Malta VFA to CASP Transition: What the MFSA's MiCA Guidance Means for Your Clients

The Malta Financial Services Authority has issued formal publication on the transition pathway for Virtual Financial Asset licence holders moving to Crypto Asset Service Provider authorisation under the Markets in Crypto-Assets Regulation. For accounting firms, auditors, and CFOs serving Malta-licensed crypto entities, this is a live compliance trigger, not a future planning item.

Why This Publication Matters Right Now

Malta was an early mover in crypto regulation, establishing its VFA framework years before MiCA came into force across the EU. That head start now creates a specific transition obligation: existing VFA licence holders cannot simply carry their authorisation forward indefinitely. The MFSA's publication sets out the formal process by which these entities must convert their status to CASP authorisation under the MiCA Act as transposed into Maltese law.

MiCA is now in full effect across the EU. Any crypto asset service provider operating without a valid authorisation, or operating under an expired transitional arrangement, faces regulatory exposure. The MFSA's guidance is the authoritative reference point for Malta-based entities navigating this shift.

The Core Transition Mechanics

Under MiCA, entities already licensed under a pre-existing national framework, such as Malta's VFA Act, may benefit from a transitional period during which they can continue operating while their CASP application is assessed. The MFSA publication addresses how this works specifically for VFA licence holders, covering the relationship between the existing licence, the point at which it ceases to provide cover, and what a compliant transition looks like.

For advisers, the key operational question is timing. The transitional window is not open-ended, and regulators across the EU, including the MFSA, have signalled they expect entities to progress through the authorisation process actively rather than treat the transition period as a de facto extension of business as usual.

The CASP authorisation standard under MiCA is materially more detailed than the original VFA licence requirements in several areas, including organisational governance, prudential requirements, custody rules, and AML/CFT obligations. Entities that have not already benchmarked their current framework against MiCA's Title V requirements should treat this publication as the prompt to do so.

Accounting and Audit Implications

The transition has direct consequences for how client entities are reported, advised, and audited.

Licence continuity affects going-concern assessments. If a VFA-licensed entity has not secured or applied for CASP authorisation within the required window, auditors need to consider whether regulatory risk constitutes a material uncertainty. This is not a theoretical point: loss of authorisation would, in most cases, prevent the entity from carrying on its core business.

Compliance costs associated with the transition, including legal fees, system upgrades, additional personnel, and enhanced AML/CFT programme build-out, should be recognised in financial planning. CFOs should be building these into their forward cost models now rather than treating them as exceptional items when invoices arrive.

The broadened scope of MiCA's organisational requirements, particularly around record-keeping, transaction reporting, and client asset safeguarding, will also affect the volume and complexity of accounting work for affected entities. Firms that advise Malta-based CASPs should be reviewing their own engagement scope to ensure it reflects the new regulatory reality. Separately, the push toward infrastructure-level blockchain compliance controls is reshaping how institutional crypto activity is monitored and evidenced, which feeds directly into the audit trail expectations now embedded in MiCA.

What Advisers Should Do Now

Read the MFSA publication directly. It is a primary source document from a Tier 1 regulator, and its specific guidance on the transition pathway supersedes any summary or interpretation, including this one.

For each Malta-licensed VFA client, confirm: Has the entity engaged with the MFSA on its transition to CASP? Has it mapped its current operations against MiCA's CASP requirements? Has it identified and budgeted for the gaps?

For audit engagements, document the regulatory status of the entity as at the balance sheet date and at the date the accounts are signed. If the transition is incomplete, assess materiality and disclosure requirements accordingly.

For CFO clients, the transition is also a moment to revisit entity structure. Some VFA-licensed entities may hold services across multiple MiCA-defined CASP categories. The authorisation scope under MiCA must reflect actual business activities, so this is an opportunity to ensure the licence applied for matches what the business actually does.

The Broader MiCA Context

Malta is one of several EU member states with a pre-existing national crypto licensing framework. The MFSA's approach to managing the VFA-to-CASP transition will be closely watched by practitioners across the EU as a template for how grandfathering arrangements work in practice under MiCA. Getting it right in Malta has signal value beyond the island's own market.

For global firms with EU-facing clients, the MFSA's guidance is also a useful reference when advising entities considering Malta as their EU point of entry. Understanding the current transition landscape is part of that jurisdictional assessment.

Source: Malta Financial Services Authority (MFSA)