GERMANY Law and Practice Contributed by: Stephan D. Meyer, Lars Fidan, Elisa Otto and Christian Meisser, LEXR
At the same time, MiCA has introduced a structural advantage for incumbents in the crypto space. Firms that already hold a banking or investment services licence can expand into crypto-asset services through a simplified notification to BaFin, rather than undergo - ing full CASP authorisation. This means that estab - lished institutions can enter the crypto market much faster than new entrants building from scratch. 2.5 Regulatory Sandbox Germany does not operate a regulatory sandbox. What it offers instead is an innovation hub approach. BaFin maintains a dedicated fintech unit that serves as a point of contact for early-stage companies seek - ing to understand whether their business model trig - gers licensing requirements. These interactions can be valuable for structuring a business model correctly from the outset, though it is important to note that BaFin does not provide legal advice in this context and the enquiry process requires a high level of speci - ficity. The closest equivalent to a sandbox at the EU level is the DLT Pilot Regime, which permits authorised firms to test DLT-based market infrastructure for tokenised financial instruments under modified regulatory con - ditions. Practical uptake has been limited, though ESMA’s 2025 review may lead to an expanded scope in the next legislative cycle. 2.6 Jurisdiction of Regulators BaFin supervises nearly everything that matters in German fintech regulation: banking, investment ser - vices, payments, e-money, insurance and crypto- asset services. The Bundesbank supports BaFin in prudential oversight and regulatory reporting analysis. The EU dimension is growing in importance. ESMA co-ordinates MiCA supervision across member states and maintains the register of authorised CASPs. The EBA’s technical standards effectively shape much of BaFin’s supervisory practice. From 2026, AMLA will exercise direct AML supervisory functions over select - ed high-risk entities. For cross-border fintech operations, mapping the correct supervisory authority for each activity and
jurisdiction is an increasingly critical part of regula - tory planning. 2.7 No-Action Letters German regulators do not issue formal no-action let - ters. BaFin will not provide a binding statement that a particular activity falls outside the regulatory perimeter or will not trigger enforcement. The practical alternative is BaFin’s individual enquiry process. Companies can ask whether a specific, clearly described business model needs a licence. BaFin’s responses are non-binding but carry informal weight and can reduce regulatory uncertainty at the structuring stage. The key requirement is specific - ity: BaFin will not engage with abstract or hypotheti - cal questions. Beyond individual guidance, BaFin’s published circulars and interpretive notices provide general clarity on how it applies the law to particular business models. At the EU level, a form of no-action communication has emerged in limited situations. In June 2025, the EBA recommended that national authorities temporar - ily defer enforcement of PSD2 authorisation require - ments for payment services involving e-money tokens, acknowledging the overlap with MiCA. A narrow prec - edent, but it shows that regulatory pragmatism can emerge even in a system that does not formally rec - ognise the concept. 2.8 Outsourcing of Regulated Functions Outsourcing is permitted but does not shift regula - tory responsibility. The regulated entity remains fully accountable to BaFin, regardless of what functions it delegates to third parties. BaFin requires detailed contractual frameworks cover - ing service levels, audit rights extending to the regula - tor, data protection, sub-outsourcing controls and exit arrangements. Material outsourcing requires BaFin notification. Since January 2025, DORA has raised the bar for ICT outsourcing specifically, requiring a register of all third-party arrangements and minimum contractual standards on security, incident reporting and resilience testing.
315 CHAMBERS.COM
Powered by FlippingBook