Belgium -- Custody Regulations Regulatory Overview

Belgium, as a member state of the European Union, has its digital asset custody regulations shaped by both national legislation and forthcoming EU-wide frameworks. The primary national regulator is the Financial Services and Markets Authority (FSMA).

Currently, the Belgian regulatory landscape for crypto custody is largely focused on Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) requirements. However, the comprehensive EU Markets in Crypto-Assets Regulation (MiCA) will significantly expand and standardize these rules across the EU, including Belgium, once fully implemented.

Current Belgian Regulatory Framework (Pre-MiCA)

Before MiCA fully comes into effect, the main regulatory requirement for crypto custody in Belgium stems from AML/CFT legislation.

1. Custodial License Requirements (Current):

• Requirement: Providers of "custodian wallet services" are required to register with the FSMA. This is not a full financial services license but an AML registration.
• Legal Basis: The Law of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash. Specifically, Article 5, §1, 37° designates "providers of custodian wallets" as entities subject to AML/CFT obligations.
• Regulator: Financial Services and Markets Authority (FSMA).
• Process: Registration involves providing information about the company, its management, shareholders, internal organization, and AML/CFT policies and procedures. The FSMA assesses the fitness and properness of management and shareholders and the adequacy of the AML/CFT framework.
• Reference:
  • FSMA page on registration for providers of exchange services between virtual currencies and fiat currencies and custodian wallet providers: https://www.fsma.be/en/registration-providers-exchange-services-between-virtual-currencies-and-fiat-currencies-and-custodian
  • Belgian Law of 18 September 2017 (in Dutch/French): Look for "Wet van 18 september 2017 tot voorkoming van het witwassen van geld en de financiering van terrorisme en tot beperking van het gebruik van contanten" on the Belgian official gazette (e.g., through Jurisquare or Justel).

2. Segregation of Client Assets Rules (Current):

• Explicit Rules for Crypto: The current AML Law of 2017 does not explicitly detail segregation rules specifically for crypto assets.
• Implicit Expectations: However, as entities subject to AML/CFT, registered custodian wallet providers are generally expected to adhere to sound business practices, which would imply the segregation of client assets from the firm's own operational assets to protect clients in case of insolvency or operational issues. This is a general principle of good governance and risk management in financial services.

3. Insurance/Bonding Requirements (Current):

• Explicit Requirements: There are no explicit national mandates for specific insurance or bonding requirements for crypto custodian wallet providers under the current AML framework.
• Implied: Prudent risk management would nevertheless encourage such providers to consider adequate insurance coverage.

4. Cold Storage Mandates (Current):

• Explicit Mandates: There are no explicit national mandates for the use of cold storage or specific percentages of assets to be held in cold storage under the current AML framework.
• Implied: Robust cybersecurity and operational risk management are expected, and the use of cold storage is generally considered a best practice for securing a significant portion of client digital assets. The FSMA would expect appropriate security measures as part of the operational risk assessment during registration.

5. Qualified Custodian Definitions (Current):

• Specific Definition for Crypto: The current Belgian framework does not define a "qualified custodian" specifically for digital assets beyond the "custodian wallet provider" designation under the AML Law. This designation focuses on AML/CFT compliance rather than broader financial regulatory standards.

Pending Custody Legislation (MiCA - Markets in Crypto-Assets Regulation)

The EU's MiCA Regulation (Regulation (EU) 2023/1114) will fundamentally change the regulatory landscape for crypto assets and related services, including custody, across all EU member states, including Belgium. MiCA is a directly applicable regulation, meaning it does not require transposition into national law, although national competent authorities (like the FSMA) will be responsible for its supervision.

MiCA fully applies to CASPs (Crypto-Asset Service Providers) from 30 December 2024.

1. Custodial License Requirements (Under MiCA):

• Authorization: Providers of "safekeeping and administration of crypto-assets on behalf of clients" will need to obtain authorization as a Crypto-Asset Service Provider (CASP) from their national competent authority (the FSMA in Belgium). This is a more comprehensive authorization than the current AML registration.
• Scope: MiCA defines "safekeeping and administration of crypto-assets on behalf of clients" as the activity of safeguarding or controlling crypto-assets or instruments giving access to crypto-assets on behalf of third parties.
• Requirements: CASPs will need to meet stringent organizational, operational, and prudential requirements, including having robust governance arrangements, internal control mechanisms, risk management procedures, and capital requirements.
• Reference:
  • Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114
  • Article 53 (General obligations for CASPs) and Article 67 (Specific obligations for providers of safekeeping and administration of crypto-assets on behalf of clients) are particularly relevant.

2. Segregation of Client Assets Rules (Under MiCA):

• Explicit Mandate: MiCA explicitly mandates the segregation of client assets.
• Details (Article 67(2)): Providers of safekeeping and administration of crypto-assets on behalf of clients must:
  • Enter into an agreement with their clients specifying their duties and responsibilities.
  • Keep records and establish accounts in their internal accounting systems that enable them to distinguish crypto-assets held on behalf of clients from their own crypto-assets and other clients' crypto-assets, and the funds of clients from their own funds.
  • Not use crypto-assets or funds held on behalf of clients for their own account.
• Reference: MiCA Regulation, Article 67(2).

3. Insurance/Bonding Requirements (Under MiCA):

• Specific Insurance: MiCA does not explicitly mandate a specific type or amount of insurance per se.
• Liability and Operational Risk: However, MiCA imposes liability on CASPs for losses incurred by clients due to their negligence or fraud. It also requires robust operational risk management, including cybersecurity, business continuity, and recovery plans. While not explicitly "insurance," these provisions require CASPs to manage risks that might typically be covered by insurance or equivalent capital.
• Reference: MiCA Regulation, Article 53 (General obligations), Article 54 (Prudential requirements), Article 67(6) (Liability for loss).

4. Cold Storage Mandates (Under MiCA):

• Explicit Mandates: MiCA does not mandate a specific percentage of crypto assets to be held in cold storage.
• Operational Requirements: However, it requires CASPs to have robust ICT systems and security protocols, effective security access protocols, and ensure the resilience and security of their services. This implicitly necessitates the use of secure storage solutions, including cold storage, as a key component of a robust risk management framework for safeguarding client assets.
• Reference: MiCA Regulation, Article 53 (General obligations), especially regarding operational resilience and security of ICT systems.

5. Qualified Custodian Definitions (Under MiCA):

• MiCA as the Standard: MiCA effectively defines what constitutes a "qualified custodian" for crypto assets by setting the comprehensive authorization, organizational, operational, and prudential requirements for "providers of safekeeping and administration of crypto-assets on behalf of clients." Any entity authorized under MiCA for this service will, by definition, meet the standard of a qualified custodian within the EU.
• Reference: MiCA Regulation, Chapter 5 (Authorization and operating conditions for CASPs), specifically Section 3 (Operating conditions for CASPs), and Article 67 (Specific obligations for providers of safekeeping and administration of crypto-assets on behalf of clients).

Summary:

Belgium currently requires crypto custodian wallet providers to register with the FSMA primarily for AML/CFT purposes. While this implies general good practice, it lacks specific detailed rules on asset segregation, insurance, or cold storage mandates.

Once MiCA fully applies (from December 2024), the regulatory landscape will become much more comprehensive. Belgian entities providing crypto custody services will need to obtain a full CASP authorization from the FSMA under MiCA, adhering to strict rules on client asset segregation, robust operational security, and liability, effectively establishing a clear framework for "qualified" crypto custodians in Belgium consistent with the broader EU approach.

Disclaimer: This information is for general informational purposes only and does not constitute legal advice. Cryptocurrency regulations are complex and subject to change. It is essential to consult with a legal professional specializing in financial services and cryptocurrency law for specific advice regarding compliance in Belgium.