-
Malta’s Financial Services Authority (MFSA) has faced scrutiny from the European Securities and Markets Authority (ESMA) for partially meeting expectations in the authorization process of a crypto asset service provider (CASP) under the Markets in Crypto-Assets Regulation (MiCA).
-
The ESMA peer review highlights key areas where Malta’s regulatory approach requires enhancement to ensure consistent supervisory standards across the EU.
-
According to COINOTAG, the ESMA’s ad hoc Peer Review Committee (PRC) urged the MFSA to reassess unresolved issues from the authorization process to strengthen regulatory oversight.
ESMA’s review reveals Malta’s MFSA partially met MiCA authorization standards for CASPs, urging enhanced supervision to align with EU-wide crypto regulatory frameworks.
ESMA Peer Review Identifies Gaps in Malta’s MiCA CASP Authorization Process
The European Securities and Markets Authority (ESMA) conducted a detailed peer review of Malta’s Financial Services Authority (MFSA) focusing on the authorization process for crypto asset service providers (CASPs) under the MiCA framework. While the MFSA demonstrated a solid supervisory infrastructure and adequate staffing, the review found that the authorization process for a specific CASP only partially met ESMA’s expectations. This finding underscores the challenges faced by national competent authorities (NCAs) in uniformly implementing MiCA’s regulatory standards across the European Union.
The peer review, launched in April 2025, was part of ESMA’s broader strategy to foster supervisory convergence among NCAs. The report emphasized that consistent application of authorization criteria is essential to mitigate risks inherent to crypto asset service providers, whose business models often involve complex and evolving challenges. ESMA’s PRC recommended that the MFSA conduct a thorough reassessment of any outstanding issues identified during the initial authorization to ensure robust compliance with MiCA requirements.
Implications for Malta’s Regulatory Landscape and CASP Market
Malta has positioned itself as a prominent hub for crypto businesses within the EU, with four CASPs currently licensed under MiCA: Bitpanda (BP23), Crypto.com (Foris Dax), OKX (Okcoin Europe), and ZBX (Zillion Bits). The ESMA review did not specify which CASP was subject to the partial authorization concerns, leaving the market uncertain about potential repercussions for these entities.
Industry experts, including Nathan Catania of XReg Consulting, suggest that the review’s findings are unlikely to trigger license revocations but may prompt the MFSA to tighten its supervisory practices. This aligns with ESMA’s call for all NCAs to maintain vigilant oversight and adapt authorization procedures proactively as the crypto regulatory environment evolves.
Strengthening Supervisory Practices to Align with MiCA Objectives
The ESMA report highlights three critical areas of focus for the MFSA: supervisory settings and resources, the authorization process itself, and ongoing supervisory review including the exercise of adequate regulatory powers. While Malta’s supervisory framework and resource allocation were deemed satisfactory, the authorization process for the specific CASP revealed gaps in addressing material issues prior to granting approval.
This partial shortfall signals the need for enhanced due diligence and risk assessment mechanisms during the authorization phase. ESMA’s PRC stressed that NCAs must pay particular attention to the unique risks posed by crypto asset service providers, including operational, financial, and compliance risks. The report encourages the MFSA to implement timely adjustments to its supervisory approach to keep pace with the growing complexity of the crypto sector.
Contextualizing ESMA’s Recommendations Within the EU’s Regulatory Evolution
The MiCA framework, effective since June 29, 2024, represents the EU’s first comprehensive attempt to harmonize crypto asset regulation across member states. ESMA’s coordinated approach to CASP authorizations aims to prevent regulatory arbitrage and ensure a level playing field for market participants. The peer review mechanism serves as a critical tool to monitor and enhance the uniform application of MiCA provisions.
By addressing the identified deficiencies, Malta’s MFSA can reinforce its reputation as a reliable regulator within the EU crypto ecosystem. This is particularly important as the sector faces increasing scrutiny from financial intelligence units and other supervisory bodies, exemplified by recent fines such as the $1.2 million penalty imposed on Okcoin Europe for compliance breaches.
Conclusion
The ESMA peer review underscores the importance of rigorous and consistent authorization processes for crypto asset service providers under MiCA. While Malta’s MFSA has established a competent supervisory framework, the partial shortfall in authorizing a CASP highlights the ongoing need for enhanced diligence and adaptive regulatory practices. Strengthening these areas will be crucial for maintaining investor protection, market integrity, and fostering confidence in the EU’s evolving crypto regulatory landscape.
