The European Securities and Markets Authority (ESMA) recently conducted a peer review of the Malta Financial Services Authority (MFSA) regarding its authorisation and supervision of Crypto-Asset Service Providers (CASPs) under the Markets in Crypto-Assets Regulation (MiCA). This review provides valuable insights for CASPs operating in Malta and across the EU.

Understanding the regulatory context

MiCA introduces a harmonised regulatory framework for CASPs across the EU. From January 2025, CASPs must be authorised to operate, with a transitional period until 30 June 2026, allowing existing crypto-assets providers that were offering their services in line with the applicable law before 30 December 2024, to continue operating until authorised under MiCA. This regulation aims to ensure consistent investor protection and market integrity throughout the EU.

MFSA’s performance: Strengths and areas for improvement

The peer review found that MFSA fully meets expectations in supervisory frameworks and resources, and largely meets expectations in supervisory review. However, the authorisation process was assessed as partially meeting expectations due to certain unresolved issues at the time of granting authorisation to a particular CASP.

Practical tips for CASPs

Based on the review findings, CASPs should consider the following recommendations to align with MiCA requirements:

  • Ensure business plans are forward-looking and supported by adequate resources and risk controls.
  • Establish robust governance structures and make clear disclosures of any conflicts of interest.
  • Implement resilient ICT systems and ensure compliance with the requirements of the Digital Operational Resilience Act (DORA), especially for critical services, like custody.
  • Manage exposure to Web3 and decentralised finance (DeFi) products with appropriate risk mitigation controls and avoid misleading promotion of unregulated services.
  • Design user interfaces that clearly present risk warnings and align with MiCA’s customer protection standards.
  • Engage proactively with MFSA and other EU regulators to support cross-border supervision and investor protection.

Conclusion

The ESMA peer review highlights Malta’s commitment to effective CASP supervision while identifying key areas for improvement. CASPs are encouraged to take a proactive approach in strengthening their compliance frameworks to meet the evolving regulatory expectations under MiCA.