On May 11th, 2021, The German Federal Ministry of Finance published a working ordinance draft bill, the Crypto Securities Transfer Regulation, Krypto Wertetransfer Verordnung (KryptoTransferV), which included increased “duties of care” in the transfer of virtual assets.
Later, on June 14th, the German Federal Ministry of Finance released the updated hearing on the draft bill that requires crypto asset companies to enforce the Travel Rule. The regulation prohibits the transmission of information about clients and recipients arranged for transferring crypto values, as is the case with money transfers. This regulation is based on Regulation (EU) 2015/847 of the European Parliament and of the Council. The German Federal Ministry of Finance will approve the ordinance by the end of 2023.
Read our key takeaways:
1. Germany required the Travel Rule before the European Commission
Crypto Securities Transfer Regulation (KryptoTransferV) § 3:
“Possible alternatives do not represent justifiable alternatives to the proposed regulation with regard to proportionality on the one hand and the limitation of the threat posed by anonymous transactions on the other. A prohibition of transactions on electronic wallets that are not administered by a crypto custodian has only a very limited effect due to the mostly cross-border nature of crypto transfer business and presents itself as a less proportionate alternative compared to the proposed transmission of information. Due to the high risks posed by anonymous crypto power transfers, the adaptation of European regulation cannot be waited for.”
Notabene takeaway: This is a strong example of a national regulator taking things into their own hands and moving forward with crypto rules before being enforced on a European Union level. In this case, the German regulator implies that imposing Travel Rule is a more effective alternative to banning non-custodial wallets due to their cross-border nature.
2. Germany views transfers to self-managed electronic wallets as the starting point of a suspicious transaction.
Crypto Securities Transfer Regulation (KryptoTransferV) § A:
In addition, the transfer of cryptovalues to an electronic wallet that is not managed by a crypto custodian (self-managed electronic money exchange), or vice versa, is viewed as a case constellation with increased risk. So can the Forwarding of crypto values to a self-managed electronic wallet represent a starting point for a suspicious transaction.
Notabene takeaway: While many regulators have signaled that they view transactions to non-custodial wallets as higher risk, it is surprising to see that the German regulator deems them as a starting point for suspicious transactions. This is a stricter stance than what FATF details in their latest guide. We expect that this will impact whether German VASPs will continue to allow transactions to non-custodial wallets, especially ones to third parties.
3. The German proposal includes estimations of compliance costs
Crypto Securities Transfer Regulation (KryptoTransferV) § V:
"This ordinance does not impose any costs on citizens.
The estimate of the compliance burden is subject to considerable uncertainty. If the requirements of the Ordinance are largely met, the compliance burden on business will be higher. If greater use is made of the notification requirement under Section 4 of the Ordinance, the costs for the economy will be lower.
For the business community, there will be recurring compliance costs of approximately €420,800. In the event of an increase in the number of cases, no further costs for the implementation of Section 3 of the Ordinance can be assumed due to the expected automation of data transmission and the associated synergy effects, especially since it is expected that providers will offer flat rates for the implementation of data transmission for crypto value transfers.
The administration will incur recurring compliance costs of approximately €157,000.”
Notabene takeaway: It is a reasonable effort for the regulator to quantify potential compliance costs for regulated institutions that must comply quickly. However, it is unclear how these estimates were reached without a more detailed breakdown of the charges, the large upfront investments companies need to make, and the daily maintenance costs to ensure proper detection of suspicious activity (e.g., additional compliance and technical team resources, software costs.) It would also help if the regulator can clarify the sources of the estimates involved or perform further consultations with the private sector and technology vendors like Notabene to arrive at more precise estimates.
4. German PII requirements are in line with the FATF Recommendations.
Crypto Securities Transfer Regulation (KryptoTransferV) § 3 paragraph 1:
“The obligor performing the transfer on behalf of the principal shall ensure that the following information is determined and stored: Name of the client
address of the client or the number of an official personal document of the client or the client number or the date and place of birth of the client
Number of the originator’s account (for example, the public key)
Name of the beneficiary and number of the beneficiary’s account (for example, the public key.)”
Notabene’s takeaway: This is in line with FATF and the most recent EU regulations. For VASPs, more streamlined Travel Rule requirements make it easier to roll out Travel Rule effectively.
5. This draft accounts for a possible lack of technical capability.
Crypto Securities Transfer Regulation (KryptoTransferV) § 4:
“Section 4 (1) opens up the possibility of notifying the competent supervisory authority pursuant to Section 50 no. 1 AMLA that the transmission of information cannot yet be implemented or cannot be implemented in full due to a lack of technical capability for standardized transmission. The notification shall result in a suspension of the obligations under Section 3, provided that the competent supervisory authority under Section 50 no. 1 AMLA does not raise any objections under paragraph 2. Insofar as the technical implementation of the data transmission has already been taken into account in the structuring and issuance of crypto securities, a suspension of the obligations pursuant to Section 3 (2) shall not be considered.
Notabene takeaway: In the absence of viable and standardized technical messaging protocols, the German regulator can grant VASPs grace periods of up to one year. VASPs need to take steps for risk mitigation during this period, such as restricting certain types of transfers.
*Please note that we used DeepL to translate the original draft regulation from German to English.