A new German law on regulation requires every entity that holds private keys for others (e.g., bitcoin exchanges and/or bitcoin custodians) and that actively addresses the German market must become licensed as early as January 1, 2020. And to address the most common misconception right at the beginning: No, it absolutely not matter where your company is based. What matters is if you are addressing the German market with your services.
“The law implementing the amendment to the fourth EU money laundering directive (Federal Law Gazette I of December 19, 2019, p. 2602) included the crypto deposit business as a new financial service in the KWG. Companies that want to provide these services require BaFin’s permission when the law comes into effect on January 1, 2020. However, the law provides for transitional provisions for companies that have already performed the transactions that are now subject to authorization before they came into force.”
[Citation: Kryptoverwahrgeschäft (BaFin), translated from German]
Despite the many open questions that are still unresolved, let me start this piece by stating that I am a general supporter of regulation if executed right. And I believe this new law could pave the way for Germany to become the “Crypto Heaven” of Europe, as especially large financial institutions and investors are in favor of regulated entities. But to also be honest right from the start, this will heavily depend on how regulators finally deal with questions as they arise. Even the best of intentions can still backfire on the German ecosystem if executed poorly. But, I am full of hope that this will not be the case, as the regulators and the industry appear to be working together more and more. And by working with, instead of against, each other, good regulatory decisions seem possible.
German Regulations: Main Challenges
Taking everything into account, here are the four things I believe to be the main challenges regarding the new regulations:
1. Lack of Clear Definition
There is no clear definition of what “actively addressing” the German market means; this will be decided on a case-by-case basis. By one possible interpretation, anyone operating a designated German website or offering German marketing material is likely to be actively addressing the German market. But if someone — for whatever reason — has a growing number of German customers without any “official” marketing, it could also be concluded you somehow MUST be actively addressing the German market (as otherwise you simply wouldn’t be able to gain this many new customers from Germany).
2. Lack of “Passporting”
As the French are currently sorting out their regulations as well, it would have been great if both countries would have agreed on potentially “passporting” their respective licenses, meaning that if you are licensed in Germany, you could also operate in France without applying for a new license (or registering, to be exact). Although we strongly believe that this will come soon, it would have been great to have this agreement right from the start.
3. Lack of Clarity
For an outsider not familiar with German regulations and law, the means of implementation and the timelines might seem strange (although they are very clever in fact). In short, you are deemed to be a licensed provider as of January 1, 2020, provisionally and retroactively, if you state to the officials that you plan to apply for a license before March 31, 2020, and then hand in your application before November 30, 2020 (yes, it appears to ask you to go back in time). This also means that if you say you are going to apply for a license before March 31, 2020, and then don’t hand in your application before November 30, 2020, you are deemed to have been illegal since January 1, 2020.
Furthermore, it also means that if you are conducting your business as you always have, you will most likely be deemed illegal since January 1, 2020. And that is a felony and not a misdemeanor. Although this is the case, some market players really seem to rely on a tactic called “reverse solicitation” (which means that basically, a customer is free to choose whatever supplier he or she wants) and not apply for such a license.
I strongly believe that this is not the best idea, given the massive political implications of this new rule. As we’ve seen in the past, I would assume that Germany’s Federal Financial Supervisory Authority (BaFin) will regulate pretty strictly in this case, as otherwise the new law would simply make no sense and would harm the German economy, which would make little sense from a German point of view.
4. Lack of Communication for International Stakeholders
Big improvements are needed on the communication side, especially regarding the international community as this is an international topic. Up until now, I have seen neither a direct translation of the law nor any advice in English from the regulators. Although this is advantageous for those of us who work in consultancy and advise exchanges and custodians in exactly these matters, this lack of clear communication from regulators is problematic in general.
A Strangely “Un-German” Lack of Structure
I sometimes laugh at a very funny “cultural” thing. Germans are known to have a form and a rule for pretty much everything. And it is true, that is how we are (with all the pros and cons that come with it). So it feels bizarre that, in this instance, it is not the case; hence the need for us to work together with regulators in order to establish proper rules and regulations on the fly.
For example, MPC (multi-party computation) is not addressed in the new law yet; the question of multi-signature issues is also still open – among a myriad of different other, sometimes very specific issues. This lack of clarity makes a typical German feel pretty uncomfortable, as we are simply not used to that. What we have, at best, is a step-by-step approach with educated guesses and a lot of communication still to come.
The Role of Custodial Service Entities
Another interesting fact is the way custodians (tech providers) are dealing with these issues. According to a study carried out by Digital Assets Custody (to my knowledge the largest digital assets custodian comparison website on the internet), it seems as if most specialized infrastructure providers for digital assets custody seem to be avoiding regulation like the plague by stating that they would only serve as a tech provider and not as a custodian that needs to be regulated.
While I understand this avoidance approach, as regulation comes with its very own challenges, it seems shortsighted. On the one hand, I believe that regulation will ultimately evolve, concentrating on exchanges as a first step, but then they will come to focus on custodial services.
Depending on each entity’s respective tech stack and business model, it seems possible to me that not only the exchange but also the custodian will ultimately be deemed regulated entities. So it is just a matter of time before the regulators come knocking. And as seen in the past, it’s usually a good idea to be ahead of the game.
Solutions for Custodial Dilemmas
It is interesting to see that the new law around custodianship functions as kind of a wake-up call for the industry, although the respective players should have been alert in regards to Germany beforehand. This goes back to the view of the BaFin that judged Bitcoin as a so-called “Unit of Account,” making it a financial instrument; therefore, everybody dealing with these financial instruments should already have the proper licenses. This means that if you were to operate a bitcoin exchange you would — depending on the business model — need a license as a multilateral trading facility, for example. The Berlin Court of Appeal expressed a different view of this in a court case, resulting in some confusion here.
With the introduction of the newly created term “Krytowerte” (direct translation would be “crypto values”), it is now clear that bitcoin is indeed considered to be a financial instrument and that every entity dealing with it will have to be regulated in the same manner as firms dealing with any other financial instruments.
As the respective licenses are subject to the specifics of the business model, it is hard to give some “general information” about what is needed. The custodian licensing will most likely require two “fit and proper” managing directors, €125,000 (≈$136,000) in starting capital plus setup costs of around €250,000–€350,000 (≈$272,000–$380,000) and recurring yearly costs of €350,000 (≈$380,000). (These are rough estimations and can vary widely depending on your business model and various costs.)
All in all, the new law makes operating a digital assets business harder. But on the flip side, it also brings some degree of clarity and security to the people who interact with providers in the digital asset space.
Will everybody be happy with this new direction? No. But it’s a start.
Further Readings on the topic
BaFin tried to clarify some issues regarding the licensing process for foreign crypto custodians. In the meantime, the new law has triggered a run on the license for a German crypto-custody license among German banks. Read more here.