ICO News

Regulation and Licensing of Crypto Custodians in Switzerland – Lexology


This article is taken from GTDT Practice Guide: Legal Technology. Click here for the full guide.


Introduction

Applicable laws

Switzerland has not enacted any legislation that specifically governs the provision of custody services in connection with crypto assets. For this reason, the Swiss financial market laws that apply to the provision of custody services in connection with traditional financial assets may also apply to the provision of custody services (and other related services such as brokerage services) in connection with crypto assets. Such laws include, without limitation:

  • the Swiss Banking Act of 8 November 1934 (the Banking Act);
  • the Swiss Financial Institutions Act of 15 June 2018 (the Financial Institutions Act);
  • the Swiss Financial Services Act of 15 June 2018 (the Financial Services Act);
  • the Swiss Financial Market Infrastructure Act of 19 June 2015 (the Financial Market Infrastructure Act); and
  • the Swiss Anti-Money Laundering Act of 10 October 1997 (the Anti-Money Laundering Act).

That being said, Switzerland has adopted the Federal Act on the Adaptation of Federal Law to Developments in Distributed Ledger Technology (the DLT Act), which entered into force in February and August 2021. The DLT Act introduced various amendments to Swiss laws to take account of the potential offered by distributed ledger technology (DLT).

In particular, the Banking Act and the Swiss Federal Act on Debt Enforcement and Bankruptcy of 11 April 1889 (the Debt Enforcement and Bankruptcy Act) have been amended to specify the conditions for the segregation of crypto assets in the event of bankruptcy of the crypto custodian, making Switzerland an attractive jurisdiction to deposit crypto assets for safekeeping.

Notion of crypto assets

There is no uniform definition of the notion of ‘crypto assets’. For the purpose of the present publication, crypto assets will be defined as any type of financial assets, whether natively digital or digitised, registered on a blockchain or another digital, distributed and encryption-based ledger or based on similar technology, including, without limitation, cryptocurrencies and those digital assets qualifying as or representing securities or other financial instruments.

In this publication, we will mainly use the term of ‘crypto assets’, although we may also use the terms of ‘tokens’ or ‘digital assets’. Unless specified otherwise, we intend to give the same meaning to these terms.

Regulatory classification of crypto assets

In February 2018, the Swiss Financial Market Supervisory Authority (FINMA) provided guidance on the regulatory qualification of crypto assets (FINMA uses the notion of ‘tokens’) within its Guidelines relating to initial coin offerings (the ICO Guidelines).

FINMA considers that there are three categories of tokens:

  • payment tokens, which are intended only as means of payment and do not give rise to any claims against an issuer. Bitcoin is an example of a payment token;
  • utility tokens, which provide rights to access or use a digital application or service, provided that such application or service is already operational at the time of the token sale; and
  • asset tokens, which represent an asset (eg, a debt or equity claim against the issuer or a third party) or a right in an underlying asset.

FINMA has further specified that tokens may also take a hybrid form including elements of more than one of these categories. These hybrid tokens must comply cumulatively with the regulatory requirements applicable to each relevant token category. FINMA acknowledges that a token’s classification may change over time.

In addition, FINMA published its views on the regulatory classification of stable tokens (ie, tokens backed by an underlying asset such as a pool of fiat currencies or other assets) in a supplement to the ICO Guidelines dated 11 September 2019. FINMA specified that stable tokens are not considered a separate type of token category under Swiss regulation and that, depending on the rights attached to stable tokens, these would usually classify as asset tokens or as hybrid between payment tokens and asset tokens.

Payment tokens do not qualify as legal tender or other means of payment under Swiss law. However, the Swiss Federal Council has clarified that payment tokens may be used as private means of payment if the parties to a transaction agree on the use of payment tokens as the applicable means of payment for such a transaction.

Notions of custody and crypto custodians

The custody of digital assets generally means the generation, administration and safekeeping of electronic data, including in particular private keys, seeds, and passwords, that enable access to, and control over, public addresses on the blockchain.

In this publication, we use the term of ‘crypto custodians’ to designate custody service providers that have exclusive possession of the private keys or equivalent security elements and therefore have direct control over the crypto assets entrusted to them. In that sense, the notion of ‘crypto custodians’ excludes the providers of non-custodial wallet solutions that do not have access to the private keys or equivalent security elements.

While a distinction can be made between providers of custodial wallet solutions that have an exclusive power of disposal over the crypto assets entrusted to them and providers of non-custodial wallet solutions, other custody models exist. For instance, certain custody service providers may only have partial control over the private keys or equivalent security elements (eg, multi-signature schemes and custody solutions using multiparty computation technology). We will not examine these alternative custody models in this article.

Self-custody versus sub-custody

Generally, it is possible to distinguish between two main approaches with regard to the custody of crypto assets. Pursuant to the first approach, the crypto custodian holds itself the private keys or equivalent security elements by using its own custody solution, which is either developed internally or licensed by a third-party vendor (the self-custody model). The second approach consists in using the services of another crypto custodian that holds the private keys or equivalent security elements and therefore acts as a sub-custodian (the sub-custody model).

Regulation of crypto custodians

Generalities

The activities of Swiss-based crypto custodians may be regulated by different Swiss financial market laws, and different licensing requirements may apply, depending on various factors, including without limitation the type of custody model chosen by the crypto custodian as well as the type of crypto assets held in custody. It is therefore necessary to examine the main characteristics of the business model followed by the crypto custodian in order to determine which Swiss financial market laws, if any, apply. In many cases, it is advisable to seek a regulatory assessment by the FINMA prior to starting the custody activities.

Readers Also Like:  New Cochrane Privacy Policy - community.cochrane.org

It should, however, be mentioned that the providers of non-custodial wallet solutions generally are not subject to any licensing requirement or other regulatory requirements, as long as they do not have any control over the private keys or other equivalent security elements.

We will discuss below some of the key regulatory requirements that may apply to crypto custodians depending on their business model. However, this is by no means an exhaustive presentation and other regulatory requirements may be applicable depending on the specifics of the business model followed.

Licence requirements

Banking licence

According to the Banking Act, a banking licence requirement is generally triggered if a company conducting primarily a financial activity accepts on a professional basis deposits from the public (ie, from more than 20 persons) or publicly advertises this activity. According to the Swiss Banking Ordinance (the Banking Ordinance), entering into any liabilities would generally qualify as a deposit-taking activity, unless one of the exceptions defined in article 5 paragraphs 2 and 3 of the Banking Ordinance applies.

With respect to crypto custodians, article 1a paragraph 2 of the Banking Act specifies that a banking licence is required if, cumulatively, the crypto custodian (1) accepts ‘crypto assets defined by the Federal Council’ in deposit, or publicly advertises to obtain such crypto assets, and (2) invests or remunerates these crypto assets.

The notion of ‘crypto assets defined by the Federal Council’ refers to crypto assets held in collective custody in accordance with article 16 paragraph 1-bis letter b of the Banking Act and which are used to a large extent, either actually or according to the intention of the organiser or the issuer, as a means of payment for the acquisition of goods or services, or which are used for the transmission of funds or values (article 5a paragraph 1 of the Banking Ordinance). Article 16 paragraph 1-bis letter b of the Banking Act refers to crypto assets that the bank has undertaken to keep available for the depositing client at all times and that are allocated to a community and the depositing client’s share is clearly determined.

It stems from the above that crypto custodians must generally have a banking licence to provide their custody services if the following cumulative conditions are met:

  • they provide custody services to more than 20 clients or publicly advertise such services;
  • they hold the crypto assets in collective custody (no segregation, see ‘Exemptions’ below);
  • the crypto assets have a payment purpose (eg, cryptocurrencies); and
  • they pay interest on the deposited crypto assets or reinvest them.

A detailed description of the conditions for obtaining a banking licence would exceed the scope of this article. It can nevertheless be mentioned that Swiss banks generally have to meet the following licensing conditions:

  • Legal form: the Banking Act does not provide for any special rules regarding the legal form of banks, with the exception of the cantonal banks that are established as public entities or joint-stock corporations under the relevant legislation of the canton pursuant to article 3a of the Banking Act.
  • Minimum capital: the bank must have a fully paid-up minimum capital of 10 million Swiss francs (article 3 paragraph 2 letter b of the Banking Act and article 15 of the Banking Ordinance).
  • Business activity description: in accordance with article 3 paragraph 2 letter a of the Banking Act and article 9 of the Banking Ordinance, a bank is obliged to precisely define its business area in the articles of association and organisational regulations in terms of subject matter and area of operation. The scope of tasks and the geographical area of operation must be aligned with the financial possibilities and the administrative organisation.
  • Organisation: article 3 paragraph 2 letter a of the Banking Act requires that separate bodies must be set up for management and for the supervision and control of at least three members. According to article 11 of the Banking Ordinance, no member of the body responsible for the overall supervision and control may be a member of the management. In accordance with article 12 of the Banking Ordinance, the bank must also ensure an internal separation of functions between trading, asset management and settlement.
  • Internal controls: the bank must set up an internal control system and appoint an ‘internal audit’ function that is independent from the management, in addition to appointing external auditors.
  • Fit and proper requirements: members of the management and the material shareholders (ie, shareholders holding at least 10 per cent of the capital or voting rights) must meet the relevant fit and proper requirements.
  • Operation in Switzerland: the bank must be managed in Switzerland, with the management being present in Switzerland.
  • Foreign-controlled banks: if a foreign shareholder holds at least 50 per cent of the capital or voting rights or otherwise exercises control, FINMA may require the relevant jurisdiction to grant reciprocity.
  • Consolidated supervision: if the bank is part of a foreign-controlled financial group, FINMA may require that it is subject to appropriate consolidated supervision by foreign supervisory authorities (article 3b of the Banking Act), and the licence may be subject to the approval of the relevant foreign supervisory authority. Not all jurisdictions meet the requirement of ‘adequate consolidated supervision’ within the meaning of the Banking Act.

It should be mentioned that pursuant to article 4-sexies of the Banking Act, FINMA may, on a case-by-case basis, limit a bank’s ability to accept crypto assets on deposit to a maximum amount, depending in particular on the risk generated by this activity.

Fintech licence

Pursuant to article 1b paragraph 1 of the Banking Act, the fintech licence, which is a type of banking licence with relaxed requirements, is applicable to companies that either accept deposits from the public up to a maximum of 100 million Swiss francs or ‘crypto assets defined by the Federal Council’ (irrespective of the amount) or publicly advertises such activity, provided in both cases that the deposits or crypto assets are not invested and not interest-bearing.

The notion of ‘crypto assets defined by the Federal Council’ has the same meaning as the one defined in the ‘Banking licence’ section above; that is, it refers to crypto assets that serve a payment purpose (eg, cryptocurrencies) and that are held in collective custody. In addition, crypto custodians must have undertaken to keep the crypto assets available for the depositing client at all times and the depositing client’s share in the crypto assets held in custody must be clearly determined. If these conditions are not fulfilled, the crypto assets shall be treated as public deposits, and the licensing requirements corresponding to the acceptance of public deposits should be applied (Commentary published by the Federal Council on 18 June 2021 in connection with the amendment of the Banking Ordinance, page 17).

Readers Also Like:  Bonk Price Is Up 13.4%, But Experts Say New Dog-Themed ICO Can Offer 1,026% Returns - Cryptonews

It stems from the above that crypto custodians must generally have a fintech licence to provide their custody services if the following cumulative conditions are met:

  • they provide custody services to more than 20 clients or publicly advertise such services;
  • they hold the crypto assets in collective custody (no segregation, see ‘Exemptions’ below), and the conditions set forth in article 16 paragraph 1-bis letter b BA are fulfilled (if the conditions are not fulfilled, a banking licence is generally required);
  • the crypto assets have a payment purpose (eg, cryptocurrencies); and
  • they do not pay interest on the deposited crypto assets nor reinvest them (if they pay interest or reinvest the crypto assets, a banking licence is generally required).

The fintech licence requires investors to be informed in advance about the business model, the services provided and the risks associated with the technologies used, that the deposits are not covered by a deposit protection system and that there is no immediate reimbursement in the case of bankruptcy (article 7a of the Banking Ordinance).

A detailed description of the conditions for obtaining a fintech licence would exceed the scope of this article. It can nevertheless be mentioned that the following licensing conditions should generally be met:

  • Legal form: the company must be established as a joint-stock corporation, a partnership limited by shares or a limited liability company.
  • Minimum capital: the company must have a fully paid-up minimum capital of at least 3 per cent of the deposits or of the crypto assets it has taken in deposit; such capital must be at least 300,000 Swiss francs (article 17a of the Banking Ordinance),
  • Business activity description: the company is obliged to precisely define its business area in the articles of association and organisational regulations in terms of subject matter and area of operation. The scope of tasks and the geographical area of operation must be aligned with the financial possibilities and the administrative organisation (article 14b of the Banking Ordinance).
  • Organisation: separate bodies must be set up for management and for the supervision and control of at least three members. According to article 14d paragraph 2 of the Banking Ordinance, at least one-third of the members of the body responsible for the overall supervision and control must be independent from the management.
  • Internal controls: the company must set up an internal control system and appoint an ‘internal audit’ function that is independent from the management, in addition to appointing external auditors.
  • Fit and proper requirements: members of the management and the material shareholders (ie, shareholders holding at least 10 per cent of the capital or voting rights) must meet the relevant fit and proper requirements.
  • Operation in Switzerland: the company must be managed in Switzerland, with the management being present in Switzerland (article 14c of the Banking Ordinance).

Deposits in the form of crypto assets have to be held in the same type of crypto assets (ie, the same cryptocurrency or the same tokens) as they were accepted from the clients (article 14f paragraph 4 letter b of the Banking Ordinance). Subject to a possible exemption granted by FINMA, the crypto assets must be held in Switzerland (article 14f paragraph 4 letter a and paragraph 5 of the Banking Ordinance).

Exemptions

If the crypto custodian does not hold the crypto assets in collective custody but instead stores the crypto assets on a segregated basis in individual blockchain addresses for each of its clients, then neither a banking licence nor a fintech licence is required, provided that the crypto custodian keeps the crypto assets available for its clients at all times, which means in particular that the crypto custodian cannot use the crypto assets held in deposit for operations that would prevent the return of the crypto assets to the client.

Furthermore, if the crypto custodian exclusively holds utility tokens or asset tokens as opposed to payment tokens, then generally neither a banking licence nor a fintech licence is required. The rationale behind this distinction between payment tokens on the one hand, and utility tokens and asset tokens on the other, resides in the fact that payment tokens have certain features that are similar to fiat money. Given that a deposit-taking activity in connection with fiat money in principle requires a banking licence, the Federal Council considers that it is justified to require custodians of payment tokens to also obtain a banking licence or fintech licence (provided that the payment tokens are held in collective custody). On the contrary, the Federal Council considers that the risk of loss is less important for utility tokens, which provide rights to access or use a digital application or service, and for asset tokens, which, from an economic standpoint, have features similar to equities, bonds or derivative products.

In Switzerland, the depositor protection scheme protects clients who deposit fiat money at a Swiss bank against loss in case of the bank’s bankruptcy up to the amount of 100,000 Swiss francs. However, clients depositing crypto assets with Swiss crypto custodians are not protected by the depositor protection scheme. For the Federal Council, this is another reason for requiring the licensing of crypto custodians that hold payment tokens in collective custody.

Furthermore, pursuant to article 5a paragraph 2 of the Banking Ordinance, the following crypto assets are not deemed to be ‘crypto assets defined by the Federal Council’:

  • crypto assets that are held in non-interest-bearing client accounts and are used solely to execute client transactions with either (1) precious metal dealers, portfolio managers or similar companies, provided that the execution of the transactions takes place within 60 days or (2) with securities firm or trading systems which are based on the DLT;
  • crypto assets that are deposited by Swiss or foreign banks or other companies subject to state supervision; and
  • crypto assets that are deposited by institutional investors whose treasury operations are professionally managed.

The custody of the above-listed crypto assets generally does not trigger the need to obtain a banking licence or a fintech licence.

In addition, crypto custodians are not deemed to act in a professional capacity and therefore do not have to obtain a banking licence even if they provide custody services to more than 20 clients or publicly advertise such services, provided that they meet the following requirements:

  • the crypto assets have a total value of a maximum of 1 million Swiss francs;
  • they do not operate in the interest rate differential business; and
  • they inform the depositors in written form or any other form that can be proved by text before the latter make the deposit that (1) they are not supervised by FINMA and (2) the deposits are not covered by the depositor protection scheme.
Readers Also Like:  Polygon Labs Lays Off 19% of Employees for “Enhanced Performance” - Yahoo Finance

The above-mentioned exemption is known as the ‘sandbox regime’, which allows companies, including fintech startups, to test their business models in the market on a small scale without the need to obtain a licence from FINMA.

Authorisation as a securities firm

According to article 2 letter b and b-bis of the Financial Market Infrastructure Act, securities are certificated or uncertificated securities, derivatives, intermediated securities or DLT rights, which are standardised and suitable for mass trading. According to article 2 paragraph 1 of the Financial Market Infrastructure Ordinance, standardised and suitable for mass training means, in this context, that the instruments are offered for sale publicly in the same structure and denomination, or that they are placed with more than 20 clients under identical conditions.

FINMA has specified in the ICO Guidelines that it applies the following rules in connection with the classification of tokens as securities:

  • Payment tokens do not qualify as securities given that they are designed to be used as means of payment according to FINMA. Payment tokens cannot fall under the definition of securities as they do not represent any rights that are exercisable against the issuer or third parties.
  • Utility tokens may qualify as securities if the platform where they can be used is not operationally ready at the time of the token sale, or if the tokens represent rights that may be enforced against the issuer or a third party.
  • Asset tokens qualify as securities provided that they have been offered publicly or to more than 20 persons for sale under identical conditions.

Pursuant to article 41 of the Financial Institutions Act, a securities firm is an entity that, on a commercial basis, either:

  • trades in securities in its own name for the account of clients;
  • trades in securities for its own account on a short-term basis, operates primarily on the financial market and either (1) could jeopardise the proper functioning of the financial market, (2) is a member of a trading venue, or (3) operates as an organised trading facility under article 42 of the Financial Market Infrastructure Act; or
  • trades in securities for its own account on a short-term basis and publicly quotes prices for individual securities upon request or on an ongoing basis (market maker).

While securities firms may act as custodians of clients’ securities (article 44 paragraph 1 letter b of the Financial Institutions Act), the mere custody of clients’ securities does not trigger a requirement to obtain an authorisation as a securities firm. As a consequence, crypto custodians that exclusively provide custody services in connection with crypto assets that qualify as securities (eg, assets tokens and in certain cases, utility tokens) do not need to be authorised as a securities firm. As indicated in ‘Exemptions’ above, they do not need to obtain a banking licence or a fintech licence.

That being said, if the crypto custodians provide not only custody services but are also involved in the trading of the crypto assets on behalf of their clients, they must generally be authorised as a securities firm if the crypto assets qualify as securities.

Anti-Money Laundering Act

Under Swiss law, AML regulation consists of the Swiss Anti-Money Laundering Act and the Anti-Money Laundering Ordinance. The Anti-Money Laundering Act applies, inter alia, to financial intermediaries. In short, in addition to entities subject to prudential supervision, anyone accepting, holding or depositing assets belonging to other persons or assisting in the investment of such assets on a professional basis qualifies as a financial intermediary according to article 2 paragraph 3 of the Anti-Money Laundering Act. Furthermore, the Act contains a non-exhaustive list of activities that are considered financial intermediation.

A financial intermediary carries out its activity on a professional basis if it:

  • derives gross proceeds of more than 50,000 Swiss francs during a calendar year;
  • establishes business relationships not limited to a single activity with more than 20 contracting parties during a calendar year or maintains at least 20 such relationships during a calendar year;
  • has unlimited power of disposal over assets belonging to third parties in excess of 5 million Swiss francs at any one time; or
  • carries out transactions with a total volume of more than 2 million Swiss francs in a calendar year.

A financial intermediary within the meaning of the Anti-Money Laundering Act must be affiliated with an authorised AML self-regulatory organisation (SRO). Furthermore, a financial intermediary must comply with the obligations defined in the Anti-Money Laundering Act, including, without limitation, identification and know-your-customer (KYC) obligations relating to the contracting party and its beneficial owner, and must file reports to the Money Laundering Reporting Office Switzerland in cases of suspected money laundering or terrorism financing.

In the FINMA Guidance 02/2019 on payments on the blockchain dated 26 August 2019, FINMA specified that financial intermediaries supervised by FINMA must comply with the travel rule for blockchain transactions. This also applies to other financial intermediaries for AML purposes, as a result of their SRO affiliation.

Under the travel rule, the relevant Swiss financial intermediary has to transmit the same information as required for wire transfers in fiat money or, alternatively, it must:

  • identify the transferee in accordance with the Swiss AML rules as if the transferee was a client of the Swiss financial intermediary; and
  • verify the transferee’s power to dispose of the wallet address used by it through appropriate technical measures as defined by the relevant Swiss financial intermediary.

Crypto custodians qualify as financial intermediaries if (1) they act on a professional basis and (2) they have the power to dispose of the private keys or equivalent security elements of the stored crypto assets.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.