ESMA Scrutinizes Malta’s Crypto Oversight—Could MiCA Compliance Be in Jeopardy?

Europe's financial watchdog turns up the heat on Malta's crypto regulation—just as the industry braces for MiCA's seismic shift.

The Irony of Crypto's 'Gold Standard'

Malta once branded itself the 'Blockchain Island.' Now, ESMA's probe exposes cracks in its regulatory facade—right as the EU's landmark MiCA framework looms.

Behind the Regulatory Theater

Sources whisper about rushed VFA agent approvals and lax enforcement. Meanwhile, traditional finance quietly stacks sats while publicly tut-tutting about 'risky crypto ventures.'

MiCA's Make-or-Break Moment

If a poster-child jurisdiction like Malta stumbles, what hope for laggard states? The coming months will separate crypto's serious players from the regulatory tourists.

Scrutiny Over Authorization Standards

ESMA’s Peer Review Committee (PRC) conducted a targeted assessment of MFSA’s authorization of an unnamed CASP, identifying areas where the regulator fell short. While the MFSA was found to have adequate staffing and technical infrastructure, the review noted that it only “partially met expectations” during the approval process.

The European watchdog emphasized that the concerns extended beyond Malta, urging all EU national competent authorities (NCAs) to align their oversight mechanisms to ensure consistency across jurisdictions under MiCA’s unified regulatory regime.

The peer review into Malta’s supervisory practices stemmed from a decision by ESMA’s Board of Supervisors (BoS) in April 2025. It followed earlier steps taken in December 2024 when the BoS and the European Banking Authority adopted a harmonized approach for overseeing CASP authorizations under MiCA.

According to the ESMA report, although the review targeted one country, its intent is to foster regulatory convergence throughout the EU as MiCA implementation ramps up.

The PRC analyzed three key dimensions of Malta’s crypto regulation: supervisory structure and staffing, authorization processes, and post-licensing supervisory measures. The MFSA was praised for having a sufficient level of expertise and resources to support CASP supervision.

However, ESMA’s report pointed to gaps in how the agency handled material issues during the authorization stage. It recommended that MFSA improve its ability to assess unresolved or underexamined issues that could emerge after approval.

Calls for Convergence Across EU Supervisors

The ESMA report points out the importance of regulatory consistency, especially as new crypto businesses seek licensure under MiCA. In particular, the PRC cautioned that national regulators must adapt quickly to growing application volumes and the evolving risk profiles of CASPs.

“Due to the novelty and nature of these types of entities as well as the inherent risks of their business model, the PRC recommends to all NCAs…to pay particular attention to certain aspects of the authorization,” the committee stated.

While Malta has historically positioned itself as a crypto-friendly jurisdiction within the EU, the ESMA’s review illustrates the shifting expectations facing all member states.

With MiCA designed to eliminate regulatory arbitrage and create a level playing field, NCAs will need to align not just their licensing processes, but also their supervisory capacity and enforcement strategies.

Moving forward, regulatory coordination and transparency will likely become Core benchmarks for assessing the effectiveness of national crypto oversight.

Featured image created with DALL-E, Chart from TradingView