Understand the regulatory landscape for cryptoassets in Germany and the EU
At the moment, we can read many summaries and briefings about the new Market in Crypto Assets Regulation (“MiCAR”) everywhere. Yes, MiCAR has the potential to give the crypto market in the EU a big step forward. From what we can see so far, regulation for new business models, especially in the Fintech market, is not as bad as everyone thought before.
We can all remember the early days of bitcoin, aiming for an unregulated currency, and I still hear the voices saying that regulating cryptos is killing the whole idea of the crypto market. But this is not true. Germany has already made such progress by integrating a regulation and license for crypto custodians and crypto registrants. In addition, there are clear guidelines for the classification of the different types of crypto assets and their respective regulation. So far we have seen a very positive response to regulation in Germany.
Investors appreciate the security and clear legal requirements as well as the existing supervision. We see Fintech’s aim for German regulation and license to be able to give the signal to the market, investors as well as (potential) customers: we comply with certain predefined standards, have a functioning risk and compliance system, stable and audited funding and have sufficient experience to run this business.
As a kind of seal of quality. This is very well received in the market, because ultimately crypto investments are also associated with risks like any other investment product, which should be secured according to their individual structure.
German crypto regulation
So, what is the current crypto regulation in Germany all about? German regulation classifies cryptoassets in (1)
Currency Token (also Payment Token or Exchange Token) such as Bitcoin, Ethereum etc., which has a payment or exchange function, (2)
Security token (also Equity Token or Investment Token), which are similar to securities, usually with membership or ownership rights, (3)
Utility Token (fungible or non-fungible) as a kind of digital voucher, which provides an access key for goods and services from the issuer or a third party and (4)
Hybrid token, which combines the properties of the aforementioned basic forms. Decisive for the classification of the hybrid crypto-token is the main characteristic of the respective crypto.
Service providers and issuers must determine whether the respective token is a financial instrument and, if so, what type of financial instrument it is. Licensing requirements are linked to such classification. For example, security tokens are typically classified as financial instruments according to the German Securities Trading Act (WpHG), consequently a public offering of a token requires a prospectus, for which certain requirements regarding scope and nature are made. The MiFID rules (and the respective German regulation) apply accordingly to crypto-assets classified as financial instruments, and licensing requirements may also apply.
Issuance of such tokens is subject to the underlying market abuse rule, i.e. insider trading, and certain transparency obligations (eg periodic and ongoing disclosure). This is based on existing regulation, which now has clear guidelines for crypto classification. Cryptocurrencies are classified by the German Financial Supervisory Authority (BaFin) as units of account and thus as financial instruments according to the German Banking Act (KWG). Issuance and service therefore require a license in accordance with the Banking Act’s stricter rules. A utility token in its general form of a coupon function is not usually classified as a financial instrument and therefore does not trigger a license requirement.
Now, new German regulatory law also requires a license for crypto depository operations (Kryptoverwahrgeschäft) as well as crypto securities registry operators (Kryptowertpapperregisterführung). A crypto custodian license is required to provide custody, management and security of crypto assets or private cryptographic keys used to hold, store and transfer crypto assets to others. A license as a crypto-securities registry operator is the license required to operate a crypto-securities registry that ensures the proper functioning of the crypto-securities registry. Both businesses cannot be carried out with existing licences, for example as a credit institution or financial service provider.
In addition to the new regulation of the Crypto Custody Business and the Crypto Securities Registry, Germany has also implemented the Electronic Securities Act (eWpG) and therefore enabled digital securities in Germany, thus also covering regulated opportunities for the crypto sector.
BaFin is the competent office for all licensing procedures. When applying for a license, it must be documented in particular with regard to the company’s initial capital, its business model (provide a business plan for the first three years), personal and professional reliability and availability of managers, group structure of the company (if relevant), competence of management and supervisory bodies, etc.
The EU’s crypto regulation
So far, there is no European standardized framework for crypto-assets and crypto-services, and each member state follows its own national regulation (if any). The Markets in Crypto Assets Regulation (MiCAR) draft now provides a consistent EU-wide framework for the main crypto-services that will apply uniformly to all persons wishing to issue crypto-assets or offer crypto-services within the EU. This was seen as a very good signal for the Fintech market in Europe for a transparent and secure future for crypto business. The attempt to find practical regulations and solutions appears to have been largely successful with today’s draft. Where there has so far been criticism of individual provisions from the business community, it appears that these have been taken up by the supervisory authority. We can see from this draft that the EU was willing to find a practical solution for crypto-assets, taking into account current technical standards, but at the same time providing sufficient security.
MiCAR will enter into force in 2024 and each EU country will implement National Competent Authorities (NCA), in Germany this will most likely be BaFin, which will act as competent supervision together with the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA).
Classification of cryptos under MiCAR
The classification of crypto assets by MiCAR is not identical to the current classification in Germany, but is based on the same understanding. It defines cryptoassets as “digital representation of value or rights that can be transferred and stored electronically, using distributed ledger technology or similar technology”. MiCAR distinguishes between Currency Token (as in German regulation), Stablecoins (e-money token and assed referred token) as well as Utility Token (utility token as also given in German regulation). MiCAR does not provide a regulation on security tokens and Non-Fungible Tokens (NFT).
For security tokens, this seems consistent and correct, as – in the same way as for German regulation – security tokens are considered financial instruments and therefore fall under the MiFID II rules. For NFTs, this is different. In general, NFTs represent individual assets, rights or objects, individualized via smart contracts. MiCAR so far only regulates fungible crypto-assets and does not intend to regulate NFTs at all.
However, there is an opening clause on NFTs which states that NFTs shall fall under the scope of MiCAR in case they are part of a so-called “collection” and as a result of a crypto class regulated by MiCAR, but without defining such collection of NFTs. A clearer understanding is likely to be provided with further guidelines and technical standards from ESMA. Currently, the assumption in the market is that a collection of NFTs is meant, e.g. in case a large number of NFTs are issued with only minor differences from each other.
MiCAR rules for issuers and service providers
Issuers of cryptoassets under MiCAR must be (1) a legal entity, (2) must prepare, notify and publish a white paper (such as a security prospectus), (3) must comply with certain rules of conduct and (4) must have a registered office in the EU. Issuers of asset-backed tokens must also meet requirements set for extensive behavioral obligations and capital requirements. For service providers, there is a wide range of services that can be performed with respect to crypto and, different from the German regulation.
MiCAR regulates such a wide range evenly. Crypto services under MiCAR range from custodian services, exchange services or placement of crypto securities to portfolio management and advice on crypto shares, just to name a few. Crypto service providers require a license under MiCAR and ongoing conduct obligations. Specific requirements apply to “significant providers of cryptoactive services”, which is a service provider with more than 15 million users.
Passporting and interaction between German and EU regulation
Licenses issued in a member state under the MiCAR regime can be sent in passports throughout the EU, meaning that having a licence, e.g. in Spain, allows the licensed entity to conduct regulated activities throughout the EU, with only minor registration obligations for each country in which it does business.
However, would it make sense to receive a German license for e.g. crypto custody business now or is it better to wait for MiCAR to be in place and then be licensed directly under MiCAR? If a company wants to start a crypto business and is ready, it still makes sense to go for a German license as it allows a proof of quality, which makes it easier to find investors and allows companies to establish all the necessary structures and compliance and risk requirements that also are required under MiCAR. This gives a huge advantage, allows you to start your business, and when MiCAR comes into force, it will be easier to just “switch” the license from the German to the European license. However, the current German crypto depository and crypto registrar license cannot be passported as it is not based on an EU regulation.