Today, I wanted to debunk a widely-held industry myth that everyone who has customers from Germany needs to arrange for a custodial solution in Germany and register with BaFin.

THIS IS JUST NOT TRUE.

I get why you may have this idea. In fact, it often happens in the financial industry that a new law or new regulation is taken out of context and presented to the general public in a super threatening, restrictive and scary way, totally out of proportions and without talking about major exemptions. I seriously suspect that this is done by opportunistic desperate consultants and advisors who want to make quick money by creating a sense of urgency with their clients or getting new clients by making them feel scared.

Think about it: I have worked with many cryptocurrency providers over the recent years and NONE of my clients as far as I know has received any letter from BaFin requesting them to register in Germany or stop serving German customers. However, ALL of my clients have received and continued receiving numerous emails, letters, and calls from German-based consultants and lawyers telling them “you are illegal, you must register in Germany, please, contact us urgently so that we can help you…”

Fascinating, isn’t it?

Anyway, what’s the REAL requirement?

In order to implement the requirements of the 5th EU AML Directive, BaFin, the German financial regulator published a notice on the German Act Implementing the Amending Directive on the Fourth EU Anti-Money Laundering Directive which introduced changes to the German Banking Act (Kreditwesengesetz – KWG) and incorporated crypto custody business as a new financial service. BaFin pointed out that from 1 January 2020, when this legislation entered into force, companies seeking to provide such services in Germany would require authorization from BaFin.

Let’s be clear – BaFin does not have the jurisdictional authority to tell people in other countries how they need to be regulated, it can only regulate activities happening in Germany. It is no different for crypto than it is for any other financial service, by the way.

For example, if you have a platform registered in Luxembourg, Australia, or the US, and you don’t have any sales activities, customer support, promotional events, servers, or other local substance in Germany and if you don’t specifically do direct solicitation of German customers, your don’t operate in Germany. If German customers found your website online and registered with you because they like your services and prices, this is considered a reverse solicitation situation, and in no way it requires you to get regulated in Germany.

In a way, let’s imagine what happens when a German person would travel to Australia, entered a banking branch there, opened a bank account, and gave them their hard-earned money as a deposit? The Australian branch would apply Australian requirements to this business relationship with a German customer and could not care less about BaFin.

Is there a commercial reason why you may decide that it is beneficial for you to register in Germany? – absolutely. For example, Coinbase was recently granted this crypto custody authorization in Germany and I seriously suspect they did it because they actually do have active domestic operations in Germany, sales teams who are targeting and serving German institutional clients, and potentially other teams, such as technical support, transaction monitoring or whatever the case is. In their case, it could be that they actually have a local presence and local activities that require them to be regulated locally.

A lot of these opportunistic consultants would tell you that “you don’t need to have a local entity in Germany to apply for BaFin registration”, which is true, but again, they are not telling you the full story. If you don’t have a German legal entity, it does not mean that all foreign crypto providers who don’t have a local entity need to be regulated by BaFin (which is what you were forced to believe) – this is actually NOT TRUE.

What matters is what type of activities you actually carry out in Germany, with or without the legal entity – this is what determines whether or not you need to apply for BaFin authorization. 

Germany is not that different from any other country. Cross-boarder financial services exist everywhere, most banks, exchanges, or investment firms have international customers, and nobody has ever suggested that crypto services should be any different. You just have to follow the laws in the country where you are located and carry out your activities, and you have to avoid direct solicitation in other countries, which is not that difficult for digital businesses without local branches anyway.

If you are a financial institution and plan to offer cryptocurrencies to your customers, you may be asking yourself, if your custodian provider could be located outside of your country? – Absolutely!

Last but not least. You have probably heard of the MICA Regulation, which will soon introduce a new licensing regime for cryptocurrency services that will be passportable and will eliminate the potential need to apply for 28 (or, however many) local licenses in each EU country if you would like to serve all European customers from just one country. This also means local regulators are unlikely to spend their time and efforts trying to assess foreign entities’ compliance with reverse solicitation requirements or forcing everyone to get regulated locally, knowing that their domestic legislation will become obsolete when MICA comes into force.

Any questions?

P.S. If you are a financial institution looking to add cryptocurrency services to your existing product range, download below a summary report with everything you need to know to get started!