ESMA Puts Malta’s Crypto Oversight Under the Microscope—Is MiCA at Risk?

The European Securities and Markets Authority (ESMA) has placed Malta’s cryptocurrency licensing framework under review, raising concerns about how the island nation’s financial watchdog authorizes crypto asset service providers (CASPs).

The evaluation, published Thursday, centers on the conduct of Malta’s Financial Services Authority (MFSA) and its processes under the Markets in Crypto-Assets (MiCA) regulation, which officially took effect across the EU in June 2024.

Scrutiny Over Authorization Standards

ESMA’s Peer Review Committee (PRC) conducted a targeted assessment of MFSA’s authorization of an unnamed CASP, identifying areas where the regulator fell short. While the MFSA was found to have adequate staffing and technical infrastructure, the review noted that it only “partially met expectations” during the approval process.

The European watchdog emphasized that the concerns extended beyond Malta, urging all EU national competent authorities (NCAs) to align their oversight mechanisms to ensure consistency across jurisdictions under MiCA’s unified regulatory regime.

The peer review into Malta’s supervisory practices stemmed from a decision by ESMA’s Board of Supervisors (BoS) in April 2025. It followed earlier steps taken in December 2024 when the BoS and the European Banking Authority adopted a harmonized approach for overseeing CASP authorizations under MiCA.

According to the ESMA report, although the review targeted one country, its intent is to foster regulatory convergence throughout the EU as MiCA implementation ramps up.

The PRC analyzed three key dimensions of Malta’s crypto regulation: supervisory structure and staffing, authorization processes, and post-licensing supervisory measures. The MFSA was praised for having a sufficient level of expertise and resources to support CASP supervision.

However, ESMA’s report pointed to gaps in how the agency handled material issues during the authorization stage. It recommended that MFSA improve its ability to assess unresolved or underexamined issues that could emerge after approval.

Calls for Convergence Across EU Supervisors

The ESMA report points out the importance of regulatory consistency, especially as new crypto businesses seek licensure under MiCA. In particular, the PRC cautioned that national regulators must adapt quickly to growing application volumes and the evolving risk profiles of CASPs.

“Due to the novelty and nature of these types of entities as well as the inherent risks of their business model, the PRC recommends to all NCAs…to pay particular attention to certain aspects of the authorization,” the committee stated.

While Malta has historically positioned itself as a crypto-friendly jurisdiction within the EU, the ESMA’s review illustrates the shifting expectations facing all member states.

With MiCA designed to eliminate regulatory arbitrage and create a level playing field, NCAs will need to align not just their licensing processes, but also their supervisory capacity and enforcement strategies.

Moving forward, regulatory coordination and transparency will likely become core benchmarks for assessing the effectiveness of national crypto oversight.

Featured image created with DALL-E, Chart from TradingView