionals thus need to be involved at<br />
the onset of any digitalisation projects.<br />
However, digitalisation has arrived with a tempo that<br />
few had envisaged, bringing new threats and leaving<br />
significant gaps in cyber security awareness and<br />
behaviour. Whilst predictions on where technology<br />
is heading are relatively good, it cannot be said of<br />
its social implications. Thus, cyber security cannot<br />
be obtained through legislation alone but requires<br />
intense, coordinated and continuous understanding<br />
and involvement of the entire digital value chain<br />
from citizens, digital suppliers, organisations, law<br />
enforcement entities and governments. Apart from<br />
the technical perspective, the need to understand and<br />
tackle such a challenge from a behavioural science point<br />
of view is thus crucial.<br />
Attackers on cyber space after all, wield a huge<br />
advantage over its defenders. They need to focus<br />
and exploit one vulnerability to be able to obtain<br />
results. Organisations, on the other hand need to<br />
ensure that a myriad of cyber security challenges are<br />
addressed and that the ever-increasing connectivity<br />
Within the context of digitalisation, cyber security<br />
beginning at the level of a mobile user and working<br />
all the way up to system wide vulnerabilities is<br />
increasingly a must. The role of information and data,<br />
which plays a critical role in all of this, is not to be<br />
undervalued. It is therefore necessary for all systems<br />
and technologies involved to be categorised in terms<br />
of their criticality, especially if they handle or manage<br />
sensitive data or operations. Using an analogy of a<br />
walled city, traditionally, security defences around<br />
the traditional ICT systems would have provided<br />
adequate protection to the ‘crown jewels’. However,<br />
such an approach no longer holds. Cyber security<br />
needs to be taken care of beyond the perimeter of the<br />
traditional ICT systems or IT functions given that other<br />
interconnected peripheral devices and/or systems<br />
are also likely to manage critical or sensitive data or<br />
56 Summer 2018
CYBERSECURITY<br />
operations. Thus, rather than the notion of a walled<br />
citadel, the approach would more appropriately be<br />
that of an open city having a number of critical sites<br />
that are adequately protected. Ultimately cyberattacks<br />
focus on the weaker parts of an attack surface!<br />
Moreover, building cyber security defences and having<br />
alarm and monitoring mechanisms are not enough.<br />
They need to be tested on a regular basis and measures<br />
taken to ensure improvements in case of any noted<br />
vulnerabilities. Technology can be an enabler of an<br />
integrated and holistic approach. In the assessment<br />
and procurement of tools and/or services it needs<br />
to be ensured that cyber security is considered as<br />
one of the key requirements, and that it is included<br />
to the maximum extent possible in the design of the<br />
technologies under evaluation. Given the proliferation<br />
of ICT in various new technologies, their evaluation<br />
may necessitate involvement not solely of ICT expertise<br />
but also in collaboration with other specialist technical<br />
should be an overall management challenge requiring a<br />
holistic, risk management perspective. An organisation’s<br />
top management must not simply give lip service to cyber<br />
security. It needs to support and more so, follow and<br />
be seen to follow, good security practices themselves.<br />
Reporting structures between top security personnel and<br />
an organisation’s top management need to be directly<br />
linked. From a skills viewpoint, whilst ICT professionals<br />
need to be aware of the specifics of various devices in<br />
use, other personnel need to be trained in the essentials<br />
of ICT security.<br />
In essence, for digitalisation to succeed, changing the<br />
thinking, strategy and maturity regarding cybersecurity<br />
is a must. It calls for a holistic approach to cyber<br />
security, governance and organisation so as to ensure<br />
better preparedness on all fronts in an ever-widening<br />
cyber security picture.<br />
Ultimately, cybersecurity should therefore become<br />
a collective responsibility and cyber awareness and<br />
computer hygiene should become an integral part of<br />
digital education and literacy programmes for individuals<br />
and organisations alike. Basic computer hygiene such as<br />
keeping software updated, having endpoint protection,<br />
backing up and encrypting sensitive data are a good initial<br />
base towards the formation of a cyber security culture<br />
needed to complement the progress in digitilisation.<br />
Let no one be deluded and be lulled into a false sense<br />
of cyber security. The rate of cyber related threats in this<br />
era of digitalisation is real and is increasing. Cyber security<br />
must therefore be seriously reckoned with and be dealt<br />
with in a responsible, and comprehensive manner!<br />
expertise, depending upon the tool/service being<br />
assessed. Additionally, the selection of tools or services<br />
purely for cyber security purposes (such as for a Security<br />
Operations Centre) calls for an architectural vision<br />
rather than just a mere evaluation of a single product in<br />
the traditional best-of-breed approach.<br />
In all this, the way new technologies are evaluated,<br />
implemented and run, may call for the need of updated<br />
or new security related processes and methodologies<br />
as guidelines.<br />
Cyber resilience calls for not only having the right<br />
infrastructure but also a clear and strong direction from<br />
top management on preparedness, awareness and<br />
mitigation as well as investment in enhanced awareness,<br />
smart policies and effective governance. Cybersecurity<br />
REFERENCES<br />
MIT Technology Review Insights, Cybersecurity in the Age<br />
of Digital Transformation , January 23, 2017 [Accessed on<br />
19/7/2018 https://www.technologyreview.com/s/603426/<br />
cybersecurity-in-the-age-of-digital-transformation/<br />
Cyber security: security risks and solutions in the digital<br />
transformation age [accessed on 13/6/2018 https://www.iscoop.eu/cyber-security-cyber-risks-dx/<br />
Laine , T. (2018) , Digitalisation poses new security<br />
challenges for payment systems, Bank of Finland Bullettin,<br />
May 23 ,2018<br />
Minsky, L., DiSanti, B. and Carson, J. (2017) , When it comes<br />
to Cyber Security, A step ahead is a step out of harm’s way,<br />
The European Business Review, November 10, 2017<br />
Pupillo, L (2018), EU Cybersecurity and the paradox of<br />
Progress, CEPS Policy Insight No. 2018-06/February 2018<br />
Theede R (2018) Cybercrime in the Digital Age [Accessed<br />
on 15/6/2018 http://www.global-engage.com/life-science/<br />
cyber-crime-in-the-digital-age]<br />
Healthcare security – Three Paradoxes and the need for a<br />
Paradigm Shift, Feature, ISACA Journal Vol 3, 2018<br />
theaccountant.org.mt<br />
57
IT AUDIT<br />
An IT Audit<br />
Approach to Digital<br />
JOSEPH P. GALEA<br />
JOSEPH P. GALEA, DIRECTOR, EY.<br />
MICHAEL AZZOPARDI<br />
MICHAEL AZZOPARDI, SENIOR<br />
MANAGER, EY. MICHAEL IS<br />
ALSO A MEMBER OF THE MIA<br />
DIGITALISATION COMMITTEE<br />
Information Technology is becoming more of<br />
great significance centric to the operations<br />
of public sector and companies. In the age of<br />
digital transformation, organisations are further<br />
digitizing their processes, executing them with the<br />
support of IT systems. They are relying extensively on<br />
data and connecting with customers, partners and<br />
suppliers. Compliance to laws and regulations, which<br />
if not adhered to could have serious reputational and<br />
financial repercussions, depend even more on the<br />
appropriate state of IT systems and practices. The<br />
mandates of the audit committee need to include<br />
cybersecurity, data protection and IT operations.<br />
Many organisations are undertaking significant<br />
programs to deliver digital changes to their business<br />
environment, including changes to the consumerfacing<br />
elements and IT functions. These digital<br />
transformations are often critical to the ongoing<br />
success of the organisation. Companies need to<br />
ensure appropriate risk management of these<br />
transformations to assist in ensuring their success.<br />
The challenge for IT Audit is significant in the digital<br />
world, and so is the payoff. Various transformations<br />
need to be considered by the IT audit function in<br />
order to keep pace with a volatile risk landscape. The<br />
key challenges for the IT audit function include:<br />
• The need to deliver a flexible and dynamic<br />
audit plan. Risks in a digital world are continuing<br />
to emerge and evolve sometimes rapidly. IT Audit<br />
functions need to be prepared to adapt their plans<br />
more regularly than they traditionally would.<br />
• The need to understand the impact of the<br />
digital movement across the business<br />
and its maturity. As many organisations begin<br />
to move towards a digital customer-centric<br />
business model and adapt business models to<br />
more digital ways of working, IT Audit functions<br />
need to understand the impact and changes.<br />
• When undertaking risks assessments, IT<br />
Audit functions need to ensure that they<br />
look at IT and external changes that<br />
could impact risks within the business.<br />
This is even more important with the potential<br />
rapid emergence and evolution of risks and the<br />
adoption of new technology across the business.<br />
• IT Audit functions must ensure that they<br />
have access to sufficient skill sets to<br />
audit emerging risk areas e.g. cyber risk<br />
and cloud computing. To robustly audit<br />
these emerging areas, support from specialist<br />
providers could be required or employing<br />
relevant in-house skills.<br />
With organisations having to adapt their ways of<br />
working to more Digital methods, many changes<br />
are beginning to occur. The technology landscape<br />
has become more complex and there are more<br />
touchpoints that need to be monitored especially<br />
when it comes to Social Media and Cloud Computing.<br />
• Social media continues to be recognised<br />
as a source of risk going forward, which will<br />
only be further stressed by the progress of<br />
digitalisation. In this context, social media refers<br />
to websites and applications that enable users<br />
to create and share content or to participate<br />
in social networking. This is an element many<br />
organisations’ IT Audit functions are starting to<br />
include in their risk universes and audit plans<br />
as the organisation interacts more externally<br />
through such channels.<br />
• Cloud computing refers to a model for<br />
provision of information technology services in<br />
which resources are in a third-party environment,<br />
which is not owned or even managed by the<br />
consuming organisation. This provides an elastic<br />
environment where resources are consumed<br />
and billed based on demand. Services offered<br />
58 Summer 2018
IT AUDIT<br />
• by vendors may include shared infrastructure<br />
environment (Infrastructure-as-a-Service),<br />
software platforms (Platform-as-a-Service) or<br />
even complete software services (Software-as-a-<br />
Service). Usually a contract is entered into by the<br />
two parties defining the nature of service, fees,<br />
security-arrangements for data, and monitoring<br />
processes to ensure contract compliance.<br />
As digitalisation embeds across various sectors and<br />
exposes organisations to considerable risk, companies<br />
should look to ensure that digital risks are being<br />
managed appropriately across the business and that<br />
appropriate response plans are designed. This relies<br />
on appropriate Governance and Risk & Compliance<br />
across the lines of defence. A number of companies<br />
are adapting by opting for more integrated risk<br />
management approach or “converging to eGRC”.<br />
Software tools are available on the market that allow<br />
for a more integrated view of IT governance, policy<br />
management, risk management, audit management,<br />
compliance management, and incident management.<br />
These platforms allow for a more systematic approach<br />
to managing the information necessary to fulfil the<br />
audit function.<br />
In addition to GRC tools, the IT Audit function may<br />
leverage the same Digital methods and technological<br />
capabilities like Data Analytics and Robotic Process<br />
Automation.<br />
• Data Analytics solutions are being integrated<br />
within the IT Audit department by the<br />
development of tools, that allow the function<br />
to have a data driven approach, to get insight<br />
into the systems, processes and data of the<br />
organization. The latest platforms allow for the<br />
creation of “self-service tools” that give the IT<br />
auditors the ability to further incorporate data<br />
analytics within their programs and get insight<br />
through analysing data in real time.<br />
• IT Audit functions should consider implementing<br />
robotic solutions that will perform the control<br />
testing by automating population extraction,<br />
sample selection and completing the testing<br />
template for the specific control. Robotic Process<br />
Automation solutions can be used by IT Audit<br />
functions to develop automated controls testing<br />
(e.g. IT General Controls & SOX testing), in order to<br />
perform testing of certain routine and repetitive<br />
controls making the process more reliable and<br />
depending less on human intervention for<br />
collection of data points. Another potential area<br />
of consideration for the use of robotics is to<br />
format and upload data into the analytics tool<br />
such as in the case of journal testing.<br />
IT Audit functions should take on a more advisory role<br />
across the business, providing guidance on methods<br />
and controls across the business functions, for<br />
example in system development or change projects.<br />
They need to be actively involved and have a seat at<br />
the table.<br />
Ultimately the focus of the IT Audit becomes more<br />
critical in a world dominated by Cybersecurity and Data<br />
Protection risks. As organization increase their level of<br />
digitalisation, the scope and complexity of cybersecurity<br />
and data protection compliance increases.<br />
• The risks from cyber-attacks continue to be<br />
front of mind as media coverage of cyber<br />
attacks makes the headlines. The actual and<br />
perceived threat increases as the perimeters<br />
and boundaries are merged as the digitalisation<br />
of business accelerates. Organisations should be<br />
considering not only their own cyber risks, but<br />
also those of their wider ecosystem of suppliers,<br />
service providers and partners.<br />
• Organization collect, access, process, and<br />
store confidential customer information.<br />
The amount of data collected to remain<br />
competitive is astronomical and growing as a<br />
result of the increased engagement of customers<br />
through various digital channels. With more<br />
stringent regulations and heftier fines brought<br />
about by GDPR, organizations must ensure that<br />
their IT systems and processes can meet the<br />
requirements. IT Auditors should assess data<br />
protection requirements and procedures to<br />
securely store and access data.<br />
The governance and operating models of<br />
organisations will continue to be redefined, setting<br />
up the approach to be taken, and tailoring the<br />
company’s internal control framework, risk appetite<br />
and risk management systems to manage the<br />
demands of operating in a digital world. IT Audit will<br />
need to consider all of the above mentioned factors<br />
including the use of GRC solutions, data analytics<br />
and RPA solutions to successfully manage the ever<br />
increasing complexity of the IT environment. Finally,<br />
an IT Audit function that successfully adapts to<br />
today’s rapidly changing world will become a trusted<br />
advisor to an organisation poised for growth.<br />
60 Summer 2018
Real Estate Developer Suite<br />
Loans to Finance Your Projects<br />
FIMBank provides financing solutions to established developers at competitive<br />
market terms and pricing. We can assist you every step of the way, providing the<br />
assurance of having the financial backing to start and finish your project.<br />
Please contact us to discuss your project<br />
2132 2100 realestate@fimbank.com www.fimbank.com<br />
FIMBank p.l.c., Mercury Tower, The Exchange Financial & Business Centre, Elia Zammit Street, St. Julian’s STJ 3155<br />
FIMBank p.l.c. is a licensed credit institution regulated by the Malta Financial Services Authority and is listed on the Malta Stock Exchange.
BLOCKCHAIN<br />
BLOCKCHAIN TECHNOLOGY AND TRIPLE ENTRY<br />
A game changer in accounting<br />
DR JOSHUA ELLUL<br />
DR JOSHUA ELLUL JOINED THE<br />
DEPARTMENT OF COMPUTER<br />
SCIENCE AT THE UNIVERSITY<br />
OF MALTA AS A LECTURER<br />
AFTER HAVING WORKED ON R&D<br />
PROJECTS AT IBM RESEARCH<br />
ZURICH AND IMPERIAL COLLEGE<br />
LONDON.<br />
NATHANIEL BORG<br />
B<br />
lockchain, one type of<br />
Distributed Ledger Technology<br />
(DLT), is being touted as a game<br />
changer that will provide verifiable<br />
trust amongst decentralised peers for<br />
myriads of applications from healthcare<br />
to energy grids, to registries and digital<br />
rights management. Blockchain and DLTs<br />
will also disrupt and provide new ways<br />
of undertaking business related tasks,<br />
including but not limited to transparent<br />
voting mechanisms for boards and<br />
automating internal business processes.<br />
One such business process that could<br />
greatly benefit from such a system is<br />
accounting. In this article we will first<br />
introduce what Blockchain, DLTs and<br />
smart contracts are and then highlight<br />
how blockchain technology could<br />
revolutionise the accounting practice.<br />
Consider how services have been offered since as<br />
long as we can go back. Service providers such as<br />
banks act as middlemen enabling clients to make<br />
use of their services -- but require that their clients<br />
have trust in them. This is a perfectly acceptable<br />
requirement for many services. After all, if you do not<br />
trust the service provider to undertake the respective<br />
service, then you would have to perform the service<br />
yourself. Say you would like to transfer money to a<br />
friend. You would need to first trust the bank with<br />
your money and thereafter send the bank instructions<br />
to undertake the transfer of funds as required<br />
and trust that the bank will perform the transfer.<br />
However, you may not want to reveal the details of<br />
your transactions to a third party -- and rightly so<br />
banks do not allow for transactions to take place<br />
when sufficient information is not provided, in effort<br />
to minimise money laundering, funding terrorism<br />
and other fraudulent activities. Decentralisation is<br />
useful not only because one might not want to reveal<br />
information or trust the central authority in question,<br />
however is also useful due to its massively redundant<br />
mechanism -- each node in the network will have a<br />
copy of the data. Consider what would happen if a<br />
certificate registry was destroyed (and associated<br />
data servers) -- no one would be able to prove their<br />
education, marriage status, etc. Besides redundancy<br />
decentralisation provides more transparency to users<br />
which will help build more social trust in the system<br />
-- so many service providers are moving towards<br />
decentralised solutions to build more trust with their<br />
clientele. Building a decentralised ledger though is no<br />
easy task.<br />
Blockchain achieves this by allowing for each peer in<br />
the network to have a full view of the decentralised<br />
ledger -- in which any peer in the network can add<br />
transactions and transfer funds from their account<br />
(and not from other accounts). Since any peer in the<br />
network can alter the distributed ledger (in respect<br />
to the resources they have access to), there needs<br />
to be a means of ensuring the validity and integrity<br />
of the ledger such that no one can tamper with<br />
the data. This is achieved using cryptography and a<br />
consensus mechanism (of which often takes the form<br />
of a proof-of-work mechanism).<br />
A Blockchain implementation was first proposed for<br />
use in Bitcoin. However, blockchain systems have<br />
since evolved to provide not only a decentralised<br />
ledger, but also a verifiable and decentralised means<br />
of executing digital processes by providing a smart<br />
contract or dApp (distributed application) on top<br />
62 Summer 2018
BLOCKCHAIN<br />
of a DLT. Smart contracts enable for the automatic<br />
execution of code that is guaranteed to do what the<br />
original uploaded smart contract was coded to do --<br />
this therefore can be used as a means of enforcing<br />
and automating obligations of various parties that<br />
have entered into an agreement.<br />
HOW CAN BLOCKCHAIN<br />
BE USED WITHIN THE<br />
ACCOUNTING WORLD?<br />
The hype surrounding Bitcoin resulted in many<br />
attempts to replicate its success. Which followed<br />
with a surge of Altcoins (alternative coins to Bitcoin<br />
and the major cryptocurrencies) introduced to the<br />
crypto market last year. Thereafter, focus shifted to<br />
applying the technology in banking institutions and<br />
also to registry keeping.<br />
A more recently emerging Blockchain application<br />
is that of Triple Entry. This concept challenges the<br />
fundamental assumptions of the double entry<br />
system, which has been relied upon for hundreds<br />
of years ever since it was developed by merchants<br />
in Venice in the 1400s to enable a more effective<br />
and efficient trade system. Before this period,<br />
trade was limited to a few merchants and single<br />
entry accounting -- a list of who owes the trader<br />
what without providing additional information to<br />
the merchant.<br />
since business bookkeeping is done independently of<br />
other businesses with which the company trades.<br />
Analysing the double entries involved in Business<br />
to Business (B2B) transactions, one can note a<br />
similar pattern throughout the transactions. The<br />
separate double entries recorded in the books of two<br />
individual businesses are mirror image to each other.<br />
The revenue of one company is to be considered as<br />
the expense of the other company. Similarly, what<br />
is to be considered as a payable for one company<br />
is to be considered as a receivable for the other<br />
company. For this process to perform, each company<br />
requires its own accountant. One accountant would<br />
record the transaction in the books of his employer<br />
and similarly, the other accountant would record<br />
the transaction in the books of his employer. Two<br />
accountants recording the two sides of the coin<br />
albeit being identical.<br />
B2B transactions recorded on the blockchain using triple<br />
entry implies that once a transaction is recorded on the<br />
blockchain by one of the two accountants, the other<br />
party can extract the particular double entry, review it,<br />
and have it recorded automatically in its books in the<br />
classical double entry bookkeeping system.<br />
The future of bookkeeping could be potentially<br />
revolutionized. Blockchain accounting can potentially<br />
halve the double entry transactions recorded.<br />
Accountants can now start focusing on more valueadded<br />
roles within the profession. Rather than<br />
looking at the past to record the transactions,<br />
accountants can help businesses grow and improve.<br />
Gone are the reconciliation days.<br />
The double entry mechanism effectively manages to<br />
capture all the transaction details required to balance<br />
the books of any business and provide a complete<br />
picture of all the assets, liabilities and income<br />
generated at any particular point in time. However,<br />
its application is limited to just one business at a time<br />
Distributed ledger attributes, enhanced with the<br />
immutability characteristics often associated with<br />
blockchain technology, provides for a common ground<br />
amongst businesses as there is no reliance on any<br />
centralised data server. Blockchain technology when<br />
applied to accounting manages to provide credibility<br />
and trust in real time and replicates in essence part<br />
of the trust provided when financial statements are<br />
audited a couple of months after year end. To top<br />
it all, recording the transactions on the blockchain<br />
will not require any specialised programming skill.<br />
Companies (such as The Accounting Blockchain)<br />
are already investigating and providing easy to<br />
use software capable of integrating with various<br />
accounting applications that enable accountants to<br />
record the transactions on a blockchain.<br />
theaccountant.org.mt<br />
63
We are recruiting!<br />
join our team<br />
The Malta Institute of Accountants<br />
is now hiring a<br />
Technical Stategy Manager<br />
Technical Officer<br />
Kindly submit your Covering Letter and C.V. to hr@miamalta.org
Automate your consolidation process with<br />
Dynamics 365 for Finance & Operations<br />
Dynamics 365 for Finance and Operations has the right<br />
solution for your consolidation needs.<br />
Share general ledger data making it easier to maintain and<br />
consolidate companies whilst each company can share<br />
consolidation configuration or have its own configuration<br />
Gather the financial results of subsidiary companies into a<br />
designated consolidation company and preserve the<br />
subsidiary-level financial dimensions<br />
Consolidate subsidiaries with different functional<br />
currencies, and present the results in a different<br />
presentational currency<br />
Set-up elimination rules for inter-company<br />
transactions and balances, and produce group results<br />
when required<br />
Delete and re-run a consolidation, and reverse and repost<br />
elimination journals as required<br />
D3650 is IFRS compliant.<br />
For more information about how D365<br />
can work for your business, contact us<br />
on KCW-MTExec@kpmg.com for a free<br />
consultation session.<br />
www.kpmgcrimsonwing.com<br />
© 2018 KPMG Crimsonwing (Malta) Limited is a subsidiary of KPMG Investments Malta Ltd, a subsidiary of KPMG LLP, a UK limited<br />
liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International<br />
Cooperative, a Swiss entity. All rights reserved. Printed in Malta.<br />
The KPMG name and logo are registered trademarks or trademarks of KPMG International Cooperative.
MIA SOCIAL LEARNING & MORE<br />
Anti-Money Laundering Conference 20th February 2018<br />
AML Compliance isn’t just a regulatory issue, but it’s a national concern<br />
iChoose Careers Fair 21st & 28th July<br />
This initiative reflects MIA’s ultimate aim to assist and inspire the<br />
future generation in taking informed decisions as well as elevating the<br />
profession as a satisfying and gainful career choice<br />
SME Forum 25th May 2018<br />
SMEs are crucial to the health, stability, and sustainable economic<br />
growth of both developed and developing economies.<br />
President’s Visits<br />
The MIA’s commitment to keep close to its members.<br />
Mr William Spiteri Bailey started a series of visits to<br />
different firms and organisations reflecting the wide<br />
remits of the profession.<br />
Women’s day Conference 9th March 2018<br />
Inspire to Achieve<br />
66 Summer 2018
Good company matters<br />
Good companies thrive in good company. They inspire<br />
each other. Together they overcome challenges,<br />
and develop opportunities. Deloitte’s global alliances<br />
connect you to a world-leading source of deep<br />
insight, fresh thinking and innovative solutions.<br />
Find deep connections at:<br />
HeartOfWhatMatters.Deloitte<br />
www.deloitte.com/mt<br />
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member Firms, and their related entities. DTTL and each of its member Firms are legally separate and independent<br />
entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member Firms. © 2017. For information, contact Deloitte Touche Tohmatsu Limited.
Digital services<br />
From concept to reality<br />
As Artificial Intelligence and the Internet of Things move from concept to reality, today’s<br />
businesses face multiple challenges and exciting opportunities.<br />
To find out how we could work with you visit www.pwc.com/mt<br />
Data<br />
Analytics<br />
Cyber<br />
Security<br />
Cloud<br />
Services<br />
Artificial Intelligence<br />
Blockchain<br />
IT<br />
Audits<br />
Managed<br />
Services<br />
Internet of<br />
Things<br />
Follow us on:<br />
© 2018 PricewaterhouseCoopers. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.