MFSA Notice - The European Securities and Markets Authority (“ESMA”) Highlights the Risks Pertaining to Crypto-Assets
FEBRUARY 14, 2025

Introduction

As the European Union was in the process of setting the legal and regulatory framework of the now-introduced Markets in Crypto Assets Regulation (MiCAR), ESMA has noted both the increase of public interest and the risks related to dealing with crypto-assets. In view of the growing concerns, ESMA has participated in a joint warning on the risks associated with crypto-assets, published on 17 March, 2022, with reference ESA 2022 15, as part of the European Supervisory Authorities’ (ESAs) efforts to increase risk awareness for consumers dealing with crypto-assets.

On 17 December 2024, Malta Financial Service Authority has notified the public of ESMA’s latest warning on crypto-assets, with reference ESMA35-1872330276-1971. In a published statement, ESMA has  highlighted the risks arising from dealing with cryptocurrency-related assets.

Identified Risks

European Supervisory Authorities, including ESMA, have identified issues, that can be summarized into a non-exhaustive list of potential consumer risks when dealing with cryptocurrency-related assets and products:

  • Extreme volatility and sudden price movements that can potentially be detrimental to consumers. Nevertheless, these spikes in price can fuel investor’s interest. In its latest warning, ESMA calls for caution and careful considerations of all investment aspects, personal needs and investment objectives;
  • Misleading information, such as marketing/promotion which is aggressively advertised and which is incomplete, inaccurate or even purposefully misleading. The ‘finfluencer phenomenon’ is also something which investors should be aware of since these are usually paid for marketing certain crypto-assets and related products and services and therefore may be biased in the communications they issue;
  • Partial protection, even though the newly introduced MiCAR will enhance protections for holders of crypto-assets and clients of crypto-asset service, it does not provide the same (or comparable) level of protection;
  • Product complexity with exposure to sophisticated technology can potentially be unsuitable for a wider audience, making crypto-assets prone to novel risks in view of the underlying technology;
  • Frauds and scams, whereas fake crypto-assets and various online scams have grown exponentially over the past years, coupled by an alarming growth of various sophisticated techniques used by fraudsters to deprive consumers of their monies;
  • Market manipulations and potential low liquidity limiting consumers to buy and/or sell their crypto-assets, due to the concentration of crypto-asset holdings;
  • Cybersecurity threats, where hacks of crypto-asset service providers and exchanges have been frequently noted, as well as the loss of crypto-wallet private keys and access, leading many consumers to permanent loss of their crypto-assets;

MiCA Regulation Does Not Eliminate All Risks

ESMA’s statement ESMA35-1872330276-1971 aims to remind all existing and potential investors, as well as the general public across all Member States, that the inherent risk of dealing with crypto-assets remains present, despite the introduction of MiCAR. The levels of protection for traditional investment products, as set in Markets in Financial Instruments Directive (MiFID) II, are at this stage not available under MiCAR, namely:

  • Investor compensation scheme, as seen in MiFID II, is not available under MiCAR – consequently, in the event of a crypto-asset service provider’s (CASP) default, there is no “safety net” for clients;
  • Appropriateness testing and/or suitability assessments of a (potential) consumer’s knowledge and ability to understand offered products and services, is not a requirement under MiCAR, in contrast to such requirements being mandatory under MiFID II, for the benefit of unsophisticated investor’s protection;
  • No mandatory periodical reporting obligations of CASPs to its clients regarding their holdings and balances, as opposed to such obligations being mandatory under MiFID II;
  • Depending on a Member State, some clients may not fully benefit from MiCAR safeguards, in view of the “transitioning period” of up to 18 months (01 July, 2026) before full and final alignment with the provisions of MiCAR. This is applicable to crypto-asset service providers already licensed under the existing national regimes, such as the Virtual Financial Assets (VFA) Act in Malta.

No Protection under MiCA when Dealing with CASPs Not Authorised in the EU

When dealing with non-EU crypto-asset service providers, ESMA warns consumers that investors would not be protected under the MiCAR, stressing the need to exercise caution and sound judgement while highlighting the risks of fraud and scams and limited resources (if any) when launching claims/disputes against service providers in various jurisdictions.

ESMA Summary of Recommendations

Consumers are advised to always be aware of specific risks of crypto-assets and related products and services, and carefully weigh whether they are acceptable, in view of one’s own personal objectives and financial situation.

More specifically, consumers should be aware that:

  • they may lose a part or all of their money;
  • prices can change rapidly;
  • they may fall victim to scams;
  • there will be no offsetting, compensation, recovery or “safety net” available;

Consumers are invited to check whether:

  • they can afford to lose the money invested;
  • they are overall ready to accept high risks;
  • they understand the crypto-assets and related products and services offered and/or sought;
  • they are able to safekeep hardware utilised to transact and store crypto-assets, such as private keys;
  • CASPs offering products and services are properly licensed and granted rights to make such offers to consumers in the EU.

Contacts

Should you have any queries regarding the above, please do not hesitate to contact us via: [email protected].