Procedure for registration of crypto service providers

Crypto service providers, such as firms offering services for the exchange between virtual and regular currencies, as well providers of custodian wallets for virtual currencies must register with DNB. Blenheim helps out financial service providers in the application procedures. We’re happy to give you a brief introduction on the registration process for crypto services.

1 | The regulation of crypto service providers – legal framework

On both a European, as well as national level, the desire to regulate crypto currencies and the service providers thereof has been thoroughly expressed. After the fifth EU Anti-Money Laundering Directive 2018/843 (AMLD5) was implemented, Member States were obligated to amend their Anti-Money Laundering and Anti-Terrorist Financing legislation frameworks. Amongst others, the Dutch anti-money laundering and counter terrorist financing Act (Wet ter voorkoming van witwassen en financieren van terrorisme, the Wwft), has been amended.

The named Directive included changes respective virtual currencies, among other topics. On the 21st of May 2020, the Dutch Implementation Act entered into force, implementing the fifth EU Anti-Money Laundering Directive 2018/843 (AMLD5), placing crypto service providers under the supervision of national authorities. With the implementation of AMLD5, the exchange between virtual money (cryptos) and regular (fiduciary) money, and custodian wallet providers (hereinafter: crypto service providers) became regulated. Besides having to comply with the rules of the Wwft, crypto service providers will now have to register with the Dutch Central Bank (DNB), and their board members and shareholders who own qualifying holdings (shares representing 10% or more of shares and/or voting rights) must be assessed for fitness and propriety. They, furthermore, must conform to the integrity rules for business conduct and, lastly, request declarations of no-objection (DNO) for anticipated changes to qualified holdings in the crypto service provider.

DNB will also monitor firms’ compliance with the rules on money laundering, terrorist financing and sanctions regulations. Firms that do not register will no longer be allowed to provide crypto exchange services or offer custodian wallets.

2 | Registration of crypto service providers – Definitions

Any party, may that be individuals or legal entities, needs to abide by the rules if they are providers offering exchange services effecting transactions or enabling customers to effect transactions in which virtual currencies are exchanged for fiduciary currencies or vice versa. Furthermore, crypto service providers, so, any entity that provides services to safeguard private cryptographic keys on behalf of its customers to hold, store and transfer virtual currencies, must be added to this understanding.

Virtual currency as used in these definitions is characterized in the Wwft as “a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically”.

When do you have to register as service provider?
If one or more services are provided in a professional capacity or on a commercial basis in or from the Netherlands, providers of named activities are obliged to register with DNB. For crypto service providers, this entails that if the services provided are more than just an occasional activity, they receive renumeration or generate income from it and the activity is performed systematically or regularly, they fall within the scope of the amended Wwft provision. However, the activities carried out do not per se need to be profitable or be the provider’s main activity. If, though, the provider advertises their services or provides them to multiple customers, they may fall under this definition.

If an entity offers services for the exchange of virtual and conventional currencies, or custodial wallets, in a professional capacity or on a commercial basis in the Netherlands from another Member State, regardless of whether it is also registered there, it must register under the Act. A Member State is defined by the Wwft as a state that is a member of the European Union as well as a state that is not a member of the European Union but is a party to the European Economic Area Agreement (EEA).

For now, providers of crypto-to-crypto exchange services do not need to register with DNB. Regardless of whether they are new players or incumbent regulated financial institutions, suppliers of services for the exchange of virtual and conventional currencies, or custodian wallets, must register under the Wwft. Institutions that possess a DNB or AFM license, such as under the Financial Supervision Act (Wft) or the Act on the Supervision of Trust Offices (Wtt), must still register.

3 | Registration of crypto service providers – Process

Since the implementing amendments to AMLD5 have entered into force, firms needed to be registered by DNB, with crypto service providers that were active before the entry into force needing to submit a request for registration to DNB to be able to resume their activities. This registration process underlies several steps including the submission of both practical and substantive information. The explanatory notes to the form for registration as a crypto service provider offer a sufficient overview regarding the DNB registration process.

Details that need to be included in the registration as a crypto service provider are the following:

1. General Information

  • Company data
    • DNB requests several details about the company itself along with several documents including a certified copy of the notarial deed containing the company’s articles of association (AOA). This certified copy will need to be included for a final decision on the registration request. Furthermore, an extract from the trade register in the country of incorporation needs to be provided.
  • Contact details of external consultant
    • Seeking expert advice amounts to a substantially higher quality of request which enables the request to be handled more efficiently and quickly. If the company decides to use the services of such an external consultant, they shall provide the DNB with their details.
  • Criteria for registration
    • To be able to register, the company and services provided must adhere to the definitions set out in the appropriate legislation. These definitions are covered in Section 2 of this article.

2. Business Plan of Crypto Service Provider
Along with the request for registration form, a business plan must be submitted. This business plan needs to include a diagram illustrating the activities the company will perform as well as the transaction flows. Furthermore, an elaboration on the company strategy is requested. Included in this should be the targeted market share, envisaged origin of customers and a well-considered description of the company’s growth ambitions that includes the expected revenue from crypto services. Additionally, a SWOT analysis of the company’s strengths and weaknesses, opportunities and threats are beneficial to present the potential success of the company’s activities. Lastly, the company’s partners or chain partners need to be included if there are any.

3. Policymakers (including holders of a qualifying holding)
When submitting a request for registration as a crypto service provider, one must also submit for each policymaker with the form ‘initial assessment crypto service provider’. This includes management board members, supervisory board members, co-policymakers, and shareholders ≥10%.

4. Governance of service provider

  • Organizational structure
    • An organizational chart with the company’s organizational structure as well as a list of the individuals related to the company is requested.
  • Transparent control structure
    • A description of the company’s control structure shall be submitted as it is required by law. Along with other specific requirements regarding the control structure, group relationships and the director-major shareholder (DMS) structure may be required.

5. Sound operational management

  • According to section 23j of the Wwft, the company’s operational management needs to be set up in a way that guarantees sound business operations. Operational risks need to be analyzed to be able to anticipate mitigation measures.
  • DNB assesses several aspects surrounding sound operational management to make sure that the applying company can comply with the relevant provisions of the Wwft and the Sw. These include the following:
    • General principles of operational management under the Wwft and the Sw;
    • Description of the company’s independent compliance and audit under the Wwft and the Sw;
    • Reporting procedure under the Wwft;
    • Outsourcing agreements that are related to the Wwft and the Sw;
    • Education and training policy under the Wwft and the Sw.

6. Ethical business operations

  • In order to combat risks of money laundering and terrorist financing, a heavy focus is laid upon ethical business operations. A big part of the latter is the integrity of the company itself that must be ensured by an adequate integrity policy and regulatory framework. To formulate sufficient mitigating measures, the Wwft lays down a framework for risk assessment. There are certain elements that are required to be touched upon:
    • An analysis of integrity risks;
    • Avoiding conflicts of interest;
    • Customer due diligence;
    • Sanctions Act 1977 (Sw);
    • Transaction monitoring;
    • Obligation to report unusual transactions;
    • Designation of a day-to-day policymaker who bears responsibility for compliance with the Wwft and the Sw.

More information regarding each step of the  registration procedure as a crypto service provider can be found here.

Assessment of crypto provider by DNB

To be able to guarantee an ethical crypto service industry, DNB lays special importance upon an assessment procedure to ensure the utmost integrity of a business. An initial assessment takes place on the date of the proposed appointment of a management board member, (co-) policymaker, supervisory board member and holder of a qualifying holding. After this initial assessment, an appointee may only be appointed if a favorable decision was reached regarding either their fitness, propriety, or both. A second assessment may take place when there is a change in position due to the specific duties of each position in the company.

During the propriety assessment, an evaluation of the propriety of the candidate is reliant on their intentions, actions antecedents and whether those would stand in the way of performing their duties.

During the fitness assessment, the DNB verifies whether the appointee has sufficient relevant knowledge and skills to be able to professionally execute his role. This is determined based on the appointee’s education and work history, as well as their experience and competencies.

Concludingly, the request for registration will normally be processed in the six-month transitional period. With the help of thorough preparation, a fully completed and qualitatively sufficient request for registration along with the consultation of a legal expert, DNB expects the procedure to be successful and as fast as possible. DNB may refuse an applicant if it is the case that the applicant fails to submit all required information, or they find the information submitted to be incorrect. Information regarding the fees for registration, assessment and supervision may be found here. A rejection of an application is subject to judicial review. You can read more about the objection procedure and appeal here.

Regulatory compliance lawyers with Blenheim

We take care of the red tape which is involved in Dutch application procedures. So please feel free to contact us. Our regulatory compliance lawyers can assist you with the application procedure for licences in the Netherlands.