Clarifications on cryptoasset custody and distraction

(Translated by DeepL)

In recent years, staking services have proliferated, and with them the legal issues surrounding them. In order to clarify its practice, particularly with regard to the safekeeping of cryptoactives, FINMA has published Supervisory Notice 08/2023 on staking.

FINMA defines staking as the process of blocking cryptoassets at the staking address of a validation node in order to participate in the validation process of a blockchain based on the proof-of-stake mechanism. In return, participants receive rewards. The communication clarifies the interpretation of the laws (in particular art. 242a LP and art. 16 LB in connection with art. 37d LB) concerning the distinction between deposited assets protected in the event of bankruptcy and deposits exposed to the risk of insolvency. Generally speaking, retained cryptoassets can be considered by banks as deposited assets to be held off-balance sheet if these cryptoassets are kept at the customer’s disposal at all times. Otherwise, banks must carry retained cryptoassets on the balance sheet, as they represent deposits from the public.

As a reminder, FINMA mentions three types of custody of cryptoassets, namely (i) individual custody, (ii) collective custody with the customer’s share clearly determined, and (iii) collective custody without the customer’s share being determined. In the case of individual custody, no authorization under banking law is required. However, the custodian must comply with AMLA requirements. In the case of collective custody, where the customer’s share is clearly defined, authorization is required. Fintech authorization (cf. art. 1b BL) is sufficient, provided the conditions are met. If, on the other hand, the custodian holds the cryptoassets collectively without determining the customer’s share, a conventional banking license is required.

In its communication, FINMA essentially distinguishes between non-custodial staking – whereby customers retain exclusive control of the withdrawal keys, so that there is no third-party custody or acceptance of assets – and custodial staking, which combines chain staking and direct staking.

If an authorized institution delegates the staking operation to a third party (chain staking), it has a claim against the third-party provider. This claim could either be entered on the balance sheet as a claim against the third-party service provider, or treated as a fiduciary claim within the meaning of art. 16 ch. 2 BL and therefore as a deposited security, which implies the application by analogy of the SwissBanking guidelines on fiduciary investments. In the latter case, the staking service would require a fiduciary agreement with a specific trust mandate from the customer indicating the selection of cryptoactives and the quantities to be staked, while also informing of the risks. In addition, FINMA requires institutions (i) to limit counterparty risks by choosing institutions subject to prudential supervision, (ii) to guarantee in particular that the third-party provider does not operate without right, and (iii) to establish a digital assets resolution package for risk management. In the case of a foreign third-party provider, FINMA also requires that it be subject to prudential supervision in an equivalently regulated jurisdiction offering the same legal certainty as Switzerland with regard to the handling of deposited cryptoassets. With the latest international developments, such as the U.S Securities and Exchange Commission’s action against Coinbase, the question of compliance with the guarantees set out above may arise in the case of a staking chain with foreign providers.

In the case of direct staking, the authorized institution has direct access to the withdrawal keys needed to withdraw the blocked cryptoassets. In this case, diversion under art. 16 para. 2 of the Swiss Banking Act is out of the question. Nevertheless, in the absence of any legislative or case-law clarification as to whether the conditions of art. 242a para. 2 LP and art. 16 ch. 1bis LB are met, FINMA has provisionally adopted the following practice : in the event of bankruptcy, stashed cryptoassets must be segregated from the estate for the benefit of depositing clients in accordance with art. 37d LB in conjunction with art. 16 ch. 1bis LB. In addition, it is temporarily waiving compliance with the capital requirements for stashed cryptoassets subject to compliance with certain cumulative requirements, such as the existence of a specific customer instruction on the type and quantity of cryptoassets. For non-regulated players, FINMA considers that there is no authorization requirement as long as custodial direct staking is being carried out in the name and on behalf of clients. However, if cryptoassets are collected from several customers at one staking address, this service would involve collective custody, requiring authorization under banking law.

Although the communication does not provide answers to all the uncertainties associated with staking under Swiss law, it does at least highlight the risks associated with this activity and the considerations to be made when structuring a custodial staking project. The issue of cryptoasset custody and distraction will have to be examined in the light of the clarifications provided by the communication.