German Federal Supervisory Authority (BaFin) provides guidance on regulation of ICOs

| |


On 20 February 2018, the German Federal Supervisory Authority (BaFin) issued its highly anticipated statement (GZ: WA 11-QB 4100-2017/0010) on the requirements for a token to be classified as a “financial instrument” under applicable European and German supervisory laws.

In Depth

On 20 February 2018, the German Federal Supervisory Authority (BaFin) issued its highly anticipated statement (GZ: WA 11-QB 4100-2017/0010) on the requirements for a token to be classified as a “financial instrument” under applicable European and German supervisory laws.


Initial coin offerings (ICOs) have played an increasingly significant role in discussions concerning blockchain-related projects. When this new way of financing evolved with the rise of Ethereum, regulators first took the role of observer. Recently, however, they have begun to crack down on ICOs. BaFin itself issued a consumer warning in November 2017. One of the latest measures taken was the issuance of guidelines by Switzerland’s authority (FinMa) on 16 February 2018. In addition, on 22 February 2018 the Belgian supervisory authority issued a consumer warning and the French authority (AMF) published the findings of its consultation regarding ICOs.

In most cases, ICO-related discussions have been focussed on the following questions:

  • How – based on their features – may the various kinds of tokens be divided into one or more of the “classes” security tokens1, cryptocurrency tokens and utility tokens?; and
  • Following such classification, which regulatory regime should apply to each such token class?

FinMa, for example, has chosen to apply such conceptual tripartite division and also has provided some insights which criteria the supervisory authority intends to use in order to determine the asset class(es) of each token.


Despite its rather restrictive title BaFin provided guidance regarding which supervisory law regulations generally may be triggered in an ICO (in addition to regulations triggered by the token being regarded as a financial instrument within the meaning of MiFiD II or the German Securities Trading Act (Wertpapierhandelsgesetz)). The applicable regulations include the following:

  • MiFiD II;
  • the German Securities Trading Act (Wertpapierhandelsgesetz);
  • the German Securities Prospectus Act (Wertpapierprospektgesetz);
  • the German Capital Investment Act (Vermögensanlagengesetz);
  • the German Banking Act (Kreditwesengesetz);
  • the German Capital Investment Code (Kapitalanlagegesetzbuch);
  • the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz); and
  • the German Insurance Supervision Act (Versicherungsaufsichtsgesetz).

Case-by-case assessment will determine the specific regulations that apply. BaFin provided some insights on the pain points it anticipates in applying the aforementioned regulations.


Regarding the sheer scope of the assessment required to determine which regulation may be triggered by an ICO from a supervisory law perspective there is nothing new in BaFin’s statement. Potential issuers of tokens should bear in mind that BaFin did not comment on potential implications deriving from consumer protection laws or anti-money-laundering laws as the Money Laundering Act (Geldwäschegesetz). If triggered, these regulations also could place obligations on the issuer in an ICO.

A notable element in the statement is BaFin’s more differentiating approach, both on a terminological and a material level, regarding the assessment of whether a token will be regarded as regulated under the German Banking Act (Kreditwesengesetz). BaFin’s previous statement on virtual currencies did not provide a clear definition of the same. It therefore allowed for the interpretation that all tokens were to be classified as units of account and thus were financial instruments within the meaning of the German Banking Act (Kreditwesengesetz). As a consequence, an approval would be needed for the realisation of certain business models in connection with such “virtual currencies”. BaFin’s statement of 20 February clarified that only tokens which serve as means of payment on a network will be regarded as units of account within the meaning of the German Banking Act (Kreditwesengesetz). Under the tripartite classification mentioned above, only cryptocurrencies would be regarded as “units of account”. Whether tokens that exclusively provide for features other than being used for payment purposes will be subject to the German Banking Act (Kreditwesengesetz) will depend on whether they meet the qualifications for any of the other types of a financial instrument set out in the German Banking Act (Kreditwesengesetz).

BaFin’s statement furthermore indicates that it acknowledges the various features which can characterise tokens. BaFin also takes these into account when assessing which regulation shall apply. According to the statement, BaFin differentiates between virtual currencies and acknowledges the existence of utility tokens. However, the statement did not provide clear guidelines on how to classify tokens, or information on when a token will not be regarded as a security within the meaning of the German Securities Trading Act (Wertpapierhandelsgesetz) or a transferable security within the meaning of Art. 4 (1) (44) MiFiD II. BaFin stated that any tradable and negotiable token which is not to be regarded as a payment instrument shall be regarded as a (transferable) security and will therefore trigger the respective regulation if it embodies any (i) shareholder-like claims, (ii) contractual claims or (iii) any other claim which is comparable to the ones set out in (i) and (ii).

This would have the following consequences: the scope for a (non-security) utility token would be restricted to tokens which only factually give their holder access to a platform and/or a service without giving the holder any contractual claim. This approach differs from the one chosen by FinMa, which states that a security token must be materially comparable to the instruments that are expressly regarded as financial instruments (e.g., shares). AMF seems to take the same position as FinMa. It therefore remains to be seen whether BaFin will in fact adhere to this rather strict approach set out in its statement.

This approach taken by BaFin also might shift the focus of discussions concerning supervisory law matters into the field of civil law. Under BaFin’s approach, it seems that securities laws shall be triggered in case any (negotiable and tradable) claim is granted in favour of a token’s purchaser. BaFin’s statement does not rule out the possibility that such claim may, at least under German law, also result from implication. As a result, if an issuer wants to ensure that it avoids securities law regulation, it will have to make sure that, inter alia, the token grant agreements, the whitepapers and potentially any of the issuer’s declarations towards purchasers may not give rise to such contractual claim.

In connection with the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz) it remains unclear whether certain tokens may be regarded as e-money. BaFin’s statement as to the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz) only indicated that tokens which are created “from thin air”, i.e. from an algorithm without transferring any claim against the issuer (such as Bitcoin), do not constitute e-money. Therefore, neither any services related to such tokens nor their issuance require approval under the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz). However, if tokens are created via a smart contract (on the Ethereum network, for example) and also transfer a claim to the holder, such caveat does not apply. Some scholars therefore argue that such tokens may be regarded as e-money if further requirements are met. BaFin’s general reference to § 10 ZAG, especially the reference to § 1 para 1 s. 2 Nr. 5 2. alt ZAG in case a third party is involved in a token transaction, could be interpreted as confirmation of such understanding. This probably was not BaFin’s intent, but its statement remains open for interpretation.


Even though BaFin’s statement provides clarification on some points, BaFin has missed a chance to give clear guidance on how it will treat tokens granted in an ICO. An especially important question remains as to how BaFin will differentiate between security tokens and utility tokens—i.e., which kinds of tokens shall be subject to capital markets supervisory laws and which shall not. Based on BaFin’s statement only, any issuer will need to make sure that the token gives its holder no contractual claim at all. It remains sensible to approach a lawyer and BaFin in case an ICO is planned.

The legal ecosystem around distributed ledger technology and especially ICOs continues to evolve. It is to be expected that more authorities across Europe soon will issue statements regarding the treatment of ICOs. Such statements could have an effect on BaFin’s approach, so stay tuned.


[1] Other terms for such token class commonly used are, inter alia, investment tokens and asset tokens. Given that such asset class shall trigger the regulation which is linked to “financial instruments” under European and German law, one might as well refer to them as financial instrument tokens.