Long reads

Understanding the regulatory landscape for crypto-assets in Germany and the EU

Renate Prinz

Renate Prinz

Partner, McDermott Will & Emery LLP

Currently, we can read many summaries and briefings on the new Market in Crypto Assets Regulation (“MiCAR”) everywhere. For sure, MiCAR has the potential to give the EU crypto market a huge push forward. From what we can see so far, regulation for new business models especially in the Fintech market is not as bad as everyone supposed before.

We all can remember the early days of bitcoin, aiming for a non-regulated currency, and I still hear the voices saying regulation of cryptos is killing the whole idea of the crypto market. But this does not hold true. Germany has already made such a push forward by integrating a regulation and license on crypto custody business and crypto registrants. Additionally, there are clear guidelines on the classification of the different types of crypto assets and their respective regulation. So far, we have seen a very positive response to regulation in Germany.

Investors appreciate the security and clear legal requirements as well as the existing supervision. We see Fintechs aiming for German regulation and license in order to be able to give the signal to the market, investors as well as (potential) customers: we adhere to certain predefined standards, have a functioning risk and compliance system, stable and audited financing and have sufficient experience to run this business.

Like a kind of seal of quality. This is very well received in the market, because ultimately cryptos investments are also associated with risks as any other investment product, which should be hedged according to their individual structure.

German crypto regulation

So, what is the current regulation for crypto in Germany about? German regulation classifies crypto assets in (1) Currency Token (also Payment Token or Exchange Token) such as Bitcoin, Ethereum etc., having a payment or exchange function, (2) Security Token (also Equity Token or Investment Token), which are similar to securities, typically embodying membership or property rights, (3) Utility Token (fungible or non-fungible) as kind of digital voucher, giving an access key for goods and services of the issuer or a third party and (4) Hybrid Token, combining characteristics of the aforementioned basic forms. Decisive for classification of hybrid crypto token is the main characteristic of the respective crypto.

Service providers and issuers need to decide whether the respective token is a financial instrument and if so, what type of financial instrument it is. Licensing requirements are linked to such classification. Security tokens for example are typically classified as financial instruments within the meaning of the German Securities Trading Act (WpHG), accordingly, a public offering of the token requires a prospectus, for which certain requirements on scope and nature are set. MiFID Rules (and the respective German regulation) apply accordingly on crypto assets which are classified as financial instruments and licensing requirements may apply as well.

The issuance of such tokens are the underlying rule on market abuse, i.e. insider trading, and certain transparency obligations (e.g. periodic and ongoing disclosure). This is based on existing regulation, having now clear guidelines on crypto classification. Crypto currencies are classified by German Financial Supervisory Authority (BaFin) as units of account and therewith as financial instrument under the German Banking Act (KWG). Issuance and servicing then require accordingly a license under the stricter rules of the Banking Act. A utility token in its general form of a merely voucher function are typically not classified as financial instrument and therefore do not trigger licensing requirements.

Now new, German regulatory law also requires a license for crypto custody business (Kryptoverwahrgeschäft) as well as Crypto Securities Registry Operators (Kryptowertpapperregisterführung). A crypto custody license is needed to provide custody, management and safeguarding of crypto assets or private cryptographic keys used to hold, store and transfer crypto assets to others. A license as crypto securities registry operator is the required license for operating a crypto securities registry ensuring the proper functioning of the crypto securities registry. Both businesses cannot be carried out with existing licenses e.g., as credit institution or financial service provider.

Besides the new regulation of Crypto Custody Business and Crypto Securities Registry, Germany has also implemented the Electronic Securities Act (eWpG) and therefore enabled digital securities in Germany, therewith also covering regulated opportunities for the crypto sector.

BaFin is the competent office for all licensing procedures. When applying for a license, evidence must in particular must be given with regards to the initial capital of the company, its business model (providing a business plan for the first three years), personal and professional reliability and availability of the managers, group structure of the company (if relevant), expertise of management and supervisory bodies etc.

EU crypto regulation

So far, there is no European standardised framework regarding crypto assets and crypto services and each member states follows its own national regulation (if any). The Markets in Crypto Assets Regulation (MiCAR) draft now provides a consistent EU-wide framework for the main crypto services which will apply uniformly to all persons who want to issue crypto assets or provide crypto services within the EU. This was seen as a very good signal for the Fintech market in Europe for a transparent and secure future of crypto business. The attempt to find practical regulations and solutions seems to have succeeded to a large extent with the current draft. Where criticism of individual provisions has been raised from the business side so far, it seems these are taken into account by the regulator. We can see from this draft that the EU was willing to find a practical solution for crypto assets, considering current technical standards but at the same time providing sufficient security.

MiCAR shall become effective in 2024 and each EU country shall implement National Competent Authorities (NCAs), in Germany this will very likely be BaFin, which shall act as competent supervision together with the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA).

Classification of cryptos under MiCAR

The classification of crypto assets by MiCAR is not identical to the current classification in Germany but is based on the same understanding. It defines crypto assets as “digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology”. MiCAR distinguishes between Currency Token (as in German regulation), Stablecoins (e-money token and assed referenced token) as well as Utility Token (usage token as provided in German regulation as well). MiCAR does not provide a regulation on security token and Non-Fungible Tokens (NFTs).

For security token this seems consistent and correct, as – equal as for German regulation – security tokens are considered as financial instruments and therefore fall under the MiFID II rules. For NFTs this is different. Generally, NFTs represent individual assets, rights or objects, individualised via smart contracts. MiCAR so far only regulates fungible crypto assets and intended not to regulate NFTs at all.

However, there is an opening clause on NFTs saying that NFT shall fall under the scope of MiCAR in case they are part of a so called “collection” and as a result part of a crypto class regulated by MiCAR, but without defining such collection of NFTs. Probably a clearer understanding will be provided with further guidelines and technical standards from ESMA. Currently, the assumption in the market is that a collection of NFT’s is meant e.g. in case a large number of NFTs as being issued with only minor differences from each other.

MiCAR Rules for issuer and service providers

Issuers of crypto assets under MiCAR must be (1) a legal entity, (2) shall prepare, notify and publish a white paper (like a security prospectus), (3) must comply with certain rules of conduct and (4) must have a registered office in the EU. Issuers of asset-referenced token must also fulfil requirements set on comprehensive conduct obligations and capital requirements. For service providers, there is a wide range of services which can be performed with regards to cryptos and, different to the German regulation.

MiCAR regulates such a wide range uniformly. Crypto services under MiCAR range from services custody business, exchange services or crypto securities placements to portfolio management and advice on crypto stocks, just to name a few. Crypto service providers require a license under MiCAR and ongoing conduct of business obligations. Specific requirements apply for “significant crypto-asset service providers, ” which is a service provider with more than 15 million users.

Passporting and interaction between German and EU regulation

Licenses which are provided in a member state under the MiCAR regime can be passported throughout the EU, which means, having a license e.g. in Spain allows the licensed entity to do regulated business in the whole EU, with only minor registration obligations for each country it is doing business in.

Would it make sense though, to receive a German license e.g., for crypto custody business now or is it better to wait for MiCAR to come into place and then be licensed directly under MiCAR? If a company wishes to start a crypto business and is ready, it does still make sense to go for a German license as it allows a proof of quality, which makes it easier to find investors and allows companies to establish all necessary structures and compliance and risk requirements which are also needed under MiCAR. This gives an immense advantage, allows you to start with your business and once MiCAR comes into force, it will be easier to then just “switch” the license from the German to the European license. However, the current German license on crypto custody and crypto registrar cannot be passported, as it is not based on a EU regulation.

Comments: (0)