Germany to Implement EU Anti-Money Laundering Directive with Cryptocurrency Licensing Requirements
In Short
The Situation: The G20, a forum for governments and central bank governors from 19 countries and the European Union, had made the decision to combat money laundering and terrorism financing activities tied to the use of cryptoassets.
The Action: The German Federal Ministry of Finance has published guidance on its Draft Act implementing the 5th EU Anti-Money Laundering Directive ("AMLD5").
Looking Ahead: When the Draft Act enters into force on January 1, 2020, wallet providers and cryptocurrency exchanges will be considered to be providing financial services related to cryptoassets, must comply with anti-money laundering rules ("AML"), and obtain a license.
On May 20, 2019, the German Federal Ministry of Finance published guidance on its Draft Act implementing the AMLD5. Once the Draft Act becomes effective, wallet providers and cryptocurrency exchanges will be considered to be providing financial services related to cryptoassets, must comply with AML rules, and obtain a license.
Next Steps
The Draft Act will be submitted to Parliament and will enter into force on January 1, 2020.
Background
The Draft Act reflects the G20 decision to combat money laundering and terrorism financing through the use of cryptoassets. This will be achieved by extending the scope of AML duties to those cryptoasset service providers that are currently outside the scope of the Money Laundering Act (Geldwäschegesetz—GwG). The legislation also aims to strengthen the credibility of virtual assets by mitigating the risk of criminal use.
Which Cryptoassets Qualify as Financial Instruments?
In addition to changes to the GwG, the Draft Act provides amendments to the Banking Act (Kreditwesengesetz—KWG), qualifying cryptoassets (Kryptowerte) as financial instruments, and crypto custody businesses (Kryptoverwahrgeschäft) as banking services.
By extending the scope of financial instruments under the KWG, the Draft Act implements the definition provided in the AMLD5, stating that "a cryptoasset is a digital representation of value that is not issued or guaranteed by a central bank or a public authority and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored, and traded electronically." The definition captures not only cryptocurrencies but also investment and security tokens that may qualify either as securities or debt instruments (Schuldtitel), asset investment (Vermögensanlage) or investment fund units (Investmentvermögen), but explicitly excludes electronic money, vouchers, and payment services of electronic network providers, as defined in the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz—ZAG).
Which Services Will Require a License?
Licensing requirements will follow either from the classification of cryptoassets as financial instruments or from the newly created or extended scope of existing banking or financial services:
- Exchange of cryptoassets in legal tender qualifies as a financial commission business (Finanzkommissionsgeschäft) if the service provider takes cryptoassets on consignment in order to sell them to a third party. On a disclosed agency basis, such service may qualify as an acquisition agency (Abschlussvermittlung).
- A cryptoasset transaction between a service provider and a customer qualifies as proprietary trading (Eigenhandel).
- The exchange of cryptoassets on a multilateral system that provides automated matching of transactions qualifies as operating a multilateral trading facility. For such qualification it is immaterial whether the cryptoassets are bought or sold with legal or cryptocurrencies.
- Custody of security tokens qualifies as a custody business (Depotgeschäft) and if exclusively carried out for alternative investment funds ("AIF"), it qualifies as a limited custody business (eingeschränktes Verwahrgeschäft).
- Custody, safekeeping, and administering cryptoassets, other than security tokens, or private cryptographic keys that serve to hold, store, and transfer cryptoassets for others qualifies as a crypto custody business (Kryptoverwahrgeschäft).
Conclusion
By implementing the AMLD5, the Draft Act also puts all relevant financial services related to cryptoassets under a licensing requirement, either through amendments of the KWG or through statements in the explanatory memorandum. This will remove some of the existing uncertainties but also leaves some crucial questions unanswered: First, it is not yet clear what regulatory expectations custodians have to fulfill with regard to security tokens, considering that the data of these tokens are—unlike traditional securities—not centrally stored but part of a distributed ledger. Thus, it is necessary to resolve frictions stemming from the existing national and European custody laws with distributed ledger technology in order to safeguard its benefits. Second, while the specific licensing requirements are built on the distinction between security and non-security tokens, it is not yet clear what the differences are in terms of custody obligations. In particular, given that holding private keys seems only part of the newly defined crypto custody business, it is unclear whether custodians may carry out crypto custody business by holding private keys of security tokens in safe custody or whether regulatory expectations go beyond that. Against this backdrop, it is necessary to carefully review the licensing requirements and provide a setup that fully addresses any regulatory concerns.
Three Key Takeaways
- The Draft Act, by implementing the AMLD5, puts all relevant financial services related to cryptoassets under a licensing requirement.
- Certain questions remain unanswered, including what regulatory expectations custodians must fulfill with regard to security tokens, considering that the data of these tokens is part of a distributed ledger.
- There are also uncertainties regarding licensing obligations and the related custody obligations between security and non-security tokens.