Germany maintains its pro crypto attitude and opposes the EU proposal on revealing and verifying identities for self-hosted wallets
The EU Transfer of Funds Regulation (TFR) proposal would impose invasive checks, extensive collection of personal data and monitoring of all transfers of crypto assets involving self-hosted wallets. It would undermine fundamental human right to privacy and expose self-hosted wallet holders to significant risks. Effectively, it would amount to a “de facto” ban on self-hosted wallets by enforcing to connect personal identities with self-hosted wallets. In an unprecedented move, Germany is opposing this EU proposal and has taken an official and critical stand against it. — Authors: Philipp Sandner, Agata Ferreira
MiCA regulation will strictly regulate almost all aspects of crypto assets (presumably NFTs will be exempt to some extent) from the end of 2023, for the entire EU. That is 400 million citizens. According to a recent survey of the European Central Bank (ECB), 10% of the population hold crypto assets.
The sentiment in European politics has been to go above and beyond international monitoring and compliance requirements regarding anti money laundering (AML) and combating the financing of terrorism (CFT). This also applies to transfers of crypto assets. The EU institutions are currently discussing Transfer of Funds Regulation (TFR) proposal under which, for every transfer of crypto asset that involves an “unhosted wallet”, crypto asset service providers (CASPs) would be required to (1) collect and verify personal information of the owners of “unhosted wallets”, including their full name, address and the ID number; and (2) for all transfers above €1,000, report this information to the relevant AML authorities.
(It is worth noting here that authorities use the term “unhosted wallets”, which sounds negative and is prejudicial. Terms such as “self-hosted wallets” or “private wallets” are more accurate and should be used instead.)
From a privacy perspective, the TFR proposal can be disastrous. Technically speaking, pseudonymous wallet addresses would be associated with their actual owners and their personal information, such as postal addresses. In case such data is stolen or leaked (and government agencies as well as CASPs are vulnerable to hacks), what would be the result? Simply speaking, imagine this threat: a view in Google Maps could be built based on such stolen/leaked data where anyone could inspect clear names, postal addresses, crypto assets (including token-based wealth such as tokenized valuables, properties or collectibles) stored and the entire crypto transactional history of a person at the corresponding address. In other words, think of a map with streets and cities and clear names associated with individuals’ wealth sitting in various houses and apartments — including incoming and outgoing transfers (tradeable tokens, NFTs, …) currently ongoing transfers as well as the entire transactions history of the past. With graph theory, you could render transaction profiles and transaction track records of people like never seen before. This could greatly compromise the safety of such persons (and their families), and expose them to cyber threats, but also to physical attacks, such as robbery or extortion. The TFR proposal creates a massive surveillance mechanism and could expose EU citizens to great risks. The context is not a niche for some IT geeks but it concerns a growing group of people in our societies holding crypto assets (i.e., 10% according to the ECB). It also seems to ignore a fundamental human right to privacy — in a region of the world where authorities want to protect any piece of personal data against misuse (remember GDPR). To get a clear perspective on this threat, it makes sense to check Google for “data breaches”. It is hard to believe and accept just how unsafe our personal data is. Apparently, data is only just “quite” safe with regulated financial service companies and with the US-based IT giants.
Now, the first politicians are starting to realize that they are overshooting. It is truly remarkable and positive that the Federal Ministry of Finance of Germany has taken quite an isolated position (up until now) against the view of the European institutions.
Germany’s State Secretary Florian Toncar wrote a letter, which sets out the position and the rationale of the Federal Ministry of Finance on two short but very firmly formulated pages. This step shows that the Federal Ministry of Finance of Germany has deeply understood the problem. It also indicates that the Ministry is in dialogue with experts from the blockchain ecosystem and with the CASPs themselves, for the purpose of knowledge exchange and sharing of business practices.
It is always a positive development when such multi stakeholders’ discussions take place, when ministers and other politicians seek to profoundly understand the issues and when the EU regulatory proposals are not accepted prima facie, but are challenged instead. Although the finance minister changed in Germany after the last elections in autumn 2021 (from Olaf Scholz to Christian Lindner), there is a lot of expertise at the Federal Ministry of Finance of Germany and associated institutions. It started about three years ago when the crypto custody rules were created in Germany and integrated in the AMLD4 framework. They came into force 2.5 years ago and now they allow the German financial industry (and German subsidiaries of foreign companies) to develop products and services in a regulatory setting that is quite friendly and provides legal certainty.
Let us hope that the step taken by the German Federal Ministry of Finance is an encouragement for others to pause for thought and speak up against such an invasive and potentially dangerous regulatory proposal.
Screenshots of the Letter
Please find an unofficial translation in English below in this article; scroll down.
Unofficial Translation of the Letter
Subject: Transmission of information for transfers of money and crypto assets; demands of the European Parliament
Thank you for your inquiry about the regulation currently being negotiated at the European level in the trilogue on the transmission of information in connection with transfers of money and crypto assets.
The position found in the Council of the EU on this proposed regulation contains the basis for a balanced anti-money laundering regulatory framework with regard to the transfer of crypto assets and can help to properly address the risks of misuse of crypto assets.
The Federal Government of Germany is critical of the demands of the European Parliament that you mentioned and has positioned itself accordingly in the negotiations. This concerns the comprehensive verification of the identity of clients and recipients of self-managed electronic wallets (so-called “unhosted wallets”) as well as reports — independent of suspicion — for certain transfers of crypto assets. The concerns about the demands of the European Parliament are also supported by a considerable wave of comments from the relevant industry.
In its position on possible money laundering risks relating to transfers from and to unhosted wallets, the Council has so far refrained from a verification obligation that goes beyond identification, since the FATF requirements do not contain any specific regulations for an individual review beyond simple identification meet cases. When preparing the trilogue in the Council, the Federal Government will work to enable crypto service providers to use blockchain analysis tools to assess the risk of the respective transfer and to take risk-adequate measures. As a result, this ensures that in the case of transfers of crypto assets from and to unhosted wallets, their owner is also identified, but that a comprehensive verification of the identification data can be omitted because the risk of money laundering and terrorist financing is checked elsewhere. This position also corresponds to the rules on crypto asset transfers which came into force on October 1, 2021, in Germany because high regulatory hurdles could trigger an evasive movement towards comprehensive anonymity.
The European Parliament’s demand for transactions with unhosted wallets above a certain threshold amount to be reported to authorities regardless of suspicion and for the supervisory authority to be subject to approval if the identification information is incomplete is difficult to reconcile with the risk- based approach used in the fight against money laundering and terrorist financing and is going also well above the Council’s position.
Finally, please allow me to point out that the identification data collected from the client and beneficiary of a crypto transfer will not be published. Rather, this data is transmitted from the client’s crypto service provider to the beneficiary’s crypto service provider. If an unhosted wallet is involved on one side instead of a crypto service provider, there is no transmission of data between crypto service providers.
If you like this article, we would be happy if you forward it to your colleagues or share it on social networks. If you are an expert in the field and want to criticize or endorse the article or some of its parts, feel free to leave a private note here or contextually and we will respond or address.
About the authors
Prof. Dr. Philipp Sandner has founded the Frankfurt School Blockchain Center (FSBC). He has been a member of the FinTech Council and the Digital Finance Forum of the Federal Ministry of Finance in Germany. The expertise of Prof. Sandner includes blockchain technology in general, crypto assets such as Bitcoin and Ethereum, decentralized finance (DeFi), the digital euro, tokenization of assets and digital identity.
Prof. Dr. Agata Ferreira is the Chief Legal Officer at Status.im, expert at the EU Blockchain Observatory and Forum, scholar and academic and a published author in the field of law and technology.