The custody of crypto assets in Germany is an activity which is subject to authorization since the beginning of the year 2020. Rumors have it, that over 40 companies are interested in obtaining an authorization from BaFin to conduct crypto custody business in Germany. The newly introduced legal basis is not only applicable to the professional custody of digital customer assets. According to the wording of the regulation there are two additional activities that are also subject to authorization. The administration as well as the safeguarding of crypto assets and of private keys, which are required for the transfer of crypto assets are also activities that are subject to authorization according to the wording of the new law. But what exactly does the legislator refer to with the administration of crypto assets for a third party? Which specific activity is intended to be regulated by the wording of the law?



According to BaFin´s not yet fully developed administrative practice for the crypto custody business, crypto administration is a subcategory of crypto custody. According to the leaflet published by BaFin in early March of 2020, the supervisory authority assumes that a service provider conducts crypto administration in cases in which the service provider continuously exercises rights associated with the customers crypto assets. This may for example be the case when a service provider holds tokenized investment products for customers in custody, which yield a return to their respective bearers. Crypto administration may exist in the case that the custody service provider makes payment claims of the aforementioned kind on behalf of their customers vis-à-vis the issuer of the tokenized investment product or if the service provider receives the corresponding payments for these kinds of claims for their customers. The private keys and therefore the control over the tokenized investment products and the right to claim the corresponding yield will in most cases be held by the service provider. BaFin therefore expressly states in its leaflet that all three variations of the crypto custody business require the service provider to have custody of the private keys to the crypto assets. Even though the custody of the private keys is an essential requirement for the crypto custody business, crypto administration may be given even if the service provider does not have exclusive access to the crypto assets in its custody. According to the administrative practice of the supervisory authority, crypto administration is also given if the service provider knows the private keys in addition to the customer and exercises the customer rights for him.



It is questionable if crypto administration can exist in cases where crypto assets are delegated, meaning that these crypto assets utilize a consensus mechanism called the Delegated Proof of Stake (DPoS). Examples for crypto assets of this kind are EOS, Tezos and Cardano. In these blockchain systems new blocks are not created by miners that spend computing power in accordance to the Proof of Work consensus mechanism (PoW), but instead through the allocation of coins to so-called block validators. These block validators are chosen by the specific system on basis of the amount of coins (stake) that are allocated to them and they are rewarded for the validation of new blocks with the transaction fees that are paid by by the parties of the blockchaintransactions included in the block to be validated. Bearers of DPoS crypto assets can allocate their coins to block validators in order to improve the validators chances to be chosen by the system for validation of a new block. In return for the support, the validator will share the reward with his supporters should he actually be chosen by the system. However, delegating does neither require the delegated crypto assets to be actually transferred to a wallet of the staked validator nor does it require the block validators knowledge of the private keys to the delegated crypto assets. Crypto administration as a subcategory of the crypto custody business will therefore not be fulfilled by delegating crypto assets to block validators according to the administrative practice of BaFin.


Attorney Lutz Auffenberg, LL.M. (London)





The FIN LAW Newsletter provides you with all blog articles of the month via monthly e-mail. Our newsletter is published regularly at the beginning of every month. Feel free to sign in to the FIN LAW Newsletter by clicking the button below. Of course can can sign off at any time if you do not wish to receive our newsletter anymore.