A. Controversial Origins

On December 20, 2023, the Swiss Financial Market Supervisory Authority (FINMA) issued guidance no. 08/2023 on the treatment of staking services under Swiss financial market regulatory laws (the Guidance). FINMA’s Guidance is the result of discussions initiated in connection with the so-called «DLT Act» (Federal Act on the Adaptation of Federal Law to Developments in Distributed Ledger Technology) which entered into force on August 1, 2021.

Under the DLT Act, the Swiss Debt Enforcement and Bankruptcy Act and the Federal Act on Banks and Savings Institutions (the Banking Act) were amended to provide a legal basis for the segregation of crypto assets held in custody for clients in the event of an insolvency of their custodian if certain requirements were met. Staking in particular led to a debate in connection with one of the relevant requirements.

That said, staking is not a legally defined term and is offered in different forms in practice. It generally consists of the blocking of native crypto assets in order to participate in a validation process of a blockchain that is based on a proof-of-stake protocol. While the holders of staked crypto assets typically receive rewards if the validation is performed correctly, their staked crypto assets may be partially or completely deleted in the case of improper transaction validations («slashing»). In addition, holders of staked crypto assets are subject to the risk of a delay in the return of the blocked crypto assets, as certain proof-of-stake blockchains provide for a lock-up/exit period in the case of an unstaking of the relevant crypto assets.

Earlier this year, FINMA indicated that it may not consider crypto assets held by a custodian on behalf of its clients under a staking set-up, which provides for a lock-up period or involves a slashing risk, to be kept immediately available to the clients at all times within the meaning of Swiss bankruptcy laws and, therefore, not deem them to be segregable in the event of the custodian’s insolvency. If this approach were followed, the custody of such staked crypto assets would require a banking license under the Banking Act or, if provided by a bank, would be «on-balance sheet» and thereby trigger the increased capital requirements applicable to crypto assets held on such bank’s balance sheet. FINMA’s initial position was therefore criticized by both regulated and unregulated market participants.

As a result of the market wide criticism, both FINMA and the newly established Swiss Financial Innovation Desk (FIND) held roundtable discussions with industry representatives to further explore the segregation of staked crypto assets in the event of a custodian’s insolvency and assess the practical consequences and/or need to clarify or amend the relevant legislative rules. In addition, FINMA conducted a survey among supervised institutions on their staking services.

FINMA’s Guidance is the result of these discussions and corresponding analyses. It aims to provide guidance on how FINMA will interpret the segregation requirements for staked crypto assets, as well as related issues such as the need for a banking license for staking providers and the impact of staked crypto assets on banks’ capital requirements.

In the following, we provide a summary overview of the question addressed and the key requirements set out in FINMA’s Guidance and specifically discuss certain measures that regulated providers of staking services, such as licensed banks, should implement in order to avoid that the staked crypto assets held on behalf of their clients become subject to the applicable capital requirements.

B. What the Two Competing Analyses Entail

At the heart of FINMA’s new Guidance is the question of whether staking service providers act as deposit takers or as fiduciaries when staking crypto assets received from their clients.

One analysis is to treat staking service providers broadly as deposit takers, i.e.:

• clients’ claims for the return of staked crypto assets are merely contractual claims against the staking service provider, and as a result
  • such claims may be treated as deposits under the Banking Act, and the staking service provider may therefore be considered to be engaging in a regulated activity permitted only to licensed banks; and
  • in the event of the insolvency of the staking service provider, clients are treated as general unsecured creditors; and
• if the staking service provider is a licensed bank, the staked crypto assets would be counted as its risk-weighted assets for capital adequacy purposes and, according to the currently prevailing practice of FINMA, be attributed a risk weighting of 800%.

Another analysis is to treat staking service providers broadly as fiduciaries/custodians (for ease of reference, we will call this the «fiduciary analysis»), i.e.:

• they may not be considered to be engaging in an activity permitted only to licensed banks (but may nevertheless become subject to anti-money laundering regulations);
• in the event of the insolvency of the staking service provider, the staked crypto assets received from clients do not form part of the insolvency estate;[1] and
• if the staking service provider is a licensed bank, the staked crypto assets are not included in its risk-weighted assets for capital adequacy purposes (but may be subject to restrictions imposed by FINMA).

C. The Custodian’s Obligation to Ensure the Crypto Assets’ «Immediate Availability» Remains Key

The new Guidance’s approach to determining which of the two analyses is applicable to staking service providers builds on the three tiers of crypto asset custody that were introduced under the DLT Act:

• (1) If crypto assets are held in custody (i) individually segregated on a client level and (ii) subject to the custodian’s obligation to ensure their immediate availability, the fiduciary treatment analysis applies.
• (2) If crypto assets are held in custody (i) in an omnibus account but with records of each client’s fractional share and (ii) subject to the custodian’s obligation to ensure their immediate availability, the fiduciary treatment analysis applies. If the crypto assets so held are payment tokens, this form of custody requires an «Article 1b» license (or fintech license) under the Banking Act.
• (3) If crypto assets are held in custody (a) in an omnibus account and with no records of each client’s fractional share or (b) not subject to the custodian’s obligation to ensure their immediate availability, the crypto assets are treated as if they were held by the custodian acting as banker (i.e., for its own account).

As the key criterion for determining which of the two analyses applies to Swiss staking service providers, the Guidance focuses on the obligation to ensure the immediate availability of the crypto assets and how such an obligation may be affected by different staking arrangements in constellations under which staking involves the possibility of lock-ups or slashing.

D. What the New Guidance Sets out as Important Criteria

1. Direct Staking by Licensed and Unlicensed Staking Service Providers

For the fiduciary analysis to apply to a Swiss provider of staking services that controls the withdrawal keys, the following conditions must be met according to the new Guidance:

• the client has provided specific instructions as to the type and number of crypto assets to be staked;
• appropriate measures have been taken to ensure that the crypto assets staked to a particular validator address and, after staking, to a particular payout address can be unambiguously attributed to the client;
• the client is transparently and clearly informed of all risks;
• appropriate steps are taken to mitigate the operational risks of operating a validator node (including business continuity management) to avoid slashing and other penalties; and
• a Digital Assets Resolution Package (DARP) is prepared to ensure appropriate risk management.

For the fiduciary analysis to apply to Swiss non-bank staking service providers engaged in direct staking of payment tokens, the Guidance requires that the staked payment tokens continue to be held in individual custody, with a separate and assignable blockchain address for each client (at the level of the original custody address, the staking address, and the withdrawal address).

2. Delegation by a Licensed Bank or Securities Firm to a Third-Party Provider of Staking Services

For the fiduciary analysis to apply with respect to a Swiss bank or securities firm that engages a third-party staking service provider to provide staking services to the institution’s clients, the following conditions must be met according to the Guidance:

The bank or securities firm must enter into a fiduciary agreement with the client that contains a specific fiduciary mandate from the client, including the selection of crypto assets and the amount. In FINMA’s view, the bank acquires a contractual claim against the third-party staking service provider for the return of the staked cryptoassets, and the fiduciary agreement is intended to ensure that the fiduciary analysis applies to this contractual claim.[2]

The fiduciary arrangement must include a comprehensive risk disclosure to the client and adhere to requirements broadly analogous to those set out in the Swiss Bankers Association’s 2016 Directives on Fiduciary Investments. In particular, the bank or securities firm must

• limit counterparty risks by selecting an institution subject to prudential supervision with a good credit rating;
• ensure, by means of specific due diligence, that the third-party provider itself holds, inter alia, the relevant withdrawal keys; records the validator addresses and has taken all necessary measures to mitigate operational risks associated with the operation of the validator node; and is based in a jurisdiction offering equivalent protection to clients; and
• establish a DARP to ensure appropriate risk management.

E. What Regulated Banks Need to Do Now

In light of the requirements set out under the Guidance, Swiss regulated banks engaging in staking services should consider taking the following steps.

• Assessment of Third-Party Staking Providers: In order to ensure compliance with the Guidance, regulated banks offering their clients staking services under which a third-party service provider (staking chain) is appointed to operate the validator node will need to assess whether the appointed third-party staking service provider under their current set-up satisfies the relevant requirements under the Guidance. Pursuant to the Guidance, ultimately only third-party staking service providers which are subject to prudential supervision in Switzerland will be suitable counterparties to which the operation of the validator node can be delegated.

To the extent the third-party staking provider is domiciled outside of Switzerland, regulated Swiss banks will need to assess whether the third party is subject to prudential supervision in a jurisdiction with equivalent regulation. In addition, the Guidance requires that the bankruptcy laws in the home jurisdiction of the third-party staking provider provides the same level of legal certainty as in Switzerland in relation to the segregation (or equivalent treatment) of crypto assets in insolvency proceedings. The Guidance does not define which criteria the foreign bankruptcy laws must satisfy in order to be considered sufficient under the Guidance, however, we assume that at a minimum the foreign laws must provide a clear legal basis and/or regulatory guidance regarding the treatment of crypto assets in the bankruptcy of the foreign staking service provider. From the perspective of the Swiss regulated bank, it will likely be challenging to assesses the adequacy of the foreign bankruptcy laws in question. It may, therefore, be advisable for Swiss banks to request the delivery of a legal opinion from their relevant staking providers confirming the treatment of crypto assets under the bankruptcy laws in the relevant jurisdiction.

• Review of Contractual Arrangements with Third-Party Staking Providers: Further, the Guidance stipulates a number of requirements which the relevant third-party staking service provider must satisfy from an operational perspective. As outlined above, such operational requirements namely include the holding of the relevant withdrawal keys, the adequate recording of validator addresses and the implementation of adequate measures to mitigate the staking related operational risks. Regulated banks will, in consequence, be required to perform a due diligence in relation to their contractual partners in order to ensure that the appointed third parties are capable of satisfying the requirements defined under the Guidance. In light of the requirements set out under the Guidance, it will be advisable for Swiss regulated banks to update the applicable contractual arrangements to ensure that relevant requirements set out under the Guidance are translated into clear contractual obligations of the relevant staking service providers under the applicable contractual arrangements. Due to the importance of compliance with the Guidance for Swiss regulated banks in view of the considerable risk weighting of crypto assets under the capital requirements, Swiss banks should be requesting that their third-party service providers under the applicable contractual arrangements give relevant representations as to the compliance with the requirements set out under the Guidance.
• Review and Update of existing Risk Disclosure: The Guidance requires that the regulated Swiss banks, in particular engaging in direct staking on behalf of their clients, adequately and transparently inform the clients of the risks inherent to staking. Pursuant to the Guidance, the risk disclosure will at a minimum need to inform the client about the risks related to slashing, potential staking related lock-up periods (including the increased market risks due to the potentially delay in disposing over the staked crypto assets) and the legal uncertainties in the event of bankruptcy. In order to ensure compliance with the Guidance, regulated banks should review their existing risk disclosure in light of these requirements and make the necessary amendments to ensure an adequate disclosure of the relevant risks.
• Digital Asset Resolution Package: The Guidance requires regulated banks engaging in staking activities on behalf of their clients to draw-up a DARP to ensure adequate risk management. FINMA has to date typically required regulated banks and other financial institutions engaging in crypto asset related activities to draw up a DARP which should in effect allow FINMA to efficiently segregate and deliver the relevant crypto assets to the entitled clients in the case of a bankruptcy of the regulated entity. In order to ensure such efficient segregation, the DARP should outline the relevant custody set-up and provide a brief legal analysis outlining the legal basis for the segregation of custody assets in bankruptcy proceedings. In addition, the DARP should include the necessary factual information to allow an efficient segregation from an operational perspective. The DARP should, therefore, include the details of the relevant employees with access to the private keys, and in case of staking the respective withdrawal keys, and all relevant information on third party custodians.

Pursuant to the Guidance and in the context of staking activities by Swiss regulated banks, the DARP will need to adequately describe the staking set-up employed by the relevant bank and ensure that, to the extent a third party has been appointed as the relevant node validator, the DARP includes the necessary information for FINMA to gain access to the withdrawal keys. In order to ensure compliance with the Guidance, Swiss banks will need to draw up a staking specific DARP or update their existing DARP to ensure that the relevant staking activities are adequately covered by the DARP.

The Guidance does not define a specific date until which Swiss regulated banks must ensure compliance and does not provide for applicable transitional periods. In consequence, the Guidance and the requirements set out thereunder will be immediately effective. To the extent necessary, Swiss banks should, therefore, promptly take the steps outlined above, to ensure that the staked crypto assets are not included in its risk-weighted assets for capital adequacy purposes as of the relevant dates for measuring and disclosing the capital adequacy.

[1] If the staking service provider is a licensed bank, such assets will qualify as custody assets within the meaning of art. 16(1^bis) Banking Act. If the staking service provider is not a licensed financial institution, this follows from a corresponding provision in the Debt Enforcement and Bankruptcy Act (art. 242a). Both provisions have been inserted as part of the DLT Act.

[2] The fiduciary analysis of the claim against the third-party staking service provider is in line with the older art. 16(2) Banking Act, not the new art. 16(1bis), which the Guidance highlights.