.svg)
The Malta Financial Services Authority (MFSA) has issued a warning to licensed crypto-asset firms in the country after a supervisory review revealed widespread deficiencies in the way these companies present themselves online.
In a new Dear CEO letter addressed to CEOs and compliance officers at all Malta-licensed crypto-asset service providers (CASPs), the regulator said a review had highlighted serious concerns about misleading content, poor risk disclosures and insufficient regulatory transparency on firms’ websites.
The review, carried out by the MFSA’s Conduct Supervision Function, assessed the websites of all CASPs operating in Malta as of March 17, 2025.
It aimed to determine whether firms were complying with the requirements of the EU’s Markets in Crypto-Assets Regulation (MiCA), which came into effect earlier this year.
It also sought to establish expectations and best practices relating to website content and consumer disclosures.
Among the most significant findings, the MFSA noted that licensing statements were often poorly displayed, with some buried in obscure parts of websites or rendered in small font sizes that failed to stand out.
In addition, risk warnings were insufficiently prominent, frequently appearing in dedicated legal sections rather than alongside relevant product and service information.
The MFSA has urged firms to make these disclosures clearer and more visible to users, particularly where investment risks are high.
“CASPs are expected to include a full licensing statement to specifically mention that it is licensed by the MFSA as a crypto-asset service provider in terms of the MICA Regulation,” the letter said, adding that companies are expected to provide full disclosure of the services that they are authorised to offer under the CASP licence.
“Any other services provided [that] are not regulated under MICA should be clearly indicated as such,” the letter indicates.
Lack of content segmentation
The review also found that several websites promoted services not currently regulated under MiCA, such as NFT-related offerings or crypto staking, without making it clear that these use cases fall outside the EU’s regulatory framework.
The MFSA stated that it expects clear disclaimers to be included in such cases, helping users distinguish between regulated and unregulated services.
The authority also flagged issues with global websites operated by CASPs that serve clients in multiple jurisdictions.
These often presented a mix of products and services without making clear which offerings are available to EU or EEA clients.
The MFSA has demanded better segmentation of content, including the use of geoblocking and/or redirection mechanisms to ensure EU-based users are shown information specific to their region.
Marketing campaigns offering incentives, such as free crypto-assets or cash bonuses, were also scrutinised.
In the letter, the MFSA warned that these promotions risked misleading clients if the terms and conditions were not clearly explained, and reminded firms that any rewards must be modest, directly related to the financial product or service in question, and must not unduly influence consumer decisions.
Conflicts of interest and environmental impact
The letter also highlighted concerns about the inadequate disclosure of conflicts of interest, particularly among firms that combine advisory, portfolio management and execution services with the operation of crypto exchanges.
In these cases, the MFSA expects CASPs to provide transparent explanations about how such conflicts are managed to protect client interests.
Lastly, the authority also identified lapses in the disclosure of the environmental impacts associated with the consensus mechanisms used in crypto-asset issuance.
Under Commission Delegated Regulation (EU) 2025/422, CASPs are required to report on these impacts using specific sustainability indicators, and the MFSA stated that it expects full and accurate compliance with this regulation, including the use of standardised formats.
Although it did not give a deadline for compliance, the MFSA made clear it will continue monitoring CASP websites and will also follow-up with firms where shortcomings are found.
It has urged all licence holders to proactively update their websites in line with its expectations.
