The European Securities and Markets Authority (ESMA) has released a peer review assessing how Malta’s Financial Services Authority (MFSA) oversees Crypto Asset Service Providers (CASPs) under the Markets in Crypto-Assets Regulation (MiCA).

MiCA Implementation and National Discretion

MiCA introduces a single regulatory framework for crypto assets across the EU. CASPs are required to apply for authorisation, with existing providers allowed to operate temporarily under national transition rules. These rules vary, resulting in different timelines across member states.

Importance of Authorisation and Cross-Border Supervision

The report highlights that authorisation is a key tool for managing risk and ensuring compliance. Since many CASPs operate cross-border, strong and consistent supervision is necessary. National regulators must rely on each other’s oversight to support a unified capital market.

🔎 A peer review analysing @MFSAComm approach to authorising #CryptoAsset Service Providers under #MiCA:

✅ Good supervisory engagement and resources
💡 Areas for improvement related to the assessment of authorisations were identifiedhttps://t.co/dBy1J12NnQ pic.twitter.com/O4OuYz78WE

— ESMA - EU Securities Markets Regulator 🇪🇺 (@ESMAComms) July 10, 2025

Assessment Scope and Key Findings

The peer review focused on Malta’s authorisation process, including its governance, AML checks, and post-authorisation supervision. It found that the MFSA has adequate resources and expertise but raised concerns about at least one case where a CASP was approved despite unresolved issues. These included enforcement actions, weak governance, and insufficient review of business risks, ICT systems, and AML controls.

Supervisory Gaps and Recommendations

Post-authorisation actions by the MFSA were generally appropriate, though some issues should have been addressed earlier. ESMA recommended that the MFSA revisit unresolved risks and strengthen its evaluations of growth plans, IT resilience, and group governance.

For all EU regulators, ESMA called for better information sharing and attention to risks such as unregulated DeFi activity, custody operations, and user-facing interfaces. Clear risk warnings and cross-border cooperation were also encouraged.

You may find it interesting at FinanceMagnates.com: Forex Brokers May Cut Costs as ESMA Seeks Input on Overlapping EU Financial Reporting.

Positive Practices and MFSA’s Response

The report noted some good practices by the MFSA, such as hiring crypto-specialised staff and engaging with the industry. The MFSA welcomed the findings and committed to making improvements, citing its prior experience in crypto regulation.

Malta Licenses Major Crypto Exchanges

Several well-known cryptocurrency exchanges, including Crypto.com, OKX, Gate.io, and Gemini, hold licenses issued by the MFSA. These licenses allow them to operate under Malta’s regulatory framework for virtual financial assets. The MFSA is responsible for ensuring that these companies comply with relevant laws and regulations.