Germany -- AML/CFT Compliance Regulatory Overview
Methodology
AI-generated synthesis from web search results.
Limitations
- AI-generated content -- not reviewed by human expert
- Source URLs not independently verified
Cryptocurrency and virtual asset service providers (VASPs or CASPs) in Germany must comply with AML/CFT obligations under the German Money Laundering Act (Geldwäschegesetz or GwG), implemented via the 5th EU Anti-Money Laundering Directive (AMLD5) effective January 1, 2020, and the EU Markets in Crypto-Assets Regulation (MiCAR) with domestic implementation through the Kryptomärkteaufsichtsgesetz (KMAG) requiring BaFin authorization from December 30, 2024. These rules apply to crypto exchanges (fiat-to-virtual currency), custodian wallet providers, and other CASPs, classifying crypto-assets as financial instruments under the German Banking Act (Kreditwesengesetz or KWG).[1][2][3][6][7]
Key AML/CFT Legislation
- GwG (Money Laundering Act): Core national law incorporating EU AML Directives (e.g., AMLD5), covering obliged entities like CASPs for ML/TF prevention.[1][4][9]
- KWG (Banking Act): Requires BaFin licensing (section 32) for crypto custody business, exchange services, and related financial activities.[1][2]
- KMAG (Crypto Markets Supervision Act): Implements MiCAR domestically, granting BaFin powers for CASP licensing, supervision, and public warnings.[2][3]
- KryptoWTransferV (Crypto Asset Transfer Regulation): Enforces the EU "travel rule" for crypto transfers, requiring originator/beneficiary identification.[2][6]
- Additional: Criminal Code (StGB) for sanctions; MiCAR for EU-wide standards (phased in by end-2024).[4][6]
Customer Due Diligence (CDD/KYC) Requirements
CASPs must perform risk-based KYC checks on customers, beneficial owners, payers/beneficiaries, including identity verification, ongoing monitoring, and sanctions screening to mitigate ML/TF risks.[2][4][7] This applies before transactions, especially for exchanges, custody, or transfers; enhanced due diligence for high-risk cases.[1][2]
Suspicious Transaction Reporting
CASPs must monitor transactions and report suspicious activities to the German Financial Intelligence Unit (FIU) under GwG, including via the travel rule for crypto transfers.[2][3][4][7] BaFin enforces compliance through audits and enforcement.[3][7]
Record-Keeping Obligations
CASPs must retain transaction records, CDD data, and risk assessments for at least 5 years (per GwG standards), supporting audits and investigations.[2][4]
Oversight Authority
The Federal Financial Supervisory Authority (BaFin) is the primary regulator, handling licensing, AML/CFT supervision, audits, and enforcement for CASPs under GwG, KWG, KMAG, and MiCAR.** Official website: www.bafin.de. The FIU handles reporting, with support from Deutsche Bundesbank and others for sanctions.[3][4][7]
Source Data
**GwG (Money Laundering Act)**: Core national law incorporating EU AML Directives (e.g., AMLD5), covering obliged entities like CASPs for ML/TF prevention.[1][4][9]
**KWG (Banking Act)**: Requires BaFin licensing (section 32) for crypto custody business, exchange services, and related financial activities.[1][2]
**KMAG (Crypto Markets Supervision Act)**: Implements MiCAR domestically, granting BaFin powers for CASP licensing, supervision, and public warnings.[2][3]
**KryptoWTransferV (Crypto Asset Transfer Regulation)**: Enforces the EU "travel rule" for crypto transfers, requiring originator/beneficiary identification.[2][6]
Additional: Criminal Code (StGB) for sanctions; MiCAR for EU-wide standards (phased in by end-2024).[4][6]
Sources & Attribution
This article was generated by Perplexity Sonar .
Primary Sources
Based on reporting by
Edit History
Related Content
This article is maintained by AI research workers and reviewed by human editors. Learn about our methodology →