On 1 January 2020, as part of a regulatory package implementing amendments to the fourth EU Anti-Money Laundering (AML) Directive, new German legislation on crypto custody business entered into force.

A new licencing requirement

The legislation sets out a new regulatory licencing requirement for service providers engaging in crypto custody business in Germany. Crypto custody business is defined as including the safekeeping and administration of crypto assets, and the safeguarding of crypto assets and private keys used for holding, storing or transferring crypto assets.

Crypto assets are defined as digital representations of an asset:

  • which are neither issued nor guaranteed by any central bank or public entity; and
  • which do not have the statutory status of a currency or money;, but
  • which, based on agreements or actual practice, are accepted by natural or legal persons as means of exchange or payment or serve investment purposes; and
  • which can be transferred, stored or traded electronically.

The concept of crypto assets, therefore, includes a wide array of crypto tokens and is not restricted to virtual currencies within the meaning of the amended AML Directive. It is important to note, however, that electronic money does not qualify as a ‘crypto asset’ under the legislation.

Scope of the regulatory licence

The regulatory licence is limited to the provision of custody services in relation to crypto assets. It does not cover the provision of those services in relation to other assets such as traditional securities. Similarly, the provision of other crypto asset-related services, such as investment advice, requires additional licences.

Grandfathering regime under the legislation

Crypto custody service providers which engage in crypto custody business before 1 January 2020 benefit from a grandfathering regime, provided: (i) they informed the German Federal Financial Supervisory (BaFin) by 31 March 2020 of their intention to apply for a licence and (ii) file a completed licence application with BaFin by 30 November 2020.

No passporting available 

According to BaFin’s well-established administrative practice, licencing requirements also apply to service providers domiciled outside Germany if they actively target the German market to offer regulated services to potential customers domiciled in Germany. Consistent with this, since the new regulated activity of crypto custody business is based on national, not harmonised EU, legislation, a licencing requirement also applies to crypto custody providers domiciled in other EU/EEA countries. Therefore, for the time being, such providers will not be able to provide their services in Germany through a branch or on a cross-border basis but, instead, will need to obtain a regulatory licence to do so.

© 2020 Hengeler Mueller