ESMA Criticizes Malta’s Crypto License Approval Process Under MiCA

The European Securities and Markets Authority (ESMA) has expressed concerns over Malta’s handling of license approvals under the EU’s Markets in Crypto-Assets (MiCA) regulation. In a peer review report released on July 10, ESMA highlighted deficiencies in how the Malta Financial Services Authority (MFSA) approved a recent crypto asset service provider (CASP), urging tighter oversight moving forward.

According to the report, while the MFSA possesses a solid foundation of expertise and sufficient resources for supervising CASP applications, its latest authorization process fell short of expected standards. The review committee found that the regulator granted approval despite outstanding material issues and an inadequate risk assessment. The report noted that these lapses raise questions about Malta’s commitment to ensuring full compliance with the MiCA framework.

The Peer Review Committee expressed concern that the MFSA failed to use the authorization phase to compel the unnamed CASP to resolve key shortcomings. ESMA emphasized that a more rigorous approach could have helped bring the entity fully in line with MiCA obligations before granting its license.

Malta remains one of the EU’s most active MiCA license issuers. Since MiCA’s enforcement began, the country has issued five CASP licenses, ranking just behind Germany and the Netherlands. This wave of compliance marks a major step for the industry, with major players such as Circle and Kraken already approved under the MiCA regime.

Considering this, the report urged national European regulators to strengthen their oversight during the CASP licensing process. It emphasized the need for close scrutiny in several high-risk areas. These include business model sustainability, governance structures, potential conflicts of interest, intragroup relationships, ICT architecture, and the promotion of unregulated crypto services. Beyond that, the financial regulator also flagged emerging sectors such as DeFi and Web3 for more careful evaluation.

It added: “The PRC encourages NCAs to review, as part of the authorisation assessment, user interfaces and customer journeys to ensure that relevant risk warnings are clearly presented to users and that the overall customer experience is in line with MiCA requirements.”

This development underscores the importance of stringent regulatory oversight in the rapidly evolving crypto industry. As more firms seek to comply with MiCA regulations, the need for robust and consistent licensing processes becomes increasingly critical. The concerns raised by ESMA serve as a reminder that while progress is being made, there is still work to be done to ensure that all crypto service providers operate within the bounds of the law and protect the interests of consumers.