Regulatory Failure in Malta
Malta’s approach to regulation and compliance continues to raise questions. In the ongoing Paytah case, it remains unclear why the Malta Financial Services Authority (MFSA) and the Financial Intelligence Analysis Unit (FIAU) have failed to take decisive action against Phoenix Payments Limited, operating as Paytah. According to its former Chief Legal and Compliance Officer (CCO), Interpol is investigating the MFSA-licensed high-risk payment processor.
The whistleblower, now protected under Malta’s Whistleblower Act, lost her position immediately after raising significant AML/KYC concerns. Despite this, Paytah retains its license.
Management and Associated Entities
Paytah’s leadership includes Marco Lavanna (LinkedIn), Keith Farrugia, and Francesc Xavier Alabart Lopez. Another notable figure is Jesus Perez, a Spanish national who serves as Chief Product Officer at Monetum, a Swiss crypto payment processor linked to Lavanna.
The management team has been involved in running several payment processors across various jurisdictions, often appearing to treat compliance obligations with minimal seriousness.
As of now:
-
Paytah reportedly lacks an MFSA-approved CFO or Chief Compliance Officer.
-
The company remains licensed despite its connections with multiple Estonian crypto firms that have lost their licenses and facilitated scams affecting hundreds of EU citizens.
The whistleblower’s report was submitted to the FIAU’s Whistleblower Support Unit in September 2020. Yet, months later, Paytah continued operating with full MFSA authorization.
KYC/AML Deficiencies
The former CCO alleges that Paytah maintained extensive cryptocurrency dealings with Estonian companies while failing to apply adequate AML/KYC measures. Client onboarding was outsourced to Digital Exchange Europa SL, a firm lacking relevant expertise.
Offshore Leaks data links Digital Exchange Europa to Marco Lavanna and Fenice Holding SA, a Swiss-based crypto payment processor.
Patterns alleged by the whistleblower:
-
Approval of numerous high-risk customers.
-
Loss or transfer of sensitive AML/KYC data.
-
Repeated onboarding of clients from high-risk sectors.
Impact on Victims
The whistleblower confirmed that Paytah knowingly processed payments for scam brokers, enabling victims to deposit funds via its systems.
Court records reveal:
-
An attempt to sell Paytah shares to an unidentified “English man,” who also introduced “very risky crypto clients.”
-
An offer made to the CCO to accept six months’ salary in exchange for leaving quietly and refraining from reporting to authorities — an offer she rejected.
Regulatory Accountability
Paytah’s questionable operations have been known to Maltese regulators for months, yet MFSA and FIAU have taken no public enforcement action. This inaction comes as Malta faces critical evaluation by Moneyval.
Media reports have also claimed that MFSA engages in questionable practices, including issuing direct orders to pay local news outlets.
The FIAU, under Director Kenneth Farrugia and Deputy Alfred Zammit, has faced criticism for opaque proceedings and perceived leniency toward powerful actors. Reports have emerged showing that proceedings involving FIAU remain secret.
Former MFSA CEO Joseph Cuschieri, along with current executives Edwina Licari, who was on Cuschieri’s controversial Las Vegas trip, Michelle Mizzi Buotempo, and Christopher Buttigieg, had the authority to revoke Paytah’s license but failed to act.
The Larger Implication
Supervisory duties exist to safeguard markets and investors. Choosing not to act on known violations erodes trust and risks repeating past failures such as the Wirecard scandal. Regulators who neglect their legal oversight obligations may ultimately bear liability for damages suffered by victims of regulated entities.
Scam-Or Project will continue to follow developments in the Paytah case.