Germany’s Financial Supervisory Authority (BaFin) is clarifying how the country’s new cryptocurrency custody law will apply to firms that operate outside of Germany but still serve the German market.
In its latest guidance released in January, the regulator said firms already custodying digital assets for Germans would not be penalized for not having a license. Instead, they’d be grandfathered into the same protection that crypto custody firms based in Germany already have under the new law, which went into effect on Jan. 1.
This means those firms must also announce their intent to apply for a license by March 31 and apply for the license by Nov. 30. It also means crypto firms that hadn't been custodying crypto for German customers before Jan. 1 but are interested in expanding into the German market cannot do so until they have received a license first.
“Nobody has the ability to apply right away, which is why we have these grandfathering mechanisms,” said Carola Rathke, partner at Eversheds Sutherland Germany, a firm that is working directly with BaFin on how the law should be enforced.
Setting the record straight
At the beginning of 2020, BaFin published an application form that is non-binding, meaning firms are not required to use the form. The most recent guidance also makes clear firms should be submitting a “complete application” by the Nov. 30 deadline – meaning the regulator has no questions about the application. Crypto firms should plan to apply long before the end of November, Rathke added.
Germany drafted the law in response to the European Union’s Fifth Anti-Money Laundering Directive (AMLD5), which requires crypto firms to demonstrate compliance with enhanced know-your-customer (KYC) and anti-money-laundering (AML) procedures. While firms familiar with German financial regulation are already drafting applications, the industry is at the mercy of whatever guidance BaFin releases over the next several months.
The process may be jarring for firms that aren’t used to dealing with the German regulator.
“This is exactly the way it works: They make a law quickly and then find out that it is not very clever, and now after the law is out they establish administrative practices,” said Sven Hildebrandt, head of Distributed Ledger Consulting Group, which has been advising crypto firms on how to navigate the complexities of the German regulatory system.
“I believe there is enough guidance out there that if you know what you’re doing then you know what to do by now basically,” he added.
Hildebrandt estimates that guidance will start to appear as the result of specific applications in the next three to five weeks. Hildebrant’s DLC Group is now trying to get approval from BaFin to serve as the compliance arm of companies that can’t afford to apply for the license themselves.
Still, there are parts of crypto custody that aren’t addressed by the law – like custody that takes advantage of multi-party computation, Hildebrandt said.
Certain parts of the law will also need clarity over time. For instance, firms applying must have a German branch with directors who are “fit and proper,” but defining what makes a manager in crypto right for the job could be difficult. It’s likely the regulator will require a manager with banking experience in addition to having a manager with technical blockchain experience, Rathke said.