Tokyo FinTech
Published in

Tokyo FinTech

German BaFin: ICOs and Tokens

German financial services regulator BaFin recently released “BaFin Perspectives”, unfortunately only in German, with an English version promised for the near future. For an international audience, we have translated key sections of the essay “Blockchain Technology — Thoughts on Regulation” as they pertain to the regulatory classification of tokens under German law.

One can observe manifestations of the blockchain economy in the financial markets today and they do reveal regulatory implications. In addition to the digital mapping of previously paper-based processes and products, such as the blockchain-based placement of a bond and the financing of foreign trade via letters of credit, new constructs with disruptive character have also started to emerge. These include, for example, the sharply accelerating capital raising through Initial Coin Offerings (ICOs), which we will consider in this essay in greater detail, due to their current significance for investors and issuers. Of fundamental importance, not only in the context of ICOs, is also the regulatory classification of the various types of digital value representation via crypto tokens. In the following, therefore, we propose a general prudential classification of various crypto-tokens and then discuss details and risks of their issuance by means of an ICO.


Each crypto-token can embody different functionality and properties. Some tokens are an integral part of a particular blockchain, such as bitcoin for the bitcoin blockchain and ether for ethereum. In addition, smart constracts on Ethereum can be used to create various functional tokens. These tokens are then created and maintained on an existing Blockchain infrastructure (Ethereum in this case). Since smart contracts are basically freely programmable and the corresponding tokens therefore vary greatly, the individual token can only be reliably classified on a case-by-case basis.

The criticism directed at this, which understandably calls for simple solutions, fails to recognize the many design possibilities and the wide range of technical properties of tokens. It fails to recognize that programmers and marketing teams are free in conceptualization; for comparable and essentially even identical tokens, there may be a thousand different terms, while a large number of different tokens can be traded under the same name. Criticism also fails to recognize that the general classification of different tokens into certain regulatory categories will, in a large number of cases, lead to unjustified results and may limit the scope for innovation. Also, such requirements are unlikely to take account of the basic legal requirements for regulatory and supervisory action, namely the principle of binding law, appropriateness, as well as the requirement of fair & equal treatment.

Fundamentally, crypto-tokens can be understood as a digital representation of an intrinsic or market-assigned value through the use of Distributed Ledger Technology (DLT). This value-based definition particularly emphasizes the prevalent use of crypto-tokens as an investment object without pre-determining whether the particular token comprises a claim or obligation of an entity or triggers other payment flows in favor of the owner in its functionality.

Also of importance will be the notion of “virtual currency” in Article 1 (2) (d) of the 5th Money Laundering Directive, which is intended to cover all potential uses of virtual currencies: “A virtual currency is the digital representation of a value not issued by any central bank or public sector entity, and is not necessarily tied to a legally specified currency and does not have the legal status of a currency or money, but is accepted as a medium of exchange by natural or legal persons and that can be electronically transferred, stored and traded“

Crypto-tokens are not unregulated per se, but — depending on the specific design — are subject to existing financial market regulation. Thus, they are not regulated generally, but rather specifically and technologically neutral according to material facts (and not marketing considerations) that are subject to legal interpretation and can therefore also cover novel facts.

The specific individual case thus determines the regulatory assessment of a crypto-token-based business model. Based on past experience in reviewing business models in connection with crypto-tokens, provisions from the German Banking Act (KWG), the German Securities Trade and Securities Prospectus Act (WpHG, WpPG) and the Vermögensanlagengesetz (VermAnlG) prove to be relevant for the determination. In addition, numerous other elements of financial market regulation come into consideration, in particular the Money Laundering Act (GwG), the Payment Services Supervision Act (ZAG), the Capital Investment Code (KAGB), but also directly applicable European secondary legislation such as the EU Market Abuse Regulation (MAR).

Clarity regarding the prudential classification of a specific project in connection with a crypto-token can — after reading the information on — be obtained by validating information with the BaFin, which is given without representing regulatory character (§ 24 Administrative Procedure Act — VwVfG).

In addition, in cases of doubt, the supervisory laws stipulate that BaFin — at a fee — determine whether a company is subject to supervision under the KWG, VAG, KAGB or ZAG. In practice, such a rule by way of individual determination is only considered in special cases, since the authority can intervene in all four relevant laws in case of discovery of an unauthorized business. In the reverse case, a negative test will only make sense as a matter of information, in principle without a regulatory character, in view of the eventual requirement to authorize a transaction, since the authority can not establish that the company is not subject to the conditional approval, as long as it has not audited the entire business of that company. In both cases, the BaFin contact form for founders offers an opportunity for uncomplicated, free and digital first contact.

Beyond the legally relevant legal criteria and their interpretation by the BaFin or the highest judicial administrative court case law, crypto-tokens can be divided into three categories:

  • Payment tokens (such as Bitcoin): They usually have the function of a private means of payment, either exclusively or inter alia, and they usually have no intrinsic value. In addition, there is little or no further functionality
  • Securities tokens (equity and other investment tokens): Users have membership rights or debt claims of assets, similar to stocks and debt securities
  • Utility tokens (app tokens, tokens, tokens of consumption): they can only be used on the issuer’s network to purchase goods or services. Utility tokens often involve very complex legal designs

Payment Tokens and Virtual Currencies

Payment tokens such as bitcoin, ether, and ripple are not currencies in the strict sense of the word that correspond to the constitutional order of a state’s monetary system. From a legal point of view, therefore, only legal means of payment and the giro credits linked to legal means of payment at state-approved credit institutes, the latter disrespectfully labeled as fiat money, would qualify as currencies. Economically, however, a currency serves as a means of payment, as a store of value and as a unit of account. These properties are directly related. None of these economic characteristics is regularly adequately met by crypto-tokens such as Bitcoin. Also, crypto-tokens are neither similar in their value nor in their characteristics to currencies or classical investments. Thus, they are not economic currency, but rather are to be regarded as a speculative object.

BaFin has already prudently assessed bitcoins and comparable so-called virtual currencies on 22 December 2011 by including them in the information sheet “Notes to the Act on the Supervision of Payment Services (Zahlungsdiensteaufsichtsgesetz — ZAG)”. The leaflet has now been amended as part of the implementation of the second payment services directive. But even then, it holds still true, in terms of content:

“The e-money term is a legal […] term that typologically represents only certain parts of the economic phenomenon of electronic money. Regardless of whether computer network, server or card-bound electronic value units act as a means of payment in economic reality, e-money is only available if it is issued in return for payment of a sum of money. […] units of value intended as means of payment drawn up in barter clubs, private exchanges or other payment systems against real economic services, supplies of goods or services or as e.g. Bitcoins are created without counter-charge in computer networks, thus are excluded from the facts of the e-money, even if they have the same economic function as e-money and economically under money creation aspects, the actual potential of privately generated means of payment […] with the deletion of the offense of the network money business (§ 1 para 1 sentence 2 no. 12 KWG) in the version of the 6th KWG amendment, the aspect of private money creation was hidden.“

Thus, BaFin not only justified the regular inapplicability of the e-money situation in § 1 (2) sentence 3 ZAG to the majority of the then known virtual currencies. It also proved that the deletion of the network assets by The Fourth Financial Market Promotion Act of July 1, 2002, was a deliberate decision of the legislature, the former facts of the network money, which had regulated the 6th amendment to the KWG (entry into force January 1, 1998) as banking under § 1 para 1 KWG, in the course abolish the implementation of the First E-Money Directive. This network money transaction covered the “creation and management of payment units in computer networks”, which not only covered the later e-money within the meaning of the EU E-Money Directive, but also included any other type of virtual units of account, such as Bitcoin, created counter-free as a kind of private allowance in addition to legal tender should have occurred.

Almost visionary with regard to later developments was the former justification of the legislator for the creation of the net monetary offensive in 1997: “The network money is stored by the user on PC hard drive and once or even multiple to handle remote payments through dialogue between the participating computers where modern cryptographic techniques should protect against counterfeiting or falsification. Payments are usually made anonymously as with cash. “

The removal of this fact, which reads as if it had been tailored to the first years of the later emerging virtual currencies on blockchain basis, it was made clear that the creation and — even more — the mere use of virtual currency as a substitute for cash or fiat money does not constitute activities subject to authorization. Virtual currencies can therefore be used to balance payment obligations between the users involved. Similarly, the mining of such tokens does not constitute a requirement for a license, as the miner does not self-emit or place the tokens themselves, at least in a Bitcoin-like system.

However, another provision from the 6th amendment to the KWG has been deliberately retained, namely the classification of accounting units as financial instruments (only) within the meaning of the KWG pursuant to Section 1 (11) sentence 2 no. 7 KWG. This left the possibility of protecting virtual asset liens in particular from the licensing requirements for transactions with financial instruments to continue to address the problem of money laundering without conflicting with the former banking network business and the harmonized regulation of e-money business.

In 2011, BaFin qualified bitcoins and comparable payment tokens as financial instruments in the form of units of account pursuant to section 1 (11) sentence 1 KWG. These are units that are comparable to foreign currencies and are not legal tender. These include units of value, which have the function of private means of payment in ring-exchange transactions, as well as any other substitute currency, which is used as a means of payment in multilateral clearing circles on the basis of private-law agreements. This does not apply to a central issuer. The currency-legal admissibility set out above is irrelevant to the assessment as a unit of account and thus as a financial instrument within the meaning of the KWG.

If, in addition to use as a means of payment or the mining of payment tokens more circumstances can be added, a permit requirement can be triggered — especially if a market is created on which they can be traded. The commercial redemption of Bitcoin into euros is subject to permission under section 32 (1) KWG. The service is to be classified as a financial commission business (section 1 (1) sentence 2 no. 4 KWG) if the service provider takes the bitcoins on commission in order to sell them on behalf of the customer to a third party on the market. In the case of an open substitution, which should not be relevant in practice, the service would be classified as a termination agency pursuant to section 1 (1a) sentence 2 no. 2 KWG. If the transaction is governed by a purchase agreement between the service provider and the customer, the transaction must be classified as proprietary trading pursuant to section 1 (1a) sentence 2 no. 4 KWG. These include regular providers who offer exchange trades, virtual exchange offices or BTC machines as direct exchange of fiat currencies in payment tokens.

If the exchange of the token does not take place directly between the parties involved in the exchange, but with the involvement of a third party (such as an internet platform acting as an instance for the exchange of virtual money into legal tender), a license requirement under § 10 Abs 1 ZAG for the provision of payment services. If the third party forwards the real equivalent value of the virtual currency on behalf of the acquirer through his account to the exchange recipient, the third party operates the financial transfer transaction (§ 1 (1) sentence 2 no. 6, 1st old ZAG). If he acts on behalf of the payee, he may fulfill the circumstances of the acquisition transaction i.S.d. § 1 para. 1 sentence 2 no. 5, 2nd alt. ZAG. A combination of both facts is also conceivable if the payment service provider works for both sides of the barter transaction (which is often the case with Internet platforms). Decisive are — as always in an assessment of tahe permit requirement — the concrete contractual arrangements between the parties. The exact definition may be difficult in individual cases, especially if the terms and conditions are not designed according to legal standards.

Obligations under the Banking Act then lead to the mandatory property under § 2 Money Laundering Act (GwG), and the debtor must in particular general due diligence (§ 10 AMLA) and record and storage obligations (§ 8 GwG) meet and internal security measures (§ 6 GwG) and in suspected cases Report to the Financial Intelligence Unit (FIU) (§ 43 GwG).

Securities Tokens

A variety of newer generation crypto-tokens, particularly those issued under Initial Coin Offerings (ICOs) / Token Generating Events (TGEs), represent an intrinsic value for the owner of the associated private key (equity and investment tokens ). This is not surprising since the possibility of digitally transmitting values without intermediaries is one of the core aspects of a blockchain economy.

Depending on the legal position conveyed by these tokens, these may be securities within the meaning of section 2 (1) WpHG. Contrary to the wording, the legal definition already makes it clear that a paper representation is not important. It is sufficient that transactions can be documented using distributed ledger or blockchain technology so that the rights embodied in the tokens can be uniquely assigned to an address (not necessarily a name):

“Securities within the meaning of the German Securities Trading Act, even if there are no certificates issued, are all types of transferable securities other than payment instruments which are tradable on the financial markets, in particular shares, other shares in domestic or foreign legal entities, Partnerships and other companies, in so far as shares are comparable, as well as depository receipts representing shares, debt securities, […] “.

This definition translates the concept of securities into national law in accordance with Article 4 (1) no. 44 MiFID II46. Based on this, the following criteria must be fulfilled at the same time, so that a token is considered as a security according to § 2 Abs. 1 WpHG:

  • Portability of the token
  • Tradability of the token of its kind in the financial markets
  • Incorporation of membership participation or debt rights in the token
  • No classification of the token as a pure payment instrument

BaFin has already informed the public in detail about these prerequisites in its letter of 20 February 2018, so that in the following we can focus on a presentation of the core aspects.

Thus, the transferability of the tokens requires that the token can be technically transferred to other users at all. In this case, the token must be “transferable according to its type”, i.e. remain unchanged in its essential legal content or technical nature when transferred to a third party. What may argue against a generic transferability in the sense of the securities property are restrictions on the number of possible transfers and the transfer only by certain, so far privileged users.

Generic standardization is crucial for the tradability of the tokens. If tokens represent individually different rights, the tokens may be transferable, but their tradability is generally not given. Tokens must be determinable in business dealings according to type and number, that is to say they are justifiable. The custody of tokens, on the other hand, based on the wording of the standard, is not a precondition for their tradability. Tradability must exist in financial markets. The possibility of trading suffices, actual trading is not required. Centralized and decentralized crypto-token trading platforms are fundamentally financial markets.

The token must embody a stock-like corporate law or other asset law of a legal nature, which must be sufficiently comparable to the examples of transferable securities, in particular bonds or debt securities, mentioned in section 2 (1) of the WpHG. Especially in view of the often hybrid nature of many tokens flagged as utility tokens, it must be ensured in individual cases that there is still a financial instrument and not an instrument that is largely attributable to the real economy. A predominantly economic reference can be questionable, in particular, if the tokens can not yet be used to procure any of the promised goods or services, since these still have to be developed. In these cases, it depends, among other things, on the efforts of the Issuer as to whether the functionality promised in the token and accompanying materials is realized. As a result, the token is primarily used for financing purposes, which may speak to the existence of a financial instrument when otherwise security-like rights are embodied in the token. The embodiment of membership rights is particularly appropriate if the token conveys a form of participation in an association-organized enterprise, so that similarity with the stock urges.

An embodiment of asset rights is obvious when the legal positions associated with the token are approximated to a debt security, such as by claiming against the issuer of the token or third parties. For this, however, it is necessary that the debt claim is in principle linked to the token and can only be transferred with it.

Finally, the token can not be classified as a pure payment instrument: The payment instrument includes, in particular, means of payment such as cash, book and electronic money, but also other instruments with which a payment transaction is initiated as intended. If a token satisfies the requirements of a payment instrument, the Token as then purely electronic means of payment excluded from the securities term of the WpHG. Particularly in these cases, classification as a unit of account pursuant to section 1 (11) sentence 2 no. 7 KWG applies.

A token qualifying as a security then also leads to the applicability of the capital market regulation tailored to securities. These include, for example, possible prospectus obligations pursuant to section 3 (1) WpPG and article 3 (1) of the German Prospectus Regulation in the case of a public offer, the applicability of organizational and behavioral obligations and the possibility of product intervention under the WpHG. Further attention should be given to the rules on trading obligations and market surveillance under MiFIR53, as well as the rules on market manipulation prohibition, the prohibition of insider trading, the ad hoc obligations for issuers and the obligations for financial analysis from the MAR, as far as the additional requirements of the Art. 2 MAR are fulfilled, ie the securities are traded in particular on a regulated market, a multilateral or organized trading system. This would be the case, for example, if a crypto-trading venue were allowed within the scope of the Regulation as a Multilateral Trading Facility (MTF) or an Organized Trading Facility (OTF). Last but not least, commercial or commercial transactions in securities are subject to the licensing requirements of the KWG and, as a result, also result in the obligation to pay pursuant to section 2 of the MLA.

Utility Tokens

In the case of pure utility tokens (app tokens, usage tokens, consumption tokens), the sole use for obtaining a real economic service is in the foreground and not a financial consideration. Utility tokens are not e-money if there is no third-party acceptance or output only against other payment tokens (such as Bitcoin and Ether). In the case of pure usage tokens, there is also a lot of evidence that the issue does not trigger any permit requirements under the KWG, ZAG or KAGB. In addition, the classification as a financial instrument under the KWG also regularly ceases with such tokens, so that any trading-related services exclusively with these tokens in the secondary market do not entail any license requirements.

Pure utility tokens, unlike virtual currencies, are also not designed as means of payment and therefore do not qualify as units of account; as a rule, they can not be included in the scope of other financial instruments in accordance with section 1 (11) KWG. However, because of the many hybrids, that is, tokens that include both elements of a usage tokens as well as those of a virtual currency or a security-like token, it often requires in-depth review.

If the alleged utility token also serves as a means of payment in the offer of the issuer, a qualification as a unit of account and thus a financial instrument according to the KWG is again obvious. From a regulatory point of view, the category of utility tokens is the result of a negative delineation to the categories of payment tokens to be audited and the security-related tokens that trigger regulatory duties.

Initial Coin Offerings (ICOs)

ICOs are economically and organizationally distinct from initial public offerings (IPOs). In some cases, ICOs are also called Token Generating Event (TGE). In an ICO tokens are sold or auctioned. The core idea of ICOs is to collect funds from third parties for an idea or business model.

ICOs often provide whitepapers that are intended to provide an overview of the planned project, but are generally not comparable with the structure, comparability and validity of securities prospectuses under WpPG. Further contact with the issuers then often takes place via various online channels such as the website, Telegram Channel and Slack. Technically, many ICOs use Ethereum Smart Contracts, which is currently the second largest by market capitalization Blockchain to Bitcoin. Such smart contracts then manage the tokens auctioned or sold under the ICO.

Economically, there are notable differences between the collection of capital through classical equity- or debt-based refinancing instruments and an ideal-type ICO that reflects elements of the blockchain economy presented here. Crypto-tokens can directly represent the value of decentralized networks determined by the contributions of third parties, while classical (corporate) participations initially reflect the value of the initiating company and only indirectly the value of the decentralized network initiated by it (not necessarily operated). In the case of decentralized networks, the efforts of the participating community and less of those of the initiator come at a certain point in time. ICOs also give private investors access to venture capital-like, but more liquid, yet riskier investment opportunities. Finally, ICOs can optimize transaction costs through the use of smart contracts — through automated, non-discretionary, decentralized and without further cross-border settlement of contractual agreements. The disintermediation effects of blockchain technology — as the basis of the ICOs — further mitigates concentration effects in intermediary-based platform economies and creates competitive pressure on these established intermediaries.

In terms of supervisory law, a distinction must be made between the initial issue of the token, the actual ICO, and the later trading of the tokens on the secondary market. The regulatory classification of the token will then have an impact on possible obligations both in the issue (such as prospectus obligation) and in possible obligations of third parties involved in the issue and secondary market trading. Particularly noteworthy here are the permit requirements explained above, in particular for secondary market transactions such as the operation of crypto traders and transactions at the interface to real money. An example of this is the operation of exchange machines, since the operation of these shops in Germany without prior permission is punishable under current law. On the other hand, owning an ICO is not essentially dependent on the legal nature of the issued tokens, as supervisory law grants a broad issuer privilege; the issue of own refinancing instruments by companies in the real economy usually does not trigger a license requirement according to the KWG.

ICOs are to be distinguished from another common manifestation, the Airdrop. An airdrop distributes free tokens from blockchain projects. If you want to get free tokens from Airdrops, you usually have to keep tokens of the corresponding blockchain project. Often, however, a return in the form of likes or retweets is required so that the Airdrop tokens are distributed. Airdrop tokens usually do not differ from regular tokens and can be freely traded. The aim of Airdrops is to increase the awareness, the trading volume and, in the long term, the value of the related cryptotoken.

In the opinion of BaFin, ICOs are highly speculative investments for investors. Investors should expect high volatility and consider a potential total loss of their investment, especially in early experimental projects. When investors purchase tokens from an ICO, most issuers are not located in Germany. There will then be no German consumer protection and no protection of personal data. Documentation through white papers is usually insufficient and confusing and does not reach the level of information of securities prospectuses under the WpPG. In order to be able to assess the risks of ICOs, a deep and especially technical understanding is necessary. ICOs often take place in the unregulated financial sector and use jurisdictions with laxer regulation. ICOs also have a structurally high susceptibility to abuse and fraud.

In order to do justice to this risk situation, on 9 November 2017 BaFin published a consumer warning and an accompanying article in the BaFinJournal. In addition, reports of claims were accumulated in the context of ICOs and there were clear signs of market overheating. Even from the crypto scene warnings were heard. The BaFin was also aware of technical shortcomings of individual ICO concepts.

The primary or main risks directly related to crypto-tokens include in particular 1) market liquidity and volatility risks, 2) counterparty and project risks and 3) technical and operational risks (including cyber security risks). These key risks relate both to specific crypto-token characteristics and their current use as well as to better-known microfinance risks related to market liquidity, volatility, leverage, etc.

Market Liquidity and Volatility Risks: With regard to crypto tokens, it should be noted that illiquid or flat market structures detract from the ability to buy or sell crypto-tokens without impacting prices. The high volatility of market prices also makes one doubt that crypto-tokens are suitable for private investors and can be used for payments and settlements. Specific risk information may include trading volume, prices, price volatility, number of users, bid-ask spreads, price spreads between exchanges, and the cost of closing deals.

Counterparty and Project Risks: The project risk of crypto-tokens from ICOs and their funded projects could affect the positions of crypto-tokens owners (investors), as the value and stability of crypto-tokens in many projects depend significantly on the project team behind the crypto tokens or the ICO stands. So it could happen that the project behind an ICO does not come about, which made the crypto-tokens ultimately worthless. This risk class is particularly relevant in the context of ICOs, as the overall size of the ICO market is still small relative to the total cryptotoken market. In addition, crypto-token brokers, crypto-trading platforms, wallet providers and other intermediaries for crypto-token owners also run counterparty risk.

Technical and operational risks (including cybersecurity risks): In the future, blockchain technology can, in principle, offer a number of advantages. However, crypto-tokens, especially those that are part of decentralized projects and therefore operate with limited effective governance structures, also pose special technical and operational risks. This includes susceptibility to theft and fraud. Cyber attacks, transaction ultimateity, poor scalability and long delays can also be operational risks. Such risks, in particular the disproportionately high dependence on functioning IT infrastructures, also exist with service providers such as crypto-token trading platforms.

The preceding analysis has shown that, depending on the individual case, not all of the tokens are subject to capital market regulation in a way that captures these risks in the same way as is the case with traditional capital market instruments. Therefore, it is important for private and institutional investors, but also in terms of financial stability and integrity, to observe indicators and transmission channels of these risks in the financial system.


The cryptotoken market as a whole has a high innovation speed, strong information asymmetries, and gaps in data availability. For both national supervisors and BaFin, as well as for European regulators and international standard setters, this means that they must continue to work intensively on the topic and follow the development.

More than 1,600 crypto-tokens are currently traded on marketplaces, with only five crypto-tokens making up the bulk of the transaction volume. Although prices for crypto-tokens have fallen significantly since the end of 2017, this has led to a significant decline in market capitalization. At the same time, however, there is a significant increase in the number and volume of ICOs: the volume is almost six times higher than in 2017 (3.9 billion). US dollars), extrapolating the figures for the first half of the year to full 2018; the figure is almost five times higher than the one in 2017 (210 ICOs) for extrapolation in the first half of the year to 2018 as a whole. Globally, more than $ 11 billion was raised in 489 ICOs in the first half of 2018. Compared to the global financial system, however, crypto-token markets are still small and therefore not yet impacting financial stability.

If you found value in this article, please “clap” (up to 50 times).

This article is part of our Tokyo FinTech Publication, please follow us to read more from our writers, like hundreds of readers do every day. Should you live in Tokyo, or just pass through, please also join our Tokyo FinTech Meetup.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Norbert Gehrke

Norbert Gehrke

Passionate about strategy & innovation across Asia. At home in Japan. Connector of people & ideas.