On the 10th of July 2025, the European Securities and Markets Authority (ESMA) published the results of its first peer review of a Crypto-Asset Service Provider (CASP) authorisation under the Markets in Crypto-Assets Regulation (MiCA). The review, focused on Malta, marks an important milestone in the EU’s transition to a harmonised regulatory framework for crypto-assets. The review can be accessed on this link.
Malta, which had already established a structured national framework through its Virtual Financial Assets (VFA) regime in 2018, was among the first jurisdictions to operationalise MiCA. The peer review confirms that the Malta Financial Services Authority (MFSA) possesses a high level of technical expertise and supervisory capability and is well positioned to contribute meaningfully to the EU’s broader objectives for supervisory convergence and market integrity in the digital finance space.
The peer review was undertaken by ESMA’s Peer Review Committee (PRC), supported by the EBA and National Competent Authorities (NCAs), and is intended to inform both national practices and cross-border cooperation under MiCA. While focused on a single case, the review provides broader insights for all NCAs currently processing CASP applications.
The MFSA was assessed as fully meeting expectations on supervisory resources and institutional settings, and as largely meeting expectations in the exercise of supervisory powers post-authorisation. These findings reflect Malta’s proactive investment in capacity-building, including close collaboration with universities, targeted training, and regular engagement with the industry to ensure early preparedness for MiCA.
In relation to the specific authorisation examined, the PRC identified certain areas where improvements would strengthen Malta’s authorisation process further. These included the timing of the authorisation and the need for enhanced documentation in respect of matters such as business growth, intragroup arrangements, governance, ICT architecture, Web3 services, and AML/CFT controls.
The report acknowledges that many of these challenges stem from the novel nature of CASP business models and the high-risk profile of the sector as a whole. Importantly, the PRC also notes that MFSA had engaged extensively with the applicant under the prior regime and had developed strong supervisory familiarity with the firm. The peer review encourages a more cautious approach going forward, reflecting the increased expectations under the MiCA framework.
The report’s recommendations are not limited to Malta. They are addressed to all EU supervisors and cover:
- Forward-looking assessment of business growth and internal resources;
- Enhanced scrutiny of intragroup reliance, governance and third-party arrangements;
- Evaluation of ICT resilience and compliance with DORA;
- Monitoring of exposure to decentralised finance (DeFi) and promotion of unregulated products;
- Consistency in consumer-facing interfaces and risk disclosures.
These cross-cutting issues are central to ensuring that the EU’s single market functions effectively and that investor protection is maintained irrespective of the location of the CASP’s main client base.
This shows that Malta has a strong authorisation process under MiCA and is key to upholding market integrity and investor trust and sees the review as a valuable opportunity to align further with evolving EU expectations.
Malta’s early adoption of crypto regulation has positioned it as a key contributor to the MiCA framework. The peer review confirms that the jurisdiction has laid a strong foundation, and the recommendations now serve as a guide for refinement and continuous improvement. Malta’s openness to peer engagement and transparency reinforces its credibility as a serious regulatory centre in the EU’s digital finance landscape.
The ESMA peer review reflects the transitional nature of the EU crypto regulatory regime and the challenges inherent in authorising innovative and high-risk business models. It also confirms that Malta is on solid footing and has the institutional and technical capacity to play a leading role in the EU’s supervisory framework under MiCA.
Going forward, as NCAs across the Union continue to process CASP applications, Malta’s experience (both its achievements and the lessons drawn) will be instructive. The MFSA’s constructive approach to supervision, its willingness to adapt, and its commitment to EU alignment reinforce its position as an engaged and capable gatekeeper of the single market.
Our fintech team can assist with queries related to the application, authorisation, and ongoing licensing obligations under the EU’s MiCA and Malta’s rules.
This document does not purport to give legal, financial or tax advice. Should you require further information or legal assistance, please do not hesitate to contact us on: fintech@mamotcv.com