ESMA Flags Gaps in Malta’s MiCA Authorization for Crypto Service Providers

The EU's top financial watchdog has highlighted shortcomings in Malta's licensing process, putting the country's approach to crypto regulation under scrutiny. The European Securities and Markets Authority (ESMA) released a peer review highlighting that Malta’s Financial Services Authority (MFSA) only partially met expectations in authorizing a crypto asset service provider under the Markets in Crypto-Assets Regulation.

The review, launched in April 2025, comes just over a year after MiCA took effect, aiming to harmonize crypto oversight across the EU. The ESMA commended Malta's supervisory framework and staffing, but the authorization process itself revealed unresolved issues not fully addressed prior to granting approval.

ESMA’s findings signal a push for greater consistency among national regulators, as the EU seeks to prevent regulatory gaps that could undermine market integrity.

What the Peer Review Uncovered About Malta’s Supervision

ESMA’s peer review found that the MFSA demonstrated strong resources and sector expertise but identified material issues left unresolved at the time of the CASP authorization. These included insufficient assessment of business risks, governance, IT systems, and anti-money laundering controls.

The review scrutinized the authorization's timing, highlighting the incomplete consideration of previous enforcement actions and pending remediation. ESMA’s Peer Review Committee urged the MFSA to reassess these gaps and recommended that all EU regulators pay closer attention to similar risks in their authorization processes.

The report also pointed out that there must be ongoing monitoring and timely adjustments as the crypto sector continues to evolve.

Did you know?
Malta was one of the first EU countries to establish a dedicated regulatory framework for digital assets, earning the nickname “Blockchain Island.” Its early embrace of crypto regulation set the stage for its current role as a hub for CASPs under MiCA.

The Importance of Consistent Supervision Across the EU

Malta’s experience underscores the challenge of maintaining supervisory convergence in a rapidly changing market. As many crypto asset service providers operate across borders, strong and consistent oversight is essential to safeguard the EU’s single market.

ESMA’s recommendations are designed to ensure that all national authorities apply MiCA’s standards rigorously, reducing the risk of regulatory arbitrage and fostering a level playing field for market participants. The peer review mechanism serves as a tool for harmonizing practices and strengthening investor protection across member states.

By addressing the identified gaps, Malta can reinforce its role as a credible regulator within the EU crypto ecosystem.

ALSO READ | Dogecoin Faces Key Resistance as On-Chain Data Flags Three Major Levels

Industry Impact and Market Response

The partial authorization concerns did not specify which of Malta's four licensed CASPs, Bitpanda, Crypto.com, OKX, or ZBX, were the subject of the ESMA review. This lack of clarity has created uncertainty in the market regarding potential repercussions, although industry experts believe that license revocations are unlikely.

Instead, we expect the findings to prompt the MFSA to tighten its supervisory approach and enhance due diligence. The report’s focus on business growth, governance, and risk management reflects broader concerns about the complexity and evolving risks in the crypto sector.

Other EU regulators will closely monitor Malta's response to the review as they adjust their own practices to comply with MiCA's requirements.

Strengthening Malta’s Regulatory Reputation

For Malta, the ESMA review is both a warning and an opportunity. By swiftly addressing the highlighted deficiencies, the MFSA can bolster its standing as a reliable and proactive regulator. This is particularly important as the country continues to attract crypto businesses seeking EU market access.

The review also reinforces the importance of transparency, cooperation, and ongoing dialogue between national and EU-level supervisors. As MiCA’s implementation matures, robust and harmonized oversight will be important for preserving market confidence and supporting the growth of the digital asset industry in Europe.