The Battle Over Crypto Oversight: Malta's Resistance to ESMA Centralization Reveals Deeper EU Tensions
A proposed shift in supervisory authority over major crypto asset service providers to the France-headquartered ESMA is challenging the delicate equilibrium MiCA established between centralized EU oversight and member state regulatory autonomy.
The European Union's upcoming crypto conflict has evolved beyond the question of industry regulation itself to focus on which entities will exercise supervisory authority. European Union decision-makers are currently evaluating a European Commission initiative that would transfer direct oversight of the continent's most significant crypto asset service providers (CASPs) to the European Securities and Markets Authority (ESMA) based in Paris, removing front-line regulatory responsibilities from national-level supervisors.
Malta's Financial Services Authority (MFSA) remains skeptical about the proposal. According to a spokesperson who spoke with Cointelegraph, implementing structural modifications such as centralized oversight would be "premature to introduce structural changes" at this stage. The Markets in Crypto Assets Regulation (MiCA) regulation only recently achieved full implementation status, and its "impact on the market and market players is still being assessed," the spokesperson explained.
This disagreement carries significant weight because MiCA enables firms to secure regulatory approval in a single member state before passporting their operations throughout the entire EU. Consequently, determining which authority oversees crypto businesses transcends mere administrative considerations, touching upon fundamental questions about how Europe will achieve equilibrium among market integration objectives, investor protection imperatives and national regulatory sovereignty.
Although a recent Bloomberg report characterized this confrontation as a small nation standing against the commission, Ian Gauci of Maltese law firm GTG, who played a key role in developing Malta's initial crypto regulatory framework, told Cointelegraph, "That is not what this is." He emphasized that Malta's objections "are not jurisdictional" and "go to the structure itself and how it will behave wherever it is applied in the Union." The MFSA clarified its stance was not driven by national competitive interests but centered on "regulatory timing and effectiveness" and maintaining Europe's appeal to cryptocurrency enterprises.
Centralizing supervision under one roof
The ESMA already spearheads supervisory convergence initiatives, orchestrating peer reviews of national regulatory bodies, including an accelerated examination of one Malta CASP authorization, broadly understood to involve OKX. The examination determined that Malta satisfied expectations regarding supervisory frameworks, though the firm's authorization "should have been more thorough."
Gauci indicated he does not oppose strengthening EU-level involvement where circumstances warrant such action. However, he contended that centralization efforts should focus specifically on genuinely systemic cross-border enterprises presenting clearly documented risks, rather than functioning as a comprehensive remedy for inconsistent supervision practices.
Malta warns centralization may go too far
OKX disputes the notion that firms select smaller jurisdictions with the intention of capturing regulators. Its European CEO, Erald Ghoos, told Cointelegraph that, in contrast to certain competitors, the exchange has operated under Maltese supervision within a rigorous regulatory framework since 2021 and its MiCA authorization represented the culmination of a multi-year working relationship, "not an expedited process." Given that MiCA implementation remains ongoing, he maintained that no evidence exists demonstrating the current framework's inadequacy, making centralization appear more akin to a "political decision."
Ghoos stated that the rationale for consolidating supervisory authority at the EU level has yet to be adequately proven.
Gauci acknowledges that supervisory inconsistencies do exist but contends that the appropriate response involves leveraging existing regulatory instruments. "Make peer reviews bite," establish firm deadlines and implement penalties for ongoing noncompliance, rather than fundamentally restructuring MiCA's distribution of authority, he suggested.
His more profound apprehension is architectural in nature: Large firms function as unified systems, yet the proposal would fragment oversight among ESMA, national regulatory authorities and the Anti-Money Laundering Authority (AMLA), while the Digital Operational Resilience Act (DORA) anticipates an integrated perspective on information technology risk. "Once you split supervision like this, that unity disappears," he cautioned, resulting in fragmented accountability during crisis situations.
The fundamental issue, he argued, is whether Europe prioritizes supervisory depth over supervisory scale. Early adopting jurisdictions developed specialized expertise and operational proximity within a rapidly evolving industry; eliminate that foundation too hastily, and Europe risks substituting it with bureaucratic distance, eliminating the "incentive for jurisdictions to invest in serious supervisory capacity in the first place," and promoting the offshore migration that policymakers aim to prevent.