Despite the strong corrections in the cryptocurrency markets after the peak in late 2017, there are various indicators suggesting that decentralized ledger technology (DLT) has come to stay. After the euphoria surrounding Initial Coin Offerings and Security Token Offerings in previous years, DLT has expanded its use cases far beyond cryptocurrencies and is now on the verge to become the key technology for the future issuance, transfer and management of digital assets.
1. Decentralized Finance and DLT Service Providers
There are currently two developments in the DLT ecosystem that have the potential to further drive user adoption. On the one hand, we see the advent of Decentralized Finance (DeFi), an ecosystem of decentralized financial services that allows users to borrow or lend money, participate in lotteries, manage their market risk by using derivatives, or trade digital assets without the need to rely on centralized entities or governing authorities. The services within the DeFi ecosystem are provided via decentralized applications (so called dApps) that are deployed on blockchain-based protocols such as Ethereum. The main goal of these applications is to build a censorship-free and more equitable financial landscape by focusing on transparency and making finance accessible to everyone. As these applications are decentralized, their use is generally not regulated by a contract and therefore associated with considerable risks.
On the other hand, there is a growing interest of the traditional financial services industry to provide services related to digital assets. In contrast to DeFi, these services are provided by legal entities which typically maintain contractual relationships with the users and often provide them with assurances or warranties (DLT Service Providers). The types of services offered by these DLT Service Providers vary greatly. While some DLT Service Providers limit their role to the development and operation of a technical infrastructure, other DLT Service Providers act as third-party intermediaries who maintain full control over digital assets on behalf of their users. One common feature of all DLT Service Providers, however, is that they want to bolster public confidence in DLT and its non-intuitive nature by lowering existing barriers to entry.
2. Custodial and Non-Custodial Wallet Solutions
2.1 Providing Access to Digital Assets
To provide their services and employ the unique features of DLT, most DLT Service Providers either build their own wallet solution or implement an existing wallet solution into their offering. These wallet solutions, or short wallets, are the gateways to the blockchain ecosystem and enable users to safeguard and access their digital assets. These wallets come in many forms any types. From a technical perspective, they can be any device, program or service that stores the public and private keys of one or more blockchain addresses and enables users to access the digital assets that are held on these addresses.
There are several aspects in which wallet solutions can differ from one another. While some wallet solutions focus on accessibility and ease of use, others put their emphasis on backup and security features. From a regulatory perspective, however, the most important question is whether the wallet is classified as a custodial or a non-custodial wallet solution:
- In a custodial wallet, the private keys of the blockchain addresses are held by the wallet provider. This means that the wallet provider has full control over the digital assets that are held on the blockchain address, while the user gives permission to sign transactions. Custodial wallets are comparable to bank accounts, where the funds are controlled by the bank, whereas the customers have a right to withdraw money and order payment transactions, provided that the funds are actually available.
- In a non-custodial wallet, the private keys of the blockchain address are held by the user. Since the provider of a non-custodial wallet does not have any access to the blockchain address, he cannot restore the access if the user forgets the password. This means that the user has full control over the funds and is solely responsible for their security.
2.2 Advantages of Custodial Wallet Solutions
At first sight, custodial wallet solutions seem to run counter to the ideals and promises of DLT, whose proponents have long propagated that digital assets do not need to be safeguarded by custodian banks any that users do not have to rely on intermediaries to transfer digital assets to someone else. However, in a decentralized ecosystem, users must know how to handle their private keys in order to access and interact with their digital assets. Private key handling is still one of the most intimidating components of DLT. After all, if the private key is lost, the power of disposal over the digital assets is lost as well.
To prevent a loss of access, many users prefer to rely on centralized institutions when it comes to the management of their digital assets. This seems to be particularly true for jurisdictions in which the users’ lack of confidence in their own technical abilities exceeds their distrust of centralized governmental and institutional service providers. As a consequence, custodial wallet solutions have become increasingly popular on the market. Traditional service providers are particularly well positioned to provide custodial wallet solutions, as they can often benefit from the reputation they have built and maintained over many years.
3. Regulatory Requirements for Wallet Solutions in Switzerland
When DLT Service Providers build their own wallet solution or implement an existing wallet solution into their service offering, the classification of the wallet is of great importance and has a decisive influence on how strictly the service provider is regulated under Swiss law.
3.1 Non-Custodial Wallets
The offering of non-custodial wallet solutions is currently not subject to Swiss financial market laws. However, while the distinction between custodial and non-custodial wallets appears straightforward, there are various pitfalls that can make an accurate regulatory qualification difficult. For example, in accordance with FINMA practice, a wallet solution is only considered as non-custodial if the DLT Service Provider has no power of disposal over the user’s private keys or the user’s digital assets and are not able to influence transactions from an commercial or legal point of view. This means that the legal analysis cannot stop at the technical setup but must also consider the contractual framework surrounding the services.
3.2 Custodial Wallets
If the wallet solution that is employed by the DLT Service Provider qualifies as a custodial solution, the offering may – depending on the setup chosen – be subject to a variety of financial market regulations, including the following:
- AML Regulations: If a DLT Service Provider acts as a financial intermediary regarding transactions of its users, it is subject to the Swiss Anti-Money Laundering Act (AMLA). This is for example the case if the DLT Services Provider provides services related to payment transactions or allows the users to exchange two types of digital assets that both qualify as means of payment under the AMLA. DLT Service Providers that qualify as financial intermediaries must join a self-regulatory organization (SRO) and comply with various due diligence obligations under the AMLA. These include the requirement to verify the identity of its users, establish the beneficial owner and to assure compliance with the travel rule, which calls for the DLT Service Provider to obtain, hold, and transmit originator and beneficiary information when transferring digital assets to or from another service provider on behalf of a user.
- Banking Regulations: Swiss banking regulations may be applicable if the digital assets held for the various users are not sufficiently segregated from one another to protect the user in case of a bankruptcy of the DLT Service Provider, or if the DLT Service Provider cannot profit from one of the exemption of the banking act (e.g. the Sandbox regime). Under the existing legal framework, the digital assets need to be individualized on-chain to avoid the requirement to obtain a banking or FinTech license. Under the new DLT regulations which just have been passed by the Swiss parliament (and which shall enter into force 2021), segregation off-chain is considered to be sufficient. This means that the on-chain pooling of digital assets without banking license will become possible if conducted in line with the new regulations.
- Financial Services Regulations: As long as the services of the DLT Service Provider are limited to custody per se, they are not covered by the Swiss Financial Services Regulations (FinSA). However, the DLT Service Provider might qualify as a financial service provider within the meaning of FinSA if the digital assets in custody qualify as financial instrument and can only be sold with the DLT Service Provider’s cooperation. In this case, the DLT Service Provider is subject to the code of conduct set forth in FinSA and must fulfil various information, documentation and accountability obligations.
- Financial Institutions Regulations: If a DLT Service Provider holds digital assets of users that qualify as financial instruments under FinSA and has the right to commercially dispose of these assets in the name and for the account of the users, the DLT Service Provider might qualify as an asset manager. This can be the case if the DLT Service Provider offers algorithmic trading services that make investment decisions for the users and convert digital assets based on a defined set of instructions (so called robo-advisors). DLT Service Provider that qualify as asset managers must obtain a corresponding license from the Swiss Financial Market Supervisory Authority FINMA and join a supervisory organization.
- Tax Obligations: Beside income tax and VAT consequences, it must also be checked whether the DLT Service Provider qualifies as a financial institution in the sense of the Automatic Exchange of Information (AIA) and Foreign Account Tax Compliance Act (FATCA). If this is the case, statutory registration and reporting requirements must be followed. Financial institutions in the sense of AIA and FACTA are, among others, depositary institutions. The term depositary means a legal entity whose business activity consists essentially of the custody of financial assets for the account of third parties.
- Cross-Border Obligations: If the DLT Service Provider plans to approach users from other jurisdictions, it must ensure that the services comply with applicable foreign regulations. For example, as of January 2020, DLT Service Provider are required to apply for a license in Germany if their services are also aimed at German customers.