MFSA Q4 2025 Regulatory Updates: Crypto, ICT & Digital Finance

Alejandro Martínez · 2026-03-02

If you're keeping an eye on European payments news, you'll want to grab a coffee and settle in. The Malta Financial Services Authority (MFSA) just dropped its quarterly fintech update for the last part of 2025. It's packed with regulatory changes that directly impact payment institutions, e-money providers, and the broader digital finance landscape. Let's break down what these key circulars mean for professionals navigating the EU payment system. ### Key Circulars for Financial Institutions Between October and December 2025, the MFSA issued several important notices. The goal? To create a more robust and clear regulatory framework. Think of it as the rulebook getting a major update to handle today's fast-moving financial tech.  ### FIR/01: The New Authorization Rulebook The first big update came on October 14th. It's all about Chapter 1 of the Financial Institutions Rulebook (FIR/01). Back in August, the MFSA asked for feedback on a revised draft. Now, the final version is here. This chapter lays out the entire application process for any entity seeking authorization under the Financial Institutions Act. It covers everything from what activities need a license to how to handle license extensions or even surrendering one. It even includes new annexes for information collection and sets criteria for professional indemnity insurance. The bottom line? The bar for getting and keeping authorization in Malta is now higher. The MFSA is aiming for stronger industry standards, which should, in theory, build more trust and stability. The rules took effect immediately upon publication. As one compliance officer we spoke to noted, "These updates force us to look at our internal processes with a finer-tooth comb, but clarity is always welcome." ### A Quick Change for Communications Just a few days later, on October 17th, there was a simpler but crucial update. The MFSA changed the official email addresses for its FinTech Supervision team. If you need to get in touch with them, you must use the new addresses effective immediately. It's a small detail, but missing it could mean your important query gets lost. ### FIR/03: Bringing AISPs into the Fold The next major piece landed on November 20th with the publication of the revised Chapter 3 (FIR/03). This one is particularly interesting for anyone involved in open banking and data services. The headline change is the formal inclusion of Account Information Service Providers (AISPs) into the regulatory framework. This provides much-needed legal clarity. Finally, there are official supervisory guidelines for these institutions that access account data but don't actually handle customer funds. Here’s what the new rules specify for AISPs: - They must comply with core governance and risk management requirements. - However, they are exempt from certain rules that apply to institutions holding client money, like specific safeguarding requirements and prudential capital calculations. This bifurcated approach makes sense. It acknowledges the different risk profile of a service that reads data versus one that holds cash. It's a tailored fit, not a one-size-fits-all solution, which is a positive step for sensible regulation. An updated Financial Institutions Return form related to these rules is expected soon. Staying on top of these changes isn't just about compliance; it's about understanding where the regulatory winds are blowing for crypto, ICT, and digital finance in Europe. For professionals tracking the wero europe landscape, these updates are essential reading for planning your 2026 strategy.