Liechtenstein -- Custody Regulations Regulatory Overview

Liechtenstein has been a pioneer in regulating the blockchain and digital asset space with its landmark Tokens and TT Service Providers Act (TVTG), often referred to as the "Blockchain Act," which came into force on January 1, 2020. This act provides a comprehensive framework for various types of blockchain-related services, including custody.

The Financial Market Authority (FMA) Liechtenstein is the supervisory authority responsible for enforcing the TVTG.

Here's a breakdown of the cryptocurrency/digital asset custody regulations in Liechtenstein:

1. Custodial License Requirements

The TVTG introduces the concept of a "TT Service Provider," which requires a license from the FMA. Specifically for custody services, the relevant designation is a "TT Custodian."

• Definition of TT Custodian: According to Art. 4 para. 1 lit. e TVTG, a TT Custodian is "a service provider who holds tokens in custody for third parties and provides services for the safeguarding of private keys or other means of access to tokens."
• Licensing Process: Any entity wishing to act as a TT Custodian must obtain prior authorization from the FMA. The requirements for obtaining a license as a TT Service Provider are outlined in Articles 12-17 of the TVTG and include:
  • Proper Organization: The applicant must have an appropriate organizational structure, including robust internal controls, IT security, and risk management systems.
  • Qualified Management: The members of the board of directors and executive management must be "fit and proper," demonstrating professional qualifications, experience, and integrity.
  • Reliable Business Plan: A detailed business plan outlining the services, operational procedures, and risk assessments must be submitted.
  • Minimum Capital Requirements: As per Art. 17 TVTG, TT Service Providers, including TT Custodians, must have a minimum capital of CHF 100,000. The FMA may require higher capital based on the scope and risk of the services provided.
  • AML/CFT Compliance: Robust measures for combating money laundering and terrorist financing are mandatory, aligning with Liechtenstein's adherence to international standards (e.g., FATF recommendations).

Regulatory Reference:

• Tokens and TT Service Providers Act (TVTG) - Art. 4(1)(e), Art. 12-17:
  • https://www.gesetze.li/lilex/index.jsp?version=2&form=gesetz&id=255740445 (Official German version)
  • (Unofficial English translations are available from various legal firms, but the German text is binding.)

2. Segregation of Client Assets Rules

The TVTG places a strong emphasis on the protection of client assets. While not explicitly dictating separate blockchain addresses for each client in the law, it establishes a duty of care that practically mandates robust segregation.

• Duty of Care Regarding Third-Party Tokens: Art. 23 TVTG stipulates that a TT Custodian must take all necessary measures to protect the tokens against loss, theft, or misuse, and to ensure that they can always be identified and returned to the respective owner.
• Identification and Return: This implicitly requires that the custodian must be able to clearly distinguish client assets from their own assets and from the assets of other clients. In practice, this leads to the implementation of technical and organizational measures for segregation, such as separate omnibus wallets per client or a sophisticated internal ledger system that tracks individual ownership within shared wallets, coupled with a robust reconciliation process.
• Insolvency Protection: The segregation of client assets ensures that in the event of the custodian's insolvency, client assets are not part of the insolvency estate and can be returned to their rightful owners.

Regulatory Reference:

• Tokens and TT Service Providers Act (TVTG) - Art. 23:
  • https://www.gesetze.li/lilex/index.jsp?version=2&form=gesetz&id=255740445

3. Insurance/Bonding Requirements

The TVTG does not explicitly mandate a specific insurance policy or bond for TT Custodians in the same way some jurisdictions might. Instead, the focus is on a combination of:

• Minimum Capital Requirements: As mentioned, TT Custodians must hold a minimum capital of CHF 100,000, which acts as a buffer against operational risks.
• Robust Risk Management: TT Service Providers are required to establish a sound risk management framework (Art. 13 para. 1 lit. c TVTG), which includes identifying, assessing, and mitigating risks associated with custody, including potential losses from cyber-attacks, operational errors, or theft. While not explicitly an insurance mandate, adequate risk management could lead a custodian to secure insurance coverage as a best practice to protect against certain risks.
• FMA Discretion: The FMA, during the licensing process or ongoing supervision, has the authority to impose additional conditions or requirements if deemed necessary to ensure the protection of clients and the stability of the financial market.

Regulatory Reference:

• Tokens and TT Service Providers Act (TVTG) - Art. 13(1)(c), Art. 17:
  • https://www.gesetze.li/lilex/index.jsp?version=2&form=gesetz&id=255740445

4. Cold Storage Mandates

The TVTG does not prescribe specific technological solutions like "cold storage" (offline storage of private keys) versus "hot storage" (online storage). Instead, it adopts a technology-neutral, principle-based approach.

• Security Measures: Art. 23 TVTG requires TT Custodians to implement "appropriate measures to protect the tokens against loss, theft or misuse." This broad requirement implies that custodians must employ state-of-the-art security practices suitable for the digital assets they hold.
• Risk-Based Approach: For significant holdings, industry best practices for security almost universally involve some form of cold storage, multi-signature schemes, hardware security modules (HSMs), and robust key management policies. The FMA expects custodians to adopt a risk-based approach to security, meaning the higher the value and risk, the more stringent the security measures.
• IT Security Policy: As part of the organizational requirements and risk management framework, custodians must have comprehensive IT security policies that address the entire lifecycle of private keys and access means.

Regulatory Reference:

• Tokens and TT Service Providers Act (TVTG) - Art. 23:
  • https://www.gesetze.li/lilex/index.jsp?version=2&form=gesetz&id=255740445

5. Qualified Custodian Definitions

In Liechtenstein, the term "Qualified Custodian" is generally synonymous with a licensed "TT Custodian" under the TVTG.

• FMA Authorization: A TT Custodian is "qualified" by virtue of having obtained the necessary authorization from the FMA. This licensing process ensures that the entity meets the rigorous standards set out in the TVTG regarding capital, management, organization, and operational integrity.
• Definition: As reiterated from Art. 4(1)(e) TVTG: "a service provider who holds tokens in custody for third parties and provides services for the safeguarding of private keys or other means of access to tokens."
• The FMA's role is to ensure that these entities are capable, reliable, and compliant with all regulatory requirements, thereby making them "qualified" to provide custody services.

Regulatory Reference:

• Tokens and TT Service Providers Act (TVTG) - Art. 4(1)(e), Art. 12-17:
  • https://www.gesetze.li/lilex/index.jsp?version=2&form=gesetz&id=255740445
• FMA Liechtenstein Website (General Information on TVTG):
  • https://www.fma-li.li/en/financial-market/tvtg-blockchain-act.html

6. Pending Custody Legislation

Liechtenstein, as a member of the European Economic Area (EEA) via its customs union with Switzerland and its membership in the EEA Agreement, will be significantly impacted by the EU's Markets in Crypto-Assets (MiCA) Regulation.

• MiCA Implementation: MiCA is a comprehensive EU regulation for crypto-assets that will become fully applicable in phases, with most provisions for crypto-asset service providers (CASPs) applying from December 30, 2024.
• Impact on Liechtenstein: As an EEA member, Liechtenstein will be required to transpose MiCA into its national law. This means that while the TVTG currently governs digital asset custody, Liechtenstein's legislation will need to be adapted to align with MiCA's requirements.
• Key MiCA Custody Requirements: MiCA introduces specific and often more stringent requirements for CASPs providing custody and administration of crypto-assets on behalf of clients, including:
  • Higher Minimum Capital Requirements: MiCA may impose higher and more granular capital requirements depending on the type and scale of services.
  • More Detailed Segregation Rules: While TVTG already mandates segregation, MiCA further clarifies and strengthens these provisions.
  • Robust Operational Requirements: Detailed rules on IT security, business continuity, outsourcing, and safeguarding client crypto-assets.
  • Specific Recovery Plans: Requirements for plans to return assets in case of operational failure.
  • Liability Regime: CASPs will be liable to clients for loss of crypto-assets due.
  • Insurance/Guarantees: MiCA Article 67 specifies that a custodian must have either a prudential safeguard in the form of own funds (minimum €125,000 or 0.2% of assets held, whichever is higher) or an insurance policy or comparable guarantee.
• Timeline: The FMA Liechtenstein is actively involved in the process of adapting national law to align with MiCA. This transposition will be the primary "pending" legislative activity impacting crypto custody in Liechtenstein in the near future.

Regulatory Reference:

• Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA):
  • https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114
• FMA Liechtenstein - Information regarding MiCA:
  • The FMA regularly publishes updates on its website regarding its work on MiCA implementation. https://www.fma-li.li/en/ (Check news and publications sections for specific updates).

Disclaimer: This information is for general informational purposes only and does not constitute legal advice. For specific legal advice regarding cryptocurrency custody regulations in Liechtenstein, it is essential to consult with a qualified legal professional.