BaFin publishes advisory letter on the classification of tokens as financial instruments

ICOFor some time now, BaFin has been receiving an increasing number of queries enquiring whether tokens and virtual currencies (referred to as ”tokens“) marketed to investors in initial coin offerings (ICO’s) are considered to be financial instruments. BaFin has now published an advisory letter in which it states its position on the regulatory classification of tokens in the field of securities supervision. This concerns all market participants providing services related to tokens, dealing with tokens or publicly offering tokens.

In order to fully comply with any legal requirements, these market participants must give careful consideration to whether the tokens constitute a regulated instrument, for instance a financial instrument or a security. In cases of doubt, they should contact the competent BaFin divisions in good time.

The aim of the advisory letter is to inform affected market participants about the legal requirements that apply to them. From a regulatory point of view, ICO’s do not occur in a vacuum; depending on the features of the tokens, they are subject to the relevant supervisory requirements.

The advisory letter is not able to provide conclusive answers to all open questions about ICOs, however; the types of ICOs and tokens on the market are too diverse for that. Neither does it set out any regulatory framework designed specifically for ICOs. Such a framework can only be created by the legislature.

Definition: Initial coin offerings

Initial coin offerings (ICOs) are a new means of raising capital for enterprises. They are currently the subject of a great deal of interest from the public. In ICOs, blockchain technology is used to create new digital units, for example virtual currencies or tokens. These are then sold to interested investors, usually in an unregulated public bidding process.


The advisory letter is aimed at all market participants which conduct banking business, provide financial services or other services requiring authorisation, or publicly offer securities and/or capital investments in Germany.

The country in which the market participant concerned has its registered office is generally not relevant in this context. In Germany, the provision of regulated services is still subject to an authorization requirement even if the service provider targets the German market from abroad, for example via the internet. More detailed information on this can be found in the BaFin guidance notice regarding the licensing for conducting cross-border bankinbusiness and/or providing cross-border financial services.

Case-by-case assessment

The key message of the advisory letter is that BaFin assesses on a case-by-case basis whether a token constitutes a financial instrument within the meaning of the German Securities Trading Act (Wertpapierhandelsgesetz – WpHG – only available in German) or the Markets in Financial Instruments Directive (MiFID II), a security within the meaning of the German Securities Prospectus Act (Wertpapierprospektgesetz – WpPG – only available in German), or a capital investment within the meaning of the German Capital Investment Act (Vermögensanlagengesetz – VermAnlG – only available in German). Because of the large number of different token structures on the market, a general statement regarding their legal nature would be too sweeping. A supervisory classification is not possible without assessing all individual circumstances and features.

The decisive factor is which rights are associated with the respective token. A typological designation is not a determining factor, although a categorization – for example as an “investment token”, “utility token” or “payment token” – may give an initial indication of the token type. However, such a categorisation cannot replace a comprehensive, binding supervisory classification. The latter is based, instead, on the supervisory legislative act applicable in each case, for example the WpHGWpPGVermAnlG, the German Investment Code (Kapitalanlagegesetzbuch – KAGB – only available in German), the German Banking Act (Kreditwesengesetz – KWG – only available in German), the German Insurance Supervision Act (Versicherungsaufsichtsgesetz – VAG – only available in German), the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG – only available in German) and the Market Abuse Regulation (MAR). For each token, the requirements specified in each individual supervisory legislative act need to be assessed to determine whether the respective legislative act is applicable to the token. The advisory letter does not cover the German Safe Custody Act (Depotgesetz – DepotG – only available in German) or general civil law.

MiFIDThe classification of a token as a security or a financial instrument within the meaning of the WpHG or MiFID II determines which of the relevant capital market laws and EU regulations apply, for example the Market Abuse Regulation, which contains relevant requirements for the trading on secondary markets. However, under Article 2 of MAR, the token must be traded, or planned to be traded, on a trading venue covered by MAR for MAR to apply. Many tokens are only traded on cryptocurrency trading platforms in non-European countries. In Germany, if a token is to be classified as a collective investment undertaking, the KAGBapplies. Meanwhile, if it is classified neither as a security nor as a collective investment undertaking but as a capital investment within the meaning of the VermAnlG, the provisions under the VermAnlG apply to it.

The supervisory classification of a token by the securities supervision directorate does not depend on whether the token is a unit of account within the meaning of section 1 (11) sentence 1 no. 7 of the KWG. Units of account are not deemed financial instruments pursuant to section 2 (4) of the WpHG or MiFID II and are thus treated differently under this legislation than under the KWG. Conversely, not all tokens are automatically deemed units of account within the meaning of the KWG.

For a token to be classified as a security under supervisory law, the token is not required to be certificated, in that it is physically represented by a certificate or global note. It is sufficient if each holder of the token can be documented, for example by means of blockchain technology.

Measures in the case of violations

If applicable regulatory requirements are not complied with, this can result in BaFin  prohibiting the respective projects or business. In addition, such violations constitute, under certain circumstances, administrative offences which are punishable by the imposition of fines. If there are indications that a criminal offence has been committed, BaFin passes the matter on to the competent law enforcement authorities for criminal prosecution.