A review of the implementation of a new regulatory regime for the crypto sector in Europe finds that regulators should be stricter when it comes to granting initial registration to crypto firms.
Europe’s new crypto rules took effect in mid-2024. The Market in Crypto Assets Regulation (MICA) was the world’s first legislative effort to provide a comprehensive regulatory framework for the emerging sector.
Among other things, the regime aims to establish a uniform approach to registering and regulating crypto firms. Starting in January, firms must seek regulatory permission to operate within the European Union, although existing firms are grandfathered for up to 18 months, until mid-2026.
In a new report, the European Securities and Markets Authority (ESMA) examines the early results from Malta, one of the first jurisdictions to start authorizing crypto firms under the new rules — a process that has implications across the region, as authorization in one country allows firms to operate throughout the EU.
ESMA’s review found regulators in Malta didn’t require crypto firms to fully resolve certain material issues before granting registration, and that certain risks weren’t adequately assessed during the authorization process.
The review questioned the approach of granting authorization without first resolving all deficiencies identified by regulators. It said the “overall authorization process should have been more thorough and conducted on a sufficient time to allow [regulators] to properly assess compliance…”
“It is critical to foster trust in this sector that bears high inherent risks,” the report said, adding that the registration process should be used by regulators to ensure firms are compliant with the regulatory requirements, “including that key risks of the [firm’s] business model are effectively mitigated.”
In particular, the report recommended that regulators in the process of registering crypto firms “pay particular attention to certain areas of risk, including business growth, conflicts of interests, governance and intra-group arrangements, [technology] architecture, Web3, decentralized products and the promotion of unregulated services.”
ESMA said its recommendations aim to enable a sound registration process for crypto firms throughout the EU, and that regulators must ensure “the authorizations they grant are well assessed in this new and high-risk sector, where supervisory knowledge is still being built.”
“This exercise is also an opportunity to reinforce EU supervisors’ role as gatekeepers of the EU single market in the crypto space,” it added.
In a statement, Maltese regulators said they welcomed the findings of ESMA’s review.
“We view this as an opportunity to reinforce our processes and procedures with respect to this innovative sector and… [we] are onboarding the recommendations as provided by the review to ensure that Malta strengthens the robustness of its supervisory framework in this field,” it said.