ESMA Calls for Malta to Improve Crypto Regulation

Malta’s Financial Services Authority (MFSA) has come under scrutiny from the European Securities and Markets Authority (ESMA) for not fully meeting expectations in the authorization process of a crypto asset service provider (CASP) under the Markets in Crypto-Assets Regulation (MiCA). The ESMA peer review identified key areas where Malta’s regulatory approach needs improvement to ensure consistent supervisory standards across the EU.

The ESMA’s ad hoc Peer Review Committee (PRC) has urged the MFSA to reassess unresolved issues from the authorization process to strengthen regulatory oversight. This review was part of ESMA’s broader strategy to foster supervisory convergence among national competent authorities (NCAs). The report emphasized the importance of consistent application of authorization criteria to mitigate risks inherent to crypto asset service providers, whose business models often involve complex and evolving challenges.

Malta has established itself as a significant hub for crypto businesses within the EU, with four CASPs currently licensed under MiCA: Bitpanda, Crypto.com, OKX, and ZBX. The ESMA review did not specify which CASP was subject to the partial authorization concerns, leaving the market uncertain about potential repercussions for these entities. Industry experts suggest that the review’s findings are unlikely to trigger license revocations but may prompt the MFSA to tighten its supervisory practices.

The ESMA report highlights three critical areas of focus for the MFSA: supervisory settings and resources, the authorization process itself, and ongoing supervisory review including the exercise of adequate regulatory powers. While Malta’s supervisory framework and resource allocation were deemed satisfactory, the authorization process for the specific CASP revealed gaps in addressing material issues prior to granting approval. This partial shortfall signals the need for enhanced due diligence and risk assessment mechanisms during the authorization phase.

ESMA’s PRC stressed that NCAs must pay particular attention to the unique risks posed by crypto asset service providers, including operational, financial, and compliance risks. The report encourages the MFSA to implement timely adjustments to its supervisory approach to keep pace with the growing complexity of the crypto sector. The MiCA framework, effective since June 29, 2024, represents the EU’s first comprehensive attempt to harmonize crypto asset regulation across member states. ESMA’s coordinated approach to CASP authorizations aims to prevent regulatory arbitrage and ensure a level playing field for market participants.

By addressing the identified deficiencies, Malta’s MFSA can reinforce its reputation as a reliable regulator within the EU crypto ecosystem. This is particularly important as the sector faces increasing scrutiny from financial intelligence units and other supervisory bodies. The peer review mechanism serves as a critical tool to monitor and enhance the uniform application of MiCA provisions. Strengthening these areas will be crucial for maintaining investor protection, market integrity, and fostering confidence in the EU’s evolving crypto regulatory landscape.