Hungary -- Custody Regulations Regulatory Overview

Hungary, as a member state of the European Union (EU), operates within the framework of both national legislation and EU directives and regulations. The regulatory landscape for cryptocurrency and digital asset custody is currently in a transitional phase, moving from a primary focus on Anti-Money Laundering (AML) to comprehensive regulation under the EU's Markets in Crypto-Assets (MiCA) Regulation.

Here's a breakdown of the custody regulations in Hungary, distinguishing between the current state (largely AML-driven) and the future state under MiCA.

I. Current Regulatory Landscape (Pre-MiCA - Primarily AML/CTF Focused)

Currently, there is no specific, dedicated Hungarian law exclusively governing cryptocurrency custody. However, entities providing custodial services for crypto assets fall under existing AML/CTF (Anti-Money Laundering/Combating the Financing of Terrorism) legislation.

1. Custodial License Requirements (for AML Purposes):

• VASP Registration: Under the transposition of the EU's 5th and 6th Anti-Money Laundering Directives (AMLD5/AMLD6), custodial wallet providers are classified as Virtual Asset Service Providers (VASPs).
• Obligation: VASPs, including those offering custodial services, are required to register with, or be licensed by, the Hungarian Financial Supervisory Authority (primarily the Magyar Nemzeti Bank - MNB, the Central Bank of Hungary, which oversees financial market supervision) for AML/CTF purposes.
• Purpose of Registration: This registration primarily obliges the entity to comply with AML/CTF requirements, such as customer due diligence (KYC), transaction monitoring, and suspicious activity reporting, rather than specific operational custody rules.
• Regulatory Reference:
  • Act CXXXVI of 2013 on the prevention and combating of money laundering and terrorist financing (Pmtv.) – This is Hungary's primary AML law, amended to include virtual asset service providers.
  • While a direct URL to the specific VASP section in English might be hard to find, the official text is available through Hungarian legal databases. The MNB provides guidance on financial market supervision.
  • MNB (Magyar Nemzeti Bank) website: https://www.mnb.hu/en (Look for publications related to financial market supervision, AML, and virtual assets).

2. Segregation of Client Assets Rules:

• There are no specific, explicit statutory rules under current Hungarian law specifically for the segregation of client crypto assets from the custodian's own assets.
• However, general civil law principles, fiduciary duties, and good business practices would strongly suggest and often require such segregation to protect client interests in case of insolvency or operational issues.

3. Insurance/Bonding Requirements:

• No specific, explicit statutory insurance/bonding requirements for crypto custodians beyond general business insurance that any company would hold.
• The emphasis is on AML compliance rather than prudential requirements for asset safeguarding.

4. Cold Storage Mandates:

• No specific, explicit mandates for the use of cold storage (offline storage of private keys) under current Hungarian law.
• However, industry best practices and general requirements for secure IT systems and risk management would naturally lead reputable custodians to employ cold storage or a hybrid approach.

5. Qualified Custodian Definitions:

• No formal legal definition of a "qualified custodian" specifically for crypto assets under current Hungarian law.
• The designation of a VASP for AML purposes doesn't equate to a "qualified custodian" in the sense of stringent operational and prudential requirements.

II. Future Regulatory Landscape (Under MiCA - Markets in Crypto-Assets Regulation)

The EU's Markets in Crypto-Assets (MiCA) Regulation (Regulation (EU) 2023/1114) will significantly transform the regulatory landscape for crypto-asset service providers (CASPs), including custodians, across the EU, including Hungary. MiCA is a directly applicable EU regulation, meaning it does not require transposition into national law, although national competent authorities (like the MNB in Hungary) will be responsible for its implementation and supervision.

MiCA entered into force on June 29, 2023. Most provisions concerning CASPs (including custody) will apply from December 30, 2024.

1. Custodial License Requirements:

• Authorization as a CASP: Under MiCA, any entity providing "custody and administration of crypto-assets on behalf of third parties" will be classified as a Crypto-Asset Service Provider (CASP) and will require prior authorization by a national competent authority (in Hungary, this will be the MNB).
• Scope: This authorization is comprehensive and covers specific operational, organizational, and prudential requirements, going far beyond mere AML registration.
• Regulatory Reference:
  • Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (MiCA).
  • EUR-Lex Link: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114
  • Specifically, refer to Article 53 ("Authorisation of crypto-asset service providers") and Title V (Articles 59-67) ("Operating conditions for crypto-asset service providers").

2. Segregation of Client Assets Rules:

• Explicit Mandate: MiCA explicitly requires CASPs providing custody services to make adequate arrangements to safeguard the ownership rights of clients, particularly in the event of the CASP's insolvency.
• Key Requirements (Article 67):
  • Keep client crypto-assets and funds separate from their own crypto-assets and funds.
  • Maintain records and accounts that allow for the immediate segregation of client crypto-assets and funds from own assets and from those of other clients.
  • Return client crypto-assets and funds without undue delay upon their request.
• Regulatory Reference: MiCA Regulation, Article 67 ("Operating conditions for the custody and administration of crypto-assets on behalf of third parties").

3. Insurance/Bonding Requirements:

• Prudential Safeguards: MiCA mandates specific prudential requirements for CASPs.
• Key Requirements (Article 67 & 60):
  • CASPs offering custody services must have professional indemnity insurance covering specific risks (e.g., loss of private keys, operational errors, security breaches) or hold sufficient own funds to cover potential liabilities. The amount depends on the risks covered and is subject to detailed regulatory technical standards.
  • This is a significant change, introducing a financial safety net for clients.
• Regulatory Reference: MiCA Regulation, Article 67 and Article 60 ("Prudential requirements for crypto-asset service providers").

4. Cold Storage Mandates:

• Indirect Mandates via Security & Operational Requirements: While MiCA doesn't explicitly mandate "cold storage" by name, its stringent requirements for security and operational resilience effectively push custodians towards such solutions.
• Key Requirements (Article 67 & 59):
  • CASPs must establish, implement, and maintain a sound resilient technological infrastructure and security procedures for the safekeeping of client crypto-assets.
  • They must establish a policy for the safekeeping of crypto-assets, including private keys, which includes clear procedures, access rights, and recovery measures.
  • Implement robust internal control mechanisms to ensure the integrity and security of client crypto-assets.
• These requirements strongly imply the necessity of highly secure, often offline, solutions for managing private keys.
• Regulatory Reference: MiCA Regulation, Article 67 and Article 59 ("Organisational requirements for crypto-asset service providers").

5. Qualified Custodian Definitions:

• Under MiCA, an entity that successfully obtains authorization as a CASP to provide "custody and administration of crypto-assets on behalf of third parties" will effectively be the "qualified custodian" in the EU framework.
• This authorization confirms compliance with the stringent requirements outlined in MiCA regarding capital, organization, operational resilience, and client asset protection.
• Regulatory Reference: MiCA Regulation, Article 3 (Definitions), Article 53 (Authorization), and Article 67 (Operating conditions for custody).

6. Pending Custody Legislation:

• The MiCA Regulation is the key piece of "pending" (now enacted but not fully applicable) legislation that will fully regulate crypto asset custody in Hungary and across the EU.
• The MNB will be responsible for granting the necessary CASP authorizations and overseeing compliance with MiCA in Hungary.

Summary and Key Differences:

Disclaimer: This information is for general informational purposes only and does not constitute legal, financial, or professional advice. The regulatory landscape is complex and evolving. Individuals and businesses should consult with qualified legal professionals in Hungary or specializing in EU financial regulation for specific advice regarding their particular circumstances.