Europe’s Financial Watchdog Probes Malta Over Fast-Track MiCA Authorizations

The European Securities and Markets Authority (ESMA), the financial watchdog for the 27-country trading block, has carried out a peer review of Malta’s application of the Markets in Crypto Assets (MiCA) regime, with specific attention to the island’s fast-tracked authorization of a certain unnamed crypto firm.

ESMA’s Peer Review Committee (PRC) focuses on the authorization of a specific crypto asset service provider or “CASP entity,” which was cleared for MICA despite the fact that “material issues remained unresolved or pending remediation at the time of the authorization.”

OKX, the top five crypto exchange was granted pre-authorization status in Malta at the start of this year and soon after revealed a $500 million settlement with the U.S. Department of Justice (DoJ).

OKX did not confirm if it is the CASP entity referred to in the review by press time. Malta Financial Services Authority (MFSA) said it was unable to provide official comment regarding specific operators in relation to the report.

“On the authorization process of the CASP entity, the PRC questions the timing of the authorization of the specific entity under MiCA given that several material issues remained unresolved at the time of the authorization,” said the ESMA review.

“It is unclear to the PRC, why MFSA did not leverage on the authorization process to ensure that the entity would remedy key deficiencies before the authorization would be effective. The PRC is of the view that the overall authorization process should have been more thorough and conducted on a sufficient time to allow MFSA to properly assess compliance against the MiCA framework.”

Questions have been circulating about Malta’s competency since the island began handing out expedited licenses, some of which, it must be said, came from players in other jurisdictions that are potentially worried about falling behind in terms of authorizing firms.

The ESMA findings also stated that any regulator should consider the supervisory history of an entity when assessing a request for authorization.

The PRC said, “the supervisory history of the entity formed part of the authorization assessment, but it was not adequately considered,” including the fact that “material issues remained unresolved or pending remediation at the time of the authorization, including the remediation of previous enforcement cases and the outcome of (at the time) pending ones.”

The ESMA review went on to say that it did not find evidence that certain key aspects of the authorization were adequately assessed. These included aspects of its business plan related to its growth and the on-boarding of new clients, potential conflicts of interest, and governance arrangements. The review also mentioned risks related to the ICT infrastructure, custody, use of the […] booking model, use of Web3 services and certain AML/CFT risks and controls.

The ESMA review found that Malta fully or largely met expectations in areas like its supervisory settings and resources, and it was just the authorization process where it had really fallen short. The Malta Financial Services Authority (MFSA) welcomed ESMA’s findings.

“The insights provided by the ESMA Peer Review Committee (PRC) (composed of staff from ESMA, European Banking Authority (EBA) and NCAs) are invaluable in supporting the MFSA and other NCAs in their continued efforts to improve and strengthen supervision of this sector,” the MFSA said in an emailed statement.

Read more: 'Like Ordering McDonald's:' Malta's MiCA Fast-Track Draws Oversight Concerns