This post is part of a series on legislative changes proposed by the German Future Investments Act (Zukunftsfinanzierungsgesetz, ZFG). An upcoming post in this series will discuss the planned restrictions to the scope of the German standard terms and business test for B2B terms.
When the custodial crypto exchange FTX collapsed in November 2022, investors and regulators alike were confronted with a deceptively simple question: Are crypto-assets held in custody adequately protected in the insolvency of the crypto exchange or crypto-custodian?
Germany, a comparatively “crypto-friendly” jurisdiction with a comprehensive regulatory framework for crypto-assets, was not convinced that the existing rules on client asset protection would bite. Uncertainty does not yield confidence, and hence on 12 April 2023, the German federal government published a draft law, the ZFG, that – among other things – aims to establish a core set of client asset protection rules for German crypto-custodians, comprising of:
- Asset segregation requirements (Sect. 26b(1) of the German Banking Act (KWG)-new);
- A requirement to obtain consent to a right of use (Sect. 26b(2) KWG-new); and
- Insolvency protection for segregated crypto-assets (Sect. 46i KWG – new)
Although the draft law must yet pass the legislative process and may therefore still be amended, it is already worth taking a closer look at the new rules, not least since the German legislator by and large proposes rules which will likely only be implemented at European level once MiCA becomes effective (i.e. not before the end of 2024 at the earliest) (see our blog).
Under the new provisions, crypto-custodians will have to ensure that crypto-assets and private cryptographic keys of clients are kept separately from the crypto-assets and private cryptographic keys of the institution. Crypto-custodians may comply with this rule, for instance, through holding the crypto-assets of clients and the custodian’s own crypto-assets on separate public keys.
The draft law does not prohibit the common model of “pooled” custody by which crypto-assets from more than one client are registered on the same public key. Not all too different from the use of omnibus accounts for securities, this form of custody allows for cost and efficiency gains, as transfers between clients of the same custodian do not require an on-chain transaction and, therefore, avoid fees such transactions incur (“gas fees”). Should crypto-assets of several customers be held in custody in pooled form, the share in the total assets to which an individual customer is entitled must be determinable at any time. Similar to the “books and records” of a traditional custodian, this will usually require crypto-custodians to keep a central register of all clients’ crypto-assets.
The asset segregation requirement effectively pre-empts a similar requirement under MiCA (cf. Art. 67(7) MiCA).
Right of use
Crypto-assets and private cryptographic keys that are held in safe custody must not be used for the custodian's own account or for the account of another person without the customer's express consent.
While still fairly unusual in traditional retail markets, providing a custodian with the right to use their clients’ financial instruments for its own purposes is common practice for a range of services provided to professional clients. Most notably, prime brokers rely on their client’s permission to lend securities to third parties or to pledge securities as collateral for repo transactions entered into with a market participant (so called rehypothecation). For traditional financial instruments such as securities, the requirement to obtain the express consent of clients to use their assets is reflected in regulatory law (cf. Art. 16(8) MiFID II).
The practice of using client assets is already widespread in crypto markets. For instance, the now insolvent crypto lender “Celsius Network” relied heavily on trading, lending, selling, or pledging its clients’ crypto-assets to generate returns. Those crypto-assets that were subject to a right of use were often “locked” in longer-term arrangements entered into between Celsius Network and third parties, and the resulting liquidity mismatch contributed to the collapse of Celsius Network.
Notably, the German draft bill does not adopt the even stricter requirements under the German Custody Act (Depotgesetz, DepotG) which effectively prevent custodians from obtaining a valid right of use when safekeeping securities of retail clients due to prohibitive form requirements. In this respect, the legislative proposal appears to leave the door open to crypto-custodians offering securities lending arrangements and similar schemes to retail clients while traditional custodians have reportedly refrained from this practice – partly also in light of the DepotG.
That said, permitting a “right of use” would seem incompatible with MiCA. Under MiCA, crypto-asset service providers that hold crypto-assets belonging to clients or the means of access to such crypto-assets must not use a client’s crypto-assets for their own account (Art. 63(1) MiCA; Recital (59)). A more liberal approach proposed by the Commission has not made it into the final compromise. Provided that neither the ZFG nor MiCA will be amended on their respective legislative paths, it would appear that MiCA rules, once effective, will override the German “right of use” in accordance with the principle of the primacy of Union law.
Some flexibility may, however, remain for crypto-asset service providers. MiCA does not address lending and borrowing in crypto-assets (Recital 63e) and insofar does not prejudice applicable national law. Instead of relying on a “right of use”, crypto asset service providers may still offer an economically similar product provided that it is documented as a crypto loan.
A client who entrusts a traditional share or bond to a German custodian for safekeeping expects that its ownership interest in the share or bond is protected in insolvency proceedings of the custodian. While nuanced in detail, the client’s protection ultimately relies on is the client’s legal or – if held in a fiduciary arrangement – beneficial ownership in the instrument. However, whether any form of ownership in a crypto-asset can be acquired under German civil law is far from clear, and therefore whether clients enjoy a similar protection for crypto-assets is doubtful.
Now, according to the legislative proposal:
The crypto-asset held in custody for a client as part of a crypto custody business is deemed to belong to the client. […] This applies mutatis mutandis to the client’s share of crypto-assets in “pooled” custody and to separately held private cryptographic keys.
This does not apply if the client has given its consent to transactions in the crypto-asset for the account of the institution or third parties.
It is noteworthy that the proposal refers to “belonging” (“gilt als … gehörig”) rather than employing a more technical term. Arguably, the provision aims to provide protection to clients without the ambition to solve the more fundamental question, namely what legal right the “owner” of a crypto-asset or private cryptographic keys has. Since the legislator does not decide the fundamental question of what a crypto-asset “is”, the legislation cannot rely on the jurisprudence of the German Federal Court that spells out the requirements for a right of separation in insolvency proceedings. Instead, the ongoing regulatory supervision of compliance with the principle of asset segregation shall provide “objective evidence” that only those custody arrangements are privileged which actually confer the economic interest on the client. If enacted, the proposal will tie insolvency protection to compliance with regulatory law – a step that may take some getting used to for more traditionally minded practitioners.
While perhaps an oversight, the proposal revokes insolvency protection if clients have granted the custodian a right of use over their assets. For traditional assets such as securities, it is not granting a right of use but the exercise of such right by the custodian that makes clients unprotected creditors of their custodian. Indeed, if merely granting a right of use will be sufficient to lose insolvency protection, a wider use in the retail market may yet again prove difficult to achieve.
The proposed Sec. 46i KWG will also enable crypto-custodians to comply with Art. 67(10) MiCA, which requires that custodied crypto-assets are insulated from the custodian ’s estate in the interest of the clients of the custodian, such that creditors of the crypto-asset service provider have no recourse on the crypto-assets held in custody, in particular in the event of insolvency.
The legislative proposals draw lessons from previous failures of crypto firms and would – if enacted – allow the German regulator BaFin to step in and enforce the relevant regulations, if required. The proposals also provide clients of crypto-custodians with legal certainty as to the status of their crypto-assets in the insolvency of crypto-custodians.
Similar to the recently enacted German E-Securities Act, the legislator again shows reluctance in upending the civil law framework for assets in Germany and instead relies on legal fictions and “functional” law-making to achieve its purpose. In the long run, patchwork won’t do, and the dawn of digital assets will necessitate a larger overhaul of the legal regime, starting from Germany’s property law.
For the time being, Germany continues progressing along what may be called the “European way”, namely legitimising crypto-assets through regulation rather than establishing high barriers through regulation for providers, as would appear to be the path in the U.S.