The rising interest in cryptocurrencies, especially of professional investors and the steadily growing acceptance of tokenized investment products on the capital markets prompted the German legislator to introduce crypto securities as a new sub-type of securities. These are a special form of electronic bearer bonds which do not require securitization in a paper document. With crypto securities, the ownership of investor rights resulting from the bearer bond are represented through the ownership of the crypto token. The German legislator chose a registry-based solution in order to implement the aforementioned system in a legally sound way. The ownership of the tokens which represent the crypto securities as well as the current terms of the bearer bonds and additional base-data regarding the issuance will be displayed in a crypto security registry. The operation of such a registry will be reserved for so-called registry operators, which are authorized by BaFin to conduct this activity. It is for this reason, that the financial service of operating a crypto security registry has been introduced to the German Banking Act (KWG).  


What is the Activity of Operators of Crypto Security Registries?

The registry operators for crypto security registries must keep the registries on a recording system that is forgery-proof, records the data in the correct chronological order and is secured against unauthorized deletion and subsequent changes. DLT solutions are therefore especially well suited as infrastructures for crypto security registries. The applicable law is nevertheless worded in a technology neutral manner which leaves room for future innovations. Beyond the obligation to register the the owner and the issuer of the securities, registry operators must also register the nominal amount, the issuance volume, the essential rights that are connected to the respective security as well as the associated securities identification number (ISIN). It is within their responsibility, that the current ownership of a crypto bond is at all times comprehensibly and accurately displayed. The public may legally rely on the correctness of the displayed data in a crypto security registry.     


What are the Regulatory Requirements that Operators of Crypto Security Registries Must Fulfill?

The law sets out strict requirements for obtaining an authorization for operation of a crypto security registry, even though these requirements are considerably lower for businesses which intend not to offer any other financial services, but instead exclusively operate a crypto security registry. To begin with, operators of a crypto security registry have to dispose over a regulatory starting capital of 150,000 euros. They are furthermore required to have a fit and proper director, reliable owners and especially important, a proper business organization. Should it be intended to exclusively operate crypto security registries and no other financial services, the requirements regarding the disposable funds, overall liquidity, required capital buffers and the remuneration systems for employees are considerably lower in comparison with those placed on other financial institutions.   

Transition Period Allows Operators of Crypto Security Registries to Obtain a Preliminary Authorization

For not interfering with already existing business models and for facilitating the transition of the crypto market to the new rules, the KWG provides for transitional rules for businesses which intend to offer crypto security registry operation or already do so. Operators of crypto security registries may obtain a preliminary authorization for their business, if they begin the business activity until the 10th of December 2021 and notify BaFin at least two months prior to the start of their activities. The last possible date for a valid submission of such notification to BaFin is therefore the 10th of October 2021. The submission to BaFin must set out that a sufficient starting capital is indeed in place, that the director/directors is/are fit and proper and that the applicant has worked out a sustainable business plan with regards to the intended operation of a crypto security registry. In case of filing a valid notification to BaFin, the applicant must submit a full and comprehensive application for operation of crypto security registries at least six months after the date of the notification.


 Attorney Lutz Auffenberg, LL.M. (London)





As it has already been the case for crypto custody service providers, the German Banking Act provides for a preliminary authorization for operators of crypto security registries. But what are the requirements that must be fulfilled by operators intending to use this option and even more importantly – until when?