BaFin-regulated crypto custody under KWG; MiCA implementation underway
Crypto custody business is a regulated financial service under the German Banking Act (KWG), requiring authorization from BaFin. Entities must comply with strict anti-money laundering obligations under the Money Laundering Act (GwG) and governance standards outlined in BaFin circulars.
The regulatory framework distinguishes between crypto custody and other activities, with custody being the primary licensed activity for crypto firms. The Bundesbank supports clear regulation to mitigate systemic risks from private digital money, while the EU-wide MiCA regulation is set to further harmonize the landscape.
Recent guidance emphasizes suitability requirements for management bodies and risk-based AML approaches. The jurisdiction maintains a cautious stance on private stablecoins, highlighting the importance of central bank digital currency for monetary sovereignty.
German Banking Act (KWG) (2020 (amended))
Section 64y of the KWG establishes crypto custody as a regulated financial service, requiring BaFin authorization. It defines the scope of custody business and grants provisional authorization to early applicants.
[3][4]Money Laundering Act (GwG) (2020 (amended))
Designates crypto custody providers as obliged entities under anti-money laundering rules, requiring risk-based due diligence and compliance measures.
[2]Entities must adhere to strict governance and suitability requirements for management bodies as per BaFin Circular 11/2025. AML obligations are mandatory and risk-based.
[1][2]Private digital money scaling is viewed as a risk to monetary policy transmission, prompting calls for clear regulation and potential CBDC issuance.
[5][6]Email alerts for Germany updates
New circulars, rules and guidance — a digest in your inbox, same day.