1. Context – MiCA’s promise meets Malta’s “crypto-friendly” reality
The EU’s Markets in Crypto-Assets Regulation (MiCA) was sold to legislators as the end of Europe’s regulatory patch-work. In theory, every crypto-asset service provider (CASP) will live under the same anti-money-laundering (AML), governance and disclosure standards from 30 December 2024. In practice, the first six months of “early bird” licensing suggest that member states are already competing to become the Cayman Islands of MiCA.
Malta is the out-of-the-gate frontrunner. Within weeks of MiCA’s entry into force, it rubber-stamped licences for OKX and Crypto.com and is now preparing one for Gemini, prompting ESMA and peer regulators to worry aloud about a “race to the bottom.”
How has the island been able to move so fast? The answer lies in a two-step transposition strategy:
- Legal Notice 296 of 2024 rewrote Malta’s 2018 Virtual Financial Assets (VFA) rules to make them “MiCA-equivalent” a full year before they become mandatory (Source: legislation.mt).
- MFSA’s fintech team publicly boasts that this alignment was “completed earlier in 2024,” allowing a simplified application procedure for existing VFA licence holders (Source: mfsa.mt)
Fast-tracking may look efficient, but it also hands Malta a first-mover marketing slogan: “Get your passport here—today!” That slogan should make every serious compliance officer nervous. Remember, this is the same jurisdiction that spent a year (June 2021 – June 2022) on the FATF grey list for strategic AML deficiencies— hardly ancient history.
2. Case study – StablR, Payvision fingerprints and the MFSA’s blind eye
Nothing illustrates Malta’s tolerance better than StablR Ltd, the euro-stablecoin issuer proudly waving an MFSA e-money licence since July 2024. FinTelegram has already documented why the project raises every conceivable red flag:
- Leadership baggage. Founder/CEO Gijs op de Weegh and several senior executives cut their teeth at Payvision, the Amsterdam high-risk PSP ING was forced to shut in 2021 after a string of money-laundering scandals. Dutch prosecutors have since fined former Payvision directors for AML breaches.
- Direct links to organised cyber-crime. As Payvision COO, op de Weegh personally boarded the boiler-room networks of Uwe Lenhoff, Gal Barak and Gery Shalon—names synonymous with European cyber-fraud.
- Omission of material facts. None of this chequered past appears in the StablR white paper or marketing deck—although MiCA’s disclosure rules (Articles 5–15) require full information on senior management integrity.
The question: How did MFSA’s “enhanced MiCA due-diligence” not spot—or not mind—what a few Google queries reveal in minutes?
Read our reports on Payvision here.
3. Systemic implications – MiCA’s weakest link problem
MiCA is built on mutual recognition: a CASP licensed in one member state can passport its services to all 27. That architecture only works if the toughest supervisor sets the bar. Today, it is the softest that dictates the standard. The Payvision precedent tells us what happens when gate-keeping collapses:
- Illicit flow risk – Stablecoins are borderless cash. History shows that Payvision-trained managers treat AML controls as optional.
- Market integrity risk – By offering a quick-and-easy licence, Malta undermines slower but stricter peers (e.g., France, Germany), incentivising regulatory arbitrage.
- Reputational risk for the EU – The bloc fought hard to sell MiCA as a gold standard after the FTX debacle. A Malta-based scandal will hand ammunition to every crypto-skeptic policymaker.
4. What Malta says – and what it doesn’t
MFSA insists that “expedited processing” is possible because it has “in-depth understanding acquired over these years.” But those very years include:
- The Pilatus Bank fiasco, where senior officials ignored blatant laundering signals.
- The FATF grey-listing, triggered by lax enforcement of beneficial-ownership rules.
If institutional memory is Malta’s secret sauce, investors deserve to taste the recipe. So far, transparency is scarce; MFSA’s licence decisions come with no published reasoning, unlike ESMA’s fit-and-proper assessments in securities markets.
Read our reports on Pilatus Bank here.
5. Recommendations – closing the Maltese loophole
- Immediate ESMA peer review. Article 122 MiCA gives ESMA authority to investigate national competent authorities. Malta should be top of the list.
- Public fit-and-proper dossiers. Require host regulators to publish (redacted) integrity assessments for passported firms, allowing civil-society watchdogs to validate findings.
- Transition cap. Until the peer review is complete, limit the number or size of MiCA licences a single MS can issue.
- StablR re-assessment. Given Payvision’s proven AML failures, MFSA should reopen its gatekeeper report—or ESMA should do it for them.
Read our reports on StablR here.
6. Final thought
MiCA was never meant to be a marketing incentive; it was meant to be a safety net. By racing ahead with a minimalist interpretation, Malta risks turning that net into a sieve. The StablR case shows exactly how bad actors exploit regulatory enthusiasm for “innovation.” The choice for EU supervisors is stark: enforce one standard everywhere, or watch the single market become a haven for the next Payvision—in stablecoin clothing.
FinTelegram will keep digging. Whistle-blowers with additional information about StablR, MFSA’s licensing process, or any other MiCA-passporting shortcuts are invited to contact us via Whistle42.
Oh great, yet another whiny “article” that reeks of personal bitterness, lazily dressed up as journalism, clearly written by someone with too much time, too little credibility, and a desperate urge to drag others down instead of doing anything remotely useful or honest with their own life—embarrassingly transparent and totally on-brand for this site.
Dear “Too-Much-Time” Critic,
We’re flattered that our “whiny” little piece still managed to steal a slice of your busy schedule. We’ll try to repay the favor with two quick facts:
Reuters apparently shares our excess free time. They found the Malta/MiCA fast-track intriguing enough to publish their own deep-dive last month, complete with MFSA quotes that sound uncannily like the concerns we raised.
Sunshine isn’t bitterness, it’s disclosure. Pointing out that a stable-coin CEO once serviced some of Europe’s largest cyber-fraud rings isn’t “dragging people down”—it’s giving regulators and investors the context they need to avoid becoming the next Payvision-style cautionary tale.
If that still feels “embarrassingly transparent,” we invite you to submit verifiable counter-evidence—or even a guest column. We’ll gladly publish it (sources and all). After all, honest debate is far more useful than anonymous drive-bys.
Warm regards from the “too-little-credibility” desk,
These reports about StablR are just a vendetta against the former Payvision people. The reasons are obvious. The fact is that Gijs op de Weegh was not convicted of money laundering in Holland. He is therefore untainted and is being treated unfairly by you deliberately and intentionally. You should take a look at your own backyard first.
Dear “Nothing-to-See-Here” Defender,
We appreciate the loyalty—truly—but let’s separate feelings from file numbers:
Title matters. Gijs op de Weegh wore the COO badge at Payvision, which—per the Dutch Public Prosecutor’s dossier in the Lenhoff & Barak case—placed him on the signature line for high-risk client onboarding. In compliance land, that makes you the doorman, not the guy who “just walked past.”
Conviction ≠ Immunity. No court has (yet) handed him a laundering verdict, correct. But MiCA, FATF and every KYC rulebook on the planet judge fitness & propriety on track record, not on whether you’ve collected an orange jumpsuit. Running the welcome desk for Uwe Lenhoff’s boiler rooms and Gal Barak’s cybergang is, at minimum, a track record worth disclosing—especially in a white paper that markets “trust.”
Backyard check completed. FinTelegram publishes its own ownership, funding, and corrections log right on the site. If you spot moss we’ve missed, point us to it—we’ll mow it in public.
Feel free to share any primary documents that exonerate Mr op de Weegh’s onboarding role; we’ll run them in full. Until then, we’ll continue to believe that sunlight, not selective amnesia, is the fairest treatment available.
Warm regards from the document-digging department,
FinTelegram Compliance Team
AI-drafted Bullshit – the whole site – embarrassing. You do not even write your articles yourself, what a joke you truly are.
Dear Paleo-Purist,
Your Stone-Age skepticism is duly noted. Yes, we happily enlist AI to crunch data, cross-match court filings, and unearth awkward facts in milliseconds. (It’s called “progress”—think flint to fire.)
But don’t worry: every provocation you read here is still 100 % human-owned—we simply give the silicon a shovel so we can dig faster. If that feels “embarrassing,” you may find pen-and-parchment blogs more your tempo. Until then, feel free to keep sending smoke signals from the pre-AI era; they make excellent case studies for our next algorithmic upgrade.
Yours in post-Neolithic journalism,
FinTelegram Compliance Team