For several month now, projects that provide applications within the decentralized financial markets continue to gain in significance. The buzzword Decentralized Finance or its abbreviation DeFi relates to smart contract applications (DApps), which enable users to conduct business on the financial markets without the need of a central service provider. The most prominent examples are decentralized exchanges (DEX), which enable users to exchange crypto assets into other crypto assets without the necessity of a centralized platform operator, but instead via the usage of an automated functioning smart contract embedded in a blockchain infrastructure. According to German regulatory banking law, the operation of an exchange for crypto assets is an activity which in most cases is subject to prior authorization and ongoing supervision from BaFin respectively by BaFin and the German Federal Bank. Where an exchange lacks an operator, the question of how the financial market regulation can be applicable to such exchange arises.



The operation of an exchange for crypto assets may fulfill various different banking activities and financial services that are regulated by the German regulatory banking law and that are therefore subsequently subject to authorization. It is conceivable that the operation of an exchange is conducted by way of investment brokerage, proprietary trading, financial commission business or in the form of a multilateral trading facility. In order to trigger an authorization obligation pursuant to the German Banking Act (KWG) with a subsequent institutional supervision, the activity has to be conducted by an operator who can be the addressee of the supervisory obligations, even more so because the KWG only imposes authorization obligations on “someone” (wording of the KWG: “who”), that conducts banking activities or provides financial services on a commercial scale in Germany. It is therefore conceivable that a decentralized exchange, which conducts exchange orders of its customers related to crypto assets in an automated way may qualify as a multilateral trading facility in the sense of the KWG, but due to the lack of an operator an authorization obligation is not triggered anyways.



The lack of an operator in the traditional sense for DeFi projects is not necessarily a self-evident fact that can be assumed without any further examination of the concrete project and its history. It is also possible, that a certain contribution of an initiator or an involved party aiming at the implementation of a DeFi project can be qualified as the operation of the project in the sense of the KWG. This of course would trigger the aforementioned authorization obligations for the initiator or involved party. This could for example be the case for projects that do not completely operate in a decentralized manner, but instead have a central instance in the background which has administrative rights for the underlying smart contract and therefore reserves the right to influence the settlement of transactions. The scope of these administrative rights in the specific case determines, if the initiators or involved parties can be qualified as operators in a regulatory sense. Moreover, the obligation to obtain authorization in accordance to the KWG would also require the operator to conduct the operation on a commercial scale and furthermore, the operation itself would have to specifically relate to the Federal Republic of Germany.



The current financial market regulation is hardly suitable for the regulation of DeFi projects without an operator. DeFi systems are often out of the reach of the competent authorities when it comes to supervision and therefore also with regards to the fulfillment of financial markets supervisory compliance obligations. The complete lack of regulation in this area poses a significant threat to the stability and integrity of the financial markets as well as for investors. Incorrect code may lead to irreversible damages for users as well as for the markets. Money laundering prevention can also not be conducted without a central operator being obligated to conduct audit, documentation and notofocation measures. Without an operator, the fulfillment of general requirements for institutions regarding subjects such as a suitable and effective risk-management or an adequate IT-security cannot be ensured. The creation of an effective and reasonable regulatory regime for DeFi projects should be addressed as soon as possible. In order to avoid national solo efforts, it would be helpful if the subject would be included in the upcoming Markets in Crypto Assets regulation (MiCA) by the European Commission.


Attorney Lutz Auffenberg, LL.M. (London)





The FIN LAW Newsletter provides you with all blog articles of the month via monthly e-mail. Our newsletter is published regularly at the beginning of every month. Feel free to sign in to the FIN LAW Newsletter by clicking the button below. Of course can can sign off at any time if you do not wish to receive our newsletter anymore.