On 29 November 2019, the German legislator adopted new rules on crypto assets.^[1] The new rules have been adopted as part of the implementation of Directive (EU) 2018/843 of 30 May 2018 (5^th AML Directive).^[2] Under the 5^th AML Directive, the domestic law of EU member states has to provide that custodian wallet providers are subject to anti-money laundering requirements. In this context, “custodian wallet providers” are defined as entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store and transfer virtual currencies.^[3] Rather than amending the German Anti-Money Laundering Act (Geldwäschegesetz (GWG)), the German legislator has decided to take a much broader approach. The new law contains, amongst others, changes to the German Banking Act (Kreditwesengesetz (KWG)), which provide that:

1. crypto assets qualify as financial instruments;
2. trading with crypto assets and the custody of crypto assets as a service for others require a license from the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin)) as a bank or as an investment firm;
3. entities that provide no other financial services than custody are exempted from certain rules that apply to other investment firms.

Crypto assets qualify as financial instruments

Crypto assets pursuant to the new section 1 para. 11 cl. 1 no. 10 KWG are defined as “the digital representations of a value that has not been issued or guaranteed by any central bank or public authority and that does not have the legal status of currency or money, but which is accepted as a means of exchange or payment or for investment purposes by any person or entity on the basis of an agreement or according to market practice, and which can be transmitted, stored and traded electronically”.^[4]

Crypto assets as defined above qualify as financial instruments, therefore entities trading with such assets or providing custody services with respect to these require a license as a bank or an investment firm (section 32 para. 1 KWG). Banks and investment firms must also meet capital and anti-money laundering requirements.

The qualification of crypto assets as financial instruments has been controversially discussed in the past. The BaFin took the view that so-called utility tokens do not qualify as financial instruments.^[5] However, according to the BaFin, so-called investment tokens qualify as securities, which are financial instruments pursuant to the German Banking Act.^[6] The BaFin also took the view that so-called currency tokens qualify as “units of account” (Rechnungseinheiten) named in section 1 para. 11 cl. 1 no. 7 KWG.^[7] The higher regional court (Kammergericht) of Berlin^[8] opposed this view and held that bitcoins did not qualify as financial instruments; however, this decision on criminal law aspects had no impact on the BaFin’s administrative practice.

Licensing requirements for the custody of crypto assets

The crypto-custody business is a new financial service as set out in section 1 para. 1a cl. 2 no. 6 KWG. Accordingly, a service provider who offers “the custody, administration and securing of cryptographic values or private cryptographic keys for others which serve to hold, store and transfer cryptographic values” will require a licence in accordance with section 32 KWG.

According to the legislative reasoning, “custody” in the sense of this regulation means the taking into custody of the crypto values as a service for third parties.^[9] This primarily covers service providers who store cryptographic data of their customers in a collective holding without the customers themselves having knowledge of the cryptographic keys used.^[10]  The “administration” of crypto assets in the broadest sense is the ongoing management of the rights from the crypto value (amongst others the exercise of voting rights). “Securing” means both the digital storage of the private cryptographic keys of third parties provided as a service and the storage of physical data carriers (e.g. USB stick, paper) on which such keys are stored.^[11] This does not apply to the mere offering of storage capacity (such as webhosting or cloud storage services), provided that such storage space is not explicitly offered for the securing of private cryptographic keys.^[12]

The offering of financial services “in Germany” does not require a physical establishment in Germany. Any marketing activity by which an entity incorporated or resident outside Germany addresses persons in Germany is regarded as the offering of services in Germany.^[13] However, if a German person contacts the service provider without having been solicited to do so, the service provider will not be deemed to conduct the financial service in Germany (so-called “reverse solicitation”). If services are provided on the Internet, there is often only a thin line between soliciting customers in Germany and reverse solicitation.

Requirements for a license for the crypto asset business

Entities that require a license solely for the crypto asset business will also have to comply, inter alia, with the following requirements (section 33 KWG):

• an initial capital of €125,000;
• the management must have sufficient experience and be reliable;
• the firm must have a proper business organization (this includes the compliance with the rules applicable to outsourcing and risk management as well as IT security which apply to banks and other investment firms);
• certain notification requirements (i.e. if the capital falls below certain thresholds or if managing directors resign or are appointed).

Entities that provide no licensable services other than the custody of crypto assets are exempted from a number of regulatory requirements that generally apply to investment firms.^[14] This mainly applies to certain requirements related to capital buffers^[15], liquidity, and regulatory capital requirements under the KWG^[16] as well as the Regulation (EU) 2019/876 of 20 May 2019 (Capital Requirements Regulation (CRR)).^[17]

Further licensing requirements

Since the legislator has clarified that crypto assets qualify as financial instruments, any banking business or financial service relating to crypto assets will require a license.

For example, the operation of a multilateral trading system (MTF) that brings together multiple third-party buying and selling interests in financial instruments according to non-discretionary rules, qualifies as a licensable investment service.^[18] Depending on the individual set-up, crypto asset trading platforms may qualify as MTFs.

In addition, the purchase and sale of financial instruments as an agent for others qualifies as a licensable banking business or financial service. Thus, if such activity is conducted with respect to crypto assets, the service provider will have to obtain a license as a bank or investment firm.

Pure proprietary trading, which is not provided as a service for others, does not qualify as a licensable business. However, it should be noted that own account trading that is conducted with a view to purchasing and selling crypto assets to customers does not qualify as proprietary trading and may therefore be subject to licensing requirements (section 1 para. 1a cl. 1 no. 4 lit. c) KWG).

Changes in comparison with the draft rules

The draft version of the new rules^[19] provided that entities which hold a license for the custody of crypto assets may not provide any other licensable business. This meant that, for example, an entity that holds a license for the operation of an MTF would have been excluded from offering the custody of crypto assets. This was mainly based on IT security considerations. This separation was supposed to ensure that the risks of the crypto-custody business, particularly IT-related risks, are not passed on to other, additionally provided services.^[20] Banking or financial service providers and credit institutions that offer services in connection with cryptographic values often use external service providers for the custody, management or securing of such assets or cryptographic keys of their customers.^[21] However, this strict separation rule was abandoned in parliament.

Transition periods and preliminary licences

The new provisions will enter into force on 1 January 2020, subject to certain transition periods. Entities which require a license for the custody of crypto assets, or which require a license due to the extension of the definition of “financial instruments”, may notify the BaFin on or before 31 March 2020 of their intention to apply for a license. In such case, the license will be deemed to be awarded on a preliminary basis (as of 1 Januar 2020), provided that they will submit a complete application for a license no later than 30 November 2020.

On 4 December 2019, the BaFin published further guidance on the application procedure.^[22] The BaFin also asked entities that intend to rely on the transition period to notify BaFin of such intention before 1 January 2020 on an informal basis. However, this notification is voluntary and does not affect the aforementioned deadline for the formal notification.

Although the deadline of almost one year appears to be long, it should be borne in mind that the preparation of a complete application for a license may require a considerable amount of time and effort.

V

V

* This article was first published on the Dentons website (https://www.dentons.com/en/insights/alerts/2019/november/29/new-german-rules-on-crypto-assets) and revised for Recht innovativ.

** Dr. Holger Schelling is a partner in the Frankfurt office of Dentons Europe LLP. He is specialized in financial regulatory work, including banking regulation, securities regulation and payment services. A particular focus of his work is on new technologies. Valeria Hoffmann is a senior associate in the Frankfurt office of Dentons Europe LLP. Her areas of practice include capital markets and securities law as well as alternative financing issues.

^[1]  German Act on the Implementation of the Amending Directive to the Fourth EU Money Laundering Directive  of 12 December 2019, Bundesgesetzblatt Teil I Nr. 50, 19.12.2019, p. 2602.

^[2]  Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU, OJ L 156, 19.6.2018, p. 43–74.

^[3]  Art. 3 para. 19 of Directive 2015/849 as amended by Article 1 (Amendments to Directive (EU) 2015/849) para 2 lit. d (19) of the 5^th AML Directive.

^[4]  See section 1 para. 11 cl. 3 KWG. The definition also explicitly excludes e-money and payment instruments that entitle its holder to the acquisition of a limited range of goods or services only or certain payment services that are offered by the provider of electronic communication services.

^[5]  BaFin, Initial Coin Offerings: Advisory letter on the classification of tokens as financial instruments, available at https://www.bafin.de/SharedDocs/Downloads/EN/Merkblatt/WA/dl_hinweisschreiben_einordnung_ICOs_en.html (last accessed on 22 December 2019).

^[6]  Furthermore, investment tokens may qualify as can be as “transferrable securities” and therefore also as financial instruments pursuant to Directive 2014/65/EU (MiFID II), depending on their features.

^[7]  Traditionally, “units of account” have been interpreted as payment instruments such as the special drawing rights under the International Monetary Fund regime.

^[8]  Kammergericht, decision dated 25 September 2018, file number (4) 161 Ss 28/18 (35/18).

^[9]  BT-Drucks. 19/13827, p. 109, https://dip21.bundestag.de/dip21/btd/19/138/1913827.pdf (last accessed on 22 December 2019).

^[10]  BT-Drucks. 19/13827, p. 109, https://dip21.bundestag.de/dip21/btd/19/138/1913827.pdf (last accessed on 22 December 2019).

^[11]  BT-Drucks. 19/13827, p. 109, https://dip21.bundestag.de/dip21/btd/19/138/1913827.pdf (last accessed on 22 December 2019).

^[12]  BT-Drucks. 19/13827, p. 109, https://dip21.bundestag.de/dip21/btd/19/138/1913827.pdf (last accessed on 22 December 2019).

^[13]  BaFin, Merkblatt zur Erlaubnispflicht von grenzüberschreitend betriebenen Geschäften (last update: 11 March 2019), available at: https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Merkblatt/mb_050401_grenzueberschreitend.html (last accessed on 22 December 2019).

^[14]  Section 2 para. 7b KWG.

^[15]  Sections 10c to 10i KWG

^[16]  Section 11 KWG.

^[17]  Articles 411 to 455 of the CRR.

^[18]  Section 1 para. 1 cl. 1 no. 1b) KWG, which implements no. 8 of Annex I, Section A of Directive 2014/65/EU (MiFID II).

^[19]  See section 32 para. 1g) KWG in the version of the government draft (Regierungsentwurf), BT-Drucks. 19/13827, https://dip21.bundestag.de/dip21/btd/19/138/1913827.pdf (last accessed on 22 December 2019).

^[20]  BR-Drucks. 352/19, p. 124, http://dipbt.bundestag.de/dip21/brd/2019/0352-19.pdf (last accessed on 22 December 2019).

^[21]  BR-Drucks. 352/19, p. 124, http://dipbt.bundestag.de/dip21/brd/2019/0352-19.pdf (last accessed on 22 December 2019).

^[22] https://www.bafin.de/DE/Aufsicht/BankenFinanzdienstleister/Zulassung/Kryptoverwahrgeschaeft/kryptoverwahrgeschaeft_node.html (last accessed on 22 December 2019).