Since the Electronic Securities Act (eWpG) came into force, the operation of crypto securities registers is a financial service requiring authorization in Germany. Anyone who takes over the operation of the legally required register for issuers of crypto securities must therefore have a corresponding authorization from BaFin. As regulated financial institutions, crypto securities registrars are thus also obligated parties under the German Money Laundering Act (GwG), which requires them to apply the due diligence requirements stipulated by anti-money laundering regulations. This includes identifying and verifying their customers and any beneficial owners that may be associated with them, as well as clarifying the purpose of the business relationship and continuously monitoring the business relationship, including the transactions carried out in the course of it. But when exactly and in relation to whom must crypto securities registrars apply these due diligence obligations?

Generally Four Triggers for Obligations to Exercise Due Diligence Under Anti-Money Laundering Law

Under the GwG, obligated parties must essentially apply due diligence measures in four situations provided for by law. First, they must be applied when a business relationship is established. In addition, they must be fulfilled on a transaction-by-transaction basis as part of the continuous monitoring of the business relationship. In the case of crypto transactions, however, the obligation to apply them also is given without an existing business relationship if their equivalent value at the time of the transaction exceeds 1,000 euros and the transactions were carried out by so-called occasional customers. Additionally, those obliged under money laundering law must take action if there are grounds for suspicion with regards to money laundering or terrorist financing. Finally, the GwG requires the application of due diligence in cases where an obligated party has doubts as to the accuracy of the information collected regarding the identity of the contracting party, a representative or a beneficial owner. In all cases, however, the obligation to apply due diligence measures relates to situations in which a potential or existing customer is acting.

Who Does the Crypto Securities Registrar Need to Monitor?

It makes sense to align the money laundering prevention obligations of institutions with respect to potential or existing customers. On the one hand, obligated parties must collect information from the persons or companies to be verified, which is difficult without customer contact. On the other hand, the obliged entities cannot comply with the legal order not to execute a transaction without successful due diligence and terminate the business relationship, in cases in which it may be impossible to fulfill their due diligence obligations without a customer relationship in the broadest sense. Customers of crypto securities registrars are primarily the issuers of crypto securities. They must commission the crypto securities registrar to maintain the register and enter into a contract with them. The investors of crypto securities, on the other hand, do not necessarily have a contractual relationship with the crypto securities registrar. It is of course possible for the crypto securities registrar to enter into a contractual agreement with the respective investors of the registered crypto securities as well. However, this is not mandatory by law. The core task of the crypto securities registrar is the proper maintenance of the register for the issuer. In this respect, the role of being an investor of a particular crypto security merely constitutes information which must be entered into the register. However, this does not necessarily establish a direct customer or business relationship between the crypto securities registrar and the investor.

Does This Mean Crypto Securities Registrars Never Must Verify Investors of Crypto Securities?

A business relationship may of course also arise between the registrar and the investors of registered crypto securities. Such a relationship is established in particular if a contract is concluded between the parties, for example in the form of general terms and conditions. An Individual case in which the investor asserts a legal right against the crypto securities registrar could also give rise to a business relationship. An example would be the request for an extract from the register in text form. In such a case, the registrar will also have to verify the investor according to anti-money laundering law.

Attorney Lutz Auffenberg, LL.M. (London)