Since the regulation of crypto custody business as a financial service in the German Banking Act (KWG) as of January 1st, 2020, the crypto custody business not only includes the actual custody of crypto assets and of associated private keys for customers. BaFin authorization for operation of the crypto custody business may also be required, if the service provider intends to offer crypto management services for crypto assets. It is at this point in time not quite clear what exactly is included in the management alternative of the regulation, because BaFin in its explanatory notes regarding crypto custody did not substantially exceed the explanations provided in the legislator’s explanatory memorandum of the former federal government – when it transposed the fifth AML directive. BaFin as well as the former federal government merely point out that management in the sense of the crypto custody business includes the exertion of rights stemming from the customers crypto assets. This very broad definition is only restricted by the fact that BaFin requires an actual “taking into custody” of crypto assets respectively of private keys for all alternatives of the crypto custody business.  

What Exactly Is the Exertion of Rights Stemming from a Crypto Asset?

The definition offered by the supervisory authority is not very conclusive and sadly also leaves further leeway for interpretation which leads to little legal certainty in this context. BaFin´s understanding of the term “right“ is also unclear. It is questionable, if the term includes only those rights that must be asserted versus another legal entity, or if the term also includes those rights that benefit the bearer without any ado. A similar question arises with regards to the exertion part of the definition. Does “exertion” in this context only apply to the active and actual exertion of client’s rights versus a third party or does exertion in this context also refer to the case in which the service provider merely accepts the advantages stemming from a right on behalf of a client, without any actual activity on the part of the service provider?  

When Is the Definition of Crypto Management Relevant?

Thanks to the unambiguous statement in the explanatory note of Bafin, at least it is clear that crypto management may only be considered in cases in which the service provider takes the crypto assets of its clients into custody and actually has access to them. This generally requires that the service provider has knowledge of the private keys of the customer. As stated above it is unclear at this point, if crypto management requires an active action of the service provider or not. This question may become especially relevant in cases of airdrops, which are credited to the bearers of a crypto asset without any active action on their part but merely because they keep crypto assets in a compatible wallet which entitles them to participate in the airdrop. In contrast to that, the assertion of voting rights that are connected to crypto assets, delegating tokens for the purpose of staking, the assertion of return claims of security tokens or voting for governance purposes on the basis of token ownership will all regularly require an active action of the service provider.

Attorney Lutz Auffenberg, LL.M. (London)