Until recently, German law makers had not yet really regulated cryptocurrencies and crypto services. Cryptocurrencies in particular were not even described as such and were only dealt with under existing laws. The existing laws were adapted accordingly to explicitly cover cryptocurrencies and crypto services.
Since the beginning of this year, so-called “crypto assets” and “crypto custody business” have been included in the German Banking Act KWG (see Section 1 para. 1a sentence 2 no. 6 and Section 1 para. 11 sentence 4), which means that we now have a legal definition for crypto assets on the one hand and a new area in the context of financial services on the other that requires a licence. This makes Germany the first and only EEA member state to explicitly regulate crypto custody business and trading in crypto assets as a financial service as part of the implementation of the amendments to the Fourth EU Anti-Money Laundering Directive.
In contrast, the European supervisory framework (MiFID) currently regulates neither “crypto assets” nor crypto custody services. Crypto custody services are therefore not covered by MiFID, such as the custody of means of payment (Annex I no. 5), the custody of securities (Annex I no. 12) or even the deposit business (Annex I no. 1), as at European level crypto assets are not considered financial instruments or fiat money within the meaning of MiFID. A recent consultation (“on an EU framework for markets in crypto-assets”) by ESMA is therefore expected to create a uniform supervisory framework for crypto assets in the near future.
Until then, the divergence between national and European regulation with regard to crypto assets, which both ESMA and EBA already criticised back in 2019, presents the German fund industry with various challenges that we would like to briefly outline below:
Which licence is needed for the provision of crypto custody services?
The custodian must hold the assets in safe custody on behalf of the asset management company (KVG) (Section 81 para. 1 KAGB; see the graphic below entitled “Investment Triangle”).
Assuming that crypto assets are assets within the meaning of the KAGB, the custodian must first decide whether its own licence also covers the custody of crypto assets.
Custodians are usually licensed to conduct custody business within the meaning of the KWG (Section 1 para. 2 no. 5 KWG), i.e. the custody and management of securities for others. However, the custody of crypto assets does not fall within the scope of custody business, as crypto assets are generally not securities and the custody of a wallet, i.e. the securing of private keys, has nothing in common with custody business. In this context, it is interesting to note a clarification provided by the coalition faction that the licence of a central securities depository (CSD) also includes crypto custody. However, this is of only limited help to a custodian since it is not a CSD.
As a result, custodians will probably have to apply for a licence for the provision of crypto custody business.
Are custodians in Germany even allowed to apply for the crypto custody license?
Custodians operating in Germany face the challenge of whether and how they can apply for a crypto custody licence.
BaFin has made it clear in its publications on crypto custody business that a German institution must apply for a crypto custody license if it actively offers the custody of crypto assets for others in the German market.
However, a large number of custodians in Germany provide custody services to the German market either on a cross-border basis or as a branch office via the so-called passporting regime. Yet, a company based abroad cannot apply for a (crypto custody) licence in Germany. To do so, the company would first have to establish a company in Germany. A branch office is not sufficient. Nor can such a company apply for a licence to provide crypto custody business abroad and then passport it to Germany, as there is no license for crypto custody business in other EEA states (nor under MiFID).
Therefore, such a foreign company must either establish a new company in Germany or spin off the German branch office as a subsidiary. In both cases, it would then be possible to apply for the “German” crypto custody licence and then carry out the custody of crypto assets by way of a sub-custody. Such a separation of custody by assets would then lead to a breach of the principle that the investment fund should have only one custodian, but it would still be possible under supervisory law.
As long as the licence is applied for, the custodian would be permitted to continue to provide custody for crypto assets as part of its business with existing customers and could also hold crypto assets which became part of the total assets without being solicited, under its freedom to provide services.
German custodians, usually credit institutions, on the other hand, could easily apply for a crypto custody licence, especially since they do not even need a new managing director with blockchain experience as part of their proper business organisation (cf. Section 25a KWG; for credit institutions, unlike financial services institutions, blockchain-relevant expertise is not required at manager level).
How do crypto assets need to be kept?
Apart from obtaining the crypto custody licence, there are further challenges for the custody of crypto assets.
For the custody of assets, the custodian (Section 81 para. 1 no. 1 and no. 2 KAGB) needs to either:
- Provide custody services for financial instruments within the meaning of MiFID or
- for other assets (non-financial instruments), check the ownership structure.
Both alternatives have their advantages and disadvantages. Within the framework of the German government’s current reform project on the civil and regulatory treatment of electronic securities, it would first have to be clarified that securities and certificates within the meaning of the act also include digital funds. In order for custody requirements for financial instruments within the meaning of MiFID to apply by analogy, these obligations would also have to be explained or even adapted to the custody of crypto assets. However, it should then be possible to provide sub-custody for crypto assets.
If, on the other hand, crypto assets were to be classified as “other assets”, this would create further obstacles for checking the ownership structure, which are highly complex, especially in an international context (see the graphic below entitled “Cross-Border Crypto Custody”).
Regardless of the difficult question of how the ownership structure of crypto assets needs to be checked in principle, it has not yet been clarified for scenarios involving an element abroad which law is to be applied when checking the ownership structure. The rules contained in the German Law on Deposit of Securities (Depotgesetz, cf. Section 17a) are of only limited help here. According to the principles contained therein, the law of the country under whose supervision the register is kept is applicable. This, in turn, depends on where the entry establishing a direct right for the recipient is made or on where the main office or branch of the depositary holding the account is located.
The future of crypto custody services: an outlook
It is expected that the German government will discuss a draft bill on “Key points for the regulatory treatment of electronic securities and crypto tokens” before the end of the year. We can only hope that a subsequent draft law will provide solutions to the challenges outlined above.
At European level, the consultation (“on an EU framework for markets in crypto-assets”) by ESMA could create a regulatory framework (“MiFID III”) which would more closely align the supervisory treatment of crypto assets and crypto custody business with the German regulatory approach.
Cover picture: Copyright © Adobe Stock /kugelwolf