The introduction of the German Electronic Securities Act (eWpG) has added another financial service to the German Banking Act (Kreditwesengesetz – KWG).
The financial services, i.e. services for the provision of which one needs a permit from the Federal Financial Supervisory Authority (BaFin), have been diligently expanded in recent years. It was not until 1 January 2020 that the financial service of crypto custody was added. It took about one and a half years until BaFin then also issued the first license for a crypto custodian. Now, since 10 June 2021, there is already the next new element of authorisation: crypto securities register management.
Background and eWpG
Until now, a very traditional understanding of securities prevailed in Germany. It was a paper document that was transferred by transfer of title. This understanding was broken up by the introduction of electronic securities by the eWpG on 10 June 2021. In future, certain securities (initially only bearer bonds) can be issued as electronic securities. A sub-category of electronic securities are crypto securities. These are electronic securities which are entered in a crypto securities register.
Activity of the crypto securities registry
The eWpG imposes certain requirements on a crypto securities register. It must be maintained on a tamper-proof system of record that logs data in time sequence and is protected against unauthorised deletion and subsequent modification. The system of record must be a decentralised association in which control rights are distributed between the entities operating the respective system according to a pre-determined pattern. The law should both cover blockchain technology and be open to further developments.
The crypto securities register must contain various details about the crypto securities. This includes, for example, the essential content of the right securitised in the crypto securities and their identification numbers as well as their designation as securities, the issue volume, the nominal amount, the issuer, the holder and an indication of whether it is an individual or a collective registration.
Companies wishing to provide crypto securities registry services require a permit from BaFin. Insofar as an issuer does not engage a service provider for crypto securities registry management, it is deemed to be the registry manager itself. According to the explanatory memorandum to the law, the issuer that maintains crypto securities registers itself is subject to the same supervisory requirements as an external service provider. In this case, the issuer also needs a licence from BaFin. One-off issuers are therefore likely to be forced to work with a service provider as a rule, as the hurdles for their own permission are unlikely to be worthwhile.
In the sense of a single market in Europe, the authorisation to provide a financial service can be passported. However, this only applies if the authorisation requirement is based on EU law. This is not the case for the permission to provide crypto securities register management. This is a national special path related to crypto securities under German law. Passporting to other EU states is therefore not possible.
Requirements for granting permission
As with any application for permission under the German Banking Act, the application for permission to provide crypto securities registry management must be submitted in writing to BaFin by the future licensee and must meet the requirements of BaFin and the Bundesbank. BaFin has not yet published any information on the application for permission to maintain crypto securities registers.
The list of requirements for service providers wishing to obtain a crypto securities registry permit included:
- Sufficient initial capital: at least EUR 150,000 Because the law does not contain an independent regulation on the amount of initial capital, the amount of initial capital is assessed according to § 33 Para. 1 Sentence 1 No. 1 b) KWG. These are financial services institutions which do not act on their own account, but do not fall under any other category of § 33 para. 1 sentence 1 nos. 1 a) - d) KWG. The explanatory memorandum to the Act still speaks of an initial capital of EUR 125,000; however, the amount was increased to EUR 150,000 by the Investment Firm Act, which entered into force on 26 June 2021. The initial capital must also be maintained later and constitutes only a minimum amount of the required own funds. If the applicant also provides other financial services, the required initial capital may be higher.
- Professionally qualified and reliable managers (cf. section 1 para. 2 sentence 1 of the German Banking Act) who are not only employed on a voluntary basis (cf. sections 32 para. 1, 33 para. 1 sentence 1 nos. 2, 4 and 5 of the German Banking Act). The managers must prove their suitability to BaFin and devote sufficient time to their activities for the company.
- The company's head office must be in Germany (Section 33 (1) sentence 1 no. 6 KWG).
- The person who holds a significant interest in the company that wants to provide crypto securities registry services (Section 1 (9) KWG) must meet the requirements to be met in the interest of sound and prudent management of the financial services institution.
- The company must be willing or able to create the necessary organisational precautions to properly conduct the business for which it is applying for permission (Section 33 (1) sentence 1 no. 7 KWG). This in particular includes the fulfilment of the requirements from MaRisk and BAIT. BaFin will pay special attention to the forgery-proof recording system.
Insofar as the company only provides crypto securities registry management (and no other financial services), only limited regulation under the German Banking Act applies. In particular, the regulations on supplementary capital adequacy requirements (Section 10 KWG), regulations on capital buffers (Sections 10c to 10i KWG), regulations on liquidity (Section 11 KWG), regulations on large exposures, exposures in millions and exposures to governing bodies (Sections 13, 14, 15 KWG) as well as regulations of the CRR (Articles 39, 41, 50 to 403 and 411 to 455 of Regulation (EU) No. 575/2013) do not apply. Whether the facilitations also apply if the company simultaneously provides crypto custody and crypto securities registry management remains unclear according to the wording.
In contrast to the introduction of the licensing requirement for crypto custody, which was previously provided by many companies without a licence, there were previously no companies that provided crypto securities registry services. The introduction of crypto securities only created this activity. Accordingly, there is no need to create a regulation for grandfathering.
Transitional provisions exist nevertheless. In view of the length of the procedure for granting a permit, the entire crypto securities legislation would in fact be postponed if no company could already provide crypto securities registry services now. Therefore, a transitional arrangement has been created for companies that take up the activity of crypto securities registry management by 10 December 2021. Permission will be granted if the company submits a complete application for permission to BaFin within six months of commencing crypto securities registry management activities and notifies BaFin in writing of its intention to provide crypto securities registry management services two months prior to commencement.