The commercial custody of financial products for customers has become a highly regulated and differentiated service with respect to German supervisory banking regulations. There are not less than three different kinds of custody businesses that are subject to authorization regulated in the German Banking Act (KWG): The depository business, which is qualified as a form of banking business, the crypto custody business and the limited depository business which both are qualified as financial services. Each of these businesses demand different requirements that vary in intensity for their respective operators. But how do they differ from each other in terms of intensity and which authorization is necessary for each respective activity?



According to the wording of the law, depository business is given when securities are held in custody for others. Within its administrative practice BaFin restricted the necessity of the authorization for depository business to businesses that keep custody of financial products that meet the requirements for securities as defined in the German Securities Deposit Act. As of now, these requirements are only fulfilled by securities that are embodied in a single, global certificate or in numerous, individual certificates. Securities that are not embodied in certificates, but instead are represented e.g. in tokens or in another digital form therefore do not meet the requirements of the German Securities Deposit Act and custody services for these kinds of securities therefore do not trigger an authorization requirement pursuant to the German Securities Deposit Act. The German legislator with its draft proposal for the introduction of electronic securities intends to subject digital securities to the German Securities Deposit Act. However, it will probably take quite some time until the final draft of the law comes into effect.



The limited depository business is a subset to the depository business and is only applicable to the custody of securities for alternative investment funds. Therefore, just as with the depository business only securities in the sense of the German Securities Deposit Act can be subject of the limited depository business. The difference between the two forms of custody lies in the category of serviceable customers. While the authorization for depository business grants its bearer the ability to offer custody services to all kinds of customers, the authorization for the restricted depository business merely grants its bearer the authorization to offer custody services regarding securities for Alternative Investment Funds (AIF). The reason is that MiFID II categorizes custodian services as ancillary services and not as a fully- regulated investment service. As a consequence, the supervisory requirements to be fulfilled by custodians of financial instruments are lower than those to be fulfilled by fully regulated investment firms. Given the fact, that in Germany the deposit business is regulated as a full banking service anyways, the German legislator wanted to establish a privilege for depositories that only hold securities in custody for AIF investment funds.



The crypto custody business that has been newly introduced at the beginning of this year allows for the custody, management and safeguarding of crypto assets for others in Germany. A crypto custodian service is given where someone holds private keys for others that are required for transferring crypto assets. Interestingly, the German Banking Act (KWG) explicitly allows for crypto assets to serve investment purposes. This often leads to the situation that crypto assets are considered securities in the sense of the EU-Prospectus Regulation and MiFID II at the same time and that they are therefore also subjected to the regulations of these provisions. An authorization for depository business or limited depository business is nevertheless not necessary for their custody, because naturally these tokens are never issued in paper form. Anyways, the German legislator and also BaFin nevertheless explicitly stated in the explanatory memorandum for the legislation, respectively in the corresponding publication on the administrative interpretation, that crypto custody business is designed as a catchall Activity. It therefore is subsidiary to the depository business and the limited depository business if one of these is applicable to a custodian activity.


Attorney Lutz Auffenberg, LL.M. (London)





The FIN LAW Newsletter provides you with all blog articles of the month via monthly e-mail. Our newsletter is published regularly at the beginning of every month. Feel free to sign in to the FIN LAW Newsletter by clicking the button below. Of course can can sign off at any time if you do not wish to receive our newsletter anymore.