As part of its unwavering commitment to consumer protection and regulatory transparency, the Malta Financial Services Authority (MFSA) has completed a comprehensive review of the websites operated by Malta-licensed Crypto-Asset Service Providers (CASPs), following the entry into force of the Markets in Crypto-Assets Regulation (MiCA) in December 2024.

This initiative forms part of the MFSA’s broader strategy to safeguard consumer interests and uphold the integrity of the rapidly growing crypto-asset sector. The review focused on ensuring that licensed CASPs are meeting their obligations under MiCA, particularly regarding the accuracy, clarity, and fairness of the information provided to clients through their websites.

“MiCA has introduced a clear and harmonised regulatory framework for crypto-assets across the EU, and we are committed to ensuring that Malta’s licensed entities meet and exceed these standards,” said Christopher P. Buttigieg, MFSA’s Chief Officer Supervision. “By proactively reviewing the websites of CASPs, we are holding firms accountable and ensuring that their communications are transparent, fair, and aligned with consumer expectations, even in their first few months of operation under MiCAR.”

The MFSA assessed all websites of CASPs licensed in Malta, which had started operating as at 17 March 2025, focusing on several key areas, including:

• Prominence and accuracy of licensing statements, which were in some cases not prominently displayed or contained incomplete regulatory references;
• Risk disclosures, which in some instances were not sufficiently clear or were placed in areas of the site that diminished their visibility;
• The use of ambiguous language, such as references to "trading" or “buy stocks,” which could erroneously suggest the provision of investment services outside the scope of the CASP licence;
• The promotion of unregulated services like NFTs or staking without adequate disclaimers indicating these are not regulated under MiCA;
• Conflict of interests, which in some cases might have not been adequately disclosed on the websites.

The review also assessed marketing practices, including promotional campaigns offering rewards and other forms of incentives. While such incentives can be legitimate tools to attract business, the MFSA emphasises that they must not cloud clients’ financial decisions and compromise the principles of fair and transparent communication.

“The Authority expects all CASPs to maintain high standards of clarity and transparency across their websites,” stated Sarah Pulis, Head of Conduct Supervision at the MFSA. “Firms are expected to provide clear, accessible information about their products and services, and ensure that the related information and disclosures are accurate and prominently displayed.”

In some cases, the MFSA observed complex website structures, especially among global entities with layered navigation and content targeting multiple jurisdictions. CASPs with a global presence and licensed by the MFSA must ensure that EU/EEA clients are directed to a dedicated website containing information specifically pertaining to them, with clear disclosures for any offerings not available in these jurisdictions.

The Authority has communicated its findings to licence holders through a dedicated letter outlining regulatory expectations and best practices. CASPs are expected to take immediate action to align their websites with these standards and as per MiCA’s requirements.

The MFSA will continue to closely monitor these websites and engage with licence holders to address any shortcomings. This proactive regulatory stance aims to strengthen consumer trust and Malta’s reputation as a jurisdiction of choice for responsible and well-regulated crypto-asset service providers.