Malta's rapid licensing of cryptocurrency service providers under the EU's Markets in Crypto‑Assets Regulation (MiCA) has triggered concerns from the European Securities and Markets Authority (ESMA). A recent ESMA peer‑review of the Malta Financial Services Authority (MFSA) has found “partial” compliance in the authorization process of at least one crypto‑asset service provider (CASP), prompting scrutiny of the broader implications for crypto regulation in the EU.
ESMA's Peer Review: Highlights and Shortfalls
ESMA's ad‑hoc Peer Review Committee (PRC), charged with assessing the MFSA, noted that while the regulator demonstrated robust supervisory infrastructure and adequate staffing, deficiencies in the authorization process for a specific licensed CASP only “partially met expectations.” The PRC urged the MFSA to revisit unresolved issues present at the time of licensing and to ensure comprehensive due diligence in future approvals.
Timeline: MiCA's Rollout and Malta's Early Adoption
June 29. 2024: MiCA officially comes into effect.
December 2024–January 2025: Malta issues its first MiCA licenses — to OKX, Crypto.com, Gemini — leveraging its prior Virtual Financial Assets (VFA) framework.
April 2025: ESMA launches a peer review into Malta's authorization process to ensure consistency and supervisory alignment across EU member states.
The “Race to the Bottom”? Malta's Competitive Edge
Malta's swift licensing has drawn criticism for what some view as leniency:
Fast-tracking via VFA alignment: Malta had aligned its VFA rules with MiCA a year before enforcement began, enabling smoother, faster applications.
Regulatory concerns: Other EU regulators warn this could spark a “race to the bottom,” with smaller jurisdictions under‑resourced and overly eager to capture crypto business.
AML history: Critics cite Malta's history of AML issues—including a FATF gray‑listing in 2021–2022 and the Pilatus Bank scandal—underscoring the risks of expedited approvals.
Malta's Defense and Regulatory Landscape
In response, the MFSA has cited its fintech experience and industry knowledge to justify expedited processing, asserting that robust anti‑money‑laundering checks remain in place.
However, voices like Bitpanda's Benedikt Faupel highlight persistent disparities in MiCA enforcement: “local regulators take different approaches to implementing the framework,” creating severe imbalances.
Implications for Passported Licenses and EU Cohesion
MiCA's passport system allows any CASP licensed in one member state to operate across the entire EU. The ESMA review stresses that weak licensing standards in one jurisdiction can leak across borders:
Uncertain impact on existing licenses: While ESMA has not named the particular CASP involved, various experts interviewed by Cointelegraph see little chance of revoking existing licenses—expecting instead ongoing compliance monitoring.
Consistency concerns: France's AMF warns a fragmented approach undermines MiCA's aim of unified standards.
Looking Ahead: ESMA's Role and Regulatory Adjustments
The peer review underscores the need for enhanced ESMA oversight to ensure all national authorities adhere to MiCA's high standards. Potential regulatory responses may include:
1. Stronger ESMA powers: Granting the authority more centralized supervisory or binding decision‑making capacity.
2. Tighter national standards: Harmonizing licensing procedures and transparency requirements across all NCAs.
3. Re-assessment of Malta‑issued licenses: Especially for institutions flagged in the peer‑review process.
Conclusion
Malta's experience serves as a litmus test for the EU's pioneering effort to build a single, robust crypto market. While its early adoption of MiCA and fintech experience offer competitive advantages, these have sparked justified concerns over regulatory fragmentation and enforcement disparities.
Ensuring that all passported CASPs meet uniform, rigorous standards—from Alicante to Vilnius—will be critical for maintaining public trust and protecting investors. ESMA's ongoing role in monitoring and potentially realigning licensing consistency across the bloc will be central to preserving MiCA's vision of a secure, unified crypto‑asset market in Europe.
