Decentralized Finance (DeFi) has been a megatrend in the crypto sector for several years now. The idea is to create a financial market without intermediaries. Participants should be able to interact directly and immediately with decentralized smart contracts, for example to carry out swaps involving crypto assets without having to use the services of a crypto asset service provider. However, regulated market participants are also recognizing the potential of DeFi and are working on business models that provide for automated liquidity procurement via DeFi protocols and their smart contracts, for example. Nevertheless, regulated crypto service providers (CASP) are not completely free to organize their business activities. Rather, they have to observe numerous compliance regulations, which can make the creation of corresponding business models more difficult and sometimes even impossible. CASP face particular difficulties in this respect due to money laundering prevention regulations.

Are DeFi Business Models Compatible with Anti-Money Laundering and Anti-Terrorist Financing Regulation?

For private individuals, the use of DeFi protocols is easier than for regulated crypto asset service providers in that they are not obliged by the anti-money laundering laws of the European Union and the German legislator. The situation is different for crypto asset service providers with a license under the German Banking Act (KWG), the German Investment Firms Act (WpIG) or, in the future, the Markets in Crypto Assets Regulation (MiCAR). They have to fulfill identification, verification and information procurement obligations when carrying out crypto transactions. In this respect, crypto asset service providers regulated under the KWG and WpIG are also obliged entities within the meaning of the German Money Laundering Act (GwG) and the national Crypto Asset Transfer Regulation (KryptoWTransferV). In future, crypto asset service providers regulated under MiCAR will also be obliged entities under anti-money laundering law and consequently be subject to the revised EU Travel of Funds Regulation (TFR). All of the aforementioned legal standards assume that all parties involved in a crypto transaction are identifiable legal entities. If this is the case, the originator and recipient of crypto transactions as well as the crypto asset service providers entrusted with the execution can be identified and verified. They may also be requested to provide information such as names, addresses or details of the origin of the crypto assets. However, the fulfillment of these obligations for regulated crypto asset service providers is problematic in the case of smart contracts in DeFi protocols that are not backed by an identifiable legal entity. The question then arises as to whether the non-fulfilment of the obligations under money laundering law means that the crypto asset service provider concerned cannot interact with the DeFi protocol in principle, because the legal consequence of non-fulfilment is that the transaction may not be executed.

Classification of Smart Contracts under Money Laundering Law Will Be Decisive

It is true that the legal consequences provided for by the TFR and the German AML Act in the event of non-compliance with anti-money laundering prevention obligations can lead to the impossibility of carrying out crypto transactions with the smart contract in question. However, for the legal consequences to be triggered, the corresponding obligation must first also apply in the event of interaction with the DeFi protocol. There may be doubts about this if there is no identifiable legal entity underlying the smart contract in question. This is because the originators and beneficiaries required as transaction parties to trigger the obligation to provide or obtain information under the TFR are defined in the TFR to the effect that they must be persons. However, according to the general understanding, persons can only be natural or legal persons, or, if interpreted broadly, partnerships. A mere smart contract, on the other hand, can hardly be regarded as a person in the required sense. The concept of contractual partner, which is relevant in the context of the applicability of the obligations under the German AML Act, also causes difficulties in the case of mere smart contracts in DeFi. This is because a contracting party can only be someone who can be legally bound by a contract. However, without a legally capable operator, a smart contract will not have such legal capacity. It is impossible to predict whether these arguments will find their way into the administrative practice of BaFin and the relevant European supervisory authorities. What is clear, however, is that a specific and practicable legal regulation – preferably at the European level – should be created for the interaction of regulated CASP with DeFi protocols. Particularly in view of the dangers that can arise for consumers when using DeFi protocols independently, the legal facilitation of the involvement of regulated crypto asset service providers in DeFi protocols should also be desirable from a political perspective.

Rechtsanwalt Lutz Auffenberg, LL.M. (London)



The competent lawyer for questions regarding business models connected to Decentralized Finance (DeFi) and Anti-Money Laundering regulation in our law firm is Attorney Lutz Auffenberg, LL.M. (London).