Are you looking for expert insights, timely updates, and valuable resources? Subscribe to our newsletter today!

Global site
Africa
Americas
Asia Pacific
Europe
Middle East

Services

Financial statements audits
Financial statements audits
Financial statement reviews
Financial statement reviews
Financial statements compilations
Financial statements compilations
IFRS
IFRS
Audit quality monitoring
Audit quality monitoring
Global audit technology
Global audit technology
Systems and risk assurance
Systems and risk assurance

If you are in the process of expanding, diversifying or re-engineering your business, our advisory team can help you make better decisions. The combination of...

See Overview

General business consulting
General business consulting
Market research
Market research
Sustainability
Sustainability is indeed a broad concept. Aside from mitigating the environmental changes caused by the interaction of the industrial world and society with nature, social and governance matters are subjected to increased public and government scrutiny, calling for the promotion of a sustainable performance agenda.
Business planning and performance improvement
Business planning and performance improvement
Change and program management
Change and program management
Business intelligence and analytics
Business intelligence and analytics
Business valuation and litigation support
Business valuation and litigation support
Business process outsourcing and consulting
Business process outsourcing and consulting
Family business consulting
Our business solutions for family businesses center on alignment of all aspects of the family and business, including culture, vision, mission, values, governance, ownership, leadership, communication and policy development.
Quantitative small caps
Grant Thornton has a wide professional network with a vast array of technical skills that is coupled with a drive to understand the business problem; we can set up the most efficient financial risk management structure that fits your underlying business structure and your risk appetite.
Data analytics
Data analytics is the process through which businesses leverage data to gain actionable insights and enhance their performance. This is based on a solid foundation of well-organised and accurate data. Many businesses have a large amount of data at their disposal however, most of them do not have the expertise to analyse the available data.
Grants and Funding
At Grant Thornton, we specialise in providing comprehensive assistance to navigate the complex landscape of National and European Union (EU) funding. Our team of experts are dedicated to assisting you to access the financial resources you require to turn your vision into reality.

Business Process Solutions

See Overview

Bookkeeping & financial accounting
Bookkeeping & financial accounting
Payroll and personnel administration
Payroll and personnel administration
Direct and Indirect tax compliance
Tax compliance within outsourcing
Compilation of financial statements
Compilation of financial statements
Business process outsourcing
Business process outsourcing including back office and secretarial
Family business consulting
Family business consulting
Startups
Startups
Company formation
Company formation
BOR
Entities in Malta, including companies, partnerships, foundations, trusts and associations, have an obligation to disclose the ultimate beneficial owner/s (physical person) of the entities. A beneficial owner is defined as the individual (s) who ultimately owns or controls a legal entity or arrangement through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that entity.

Business Risk Services

See Overview

Internal audit
Internal audit
Risk management and internal controls consulting
Risk management and internal controls consulting
Governance and risk management
Governance and risk management
Regulatory services
Regulatory services
Risk modelling services
Risk modelling services
Forensic and investigation
Forensic and investigation
Compliance audit
A compliance audit is a detailed review which focuses on whether an organisation is in conformity with statutory laws as well as internal rules and decisions. This type of audit also assesses the effectiveness of an organization’s internal controls by identifying weaknesses in compliance processes whilst finding measures to enhance such processes.

Citizenship

With its balmy Mediterranean climate and favourable business environment, Malta is the ideal place to relocate your family and/or your business.

See Overview

Citizenship by naturalisation
The Maltese Citizenship Act (Cap 188) establishes who may become a citizen of Malta by naturalisation, provided that the applicant satisfies the relative provisions.
Citizenship for Exceptional Services by Direct Investment
With the continuously changing global dynamics and evolving geopolitics, there is an ever-growing number of highly-talented high-net-worth individuals who are willing to invest and relocate to give themselves and their family members the chance to broaden their horizons and become part of a welcoming community.
Grant of Citizenship for Exceptional Services
Malta has enacted legislation which extends to individuals providing excellent or manifestly superior contributions in the fields of science, research, sports, arts and culture as well as people of exceptional interest to the Republic of Malta, the right to become Maltese citizens.
Acquisition of citizenship by registration
The Maltese Citizenship Act (Cap 188) establishes who can register as a citizens of Malta. The Act was amended on 1st August 2007, this making it possible for second and subsequent generations born abroad to acquire Maltese citizenship by registration.

Family businesses

Our business solutions for family businesses center on alignment of all aspects of the family and business, including culture, vision, mission, values,...

See Overview

Maltese Family Businesses Resource Centre
For over 30 years Grant Thornton’s advisory teams have assisted family businesses in navigating the challenges of leadership and succession across generations
Grooming
Preparing the next generation for leadership and ownership is an integral part of any succession process. Grant Thornton can help formulate the necessary grooming plan for all the potential successors.
Tax services
Using a combination of reason and instinct, we can work with clients to develop a strategy that helps them understand and manage their tax liability in a transparent and ethical way.
Access to finance
Like all companies, family businesses need finance. As an ongoing business concern looking at expanding, when it comes to raising capital, it’s important that this is done wisely to minimise the risk of collateral damage.
Governance
Having a proper governance structure is essential to ensure that the family and business strategies are achieved. Grant Thornton can advise on this, and facilitate the implementation of the ideal governance structure based on the exact scenario.
Ownership succession
Letting go of your family business is difficult for all owners and even more so for founders; however, in a family business the additional challenge presented by the family component increases the complexity of this process. Our team of family business advisors will ensure that such ownership issues are dealt with in an effective and structured approach.
Exit strategies
There are many 'exit strategies' that need to be considered to minimise the risk of conflict. They can arise from the eventual exit of a family member from the ownership ranks and can have many causes. See how we can help.
Management succession
By implementing our family business guidelines to family succession and a proper governance structure, the management succession process can be completed with minimal conflict and will result in the most competent successor being chosen.

Information Technology

Grant Thornton's technology solutions team provide a vast range of process, technology and organisational needs across finance, supply chain and HR functions.

See Overview

DORA Consultancy
Firms within the financial sector face a critical imperative to fortify their operational resilience in the digital sphere, particularly with the advent of the Digital Operational Resilience Act (DORA), set to take effect by January 2025.
Cyber security Consultancy
Whether you are a multinational corporation, a small business, or an individual, the digital realm holds equal importance for us all.
IT business consultancy
IT business consultancy serves as a crucial bridge between technical solutions and strategic business objectives. Through comprehensive analysis, we identify opportunities for efficiency and innovation, providing actionable recommendations to enhance processes and maximise ROI.
Technology Implementation & Project Management
Efficiently implementing new technologies or upgrading existing systems demands meticulous planning, strategic execution, and seamless integration. GT serves as a guiding force, steering businesses through complexities and facilitating a structured approach to technology adoption.
IT Audit and Assurance
Information systems strengthens an organisation’s financial and operational processes. Grant Thornton Malta strengthens your organisation’s need for IT and information assurance.
Case Studies
Digital transformation has transitioned from being an option to a necessity. The race is on... The question is, are you ready?

Recovery and reorganisation

See Overview

Operational and financial restructuring and reorganisation
Operational and financial restructuring and reorganisation
Recovery
Recovery

Regulatory Services

See Overview

Financial regulatory services
Financial regulatory services
GDPR consultancy
The General Data Protection Regulations (GDPR) have transformed the way we handle personal data. This regulation is a game-changer for businesses operating within the EU, or the handling of EU citizens' data worldwide.
Ship and aircraft registration
Ship and aircraft registration
Medical cannabis licensing in Malta
A study published in 2018 by market intelligence and strategic consultancy firm Prohibition Partners, has forecasted that the European cannabis market will be valued €115.7 billion by 2028. According to the same study, while patient numbers are currently below 100,000 across the region, their number is set to grow to over 30 million in the next decade. In 2018 Malta introduced a bill to legalise the use of medical marijuana and attract companies willing to produce high-grade medical cannabis for the European market.
Trust and trustee services
As an entrepreneur, business owner, parent or guardian, you will want to ensure that whatever happens in the future, the rewards from your hard work can be protected as efficiently as possible. Grant Thornton Fiduciaire Limited (Grant Thornton) understands this and provides a professional and holistic trust management service.
Family trusts
The law establishes the requirement of a license for one to be able to act as a trustee subject to certain limited exceptions. One such exception is found in the Rules for Trustees of Family Trusts which provide for an exception to this rule where a trust is set up to hold property settled by a settlor or settlors for the present and future needs of family members or of family dependants who are clearly identifiable.

Residence and Citizenship

Grant Thornton is authorised and regulated by the Government of Malta to handle and submit applications for both citizenship applications as well as residence...

See Overview

Programmes
Grant Thornton is authorised and regulated by the Government of Malta to handle and submit applications for both citizenship applications as well as residence permits under the various residence programmes available in terms of Maltese law.
Ordinary residency in Malta
Any EU, EEA or third country national who resides in Malta for more than 3 months is obliged to apply for a Residence Permit. There are various grounds upon which an applicant may apply to require a residence permit, including: Self-Sufficiency, Employment or Self-Employment, Family Members, Permanent Residence, Study Purposes.
Qualifying Employment in Aviation Rule
Malta provides qualified persons employed in the field of aviation with an opportunity to enjoy a 15% flat personal tax rate on income generated from their direct employment in Malta. For a candidate to qualify, their annual income must exceed €45,000. This does not include the value of fringe benefits and applies to the derived income received from an eligible office.
Qualifying Employment in Innovation and Creativity (Personal Tax) (Amendment) Rules, 2019
These Rules allows persons employed in a role directly engaged in carrying out, or management of research, development, design, analytical or innovation activities, to enjoy a 15% flat personal tax rate on income generated from their direct employment in Malta.
Qualifying Employment in Maritime and Offshore Oil & Gas Industry Rule
Malta provides qualified persons employed in the field of aviation, with an opportunity to enjoy a 15% flat personal tax rate on income generated from their direct employment in Malta.
Nomad Residence Permit
The NOMAD residence permit, which was launched in June 2021, allows third-country nationals who would normally require a Visa to travel to Malta, to retain their current employment based in another country whilst legally residing on the island.

Related insights:

RESIDENCY Applying for residence in Malta

Any EU, EEA or third country national who resides in Malta for more than 3 months is obliged to apply for a Residence Permit. There are various grounds upon which an applicant may apply to require a residence permit

01 Oct 2019

Tax services

Tax and regulatory

See Overview

Direct international tax
Direct international tax
Indirect international tax
Indirect international tax
Global mobility services
Global mobility services
Transfer pricing
Transfer pricing
Estate planning
Estate planning
Wealth advisory
Wealth advisory
Regulatory and legal
Regulatory and legal
Corporate tax services
Corporate services
VAT
At its simplest, VAT is a tax on consumption and is a multi-stage tax (ie applied at every stage of the production process), which is applied to both goods (ie tangible property) and services. Additionally, although the tax is ultimately borne by the consumer (by getting included in the price paid), responsibility for charging, collecting and passing the tax on to the tax authorities, rests with the supplier.
2018 Amendments of the Income Tax Act
The following is a brief overview of the new tax provisions introduced in 2018 by the Budget Implementation Act (Act VII of 2018) and other legislative enactments

Transaction Advisory services

See Overview

Mergers and acquisitions
Mergers and acquisitions
ESEF Reporting
Our ESEF reporting service is tailored to assist listed companies in complying with the European Single Electronic Format (ESEF) requirements. As of 2020, ESEF is mandated for annual financial reports of issuers with securities listed on regulated markets. We provide services for mapping the taxonomy and generating audit/regulator-ready xHTML reports.
EU funding
EU funding
Prospects MTF
As of 2016, small and medium-sized enterprises in Malta can access the capital markets through Prospects - a market of the Malta Stock Exchange (MSE) designed specifically for Small and Medium sized Enterprises (SME). Prospects offers a cost-effective opportunity for entities looking to raise up to €5 million per issue.
Project financing
Project financing
Due diligence
Due diligence
Valuations
Valuations
Foreign direct investment
Foreign direct investment (FDI) is the category of international investment that echoes the objective of obtaining a lasting interest by an investor in one economy in an enterprise resident in another economy.
Wholesale Securities Market
WSM is a joint venture between the Malta Stock Exchange and the Irish Stock Exchange, combining the best of each partner’s processes and technical skills.
Investment Support
The government of Malta has made available several incentive programmes, aimed at supporting Maltese SMEs and start-ups. These support schemes are targeted at different stages of a company’s lifecycle and cover from the start-up to the consolidation and expansion phases. Such incentives are usually promoted and managed by Malta Enterprise, while Trade Malta focuses on supporting businesses to penetrate foreign markets.

Industries

Transport Services

Due to the breadth of expertise available, Grant Thornton can provide players in three main sectors of the transport industry; these being Maritime, Aviation,...

See Overview

Aviation
The Maltese Government is constantly remaining to improve the position as the best place to do business within the aviation industry through exhaustive tax agreements, powerful legislation, and many aviation professionals. This is the best time for airlines, financiers and aircraft owners to be located in Malta.
Maritime
For Maritime, Grant Thornton provide direction with regards to VAT guidelines for yacht leasing, as well as ship and aircraft registration.
Automotive
We offer a broad range of services relating to automotive, ranging from Transaction advisory, access to finance, business advisory, process and inventory management, tax advisory, audit and advisory, outsourced support services.

Consumer goods

The industry is emerging at a very fast rate. Consumers are building the industry by demanding lower prices and findings new ways to buy food and drinks,...

See Overview

Fintech and Innovation

At Grant Thornton we help innovative firms and entities operating in the fintech space launch new propositions and grow their business. We also help...

See Overview

Blockchain technology
Blockchain technology
The Malta Virtual Financial Assets Act
The Virtual Financial Assets Act provides a sound legislative framework for Malta to regulate and responsibly promote the use of cryptocurrencies, crypto-exchanges and other crypto-related services, through which Malta aims to promote further technological innovations and growth, and continue building on its robust financial services industry.
Our role as a VFA agent
Our role as a VFA agent consists to assist, monitor and provide guidance throughout the full licensing process, and beyond the licensing stage. The VFA agent will be required to apply for the VFA license on behalf of the issuer.
Initial Coin Offerings
Initial Coin Offerings (ICOs) in Malta have risen to prominence as a method to raise capital from the public, institutions or venture capitalists by selling a percentage of cryptocurrency to investors in the form of tokens in exchange for legal tender (smart contracts).

Public sector

See Overview

iGaming

With a sound jurisdiction that steers clear of bureaucracy and that has a proven track record, the iGaming industry in Malta is continuing to build on its...

See Overview

Gaming Regulations
Malta recently overhauled the framework regulating the iGaming sector. Going forward operators will still be required to obtain authorisation to carry out regulated activities.
Licensing Process
Prior to submission all applicants are advised to go through a pre-application process with one of the MGA’s Licensing Officers. This will ensure that the application has been correctly compiled and all the key ingredients are present.

Startups

See Overview

Real estate

See Overview

Malta Real Estate Investment Trust (REIT)
As part of the 2019 budget, the government has pledged to introduce a Real Estate Investment Trust (REIT) framework in Malta.

Hospitality & tourism

The hospitality and leisure industry is going through a period of extraordinary, inevitable change and will look very different in 2020 than it does today. On...

See Overview

Healthcare

Healthcare is a swiftly changing sector. Providers and commissioners of healthcare encounter the challenges of rising public expectations, an ageing...

See Overview

Financial services

Financial services businesses engage in an increasingly complex and heavily regulated environment. Grant Thornton's multi-disciplinary Financial Services Group...

See Overview

The Markets in Financial Instruments Directive (MiFID) II
MiFID II aims to protect investors and make sure that financial markets operate in the fairest and most transparent way possible. Building on stock and investment trading regulation introduced in 2007 it sets to ensure a more integrated financial market.

Collective Investment Schemes

At Grant Thornton we help innovative firms and entities operating in the fintech space launch new propositions and grow their business. We also help...

See Overview

Taxation of Malta Collective Investment Schemes
Malta-registered collective investment schemes (CISs) are generally not subject to Malta tax. Given that CIS are properly structured, such schemes generally can take advantage of a number of tax benefits. When it comes to taxation of investors in collective investment schemes, this will depend on what type of income is being received, whether the investor is a Malta resident or not, and if the shareholder is an individual or a body-corporate?

Navigating DORA

Compliance Strategies Tailored for SMEs

By:

Mrinali Hujoory

06 Nov 20236 min read

The dominance of digitalisation in business operations is a widely acknowledged reality. Because of this, Small and Medium Enterprises (SMEs) in the financial sector tend to stand at the intersection of opportunity and vulnerability. The Digital Operational Resilience Act (DORA) Regulation is approaching, ushering in a new era of compliance requirements. Yet, for SMEs, DORA is not merely a challenge in terms of compliance; it presents a distinctive opportunity to strengthen their digital infrastructure and secure long-term success in the constantly changing digital environment.

Understanding the DORA Regulation

The Digital Operational Resilience Act (DORA) is a regulatory framework set forth by the European Union which provides uniform requirements for the security of network and information systems that support the operations of businesses in the financial sector. These requirements include ICT risk management, reporting of major ICT related incidents, digital operational resilience testing, information and intelligence sharing and measures for the sound management of third-party risk.

A deep dive into DORA’s Pillars

Where do you belong in the SME spectrum?

In the context of this article, SMEs, or Small and Medium-sized Enterprises, are businesses that fall within a specific range of size and operational scale. These enterprises are characterized by their relatively modest size compared to larger corporations. In the European Union, which is where DORA is of relevance, the classification of SMEs is based on specific criteria. Understanding where your business fits within these categories can help your organisation better assess its obligations and compliance efforts related to the DORA regulation.

Microenterprise	You are a financial entity, other than a trading venue, a central counterparty, a trade repository or a central securities depository, which employs fewer than 10 persons and has an annual turnover or total balance sheet that does not exceed EUR 2 million.
Small Enterprise	You are a financial entity that employs 10 or more persons, but fewer than 50 persons, and has an annual turnover and/or annual balance sheet total that exceeds EUR 2 million but does not exceed EUR 10 million.
Medium-Sized Enterprise	You are a financial entity that is not a small enterprise and employs fewer than 250 persons and has an annual turnover that does not exceed EUR 50 million and/or an annual balance sheet that does not exceed EUR 43 million.

Why should your organization take DORA into consideration?

One of the critical aspects of DORA is its intention to level the regulatory playing field. It ensures that all financial market participants, regardless of their size, adhere to consistent standards of operational resilience. DORA places a strong emphasis on cybersecurity risk management, requiring SMEs to bolster their defenses against cyber threats. Compliance with these standards not only safeguards the enterprise but also fosters trust among customers, partners and investors.

In short, operational resilience isn't merely about compliance; it's a strategic differentiator. The act recognizes that SMEs play a vital role in the financial ecosystem and aims to provide them with the tools and standards needed to thrive in the digital age. By embracing DORA's principles, SMEs can enhance their operational resilience, build trust, and navigate the digital seas with confidence, ensuring their continued success in an increasingly complex and interconnected financial world.

Streamlining compliance for your organization with the principle of proportionality

Within the intricacies of DORA lies a fundamental principle - proportionality. At its core, this principle in DORA signifies that regulatory requirements should be proportionate to the size, significance, and complexity of the entities being regulated. It acknowledges the diverse nature of regulated entities and tailors the regulatory requirements accordingly.

For SMEs, the proportionality principle plays a pivotal role in ensuring that the regulatory burden matches the size and complexity of the organization. This means that they are not burdened with the same extensive and costly compliance requirements as larger organizations. Subsequently, SMEs can focus their efforts on areas of their business that post the most significant risk. With this targeted approach, smaller firms can minimize unnecessary expenses and enhance operational efficiency.

Where the proportionality principle applies

The regulation embodies the principle of proportionality in three key instances. First and foremost, it states that the rules laid out throughout the text shall be proportionate to the entity’s size, overall risk profile, nature, scale and complexity of their services and operations. This point holds significant importance since it advocates for a risk-centric approach over a mere compliance-focused mindset.

Following that, this principle is also exercised in the second pillar termed as the ICT Risk Management framework. Under this pillar, small and non-interconnected investment firms, payment institutions, electronic money institutions, and small institutions for occupational retirement provision are granted exemptions from specific requirements from certain requirements. Instead, they are only required to establish a simplified risk management framework for their organisation.

Finally, the third instance of the proportionality principle is noticeable in the context of microenterprises, which are similarly exempt from certain requirements within the text.

Operational Resilience challenges for small & medium enterprises and the Grant Thornton Solution

While DORA is designed to bolster the operational resilience of financial institutions by imposing strict requirements on their digital infrastructures, it also presents an imposing challenge for small and medium-sized enterprises within the industry. Here are some key obstacles that your company may encounter:

Compliance costs: DORA mandates that financial entities maintain a high level of cybersecurity and operational resilience. Your business may need to invest in enhanced cybersecurity measures, which could include third party monitoring, threat detection, and incident response systems. These security enhancements can be costly.

How we can help:

Our DORA Readiness assessment can help you evaluate your current maturity level and from there, we can help you leverage the proportionality principle to allocate resources efficiently and concentrate your efforts on mission-critical dependencies. In addition, Grant Thornton can help your company with our “SME Consultancy Service Grant Scheme” which can support your business by partly financing your expenditure incurred by the consultancy services procured by us.

Interpreting the legal requirements: Regulatory documents like DORA often employ complex legal terminology and concepts that can sometimes be vague or open to interpretation, leaving room for you to misunderstand the exact obligations and standards you need to meet. This vagueness can lead to incorrect compliance measures. In addition, you may have limited resources, including time, money, and personnel, to dedicate to legal compliance.

How we can help:

Grant Thornton can provide you with the necessary skills and knowledge needed in your compliance journey without the expense of hiring in-house legal specialists. We can help you decipher the legal intricacies of DORA and provide you with simplified interpretations, customized to your specific operations.

Managing third parties supporting critical or important functions: Selecting the right third-party vendors that meet DORA's stringent requirements can be a complex process. Your organisation may struggle to conduct comprehensive risk assessments and draft robust contractual agreements that adequately protect your interests, potentially exposing your firm to vulnerabilities.

How we can help:

Through our third-party risk management program, we can help your company establish ongoing monitoring mechanisms and negotiate contracts to include necessary operational resilience and cybersecurity provisions. In addition, our team at Grant Thornton can develop your contingency plans and alternative solutions to mitigate dependencies on vendors for your critical services.

As we find ourselves at the midpoint of the two-year implementation period, it becomes crucial for organisations like yours to assess their progress and identify the necessary steps to bridge any existing gaps on the path to compliance.

At Grant Thornton, our team of dedicated consultants is steady in its commitment to guide you through this journey with competence and assurance. We believe in fostering a collaborative approach that empowers you to not only meet the regulation’s requirements but also to thrive in a compliant and ethical business environment.