ACCOUNTANT_SUMMER18_AMENDED_PG12

TECHNOLOGICAL
TECHNOLOGICAL
INSIGHTS
INSIGHTS
IN
IN
THE
THE
FINANCIAL
FINANCIAL
WORLD
WORLD
www.theaccountant.org.
NEWSPAPER POST
10. NEWSPAPER DRIVERS POST OF THE DIGITAL ERA:
10.
STAY
DRIVERS
AHEAD
OF
OF
THE
THE
DIGITAL
COMPETITION
ERA:
by STAY Dr Wayne AHEAD Pisani OF THE COMPETITION
by Dr Wayne Pisani
15. ANTI-MONEY LAUNDERING - TRENDS
15.
AND
ANTI-MONEY
CHALLENGES
LAUNDERING
IN THE DIGITAL
- TRENDS
ERA
AND by Dr CHALLENGES Rakele Gauci IN THE DIGITAL ERA
by Dr Rakele Gauci
54. CYBERSECURITY IN THE AGE
54.
OF DIGITALISATION
CYBERSECURITY IN THE AGE
by
OF
Dr
DIGITALISATION
Keith Cilia Debono
by Dr Keith Cilia Debono

Accounting Outsourcing: Still thinking about it?
At KPMG we have a wealth of experience in assisting our clients overcome the challenges they face in today’s dynamic
environment. We are committed to working alongside our clients to provide them with a range of services that are
tailored to best fit their needs and to help their business succeed.
We will be there to assist you when you don’t have the staff, the time or the knowledge to do it all yourself. Whether
you need short term assistance such as a temporary secondment of accounting staff or ongoing services such as
bookkeeping and payroll, we will be there to help you.
What’s in it for you:
Accounting
Out/Co-sourcing
Audit Readiness
VAT and Income
Tax Compliance
Secondment of
Accounting Staff
Payroll Services
Continuity,
Reliability and
Technical Expertise
To learn more about how we can support your strategic goals and maximise
the value provided by our Accounting Support Services team send an email
to clifforddelia@kpmg.com.mt or ericpadovani@kpmg.com.mt
Follow KPMG Malta:
www.kpmg.com.mt
© 2018 KPMG, a Maltese Civil Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”),
a Swiss entity. All rights reserved.

NEWSPAPER POST
10. DRIVERS OF THE DIGITAL ERA:
STAY AHEAD OF THE COMPETITION
by Dr Wayne Pisani
15. ANTI-MONEY LAUNDERING - TRENDS 54. CYBERSECURITY IN THE AGE
AND CHALLENGES IN THE DIGITAL ERA OF DIGITALISATION
by Dr Rakele Gauci
by Dr Keith Cilia Debono
CONTENTS
summer 2018 | theaccountant.org.mt p.03
p.04
PRESIDENT’S ADDRESS
news
TECHNOLOGICAL
INSIGHTS IN THE
FINANCIAL WORLD
p.05
MIA NEWS
p.07
MIA FORTHCOMING CPE EVENTS
p.08
MIA FORTHCOMING CONFERENCE
FEATURES
p.10
DRIVERS OF THE DIGITAL ERA: STAY AHEAD OF THE COMPETITION
by Dr Wayne Pisani
COVER
Issued quarterly,
The Accountant is
published by
MBR Publications Ltd
on behalf of
The Malta Institute of
Accountants
EDITOR
The Editorial Board
technical@miamalta.org
DESIGN
MBR Design
Sales Manager
Margaret Brincat
margaret@mbrpublications.net
All correspondence, articles for
publication and enquiries are to
be addressed to:
The Editor
MIA Services Limited
Level 1, Tower Business Centre
Tower Street, Swatar
BKR 4013
Malta
ADVERTISING INQUIRIES
Margaret Brincat
(+356) 9940 6743
margaret@mbrpublications.net
p.12
REGULATING THE FUTURE CRYPTO ECONOMY
by Dr Cherise Abela Grech
ANTI-MONEY LAUNDERING - TRENDS AND CHALLENGES IN THE DIGITAL ERA
by Dr Rakele Gauci
p.15
p.18
WHY DATA GOVERNANCE MATTERS
by Mr Ivan Grech
p.20
DIGITISATION – ETHICAL AND SOCIAL CONSIDERATIONS
by Mr Joseph Zahra
p.24
DIGITALISE OR DIE
by Mr Kenneth Farrugia
p.29
USING DATA ANALYTICS FOR AUDIT EVIDENCE
by Mr Christopher Azzopardi
p.54
CYBERSECURITY IN THE AGE OF DIGITALISATION
by Dr Keith Cilia Debono
p.58
AN IT AUDIT APPROACH TO DIGITAL
by Mr Michael Azzopardi & Mr Joseph P. Galea
BLOCKCHAIN TECHNOLOGY AND TRIPLE ENTRY - A GAME CHANGER IN ACCOUNTING
by Dr Joshua Ellul & Mr Nathaniel Borg
p.62
TECHNICAL
p.32
BLOCKCHAIN – THE NEW DIGITAL CONCEPT IN iGAMING
by Mr Mauro Magro
p.36
ICO'S - A WEALTH OF OPPORTUNITIES
By Dr Joseph F Borg & Ms Tessa Schembri
GETTING IT RIGHT - PAYROLL PROCESSING: WHAT DOES IT REALLY INVOLVE?
by Ms Christabelle Aguis, Ms Nicky Albanazzo, Mr Christopher Caruana, Ms Jacqueline McIntyre
p.40
p.44
TAX AND TECHNOLOGY - THE STATE OF PLAY
by Mr Luca Pace
p.48
DIGITALISATION IS HERE – AN INDIRECT TAX PERSPECTIVE
by Mr Saviour Bezzina
THE RELEVANCE OF IPSAS AND THE IPSASB CONCEPTUAL FRAMEWORK FOR MALTA
by Mr Karl Cachia & Ms Maria Grech
p.52
what's on?
p.64
WE ARE RECRUITING!
p.66
MIA SOCIAL LEARNING & MORE
The Institute does not necessarily concur
with the views expressed in the articles
published in this journal. Articles are
published without responsibility on the
part of the publishers or authors for
loss occasioned in any person acting or
refraining from action as a result of any
view expressed therein. The Accountant
can now be accessed from the website at
www.theaccountant.org.mt

PRESIDENT’S ADDRESS
WILLIAM SPITERI BAILEY
PRESIDENT’S ADDRESS
WILLIAM SPITERI BAILEY
Dear Esteemed Members,
The Greek Philosopher, Heraclitus had said ‘ The only
constant is change’ and never has this been more apt
and true than in this fast moving and dynamic digital
world we live in.
The evolution is said to be in its fourth era thus keeping
up with the dizzying speed of change can be at times
overwhelming and challenging. The Malta Institute
of Accountants has embraced this phenomenon and
is finding ways to support its members by setting up
various initiatives.
One of such efforts was forming a Digitisation
Committee with the sole aim of bringing together
members from the field where the emerging trends
and issues are discussed. Together, solutions are
explored and then shared with our wider members.
One of the areas of focus is Cryptocurrency and
Blockchain, which in spite of the strategic prominence
given by the government still remains elusive to most
of us. In this regard the Institute endeavours to stay
ahead of developments in legislation and regulation
with the ultimate intent to offer guidance and insights
to the profession when dealing with what could be
unchartered waters.
Global forces and technological trends are reshaping
the accountancy profession across the whole world.
New ways of doing business, shaped by technology
and shifting regulatory environments, mean
accountants in business and practice are facing tough
challenges and exciting opportunities. While some of
these are not new, the scale of the change and speed
of transformation is without precedent. These are
increasingly challenging and exciting times for the
accountancy profession. Changes, driven by a range
of factors, will transform all aspects of business and
society in the coming years, and are reshaping how
accountants at all levels interact with one another,
their boards and clients.
with the skills needed to deal with these changes.
With increasing adoption of new technologies
such as cloud computing, digital accounting and
automation, what does an evolving world mean for
the profession? As companies and advisors face up to
challenges from big data to artificial intelligence and
the greater connectivity of the internet of things, how
can accountants make sure they have the skills to do
today’s job, while also preparing themselves and their
juniors for the challenges of tomorrow?
In order to ensure that our esteemed members are
kept abreast of all the changes, MIA has dedicated
its upcoming Biennial Conference to the impact of
digitisation on the practitioners’ profession in the
financial world.
We have invited a varied number of speakers who
are very relevant to rapidly changing times for the
profession. The conference includes panel discussions
which would focus on the regulatory, digital tax and
accounting aspects of blockchain, and cyber risk in the
financial services sector.
During the afternoon we will have an interesting twist
where attendees are at will to choose an interactive
session on subjects closer to their heart. The
participants reassemble once again for more topical
subjects such as distributed ledger technologies and
AI amongst others.
We encourage you to mark Friday 16th November in
your diary as this Biennial is definitely one to attend.
We are striving very hard to ensure that the event will
both inspire and unlock the digital riddle.
We look forward to seeing you there.
Firms and businesses, professional accounting bodies
and educational establishments need to adjust
training, to equip the next generation of accountants
William Spiteri Bailey
President
04 Summer 2018

MIA NEWS
MIA NEWS
developments in International Financial Reporting
Standards, specifically: IFRS 15 ‘Revenue from
Contracts with Customer’ and IFRS 16 ‘Leases’.
The implications of Britain’s split from the EU bloc on
the accounting sector were also discussed by experts.
The theme of digitalisation in the accounting
profession was also a main topic of interest in this
year’s edition of the ACCA-MIA joint conference.
ACCA – MIA Joint Conference
The accounting profession in Malta keeps raising its
standards to meet the challenges and possibilities facing
the sector. The fifth annual joint conference co-hosted
by the Association of Chartered Certified Accountants
(ACCA) and the Malta Institute of Accountants (MIA) on
July 3 focused on some of the most pressing issues in
the accountancy profession today.
A remarkable line-up of guests addressed the event,
discussing different themes such as the professional
scepticism approach, forensic accountancy,
digitalisation in the profession and International
Public-Sector Accounting Standards (IPSAS).
Participants could also learn about the latest
Head of ACCA Wales Mr Lloyd Powell congratulated the
hosts on the successful conference which he described
as important to build and sustain connections. Mr
Powell added that the agenda of the event indicates
increasing emphasis on ethics and trust, two important
factors in business and the profession.
Ms Maria Cauchi Delia, MIA CEO, said that
professional accountants typically aspire to drive
sound financial management within organisations
and that events like the ACCA-MIA conference help
the profession to uphold its trusted position.
“We deal with facts and present solutions to our
clients and employers. Our practicality, adaptability
and expertise enable us to become business' most
trusted advisors” said Ms Cauchi Delia.
theaccountant.org.mt
05

MIA NEWS
They joined the following Council members, whose
term expires in 2019: Mr Franco Azzopardi, Mr
Etienne Borg Cardona, Mr Simon Flynn, Ms Maria
Micallef, Mr Noel Mizzi, Mr Franz R. Wirth and Mr
William Spiteri Bailey.
MIA President, William Spiteri Bailey, thanked
outgoing Council members, Anthony Doublet and
Stephen Paris for their dedication and contribution
towards the Institute and the local profession. Both
had served on Council for a long period of time. Mr
Shawn Falzon and Ms Annabelle Zammit Pace were
welcomed as new Council members.
During this meeting, all resolutions pertaining to the
change in Statute have been approved.
In his address, the MIA President, William Spiteri
Bailey made reference to changes in Bye-Laws which
will be communicated to Members in due course.
At the first meeting of the new Council, Mr William
Spiteri Bailey was elected as President, Mr Fabio Axisa
as Vice-president, Mr David Delicata as Secretary and
Mr Noel Mizzi as Treasurer.
MIA Annual Social Event
The MIA Social Event held on 21st June 2018 at Villa
Mdina, Naxxar, was a huge success with over 800
attendees. It was an occasion for all the members
of the Institute to get together in an informal
atmosphere.
The sum of €2,855 was collected in aid of Dar Tal
– Providenza and was topped by the Institute to
amount to €4,000. The donation was presented to
Fr. Martin Micallef by the president of the Institute
William Spiteri Bailey.
AGM
The 54th Annual General Meeting of the Institute
was held on the 12th July, at the Tower Training
Centre in Swatar.
The following members were elected for the two-year
term 2018 - 2020: Mr Fabio Axisa, Mr Christopher
Balzan, Mr David Delicata, Mr Jonathan Dingli, Mr
Shawn Falzon, Dr Ivan Grixti and Ms Annabelle
Zammit Pace.
06 Summer 2018

Course slides will be available for the attendees online, following the CPE Course
to place your booking, visit www.miamalta.org/events.aspx and click On “ALL”

DRIVERS OF THE DIGITAL ERA
DRIVERS OF THE DIGITAL ERA:
Stay ahead of the competition
The quest for digitisation may be deemed elusive by some, however
in switching from postal mail to fax and eventually to email, from
paper-ledger to spreadsheet or even to fully fledged process
automation, the road to digitisation has already been embarked
upon by organisations. Staying ahead of the competition, however,
is not about the technology itself, but a matter of strategy.
DR. WAYNE PISANI
DR. WAYNE PISANI IS A
PARTNER SPECIALISING IN TAX
AND REGULATORY ADVISORY
SERVICES AT GRANT THORNTON,
LEADING THE CORPORATE AND
FINANCIAL SERVICES TEAM.
HE IS ALSO THE PRESIDENT OF
THE INSTITUTE OF FINANCIAL
SERVICES PRACTITIONERS.
“Strategy is the art of making use of time and space.
I am less concerned about the latter than the former.
Space we can recover, lost time never.” (Napoleon
Bonaparte)
The strategy resorted to by US clearing houses over
the past century places the “use of time and space”
conundrum into perspective. In an age were mail is
transmitted in milliseconds, a two-day settlement
(T+2) delay for securities comes as a surprise when
considering the possibility of live trading and automatic
(T+0) clearing houses. Interestingly, the move from
T+3 to T+2 in Europe, Australia, Hong Kong, Canada
and the US over the past decade is reminiscent of
trading on the New York Stock Exchange (NYSE) in
the 1930s. Before 1933, next day settlement (T+1)
was standard on the NYSE. Going slower was all a
matter of strategy. As trades increased, and backoffice
operations struggled to cope, recruiting more
people would have entailed more costs that would, in
turn, have been recharged to investors. The solution
was to slow down the settlement process, reaching
T+5 in 1968. Today technology is a core component
of settlements, and even though real-time settlement
is possible, the strategy set by settlement houses and
exchanges has settled for T+2, allowing a netting-out
window for brokers to conserve on transaction costs.
The digital era is driven by the ability to innovate.
Jumping onto a trend bandwagon just for the sake of
it is unlikely to place an organisation in a position to
experience the digital era at its full potential.
An organisation’s strategy should ensure a competitive
edge in its identified marketplaces through information
dominance, that is, employing superior automated
data collection, analysis and processing techniques,
enabling real-time, contextually relevant insights
which can support data-driven decision making based
on full situational awareness.
Process efficiency should be at the core of any
strategy, and this is achievable through a bird’s eye
view of one’s organisation such that synergies can
be identified and exploited. Many businesses hold
and view their available data in isolation, without
reaping the benefits of what each data set represents
in the context of another. Going forward, successful
enterprises will thus focus on the big picture and
plan for the adoption of interrelated technologies.
Interconnecting brokers for automated netting-off of
balances across NYSE transactions could lead to T+0
settlement. Similarly, organisations are to interconnect
their static repositories of data as well as their software
applications into a structured solution.
Digital democratisation via distributed ledger
technology, robotics and artificial intelligence is
transforming entire industries. Future technology
adoption strategies are to be set now, tapping into the
right skill set and employing technology to implement
efficient processes which enable sustainable growth.
It is time to get on board and embark on the path
towards the innovation horizon from manual to
cognitive enterprise. Cognitive enterprise would
entail the use of technologies that are adaptive and
interactive, capable of understanding context and
learning from their environment, freeing up human
resources to perform high-value activities, automating
the manual execution of high-volume repetitive and
routine tasks, and curbing human error.
Those in the lead can collect and analyse data that
competitors following suit will lack and possibly
achieve at a later point in time. Resorting to the tools
in the arsenal that drive digital transformation is
therefore vital. Some technologies relevant to this are:
10 Summer 2018

DRIVERS OF THE DIGITAL ERA
• Robotic Process Automation (RPA): A
machine or software that manages, acts on or
processes high-volume, repeatable tasks that
previously required a human to perform.
• Internet of Things (IoT): Interactive software
components that have their own function, or
interface to interconnect devices to other enterprise
systems for the creation of business orchestration
across complex data, technology, processes and
functions.
• Data Analytics: Data modelling focused on
specific business problems or outcomes to identify
patterns and anomalies. They provide actionable
insight. Models improve over time based on
feedback from actual results of prediction.
• Natural language processing (NLP): The
advanced ability of a computer or program to
understand human speech (speech recognition)
or written text (unstructured text) and derive
intelligence, take action or present results that
normally require manual interpretation.
• Blockchain: A ledger where activities are recorded
in ’blocks’ as a chronological ‘chain’ providing an
immutable audit trail. A public type blockchain
replaces central authority with a decentralised
consensus-driven approval process. Blockchain
offers trust, transparency and a consistent approach
to supply chain integration, which constitutes a
significant advantage for risk management.
• Chatbots: A computer program that conducts a
conversation via auditory or text methods, designed
to simulate human conversation and are typically
used in dialogue systems, such as customer service
or information acquisition.
• Artificial intelligence (AI): Systems and
software able to perform tasks that typically
require human intelligence, such as reconciliation,
investigation, validation and repair within complex
and multi-input processes.
• Augmented reality (AR): Interactive
visualisation that superimposes computergenerated
information into real life using glasses or
projection to assist in real time activities, layering
data sets into processing.
Cognitive enterprise would identify the resources
available and adopt the best-suited technologies to
implement its strategy. AI is likely to build upon RPA,
data analytics, NLP and other technologies. Long term,
the digital transformation will impact enterprise through
data, cost efficiency and risk management.
This is exemplified in the AI processes built into
today’s mobile phones. Data collected via AI is
analysed, and improvements are pushed onto the
phones via automated (RPA) updates, a three-way
technology collaborative approach that enables
such enterprise to stay ahead of the competition.
Similarly, in a compliance environment, predictive
modelling tools used in data analytics could monitor
data collected via RPA and chatbots, possibly applying
natural language processing techniques to decode
the information. The process could be run entirely
off an AI solution.
It all lies on the horizon. There is an opportunity cost
to miss out on taking stock of the current state, setting
a strategy, and implementing it at a manageable pace
commensurate with available resources.
The strategy is to be set on precise data. It is likely
that most businesses are not starting from scratch.
Data collection and retention policies are typically in
place, together with solid reporting foundations that
are still maturing, possibly hosted on a scalable data
centre with reliable cyber defence mechanisms. The
data may, however, need to be restructured, possibly
introducing automation solutions in operations
coupled with machine learning data analytics.
Just like the shift from manual ledgers (analogue
data) to bookkeeping software solutions (static digital
data) facilitated the cross-mapping and reconciliation
of various accounting entries, the technology arsenal
is to be implemented as part of a cohesive holistic
strategy, enabling precise cognitive data for the
furtherance of the entrepreneurial spirit into a digital
era based on live data analysis; a far cry from ex
post facto management accounts or annual financial
statements compiled after month- or year-end.
Staying sharp in the digital era is crucial. This is the
information age; be it precise business data analytics
or continued personal education, it is a quest for
knowledge to maximise one’s potential in the digital
era and stay ahead of the competition.
theaccountant.org.mt
11

CRYPTO ECONOMY
DR CHERISE ABELA GRECH
DR CHERISE ABELA GRECH
IS AN ASSOCIATE AT GTG
ADVOCATES SPECIALISING IN
FINANCIAL SERVICES, DLTS AND
CRYPTOCURRENCIES.
Regulating the Future
Crypto Economy
Malta is often being touted as the “Blockchain Island” and as being crypto-friendly,
attracting a lot of interest from the DLT and Cryptocurrencies sphere for its proposed
legislation and rules. Blockchain is hailed as revolutionary in the way business is
conducted and Malta’s ambitious plan is to be a leader in this new modern era.
The proposed Virtual Financial Assets Act (VFAA),
which has been approved by the Maltese Parliament
will regulate cryptocurrencies qualifying as Virtual
Financial Assets (VFA) and related VFA services.
The Act aims to establish a solid legal framework
which is not only intended to attract legitimate
operators seeking accreditation and transparency,
but also to create stability in a sector which has in
the past months been marked by hype and in certain
instances, abuse.
VIRTUAL FINANCIAL ASSETS
The concept of a VFA under Maltese law refers to
any form of digital medium recordation used as a
digital medium of exchange, unit of account or store
of value that excludes electronic money, financial
instruments and virtual tokens. In order to determine
the legal framework applicable to a coin or token, the
MFSA has proposed a Financial Instrument Test to
establish whether a DLT Asset would be considered
as a financial instrument and thus falling under
current financial services legislation, a virtual token
which falls outside the scope of the VFAA (and
financial services) or a VFA which is regulated under
this new Act.
The concept of a virtual token, more commonly
referred to as a utility token, is limited in its nature
under the VFAA, as it refers to a DLT Asset which has no
utility, value or application outside of the DLT Platform
on which it was issued. On the other hand, coins and
tokens are considered to be financial instruments if
they qualify under the definition provided by MiFID
which includes: (1) transferable securities; (2) money
market instruments; (3) units in collective investment
schemes; (4) financial derivative instruments, which
include a number of financial instruments; and (5)
emission allowances consisting of units recognised
for compliance with the requirements of Directive
2003/87/EC (Emissions Trading Scheme). In order
to supplement the VFAA, over the next few months
the MFSA will also be issuing additional rules and
guidelines on its implementation.
INITIAL VIRTUAL FINANCIAL ASSET OFFERINGS
One primary element of the Maltese regulation is
the regulation of ICOs which are termed as Initial
Virtual Financial Asset Offerings. The lack of regulation
worldwide has allowed the market to be infiltrated by
fraudulent platforms allowing seemingly legitimate
entrepreneurs seeking crowdfunding to accumulate
millions of investor funds only to then disappear with
that money and leaving bona fide investors in the dark.
The VFAA is intended to address this need for
regulation and investor protection. It sets out
the requirements when offering VFAs to the
public, including obligations when presenting
advertisements, as well as the ensuing liability should
any statements used be misleading, inaccurate
or inconsistent. The Act also sets out specific
information that must be included in the Whitepaper
which must be registered with the MFSA. The role
of the Whitepaper can be compared to that of a
12 Summer 2018

www.mazarscareers.com/mt
AT MAZARS, IF YOU BELIEVE
YOU CAN DO IT,
WE HELP YOU ACHIEVE IT.
YOUR YEARS AT MAZARS
YEARS THAT COUNT.
MAZARS IS AN INTERNATIONAL, INTEGRATED AND INDEPENDENT ORGANISATION, SPECIALISING IN AUDIT,
ACCOUNTANCY, TAX, LEGAL AND ADVISORY SERVICES. AS OF 1 ST JANUARY 2018, MAZARS OPERATES
THROUGHOUT THE 84 COUNTRIES THAT MAKE UP ITS INTEGRATED PARTNERSHIP. WE DRAW ON THE
EXPERTISE OF 20,000 PROFESSIONALS TO ASSIST MAJOR INTERNATIONAL GROUPS, SMEs, PRIVATE INVESTORS
AND PUBLIC BODIES AT EVERY STAGE OF THEIR DEVELOPMENT.
www.mazars.com.mt - #LookingForTalent
MAZARS MALTA
32, Sovereign Building,
Zaghfran Road, Attard ATD 9012,
Malta
Tel: +356 21345 760
E-mail: careers@mazars.com.mt
theaccountant.org.mt
13

CRYPTO ECONOMY
prospectus in a traditional IPO 1 . The requirements in
the Act aim to enhance the Whitepaper’s objective of
offering clarity to potential investors on the proposed
project, while instilling trust and legitimacy in the
minds of investors to fund it.
VFA SERVICES
The provision of services related to VFAs is also
regulated under the Act. Brokers, wallet providers,
asset managers, custodians, investment advisors
and market makers offering services related to VFAs
all require a licence to be issued by the MFSA as the
competent regulatory authority.
portfolio management and investment advice under
the VFAA in this limited case. These service providers
are required to notify the MFSA prior to acting on the
basis of this exemption.
The Regulations also set out the Licence Categories
for VFA Services. These are modelled very similarly
to the licensing categories set out in the Investment
Services Act, and under the VFAA, services are
classified under four different categories. Operators
of a VFA Exchange, including the holding of VFAs and
private cryptographic keys require a Class 4 licence
by the authority.
Crypto-exchanges, referred to as VFA exchanges, have
also been classified as a VFA service and are thus
deemed to be a licensable activity. This will therefore
regulate those exchanges converting fiat money (such
as the Euro, USD, GBP etc) to cryptocurrencies qualifying
as VFAs and vice-versa, as well as those exchanges
converting one type of cryptocurrency to another.
The MFSA’s Consultation Paper on the VFA
Regulations sets out a number of exemptions from
the requirement to obtain a licence under the
Act. Persons who are trading in VFAs on their own
account are not required to obtain a VFA Services
Licence if they are solely conducting that activity
and they are neither market makers nor dealing
on own account when executing client orders. This
exemption however is not automatically operative
and is subject to the MFSA’s written determination as
to the applicability of that exemption.
The proposed VFA Regulations also exempt
custodians of collective investment schemes from
the requirement of a VFA Services Licence solely for
the purposes of providing the custody of VFAs to a
collective investment scheme. A similar exemption
applies to investment managers of collective
investment schemes with regards to offering
THE ROLE OF THE VFA AGENT
Issuers of VFAs and applicants for VFA Services
Licences are required to appoint a VFA Agent to
advise them on their responsibilities and obligations
under the Act and to act as a liaison between them
and the MFSA. The VFA Agent’s role is an onerous
one as it must ensure that the applicant has satisfied
all the requirements specified by the Act as well as
those set out in the MFSA’s rules, while also ensuring
that the applicant is a fit and proper person. These
obligations have been set out more clearly in the
recently issued MFSA Consultation Document on the
VFA Rules for VFA Agents. VFA Agents are required
to be authorised by the MFSA and must abide by the
ongoing obligations as set out in the proposed rules.
Failure to abide by these rules can lead to liability on
the part of the Agent.
TRANSITORY PROVISIONS
The law also provides a transitory provision for
persons who are already operating when the Act
comes into force in the coming months. This means
that persons that are set up and trading in or from
within Malta may benefit from a grandfathering
provision, allowing them to continue to act within
the remit of the VFAA, provided that they apply for
the licence or authorisation from the MFSA within
the specified period of time.
These are exciting times for Malta as we are embracing
the proliferation of new and emerging technologies
to turn the island into a hub for digital technological
innovation. As the MFSA rolls out additional rules and
guidelines to supplement the new Act, and once the
VFAA comes into force, it is hoped that authorities
and service providers, on all levels, adopt a pragmatic
and not overly prescriptive approach to enable, and
not stifle, technological innovation.
14 Summer 2018
1
Initial Public Offering

ANTI-MONEY LAUNDERING
Anti-Money Laundering -
Trends and challenges in the Digital Era
‘Digitalisation’ has become a buzz word in discussions within the organisation and in external
communications with our clients, regulators, suppliers and other third parties. At times, these
discussions are ‘demanded’. What is the impetus of these discussions? How does this impact
our operations, predominantly in relation to Anti-Money Laundering (“AML”) compliance?
Comparing a snap shot of the way business was
conducted a few years (if not months) back to one
taken today would bring out great differences.
What changed? Over the past 20 years, one
may witness enormous AML compliance shifts
with increasing regulatory layers. Our firms have
evolved: globalisation of businesses, the building
of substantial compliance operations, changes in
policies and processes, new supporting IT systems,
and considerable overheads.
In relation to supporting systems, the development
strides have been great. Responding to these
continuing regulatory changes, organisations have
built substantial operations to simplify compliance
and mitigate the risks of money laundering, terrorist
financing and financial crime in general. These activities
have consisted of modifications to processes, research
for new supporting IT systems and the development of
entirely new operational areas.
Procedures (“IPs”) introduced technological
alternatives for conducting customer due diligence,
for example, through the use of video conferencing
tools, e-IDs and other additional measures for
verification of the identity details and residential
address of customers and their beneficial owners. In
terms of ongoing monitoring, digitalisation may also
assist in improving on mapping customers’ trends,
the scrutiny and filtering of transactions, together
with overseeing the expiry of data and documents
which subject persons are legally obliged to retain.
At the same time, subject persons are being faced
with the task of standardising and facilitating a
process that ensures AML compliance together with
customer delivery. There is a constant drive to deliver
a more efficient and appealing customer experience
with least ‘disruption’. This is most evident where
different subject persons form part of the same group
or are assisting customers in the same transaction.
DR RAKELE GAUCI
DR GAUCI IS A LAWYER BY
PROFESSION, CURRENTLY
HEADING THE RISK &
COMPLIANCE DEPARTMENT
WITHIN BDO MALTA.
There are a number of sectors where digitalisation can
be seen to facilitate AML compliance. At the fore is the
role of digitalisation in subject persons’ obligations
of customer onboarding and ongoing monitoring.
Operators tend to find this an expensive, lengthy and
disruptive process. In a 2017 report detailing the
findings from a study into new technologies in AML
compliance by the PA Consulting Group on behalf of
the Financial Conduct Authority in the UK (FCA), it
resulted that the “vast majority of respondents” to
the study (across all industries) were of the opinion
that “customer onboarding and maintenance were
two of the areas where technology offered the most
promise”. Furthermore, “a number of regulated firms
[made it clear that] a move to truly paperless working
was a priority in the short to medium term”.
In Malta, the 2017 updates to the Financial
Intelligence Analysis Unit (“FIAU”)’s Implementing
This would also tie in with the reporting obligations
of subject persons in AML compliance. Without the
necessary tools, employees may not be in a position
to be able to detect proceeds of crime, money
laundering or suspicions thereof. This may bring
about a failure on the firm’s duty to report through
the right channels and within the short statutory
time-period. On the other hand, technology may
not be seen as the be-all and end-all solution
for reporting. The role of the Money Laundering
Reporting Officer remains key in this process, helping
to determine whether the internal report submitted
does constitute sufficient information to merit the
filing of a suspicious transaction report to the FIAU.
At least annually, all Maltese subject persons are
required to give an account to the FIAU of details on
their AML compliance policies and procedures. This
is known as the ‘Annual Compliance Report’.
theaccountant.org.mt
15

ANTI-MONEY LAUNDERING
Additionally, this is sustained with ad hoc data
requests from various authorities. The trend seen
is that the questionnaires that subject firms are
receiving and compiling are becoming more frequent
and lengthier. The automation of reports coming
from strong tools used by an organisation can save it
large volumes of man-hours.
Distributed Ledger Technology (DLT) is currently a hot
topic within the industry as financial institutions are
looking for efficient solutions to cumbersome and
costly regulatory burdens in AML compliance. While
DLT may offer certain efficiencies (decentralisation,
immutability, removal of intermediaries), certain
challenges in AML still remain (lack of standardisation,
permissions, different stakeholders’ input). However,
it is safe to state that discussions on DLT for AML
compliance have only just begun.
With the enactment of EU’s Directive 2015/849/EU
on the prevention of the use of the financial system
for the purposes of money laundering or terrorist
financing (known as the 4th directive), the Prevention
of Money Laundering and Funding of Terrorism
Regulations (S.L. 373.02) (the “Regulations”) have
been amended to introduce the obligation on
every subject person to carry out a risk assessment:
this may be achieved by the subject person taking
“appropriate steps, proportionate to the nature and
size of its business, to identify and assess the risks of
money laundering and funding of terrorism that arise
out of its activities or business, taking into account
risk factors including those relating to customers,
countries or geographical areas, products, services,
transactions and delivery channels and shall
furthermore take into consideration any national
or supranational risk assessments relating to risks
of money laundering and the funding of terrorism”.
There is also the responsibility to carry out this
assessment at different stages of a subject person’s
activities – the assessment is to remain up-to-date.
This coordination of statistics, relevant to each and
every subject person, requires the input of the best
technologies to ensure that, on the one hand, this
assessment is carried out to satisfy AML compliance,
but also, on the other hand, for the firm itself to reap
other different benefits from its self-assessment.
Ignoring AML compliance brings regulatory
and financial risks: recent revisions to the local
Prevention of Money Laundering Act (Chapter 373
of the Laws of Malta), the Regulations and the IPs
issued thereunder have enhanced the sanctioning
regime with a significant increase in penalties that
may be prescribed against subject persons (amongst
others). These serve both as a deterrent and against
actual breaches by local subject persons in their AML
compliance obligations.
In this respect, firms should make best use of
technological advances to aid in their obligations
to detect and deter money laundering and funding
of terrorism. There are different approaches to
digitisation: it may either be rejected in certain areas
but rejected in the right way, for example in smaller
firms with a focus on “a personal touch” towards a
certain portfolio of their clientele; digital change may
be embraced cautiously, from the top-most level
within the organisation first and then implemented
throughout; finally, a firm may be open to investing
in experimenting, exploring and creating innovative
solutions to place it at the forefront of the industry.
Closing your eyes totally to digitalisation may no
longer remain on the agenda. Putting in place suitable
tools, frameworks, and policies is essential for staff to
help in mitigating the AML risks that are ever-evolving.
16 Summer 2018

DATA GOVERNANCE
Why Data Governance Matters
There is no doubt that most organisations, large and small, have realized the power of using affordable data
analytics tools in an environment where most business activity is recorded digitally. One characteristic that
is often overlooked or not discovered soon enough is the reliability or otherwise of the data. Many realise
that good data governance is a prerequisite for exploiting the opportunities in data; whether that is more
insightful management information, driving operational decision making or capitalising on your relationships
with suppliers and customers. It all boils down to having reliable data.
IVAN GRECH
IVAN GRECH IS AN ADVISORY
SENIOR MANAGER AT PWC.
HE HAS OVER FIFTEEN YEARS
EXPERIENCE IN IT GOVERNANCE
AND ASSURANCE. HE IS
ALSO A MEMBER OF THE MIA
DIGITALISATION COMMITTEE.
Why is there a difference between the sales in our
management accounts and the sales report by region
and customer type? Can you explain why the total
number of active suppliers in our suppliers’ directory
and creditors listing is different? How did we end up with
wrong contact details for over 20% of our clients? Why is
our data warehouse not up to date?
Any of these questions sound familiar on a Monday
morning? Given the recent explosion of data and the use
and reliance of such data, organisations need to have the
right setup to ensure the correct data quality. You are not
alone in this journey. One of the conclusions of a recent
PwC survey around Data governance in European banks
was that banks are failing to address Data Governance
in a structured way, with a lack of an overall Data
Governance Framework across surveyed banks. This
leads to redundant costs and inefficiencies. The survey
also concluded that banks generally invest a lot of effort
in the reconciliation of data, perform a lot of manual data
collection and data granularity is often not appropriate.
Although most of the banks surveyed have implemented
a central Data Warehouse they are suffering from poor
data quality. These findings reflect the reality in most
industries. Many organisations struggle to build the
necessary data governance capability that will provide
the necessary level of trust in the data.
Data is often collected for a specific purpose and when
organisations look at reusing data, they tend to focus and
place responsibilities to address the security aspects of
data. The question as to who is responsible for the quality
of the data is often not answered. Should it be the finance
team; marketing; operations; IT? This article will not solve
your data related problems and issues but it should point
you in the right direction to start taking the first steps in
your journey to improve data quality in your organization.
A good data governance approach needs to recognise
the context in which it operates. The way the business
is run, its chains of command, what data it has, its
commercial and regulatory priorities, are all critical to
the design and to building trust. Many organisations
struggle to find the right place to start or only begin
thinking about data governance when a critical issue
occurs. The key here is to set priorities for data in terms
of what the organisation, across the various functions
and units, wants to achieve, start with those and build
out from there. Priorities change from time to time and
your data priorities should reflect this. For example,
locally, a number of organisations recently undertook a
number data governance related initiatives focusing on
the impact of GDPR. It is important to establish clear
objectives that will drive the design and operation of your
data governance capability.
Everybody in the organisation has a responsibility for
data. However, good data governance has some essential
features:
1. Clear sponsorship from the leadership and with this,
in larger organisations, we are seeing an emergence
of the role of the chief data officer;
2. Ownership and accountability for data which
reflects the responsibilities for process;
3. Integration of activity with related disciplines of
security and
4. Records management and information privacy.
Successful data management involves taking a holistic
approach to risk, controls and assurance. You cannot
18 Summer 2018

DATA GOVERNANCE
effectively manage every data point, so a risk-based
approach will help you focus on the data that matters
most to your business. This approach, when combined
with a ‘lines of defence’ assurance framework will help
you manage and sustain the quality of your data.
The scope and “rules” for populating the Data Directory
form part of the Policy for Data Quality. A Data Deficiency
Log can be used to manage potential issues with data
quality or controls that are identified through the
monitoring process.
Assurance, encompassing self-assurance (1st Line),
management compliance review (2nd Line) and internal
audit (3rd Line), is needed to give you confidence that
your data controls are appropriately designed, embedded
and effectively operating.
Common and well understood principles are at the
heart of a successful data governance framework. These
should be well articulated and aligned to the values and
needs of the business. A robust governance structure will
also consider all lines of defence:
• The business as Information Owners and Stewards;
• The Data Governance Centre of Excellence
managing policy
• Internal or external audit, assessing overall
effectiveness
Wherever possible, data governance responsibilities
should be embedded within existing structures rather
than building new ones.
Cultural and behavioural changes are also crucial to
improving both the underlying quality of data and proactively
managing data issues. Where required, these
expectations should be agreed, formalised and monitored
as part of a formal individual performance management
process. Additional skills and resources will be required to
design, operate and monitor data governance which can
be developed through training or recruitment.
The success of any data quality project depends on
the adoption of a data governance model across the
organisation. The implementation of such model
typically follows a multi-year, multi-phase approach;
therefore, it is essential to factor time and resources
upfront for establishing a governance model. That model
should to be scalable, flexible, and adaptable to the
different needs of the organisation. The objective is to
change how the organisation manages information, so it
The Data Directory is
one of the cornerstones
2 nd Line of defence
can be effectively used to
help to achieve business
of effective Data
Business Governance
goals such as, driving
Governance. It
down business costs,
Data Governance Board
describes the following
Business and IT Representatives
improving competitive
in clear business terms:
Data Governance Framework
position, or meeting
• The uses of data
Principles based 'rules' or 'values' by which you
risk and compliance
manage information
– in this case the
objectives. The approach
uses of the data in
Policy &
Data Dictionary Deficiency
Standards
& Business & Change to achieve data quality is
the data book
Glassary Management
• The quality
Data Governance Centre of Excellence
not different to achieving
requirement of
Support and on-going compliance monitoring
quality in other parts of
the data based
on those uses –
this is typically
defined in terms
of completeness,
accuracy and appropriateness
Business - Data Owners and Steward
Processes, Controls, Procedures and Systems
continuous improvement.
an organization. Defining
clear targets, monitoring,
measuring and providing
a feedback mechanism for
• The sources of data and how these are mapped to
the uses – this allows the generation of the data
residency matrix and of data flows
If you want your organisation to excel further in the digital
age, data governance matters.
• The controls and metrics that are in place that
•
support the achievement of the required data quality
References:
The monitoring that is required of these controls
https://www.pwc.fr/fr/assets/files/pdf/2016/05/pwc_
and metrics to inform the Data Deficiency process
a4_data_governance_results.pdf
1 st Line 2 nd Line
theaccountant.org.mt
19

ETHICAL AND SOCIAL CONSIDERATIONS
DIGITISATION – ethical and social considerations
We are living in challenging times, as the pace of technological change as we know
it in the modern age that goes back to the industrial revolution of the eighteenth
century, takes a new turning point as Industry 4.0 is now characterised by a
combination of technological innovations and applications including digitisation,
robotics, nanotechnology, biotech and neuroscience.
JOSEPH F X ZAHRA
JOSEPH F X ZAHRA IS DIRECTOR
OF SURGEADVISORY LIMITED,
WORKING ON GOVERNANCE,
HR AND BUSINESS STRATEGY
MATTERS. HE SITS ON THE BOARD
OF BOTH PRIVATE AND LISTED
COMPANIES.
There is much to be gained from technological
innovations and the exponential growth in
computing power. Digitisation has improved
efficiency and productivity at work, opened doors
for global communication, and made the world
safer and more secure. The process of innovation is
continuous and spreads now to data management,
blockchains and cryptocurrencies, and the rise of
artificial intelligence and robotics. Digitised start-ups
became a normal phenomenon with low barrier to
entry for entreprenneurs as the need for “brick and
mortar” and stockpiling of inventory is substituted
by virtual work and communication and just-in-time
manufacturing to delivery.
This rapid technological innovation has created new
business opportunities through a process of creativity
through destruction. We speak today of disruption
in the way institutions – business, governments and
consumers think, decide, behave and act. Digitisation
has demanded new business models which are
providing scope for improved efficiency and business
growth. Well established businesses are changing
their business models to survive, consumers buy
through alternative channels, governments utilise
(and hopefully not abuse) data management,
algorithms are used in providing services and
improving user communication.
Innovators, policy makers and users are mistaken
if they do not consider as an underlying factor in
their equation the human element, and human
relationships in society. The person is more than
a data profile that is downloaded into algorithms.
The person has human dignity, rights and freedom.
The unconditional respect of the person is the only
essential feature to be taken into account when
considering policy, taking decisions and acting in
an economic environment. Social interaction and
human touch and dialogue which is open and sincere
but always interactive must be a permanent feature
in the deliberation process. Human dignity demands
solidarity, justice and mercy.
Two points usually come to mind – first, is technology
abusive, manipulative and addictive? Second, is
digitisation and its various technological ramifications
a threat to human work?
There is truth in the addictive and manipulative nature
of technology. Take Facebook which is designed
to exploit human vulnerabilities including tech
addiction – the dopamine reaction behind a “social
validation feedback loop”. Former Google employees
have set an advocacy group to encourage resistance
to the way technology platforms “hijack our minds”.
Depression, cyberbullying and eating disorders have
been identified as potential harm from excessive
use of social media. Consider the dependence on
addiction by the i-gaming and i-betting industries.
Another threat emerges from the monopolistic
nature of these technological operators and the
difficulty in regulation to catch up with their speed
and fast-adaptability.
The question to be raised here is “what is the
purpose of this industry?” What were the initial
intentions of the entrepreneur and consequently of
management? How much have stakeholders rather
than shareholders been considered? What about the
common good? Is there an ethical compass in the
decision-making process?
Some criteria that investment analysts struggle
with today which go beyond economic and financial
criteria centre around the nature of the business
model, its scalability, the long-term benefits of the
enterprise, and its sustainability at the wake of both
social acceptance and social resistance.
Answering the question on the impact of digitisation
on work is as complex. One starts by pointing at the
20 Summer 2018

BE THE SOLUTION—BE A CISA ®
In today’s fast-paced and ever-more complex business environment,
information has become the most valuable currency for enterprises
around the globe. Information systems professionals play vital roles in
leveraging the value, and assuring the security and integrity of the massive
volumes of information that drive business. For those professionals and
the enterprises they serve the world over, the CISA®—Certified
Information Systems Auditor®— is recognized as proof of competency
and experience in providing assurance that critical business assets are
secured and available.
www.isaca.org/CISAsuccess
With more than 140,000 professionals in over 180 countries, ISACA® is the
trusted source of knowledge, standards, networking, and career development
for information systems audit, control, security, cybersecurity, risk, privacy and
governance professionals. ISACA advances and validates business-critical skills
and knowledge through its globally respected certifications.

ETHICAL AND SOCIAL CONSIDERATIONS
digital divide in our society. Somebody born in the digital
world enjoys the benefits which are self-perpetuating
as the child is educated and socialized in a digital
environment. On the other hand, being deprived of this
reality will place people at a disadvantage. An uneven
distribution of opportunities creates differences,
prejudice and rejection. This is how minorities are
ostracized – due to their lack of opportunities to learn
and be qualified in what is demanded by the new world.
Will there ever be a replacement of the human person
by technology? What are the implications of this on
employment and social conditions? It is easy to fall
into a pessimistic view and a sense of hopelessness.
Indeed, facts are showing the opposite in terms of
employment opportunities. On the other hand, it is
also true that technology has increased anxiety and
stress and psychological health problems.
Which is the other side of the story?
Digitisation, artificial intelligence and robotics can
offer more time to persons for the family, friends and
relaxation. A more balanced individual with time to
work, love and play.
Digitisation and consequent improved productivity,
releases work time for creativity in the arts and
sciences. More time for the appreciation of visual arts,
literature, theatre and performances, while time and
money are invested in research and development.
At each stage of the process we are basing our
judgements on responsibility and trust. Responsibility
of the various social and economic actors in the ecosystem,
whether it is the state, business, worker or
consumer. This responsibility in decision-making and
policy-making goes beyond that of awareness of not
harming others (creating unemployment or a digital
divide), but that of encouraging, cooperating and
developing others in not falling backwards in this
movement of technological progress.
It is also a matter of trust. Do we trust business,
financial institutions, the state, the judiciary, the
regulators? We are living in a period of extreme
cynicism if not repugnance of the “establishment”
which has disappointed people mostly because of its
hypocrisy and its invariable attitude of exclusiveness,
greed, rejection of accountability and dishonesty.
This trust in leadership needs to be regained if we are
to rebuild a society open to technology and having
faith in what is good and of benefit to society.
In the concluding document called “The Madrid
Conclusions for the Common Good” as part of the
Dublin Process – A Dialogue on the Economy and
the Common Good (www.centesimusannus.org)
held at the Universidad Pontificia Comillas in Madrid,
a number of practical proposals were presented to
strengthen the link between responsibility and trust
in modern technology:
1. Dialogue between business, employees’
representatives and civic society on the value of
technological innovation and the way that this can
improve productivity, job security and well-being.
2. New ways of cooperation to be explored between
the public and the private sector to design “transition
projects” to mitigate the risks on employment and
to incentivize leadership in the digital economy.
22 Summer 2018

ETHICAL AND SOCIAL CONSIDERATIONS
Cloud Payroll,
Leave & Attendance
Management
Optimise the payroll process
Automate leave procedures
Manage attendance
Engage employees with
self service portal
Work from anywhere
Best B2B
Application
MCA eBusiness
Award Winner
Make the Switch
shireburn.com/indigo
3. Priorities in education must be reviewed in the
context of the changes in the future of work.
4. The invasion of privacy because of data gathering
enterprises (including financial institutions
and technology firms) demands the design of
simple, understandable and trusted forms of
consent for data treatment.
5. The use of big data can also be promoted by banks
and business in collaboration with international
organisations and universities for “common
good” projects, such as natural disaster damage
prevention, job market exchanges or data access
on business opportunities for small companies
in developing countries.
6. The need for a continuous dialogue amongst
social ethics specialists, economists, politicians,
employees’ representatives and business with the
aim of developing an understanding of the new
ethical issues surrounding the various challenging
questions arising from the digital economy.
Business that has become global both in ownership
and outreach has become so important to a large
number of people that we all accept that the business
paradigm is changing, more so as digitisation plays
an even more important part in this transformation.
To start with, maximisation of stakeholder value
takes priority over shareholder value, encompassing
benefits to customers, suppliers, employees and
communities where the business serves.
In conclusion, there are a few points that must be
kept in mind. Human dignity and freedom cannot be
brushed aside. Digitisation is a reality now that we
must embrace. The important point here is what and
how should the computer decide when faced with
a critical situation. In decision making the human
person cannot be substituted by a machine. In the
process of digitisation, all people should have the
opportunity to participate and therefore education,
vocational training and accessibility to the internet
is a must. Matters of privacy and data ownership
cannot be understated as they are closely linked to
human freedom and this is why we must consider a
proposal for a common ownership of data, as we do
for climate and the oceans. At the end, all depends
on our reply to the question: How do we want to
develop our future?
theaccountant.org.mt
23

BANKING
Digitalise or Die
T
he word “digital” is today imprinted in bold on the strategic plans
of many credit institutions. However, I was somewhat surprised
when ahead of putting my fingers to the keyboard, I asked a
few colleagues in the banking sector for their views on banking and the
importance of digital transformation. Their replies to digital transformation
strategies very much centered around the development of online and
mobile functionality to customers. Surely there is more to that, as traditional
banks also need to combine digital speed and convenience with human
interactions, that are both thoughtful and caring at crucial moments in the
customer journey.
KENNETH FARRUGIA
KENNETH FARRUGIA JOINED BANK
OF VALLETTA PLC IN 1985 AND HE
CURRENTLY HOLDS THE POST OF
CHIEF BUSINESS DEVELOPMENT
OFFICER. KENNETH IS ALSO THE
CHAIRMAN OF FINANCEMALTA,
MALTA'S NATIONAL PROMOTIONAL
BODY FOR FINANCIAL SERVICES,
AND ALSO SERVES AS CHAIRMAN
OF THE MALTA FUNDS INDUSTRY
ASSOCIATION. HE IS ALSO
THE CHAIRMAN OF MALITA
INVESTMENTS PLC.
I have recently come across a compelling research
by Boston Consulting Group, where four out of five
financial institutions believe that digitalisation will
fundamentally change banking and completely
transform the industry’s competitive landscape.
What’s worrying is that according to this research,
less than half of those interviewed (43%) don’t even
have a firmly anchored digital strategy. This research
is even more compelling as it emerged that one-infive
banking executives consider their bank to be
“market leading” when it comes to digitalisation. This
is far from the truth.
In this fast-changing technological and digital
environment, a number of Banks are somewhat
at a loss and evidently so. Over the last two
decades thay have clearly underinvested in their
technological platform capabilities, resorting to oneoff
uncoordinated initiatives driven by individual
units within the Bank, as against the development of
a holistic digital transformation program covering a
comprehensive enterprise-wide digital strategic plan.
The starting point has to be modeled on the Bank’s
business strategy, market position and capabilities,
keeping an open mind how to reshape the distribution
models, improve the value propositions in the process
and develop end-to-end consumer-centric journeys
to increase growth and customer satisfaction. The
strategy has to be driven and spearheaded by the
CEO, who needs to be at the helm of the process
driving a top-down and integrated approach that
involves every aspect of the organization.
Today’s bank customers have developed a strong
affinity to digitally enabled banking and financial
solutions. In come digital wallets, mobile and
internet banking platforms and the latest fintech
driven app solutions that are changing the face of
traditional banks, if not gradually disintermediating
them. Within this context, clients are seeking the
necessary confidence and functionality control to
bank online, with a strong degree of peace of mind
– not necessarily through a Bank.
This is easier said than done, particularly minded of
the guarantees that clients expect from their banks
to protect their money against online fraud or losses
and equally important for their digital payment
instructions, that they process through their mobile
and internet banking platforms to be paid on time
and in a highly cost-effective manner.
In the process, clients are becoming increasingly
sensitive on the need for their personal information
to be safeguarded through the presence of strong
encryption and security protocols, with GDPR placing
further onerous responsibilities on the Banks insofar
as data breaches and data control and processing are
concerned. To make matters increasingly complex,
in also come powerful new tools such as robotics,
big data, AI and Blockchain. So this context begs the
question - what should traditional banking providers
do to address their changing customer preferences?
Just like with any major transformational initiative,
having a clearly articulated digital strategy is of critical
importance. The strategy can’t be a series of one-off à
la carte initiatives taken on by separate and individual
business units. This is the kind of undertaking that
will require banks to tackle digital transformation as
a comprehensive, enterprise-wide strategy — one
that is lead from the very top by the C-suite, with
the CEO firmly at the helm. Without a top-down
integrated approach, that involves every aspect of
24 Summer 2018

BOV CARDS
time to reward
yourself at Montblanc
compliments of your
BOV premium cards
Earn points in the BOV Loyalty Rewards
Programme every single time you use your
BOV Visa Platinum, BOV Visa Gold or your
BOV Skypass.
More information is available from www.bov.com or
contact 2131 2020.
Issued by Bank of Valletta p.l.c., 58, Triq San Żakkarija, Il-Belt Valletta VLT 1130
Bank of Valletta p.l.c. is a public limited company regulated by the MFSA and is licensed to carry out
the business of banking in terms of the Banking Act (Cap. 371 of the Laws of Malta).

BANKING
the organization, traditional banking providers will
struggle to take advantage of powerful new tools
such as robotics, big data, AI and blockchain.
well as Revolut plans to launch in the U.S., Singapore
and Australia later this year, with India, Brazil, South
Africa and the UAE also in sight.
There are various initiatives that need to be
undertaken by the banking sector, but two key
initiatives revolve around, firstly the need to reengineer
the consumer journey, and secondly to
leverage the power of data mining.
Re-engineering the consumer journey requires
banks to completely detach themselves from legacy
processes and procedures – to think without the
box not just outside of it. Frictionless is the most
common term one comes across in the customer
journey process parlance. I find it very compelling to
compare customer journey processes at a Bank, with
those in non-bank outfits and clearly a compelling
one is Amazon – a customer journey as frictionless
as it can get through one-click ordering platforms
- see it, like it, click it, buy it. Revolut is another
classic example of the benefits of digitalization and
has become one of the fastest European companies
to reach the so-called "unicorn" status. It is not
surprising that Revolut now manages around $1.5
billion in transactions every month, up 700 percent
year over year, and this number should increase as
Now try to transpose this frictionless process within
the banking sector and you come across a “frictionfull”
process, taking days and sometimes weeks
to be provided with say a credit card, a loan and
opening of a bank account. Through enough, the
current regulatory environment has not helped,
apart from the customer deep pocket syndrome
with litigations flying against banks – “because they
can afford it” which has brought about a document
fraught process.
Despite all these challenges, coupled as well with the
legacy IT architecture which is today not fit (or possibly
not fully fit) for purpose, justifiably, consumers
are looking at the likes of Amazon and asking why
banks are not trying to replicate their processes
and completely digitize the consumer journey from
start to finish, by introducing rapid onboarding and
automated digital service and product propositions.
The ramifications of such a solution frees up staff for
more valuable tasks, like cross-selling and relationship
building, while simultaneously saving the institutions
money by streamlining processes.
26 Summer 2018

BANKING
Maybe the million dollar question revolves around
the way to digitize the consumer journey, which
in essence revolves around and requires, a carte
blanche re-engineering process, which is completely
driven and centered around the UX – the user or
customer experience. Here again, easier said than
done particularly considering the complexities of
multiple system architectures found in banks. As
the new CEO of Deutsche Bank had pledged in
his address when newly appointed, he vowed to
“untangle the spaghetti ball of its operating systems
and scores of applications and platforms that had
built up over the years”. Let’s be clear that it is surely
an overwhelming and costly process to try to map
and change multiple consumer journeys, and why
it is strongly recommended that this is done in a
phased approach.
The second most important initiative in the
digitalisation process revolves around the benefits of
data mining, which is underestimated and found to
be a challenge by the banking community as a result
of the presence of multiple disparate IT systems. Data
mining capabilities should not only be used from a
1
Application Programme Interface
business development angle, but through the use of
behavioral analytics identify the next best offer to
clients in different clusters and at the various stages
of their lifecycle. Data mining is an invaluable tool for
banks to manage risks, such as that inherent in loan
portfolios in order to better anticipate loan defaults.
In conclusion, the journey to morph a traditional bank
into a digital-driven one requires a clearly articulated
strategy, funding, talent, agile ways of working and
an equally important organizational culture that
engages senior management ensuring they are
fully committed to radically changing the bank.
Fintechs are first class case studies and deemed to
be important partners, for traditional banks seeking
to scale digital initiatives across the institution.
Challenges will be abound particularly driven by the
inability to integrate digital applications with the
legacy infrastructure, in a relatively straightforward
manner even through the use of APIs 1 . Nonetheless,
the message is clear for the Banks - Digitalise or
Die. This requires a discipline phased execution, of
channel based high impact projects within a holistic
digital strategic plan.
theaccountant.org.mt
27

AGILIS
New Challenges for the MLRO
The introduction of the new Prevention
of Money Laundering and Funding
of Terrorism Regulations (PMLFTR)
presents huge challenges to the Money
Laundering Reporting Office (MLRO).
Under the old regime, the application of Simplified
Due Diligence (SDD) was clearly established under
regulation 10. Under the new PMLFTR, in terms of
Regulation 10(1)(b), it is now the obligation of the
Subject Person to determine whether SDD can be
applied and to document those instances which call
for simplified due diligence.
The introduction of the Risk Based Approach (RBA)
is by far the biggest challenge. Regulation 5 clearly
states that the internal assessment of the RBA
must be properly documented and the Financial
Intelligence Analysis Unit (FIAU) can at any time
request a copy of this document.
Documenting a RBA is not an easy task. Initially,
an internal risk assessment by the Subject Person
must be undertaken. A review of the Supervisory
Guidance paper issued jointly by the FIAU and the
Malta Financial Services Authority (on 2nd February
2018) will help in the process. This then will be
followed up by a customer risk appetite framework
modelled on the four risk pillars (customer, product,
jurisdiction and delivery channels) providing suitable
scoring criteria in order to determine the applicable
risk tier (Low/Medium/High) being applied for
each client. In addition to this, the RBA must also
document the process of ongoing monitoring of all
client relationships. The solution is to automate this
process as otherwise it would be rather messy to
keep adequate control.
The concept of non-face to face has completely
disappeared from the new PMLFTR. This does not
mean that non- face to face should no longer be
considered as not being subject to Enhanced Due
Diligence (EDD). The application of EDD should still
be applicable for Politically Exposed Persons (PEPs),
high risk jurisdictions and high risk transactions.
In terms of PMLFTR a Subject Person must now
also appoint a person of a managerial grade whose
duties shall include the monitoring of the day-today
implementation measures and controls and
procedures adopted. The PMLFTR allows the MLRO
to assume this monitoring function.
Another new measure introduced by the PMLFTR is
that of setting up an independent audit mechanism.
While no exemptions are in place, the PMLFTR
require that a Subject Person should ‘implement,
where appropriate with regard to the size and
nature of the business, an independent audit
function to test the internal measures, policies,
controls and procedures.' No guidance has yet been
issued on what determines size and nature of the
business and hopefully the much awaited revised
Implementing Procedures to be issued by the FIAU
will throw more light on this matter.
The National Interest (Enabling Powers) Act has
been revised in May 2018 and hardly any noise
heard. The previous regulations under the main act
(subsidiary regulation 365.01) are now repealed, as
the ‘old regulations’ are now practically embedded
under the main legislation. In terms of Article 17(6)
of this Act, a Subject Person is required to regularly
check the EU and UN sanction lists and ‘have in
place and effectively implement internal controls
and procedures to ensure compliance arising from
this act and any relevant European Union or United
Nations resolutions’. Obviously, there are fines for
breaches of this Act.
The days of the MLRO will be surely exciting.
28 Summer 2018

DATA ANALYTICS
USING DATA ANALYTICS FOR AUDIT EVIDENCE
T
echnology is shaping
and changing our lives.
Answering machines
are long gone as people feel
the need to be connected at
all times. Information needs to
be on tap as even looking up
a book takes too long. Some
employees who traditionally
worked from their desk at the
office, now work remotely
from home or even from
a different country, as staff
mobility is not even about
relocation anymore.
The audit profession is also re-inventing itself but
maybe not at the pace we’d like to believe. Whereas
auditing has been around in one form or other, for
around 3,000 years, Mautz and Sharaf started to give
shape to the theory of auditing in 1961 with their
publication of The Philosophy of Auditing. Since then,
we have seen a significant increase in guidance on
how to conduct an audit as standards were issued
by bodies such as the International Auditing and
Assurance Standards Board (IAASB) and the American
Institute of CPAs (AICPA). However, questions
continue to be raised by the public as to whether
such the bodies are doing enough to ensure that the
profession keeps with the pace of technology.
In considering whether International Standards on
Auditing (ISAs) are outdated given that they were
drafted before the availability of data analytics
techniques, during September 2016, the IAASB’s
Data Analytics Working Group (DAWG) felt the
need to issue a call for comments through its paper
entitled Exploring the Growing Use of Technology in
the Audit, with a Focus on Data Analytics. The general
consensus was that ISAs were not ‘broken or a barrier
to the application of data analytics in the audit’.
IAASB’s DAWG defines data analytics largely on the
definition used in an AICPA publication entitled Audit
Analytics and Continuous Audit - Looking Toward
the Future. The DAWG states that The quality of a
financial statement audit can be enhanced by the use
of data analytics. Data analytics, when used to obtain
audit evidence in a financial statement audit, is the
science and art of discovering and analyzing patterns,
deviations and inconsistencies, and extracting other
useful information in the data underlying or related
to the subject matter of an audit through analysis,
modelling and visualization for the purpose of
planning or performing the audit.
The use of Audit Data Analytics (ADAs) is thus seen as
an enhancement to and not as a replacement of audit
evidence. It can assist during the entire audit workflow.
In the risk assessment process, ADAs can be used
to provide better insight and support to the auditor
in identifying and assessing the risks of material
misstatement in terms of ISA 315 Identifying and
Assessing the Risks of Material Misstatement through
Understanding the Entity and Its Environment. Such
ADAs may constitute preliminary general ledger
account transaction analysis, correlation of revenue
against industry expectations and analysis of betting
behaviours in an Internet Gaming (iGaming) company.
In testing controls, an entire year’s financial
information may be used in order to:
• evaluate whether segregation of duties policies are
being followed by checking whether transactions
are authorised by an appropriate employee;
CHRISTOPHER AZZOPARDI
CHRISTOPHER AZZOPARDI IS
HEAD OF INFORMATION RISK
MANAGEMENT AT KPMG. HIS
SPECIALISATION LIES IN AUDITING
IT SYSTEMS IN SUPPORTING
FINANCIAL STATEMENTS AUDITS.
HE IS ALSO A MEMBER OF THE
MIA DIGITALISATION COMMITTEE.
theaccountant.org.mt
29

DATA ANALYTICS
• evaluate whether commissions given to
merchants involved in electronic payments are
in accordance with set expectations, given the
associated risks of the business relationships
and intermediaries involved; and,
• determine whether divergencies exist between
sales (or purchase) orders, invoices and payments.
Substantive analytical procedures are defined by ISA
520 Analytical Procedures paragraph 4 as evaluations
of financial information through analysis of plausible
relationships among both financial and non-financial
data. ADAs using predictive models can determine
whether transactions recorded are in accordance
with pre-set expectations using regression models.
If the auditor has the capacity and capability to
access and handle large volumes of data, he can,
for example, analyse an iGaming company’s betting
transactions in more detail and better determine
which transactions may need further investigation on
the basis of correlations with other player behaviour,
gaming logic and probability of outcome. Whereas
statistical sampling techniques provide the auditor
with an understanding within a statistical confidence
level and materiality thresholds for the sampled
population relying on the assumption of homogeneity,
ADAs single out anomalies that warrant further
investigation. This may be compared to choosing
the coloured marble in a transparent jar, rather than
selecting a sample of marbles blindly, on the back of
statistical models, and concluding on the number of
coloured marbles in the jar on the basis of the sample
selected. Sampling techniques can assist in forming
a conclusion on the population being tested, though
ADAs can provide further insight as to whether there
are any transactions that are unexpected given the
auditor’s understanding of the business.
With electronic data being used as audit evidence,
the auditor needs to evaluate the reliability of the
information to be used as audit evidence in terms
of ISA 500 Audit Evidence. ISA 500(9) states that
for information produced by the entity to be relied
upon for audit purposes, the auditor needs to obtain
audit evidence that it is complete and accurate, and
that it is of sufficient precision and detailed to merit
its use. In an electronic dimension, information can
be changed at will without any trace, unless systems
are appropriately supported with sufficient relevant
controls. Just as spreadsheets can be modified
entirely without any tracking of their source,
system databases can also have the same pitfalls
without adequate manual and automated control
infrastructures. Likewise, if management promotes
a culture to circumvent controls to get things done, it
would increase an auditor’s professional skepticism
as to the reliance that can be placed on that data for
ADAs. In a corporate environment where physical
manual controls are given more importance than
their automated counterparts, ADAs would have
little validity in providing audit evidence on their
own, without being able to extend the assurance
attained through manual controls testing over
underlying data used.
Auditors using ADAs may fall in the pitfall of relying on
the data as if it is authoritative solely on the basis that
numbers reconcile between them or the accounts
they represent. Like any other piece of information
paper provided by the client, electronic data needs to
be verified using the guidance of ISA 500. The source
of the data, the processing and the output need to be
understood and controls verified to confirm that the
audit procedures are based on reliable information.
Also, auditors are required to design and perform
audit procedures to obtain sufficient appropriate
audit evidence (ISA 500 (1)), and therefore they need
to be knowledgeable of the process applied by the
tools including any algorithms which may not be
immediately visible to the user.
The audit profession needs to mature even further. In
their report Audit Quality Thematic Review – The use
of data analytics in the audit of financial statements,
the Financial Reporting Council noted ADA practices
adopted by a number of audit teams. They noted
that audit teams need to review their existing audit
30 Summer 2018

DATA ANALYTICS
approaches to identify testing that ADA replaces as
it seems that auditors are reluctant to trust the tools
given the inexperience in using them to generate
primary audit evidence. At times auditors used ADAs
solely for adding value to their audit committee
reports without constituting any audit evidence in
arriving at their opinions, with the risk of verging into
providing non-audit services.
It is clear that audits need to evolve further into
embracing technology and the benefits that ADA
bring. In 50 years we have gone from paper ledgers
to databases to cloud computing and now to
blockchain technologies. Auditors need to re-invent
themselves. They need to be ready to embrace the
future of technology and not just the challenges
brought about by the current ones. Audit procedures
need to be revisited in order to ensure that they
are leveraging upon the possibilities available
with today’s technology. Is it still efficient to adopt
statistical sampling techniques in environments
where millions of transactions are processed daily?
The regulators, the Malta Institute of Accountants,
The Accountancy Board and international bodies
need to discuss and share knowledge on what is
acceptable, best approaches and considerations
in adopting ADAs. As we get to terms with the
technology, we need to make sure that our audit
methodologies are enhanced to make use of current
techniques to provide better insight to the auditor
and audit committees.
In the words of Robert M. Pirsig, ‘If you run from
technology, it will chase you.’
Save the date
MIA and ICaEW
Joint Event
Tuesday, 4th December 2018
theaccountant.org.mt
31

BLOCKCHAIN
BLOCKCHAIN –
The New Digital
Concept In iGaming
MAURO MAGRO
KPMG AUDITOR - IGAMING
INDUSTRY
iGaming industry as we know it, is
steadily evolving around the digital world
of blockchain technology. To date, the
technology is commonly known by the
general public for the cryptocurrency
Bitcoin, however blockchain technology
brings a far more useful agenda to the
table that could potentially be a gamechanger
for online gambling.
WHAT IS BLOCKCHAIN?
Blockchain is a decentralized database of transactions
or assets, otherwise referred to as a distributed
ledger, where each participant has an identical copy
of the ledger that is protected by their own digital
signature. The distributed ledger can be shared across
multiple nodes (touchpoints) of the network and any
alteration made to either one of the ledgers will be
time-stamped and securely linked to the previous
transaction within the network, creating a chain of
activity almost simultaneously. Blockchain technology
applies to any online digital asset transaction where
each entry is validated, safeguarded and preserved
through historical records that can be verified at any
time in the future. Furthermore, blockchain makes
use of cryptographic signatures so as not to comprise
the privacy of digital assets and the identity of the
parties involved.
BITCOIN AND BLOCKCHAIN
Let us consider Bitcoin to understand how blockchain
processes information and maintains its data
integrity across the network. Initially, Bitcoin places
transactions in groups (otherwise known as blocks)
and these blocks are then linked to one another in the
blockchain. Each block is considered to happen at a
particular time period where each one contains a hash
of the previous block, allowing them to be linked in a
chronological order. However, there may be instances
where there would be nodes creating multiple blocks
at the same time that would result in having several
blocks, each with its own unique order, on different
nodes in the network. Bitcoin addresses these
instances by establishing a mathematical puzzle, one
where each block is only accepted in the blockchain if
it answers to a special mathematical problem.
Blockchain technology makes it even harder for
fraudulent activity to take place. In the event that
someone tries to enter a fraudulent transaction in
the system, that transaction would not only need to
solve the mathematical puzzle to join the network
but would also have to mathematically surpass all the
‘good’ nodes to generate all the blocks subsequent to
that block. Hence, this would then require all the other
nodes to accept the transaction and block the valid
one in its place. However, this is considerably difficult
to achieve as blocks share a cryptographic connection.
BASIS FOR BLOCKCHAIN RECOGNITION
Currently, traditional gaming platforms store sensitive
data such as player information and game-play
history, together with corporate game technology on
their servers. These central hosting servers are the
32 Summer 2018

A GLOBAL OUTLOOK
FOCUSED ON LOCAL NEEDS
Vertical integration built on broad experience
Alter Domus is a fully integrated provider of Fund and Corporate
Services dedicated to international private equity & infrastructure
houses. real estate firms, private debt managers, multinationals,
capital market issuers and private clients. Our vertically integrated
approach offers tailor-made administration solutions across the
entire value chain of investment structures, from fund level down to
Special Purpose Vehicles.
Alter Domus Malta now counts on the support of 150 employees
and holds over $1.5 billion funds under administration and over 500
structures under administration.
www.alterDomus.com
YOU INVEST, WE SET UP.
YOU DEVELOP, WE ADMINISTER.

BLOCKCHAIN
primary focal point for cyber-attacks and information
security breaches when considering possible
data leaks within the system. At present, iGaming
platforms not only have full control over the games’
software and commands they use, but also privately
withhold the outcome logs from the general public.
Nonetheless, the payment processing fees incurred
by players when making deposits and withdrawals
are seen as an unnecessary burden as these have
become even more expensive than other online
e-commerce services. The desire for faster payments
is paving the path for companies to evolve from the
traditional payment system as we know it towards
an innovative way of doing things, through the
application of blockchain technology.
THE FUTURE OF IGAMING WITH BLOCKCHAIN
Blockchain-based iGaming platforms are what
could potentially be leading the iGaming industry
in the next few years. With the recent acceptance
of blockchain based companies such as Funfair
and Unikrn in Gibraltar’s online gambling market,
blockchain technology has gained greater traction
amongst online players as they experience what
could possibly become the new digital gaming
environment. Blockchain technology brings several
changes to the online gambling market, the most
prominent of which are:
1. Inducing More Transparency
Across the blockchain network, online gambling
operators are transparent to their players as
there is full disclosure of gambling odds and
of subsequent results of bets placed on their
platform. In addition, the parameters used to
generate games’ outcomes when operating on
the Ethereum blockchain, gives players strong
assurance that the RNG (random number
generator) is not being manipulated by the
operator in any way.
2. Establishing Smart Contract Agreements
Smart contracts are digital agreements
between parties that execute payments when
a preprogrammed condition is triggered by
the outcome of an event. These are basically
a set of instructions – ‘if this, then that’ –
which entails all participants to a transaction.
Smart contracts provide a more secure and
trustworthy arrangement between the player
and the operator since they are based on
verifiable and publicly available immutable
contracts. If you apply this to a casino, a case in
point would be the Roulette, if I bet on red and
the ball stops on red, I win and the casino pays
me my winnings. If the ball stops on black, I lose
and the casino takes my money. By introducing
these smart contracts, there would be less need
for interference from top-level administration as
everything would be integrated through digital
agreements and processes would have become
fully automated and verified.
3. Shift to a ‘Pay-As-You-Go’ Platform
This payment scheme has already experienced
substantial growth within several iGaming
companies and a considerable number of
individuals are also making use of Bitcoin,
Ethereum, Litecoin and other cryptocurrencies to
make payments. In comparison to the traditional
method of payment via banking systems, these
cryptocurrency transactions are faster and easierto-use
while at the same time do not make use of
any intermediary throughout the transaction. With
cryptocurrency transactions, the blockchain itself
acts as an intermediary processor for transactions
incurred by its participants which also explains the
lower transaction costs borne by its users.
4. Cutting-edge Data Security
Since blockchain is built on a decentralized
structure, having a cryptographic secured
network makes it even more difficult for hackers
to attack. Without a central focal point to exploit,
hackers face even higher levels of resilience
when attempting to hack the system.
BLOCKCHAIN AND THE MALTA GAMING AUTHORITY
(MGA)
So far the MGA has only issued consultation
requirements, thus, it has not granted licensing to
any blockchain gambling related activity. At present,
MGA remarks that the Authority supports companies
“that are hosted fully or partially on a Blockchain
environment” under the condition that the operator
ensures that the gaming service it provides to
its customers will not be unduly disrupted by its
operational setup.
The MGA is working towards having a regulated
licensing system for gaming developers with
standards set out for cryptocurrency payments and
digital currency wallets. The recently issued guidance
34 Summer 2018

BLOCKCHAIN
Are you a student looking
for an opportunity?
Join our team and explore what the professional
world has to offer by beginning to build a strong
foundation for you and your future.
E. info@nouv.com.mt
135, ‘Kyle Building’, Triq il-Mediterran,
St. Julian’s, STJ 1870 Malta
nouv.com.mt
T. (356) 2134 5009/10
NOUV MT is an independent member of TGS an international
network of professional business advisors focused on delivering
excellence around the world.
on the use of distributed ledger technology and on
the acceptance of virtual currencies is meant to serve
as a potential ‘test and learn’ live environment as part
of the preliminary acceptance of an online gambling
regulated environment.
The MGA strategy to be at the forefront of
remote gaming regulation while embracing
innovation, is balanced with the recognition
that a prudent approach in this area is sensible
and needed
THE IMPLICATIONS FOR THE MALTESE
ACCOUNTANT
As blockchain oriented start-up companies are set up
in Malta, other globally renowned gaming companies
have become compelled to plan their next move in
light of blockchain technology. What this implies for
professional accountants is that, while blockchain
allows for greater efficiency in the accountant’s work,
it opens up the possibility for the accountant to focus
time and resources towards the value-adding areas
that are becoming increasingly dependent upon by
these companies.
Blockchain technology brings to the table clarity
across the ownership of assets and existence of
obligations. Furthermore, ledger reconciliation as
we know it is changing, with verifiable blockchain
records automating the bookkeeping process for
the accountant. Henceforth, the accountant directs
attention on the significance of the data itself and its
implications, while keeping a professional skeptical
mindset when applying their professional judgement.
Additionally, blockchain opens up the possibility for
‘real-time reporting’ as distributed ledgers enable
more timely recordings of corporate cash positions.
As advancements in digital technology continue
to evolve and regulations are set out, the auditors’
role will also progress towards the digital era; one
where auditors’ express governance over the types
of blockchains being used within the online gambling
industry. While it has already started to take effect
at present, there is no doubt that in the near future,
auditors need to provide an exhaustive level of
assurance on the digital systems being used by these
businesses, rather than solely focusing their testing
on the transactions themselves.
theaccountant.org.mt
35

INITIAL COIN OFFERINGS
ICOs –
a wealth of opportunities
DR JOSEPH F. BORG
DR JOSEPH F. BORG IS AN
ADVOCATE AND PARTNER AT
WH PARTNERS, HEADING THE
BLOCKCHAIN AND THE GAMING
AND GAMBLING ADVISORY
SECTIONS OF THE FIRM.
TESSA SCHEMBRI
TESSA SCHEMBRI IS A LEGAL
TRAINEE WHO FORMS PART OF
THE BLOCKCHAIN AND GAMING
AND GAMBLING ADVISORY TEAMS
AT WH PARTNERS.
I
nitial Coin Offerings (ICOs) are by-products
of the larger cryptocurrency phenomenon,
which began with the conception of Satoshi
Nakomoto’s Bitcoin back in 2009. With blockchain
technology on the rise, we are continuously seeing an
increase in start-up and mature companies pursuing
a novel path to raise capital: the so-called ICOs,
sometimes referred to as a ‘token generating events’
or simply ‘token sales.’
An ICO is an application which enables organisations of
any size to raise money, in a peer-to-peer manner akin
to crowdfunding, by offering cryptocurrency tokens in
a new venture, project or network. Developers draw
up a ‘whitepaper’ in which they outline their business
idea to potential buyers and then sell tokens to those
willing to contribute. Contributors participate in the
fundraising by transferring fiat currencies like the
euro, or cryptocurrencies like bitcoin and ether, to
the issuer in exchange for a token. The very first token
‘Maidsafe’ was launched via an ICO in 2013 on the
Mastercoin blockchain, but most ICO tokens which
followed were created through the deployment of
a smart contract built on top of an already existing
blockchain. Currently, the most popular blockchains
used for ICOs are the Ethereum, Waves NEO and the
new EOS platforms. The issuing company then designs
digital tokens that can grant any bundle of rights and
obligations for the token holders. When the rights
which stem from tokens embody rights to profits or
voting rights, the ICO may be likened to a traditional
Initial Public Offering (IPO).
The attractiveness of ICOs was spurred by the sudden
rise in the value of bitcoin and the strong expansion of
the overall cryptocurrency market, which resulted in a
widespread media coverage of the blockchain space.
The staggering increase in price which some tokens
experienced following their launch on secondary
market exchanges, continued to serve as an attraction
for businesses and investors with a risk appetite to
invest in these innovative technologies. Nevertheless,
the great decline in the value of the cryptocurrency
market since its high in December 2017, coupled with
the continuing increase in the number of ICOs currently
taking place, is clear evidence that the opportunities
of ICOs extends far beyond market speculation. As
ICOs provide a facility for leveraging cryptocurrencies
and smart contract technology, it has now become
possible to replace traditional venture capital and
other funding models with a more direct, automated,
and decentralised solution. As a result, blockchainbased
ventures have turned to ICOs as a mechanism for
funding, realising these are easier, faster and cheaper
than pursuing seed rounds through traditional venture
capital models. From a token purchaser’s perspective,
ICOs have also presented an opportunity of gaining
access to technology companies at their very early
stages; an opportunity which has traditionally been
limited to venture capitalists and accredited investors.
The turning point for ICOs occurred in July 2017, when
the United States Security and Exchange Commission
(SEC) issued an investigative report cautioning market
participants partaking in ICOs, that such activities are
subject to the requirements of the federal securities
laws. The SEC’s report was issued in response to the
tokens offered during ‘The DAO’ 1 ICO and which were
consequently held to qualify as securities that must
necessarily comply by US securities legislation. The
ramifications of this seminal decision led regulators
and policy-makers worldwide to issue similar warnings
and opinions on the legal requirements, future
enforcement actions and the potential dangers
pursuant to ICOs. Within the European Union, the
European Securities and Markets Authority (ESMA)
issued a statement stressing that firms involved in
ICOs qualifying as financial instruments, are carrying
out regulated activities and must comply with EU
investment services legislation such as the Prospectus
Directive, the Markets in Financial Instruments
Directive (MiFID II) and the now Fifth Anti-Money
Laundering Directive (5AMLD).
Malta was and is the first and only Member State
to go a leap further than just publishing warnings,
consultation documents and discussion papers. The
Maltese Government revealed its ambitious legislative
plan back in February 2018 when it proposed the
introduction of three pieces of legislation which would
regulate the Maltese blockchain ecosystem as a whole.
These are the Malta Digital Innovation Authority Act,
36 Summer 2018
1
Decentralised Autonomous Organisation

Enhance your Responsible Gaming capabilities with a
real-time focus on fairness, player protection, and security
+
Ongoing player
behaviour monitoring
Extension to your
platform functionality
Real-time alerts
and notifications
Flexible and
robust rules engine
www.computimesoftware.com/axon-gaming +356 2149 0700 info@computimesoftware.com

INITIAL COIN OFFERINGS
the Innovative Technology Arrangements and Services
Act and the Virtual Financial Assets (VFA) Act which
were consequently adopted by the Maltese Parliament
on the 4th of July 2018 and are expected to come into
force in October of the same year.
The main legal instrument regulating ICOs issued in or
from within Malta is the VFA Act. This Act distinguishes
between three types of tokens (referred to as ‘DLT
assets’): (1) the ‘Virtual Token,’ (2) the ‘Virtual
Financial Asset’ (VFA) and (3) a ‘Financial Instrument.’
A Virtual Token is defined as ‘a form of digital medium
recordation that has no utility, value or application
outside of the DLT platform on which it was issued
and may only be redeemed for funds on such platform
directly by the issuer of such DLT asset’ and excludes
electronic money. Such tokens fall outside the scope
of the VFA Act. ‘Financial Instruments’ are also not
caught by the VFA Act but fall within the remit of
Maltese rules which transpose the abovementioned
EU investment services legislation.
Therefore, the ICO-specific rules contained in the VFA
Act apply only the issuers of VFAs (referred to as an
‘Initial Virtual Financial Asset Offering’). The Act defines
a VFA as ‘any form of digital medium recordation that is
used as a digital medium of exchange, unit of account,
or store of value and that is not – (a) electronic money;
(b) a financial instrument; or (c) a virtual token. The
litmus test which will distinguish between Financial
Instruments and a VFA is the so-called ‘Financial
Instruments Test’, which explicitly requires that a VFA
functions as a means of exchange and therefore has
a payment function and does not create any rights
which may be exercised by the VFA holder against the
issuer. Under these rules, the issuer of such an ICO
must comply with high level principles and necessarily
draw up a ‘whitepaper’ to be registered with the
Malta Financial Services Authority. The First Schedule
of the Act prescribes disclosure requirements which
must feature in the whitepaper including, inter alia,
a detailed technical description of the protocol,
platform and/or application, the characteristics and
functionality of the VFA, the project, the issuer and its
team, the VFA agent and any service providers used by
the issuer, as well as the applicable exchange rate of the
VFA and any proposed security safeguards. Auditors
should in particular take note of Part VIII of VFA Act, in
which they are imposed reporting obligations in their
auditor reports on the accounts of the issuer.
Furthermore, under the MFSA’s very recent Virtual
Financial Assets Regulations, it is being proposed
that VFA issuers must pay a one-time registration fee
of €4,000 for their whitepaper, as well as an annual
supervisory fee of €1,000, upon the submission of a
certificate of compliance.
According to one of the leading news portals in
this space, globally ICOs have raised over $5billion
in 2017 and over $6billion in the first quarter of
2018. Considering ICOs a wealth of opportunities
is an understatement. Malta, being one of the first
jurisdictions to regulate ICOs has a great potential
of attracting a large share of them over the coming
months and years.
38 Summer 2018

Efficiency in business is
core. So is taking control
over your payments.
When business is moving fast, managing your payments efficiently
and conveniently becomes even more essential. With HSBCnet
you can view the balances of all your business accounts, in one
place – as well as effect multiple payments online with just one
log in. This makes it the ideal tool for transferring money, paying
suppliers or your team’s salaries, at one go… without the need to
pay in either cash or cheques, thus saving your business money as
well as time.
HSBCnet – making payments simpler.
Speak to us today by calling 2380 8000 or visiting
www.business.hsbc.com/mt/HSBCnet
Together we thrive
Approved and issued by HSBC Bank Malta p.l.c., 116 Archbishop Street, Valletta VLT 1444 which is regulated by the Malta Financial Services Authority. (Ref No. 101501 – 04/2018)

GETTING IT RIGHT
GETTING IT RIGHT
PAYROLL PROCESSING: What does it really involve?
limit of EUR 5,000.00) in respect of every child
if the income is from employment. This also
applies in the case of self-employment. Specific
forms will need to be enclosed with the Personal
Income Tax Return so that the tax credit can
be availed of. Lastly, it is important that once
a woman returns to work a revised FS4 should
also be submitted.
CHRISTABELLE AGIUS
TEAM LEADER – ACCOUNTING
SERVICES AT CSB GROUP
NICKY ALBANAZZO
ACCOUNTS ASSISTANT – CSB
GROUP
Payroll is not simply a payroll run exercise
using a software package, which automatically
calculates the employees’ taxation and social
security contributions, produces the monthly
FS5s, and the annual FS3s and FS7s. Besides
ensuring that the employees are registered with
Jobsplus and the Inland Revenue Department
(IRD), that they are taxed at the correct and
most beneficial rates of taxation (single, married
or parental rates as applicable) and deducting
the National Insurance contributions (NI), as
well as paying its employer’s share of NI and
maternity fund contributions in time, the
employer must also be well versant with the
various regulations/legal notices in place, that
may affect its employees’ level of taxation and
hence the whole payroll run.
A few of these to be considered are the following:
1. Women returning to employment
It is important to be well aware of the rule that
benefits women returning to work after their
maternity leave, or after a certain number
of years. A tax credit of up to a maximum of
EUR 2,000, is available for women who have
been absent from work for 5 years and have
a child under the age of 16, or for every child
born from 1st January 2007 onwards. The tax
credit may not only be set-off against the tax on
employment income, but may be availed of over
a period of two consecutive years of assessment,
commencing from the year of assessment
during which the return to employment occurs.
Instead of utilising the tax credit of EUR 2,000, a
mother can opt for one year tax credit (up to a
2. Highly Qualified Persons
Employing companies licensed with the Malta
Financial Services Authority (MFSA), the Malta
Gaming Authority (MGA) or Transport Malta
(TM) may employ senior individuals occupying
certain key positions (specifically outlined in the
regulations), who may avail from tax benefits
pertaining to the Highly Qualified Persons Rules.
Such senior employees may opt to pay tax at
the Flat Rate of 15% on employment income
and fringe benefits, derived in respect of work
or duties carried out in Malta (or in respect of
any period spent outside Malta in connection
with such work or duties). Certain conditions
need to be fulfilled before this beneficial tax rate
can be applied. An RA17 form would need to
be completed and endorsed by the respective
authority.
3. Fringe Benefits
The term Fringe Benefit refers to any benefit
provided or deemed to be provided by reason
of an employment or office.
Only fringe benefits listed in the regulations
are subject to tax. The regulations determine
the value of the benefit for tax purposes. Most
common fringe benefits relate to company
cars, car cash allowances and provision of
accommodation to employees.
A recent change occurred in the Share option
Scheme.
40 Summer 2018

GETTING IT RIGHT
The value of the benefit is the excess, if any, of
the market price of the shares if sold on the date
when benefit is provided over the option price of
the same shares. This benefit is being taxed at the
special flat tax rate of 15%.
Not all fringe benefits are subject to tax: Below is
a list of just a few exemptions:-
• The cost of travel for business purposes
including a reasonable subsistence
allowance;
• Cost of travel between Malta and Gozo;
• Cost of business related training;
• Subscriptions in respect of an employee’s
membership to a professional body;
4. Part Time Rules
These apply to full-time students, apprentices,
full-time employees and pensioners.
The benefits and conditions to apply these rules
are namely the following:
• Income from part time employment is taxed
at 15% up to a maximum of Euros 10,000 /
Euro 12,000 i.r.o. self-employment.
• Once the above thresholds are exceeded,
normal tax rates will apply,
• Part time activity can be either employment
or self-employment,
• Employee must be registered with Jobsplus,
• Full time and part time employment must
not be carried out with the same employer
or employers within the same group of
companies,
• Part time employment cannot exceed 30
hours per week.
In Payroll processing, one is processing significant
personal data and this also brings us to the important
subject of GDPR which cannot be left unmentioned
when speaking about payroll processing. GDPR came
into full force on 25 May 2018, and although handling
of personal data was always considered important,
now payroll providers had to undergo a radical change
in all their internal processes to ensure they are
compliant. These include:
A. Completion of data registers specifying what
personal data is being processed, how it is being
processed, who is responsible for it, etc.,
B. Implementing a data retention policy ensuring
personal data is not kept longer than necessary
(legal minimum retention periods would
supersede GDPR retention requirements),
C. Consolidating personal and payroll data in one
location,
D. Creation of a GDPR readiness plan,
E. Undergoing GDPR audits to make sure all
processes and systems are GDPR compliant,
F. Considering appointing a Data Protection Officer,
G. Giving employees full visibility of the data you
hold on them,
H. Creating GDPR-compliant privacy notes for your
employees.
Organisations are responsible for their own data and
to ensure it is protected. Third-party relationships with
HR/payroll partners/providers could present both a
risk and opportunity.
It is important that a GDPR data processing agreement
is put in place outlining clearly the duties and
obligations of the data controllers and the data
processors. Very often the data controller is the client
who gives the instructions and the payroll providers/
partners are the data processors. The agreement
should stipulate various matters including, that the
latter shall process personal data solely in accordance
with the agreement, they shall ensure that personal
data is not disclosed or transferred to any third
party without the prior explicit written consent of
Data Controller, except as specifically stated in this
Agreement or as explicitly required by law. The Data
Processor shall not engage another processor (subprocessor)
without prior written authorisation of Data
Controller. The latter should be informed in writing who
shall approve or disapprove any such other processor.
The Data Processor shall inform Data Controller of the
location of the Personal Data upon the request of the
Data Controller. The Data Processor shall allow for and
contribute to audits, including inspections, conducted
by an authorised auditor appointed by Data Controller.
Due to the above and many other considerations that
one needs to be aware of during payroll processing,
outsourcing the payroll to a professional service
provider whose payroll and tax department work
hand in hand and are continually updated with new
regulations could be the way forward. Strong HR/
payroll partners/providers can assist organisations
in being also GDPR compliant and take away a
part of the burden and risk, because their systems
and processes would ensure protection of your
employees’ personal data.
CHRISTOPHER CARUANA
ASSISTANT TEAM LEADER –
ACCOUNTING SERVICES AT CSB
GROUP
JACQUELINE MC INTYRE
ACCOUNTS EXECUTIVE – CSB
GROUP
theaccountant.org.mt
41

Make nights
even more beautiful
The Multi range. For storing, for living, for sleeping.
Designed and manufactured to order in Germany. Locally brought to you exclusively by Joinwell.
www.joinwell.com.mt info@joinwell.com.mt +356 2278 2000 Mill Street Qormi QRM 3102

TAXATION
TAX AND TECHNOLOGY –
the state of play
In recent years, the tax sphere has been blighted by a number
of controversies, which have brought the tax strategies adopted
by multinational enterprises under the spotlight. Events such
as the Luxembourg leaks, as well as the European Commission
investigations into state aid granted by member states to
multinational enterprises, have resulted in a period of the biggest
changes to international corporate tax rules.
LUCA PACE
LUCA IS A MANAGER WITHIN THE
INTERNATIONAL TAX TEAM AT
DELOITTE MALTA, HAVING JOINED
AFTER READING FOR A MASTER
IN ACCOUNTANCY DEGREE AT
THE UNIVERSITY OF MALTA,
WITH MAIN AREAS OF FOCUS
BEING TAX TRANSPARENCY AS
WELL AS THE DIGITAL ECONOMY,
SUCH AS DISTRIBUTED LEDGER
TECHNOLOGIES.
This has led to the OECD (Organisation for economic
corporation and development) to pursue the base
erosion and profit shifting (BEPS) project. The
latter being an ambitious task of reviewing existing
international tax rules and principles, to set out
recommendations, as well as establish minimum
standards in order to ensure a fairer system of
taxation, with the aim of taxing profits where
economic activities leading to value creation are
conducted. As a result of the work carried out by
the OECD as part of the BEPS project, one theme
emerged where present tax rules, when applied
within the context of a global economy with
increased mobility of capital and resources, which
was adopting increased digitalised processes, were
not up to the task of successfully bringing to tax
income where value was created.
The sourcing rules laid out within the OECD Model
Tax Convention, on which most double tax treaties
are based including the majority of those entered
into by Malta, contracting states typically have the
right to tax income sourced within their jurisdiction
by a foreign enterprise through a fixed place of
business, which carries out the business activity.
However, an exception to this rule found application
towards certain specific activities conducted by an
enterprise in a jurisdiction, such as warehousing,
which were considered to constitute preparatory
and auxiliary services and therefore outside of
the source jurisdiction to tax the profits from such
activities, if any. Such loopholes have been exploited
and further enforced the need, to truly understand
the digital changes happening within the economy
and establishing a way to tax profits where value is
truly created.
On the 16 March of this year, following work previously
carried out in the area of the digital economy as part
of BEPS Action 1, the OECD published the highly
anticipated interim report on tax challenges arising
from the digital economy (the ‘Interim Report’). The
Interim Report considers certain digital business
models and how and where value is created within
the global digitalised economy, as well as the views
of the different members of the Inclusive Framework
on BEPS (a group of around 100 countries which
collaborate on the implementation of BEPS
measures), on whether and to what extent changes
to international tax rules should be made in order to
cater for a digitalised economy. The salient takeaways
from the Interim Report include a lack of consensus
by the Inclusive Framework, with a commitment to
deliver a final report by 2020 on a proposed solution,
as well as short-term solutions being perceived as the
wrong approach to the issue at hand.
The challenge posed by digital business activities, has
also been of interest to the European Commission.
Shortly after the publication of the Interim Report
by the OECD, on 21 March 2018, the European
Commission published two proposed directives
with the intention to address the need for a fair and
effective taxation of the digital transformation within
the economy.
The first proposed council directive intends to lay
down rules relating to the corporate taxation of a
significant digital presence (COM/2018/147/FINAL).
This proposed directive aims at establishing a
taxable nexus for businesses with a digital presence
in jurisdictions, without any physical commercial
presence, i.e. a significant digital presence. Further
44 Summer 2018

A banking partner you can rely on,
giving you the power to succeed.
At Sparkasse Bank Malta plc we have introduced an extensive suite of banking services geared
towards Financial Practitioners, Corporate Service Providers and their clients’ individual needs.
Our services deliver private, personal and efficient solutions to professionals and are supported by
a highly skilled and dedicated team of Private Bankers.
For Private and Corporate Banking, Wealth Management and Fund Custody, talk to Sparkasse Bank Malta plc.
Call +356 2133 5705 or email us on info@sparkasse-bank-malta.com.
www.sparkasse-bank-malta.com
Sparkasse Bank Malta plc, 101 Townsquare, Ix-Xatt ta’ Qui-si-Sana, Sliema SLM3112, Malta
Sparkasse Bank Malta plc is licensed and regulated in Malta by the Malta Financial Services Authority (MFSA)
to provide Banking, Investment and Custody services.
Part of the Austrian Savings Banks - Banking since 1872

TAXATION
to the formation of what is being labelled as a ‘digital
permanent establishment’, this proposal further
sets out principles for the attribution of profits to
qualifying significant digital presence. In terms of
the proposal, the threshold for a significant digital
presence in a member state to subsist would require
for a digital service to be provided through a digital
interface, which generates revenues in a Member
State during a taxable period in excess of €7million,
to users in excess of 100,000 and through the
conclusion of 3000 business contracts for the supply
of a digital service in a member state during a taxable
period. This threshold led to numerous comments
on the proposal, where it has been considered to
be low, considering the size of the European market.
Furthermore, the proposed attribution of profits
to a significant digital presence is akin to a physical
permanent establishment, with modifications to
reflect the virtual nature of the significant digital
presence, taking into consideration the economically
significant activities performed.
The second proposed directive (COM/2018/148/
FINAL), seeks to establish tax on revenues from
certain digital services and is labelled as a quick fix,
to the problem of having international corporate tax
rules designed prior to today’s digital era. Set to be
an interim solution, the European Commission is
proposing a digital sales tax (DST) of 3% on revenues
from the provision of certain digital services by
qualifying multinationals, with a total worldwide
revenue in excess of €750m and revenue from
within the EU in excess of €50million. The proposed
DST, should it be adopted, would be levied on gross
revenues (net of VAT) from certain online advertising,
transmission of collected user data, as well as from
digital platforms which facilitate user interaction.
The aim of the European Commission, through the
DST, is to hit digital firms that rely heavily on user
participation as a means to generate revenue, a move
which some have labelled as specifically targeting
digital giant multinationals headquartered within
the United States, at a time when the United States
has pushed through the biggest federal tax reform
in a generation. Whilst the DST is only expected to
find application until a long-term solution can be
found, many fear that such an interim measure could
potentially become a permanent fix, along with the
perceived issues which have been identified so far.
The developments broadly discussed above ought to
be carefully considered from a Malta perspective, given
the importance which digitalised business continue
to play within the economy. As the EU proposed
directives go through the different consultations and
discussions, along with the OECD’s report set to land
in 2020, the impact which these will have on Malta’s
competitiveness should be fully understood. This is
essential, especially with the increased importance
that the iGaming and IT sectors play within the
economy and considering further Malta’s recent
commitment in developing a regulatory framework
for the blockchain industry to flourish.
46 Summer 2018

Reminder:
Get your dream job.
Now.
For the past 30 years, MGI Malta has been delivering an
inclusive, specialised and friendly service to its clients in
the accountancy, assurance, tax, gaming and business
consulting fields.
Our strength lies in employing high-calibre human
resources who endorse our passion in providing excellent
service to our clients.
We are constantly looking for people who enjoy
working within a specialised team in a forward-looking
organisation servicing a diverse portfolio of mostly
foreign clients.
If you are a qualified or partly qualified accountant, this is
your time to fast forward your prospects. Our HR partner
will be more than happy to meet you in confidence to
explore a possible career at MGI Malta.
MGI Malta,
Central Business Centre,
Level 1, Suite 2,
Mdina Road,
Żebbuġ ZBG 9015, Malta.
Tel: +356 2180 2044 (4 lines)
Fax: +356 2167 5418
Email: info@mgimalta.com
www.mgimalta.com

INDIRECT TAX
DIGITALISATION IS HERE
An indirect Tax perspective
SAVIOUR BEZZINA
SAVIOUR BEZZINA IS A SENIOR
MANAGER RESPONSIBLE FOR
INDIRECT TAX MATTERS AT THE
EY MALTA OFFICE AND LECTURES
REGULARLY ON VAT AND INDIRECT
TAX MATTERS.
Digitalisation is disrupting the
conventional methods in which
business used to be conducted,
hence presenting new scenarios on
various indirect tax fronts mainly VAT and
equally/more important a new concept of
Digital Turnover Tax
VAT
As part of the Digital Single Market strategy a legislative
proposal was made to modernise and simplify VAT
for cross-border e-commerce which was adopted by
ECOFIN on 5 December 2017 in the form of:
• Council Directive (EU) 2017/2455 of 5 December
2017 amending Directive 2006/112/EC and
Directive 2009/132/EC as regards certain value
added tax obligations for supplies of services
and distance sales of goods
• Council Implementing Regulation (EU) 2017/2459
of 5 December 2017 amending Implementing
Regulation (EU) No 282/2011 laying down
implementing measures for Directive 2006/112/
EC on the common system of value added tax
The new rules will come into force in two stages.
First (2019), a much-requested threshold will
be introduced for the application of the existing
MOSS (Mini One Stop Shop) system for TBEs
(Telecommunications, broadcasting and electronic
services), as well as a simplification regarding the
evidence businesses need for determining the
location of their customers.
Two years later (2021), the (M)OSS system for VAT
reporting and payment will be extended to all types
of services (B2C) as well as to distance sales of goods.
The current import VAT exemption for low value
consignments will be removed (current Article 23
of Council Directive 2009/132/EC). New rules will
be introduced with regards to the VAT implications
of electronically facilitating certain types of distance
sales and the payment of import VAT.
The EU is also looking at the concept of a Single VAT
Area encompassing:
• the introduction of a definitive system for
taxation between Member states (shift from
origin to destination principle)
• proposals with regards to certain exemptions for
Intra Community Transactions
• the introduction of the concept of Certified
Taxable Person
Moreover, earlier this year the EU submitted
additional proposals with respect to more VAT Rates
flexibility and less red tape for small businesses
At a domestic level, online VAT services are
continuously being expanded to cover a wider
array of services. From a technical perspective, the
authorities are updating various guidelines with
respect to certain areas which are experiencing
continuous changes, whilst developing new guiding
principles regarding new industries currently being
developed in conjunction with all involved parties.
TAXATION OF DIGITALISED ACTIVITIES
On 21 March 2018, the European Commission issued
two proposals for new Directives regarding new ways
to tax digitalized forms of business activity.
The proposals focus on a two-phased approach:
• an interim solution - Digital Services Tax (DST –
3% turnover tax across all EU Member States -
will apply only until the SDP solution has been
implemented.)
• a long-term solution – New Corporate taxation
rules of a Significant Digital presence (SDP - new
concept/definition of digital PE (Permanent
Establishment) and revised profit attribution rules).
DIGITAL SERVICE TAX
It will tax revenues created from activities where
users play a major role in value creation (difficult to
capture with current tax rules) including:
• Selling online advertising space
• Digital intermediary activities which allow users
to interact with other users and which can
facilitate the sale of goods and services between
them
• The sale of data generated from user-provided
information SDP
For DST to apply the company must have total annual
worldwide revenues of €750 million (or more) AND
annual EU revenues of €50 million (or more). This
will help to ensure that smaller start-ups and scaleup
businesses remain unburdened. An estimated €5
48 Summer 2018

Is the most
transformative
perspective the
one you don’t have?
In this Transformative Age, the opportunities
that emerge from disruption are ready
to be seized.
ey.com/consulting #BetterQuestions
© 2018 EYGM Limited. All Rights Reserved. ED 0419.

INDIRECT TAX
With respect to profit attribution the view is that
the Authorized OECD approach (AOA), remains
the underlying principle for attributing profits to a
significant digital presence. However, it needs to be
adapted in a consistent manner, to reflect the way
value is created in digital activities.
The proposed rules lay down the general principles
for allocating profits to a significant digital presence
building on the current corporate tax rules which
look at the risks managed, the functions performed,
and the assets used by a permanent establishment
and the criteria for allocating profits.
billion in revenues a year could be generated for
Member States if the tax is applied at a rate of 3%.
It will be based on a system of self-declaration by
taxpayers. A One-Stop-Shop digital portal will be set
up to help companies comply allowing a member
state to identify the taxpayer, collect the tax and
allocating it to other member states as appropriate.
SIGNIFICANT DIGITAL PRESENCE
It defines Digital services as services which are
delivered over the internet or an electronic network
and the nature of which renders their supply
essentially automated, involving minimal human
intervention. They are also impossible to ensure in
the absence of information technology and identifies
two lists of specific services which are covered (or
not) by the said definition.
A company will be considered to have an SDP if one
of the following three criteria is met:
• It exceeds €7 million in annual revenues from
digital services in a member state
• It has more than 100,000 users who access its
digital services in a member state in a taxable year
• Over 3000 business contracts for digital services
are created between the company and business
users in a taxable year
It also includes additional tests in the profit allocation
process to reflect the fact that a significant part of
a digital business’ value, is created where users are
based and data is collected.
The proposal does not contain information
regarding tax rates applicable under the SDP, with
the indications being that member states would
apply their national corporate income tax rules with
respect to the profits attributable to a digital PE in
their jurisdiction.
Both DST and SDP proposals will require unanimity
in order to be implemented via new Directives with
the Commission, hoping for final adoption by 31
December 2019, and transposition into national law
on 1 January 2020.
All this is shaping up in a very dynamic indirect tax
environment, wherein some major changes might
be in store in the near future for operators acting
in the digital business sphere. Such a sector is fast
developing into one of the main pillars of the local
economy. Hence the importance that both operators
and authorities are continuously up to speed with
respect to such changes and their wide-ranging
implications, with a view to be well prepared, take
timely and appropriate decisions, and collaborate
together in the interest of all involved parties.
50 Summer 2018

INTERNATIONAL PUBLIC SECTOR ACCOUNTING STANDARDS
The Relevance of IPSAS and the IPSASB
Conceptual Framework for Malta
The article is based on a dissertation presented in partial fulfillment of the Master
in Accountancy degree programme at the University of Malta. The study focused
on the relevance of the IPSASB (International Public Sector Accounting Standards
Board) Conceptual Framework for the changeover to accrual accounting in the
public sector. Findings were collected through interviews performed with local
Maltese experts and academics.
KARL CACHIA
KARL CACHIA IS A CERTIFIED
PUBLIC ACCOUNTANT AND IS A
VISITING LECTURER WITHIN THE
ACCOUNTANCY DEPARTMENT AT
THE UNIVERSITY OF MALTA.
MARIA GRECH
MARIA GRECH STUDIED FOR HER
BACHELOR OF COMMERCE AT
THE UNIVERSITY OF MALTA AND
MAJORED IN ACCOUNTANCY
AND BANKING AND FINANCE.
SHE SUCCESSFULLY COMPLETED
HER MASTER IN ACCOUNTANCY
AND CURRENTLY WORKS AS
AN ASSISTANT MANAGER AT
SHELTONS MALTA.
A BRIEF HISTORY OF THE ACCOUNTING REFORM
IN THE PUBLIC SECTOR
The Government of Malta is currently undertaking a very
important accounting reform. The central government
will start reporting its accounts using the accrual basis,
replacing the long-outdated cash accounting basis.
Cash accounting for central government emerged from
the Departmental Accounting System (DAS) introduced
in 1996.
The financial reporting duties of the Government
increased substantially with Malta’s membership in
the European Union and the Eurozone. In 2012 it
was decided to start the International Public Sector
Accounting Standards (IPSAS) project, where the IPSAS
Committee was established locally. In that same year, the
Financial Policy and Management Directorate under the
Ministry for Finance, organised a seminar to introduce
IPSAS and identify the way forward for Malta to adopt
and implement the accounting standards.
Meanwhile the EU was moving towards a state of
harmonisation. The European bloc decided not to
implement IPSAS and instead develop its own set of
standards – the European Public Sector Accounting
Standards (EPSAS). In 2013, the Treasury commissioned
the CIPFA (Chartered Institute of Public Finance and
Accountancy) which performed a ‘gap analysis’ on the
transition from cash to accrual accounting. The analysis
concluded that full accrual accounting and reporting
principles were needed since the Government was using
solely cash accounting principles. Since the EPSAS project
was still in progress, CIPFA also recommended to use
IPSAS as a basis for the new accounting system locally and
to later adapt the system to the requirements mandated
by EPSAS, once the standards were finalised.
In the wake of this report, the Ministry for Finance set
up the IPSAS Project Board and the IPSAS Project Team in
2014. Currently, IPSAS are in the process of being adapted
in the local context. Each IPSAS is being assessed in terms
of its impact on government procedures, reporting and
legislation. Once the assessments are concluded and
guidelines are developed, the IPSAS have to be approved
by the IPSAS Project Board.
In July 2017 a contract was entered into by the Ministry
for Finance, that commenced the change of the
financial operations of Central Government, effectively
introducing accrual accounting based on IPSAS as
adopted by the Maltese Government. The project is
planned to have three implementation phases, with the
first phase planned to be finished by January 2019.
THE IPASAB CONCEPTUAL FRAMEWORK
The IPASAB conceptual framework is predominantly based
on the IASB (International Accounting Standards Board)
framework. One of the questions posed to interviewees
was, whether this was ideal since the IASB framework
was predominantly designed for the private sector. It
transpired that for the most part, the amendments to
the IASB framework that resulted in the codification of
the IPASAB framework, are enough to cater for the public
sector’s needs. The only issue identified by respondents
was that the IPASAB framework does not conceptualise
‘stewardship’ in the context of the public sector. While
the concept of ‘accountability’ applies to any entity,
‘stewardship’ is particularly relevant to the public sector.
Having said that, the IPSASB Conceptual Framework was
deemed applicable and was in fact adopted in toto by
the Government.
Interviewees pointed out that accrual accounting is the
way forward for Malta, and it was due time for this reform
to finally take shape. With accrual accounting, a more
inclusive set of financial information will be presented.
It was also highlighted that the IPSASB Conceptual
Framework is relevant to the changeover and is being
referred to when adapting the IPSAS standards to the
local context. The framework acts as a sounding board to
the adaptation of IPSAS to the local scenario.
WHAT ARE THE ALTERNATIVES?
When it comes to the accrual changeover, there are
other routes that the Government could have taken.
International Financial Reporting Standards (IFRS) could
have been implemented and adopted specifically for
the Maltese public sector needs. However, IFRS are
predominantly based on private sector organisational
52 Summer 2018

INTERNATIONAL PUBLIC SECTOR ACCOUNTING STANDARDS
Public Sector
Financial Reporting Transparency
Communication
IPSAS
Financial Management
Good Goverment
Accountability
International Standards
and accountability characteristics. Adapting IFRS to the
local public sector would have therefore required much
more effort and resources.
Another option would have been to develop local
reporting standards which would have catered for
issues unique to the public sector in Malta. This option
would also have required a lot of resources, not to
mention that the changeover has been long overdue
and the development of a new set of standards would
have delayed the changeover even further.
Malta’s approach was seen by respondents as a natural
application of what was already available off the shelf,
adapted to the local context: IPSAS as adopted by the
Maltese Government. In this way, the limited resources
will be used for adapting what is already available and
internationally recognised to the local scenario. The
IPSAS Project Team is analysing each individual IPSAS
to apply it to the local context. Guidelines specific to
Malta will also be issued.
Since IPSAS originated from private sector standards,
they will require the same level of technical knowhow
from its users, particularly preparers of financial reports.
There should be more focus on training public sector
employees and on engaging qualified accountants to
maintain the new reporting system.
The adoption of IPASAB framework and IPSAS is
the starting point of the Government’s move to
accrual accounting. The Government can re-visit the
implementation of IPSAS after a few years, whilst
assessing the implications surrounding the eventual
development of EPSAS.
DR KEITH CILIA DEBONO
DR KEITH CILIA DEBONO IS A
CONSULTANT AT MITA, WITH
OVER 25 YEARS OF STRATEGY
SPECIALISATION IN VARIOUS
FIELDS OF NATIONAL INTEREST.
CYBERSECURITY IN THE AGE
OF DIGITALISATION
Synopsis: Digitilisation has brought about fundamental changes in global society
and the economy. Whilst ushering progress it has also brought about threats and
vulnerabilities that challenge cyber security and thus, overall stability. In the process,
cyber security cannot adopt a traditional ‘fortressed city’ approach but calls for
innovative measures that muster in strategic, legal, technical as well as behavioural
energies for effectiveness.
Digitilisation has permeated all spheres of society;
including politics and economics, as well as science
and culture. It has changed the way people live and
interact in their day to day lives. Technologies such
as the cloud, big data analytics, mobile computing,
the blockchain, Internet of Things (IoT) and Artificial
Intelligence (AI) are transforming the way of how
organisations manage their day to day business,
from decision making to customer service. They
have extended beyond the confines of traditional
ICT systems and functions, such as through their
access to sensitive data and in their conduct of
decentralised activities which may be critical in their
own right. Thus, digitalisation knows no personal,
functional, organisational and even national bounds;
creating in effect new challenges including those of
privacy and security. The resulting paradox is that
whilst society is more efficient as digitalisation
progresses, it is increasingly more fragile and
vulnerable to cyber related attacks.
Data breaches are increasingly one main
consequence of cyber-attacks, especially in business
domains that handle sensitive data, such as medical
and financial institutions. They may be a result of
social engineering methods which maliciously trick
users to provide unauthorised access or data; loss or
theft of mobile devices or media carrying sensitive
data; insider accidents by employees who may
mistakenly provide access to sensitive information
or lack of cybersecurity preparedness by business
partners.
54 Summer 2018

theaccountant.org.mt
55

CYBERSECURITY
Worst of all, especially due to their least expectation,
although viewed as one of the most common cyber
related data breaches, are insider frauds within
organisations by the employees themselves or insider
snooping whereby sensitive data is accessed by
unauthorised employees.
Additionally, traditional ICT systems are increasingly
coexisting with user-managed devices such as BYOD
(Bring your own device) and with a vast number of
other data management systems. Their deployment in
potentially vulnerable environments such as hospitals
and power generation plants, compound their risk to
human welfare through cyber-attacks. Similarly, the
disruption of one single market entity through a cyberattack
may carry risks across multiple countries and
financial infrastructures, damaging trust in banking
and payment services, thus leading to damage in the
smooth functioning of society.
Within the EU, the latest legal initiatives are one means
of assisting in countering the new digital security threats
in the long run. Whilst the General Data Protection
Regulation (GDPR) aims to protect EU citizens
personal data, the Network and Information Systems
Directive aims to assist in protecting critical European
infrastructure. They are good and necessary initiatives
that will have a favourable impact on EU Member States
data protection capabilities and cyber resilience over
the coming years.
occurs in the most secure and holistic manner. This
involves technology as well as strategy, processes and
ultimately people themselves.
Indeed, cyber security requires strategy and
prioritisation. Digital transformation projects may
look attractive at a business case level viewing them
from their characteristics of change, ability, speed,
connectivity and customer experience. Security is
however often seen as a stumbling block. It is true that
security is not always an easy feat and unfortunately
the relationship between security and emerging
technologies is not always a great one. Rather than
looking solely at the return on investments made in
such technologies, it would therefore be best to factor
in at the onset potential losses should there be a failure
to properly assess and protect those areas which need
securing. Cyber security cannot be an afterthought.
Cyber security professionals thus need to be involved at
the onset of any digitalisation projects.
However, digitalisation has arrived with a tempo that
few had envisaged, bringing new threats and leaving
significant gaps in cyber security awareness and
behaviour. Whilst predictions on where technology
is heading are relatively good, it cannot be said of
its social implications. Thus, cyber security cannot
be obtained through legislation alone but requires
intense, coordinated and continuous understanding
and involvement of the entire digital value chain
from citizens, digital suppliers, organisations, law
enforcement entities and governments. Apart from
the technical perspective, the need to understand and
tackle such a challenge from a behavioural science point
of view is thus crucial.
Attackers on cyber space after all, wield a huge
advantage over its defenders. They need to focus
and exploit one vulnerability to be able to obtain
results. Organisations, on the other hand need to
ensure that a myriad of cyber security challenges are
addressed and that the ever-increasing connectivity
Within the context of digitalisation, cyber security
beginning at the level of a mobile user and working
all the way up to system wide vulnerabilities is
increasingly a must. The role of information and data,
which plays a critical role in all of this, is not to be
undervalued. It is therefore necessary for all systems
and technologies involved to be categorised in terms
of their criticality, especially if they handle or manage
sensitive data or operations. Using an analogy of a
walled city, traditionally, security defences around
the traditional ICT systems would have provided
adequate protection to the ‘crown jewels’. However,
such an approach no longer holds. Cyber security
needs to be taken care of beyond the perimeter of the
traditional ICT systems or IT functions given that other
interconnected peripheral devices and/or systems
are also likely to manage critical or sensitive data or
56 Summer 2018

CYBERSECURITY
operations. Thus, rather than the notion of a walled
citadel, the approach would more appropriately be
that of an open city having a number of critical sites
that are adequately protected. Ultimately cyberattacks
focus on the weaker parts of an attack surface!
Moreover, building cyber security defences and having
alarm and monitoring mechanisms are not enough.
They need to be tested on a regular basis and measures
taken to ensure improvements in case of any noted
vulnerabilities. Technology can be an enabler of an
integrated and holistic approach. In the assessment
and procurement of tools and/or services it needs
to be ensured that cyber security is considered as
one of the key requirements, and that it is included
to the maximum extent possible in the design of the
technologies under evaluation. Given the proliferation
of ICT in various new technologies, their evaluation
may necessitate involvement not solely of ICT expertise
but also in collaboration with other specialist technical
should be an overall management challenge requiring a
holistic, risk management perspective. An organisation’s
top management must not simply give lip service to cyber
security. It needs to support and more so, follow and
be seen to follow, good security practices themselves.
Reporting structures between top security personnel and
an organisation’s top management need to be directly
linked. From a skills viewpoint, whilst ICT professionals
need to be aware of the specifics of various devices in
use, other personnel need to be trained in the essentials
of ICT security.
In essence, for digitalisation to succeed, changing the
thinking, strategy and maturity regarding cybersecurity
is a must. It calls for a holistic approach to cyber
security, governance and organisation so as to ensure
better preparedness on all fronts in an ever-widening
cyber security picture.
Ultimately, cybersecurity should therefore become
a collective responsibility and cyber awareness and
computer hygiene should become an integral part of
digital education and literacy programmes for individuals
and organisations alike. Basic computer hygiene such as
keeping software updated, having endpoint protection,
backing up and encrypting sensitive data are a good initial
base towards the formation of a cyber security culture
needed to complement the progress in digitilisation.
Let no one be deluded and be lulled into a false sense
of cyber security. The rate of cyber related threats in this
era of digitalisation is real and is increasing. Cyber security
must therefore be seriously reckoned with and be dealt
with in a responsible, and comprehensive manner!
expertise, depending upon the tool/service being
assessed. Additionally, the selection of tools or services
purely for cyber security purposes (such as for a Security
Operations Centre) calls for an architectural vision
rather than just a mere evaluation of a single product in
the traditional best-of-breed approach.
In all this, the way new technologies are evaluated,
implemented and run, may call for the need of updated
or new security related processes and methodologies
as guidelines.
Cyber resilience calls for not only having the right
infrastructure but also a clear and strong direction from
top management on preparedness, awareness and
mitigation as well as investment in enhanced awareness,
smart policies and effective governance. Cybersecurity
REFERENCES
MIT Technology Review Insights, Cybersecurity in the Age
of Digital Transformation , January 23, 2017 [Accessed on
19/7/2018 https://www.technologyreview.com/s/603426/
cybersecurity-in-the-age-of-digital-transformation/
Cyber security: security risks and solutions in the digital
transformation age [accessed on 13/6/2018 https://www.iscoop.eu/cyber-security-cyber-risks-dx/
Laine , T. (2018) , Digitalisation poses new security
challenges for payment systems, Bank of Finland Bullettin,
May 23 ,2018
Minsky, L., DiSanti, B. and Carson, J. (2017) , When it comes
to Cyber Security, A step ahead is a step out of harm’s way,
The European Business Review, November 10, 2017
Pupillo, L (2018), EU Cybersecurity and the paradox of
Progress, CEPS Policy Insight No. 2018-06/February 2018
Theede R (2018) Cybercrime in the Digital Age [Accessed
on 15/6/2018 http://www.global-engage.com/life-science/
cyber-crime-in-the-digital-age]
Healthcare security – Three Paradoxes and the need for a
Paradigm Shift, Feature, ISACA Journal Vol 3, 2018
theaccountant.org.mt
57

IT AUDIT
An IT Audit
Approach to Digital
JOSEPH P. GALEA
JOSEPH P. GALEA, DIRECTOR, EY.
MICHAEL AZZOPARDI
MICHAEL AZZOPARDI, SENIOR
MANAGER, EY. MICHAEL IS
ALSO A MEMBER OF THE MIA
DIGITALISATION COMMITTEE
Information Technology is becoming more of
great significance centric to the operations
of public sector and companies. In the age of
digital transformation, organisations are further
digitizing their processes, executing them with the
support of IT systems. They are relying extensively on
data and connecting with customers, partners and
suppliers. Compliance to laws and regulations, which
if not adhered to could have serious reputational and
financial repercussions, depend even more on the
appropriate state of IT systems and practices. The
mandates of the audit committee need to include
cybersecurity, data protection and IT operations.
Many organisations are undertaking significant
programs to deliver digital changes to their business
environment, including changes to the consumerfacing
elements and IT functions. These digital
transformations are often critical to the ongoing
success of the organisation. Companies need to
ensure appropriate risk management of these
transformations to assist in ensuring their success.
The challenge for IT Audit is significant in the digital
world, and so is the payoff. Various transformations
need to be considered by the IT audit function in
order to keep pace with a volatile risk landscape. The
key challenges for the IT audit function include:
• The need to deliver a flexible and dynamic
audit plan. Risks in a digital world are continuing
to emerge and evolve sometimes rapidly. IT Audit
functions need to be prepared to adapt their plans
more regularly than they traditionally would.
• The need to understand the impact of the
digital movement across the business
and its maturity. As many organisations begin
to move towards a digital customer-centric
business model and adapt business models to
more digital ways of working, IT Audit functions
need to understand the impact and changes.
• When undertaking risks assessments, IT
Audit functions need to ensure that they
look at IT and external changes that
could impact risks within the business.
This is even more important with the potential
rapid emergence and evolution of risks and the
adoption of new technology across the business.
• IT Audit functions must ensure that they
have access to sufficient skill sets to
audit emerging risk areas e.g. cyber risk
and cloud computing. To robustly audit
these emerging areas, support from specialist
providers could be required or employing
relevant in-house skills.
With organisations having to adapt their ways of
working to more Digital methods, many changes
are beginning to occur. The technology landscape
has become more complex and there are more
touchpoints that need to be monitored especially
when it comes to Social Media and Cloud Computing.
• Social media continues to be recognised
as a source of risk going forward, which will
only be further stressed by the progress of
digitalisation. In this context, social media refers
to websites and applications that enable users
to create and share content or to participate
in social networking. This is an element many
organisations’ IT Audit functions are starting to
include in their risk universes and audit plans
as the organisation interacts more externally
through such channels.
• Cloud computing refers to a model for
provision of information technology services in
which resources are in a third-party environment,
which is not owned or even managed by the
consuming organisation. This provides an elastic
environment where resources are consumed
and billed based on demand. Services offered
58 Summer 2018

IT AUDIT
• by vendors may include shared infrastructure
environment (Infrastructure-as-a-Service),
software platforms (Platform-as-a-Service) or
even complete software services (Software-as-a-
Service). Usually a contract is entered into by the
two parties defining the nature of service, fees,
security-arrangements for data, and monitoring
processes to ensure contract compliance.
As digitalisation embeds across various sectors and
exposes organisations to considerable risk, companies
should look to ensure that digital risks are being
managed appropriately across the business and that
appropriate response plans are designed. This relies
on appropriate Governance and Risk & Compliance
across the lines of defence. A number of companies
are adapting by opting for more integrated risk
management approach or “converging to eGRC”.
Software tools are available on the market that allow
for a more integrated view of IT governance, policy
management, risk management, audit management,
compliance management, and incident management.
These platforms allow for a more systematic approach
to managing the information necessary to fulfil the
audit function.
In addition to GRC tools, the IT Audit function may
leverage the same Digital methods and technological
capabilities like Data Analytics and Robotic Process
Automation.
• Data Analytics solutions are being integrated
within the IT Audit department by the
development of tools, that allow the function
to have a data driven approach, to get insight
into the systems, processes and data of the
organization. The latest platforms allow for the
creation of “self-service tools” that give the IT
auditors the ability to further incorporate data
analytics within their programs and get insight
through analysing data in real time.
• IT Audit functions should consider implementing
robotic solutions that will perform the control
testing by automating population extraction,
sample selection and completing the testing
template for the specific control. Robotic Process
Automation solutions can be used by IT Audit
functions to develop automated controls testing
(e.g. IT General Controls & SOX testing), in order to
perform testing of certain routine and repetitive
controls making the process more reliable and
depending less on human intervention for
collection of data points. Another potential area
of consideration for the use of robotics is to
format and upload data into the analytics tool
such as in the case of journal testing.
IT Audit functions should take on a more advisory role
across the business, providing guidance on methods
and controls across the business functions, for
example in system development or change projects.
They need to be actively involved and have a seat at
the table.
Ultimately the focus of the IT Audit becomes more
critical in a world dominated by Cybersecurity and Data
Protection risks. As organization increase their level of
digitalisation, the scope and complexity of cybersecurity
and data protection compliance increases.
• The risks from cyber-attacks continue to be
front of mind as media coverage of cyber
attacks makes the headlines. The actual and
perceived threat increases as the perimeters
and boundaries are merged as the digitalisation
of business accelerates. Organisations should be
considering not only their own cyber risks, but
also those of their wider ecosystem of suppliers,
service providers and partners.
• Organization collect, access, process, and
store confidential customer information.
The amount of data collected to remain
competitive is astronomical and growing as a
result of the increased engagement of customers
through various digital channels. With more
stringent regulations and heftier fines brought
about by GDPR, organizations must ensure that
their IT systems and processes can meet the
requirements. IT Auditors should assess data
protection requirements and procedures to
securely store and access data.
The governance and operating models of
organisations will continue to be redefined, setting
up the approach to be taken, and tailoring the
company’s internal control framework, risk appetite
and risk management systems to manage the
demands of operating in a digital world. IT Audit will
need to consider all of the above mentioned factors
including the use of GRC solutions, data analytics
and RPA solutions to successfully manage the ever
increasing complexity of the IT environment. Finally,
an IT Audit function that successfully adapts to
today’s rapidly changing world will become a trusted
advisor to an organisation poised for growth.
60 Summer 2018

Real Estate Developer Suite
Loans to Finance Your Projects
FIMBank provides financing solutions to established developers at competitive
market terms and pricing. We can assist you every step of the way, providing the
assurance of having the financial backing to start and finish your project.
Please contact us to discuss your project
2132 2100 realestate@fimbank.com www.fimbank.com
FIMBank p.l.c., Mercury Tower, The Exchange Financial & Business Centre, Elia Zammit Street, St. Julian’s STJ 3155
FIMBank p.l.c. is a licensed credit institution regulated by the Malta Financial Services Authority and is listed on the Malta Stock Exchange.

BLOCKCHAIN
BLOCKCHAIN TECHNOLOGY AND TRIPLE ENTRY
A game changer in accounting
DR JOSHUA ELLUL
DR JOSHUA ELLUL JOINED THE
DEPARTMENT OF COMPUTER
SCIENCE AT THE UNIVERSITY
OF MALTA AS A LECTURER
AFTER HAVING WORKED ON R&D
PROJECTS AT IBM RESEARCH
ZURICH AND IMPERIAL COLLEGE
LONDON.
NATHANIEL BORG
B
lockchain, one type of
Distributed Ledger Technology
(DLT), is being touted as a game
changer that will provide verifiable
trust amongst decentralised peers for
myriads of applications from healthcare
to energy grids, to registries and digital
rights management. Blockchain and DLTs
will also disrupt and provide new ways
of undertaking business related tasks,
including but not limited to transparent
voting mechanisms for boards and
automating internal business processes.
One such business process that could
greatly benefit from such a system is
accounting. In this article we will first
introduce what Blockchain, DLTs and
smart contracts are and then highlight
how blockchain technology could
revolutionise the accounting practice.
Consider how services have been offered since as
long as we can go back. Service providers such as
banks act as middlemen enabling clients to make
use of their services -- but require that their clients
have trust in them. This is a perfectly acceptable
requirement for many services. After all, if you do not
trust the service provider to undertake the respective
service, then you would have to perform the service
yourself. Say you would like to transfer money to a
friend. You would need to first trust the bank with
your money and thereafter send the bank instructions
to undertake the transfer of funds as required
and trust that the bank will perform the transfer.
However, you may not want to reveal the details of
your transactions to a third party -- and rightly so
banks do not allow for transactions to take place
when sufficient information is not provided, in effort
to minimise money laundering, funding terrorism
and other fraudulent activities. Decentralisation is
useful not only because one might not want to reveal
information or trust the central authority in question,
however is also useful due to its massively redundant
mechanism -- each node in the network will have a
copy of the data. Consider what would happen if a
certificate registry was destroyed (and associated
data servers) -- no one would be able to prove their
education, marriage status, etc. Besides redundancy
decentralisation provides more transparency to users
which will help build more social trust in the system
-- so many service providers are moving towards
decentralised solutions to build more trust with their
clientele. Building a decentralised ledger though is no
easy task.
Blockchain achieves this by allowing for each peer in
the network to have a full view of the decentralised
ledger -- in which any peer in the network can add
transactions and transfer funds from their account
(and not from other accounts). Since any peer in the
network can alter the distributed ledger (in respect
to the resources they have access to), there needs
to be a means of ensuring the validity and integrity
of the ledger such that no one can tamper with
the data. This is achieved using cryptography and a
consensus mechanism (of which often takes the form
of a proof-of-work mechanism).
A Blockchain implementation was first proposed for
use in Bitcoin. However, blockchain systems have
since evolved to provide not only a decentralised
ledger, but also a verifiable and decentralised means
of executing digital processes by providing a smart
contract or dApp (distributed application) on top
62 Summer 2018

BLOCKCHAIN
of a DLT. Smart contracts enable for the automatic
execution of code that is guaranteed to do what the
original uploaded smart contract was coded to do --
this therefore can be used as a means of enforcing
and automating obligations of various parties that
have entered into an agreement.
HOW CAN BLOCKCHAIN
BE USED WITHIN THE
ACCOUNTING WORLD?
The hype surrounding Bitcoin resulted in many
attempts to replicate its success. Which followed
with a surge of Altcoins (alternative coins to Bitcoin
and the major cryptocurrencies) introduced to the
crypto market last year. Thereafter, focus shifted to
applying the technology in banking institutions and
also to registry keeping.
A more recently emerging Blockchain application
is that of Triple Entry. This concept challenges the
fundamental assumptions of the double entry
system, which has been relied upon for hundreds
of years ever since it was developed by merchants
in Venice in the 1400s to enable a more effective
and efficient trade system. Before this period,
trade was limited to a few merchants and single
entry accounting -- a list of who owes the trader
what without providing additional information to
the merchant.
since business bookkeeping is done independently of
other businesses with which the company trades.
Analysing the double entries involved in Business
to Business (B2B) transactions, one can note a
similar pattern throughout the transactions. The
separate double entries recorded in the books of two
individual businesses are mirror image to each other.
The revenue of one company is to be considered as
the expense of the other company. Similarly, what
is to be considered as a payable for one company
is to be considered as a receivable for the other
company. For this process to perform, each company
requires its own accountant. One accountant would
record the transaction in the books of his employer
and similarly, the other accountant would record
the transaction in the books of his employer. Two
accountants recording the two sides of the coin
albeit being identical.
B2B transactions recorded on the blockchain using triple
entry implies that once a transaction is recorded on the
blockchain by one of the two accountants, the other
party can extract the particular double entry, review it,
and have it recorded automatically in its books in the
classical double entry bookkeeping system.
The future of bookkeeping could be potentially
revolutionized. Blockchain accounting can potentially
halve the double entry transactions recorded.
Accountants can now start focusing on more valueadded
roles within the profession. Rather than
looking at the past to record the transactions,
accountants can help businesses grow and improve.
Gone are the reconciliation days.
The double entry mechanism effectively manages to
capture all the transaction details required to balance
the books of any business and provide a complete
picture of all the assets, liabilities and income
generated at any particular point in time. However,
its application is limited to just one business at a time
Distributed ledger attributes, enhanced with the
immutability characteristics often associated with
blockchain technology, provides for a common ground
amongst businesses as there is no reliance on any
centralised data server. Blockchain technology when
applied to accounting manages to provide credibility
and trust in real time and replicates in essence part
of the trust provided when financial statements are
audited a couple of months after year end. To top
it all, recording the transactions on the blockchain
will not require any specialised programming skill.
Companies (such as The Accounting Blockchain)
are already investigating and providing easy to
use software capable of integrating with various
accounting applications that enable accountants to
record the transactions on a blockchain.
theaccountant.org.mt
63

We are recruiting!
join our team
The Malta Institute of Accountants
is now hiring a
Technical Stategy Manager
Technical Officer
Kindly submit your Covering Letter and C.V. to hr@miamalta.org

Automate your consolidation process with
Dynamics 365 for Finance & Operations
Dynamics 365 for Finance and Operations has the right
solution for your consolidation needs.
Share general ledger data making it easier to maintain and
consolidate companies whilst each company can share
consolidation configuration or have its own configuration
Gather the financial results of subsidiary companies into a
designated consolidation company and preserve the
subsidiary-level financial dimensions
Consolidate subsidiaries with different functional
currencies, and present the results in a different
presentational currency
Set-up elimination rules for inter-company
transactions and balances, and produce group results
when required
Delete and re-run a consolidation, and reverse and repost
elimination journals as required
D3650 is IFRS compliant.
For more information about how D365
can work for your business, contact us
on KCW-MTExec@kpmg.com for a free
consultation session.
www.kpmgcrimsonwing.com
© 2018 KPMG Crimsonwing (Malta) Limited is a subsidiary of KPMG Investments Malta Ltd, a subsidiary of KPMG LLP, a UK limited
liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International
Cooperative, a Swiss entity. All rights reserved. Printed in Malta.
The KPMG name and logo are registered trademarks or trademarks of KPMG International Cooperative.

MIA SOCIAL LEARNING & MORE
Anti-Money Laundering Conference 20th February 2018
AML Compliance isn’t just a regulatory issue, but it’s a national concern
iChoose Careers Fair 21st & 28th July
This initiative reflects MIA’s ultimate aim to assist and inspire the
future generation in taking informed decisions as well as elevating the
profession as a satisfying and gainful career choice
SME Forum 25th May 2018
SMEs are crucial to the health, stability, and sustainable economic
growth of both developed and developing economies.
President’s Visits
The MIA’s commitment to keep close to its members.
Mr William Spiteri Bailey started a series of visits to
different firms and organisations reflecting the wide
remits of the profession.
Women’s day Conference 9th March 2018
Inspire to Achieve
66 Summer 2018

Good company matters
Good companies thrive in good company. They inspire
each other. Together they overcome challenges,
and develop opportunities. Deloitte’s global alliances
connect you to a world-leading source of deep
insight, fresh thinking and innovative solutions.
Find deep connections at:
HeartOfWhatMatters.Deloitte
www.deloitte.com/mt
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member Firms, and their related entities. DTTL and each of its member Firms are legally separate and independent
entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member Firms. © 2017. For information, contact Deloitte Touche Tohmatsu Limited.

Digital services
From concept to reality
As Artificial Intelligence and the Internet of Things move from concept to reality, today’s
businesses face multiple challenges and exciting opportunities.
To find out how we could work with you visit www.pwc.com/mt
Data
Analytics
Cyber
Security
Cloud
Services
Artificial Intelligence
Blockchain
IT
Audits
Managed
Services
Internet of
Things
Follow us on:
© 2018 PricewaterhouseCoopers. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.