The Federal Ministry of Finance is further regulating the German crypto industry with an ordinance. Germany is thus implementing the wishes of the Financial Action Task Force (FATF) in a hasty and overly strict manner. The industry is thus being further bullied, and the effect is likely to be exactly the opposite of the intention.
Oh yes, the German crypto companies would have gladly done without this post from our chancellor-to-be. As Federal Minister of Finance, Olaf Scholz signed a new regulation on 24 September.
More precisely: the regulation on enhanced due diligence for the transfer of crypto assets. It was passed on 24 September and came into force less than a week later, on 1 October. With this ordinance, the Federal Ministry of Finance continues to harass the few crypto service providers that still exist in this country, and preventively protects Germany from the establishment of new ones.
The victims of the Veordnung are all companies that work with bitcoins, cryptocurrencies or tokens in Germany in any way in a fiduciary capacity: So wallets, custodians, marketplaces and, depending on the design, also payment service providers. They are now considered “obliged entities” in the sense of the Money Laundering Act.
There are not too many of these types of companies in Germany. The only custodians worth mentioning are basically Bitcoin.de, Nuri (formerly Bitwala) and the Stuttgart stock exchange or its trading app Bison. To a limited extent, one could add SatoshiPay, which has hardly any customers, as well as custodians like Tangany or Bankhaus von der Heydt, which do not serve private customers anyway. Smaller companies could also be included, such as the Leondrino exchange or the BitBucks and CPI wallets.
The area regulated by the ordinance is very manageable. One would probably not be exaggerating very much if one stated that already now more people are busy writing, implementing and monitoring regulations than the industry has employees in this country.
When crypto custodians send to crypto custodians
If the latest prank from Olaf Scholz’s ministry is anything to go by, the list of crypto custodians based in Germany will become shorter, not longer. This is because the ordinance imposes tough to unfulfilled requirements on the industry when they carry out crypto transfers on behalf of their customers.
The nature and scope of the obligation depends on two factors: First, whether the customer receives or sends “crypto assets”, and second, whether the sender or addressee is itself a crypto service provider or not. So there are four scenarios.
First, the crypto company sends its client’s coins to a client of another crypto company. For example, you transfer bitcoins from Bitcoin.de to your account on another exchange. In this case, the regulation states, “the rules on obligations of the payment service provider of the payer under Articles 4 and 6 of the Money Transfer Regulation apply mutatis mutandis”.
According to the EU Money Transfer Regulation, this means: the company must transmit the name, account number and “the address, the number of an official personal document of the payer, the customer number or the date and place of birth of the payer”. The company must also send the name of the recipient and the recipient’s account number. I assume the account number will mean some kind of account ID or wallet address for crypto companies.
Secondly, the company receives for its customer a transaction that another crypto company has sent. For example, you send Ether to your account at Bitcoin.de from another exchange. In this case, “the rules on obligations of the beneficiary’s payment service provider under Articles 7, 8 and 9 of the Money Transfer Regulation apply mutatis mutandis.”
According to these, the receiving crypto service provider must check whether the sending service provider has transmitted the information in full. If the amount exceeds €1,000, he must also verify the accuracy of the information, using “documents, data or information from a reliable and independent source”. Only then may he credit the consignment to the recipient.
In addition, the service provider must set up “risk-based procedures” to reject payments if information is missing or other risk factors occur. Moreover, if the data is incomplete, this should be considered as an indication that a payment triggers a reportable suspicious case.
Custodian to Private Citizen
This is all pretty tough. But it’s only the first act of the tragedy. The second act is devoted to transactions flowing to or coming from private wallets.
Thirdly, if a company sends tokens or coins on behalf of its customers to an address where it does not know whether they belong to another crypto company, it has to “identify and assess the risk of misuse for money laundering and terrorist financing purposes associated with the transfer and take risk-appropriate measures.” This could be implemented, for example, by customers providing extensive information on the recipient when transferring funds and verifying this through onchain analysis or calls to the recipient.
The same obligations apply to the company when it receives a transaction from a private or unknown wallet. Here, too, the recipient should have to indicate who the sender is, and the company can check this through onchain analyses or phone calls.
The regulation specifies this still very vague wording. Risk-appropriate measures are “measures which correspond to the identified risk of the transfer in relation to money laundering and terrorist financing and which ensure the traceability of the transfer.” Transactions to or from thus trigger stricter monitoring obligations, and if these cannot be satisfied, this may become an indication of a suspected money laundering case.
Hard nuts
With the new Veordnung, the Federal Ministry of Finance is giving German crypto custodians a hard nut to crack. Especially the information requirements in dealings with other crypto providers pose several problems:
Firstly, how is a crypto company even supposed to know that the receiving wallet belongs to an exchange? If it is a new address, this cannot be found out via the blockchain; if it is an old address, the help of blockchain analysis tools is necessary.
Secondly, there is no official communication channel between exchanges to transmit the requested information. Should a German company send emails for every outgoing transaction? And should it first ask by email for every incoming one? Even if there will be such a communication channel one day – how is a company supposed to check whether information is correct if a payment is larger than 10,000 euros?
In fact, these obligations mean that German companies will be cut off from the global crypto market. It cannot be assumed that exchanges and wallet service providers around the world will go to an inordinate amount of trouble to comply with the requirements of the Federal Ministry of Finance.
The obligation to collect information for transfers to private wallets also causes problems. Can the process be automated? Who will prevent users from simply entering anything into a form? How much effort will it take to check everything? And if private transfers trigger a possible case of suspicion – will the supervisory authority then be flooded with suspicious activity reports?
At least the ordinance grants German crypto companies a generous grace period: “Obligated parties may notify the competent supervisory authority until 30 November 2021 that they will not be able to fulfil the obligations and must justify this until 31 December. A grace period will initially apply for 12 months and may be extended for a further 12 months, subject to reasonable justification.”
Willingly at your service
Fairly, it should be noted that the rules did not originate in the Federal Ministry of Finance. The latter merely applies Europe-wide and desired rules for financial transactions to cryptocurrencies. And this is not the idea of the Federal Ministry of Finance either, but of the Financial Action Task Force (FATF), the world’s most important body in the fight against money laundering. The FATF decided some time ago that in future the “travel rule” should also apply to crypto transactions. And this is precisely what the Federal Ministry of Finance is trying to implement with the ordinance.
In doing so, however, Germany is storming ahead in regulatory terms without taking into account the industry, the actual purpose of the rules or the competence and resources of the supervisory authority. It would not have been necessary to fulfil the wishes of the FATF – a body that is in no way democratically legitimised – first and foremost and then also particularly strictly. Especially not at a time like the present, when rising inflation, the ongoing Corona crisis, massive money laundering scandals and a new government are continuously challenging politics and the administration.
The consequence will probably be that German crypto companies will fall behind in global competition or change location. It has never been easy to run a crypto company in Germany. The Veordnung makes it more or less impossible.
Whether consumer protection and the fight against money laundering will really benefit if German Bitcoin and crypto users use service providers abroad in the future? Or if – which is probably just as likely – they switch more and more to DeFi or other decentralised solutions where there is no longer a custodian?
A hand that squeezes too tightly grips nothing, a Chinese sage would say. Or like this.