What if the biggest threat to Europe’s crypto ambitions isn’t overregulation, but the wrong kind of regulation?
The European Commission wants to hand supervision of the bloc’s largest crypto asset service providers directly to the Paris-based European Securities and Markets Authority (ESMA). Sounds reasonable, right? Centralize, harmonize, solve the chaos. But Malta’s Financial Services Authority (MFSA) is waving red flags—and they’re not doing it because they want to protect their own turf. They’re doing it because they think Europe is about to break something that actually works.
This isn’t just bureaucratic infighting in Brussels. The fight over who supervises crypto firms is reshaping how Europe will balance market integration, investor protection, and the very capacity to regulate an industry that moves at crypto speed.
The Case for Centralization Looks Obvious (At First)
On paper, the argument is airtight. France, Austria, and Italy say that when crypto companies can get authorized in one EU member state and then passport their services across the entire bloc, you need one supervisor watching them all. Otherwise—the logic goes—firms will shop around for the softest regulator, and investor protection gets left behind.
“A single supervisor for major cross-border companies would deliver more efficient and harmonized supervision, strengthen investor protection and reduce the risk of forum shopping.”
ESMA’s already pointing to a specific wound: they reviewed one of Malta’s Markets in Crypto Assets Regulation (MiCA) authorizations—widely reported to be OKX—and found that while Malta met expectations on supervisory standards, the authorization “should have been more thorough.” That’s the smoking gun the centralization camp needs. Malta’s a small jurisdiction. It must be a regulatory pushover. Problem solved: move crypto supervision to Paris.
Except Malta isn’t saying no to stronger oversight. They’re saying the diagnosis is wrong.
Why Malta’s Real Argument Has Nothing to Do With National Pride
Listen to Ian Gauci, one of the architects of Malta’s original crypto rulebook: “That is not what this is.” The MFSA’s position, he told Cointelegraph, “are not jurisdictional” and “go to the structure itself and how it will behave wherever it is applied in the Union.”
Translate that: Malta isn’t defending their turf. They’re warning that centralized supervision, as currently proposed, will create a nightmare of fragmented accountability.
Here’s the actual structure problem. A major crypto firm operates as a single, integrated system—one risk profile, one set of operational dependencies, one crisis scenario. But if you centralize supervision under ESMA while leaving national authorities and the new Anti-Money Laundering Authority (AMLA) in the picture, you split oversight across multiple bodies. Throw in the Digital Operational Resilience Act (DORA), which expects an integrated view of IT risk, and you’ve just made it impossible for anyone to actually understand what’s happening inside these firms during a crisis.
“Once you split supervision like this, that unity disappears,” Gauci said. Accountability becomes fragmented. When something goes wrong—and it will—nobody owns the full picture.
OKX’s European CEO, Erald Ghoos, made a sharper point: there’s no evidence the current model is failing. MiCA only recently became fully applicable. The peer review of Malta’s work found they met expectations. So why rewrite the entire system? That looks less like reform and more like a political decision dressed up as prudence.
Is Centralization Actually Solving the Right Problem?
Malta’s deeper argument cuts to something harder than jurisdiction: the difference between supervisory depth and supervisory scale.
Early movers like Malta invested years building expertise in an industry that moves faster than traditional finance. They built proximity to firms, understood the technology, stayed ahead of the curve. If you centralize supervision, you’re betting that a larger, more distant authority—no matter how well-intentioned—can match that depth across dozens of countries and hundreds of firms.
But here’s the risk nobody’s talking about: Strip away that incentive for jurisdictions to build serious supervisory capacity, and you don’t get Paris-based expertise. You get regulatory drift. Firms move offshore. Europe loses market share. The policymakers who wanted to centralize supervision to keep crypto from leaving Europe end up driving it away.
Gauci’s counterproposal is surgical. Use existing tools. Make peer reviews actually enforce standards. Set timelines. Impose consequences for failure. Target centralization only at firms that are genuinely systemic and cross-border. Don’t nuke the entire structure to fix edge cases.
That’s a harder sell than “one supervisor” but it’s the argument that’s actually grounded in how regulation works when speed matters.
The Real Stakes Here
This isn’t Malta versus Brussels. It’s a question about whether Europe understands the difference between coordination and control.
MiCA already created a passport system. Companies authorized in one country can operate across the EU. That’s integration. What’s missing isn’t centralized power; it’s teeth in the existing peer review process. A single supervisor sounds cleaner, but it trades a system built on supervisory expertise for one built on bureaucratic distance.
And Europe can’t afford that trade. Crypto firms are relocating to friendlier jurisdictions—Singapore, the UAE, Hong Kong. If Europe centralizes supervision without preserving the depth that made it work in the first place, it’ll accelerate that exodus.
The Commission’s proposal forces a choice: do you want scale or skill? So far, Malta’s the only one asking the question out loud.
🧬 Related Insights
- Read more: Coinbase’s Federal Charter: How Crypto Finally Cracked the Banking Establishment
- Read more: Eight Fintech Trends Taking Over FinovateSpring 2026—and Why Most Banks Still Aren’t Ready
Frequently Asked Questions
What is ESMA and why does it matter for crypto regulation?
ESMA is the European Securities and Markets Authority, a Paris-based regulator that coordinates financial supervision across the EU. The Commission wants to give ESMA direct supervisory power over large crypto firms, shifting control away from individual countries like Malta.
Will centralizing crypto supervision under ESMA actually reduce regulatory shopping?
Possibly, but Malta argues it could create worse problems—fragmented oversight that splits accountability across ESMA, national authorities, and anti-money laundering bodies, making it harder to respond to crises.
Is Malta just trying to keep its crypto business?
Malta’s official position is about regulatory effectiveness, not jurisdiction. Their argument is structural: centralization without preserving supervisory depth could drive crypto firms offshore entirely, the opposite of what Europe wants.
