Crypto Asset Transfer Regulation: Increasing regulation of crypto assets
Not only is the crypto and blockchain sector developing dynamically, but the related regulations are as well: On 1 October 2021, the German Crypto Asset Transfer Regulation (Kryptowertetransferverordnung – ”CATR“) issued by the German Federal Ministry of Finance came into force. The regulation intends to improve the traceability of the transfer of crypto assets. To date, crypto assets could be transferred largely anonymously. The legislator therefore assumes these transfers involve an increased risk of money laundering, terrorism funding and other criminal activities.
Context
Regulating crypto assets has become the focus of both the German and European legislators. Since the beginning of 2020 the provision of “crypto custody services” requires a German banking licence. On the European level, the Commission submitted several legislative measure to combat money laundering, including a proposal for the revision of the European Wire Transfer Regulation (Regulation (EU) 2015/847 – “WTR”) in order to trace the transfer of crypto assets. However, the European legislative plans are still in relatively early stages of implementation. The CATR will therefore apply in Germany transitionally until revisions of the WTR come into force.
The CATR establishes duties of care for credit and financial services institutions which carry out crypto asset transfers. The provisions of the regulation apply exclusively to German credit and financial services institutions as well as German branches and branch offices of foreign institutions.
Main obligations for financial institutions
Central to the CATR is the term of “crypto asset service providers”. As the definition of this term is quite extensive the regulation concerns all (banking) companies that enable trading in crypto assets in the broader sense. The set of obligations these crypto asset service providers must fulfil depends on the extent financial institutions are involved in the transfer of crypto assets. The regulation differentiates between transfers which involve crypto asset service providers on both sides and transfers that do not.
Crypto asset service providers involved on both sides
If only crypto asset service providers act for both the payer and the beneficiary, key regulations of the WTR will apply mutatis mutandis. The application of the WTR in Germany is extended to the transfer of crypto assets.
When transferring crypto assets, the payer’s crypto asset service provider must now in particular
- supply the beneficiary’s crypto asset service provider with details of the payer and beneficiary of the transfer – including the name, account number, address and number of an official ID document of the payer and the name and account number of the beneficiary; and
- verify the accuracy of the information on the payer on the basis of documents, data or information before carrying out a crypto asset transfer.
The beneficiary’s crypto asset service provider, on the other hand, must in particular
- establish effective procedures both to identify the absence of information on the payer or beneficiary and to verify the information;
- establish effective risk-based procedures to assess whether to carry out, reject or suspend a transaction and what follow-up action to take; and
- report suspicious transactions to the competent supervisory authority on certain conditions.
Non-exclusive involvement of crypto asset service providers
If a transaction does not exclusively involve crypto asset service providers, for example because the transfer is from or to an unhosted wallet, the credit or financial services institution involved in the transaction must
- identify the risk of misuse of the transaction for the purposes of money laundering or terrorism funding;
- assess this risk; and
- take corresponding “risk-appropriate measures”. This also includes ensuring compliance with (financial) sanctions and embargoes.
Because these measures are intended in particular to ensure the traceability of the transfer, financial services institutions must collect, store and verify the name and address of the person involved in the transaction on the other side.
Transitional arrangement
Given the rapid introduction of the CATR, crypto asset service providers have been able to obtain a suspension of the obligations for up to 12 months for reasons they are not responsible for (e.g. lack of technical standards for data transfer) by notifying the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – “BaFin”) as the competent supervisory authority. This required a notification to BaFin by 30 November 2021, which then had to be substantiated by 31 December 2021.
However, if the crypto asset service provider only begins its crypto asset activities after the CATR came into force (1 October 2021), such notification and substantiation only have to take place when the activity begins. Companies can fill out the form provided by BaFin on its website since 23 November 2021 and send it to the dedicated email address (kryptowtv@bafin.de). The substantiation must state the reason for the impediment, its likely duration (12 months maximum) and the measures that will be taken to eliminate it. Providers must also indicate what measures will be used to control the risk in the meantime (such as the use of blockchain analysis tools).
Outlook
In introducing the CATR, the German legislator has made great strides in further regulating crypto assets, although corresponding legislative procedures are still underway at EU level. In doing so, the legislator has only responded to a small extent to the criticism widely voiced during the legislative process (see for example the statement by Bitkom, which especially fears major competitive disadvantages for German service providers and fragmentation of the EU market). While criminals will likely still be able to remain anonymous when transferring crypto assets despite the new rules, the CATR significantly tightens the regulatory burden for financial institutions which offer crypto asset transfers for their clients.
The CATR will no longer apply once the WTR also covers crypto asset transfers in addition to money transfers. While this is to be expected given the ongoing legislative process, it could still take about two years due to the involvement of the European Parliament and the Council of the European Union.
Firstly, companies concerned with the transfer of crypto assets should develop the necessary mechanisms and control procedures in order to comply with the legal obligations. Secondly, they should keep a close eye on the highly dynamic regulatory environment in the crypto and blockchain sector. This applies, for example, to the European legislative procedures on the Regulation on Markets in Crypto assets (MiCA) and the Regulation on a pilot regime for market infrastructures based on distributed ledger technology. Further, the new German government’s coalition agreement advocates both for a common European regulation of crypto and blockchain technologies and also the use of such technologies.