EU/EEA PassportingMiCA CASP authorisation

CASP Authorisation in Malta

Malta is an EU/MiCA CASP route for teams that need MFSA-supervised crypto-asset services and EU/EEA passporting, and can support local substance, governance, capital, audit and technology controls.

Processing time
From 6 months
Service price
20 700 EUR
Required share capital
From 50 000 EUR
State fee
From 10,000 EUR
Annual supervision fee
From 10 000 EUR
Banking difficulty
Medium to high
RegulatorMalta Financial Services Authority (MFSA)

Confirm current MFSA guidance, application forms, fees and service categories before using this page for client advice.

Regulatory status should be confirmed by local counsel before relying on this route.

What is Malta CASP authorisation?

Malta CASP authorisation is the MFSA-supervised EU route for crypto-asset service providers under MiCA. It can support EU/EEA passporting when the service perimeter, local operating model and compliance file are built for the intended activities.

CASP
Jurisdiction
Malta
Regulator
Malta Financial Services Authority (MFSA)
Regime
CASP
Legal basis
Legal basis: MiCA CASP authorisation supervised through the Malta/MFSA framework.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

CASP service scope in Malta

The application should start with a precise CASP scope. Exchange, custody, brokerage, wallet and payment-style services can be possible, but each increases the evidence expected for governance, AML, safeguarding and technology controls.

  • Exchange

    Conditional

    Exchange activity may require additional scope or separate licensing.

  • Custody

    Conditional

    Custody may require separate review or additional controls.

  • Brokerage

    Conditional

    Brokerage or OTC activity typically fits within scope.

  • Wallet provider

    Conditional

    Exchange activity may require additional scope or separate licensing.

  • EU market

    Included

    EU/EEA passporting available.

  • Startups

    Excluded

    High setup complexity means significant budget is needed.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

EU/EEA passporting from Malta

Malta is different from non-EU CASP routes because approved MiCA/CASP services can be positioned for EU/EEA passporting. The passporting story should be tied to the approved activities, target markets and operational readiness, not treated as a generic marketing label.

  • Define target EU/EEA markets and client categories before submission.

  • Map passporting plans to each CASP service rather than assuming one approval covers every future activity.

  • Compare non-EU CASP or VASP routes only if EU/EEA access is not the commercial driver.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Capital, governance and audit expectations

Malta is a high-complexity route. Current planning assumptions point to share capital from 50,000 EUR, state and annual fees from 10,000 EUR, plus local staff, physical office and audit. The commercial question is whether the team can maintain this operating model after authorisation.

  • Board, senior management, compliance, AML and technology ownership should be named and credible.high
  • Capital planning should match activity scope, especially for exchange, custody or fiat-heavy operations.high
  • Audit, reporting, outsourcing and incident-management workflows should be budgeted as ongoing obligations.high

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Malta CASP application bottlenecks

Most blockers are operating-model issues rather than form-filling issues. Malta works best when the team resolves scope, substance, controls and banking before treating the application as a timeline exercise.

  • Unclear CASP service perimeter or EU/EEA passporting plan

    High

  • Underdeveloped local governance, staffing or board accountability

    High

  • Weak custody, safeguarding, wallet or technology-control evidence

    High

  • Generic AML policies that do not match client geography, tokens and fiat flows

    High

  • Banking or PSP package prepared too late

    High

  • Route selection driven by a low-budget offshore objective rather than EU/EEA passporting and MFSA supervision

    High

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Activity fit for this route

Review which crypto activities fit within the scope of this route.

Exchange
Conditional

Exchange activity may require additional scope or separate licensing.

Custody
Conditional

Custody may require separate review or additional controls.

Brokerage
Conditional

Brokerage or OTC activity typically fits within scope.

Wallet provider
Conditional

Exchange activity may require additional scope or separate licensing.

EU market
Suitable

EU/EEA passporting available.

Startups
Not suitable

High setup complexity means significant budget is needed.

Not sure if your model fits? Request a licensing assessment

Is Malta CASP authorisation right for your project?

Best for

  • EU passporting and regulated CASP operations
  • EU/EEA market access

Not suitable for

  • Low-budget or fast offshore setup
  • Projects without a prepared banking strategy

Banking difficulty is high for this route. Prepare a banking strategy before committing to the Malta route.

Core requirements

Use this section to check the main regulatory and operational requirements before committing to a jurisdiction.

Required share capitalFrom 50 000 EUR
Required
Local staffRequired
Required
Physical officeRequired
Required
AuditRequired
Required

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Local substance in Malta

Local staff and physical office should be treated as operating requirements. A nominal footprint is not enough if decision-making, compliance and technology accountability sit elsewhere without a defensible control model.

Local staff

Required

Required

At least one locally-accountable staff member or director is expected.

Physical office

Required

Required

A genuine office presence is expected, not a nominal registered address.

Audit

Required

Required

External audit is required for ongoing supervision compliance.

Planning notes

  • Plan local compliance ownership and regulator-facing accountability before filing.
  • Document what is controlled in Malta and what is outsourced, including oversight of group or technology providers.
  • Budget local staff, office, audit and ongoing compliance separately from application advisory fees.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cost breakdown

Budget for service price, regulatory fees, share capital and ongoing costs separately.

Service price (professional fees)Application preparation and professional services.
20 700 EUR EURFixed
State fee
From 10,000 EURFrom
Annual supervision feeRecurring annual cost after authorisation.
From 10 000 EURFrom
Required share capitalMust be held, not an expenditure.
From 50 000 EURFrom
High ongoing cost

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cost breakdown — Malta

Budget for service price, regulatory fees, share capital and ongoing costs separately.

Cost itemAmount
Service priceApplication preparation and professional services.€20,700
State fee€10,000
Required share capitalMust be held, not an expenditure.€50,000

Summary

One-off costs
€80,700
Annual (year 1)
€0
Total year 1
€80,700

Adjust to convert to your base currency.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Application process

The sequence below shows the usual project flow. Exact steps depend on the regulator, business model and application scope. Malta — From 6 months.

Total timelineFrom 6 months

  1. Pre-assessment and scope review

    1–3 weeks

    Define the activity scope, governance model and target markets before formal preparation.

  2. Company setup in Malta

    2–6 weeks

    Establish legal entity, appoint local staff and set up local operating structure.

  3. Documentation and compliance packBottleneck risk

    3–8 weeks

    Prepare AML/CFT policies, governance documents, controls framework and application materials.

  4. Application submission to Malta Financial Services Authority

    1–2 weeks

    Submit complete application with all required documentation.

  5. Regulator reviewBottleneck risk

    From 6 months

    Regulator reviews the application. May request clarifications. Incomplete files extend this phase.

    Depends on: File quality and completeness

  6. Authorisation or registration confirmation

    1–4 weeks

    Regulator confirms authorisation or registration. Commence operations.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

What can delay or increase cost

These factors are most likely to affect timelines and budgets for this route.

High setup complexity
High

Setup complexity is rated high for Malta. Company setup, governance and documentation take longer than average.

Likely impactAdd 4–8 weeks to the preparation phase.
MitigationStart company setup and governance planning immediately after scope confirmation.
Banking difficulty
High

Banking difficulty is rated high. Opening accounts for crypto businesses in Malta requires extensive documentation.

Likely impactBanking can delay or block operations for 3–6 months after authorisation.
MitigationIdentify and pre-qualify banking partners before submitting the application.
High maintenance cost
Medium

Ongoing supervision, audit and compliance costs are above average. Budget for these separately from the application fee.

Likely impactRecurring annual cost significantly above the one-time service price.
MitigationModel annual compliance costs before committing to this route.
Application completeness
Medium

Incomplete files are the most common cause of delay. Regulator queries extend review by weeks or months.

Likely impactEach regulator query adds 2–6 weeks to the review phase.
MitigationUse a structured compliance pack. Review file completeness before submission.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Banking and PSP strategy

Malta has a high regulatory reputation, but banking difficulty is still medium to high. Authorisation planning should run in parallel with bank and PSP readiness, especially for exchange, custody and fiat-heavy models.

Banking difficulty
High

Reflects how challenging it is to open and maintain business bank accounts in this jurisdiction.

Medium PSP availability
Medium

Reflects availability of payment service providers willing to onboard crypto-licensed entities.

A licence or registration does not guarantee bank account or payment provider approval. Banking feasibility should be reviewed before the application strategy is finalized.

Preparation checklist

  • Prepare flow-of-funds diagrams, client geography, token policy and transaction monitoring evidence.
  • Explain fiat rails and safeguarding before approaching banks or PSPs.
  • Do not assume MFSA authorisation will automatically solve account opening.

Business model fit — Malta

Assess how well this route covers your planned activities.

Fit score

Good fit
0/6
Partial fit
6/6
Poor fit
0/6

Malta may not cover your primary activities

Consider an alternative route that better matches your activity profile.

MFSA application profile

Regulatory authority · Malta

Malta Financial Services Authority (MFSA)

The MFSA file should read like a regulated financial services application: clear activities, accountable management, local substance, risk controls, safeguarding and a practical AML framework. Weak substance or template policies are likely to create review friction.

Official regulator website
Likely areas of scrutiny
  • MFSA positioning is strongest for teams that value EU reputation and can evidence real Malta operations.
  • Custody, exchange and cross-border fiat flows need a stronger control file than narrow brokerage models.
  • AML, sanctions, travel rule, transaction monitoring, outsourcing and cybersecurity evidence should be product-specific.
  • Legal and regulatory source updates should be checked before relying on timelines or fee assumptions.
Regulatory reputation
High

Strong international recognition and established supervision track record.

Setup complexity
High

Reflects documentation depth, governance requirements and expected review friction.

Regulatory risk
Medium

Reflects likelihood of delays, additional information requests or policy uncertainty.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Compliance documentation

Most crypto licensing routes require a documented compliance framework before submission, not only after approval.

  • Required
    AML/CFT policy and risk assessmentDocument your customer risk model and control framework.
  • Required
    Customer due diligence (CDD) procedures
  • Required
    Enhanced due diligence (EDD) proceduresFor high-risk clients and jurisdictions.
  • Required
    Transaction monitoring system and rules
  • Required
    Sanctions screening procedures
  • Required
    Suspicious activity reporting (SAR) process
  • Required
    MLRO / Compliance officer appointmentLocal accountability may be required.
  • Recommended
    Board-approved governance charter
  • Conditional
    Outsourcing policy and monitoringRequired if functions are outsourced.
  • Recommended
    ICT / cybersecurity policy
  • Required
    Complaints handling procedure
  • Required
    Annual external audit engagementRequired for ongoing supervision compliance.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Documents to prepare

Preparing these materials before filing reduces regulator questions and helps with banking or payment provider onboarding.

0 / 12 required
Required
Recommended
Depends on scope

Corporate documents

AML and compliance

Operational

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Risk assessment

Main risk dimensions for the Malta route.

Banking difficulty
High

Route risk rating — banking difficulty: Medium to high. Authorisation does not guarantee bank account opening.

Mitigation: Start banking outreach and compliance preparation before the application.

Setup complexity
High

Route risk rating — setup complexity: High.

Maintenance cost
High

Route risk rating — maintenance cost: High. Budget for ongoing compliance, fees and supervision separately.

Regulatory reputation
High

Route risk rating — regulatory reputation: High.

Regulatory risk
Medium

Route risk rating — regulatory risk: Low to medium. Weak compliance, vague scope or insufficient controls increase review risk.

Mitigation: Prepare an evidence-based compliance file before submission.

This content is for general orientation only. Crypto regulation changes quickly and the final scope should be confirmed through a jurisdiction-specific legal review before filing or incorporation.

Malta CASP vs alternatives

Compare Malta CASP with the Malta MiCA page for the same EU authorisation from the MiCA hub, Turkey CASP for non-EU local-market entry, Dubai VASP for UAE positioning and Canada MSB for narrower registration-style activity.

Current

Malta

CASP

Price
20 700 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

Malta (MiCA)

MICA

Price
20 700 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ Same MFSA/MiCA route framed from the MiCA licence hub

Not a lighter alternative to CASP authorisation

View route

Turkey (CASP)

CASP

Price
52 800 EUR
Timeline
From 3 months
Passporting
No passporting
Banking
High
Reputation
Medium

+ Local-market CASP route for Turkey-facing operations

No EU/EEA passporting and materially different regulator profile

View route

Dubai (VASP)

VASP

Price
22 300 EUR
Timeline
From 6 months
Passporting
No passporting
Banking
Medium
Reputation
High

+ Strong non-EU regulated VASP positioning

Does not provide EU/EEA market access

View route

Canada (MSB)

MSB

Price
20 600 EUR
Timeline
From 2 months
Passporting
No passporting
Banking
Medium
Reputation
High

+ Registration-style option for narrower MSB flows

Not a full CASP route for broad exchange or custody activity

View route

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Malta vs other CASP routes

Compare key parameters across CASP authorisation routes.

Sort by:
MaltaCurrent
Price20 700 EUR
TimelineFrom 6 months
BankingMedium to high
ReputationHigh
Turkey
Price52 800 EUR
TimelineFrom 3 months
BankingHigh
ReputationMedium
Dubai
Price22 300 EUR
TimelineFrom 6 months
BankingMedium
ReputationHigh

Check your readiness for Malta CASP authorisation

Documented AML/CFT policies, risk assessment, compliance officer.

Share capital

From 50 000 EUR minimum capital required.

AML/CFT framework

Documented AML/CFT policies, risk assessment, compliance officer.

Governance structure

Board, management, accountability chain defined.

Banking preparation

Banking strategy and identified partners.

Local substance plan

Local staff and office in Malta.

Readiness status

Answer the criteria on the left to see your readiness status.

Frequently asked questions

Malta CASP authorisation under MiCA can support EU/EEA passporting, but only for the approved service scope and subject to the required notification process. It should not be sold as automatic access for every future activity.

Only if the startup has a serious compliance budget and a mature operating model. Malta is generally weak for low-budget launches because local staff, office, audit, governance, capital and ongoing compliance are material obligations.

Expect a regulator-facing file with precise CASP services, accountable management, Malta substance, AML controls, safeguarding, technology evidence, outsourcing oversight and a credible banking or PSP plan.

Malta is an EU/MiCA route with potential EU/EEA passporting. Turkey is a non-EU local-market CASP route and should not be used as a substitute for EU market access.

Compare non-EU routes such as Dubai VASP or Canada MSB when the business does not need EU/EEA passporting, has a narrower activity scope, or needs UAE, Canadian or other market positioning instead of an MFSA-supervised EU CASP file.

The page is not legal advice and should not be relied on as a substitute for advice from qualified counsel in the relevant jurisdiction.

Your dedicated specialists

  • Enrico Kärvinen

    Enrico

  • Rein Tammik

    Rein

  • Jurata Žukaitė

    Jurata

  • Andrej Kazlauskas

    Andrej

  • Marta Värna

    Marta

  • Katrin Lepik

    Katrin

  • Inga Stankavičiūtė

    Inga

Request a Malta CASP assessment

Share your planned activities, target markets and timeline. We will review which crypto licensing route is likely to fit.

Leave open if you want a country comparison.
Select every activity you plan to offer. The licence route may change if you include custody, exchange, trading platform or fiat flows.
Include service fees, regulator fees, share capital, local office or staff, audit and ongoing compliance.

By submitting this form, you agree to be contacted about your crypto licensing request. Do not include passwords, private keys or confidential customer data.