Crypto Asset Service Providers and Issuers of Asset-Referenced Tokens
According to the latest BaFin Interpretative and Application Notes (as of March 2025), crypto asset service providers and certain issuers of asset-referenced tokens are subject to anti-money laundering (AML) obligations under the German Money Laundering Act (GwG) and the MiCA Regulation (EU) 2023/1114.
The following entities are required to comply:
- Crypto asset service providers as defined under Article 3(1) No. 15 of the MiCA Regulation, provided they offer one or more crypto asset services as per Article 3(1) No. 16 of the MiCA Regulation.
- Exception: Entities that solely provide advisory services on crypto assets under Article 3(1) No. 16(h) MiCA Regulation are exempt from these obligations.
- Issuers of asset-referenced tokens under Article 16(1)(a) of the MiCA Regulation, if they do not exclusively offer these tokens to the public via a crypto asset service provider or if their admission to trading is not solely handled through a crypto asset service provider.
- Providers of crypto asset transfer services as per Article 3(16)(j) of the MiCA Regulation.
These entities must implement comprehensive AML measures to ensure compliance with regulatory requirements.
Crypto Assets and Crypto Transfers
Crypto assets are legally defined as crypto assets under Article 3 No. 14 of the GTVO 2023.
A crypto transfer is defined as any transfer of a crypto asset, in accordance with Article 3 No. 10 of the GTVO 2023.
To determine the value of a crypto transfer, the current price of the relevant crypto asset can be used, as provided by any licensed crypto asset service provider in Germany.
- The transferring institution itself may also act as the reference provider if authorised.
- The exchange rate at the time of transfer execution is the decisive value.
This ensures transparent valuation of crypto transfers and enables consistent pricing assessments.
Enhanced Due Diligence for Crypto Transfers Involving Self-Hosted Wallets
Crypto asset service providers must apply enhanced due diligence when handling crypto transfers involving self-hosted wallets.
Definition:
- Self-hosted addresses are defined as addresses under Article 3 No. 20 of the GTVO 2023.
Obligations:
- Assess money laundering and terrorism financing risks.
- Evaluate the risk of non-compliance and circumvention of financial sanctions.
- Implement appropriate risk mitigation measures.
Mandatory Measures:
- Blockchain analytics to examine transactions.
- Customer inquiries regarding the origin and destination of crypto assets.
- Collection and verification of the self-hosted wallet owner’s identity.
- Depending on risk classification, multiple measures may be combined.
Proof of Control Over a Self-Hosted Wallet:
- Accepted methods:
- Reference transaction (small test transfer for verification).
- Electronic signature of a message linked to the transaction.
- Not accepted:
- Wallet screenshots, as they are easily manipulated.
These regulations ensure that self-hosted wallets cannot be misused for anonymous money laundering and improve transparency in crypto transfers.
Conclusion: BaFin’s Crypto Regulations Are Getting Stricter
Under the latest rules in MiCA, GTVO 2023, and the GwG, crypto service providers and issuers of asset-referenced tokens must adopt extensive AML and transparency measures.
Key regulatory changes include:
✔ Strict due diligence for crypto transfers, especially involving self-hosted wallets.
✔ Mandatory risk assessment and risk mitigation measures for transfer service providers.
✔ Clear valuation rules for crypto transfers, ensuring greater transparency and accountability.
Source: BaFin-Interpretation and Application Guidance on the German Money Laundering Act (March 2025)