The review also identifies areas for improvement, including risk assessment and resolution of material issues during authorisation.

A central observation of the review was the timing of the CASP authorisation issued by the MFSA, ahead of other Member States and that the MFSA’s assessment process should have been more thorough.

In particular, the review provides that no evidence was found on the authorisation files that certain key matters were adequately assessed by the MFSA, which ESMA recommends that EU national competent authorities (NCAs) focus on.

These include:

• The CASP’s business plan and adequacy of resources, approaches and systems to support the business’ growth
• Potential conflicts of interest
• Governance and intragroup arrangements
• Risks relating to ICT infrastructure, custody, the booking model used
• Risks relating to Web 3.0 services and decentralised products, including promotion or reliance on unregulated products or services
• Certain AML/CFT matters

NCAs are urged to integrate these recommendations into their practices to strengthen oversight in this high-risk sector.

ESMA’s news release can be found here and the executive summary of the peer review here.