The European Securities and Markets Authority (ESMA) has recently expressed concerns regarding Malta’s handling of license approvals under the EU’s Markets in Crypto-Assets (MiCA) regulation. In a peer review report released on July 10, ESMA highlighted deficiencies in the approval process conducted by the Malta Financial Services Authority (MFSA) for a crypto asset service provider (CASP), urging stricter oversight going forward.
According to the report, while the MFSA has the necessary expertise and resources to supervise CASP applications, the latest authorization process did not meet the expected standards. The review committee found that the regulator approved the CASP despite unresolved material issues and an inadequate risk assessment. These shortcomings have raised doubts about Malta’s commitment to ensuring full compliance with the MiCA framework.
ESMA emphasized that the MFSA missed an opportunity to address key deficiencies during the authorization phase, which could have brought the entity in line with MiCA obligations before granting the license. Despite these issues, Malta remains one of the EU’s leading issuers of MiCA licenses, having issued five CASP licenses since the enforcement of MiCA began, ranking closely behind Germany and the Netherlands.
Recent data provided by Circle executive Patrick Hansen indicates that 53 firms have obtained MiCA licenses within six months of the framework coming into effect. These licenses allow crypto firms to operate across all 30 European Economic Area (EEA) countries without the need for additional regulatory approvals in each jurisdiction. This compliance milestone marks significant progress for the industry, with major players such as Circle and Kraken already approved under the MiCA regime.
In light of these developments, the report recommended that national European regulators enhance their oversight during the CASP licensing process. It highlighted the importance of closely monitoring high-risk areas such as business model sustainability, governance structures, conflicts of interest, intragroup relationships, ICT architecture, and the promotion of unregulated crypto services. Additionally, the report emphasized the need for a more thorough evaluation of emerging sectors like DeFi and Web3.
The report also suggested that regulators review user interfaces and customer journeys during the authorization assessment to ensure that relevant risk warnings are clearly communicated to users and that the overall customer experience aligns with MiCA requirements.
Overall, the ESMA’s findings underscore the importance of robust oversight and compliance with regulatory frameworks in the rapidly evolving crypto industry. It is essential for regulators to stay vigilant and adapt to the changing landscape to effectively safeguard investors and maintain market integrity.