The introduction of the German Electronic Securities Act (eWpG) has added another financial service to the German Banking Act (Kreditwesengesetz – KWG).
The financial services, i.e. services for the provision of which one needs a permit from the Federal Financial Supervisory Authority (BaFin), have been diligently expanded in recent years. It was not until 1 January 2020 that the financial service of crypto custody was added. It took about one and a half years until BaFin then also issued the first license for a crypto custodian. Now, since 10 June 2021, there is already the next new element of authorisation: crypto securities register management.
Until now, a very traditional understanding of securities prevailed in Germany. It was a paper document that was transferred by transfer of title. This understanding was broken up by the introduction of electronic securities by the eWpG on 10 June 2021. In future, certain securities (initially only bearer bonds) can be issued as electronic securities. A sub-category of electronic securities are crypto securities. These are electronic securities which are entered in a crypto securities register.
The eWpG imposes certain requirements on a crypto securities register. It must be maintained on a tamper-proof system of record that logs data in time sequence and is protected against unauthorised deletion and subsequent modification. The system of record must be a decentralised association in which control rights are distributed between the entities operating the respective system according to a pre-determined pattern. The law should both cover blockchain technology and be open to further developments.
The crypto securities register must contain various details about the crypto securities. This includes, for example, the essential content of the right securitised in the crypto securities and their identification numbers as well as their designation as securities, the issue volume, the nominal amount, the issuer, the holder and an indication of whether it is an individual or a collective registration.
Companies wishing to provide crypto securities registry services require a permit from BaFin. Insofar as an issuer does not engage a service provider for crypto securities registry management, it is deemed to be the registry manager itself. According to the explanatory memorandum to the law, the issuer that maintains crypto securities registers itself is subject to the same supervisory requirements as an external service provider. In this case, the issuer also needs a licence from BaFin. One-off issuers are therefore likely to be forced to work with a service provider as a rule, as the hurdles for their own permission are unlikely to be worthwhile.
In the sense of a single market in Europe, the authorisation to provide a financial service can be passported. However, this only applies if the authorisation requirement is based on EU law. This is not the case for the permission to provide crypto securities register management. This is a national special path related to crypto securities under German law. Passporting to other EU states is therefore not possible.
As with any application for permission under the German Banking Act, the application for permission to provide crypto securities registry management must be submitted in writing to BaFin by the future licensee and must meet the requirements of BaFin and the Bundesbank. BaFin has not yet published any information on the application for permission to maintain crypto securities registers.
The list of requirements for service providers wishing to obtain a crypto securities registry permit included:
Insofar as the company only provides crypto securities registry management (and no other financial services), only limited regulation under the German Banking Act applies. In particular, the regulations on supplementary capital adequacy requirements (Section 10 KWG), regulations on capital buffers (Sections 10c to 10i KWG), regulations on liquidity (Section 11 KWG), regulations on large exposures, exposures in millions and exposures to governing bodies (Sections 13, 14, 15 KWG) as well as regulations of the CRR (Articles 39, 41, 50 to 403 and 411 to 455 of Regulation (EU) No. 575/2013) do not apply. Whether the facilitations also apply if the company simultaneously provides crypto custody and crypto securities registry management remains unclear according to the wording.
In contrast to the introduction of the licensing requirement for crypto custody, which was previously provided by many companies without a licence, there were previously no companies that provided crypto securities registry services. The introduction of crypto securities only created this activity. Accordingly, there is no need to create a regulation for grandfathering.
Transitional provisions exist nevertheless. In view of the length of the procedure for granting a permit, the entire crypto securities legislation would in fact be postponed if no company could already provide crypto securities registry services now. Therefore, a transitional arrangement has been created for companies that take up the activity of crypto securities registry management by 10 December 2021. Permission will be granted if the company submits a complete application for permission to BaFin within six months of commencing crypto securities registry management activities and notifies BaFin in writing of its intention to provide crypto securities registry management services two months prior to commencement.
We are happy to assist with the notification and the application for permission.