On 20 December 2023, the Federal Financial Market Supervisory Authority (FINMA) published its Guidance on staking (Guidance), which contains a description of various types of staking, and includes the risks, the supervisory treatment, and the legal consequences for this act.
Following FINMA's Guidance, staking can be described as the process of blocking native crypto-assets at the staking address of a validator node (i.e. validator) in order to participate in a blockchain validation process based on a proof-of-stake consensus mechanism. In return, participants earn rewards for staking crypto-assets. This general description is typically common to all proof-of-stake mechanisms even if they may have differences in the implementation of the staking process, such as sanction mechanisms for non-compliance (i.e. slashing, or specific exit/lock-up periods).
Type of staking: custodial vs non-custodial
FINMA distinguishes between two main forms of staking:
- Custodial staking: the customer transfers the crypto-assets to a third party. Custodial staking can be divided into two sub-categories: direct staking and staking chain:
- in direct staking, the service provider controls the validator node (via direct operation or via technical outsourcing), but retains the withdrawal keys to return the staked crypto-assets to the customers;
- in staking chain, the crypto-assets are passed on by the service provider, who maintains the customer relationship to one or more other providers who operate the validator node and hold the withdrawal keys.
- Non-custodial staking: the customers maintain exclusive control over the withdrawal keys and there is no custody or acceptance of crypto-assets by third parties.
Risks entailed by staking
According to FINMA, staking includes these three main risks:
- technical risk in case of a malfunction of the staking process;
- counterparty risk in case of bankruptcy, in particular if the custody or the staking is outsourced abroad; and
- market risk given it may not be possible to sell staked crypto-assets at the right point in time, particularly in the event of a volatile period if the unstaking process includes a lock-up/exit period.
The analysis of these risks is useful as it allows FINMA to consider the application of the relevant rules in view of protecting customers and ensuring the integrity of the financial markets, which are two of the missions defined by the legislator in the Federal Act on the Swiss Financial Market Supervisory Authority.
Supervisory treatment
Licensing regimes in general
According to FINMA, based on the Banking Act (BA), holding payment tokens in a collective account with clearly determined customer shares (i.e. clear customer shares) requires a banking licence, unless the payment tokens are held in "readiness at all times". In such a case, a FinTech licence would be sufficient for this kind of custody. On contrary, this means that if such "readiness" cannot be provided by the relevant service provider, a banking licence will be required. A full banking licence will also be required in case of collective accounts without clear customer shares.
A banking licence is not required for individual custody of payment tokens held in "readiness at all times". Such custodians remain, however, subject to anti-money laundering rules and regulations and must become members of self-regulatory organisations for anti-money laundering purposes (SRO).
Accounting treatment and prudential requirements for banks
An important question for banks is the regulatory categorisation of the crypto-assets: "off-balance sheet" custody assets (i.e. client deposits) do not consume regulatory capital contrary to "on-balance sheet" assets (i.e. public deposits). According to FINMA, a prerequisite for qualifying crypto-assets as "off-balance sheet" custody assets is that they are held in "readiness at all times" for customers.
In the case of collective custody of crypto-assets, a further condition to qualify as off-balance sheet assets is that custody account holders' shares in the collective assets are clear, for instance by means of an internal register that allocates the crypto-assets to each customer without ambiguity and enables them to be segregated.
It should be recalled here that for crypto-assets that a bank holds as deposited assets for depositing customers (i.e. "off-balance sheet"), FINMA may, however, in individual cases set a maximum amount if it deems this necessary in view of the risks associated with the activities concerned.
Own account vs client staking
According to FINMA, if the custodian carries out staking on its own account, crypto-assets that are staked on the custodian’s own account cannot be segregated in the event of bankruptcy and trigger capital requirements for banks.
If the staking is carried out on behalf of customers for the customers' account, FINMA is of the view that the legal position is uncertain. This means that the exact staking mechanism of the blockchain concerned needs to be analysed based on its own features on a case-by-case basis.
Staking without lock-up or sanction mechanisms
For FINMA, without lock-up periods, slashing or similar restrictions on access, the "readiness" is ensured, and crypto-assets are available to the customer at all times, and can, thus, be segregated.
However, if the staking involves a risk of slashing and/or a lock-up/exit period, while the provider retains the power of disposal over the withdrawal keys, FINMA points out that there are for the time being no international recommendations and no relevant precedents as to whether such staked crypto-assets still meet the criterion of being held in "readiness at all times". In such a situation, it is unclear whether the crypto-assets can be returned at any time.
Legal consequences for direct staking, staking chain and individual direct staking
Direct staking
In direct staking, the service provider generally performs the staking itself. This also means that it has generally the power of disposal over the withdrawal keys to return the crypto-assets to customers. As a result, segregation in accordance with the BA does not apply in such a case. Furthermore, according to FINMA, there is legal uncertainty about whether the requirement of being held in "readiness at all times" within the meaning of the Debt and Bankruptcy Enforcement Act and BA is met.
Due to the current unclear legal position, FINMA will not require banks to meet the capital requirements for staked crypto-assets, provided all of the following conditions are met:
- the customer has given a specific instruction about the type and number of crypto-assets to be staked;
- appropriate measures have been taken to ensure that the crypto-assets placed on a particular validator and withdrawal address after unstaking can be allocated without ambiguity to the customer;
- the customer is informed transparently and clearly of all risks involved by staking;
- appropriate steps are taken to mitigate the risks of operating a validator node (including business continuity management) to avoid slashing and other penalties; and
- a Digital Assets Resolution Package (DARP) is prepared (and updated on a regular basis) to ensure adequate risk management.
If all of these requirements are met, FINMA is of the view that the staked crypto-assets can be considered segregated and returned to the customers.
Staking chain
From an accounting perspective, in case of a staking chain, the service provider has a claim on the third-party provider. This claim can either be recognised "on the balance sheet" as a claim on the third-party provider or, if certain conditions are met, as a fiduciary claim, which can, thus, be qualified as a custody asset (i.e. "off-balance sheet").
According to FINMA, the recognition of a fiduciary claim requires the application by analogy of the Swiss Banking Directives on fiduciary investments issued by the Swiss Bankers Association, which means that a fiduciary agreement with a specific fiduciary mandate from the customer including the selection of the crypto-assets and the amount should be in place, including a comprehensive risk disclosure, particularly regarding slashing and any lock-up/exit period.
In addition, FINMA considers that the service provider should ensure that the following requirements are met to consider such a fiduciary claim as a "genuine" custody asset:
- limitation of the counterparty risks by selecting a third-party provider subject to prudential supervision with a good credit standing, or the subsidiary of a consolidated and prudentially supervised financial group with a good credit standing;
- ensuring by means of a specific due diligence that:
- the third-party provider is not conducting business on an unauthorised basis;
- the third-party provider holds the relevant withdrawal keys itself. If the third-party provider uses another provider, the service provider must verify that the mitigation measures have an equivalent effect;
- the third-party provider records the validator addresses on which it holds the custodians' crypto-assets and informs the custodian of the same;
- the third-party provider has taken all necessary measures to limit operational risks relating to the operation of the validator node, and to ensure business continuity; and
- if third-party providers outside Switzerland are used, they must be subject to prudential supervision in a jurisdiction with equivalent regulation, in which there is the same legal certainty as in Switzerland regarding the treatment of crypto-assets held in custody under bankruptcy law and undergo a due diligence, which includes the requirements listed above for providers based within Switzerland.
- preparation (and regular updating) of a DARP to ensure adequate risk management.
Direct staking by unlicensed market participants
If unlicensed market participants provide custodial direct staking services commissioned by customers for their own account, FINMA will assume that there is no requirement to obtain a banking licence. Anti-money laundering rules and regulations remain applicable, including SRO affiliation.
The foregoing service presupposes that:
- the staked payment tokens continue to be held in individual custody in direct staking or in other words, (i) there is a separate and assignable blockchain address for each customer at the levels of the original custody, staking and withdrawal addresses, and (ii) the provider holds the withdrawal keys itself;
- no collective custody of payment tokens via a single staking address must be used in the process of collecting the relevant crypto-assets (otherwise a banking licence is generally required).
Outlook
This new FINMA Guidance offers a detailed perspective on FINMA practices and interpretation of current regulations to market participants (whether they are regulated or not). This initiative is to be welcomed, and once again demonstrates the pioneering role FINMA is playing in the crypto-asset space.
For more information on Banking and FinTech regulations in Switzerland, contact your CMS client partner or local CMS experts.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.