MaComp and Crypto – Under Which Circumstances is BaFin’s Administrative Practice Relevant for Crypto service Providers?

(For German version click here)


BaFin substantiated its administrative practice with regards to the obligations arising from the German Securities Trading Act (WpHG), the EU Commission’s Delegated Regulation EU 2017/565 (DV) and other regulations that are applicable to financial service providers with the Minimum Requirements for Compliance (MaComp). The publication provides supervised entities with information about the minimum requirements that are placed by BaFin on the implementation of legal compliance obligations. Affected businesses must establish adequate policies and procedures, as well as maintain sufficient budgets to ensure compliance of the business and the employees with the stipulations of the WpHG and the DV. They are e.g. required to establish and fund a compliance unit, to comply with specific internal audit, assessment and quality control processes as well as to provide a diligent documentation and to train their employees in regular intervals. But is this also applicable to BaFin supervised crypto service providers?

MaComp is not Applicable to Crypto Custody Service Providers

The term “compliance” generally describes the fulfillment of laws and other legal obligations. When it comes to financial services, the term is specifically used to describe the fulfillment of supervisory obligations to which investment service providers are subject to. In order to be subjected to the obligations arising from the WpHG and the DV and subsequently MaComp, a service provider must qualify as an investment service provider. Pursuant to the stipulations of MiFID II, which in Germany are transcribed into the WpHG, investment service providers are all credit institutions and financial service institutions that offer investment services. According to sec. 2 para. 8 WpHG, investment services are inter alia finance commission business, proprietary trading, investment brokerage, investment advisory services and the operating of trading facilities for financial instruments. Crypto custody services e.g. are not listed by the WpHG and are therefore not classified as an investment service. Crypto custody service providers therefore do not have to comply with the obligations set out by the WpHG and the DV and therefore are not subject to MaComp neither.

Also Other BaFin Supervised Crypto Service Providers Not Necessarily Subject to MaComp

Entities that are involved in the commercial trading of cryptocurrencies as e.g. brokers, counterparties in a trade or operators of trading facilities are often subject to authorization according to the German Banking Act (KWG), because cryptocurrencies are financial instruments in the sense of the KWG since they are either units of account or crypto assets. On the other hand, neither the WpHG nor the MiFID II on which it is based qualify units of account or crypto assets as financial instruments, meaning that dealings with cryptocurrencies alone cannot be the subject of investment services according to these provisions. This makes it possible that e.g. an operator of a crypto exchange may be subject to authorization according to the KWG but is not subject to the WpHG at the same time.

MaComp Applicable to Dealings with Security Tokens

Having said that, entities whose business model does not revolve around traditional cryptocurrencies, utility tokens or payment tokens but instead around tokenized securities (security tokens) may still be subject to the WpHG and thereby also to MaComp. Should this be the case, the business has to fulfill the minimum requirements that are stipulated by BaFin in the MaComp, which can result in a substantial additional administrative expenditure. In order to make it possible for small businesses to implement these minimum requirements, the principle of proportionality is in effect when implementing MaComp. According to this, small businesses with limited financial resources can make use of numerous flexibility clauses in MaComp which will allow them for an individual implementation of MaComp.


Attorney Lutz Auffenberg, LL.M. (London)




Our Blog Articles in a Monthly Newsletter?

The FIN LAW Newsletter provides you with all blog articles of the month via monthly e-mail. Our newsletter is published regularly at the beginning of every month. Feel free to sign in to the FIN LAW Newsletter by clicking the button below. Of course can can sign off at any time if you do not wish to receive our newsletter anymore.