At the end of May, the German Federal Ministry of Finance (BMF) published a draft regulation on “enhanced due diligence requirements for the transfer and trading of crypto assets.” To put it drastically, this draft is intended to ensure that Germany falls far behind as a location for crypto companies without need.
Of course, what the “Regulation on Enhanced Due Diligence for the Transfer of Crypto Assets” is supposed to order has not been thought up by the Federal Ministry of Finance (BMF) alone. Rather, the government is trying to comply with two international orders. On the one hand, the EU has determined with the latest update of the money laundering rules that crypto service providers must also comply with them. This is not entirely new, but has not yet fully coagulated into national laws. On the other hand, the Financial Action Task Force (FATF) has “recommended” – ordered would be more accurate – that the so-called Travel Rule should also apply to the crypto industry. This obliges financial service providers to identify and store personal data of both sender and recipient for each transaction.
However, both the timing and the form of implementation depend on national governments. The BMF is now coming up with a particularly early and particularly sharp cast in national laws. As justification, the ministry points to the 2018/2019 National Risk Analysis prepared in-house, which indicates risks associated with crypto transactions, making it necessary to act before the EU has made and implemented a decision. This reading of the risk analysis is, as we shall see, crashingly selective.
The regulation itself is relatively short, but painful. It says that crypto service providers must ensure “that the names and addresses of transaction participants are identified and stored.” They must “take risk-appropriate measures to ensure that the determined name and address are accurate in each case.” Where technical standards do not yet make this possible, firms must report this to the supervisor, including a justification as well as mentioning any other “risk-mitigating measures” the supervisor has taken. In that case, the supervisor would grant a slightly longer period.
In other words, any crypto custodian – exchanges, wallets and so on – based in Germany must, under this regulation, establish in each case who is the sender and receiver of a transaction. If the transaction flows to another crypto custodian, no matter where, the company must provide it with the sender’s personal data. If, on the other hand, the transaction goes to a private wallet where the user keeps the Bitcoins himself, this constitutes a “case constellation with increased risk” – a “clue to a conspicuous transaction.” In that case, the crypto custodian must obtain beneficiary information from its user and check it particularly thoroughly. The same is true when a crypto custodian receives a transaction from a private wallet.
- Put another way, cryptocustodians must somehow establish a communication channel to all other cryptocustodians that does not yet exist; they must use tools like wallet explorers to check where their customers are sending cryptocurrency; and they must consider it a special case of suspicion when their customers use their own wallets.
- And to put it another way one last time, the regulation threatens to trigger a clear-cut in the German crypto industry. Or, at the very least, massively hinder the creation of new crypto startups for years, if not decades to come.
Objections from all sides
At least the Federal Ministry of Finance is giving industry representatives the opportunity to make a statement. In view of the extreme extent of the Veordnung, these react extremely critically almost across the board.
Bitkom, the German Association of the Digital Economy, shares the BMF’s goal of “being able to detect the misuse of crypto assets even better”. However, the measures proposed by the ministry “run counter to this goal. They threaten to prevent German service providers from performing “central functions of their business model,” such as the transfer of coins to private wallets or in smart contracts, thus forcing German customers into the unregulated market of foreign providers. This would limit the scope for action against money laundering instead of promoting it.
In any case, Bitkom questions the necessity of the regulation. If you take a look at the National Risk Analysis of 2018/19 – which the Federal Ministry of Finance states is the decisive reason – you will see that it does not state that crypto transactions pose a risk in terms of money laundering and terrorist financing and that there is an absolute and immediate need for action. Instead, one finds the info that – quote: “currently no large-scale money laundering activities are discernible yet.” As far as terrorist financing is concerned, the risk analysis even finds “no confirmed evidence that crypto assets are being used on a larger scale.” As a result, the Bundesverband Blockchain doubts whether there is any need at all to rush ahead of a European solution with such a hasty regulation.
Like Bitkom before it, the Bundesverband is primarily concerned about the outlawing of transactions on private wallets. This is precisely “the purpose of crypto assets” and imposes a general suspicion on millions of users.
Even the German Association of Money Laundering Officers (BVGB) criticizes the regulation. In itself, the “goal of combating money laundering as well as terrorist financing” is of course “desirable in terms of legal policy.” However, the regulation “faces practical difficulties to such a considerable extent that they ultimately have a prohibitive effect on the business models of the providers concerned”. Surprisingly, the Bundesverband der Deutschen Volksbanken und Raiffeisenbanken also shares this opinion. Of course, it too supports the goal of preventing money laundering and terrorist financing. However, “the specific factual and legal foundations of this innovative business field” – the crypto industry – should be taken into account. Therefore, the association calls for a more intensive discussion with the providers of the industry. In its current version, the regulation contains so many serious technical, legal and data protection problems that “the draft should be abandoned.”
- Deutsche Börse Group, on the other hand, supports the draft. It is “an important building block for increasing transparency”. It would only like to see one addition: the address of the beneficiaries should also be recorded.
- It remains to be seen whether the Federal Ministry of Finance will take into account the massive objection of the commentators. Anything else would be a mockery.