Who will be the new blockchain intermediary

BaFin - Navigation & Service

Introduction to blockchain technology

Tables as an analogy

A greatly simplified and abbreviated way to imagine the basic structure of blockchains is a distributed table. This table is multiplied and distributed over a network of numerous computers. This network of computers is used in blockchain technology to update this table regularly and to document changes. Thus, information that is stored in a blockchain exists as a distributed and continuously synchronized table or database. This form of using networked computers requires some special features: Blockchain data storage does not only take place in one place, but on each of the computers in the network. This increases the reliability in particular. In addition, in the case of Bitcoin, the data contained in the blockchain is public and easy to check for every network participant. There is no central instance of the blockchain that a possible attacker could damage or change without permission.


The differences between blockchain technology and known processes can be illustrated by analogy with online collaboration tools. The traditional way of sharing electronic documents with business partners is to send a document to a recipient with a request to revise it. The sender must then wait for the copy of the document to be revised and returned before they can see changes or make further changes themselves. Processing is therefore excluded during the waiting period. Web-based online services for creating text documents are an alternative to this. Documents can be edited by several users at the same time. All parties have access to the same document at the same time and a single version of this document is always visible to all. In contrast to the blockchain, however, the document is managed from a central point here.

Data structures

In other words, blockchains form a data structure through which a status distributed among many participants (e.g. account balance) can be changed together (e.g. transfer of credit). Uniformity and protection against forgery is guaranteed by confirming the individual transactions. The way in which the shared state is determined depends in particular on the consensus mechanism used. Protection against forgery is ensured through the use of current cryptographic procedures. The data structures are distributed by a large number of separate and networked participants (nodes) and at the same time high availability and reliability are guaranteed. Changes in the blockchain are carried out by consensus mechanisms and then adopted by all nodes. There are different approaches to prevent unauthorized changes. Basically, the participants can view account balances and view all records of all processes of all participants.

Blockchain technology is relatively new. The technology and the possible applications will continue to develop. In addition to opportunities, new risks will also arise.

Differentiation of the terms Bitcoin, Blockchain and Distributed Ledger Technology (DLT)

Bitcoin was the first decentralized, virtual, digital currency (cryptocurrency) that showed a successful implementation of the blockchain idea. The blockchain only forms the technical framework in which Bitcoin is implemented. Bitcoin is only one possible use case of blockchain technology, but this became known as a framework primarily through Bitcoin.

Even if Bitcoin's broader market success is still open due to technical restrictions, among other things, the concept of blockchain technology has met with approval in many areas.

The term Distributed Ledger Technology (DLT) is often used in connection with blockchain technology. One possible translation of Distributed Ledger is "distributed ledgers". DLT describes the technological framework around the use of distributed ledgers. However, blockchains or distributed ledgers can be used for many other applications and records besides Bitcoin, such as managing digital identities. It is not uncommon for the terms blockchain technology and distributed ledger technology to be used synonymously in science and practice.

Network node

Using the example of Bitcoin, the structure of the network is to be clarified: A network of computers that act as nodes or English Nodes are called, forms the blockchain network. A node is a computer that is connected to the blockchain network and can use appropriate software (the client) to check and transmit transactions in the blockchain network. The nodes receive a copy of the blockchain, which is automatically downloaded when connected to the blockchain network and continuously updated.

For each node there is basically the chance to receive new bitcoins. Some nodes solve cryptographic tasks or puzzles for this purpose. These nodes are called Miner designated. In this way, game theory randomly determines which of the miners determines whether and which transactions are valid and can be appended to the blockchain with a new block. The miner receives new bitcoins and all fees for the validated transactions. Miners regularly form what are known as mining pools to solve cryptographic tasks or puzzles. In the case of mining pools, however, only the operator determines which transactions are included in the new block and are considered valid. Mining pools give individual miners a better chance of solving cryptographic tasks or puzzles. In this case, the new bitcoins and transaction fees are distributed among the miners involved in the mining pool.


Blockchain technology is a decentralized technology. Everything that happens within the blockchain network is a function of the entire network. Due to the special type of verification of transactions, some aspects of traditional trading, such as a chain of trustworthy intermediaries, are not required. Through the interaction of all network nodes, the common database is managed instead of leaving this task to a central entity.


Storing data in the blockchain avoids risks that arise from central data storage. In this respect, the network has no central weak points that attackers could exploit to change data. The security procedures of the blockchain technology particularly use current asymmetrical encryption technologies. These are based on so-called public and private keys. A public key (a long, randomly generated series of numbers) represents a user address on the blockchain. Transactions sent over the network are stored as belonging to this address. The private key works in the same way as a password, which enables the owner to access his transferred value units. Nevertheless, it is important for participants in the blockchain to secure their private keys so that they do not fall into unauthorized hands.

Transparency and immutability

The Bitcoin blockchain is automatically brought to a consensus of all network participants about every ten minutes and checked. As a self-checking ecosystem of digital assets, the Bitcoin network tunes every transaction at these ten-minute intervals. Each group of these transactions is called a "block". Two properties follow from this:

  • Transparency, since the data is embedded in a network as a whole and is therefore public, and
  • Immutability, since a retroactive change of any information seems impossible according to the current state of knowledge.

In theory, an attack on the immutability of a blockchain would be possible, but in practice it would be unlikely, especially since this would, for example, call into question the stability of the attacked currency as a whole. This would presumably lead to a loss of the value of all currency units, so that such an attack would not be profitable for the attacker, since the currency units then acquired without authorization would be worthless.

Consensus mechanisms

Consensus mechanisms describe how participants in blockchains find an agreement on transactions and the new state of the blockchain. Depending on the type and design of the blockchain, different consensus mechanisms are used. Individual consensus mechanisms include proof-of-work, proof-of-stake and ripple consensus.

Smart contracts

Smart contracts enable contractual logic to be mapped using computer algorithms. These are programmable contracts that are defined by the program code and can then be automatically executed and enforced on blockchains. At certain times, smart contracts automatically check pre-determined conditions. So you automatically determine whether, for example, a transaction is carried out or reversed.

Smart contracts make it possible to enforce contracts directly. The aim is to reduce transaction costs and increase contract security. Only the programmed code of a smart contract has a contractual effect. Smart contracts represent a control or business rule within the technical protocol. For example, in a car leased by a smart contract, the engine could only start when the leasing payment has been received. A query of the blockchain would be sufficient for this.

Smart contracts enable a high degree of independence, as the parties involved in an agreement do not have to rely on an intermediary. This also reduces the potential dangers of manipulation by third parties, as the execution is managed automatically by the blockchain mechanisms and not by one or more entities that could commit errors or be biased. Smart contracts also make it possible to increase the processing speed as software code is used to automate tasks. In this way, business processes can be simplified, whereby human errors, interfaces or media disruptions are minimized.

Risks of smart contracts arise in particular from the lack of a central authority that could take corrective action in the event of intentional or unintentional misconduct. This became particularly clear in the case of the crowdfunding project "The DAO" in June 2016: There, crypto currency units worth around 50 million US dollars were withdrawn from the project because of a previously largely ignored part of the program in the central smart contract. In addition, legal risks can also arise from smart contracts. It is currently unclear whether decisions made by the program code will also be recognized as binding by the courts. Overall, it is also questionable whether market participants will accept such a procedure or whether courts should not be able to intervene in illegitimate or inefficient decisions. In addition, the question arises to what extent the contractual conditions laid down in the program code are understandable for consumers or private investors.

Different types of blockchains: Publicvs. Private

A distinction is made between private / centralized and public / decentralized blockchains.

The public blockchain approach

In the context of blockchain technology, public means that all network nodes receive the same privileges. At the same time, several network nodes operate the blockchain or the ledger. The most famous blockchains, such as Ethereum and Bitcoin, are decentralized and distributed.

Public or decentralized blockchains basically assign the same rights to each participant. Everyone can read the content of the blockchains, carry out transactions and take part in securing the integrity. The advantages of this approach are high security, low costs and the avoidance of a single potential point of failure. The disadvantages include, in particular, limited scalability and the transparency of all transactions, which is unfavorable in terms of data protection. The participants also fully rely on a mathematical algorithm.

The private blockchain approach

In the case of private or centralized blockchains, there is usually a central instance or at least a limited number of participants. The connected network nodes are then assigned different rights and only invited participants can see the transactions. This is implemented, for example, at Corda from R3 CEV. Two major criticisms of centralized blockchains are the higher risk of manipulation and the dependence on a central authority.

Potential use cases for blockchain and its authorization requirement in Germany

The use of blockchain technology does not in itself require a permit, because it is a pure technology at first. This offers various design options, and its application is conceivable in various areas. Rather, the regulatory assessment depends on how the technology can be used and what activity is to be performed with it. In general, when assessing the business model or business activity and the associated use of blockchain technology, the following questions should play a role in order to assess the authorization requirement:

  1. Which areas or which financial instruments should be covered by the business activity?
  2. Can the regulatory requirements for the intended business activity be met at all through the use of blockchain technology?
  3. Is the business activity subject to the legal provisions for the prevention of money laundering, terrorist financing and other criminal offenses?

Due to the wide range of possible uses of blockchain technology, a blanket indication of a license requirement is difficult and not practical. In the following section - by way of example and not conclusively - some potential use cases for blockchain technology are presented.

It is also too early for a comprehensive assessment of blockchain technology and its potential use cases because both are developing rapidly.

Virtual currencies

Virtual currencies

Detailed information on the regulatory classification of virtual currencies can be found here:

Payment transactions

Carrying out international transfers using blockchain technology could enable near real-time payments and reduce transaction costs. It could be used in traditional payment transactions as well as in new alternative payment methods. The payment service provider could operate its main account on the basis of blockchain technology in order to further process the amounts of money that their users send. The payments can be transmitted via the Internet, for example, after the amounts have been recorded on site without contact or based on a machine-readable code, for example using a smartphone app.

In principle, blockchain technology could lead to a more direct interaction of the participants, not only in payment transactions, which calls into question the role of existing intermediaries (disintermediation).

Payment transactions

You can find detailed information on the regulatory classification of alternative payment methods here:


Property and casualty insurers could use blockchain technology to support their claims management. Among other things, they could automate their processes through smart contracts, digitize the business processes for assessing insurance cases and potentially reduce the risk of insurance fraud.

Companies could process insurance claims automatically by directly integrating data sources from third parties and storing insurance conditions directly in the program code of the smart contracts. Digitizing business processes using blockchain technology could, among other things, help reduce operating costs.

It is questionable whether all technical possibilities are compatible with the existing supervisory and data protection regulations. Future binding standards for relevant loss data could be established in order to create a suitable legal and regulatory framework.

Post trade

Post-trade is understood to mean the activities of the post-trade segment that take place following a trade in a security or financial instrument. This includes, for example, clearing, settlement, custody & asset servicing and notarial services. The provision of post-trade services is subject to legal provisions and requirements in most areas and in particular for certain financial instruments. These are summarized below for the respective area.

Money laundering regulations to prevent money laundering, terrorist financing and other criminal offenses must be complied with, particularly with clearing and settlement. Processes must be in place to identify the participants or customers. This legitimacy check is also known as Know Your Customer (KYC).


Clearing is the first step in the process after trading. It includes all activities that are necessary for the successful completion of the commercial transaction. The clearing can either take place via central counterparties (CCPs) or directly between buyer and seller. In the case of clearing by a central counterparty, this acts as a joint contractual partner between the buyer and seller of the trade.

Even when using blockchain technology, only one approved central counterparty may be used for clearing due to the statutory provisions. Whether a decentralized blockchain can be used for clearing seems at least questionable. However, the relevant regulatory and legal provisions are basically technology-neutral. This means that CCPsIT systems and applications must use that meet the requirements of Article 26 Paragraph 3 and 6 of the European Market Infrastructure Regulation (EMIR).

Companies that use blockchain technology as well as other IT-specific solutions are fundamentally exposed to cyber risks. Therefore, the provisions in Article 34 of EMIR also provide for specific business continuity requirements. They are intended to ensure that the functions of the central counterparty are maintained.


Settlement is the process step after clearing. It includes the delivery of the security or financial instrument to the buyer and the simultaneous payment of the purchase price to the seller in accordance with the underlying trade.

In principle, blockchain technology may only be used by an approved central securities depository in the area of ​​settlement due to the statutory provisions. Whether a decentralized blockchain can be used for settlement is at least questionable. However, the relevant regulatory and legal provisions are basically technology-neutral. This means that the IT systems and applications used must in particular meet the requirements of Article 45 Paragraph 1 and 2 of the Central Securities Depositories Regulation (CSDR). They also have to be compatible with existing systems.

Custody & Asset Servicing

For custody & asset servicing and its core services, the same licensing obligations and supervisory requirements for central securities depositories according to the CSDR that were presented under Settlement apply in principle. This also applies to the associated non-banking ancillary services in accordance with Sections A and B of the Annex to the CSDR.

Securities trading

Compared to the individual segments and functions of post-trading, a possible use of blockchain technology in securities trading would likely make the system more complex. The reason is that not only the digital trading transactions have to be digitally recorded in the “main account book”. At the same time, an automated mechanism would have to be implemented that brings together prospective buyers and sellers through ongoing pricing and thus carries out the trade at an agreed price.

Organizational administrations

The possible uses described above could also play a role for the company's internal organization. In the course of digitization, in-house blockchain technologies could be used in all business areas in which central registers, accounts or databases are relevant. This can be, for example, registers for stocks, bonds, derivatives, loans or insurance.

Alternatively, a large number or a group of companies in individual areas could use blockchain technologies in order to provide relevant information for all parties involved. Possible use cases are the granting of syndicated loans or the administration of business transactions.

In principle, a service provider could also provide these blockchain technologies. If he provides these services through outsourcing contracts, it should be checked in advance whether the business activity or the services of the company are subject to legal provisions with regard to outsourcing.

Decentralized Autonomous Organizations (DAO) are a more advanced approach to organizational management. They were originally intended as an experiment that turned out to be relatively successful. The idea of ​​a DAO is to make business decisions collectively and save the classic top management level.

However, in one incident in June 2016, the organization “The DAO” was stolen from part of the paid-up start-up capital, the equivalent of around 50 million US dollars. This could only be reversed through a so-called hard fork. The majority of the connected computer nodes had to agree to the intervention in the data structure required for this. This incident called into question the reliability and informative value of transactions or account balances based on blockchain technology.

Framework conditions for the use of blockchains

Blockchain technology could enable new approaches to banking business processes. The various basic operations of a bank require that separate books from different areas be closely coordinated. Blockchain technology could simplify this process by helping to reduce discrepancies. Blockchains are problematic in technical restructuring, since the protocol once established is difficult to change. In addition, the processing speed is currently still relatively slow, and blockchains usually have a steadily growing storage requirement over time. However, solutions seem to be emerging for these limitations as well. The further development will show to what extent these challenges can be mastered in the future.

Technical risks

Like other innovations, the use of blockchain technology also carries risks. The framework conditions are often characterized by a relatively slow processing speed, low processing volumes, complex technology and strong dependency on the cryptographic processes used. A developer community may also be involved, and it is difficult or impossible to hold liable for any damage.

The blockchain technology itself could be subject to a technical restructuring and, for example, result in incompatibilities with existing implementations due to certain further developments. In addition, there is a latent risk from hard forks if, for example, the majority of the network nodes support this and thus actually existing agreements in the sense of “Code is the law” are called into question. In addition, blockchains are relatively difficult to scale, especially if the processing speed needs to be increased.

Regulatory, prudential and legal risks

Basically, blockchain implementations work without the borders of nation states. This is particularly evident in public blockchain implementations. For example, two parties to the transaction can be in different jurisdictions. In the case of contradicting legal regulations, there could be ambiguities as to which regulations should be applied in case of doubt.

In addition, it has not yet been clarified what legal status a blockchain transaction actually has. The same applies to the legal significance of smart contracts. Answering these fundamental questions naturally still entails a certain risk factor at the present time. In the case of private blockchain implementations, it would potentially be easier to eliminate these uncertainties, since participation is bound to the acceptance of certain legal rules.

However, the existing regulatory framework within the area of ​​responsibility of BaFin also applies to the use of blockchain technologies, provided that the parties involved are subject to BaFin's supervisory area. There is no restriction on blockchain technology, as only the supervisory facts form the point of contact for the supervisory work of BaFin. It is not the technology that is decisive for regulatory issues, but the application. Difficulties in applying supervisory law would only arise if, in the absence of a central instance, its enforceability would be difficult or impossible due to a lack of addressees.

Economic Risks

Basically, with blockchains there is no way of reversing transactions that have already been carried out. The confirmation of transactions by a blockchain can take a relatively long time and the participants wait - compared to some established procedures - a relatively long time until transactions have been finally confirmed. Blockchains with a proof-of-work consensus mechanism can also be relatively expensive to maintain and resource-intensive to operate.

Last but not least, it is unclear to what extent market participants will accept blockchains.

Opportunities for future development

Basically, the regulator has recognized blockchain technology as a technology driver that could potentially trigger extensive changes in the financial services industry. This is why supervisory authorities such as BaFin and the legislature are following their developments very closely.

According to current estimates, the companies supervised by BaFin are responsible for the Value creation potential of blockchains in the future in the following areas, although this list is neither complete nor conclusive:

  • Simplification and automation of previously manual business processes,
  • Increased efficiency of regulation through almost real-time monitoring of financial market participants,
  • Reduction of the default risk of counterparties, as contracts are executed in a more secure and automated environment,
  • Minimizing chances of fraud.

Basic questions about the use of blockchains

Blockchain technology promises a wide range of uses. However, central questions of IT security apply to the use of blockchain technology as well as to other forms of electronic data processing. In addition, the following questions should be clarified if the use of a blockchain solution is considered:

  • Is it a network with a small number of participants?
  • Are the other participants in the network generally shown an acceptably high level of trust?
  • Is a relatively large amount of data stored in the transactions to be processed? Are the transaction volumes high in relation to the absolute number of transactions or also in relation to the number per unit of time?
  • Are the business transactions relatively complex and are they subject to confidentiality or data protection?
  • Is perimeter protection or a physical separation of the data necessary?
  • In addition to the network, is a large number of interfaces to other networks or legacy systems required to exchange data?
  • Is a central authority or body needed to resolve conflicts?
  • Is it necessary that only one central instance can validate transactions?
  • And is it necessary to change data at a later date?

These questions serve as a suggestion. They in no way replace an individual analysis that precedes the use of any technology.

Further information

Did you find the article helpful?