ESMA Criticizes Malta’s Fast-Track Crypto Authorization Process

The European Securities and Markets Authority (ESMA) has conducted a peer review of Malta’s implementation of the Markets in Crypto Assets (MiCA) regime, with a particular focus on the fast-track authorization of an unnamed crypto asset service provider (CASP entity). The review highlighted that the authorization was granted despite the presence of unresolved or pending remediation issues at the time of authorization.

ESMA’s Peer Review Committee (PRC) questioned the timing of the authorization, noting that several material issues remained unresolved. The PRC expressed concern that the Malta Financial Services Authority (MFSA) did not use the authorization process to ensure that the entity addressed key deficiencies before the authorization became effective. The PRC suggested that the overall authorization process should have been more thorough and conducted over a sufficient period to allow the MFSA to properly assess compliance against the MiCA framework.

Questions have been raised about Malta’s competency in handling these authorizations, especially since the island has been issuing expedited licenses. Some of these licenses have been granted to entities from other jurisdictions that may be concerned about falling behind in terms of authorizing firms. The ESMA findings emphasized the importance of considering the supervisory history of an entity when assessing a request for authorization. The PRC noted that while the supervisory history of the entity was part of the authorization assessment, it was not adequately considered. This included the fact that material issues remained unresolved or pending remediation at the time of the authorization, including the remediation of previous enforcement cases and the outcome of pending ones.

The ESMA review also mentioned that certain key aspects of the authorization were not adequately assessed. These included aspects of the business plan related to growth and the onboarding of new clients, potential conflicts of interest, and governance arrangements. The review also highlighted risks related to the ICT infrastructure, custody, use of the booking model, use of Web3 services, and certain anti-money laundering and counter-terrorism financing (AML/CFT) risks and controls.

The ESMA review found that Malta fully or largely met expectations in areas such as supervisory settings and resources. However, it was the authorization process where Malta had fallen short. The MFSA welcomed ESMA’s findings, stating that the insights provided by the ESMA Peer Review Committee are invaluable in supporting the MFSA and other National Competent Authorities (NCAs) in their continued efforts to improve and strengthen supervision of this sector.