Not all business activities that are related to crypto assets or blockchain are automatically subject to authorization pursuant to the German Banking Act (KWG). The obligation to apply for a BaFin authorization is reserved for business models that involve a banking or financial service and that are related to blockchain units which are either considered crypto assets or another form of regulated financial instruments. For a lot of providers whose business models in one way or another revolve around the acquisition and disposal of cryptocurrencies, the operation of the business constitutes a banking or financial service which is subject to authorization. In this context, it is also thinkable for specific business models that various companies work together and some of them exclusively perform mere technical services or another form of complementary activity that can be provided without a prior authorization by BaFin. But do technical service providers really do not have any relation to BaFin?
SUPERVISORY OBLIGATIONS ARE APPLICABLE TO TECHNICAL SERVICE PROVIDERS IF ESSENTIAL ACTIVITIES ARE OUTSOURCED
Even though technical service providers in general do not require a BaFin authorization for their activities, if their contribution to the product cannot be qualified as banking or financial services, they nevertheless may still be subject to supervisory obligations if they provide their services to businesses that are supervised by BaFin and the Federal Bank of Germany and if the service constitutes as the outsourcing of an essential activity. A service may be deemed as the outsourcing of an essential activity, if e.g. the provided service is either essential for the business model of the outsourcing business or if it is related to the compliance obligations of the outsourcing business such as AML, internal revision or risk management. Should the provision of a technical service be qualified as the outsourcing of an essential activity, BaFin requires the outsourcing entity to fulfil certain requirements when concluding the contract with the service provider. These minimum requirements stipulated by BaFin revolve around subjects such as unlimited information rights with regards to the provided services that have to be provided to the supervised business as well as to the supervising authorities and to commissioned auditors, the right of the supervised institution to instruct the service provider to comply with supervisory obligations at any time, the agreeing upon reasonable cancelation periods and many more. On basis of such contractual provisions, the technical service provider may indirectly be subject to supervisory obligations that originally targeted the outsourcing institute.
FULL RANGE OF SUPERVISORY RIGHTS IN CASE OF ILLEGAL BUSINESS ACTIVITIES EVEN WITHOUT OUTSOURCING AGREEMENT
Supervisory actions of BaFin may target technical service providers even without an outsourcing agreement, if the outsourcing institute is not authorized for conducting its business while being subject to an authorization requirement. Entities being involved in such illegal activities may be forced by BaFin to cease their entire business activity immediately or to rescind the provided services. A thorough and careful examination of the crypto-related business models of a cooperation partner is therefore advisable to any technical service provider prior to entering in a cooperation agreement. The involvement in illegal banking or financial services of business partners may not only lead to the sanctions from BaFin but also to a permanent damage of the business reputation of the technical service provider.
Attorney Lutz Auffenberg, LL.M. (London)
OUR BLOG ARTICLES IN A MONTHLY NEWSLETTER?
The FIN LAW Newsletter provides you with all blog articles of the month via monthly e-mail. Our newsletter is published regularly at the beginning of every month. Feel free to sign in to the FIN LAW Newsletter by clicking the button below. Of course can can sign off at any time if you do not wish to receive our newsletter anymore.