THE FIRM
To lead and empower.
We work tirelessly to guide our clients and support them through the complexity and dynamic landscape they operate in. We partner with them to find better ways to overcome obstacles, seize opportunities and safeguard for future threats. We empower our teams and inspire them through example, encouraging them to always go further and look deeper in pursuit of the right solutions. We lead the way and empower our clients and teams for success.
At Mamo TCV we focus on providing our clients with expert legal advice and practical insight. This helps our clients chart a better course and assists them in steering clear of risk whilst positioning them for success.
Stay updated with our latest insights
Threat-Led Penetration Testing Regulatory Technical Standards under DORA Take Effect
As of today, 8 July 2025, the Regulatory Technical Standards (RTS) on Threat-Led Penetration Testing (TLPT) are now effective, including in Malta, following their publication in the Official Journal on 18 June 2025. These RTS supplement Article 26 of the Digital Operational Resilience Act (‘DORA’) and lay down a framework for the execution of TLPT. The RTS specify the criteria used for identifying the financial entities which are required to perform threat-led penetration tests and lay down organisational arrangements for financial entities. The RTS also include provisions on risk management and specify criteria for engaging TLPT providers. Moreover, the RTS…
Payments Insights #5 – When CASPs Overlap PSPs
The EU’s Markets in Crypto-Assets Regulation (MiCA) provides in Article 70(4) that a crypto-asset service provider (CASP) offering payment services related to its crypto activities must either obtain a payment institution authorisation itself or partner with an authorised payment service provider (PSP) under PSD2. This reflects the “dual nature” of certain crypto-assets: notably, MiCA classifies e-money tokens (i.e. stablecoins) as electronic money, meaning they are not only crypto-assets under MiCA but also “funds” under the Second Payment Services Directive (PSD2). In practice, this dual status raised uncertainty about whether CASPs dealing in stablecoins need a separate PSD2 licence in addition…
OUR EXPERTISE