The German legislator has responded to the harmonization of European financial market regulations: In October 2023, the Federal Ministry of Finance published the draft bill for the Act on the Digitization of the Financial Market (Finanzmarktdigitalisierungsgesetz – “FinmadiG“), followed by the publication of the government draft of the FinmadiG just one month later.
MiCAR, DORA and money transfers – what does the FinmadiG implement?
The FinmadiG is intended to implement the following EU regulations on digital financial market regulation:
- Markets in Crypto-Assets Regulation (“MiCAR”): The first EU-wide uniform set of rules for markets in crypto assets (we provided information here, for example)
- The EU DORA package (Digital Operational Resilience Act): The financial sector-wide EU regulation of cybersecurity, ICT risks and digital operational resilience
- Revision of the EU Transfer of Funds Regulation (TFR): Including regulating the collection and disclosure of customer information in crypto transfers
New regulations on the terms “crypto assets” and “crypto custody business”
The FinmadiG is intended to harmonize the German definition of crypto assets with the European MiCAR standard. The term crypto assets will be removed from the catalogue of financial instruments of the German Banking Act (“KWG“), which means a realignment of the regulatory coverage of crypto assets. In future, crypto assets as defined by MiCAR will be directly covered and regulated by MiCAR.
At the same time, a new term – cryptographic instrument – will be introduced. This is intended to cover digital assets that do not fall within the scope of MiCAR (e.g. security tokens within the meaning of MiFID II) and must therefore continue to be regulated by the KWG and the German Securities Institutions Act.
Consequently, the previous national crypto custody business will also be renamed “qualified crypto custody business”. In future, it will apply to the custody of crypto assets that do not fall under MiCAR but qualify as cryptographic instruments within the meaning of national regulations.
In future, both issuers and providers of crypto services will therefore have to check exactly which crypto asset term the respective tokens fall under and which supervisory regime will subsequently apply.
MiCAR supervision by BaFin: the new Crypto Markets Supervision Act (KMAG)
The German Federal Financial Supervisory Authority (“BaFin“) is responsible for the supervision of crypto assets, issuers, and service providers within the meaning of MiCAR. To regulate its powers and sanctions in connection with the new regulation, a separate Crypto Markets Supervision Act (“KMAG”) is to be created.
The KMAG also addresses the possibility of a simplified licensing procedure for institutions that are already regulated. The exact structure of the simplified procedure is then to be regulated by a separate ordinance to be issued by the BMF.
Digital resilience of the financial sector: implementation of DORA
DORA addresses the digital operational resilience of financial companies in a standardized manner to create a common framework for the effective management of cyber security and ICT risks. BaFin recently published its own DORA information page on this.
To implement DORA, the FinmadiG provides for numerous amendments to national supervisory laws. This also includes authorization bases for BaFin orders in the event of violations of DORA as well as the introduction of administrative offenses that can be punished with a fine.
Crypto and money laundering: implementation of the TFR
The FinmadiG also aims to adapt national regulations to the requirements of the updated EU Funds Transfer Regulation. In future, crypto service providers will have to collect, transmit and make available information on the originators and beneficiaries of the transfers of crypto assets they carry out. In addition, such crypto service providers will continue to be considered obliged entities under money laundering law within the meaning of the Money Laundering Act (“GWG“).
Outlook
The form in which the implementation proposals of the FinmadiG will find their way into legislation remains to be seen. In particular, the dual regulation of crypto assets under MiCAR on the one hand and security tokens under MiFID II on the other, which was already laid out in MiCAR, will continue to challenge legal practitioners in the future. It is to be hoped that the German legislator will find a way of implementation that is comprehensible and legally secure in practice.