TL;DR
- Malta’s accelerated MiCA licensing uses its pre-existing VFA regime, sparking concerns over regulatory arbitrage.
- France’s AMF and global policy experts warn that speed may compromise enforcement and oversight.
- Major crypto firms like OKX and Crypto.com received approvals in days, triggering criticism of superficial vetting.
- Malta defends its framework as risk-based and experienced, while ESMA begins an official peer review of its regulatory practices.
Malta’s MiCA Shortcut: Streamlined or Superficial?
Malta’s 2018 Virtual Financial Assets (VFA) framework has become the cornerstone of its expedited approach to the Markets in Crypto-Assets Regulation (MiCA). According to the Malta Financial Services Authority (MFSA), the VFA regime is considered quasi-equivalent to MiCA.
Firms that held a local VFA license before December 30, 2024, are eligible for pre-authorization status—an interim designation allowing rapid access to EU markets. This pathway has enabled top exchanges like OKX and Crypto.com to secure MiCA licensing in a matter of days.
Oversight vs. Speed: The Central Risk
While Malta promotes regulatory clarity, critics argue that rapid licensing may outpace enforcement. Liat Shetret, VP at Elliptic, warns that smaller jurisdictions often lack the capacity for ongoing supervision.
Marie-Anne Barbat-Layani, head of France’s AMF, has voiced concerns about a “race to the bottom” where rapid licensing undermines MiCA’s harmonization intent.
Legal expert Daniel Arroche noted that Malta’s pre-approvals deviate from MiCA’s formal procedures, potentially fragmenting the regulatory environment across EU member states. Meanwhile, investigations by FinTelegram raised flags over alleged AML issues involving VFA-licensed firm StablR, emphasizing the real-world risks of relaxed vetting.
Malta’s Position: Risk-Based and Experienced
The MFSA contends its approach is grounded in years of crypto supervision, insisting that speed does not mean softness. The regulator confirms it has issued just four MiCA licenses so far, including to OKX and Crypto.com, and asserts that its vetting includes full compliance with anti-money laundering protocols.
OKX Europe received pre-authorization on January 23, 2025, followed by full CASP licensing on January 27—a four-day turnaround. Malta later fined the firm $1.2 million for AML breaches but maintained there was no preferential treatment in its MiCA licensing.
Crypto.com similarly gained a license in January after years of operations in Malta. Both companies claim the island’s crypto familiarity influenced their decision to base EU operations there.
The Broader EU Stakes
The impact extends beyond Malta. With firms like Gemini, Coinbase, and Kraken eyeing MiCA access, the regulatory playing field is being tested.
In response, the European Securities and Markets Authority (ESMA) has launched a peer review of Malta and Luxembourg to evaluate whether national regulators are applying MiCA with sufficient rigor.
Analysts suggest that if Malta is found to be overly permissive, it could prompt a shift toward centralized EU enforcement—or a tiered licensing model based on the complexity of service providers.
The Data
| Metric | Value / Detail |
| MiCA Approval Time (OKX) | 4 days from pre-authorization (Jan 23) to full license (Jan 27) (CoinDesk) |
| Malta MiCA Licenses Issued | 4 as of June 2025 (CoinEdition) |
| OKX AML Fine by MFSA | $1.2 million in April 2025 (Cointelegraph) |
| ESMA Action | Peer review of Malta and Luxembourg licensing practices (CoinDesk) |
| France’s AMF Warning | “Race to the bottom” concern on relaxed licensing regimes (CoinTribune) |
In Summary
Malta’s fast-track MiCA process positions the country as a strategic crypto gateway, but critics argue it may sacrifice the rigor and uniformity MiCA was designed to ensure. With major exchanges exploiting the shortcut, the burden now shifts to ESMA to assess whether this regulatory acceleration is compliant—or careless.
