Reed Smith Client Alerts

In the course of transposing the Fifth European Money Laundering Directive ((EU) 2018/843) into German law, legislators have decided that the custody of crypto assets (das Kryptoverwahrgeschäft – ‘crypto custody business’) should be subject to authorisation by BaFin. Legislators have also introduced a new subset of financial instruments – ‘crypto assets’ (as defined below) – into the German Banking Act (Kreditwesengesetz, KWG), making the provision of any financial service in relation to crypto assets a regulated activity. The draft law thus goes much further than the requirements of EU law.

Authors: Jonathan Diehl

Following publication of the draft law, the German Bundesrat issued a statement on 20 September 2019 requesting clarification of certain aspects of the proposed law. The authorisation requirement is to apply from as early as 1 January 2020, and with the law yet to be passed and questions outstanding, the timing appears tight.

What are crypto assets?

The government has adopted the following definition of ‘crypto assets’ in the draft law: “digital representations of value which have not been issued or guaranteed by any central bank or public authority and which do not have the legal status of a currency or money, but which are accepted by natural or legal persons as a means of exchange or payment or serve investment purposes on the basis of an agreement or actual practice and which can be transmitted, stored and traded electronically.” 

Excluded from the definition are domestic and foreign legal tender, electronic money, assets used in interconnected payment systems and payment transactions of providers of electronic communications networks or services, as well as non-tradable electronic vouchers for the purchase of goods or services.

What is crypto custody business?

In the draft law, crypto custody business (das Kryptoverwahrgeschäft) is defined as “the custody, management and securing of crypto assets or private cryptographic keys used to hold, store or transfer crypto assets for others”. According to the explanatory notes to the draft law, it is not necessary for the service provider to offer all three services (i.e. “custody, management and securing”) in order to be subject to the licensing requirement.

  • ‘Custody’ entails taking custody of crypto assets as a service for others. In particular, this includes collective custody solutions, where the customer would have no knowledge of the cryptographic key.
  • ‘Management’ includes the ongoing administration of rights in connection with the crypto assets.
  • ‘Securing’ of crypto assets and cryptographic keys includes both the digital storage of the private cryptographic keys and the storage of the physical data carriers, such as paper or USB sticks, on which such keys are kept.