By Elizabeth Howcroft
PARIS (Reuters) -Malta did not do enough to assess the level of risk when granting a licence to a crypto company under the EU’s new regulatory regime, the bloc’s financial watchdog said on Thursday following an examination of the Maltese regulator.
Reuters first reported in June that the European Securities and Markets Authority (ESMA) was scrutinising Malta’s crypto authorisation process, after some regulators raised concerns in closed-door meetings about the speed with which licences were being granted by some states.
Under the EU’s Markets in Crypto-Assets (MiCA) regulation, which came into force this year and is the world’s first comprehensive set of crypto rules, companies offering crypto services must obtain a licence from a national regulator.
That licence can then be “passported” to allow companies to operate in other EU member states, but the rollout has raised concerns about inconsistent approaches and whether individual regulators can effectively supervise complex cross-border financial firms.
The review into Malta focused on Malta’s decision to grant a licence to one particular crypto company, without specifying which.
ESMA launched the review in April “following a series of events”, it said, without giving further details.
Malta’s Financial Services Authority (MFSA) said in a statement on Thursday that it was proud of its role as an “early adopter” of digital asset regulation and did not directly address ESMA’s criticisms.
Malta said it has granted five crypto asset service provider licenses under MiCA since January.
ESMA’s review found that while MFSA had enough expertise in crypto and enough resources to authorise and supervise crypto companies under MiCA, its authorisation process only “partially” met expectations.
“The overall authorisation process should have been more thorough and conducted on a sufficient time to allow MFSA to properly assess compliance against the MiCA framework,” the review said.
ESMA found that material issues with the crypto company were unresolved or pending remediation when the licence was granted, adding that the company’s supervisory history was not “adequately considered”.
The review recommended that Maltese regulators pay particular attention to crypto companies’ business plans, conflicts of interest, governance arrangements, IT systems and their promotion of unregulated services.
(Reporting by Elizabeth Howcroft; Editing by Tommy Reggiori Wilkes and Susan Fenton)