ARTICLE
18 March 2026

Dear CEO Letter – Supervisory Review Of Crypto-Asset Service Providers' Websites

MF
MK Fintech Partners

Contributor

MK Fintech Partners logo
MK Fintech Partners Ltd. is affiliated with the prestigious Michael Kyprianou Group, a leading international legal and advisory entity. Renowned for its diverse legal services, the group has become one of Cyprus' largest law firms, with offices in Nicosia, Limassol, Malta, Ukraine, the United Arab Emirates, and the UK.
Explore Firm Details
On 7 May 2025, the Malta Financial Services Authority issued a Dear CEO Letter following a supervisory review of the websites of licensed Crypto-Asset Service Providers.
Malta Technology
Rodrigo Ellul
Your Author LinkedIn Connections
Rodrigo Ellul’s articles from MK Fintech Partners are most popular:
  • within Technology topic(s)
  • with Senior Company Executives, HR and Finance and Tax Executives
  • in European Union
  • in European Union
  • in European Union
  • in European Union
  • in European Union
  • in European Union
  • in European Union
  • in European Union
  • in European Union
  • with readers working within the Business & Consumer Services and Securities & Investment industries

Background

On 7 May 2025, the Malta Financial Services Authority issued a Dear CEO Letter following a supervisory review of the websites of licensed Crypto-Asset Service Providers. The purpose of the review was to assess whether information presented on CASP websites is clear, fair and not misleading, particularly where such information is directed at retail clients.

The exercise forms part of the MFSA's broader supervisory approach in anticipation of the full application of the Markets in Crypto-Assets Regulation. In particular, the Authority is placing increased emphasis on how CASPs communicate regulatory information, risk disclosures and service descriptions through digital channels.

Under MiCA, CASPs are required to act honestly, fairly and professionally in the best interests of their clients and must ensure that communications and marketing materials are fair, clear and not misleading.

Against this background, the MFSA reviewed the public websites of licensed entities to evaluate whether the information made available to prospective clients meets these regulatory expectations.

More Insights

Key Observations from the MFSA Review

The MFSA identified several areas where improvements may be required to ensure that website content provides adequate transparency and consumer protection.

Website Complexity and Navigation

The MFSA also observed that certain CASP websites were complex in design and structure, often featuring multiple layers of navigation and extensive graphics. In some cases, this complexity may make it difficult for users to easily locate relevant regulatory information and disclosures.

The Authority therefore expects CASPs to review the design and structure of their websites and, where necessary, streamline navigation and simplify the layout in order to improve clarity and accessibility of information for users.

Clarity of Regulatory Status

The MFSA observed that some websites do not clearly explain the regulatory status of the firm or the precise scope of services authorised under the applicable regulatory framework.

In certain instances, website content may create the impression that additional services are regulated when this may not be the case.

The Authority therefore expects CASPs to clearly disclose:

  • the fact that the entity is authorised as a CASP;
  • the specific crypto-asset services for which authorisation has been granted; and
  • where applicable, services offered by the firm that fall outside the regulatory perimeter.

Clear and accurate disclosure of regulatory status is essential in order to avoid misleading users regarding the level of regulatory protection associated with particular services.

Global Websites and Jurisdictional Clarity

The MFSA also highlighted the potential for confusion where CASPs operate global websites presenting products and services offered by different group entities across multiple jurisdictions. In such cases, users may not clearly understand which services are available to EU/EEA clients and which entity is responsible for providing those services.

The Authority therefore expects CASPs to clearly distinguish between services available in EU/EEA jurisdictions and those offered in other regions. Where global websites are used, appropriate mechanisms such as geo-blocking or redirection to EU-specific webpages may be required to ensure that EU/EEA users are presented with accurate regulatory information.

Risk Disclosures

The review also highlighted shortcomings in the manner in which risks associated with crypto-asset transactions are communicated to users.

MiCA requires CASPs to warn clients about the risks associated with crypto-asset transactions and to ensure that communications are not misleading.

The MFSA therefore expects CASPs to ensure that risk warnings are:

  • prominently displayed on their websites;
  • written in clear and accessible language suitable for retail clients; and
  • not obscured by marketing or promotional content.

Effective risk disclosures are considered an essential component of consumer protection in the crypto-asset sector.

Marketing and Promotional Content

The MFSA also raised concerns regarding the way in which some firms present marketing and promotional material on their websites.

In particular, marketing communications should not:

  • emphasise potential benefits without appropriate reference to risks;
  • create unrealistic expectations regarding returns; or
  • minimise the speculative nature of crypto-asset investments.

CASPs are therefore expected to ensure that marketing communications remain balanced and transparent, reflecting both the opportunities and risks associated with crypto-asset activities.

The Authority also noted instances where promotional campaigns involved rewards or incentives offered to clients, such as bonuses or free crypto-assets. CASPs are expected to ensure that the terms and conditions of such promotions are clearly disclosed and easily accessible, and that promotional practices remain aligned with the MFSA's expectations regarding fair communication and consumer protection.

Environmental Disclosures – Principal Adverse Impacts

The MFSA also identified instances where disclosures relating to the environmental impact of crypto-asset consensus mechanisms were either omitted or not presented in accordance with the format required under Commission Delegated Regulation (EU) 2025/422.

CASPs are therefore expected to ensure that disclosures relating to the Principal Adverse Impacts (PAIs) of consensus mechanisms are provided in line with the Delegated Regulation, including the required content, methodology and presentation of sustainability indicators.

Conflicts of Interest

The MFSA observed that in certain cases CASPs may not have adequately disclosed potential conflicts of interest on their websites, particularly where firms provide multiple services such as execution, advisory services or portfolio management while also operating trading platforms.

CASPs are therefore expected to ensure that clear, transparent and prominent disclosures are provided regarding any applicable conflicts of interest, including the nature of the conflict and the measures adopted to manage such situations in order to safeguard client interests.

Any Regulatory Implications?

Although the Dear CEO letter does not introduce new regulatory obligations, it signals the MFSA's supervisory expectations regarding the manner in which CASPs communicate with clients and prospective clients.

The letter also suggests that the Authority may increase its scrutiny of CASP websites and marketing practices as part of its supervisory activities. Firms may therefore wish to undertake internal reviews of their website content to ensure alignment with MiCA's conduct requirements.

In particular, firms should ensure that their communications are consistent with the obligation to act honestly, fairly and professionally in the best interests of clients.

Key Takeaways for CASPs

In light of the MFSA's supervisory findings, CASPs should consider reviewing their website content to ensure that:

  • their regulatory status and authorised services are clearly disclosed;
  • any services falling outside the regulatory perimeter are clearly distinguished;
  • risk warnings are prominently displayed and easily understandable;
  • marketing communications remain balanced and not misleading; and
  • key disclosures, including pricing and fee information, are readily accessible.

Conclusion

The MFSA's Dear CEO letter highlights the importance of clear, transparent and balanced communication with clients, particularly through CASP websites and online marketing channels.

While the letter does not introduce new regulatory requirements, it reinforces the supervisory expectation that CASPs ensure their communications fully comply with MiCA's conduct and consumer protection standards. Firms operating in the sector should therefore review their public communications to ensure that website content provides accurate, transparent and accessible information to users.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Rodrigo Ellul
Rodrigo Ellul
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More