What Malta has learnt from seven years of regulating digital assets

By Kenneth Farrugia, CEO of the Malta Financial Services Authority (MFSA)

Digital assets are one of the fastest growing areas of finance, and FinTech more broadly is expected to become a $1.5 trillion industry by 2030¹ It has captured considerable investor, as well as public, interest and featured in the spotlight time and again. There can be no doubt that the sector presents an exciting opportunity for Europe but one that is not without its risks, particularly given that governance of digital assets varies greatly across the globe.  

It was therefore a welcome move when the European Commission (EC) published its proposal for the Markets in Crypto-Assets (MiCA) Regulation at the end of 2020. Prior to this, Malta was the first country to implement a full licensing regime for Crypto-Asset Service Providers (CASPs) in recognition that appropriate regulation and supervision – not prohibition – are the keys to ensuring investor protection and market integrity when it comes to this novel and dynamic sector. In 2018, it adopted the Virtual Financial Assets (VFA) Act, with the Malta Financial Services Authority (MFSA) appointed as the competent authority for the purpose of the Act. This framework was itself based on high-level principles of transparency and disclosure, investor protection and market integrity already established under existing European legislation such as the Markets in Financial Instruments Directive (MiFID), the Markets in Financial Instruments Regulation (MiFIR), the Prospectus Regulation, the Transparency Directive and the Market Abuse Regulation. In developing the VFA, the MFSA consulted with supranational and several national competent authorities to secure input and feedback as to how best it could regulate the sector as an important step in maintaining the integrity of the financial system.  

The value of Malta’s early efforts to regulate the sector in dissuading suspect and questionable operators became quickly apparent. Following adoption of the VFA Act, 85% of entities that had registered prior to the Act coming into force either submitted a notification of cessation of businesses or were deregistered. Moreover, of the initial crypto asset companies registered in Malta, only 8% obtained a Maltese financial services license under the Virtual Financial Assets Act. The majority of the remaining 92% that left the island cited the demanding nature of the vetting process. Suffice to say that while the VFA Act was billed at the time as the most innovative crypto-asset framework in the world, it was equally grounded in a stringent and comprehensive supervisory regime. 

Given the alignment between MiCA and Malta’s existing VFA framework, both having been based on MiFID, the country has been able to adopt and adapt its approach relatively seamlessly and preparations commenced in 2023. With seven years of regulatory experience under our belts, there have been many learnings along the way, including those identified in the recent European Securities and Markets Authority (ESMA) Peer Review published earlier this week. As the report recognises, the MFSA is an effective supervisor with the necessary resources, knowledge and expertise to ensure that any issues identified are comprehensively and effectively addressed, meaning no MiCA license in Malta is at risk of revocation or re-evaluation as a result of this review. The MFSA has already begun to implement the relevant recommendations which it expects to conclude by September 2025. These serve as a basis for our continued efforts to strengthen oversight and support compliance in the sector both in Malta and working alongside our partners across the region. 

Chief among the learnings of the past seven years has been the importance of prioritising efforts to build expertise and setting a high bar. This was something we initially pursued under the VFA Act, as each CASP and issuer was required to engage a VFA agent to apply for authorisation. These were subject to thorough competence requirements, with two-thirds of the professionals who sat for the first competence assessment back in October 2018, failing to make the grade. During this period the MFSA also established a Financial Supervisors Academy for the upskilling of its staff on the new regulation and techniques for financial supervision which proved essential in training staff in the specialised field of crypto-assets, the local framework, and techniques in financial regulation and supervision. More recently, the MFSA has collaborated with the University of Malta to launch a Postgraduate Diploma in Financial Regulation and Compliance which is now running for the second year as part of proactive efforts to ensure a strong pipeline of future talent. Capacity building within the relevant authorities has also proven key, including the creation of new, highly-specialised functions and dedicated crypto teams including at the FIAU. 

Another learning has been the vital importance of investing in and introducing advanced supervisory tools, in addition to traditional tools such as meetings, inspections, and thematic reviews, which have proven invaluable in the process of implementing the VFA Act. For example, blockchain analysis and market monitoring systems have enabled supervisors to capture additional insight and are indispensable given the large volume of activities undertaken by CASPs. Beyond being able to capture data in real-time, these tools have also allowed us as the regulator to embed learnings quickly when it comes to supervising this evolving and specialist sector. 

In addition to ensuring the necessary expertise and tools are available, nurturing agility is essential in enabling swift and responsive adjustments to the evolving dynamics and needs of the sector, as well as the associated regulatory implications. As is to be expected, learning on the go is a natural part of regulating a novel, diverse, and fast-growing sector. In this spirit we have found that remediation is often the best response to shortcomings where they are identified, and while pecuniary action is taken where necessary it has been our experience to date that best-in-class operators tend to welcome regulation and are highly receptive to guidance as to how they can ensure and demonstrate compliance.  

Refining procedures and guidance as the industry evolves will continue to be a central part of the process, along with collaborating with other competent authorities and building trust as more and more jurisdictions look to license operators. One of the very best ways for national competent authorities (NCAs) across the region to deliver on their mandate to protect consumers and maintain the integrity of the financial system is through cooperation with their European counterparts. This starts with taking a proactive and open approach to sharing learnings from the regulatory process, something the MFSA adopted early on with regards to MiCA when it hosted a conference back in 2023. The event brought together over 500 delegates from over 25 European Supervisory Authorities, competent authorities and ministries situated in 17 different countries, as well as senior representatives from the European Securities and Markets Authority (ESMA). 

Regulation of digital assets is not without its challenges and regulating such a fast-growing sector involves a constant process of learning and improvement. However, if we can work collaboratively to strike the right balance when it comes to licensing and supervising operators that ensures a robust process with strong safeguards for consumers, and at the same time enables the industry to continue to grow and innovate, then the potential benefits for Malta, and the EU more broadly, are huge.