The Malta Financial Services Authority (MFSA) has issued a ‘Dear CEO’ letter highlighting the current state of websites operated by licensed Crypto-Asset Service Providers (CASPs). This letter follows a comprehensive supervisory review, carried out during Q1 2025, which assessed the clarity, accuracy, and regulatory compliance of online content published by licensed CASPs.
Several areas were identified where firms fell short of their obligations under the Markets in Crypto-Assets Regulation (MiCA) and related national legislation.
The findings prompted the MFSA to outline specific expectations across six key areas:
1. Website Complexity and Usability
Many websites were found to be overly complex in design and difficult to navigate, particularly global platforms serving multiple jurisdictions. CASPs are expected to streamline their websites and enhance clarity to improve user experience and accessibility.
2. Regulatory and Risk Disclosures
Licensing statements were often inadequately displayed or incomplete. Risk warnings were sometimes separated from related product content. The MFSA now expects clear, prominently placed licensing statements on homepages and risk warnings to appear in close proximity to relevant offerings.
3. Presentation of Products and Services
The review revealed misleading language suggesting the provision of investment services and insufficient differentiation between regulated and unregulated offerings (e.g., NFTs and staking). Firms must clearly indicate the regulatory status of each service and avoid implying authorisation where none exists.
4. Marketing Practices and Incentives
Several CASPs were found to be using promotions and reward-based marketing without fully disclosing the terms and conditions. The MFSA reiterated that all such promotions must comply with consumer protection principles and its 2021 circular on marketing linked to financial incentives.
5. Disclosure of Conflicts of Interest
In cases where firms offer both execution and advisory services, disclosures regarding conflicts of interest were often missing. The MFSA expects transparent explanations of potential conflicts, including how they are managed.
6. Sustainability Disclosures
Disclosures on the environmental impact of crypto consensus mechanisms, as required under Delegated Regulation (EU) 2025/422, were frequently absent or non-compliant. CASPs must provide clear and complete information in accordance with the prescribed format.The MFSA has stated it will continue to monitor CASP websites and follow up with individual firms where shortcomings persist.
Next Steps
CASPs are urged to review their websites and ensure full alignment with the expectations set out in the MFSA’s letter. Should clarification be required, BDO Malta’s legal team is ready to assist licensed entities in meeting their regulatory compliance obligations.Have questions? Contact us
