What is the licence for crypto asset custody service?
The crypto asset custody license is defined as the business model whereby a third party takes possession of the digital asset in order to safeguard and keep it secure. Custodians, through a minimal set of activities or services, protect users’ private keys that grant access to funds stored in cryptocurrency wallets.
In essence, digital asset custodians do not technically store the assets themselves, as they are purely virtual, and all data and transactions are recorded on the blockchain. What they safeguard are the private keys that provide control over the assets.
What is the license that allows the custody of crypto assets in Spain?
The VASP license is a permit granted by regulatory authorities that enables companies to register and operate as providers of cryptocurrency custody services. The purpose of this license is to protect end-users and regulate cryptographic trading activities.
This registration does not authorize the company to engage in activities or provide services reserved by regulations for certain entities subject to prior administrative authorization or registration in another registry.
Entities obligated to apply for the VASP license are individuals or entities that provide services for the custody of private cryptographic keys on behalf of their clients, for the holding, storage, and transfer of virtual currencies.
CONTACT US AND LET’S TALK WE ARE Lawyers specialized in FinTech, Blockchain and crypto assets
Where is the registry of cryptocurrency custody service providers regulated?
“Real Decreto” (Decree Law) 7/2021, of April 27, amends anti-money laundering Law 10/2010, of April 28, and its “Reglamento” approved by “Real Decreto” (Decree Law) 304/2014, of May 5.
The Anti-Money Laundering and Counter-Terrorist Financing Law 10/2010, of April 28, is responsible for referring to the VASP license in the second additional provision by regulating the registry of providers of electronic wallet custody services.
According to the mentioned regulations, any company providing electronic wallet custody services must register if they are:
• Individuals and legal entities, regardless of their nationality, offering or providing electronic wallet custody services in Spain.
• Individuals whose base, address, or management of these activities is located in Spain, regardless of the location of the service recipients.
• Legal entities established in Spain, providing these services regardless of the location of the recipient.
How to apply for the crypto asset custody license in Spain?
In order to apply for the crypto asset custody license, it is necessary to register with the Bank of Spain as a provider of electronic wallet custody services. This registration can be done electronically (mandatory for legal entities), by postal mail, or in person at the General Registry of the Bank of Spain or any of its branches, which is exclusively available for legal entities.
The obligation to register in this registry applies to all individuals or legal entities providing electronic wallet custody services, regardless of whether they are also registered in other administrative registries at the Bank of Spain or other competent authorities.
Registration in the registry is conditional on compliance with the provisions of Law 10/2010, of April 28, as well as the existence of appropriate procedures and bodies for the prevention of money laundering and terrorist financing, and compliance with the requirements of commercial and professional integrity.
Once the license is applied for and the form is submitted, the decision-making authority rests with the Bank of Spain within three months from the receipt of the application.
What requirements are needed for registration in the Bank of Spain’s registry?
The second additional provision of Law 10/2010, dated April 28, states: Registration in the registry will be conditioned on the existence of adequate procedures and bodies for prevention as provided in this law, and compliance with the requirements of commercial and professional integrity in accordance with article 30 of Royal Decree 84/2015, dated February 13, which develops Law 10/2014, dated June 26, on the organization, supervision, and solvency of credit institutions. Failure to meet the requirements of integrity will result in the loss of registration in the registry.
Regarding the requirements of commercial and professional integrity, the first paragraph of the mentioned article 30 states: Commercial and professional integrity required under article 24 of Law 10/2014, dated June 26, will be present in those who have consistently demonstrated personal, commercial, and professional conduct that leaves no doubt about their ability to carry out a sound and prudent management of the entity.
To assess the presence of commercial and professional integrity, all information must be considered, including:
a) The track record of the individual in question in their relationship with regulatory and supervisory authorities.
b) Convictions for the commission of crimes or offenses and sanctions for the commission of administrative offenses, taking into account:
– The intentional or reckless nature of the crime, offense, or administrative infraction.
– Whether the conviction or sanction is final or not.
– The severity of the imposed conviction or sanction.
– The characterization of the acts that led to the conviction or sanction.
– Whether the acts that led to the conviction or sanction were done for personal gain or to the detriment of the interests of third parties whose administration or business management had been entrusted to them, and, if applicable, the relevance of the facts.
– The prescription of illicit acts or the extinction of criminal liability.
– The existence of mitigating circumstances and the subsequent conduct since the commission of the crime or infraction.
– The repetition of convictions or sanctions for crimes, offenses, or infractions.
c) The existence of relevant and well-founded investigations, both in the criminal and administrative fields, for acts against property and socioeconomic order, money laundering, against public finance or Social Security, or for violations of banking, insurance, or consumer protection regulations.
What documentation is required to apply for the crypto asset custody license?
To apply for the crypto asset custody license, it will be necessary to submit a series of specific documents to demonstrate that the company complies with the requirements established by regulatory authorities.
• Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Prevention Manual: The obligation to carry out a detailed description of the functioning of internal control bodies for anti-money laundering. An internal control body (OCI) must be established responsible for implementing policies and procedures. Additionally, a representative must be appointed before the SEPBLAC (Financial Intelligence Unit of the Bank of Spain, ultimately responsible for approving the registration of the applying entity) to ensure compliance with information obligations.
• Risk Analysis Report: To identify and assess risks related to money laundering and terrorist financing, concluding with a preliminary overall assessment of the risk level.
• Registration Form for Custody Service Providers.
• Complete the suitability assessment form for the applying legal entity, as well as for the individuals effectively leading the entity, signed by each of them. A negative criminal record certificate must be provided for both the legal entity and each individual holding a managerial position in the entity.
The certificate must be issued no more than three months before its submission.