Finoa has been regulated and operating under a preliminary crypto custody license since January 2020. As of February 2023, Finoa is a fully regulated financial institution, licensed by the German Federal Financial Supervisory Authority – BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht) under the German Banking Act (Kreditwesengesetz – KWG). Finoa holds the following licenses:
License for investment brokerage (“Anlagevermittlung”) - sec. 1 para. 1a no. 1 KWG
Proprietary business license (“Eigengeschäft”) - sec. 1 para 1a sentence 3 KWG
The licenses mean that Finoa is legally qualified to:
hold crypto assets on behalf of individuals or institutions,
trade its own capital, and
intermediate access to capital.
How does BaFin regulate crypto custody businesses in Germany?
At the forefront of regulatory oversight is the mandatory licensing requirement. Any entity wishing to conduct crypto custody business in Germany must first obtain a license from the Federal Financial Supervisory Authority (BaFin). This rigorous application process ensures that only qualified and trustworthy providers are permitted to operate.
The "crypto custody business" is explicitly defined under the KWG as the custody, administration, and safeguarding of crypto assets or private cryptographic keys for others. This definition is intentionally broad to encompass the various ways in which a custodian might hold and manage a client's assets.
Is Finoa a licensed custodian?
Yes, They hold the German crypto custody license (§1 Para. 1a No. 6 KWG) from BaFin. This license signifies that Finoa has extensive safeguards in place and complies fully with the requirements of German law.
What are the key responsibilities of a licensed crypto asset custodian?
Once licensed, a crypto asset custodian under the KWG is subject to a comprehensive set of ongoing responsibilities designed to ensure the security and integrity of client assets. These include:
1. Robust security measures: Custodians are obligated to implement state-of-the-art security measures to protect against theft, loss, and unauthorized access to clients' crypto assets and private keys. This includes both physical and cybersecurity protocols. BaFin places a strong emphasis on the IT infrastructure, requiring adherence to its "Banking Supervisory Requirements for IT" (BAIT). This translates to secure storage solutions, which can involve a combination of "hot" (online) and "cold" (offline) wallets, and stringent access control procedures.
2. Segregation of assets: A cornerstone of client protection is the strict segregation of client assets from the custodian's own assets. This means that your crypto assets are held in a way that clearly distinguishes them from the company's funds. This principle is crucial in the event of the custodian's insolvency, as it ensures that your assets are not treated as part of the custodian's estate and can be returned to you. The Future Financing Act (ZuFinG) further solidified this by granting clients a legal right to have their assets separated in such scenarios.
3. Sound organizational structure and governance: Crypto custodians must maintain a proper business organization with clear internal controls and risk management procedures. This includes implementing the "Minimum Requirements for Risk Management" (MaRisk), which are established principles for risk control in the German financial sector. The management of the company is also under scrutiny.
4. Qualified and trustworthy management: The managing directors of a crypto custody provider must be deemed "fit and proper" by BaFin. This involves a thorough assessment of their professional qualifications, experience, and personal reliability. They are required to have a deep understanding of the crypto asset business and the associated risks and must dedicate sufficient time to their managerial duties.
5. Sufficient financial resources: To ensure financial stability and the ability to absorb potential losses, crypto custodians are required to hold a minimum initial capital. Finoa applies the comprehensive prudential requirements of the EU's Capital Requirements Regulation (CRR). This means our capital adequacy is not based on a fixed minimum amount, but on a dynamic and sophisticated framework. Under the CRR, we are obligated to calculate and maintain sufficient capital reserves aligned with our specific risk profile. This rigorous approach ensures that we continuously maintain a robust financial buffer, demonstrating a deep commitment to long-term stability and the safeguarding of your assets well beyond standard requirements.
6. Anti-Money Laundering (AML) compliance: Crypto custodians are subject to the stringent provisions of the German Money Laundering Act (GwG). This requires them to implement robust AML and counter-terrorist financing (CTF) procedures, including customer due diligence (Know Your Customer - KYC), ongoing monitoring of transactions, and the appointment of a dedicated Anti-Money Laundering Officer. These measures are vital for maintaining the integrity of the financial system and preventing the illicit use of crypto assets.
By adhering to these comprehensive regulatory requirements under the KWG, licensed crypto asset custodians in Germany provide a secure and trustworthy environment for the safekeeping of your digital assets. This framework, with its emphasis on licensing, security, asset segregation, and ongoing supervision, is designed to foster confidence and protect participants in the evolving world of crypto finance.
Travel Rule
What is the Travel Rule?
The Travel Rule is a regulation developed at national and international level according to the Financial Action Task Force (FATF) Recommendation 16 in order to prevent money laundering and terrorist financing. It requires crypto or virtual asset service providers (CASP/VASP) such as Finoa to collect and share certain information about the originator and beneficiary of cryptocurrency transactions.
Why is the Travel Rule important?
The Travel Rule enhances the transparency and security of cryptocurrency transactions by ensuring that necessary information is exchanged between financial institutions. This helps prevent illicit activities and promotes trust in the cryptocurrency ecosystem.
When does the Travel Rule take effect?
The European Union has introduced new rules for transfers of crypto-assets through Regulation (EU) 2023/1113. This regulation implements the so-called "Travel Rule" and aims to combat money laundering and terrorist financing in the crypto-asset sector. It is in effect in Germany and in the rest of the European Union from December 30th 2024.
Jurisdictions and threshold
Finoa’s reference jurisdiction for applying the Travel Rule is Germany. Accordingly, all transfers of crypto assets are subject to the new reporting requirements, regardless of the amount transferred. For transfers above 1,000 EUR to a self-custodied wallet controlled by you, proof of ownership will be required. If you are not the owner, you will need to provide the necessary information about your counterparty.
How will the Travel Rule affect my transactions?
If a reporting obligation applies, you must provide information about the transfer's counterparty to initiate withdrawals or receive deposits. This information will be securely transmitted to the beneficiary's VASP (Virtual Asset Service Provider) to comply with the Travel Rule requirements. VASPs will then conduct comprehensive AML and sanctions checks before processing the transaction.
Who is Notabene, and how do they fit into the Travel Rule compliance?
Notabene is a Travel Rule protocol provider that facilitates the secure and compliant exchange of information between cryptocurrency service providers. We have partnered with Notabene to ensure seamless compliance with the Travel Rule regulations.
What measures are being taken to protect my privacy?
We prioritize your privacy and security. All information collected for Travel Rule compliance will be transmitted securely using advanced encryption methods. Notabene's protocol ensures that data is shared only with authorized entities and used solely for compliance purposes. For more information, please see Finoa’s Privacy Policy.
General questions
Who does Finoa serve?
Finoa's platform is designed for institutional investors, corporations, high-net-worth individuals, and other service providers.
How do I open an account?
To open an account, please fill in the contact form on our contact page. A member of our Sales Team will be in touch with you to initiate the process.
How long does it take to open an account?
The account creation is dependent on the onboarding verification process and customer requirements.
What is the fee structure that Finoa charges for its products?
The fee charged varies depending on the type of customer you are and the total value of assets you would like to custody. Please get in touch with our team to learn more.
Finoa custody
What is a custodian?
A custodian is a financial institution that safely secures assets on behalf of third parties (institutions or individuals).
Why do I need a custodian?
Storing your assets with a custodian allows you to protect your assets with best-in-class security and reduces the risk of you losing your keys or getting hacked.
What is Finoa custody?
Finoa's custody solution offers bank-level security combined with immediate access to your digital assets. We ensure that your private keys are stored securely while giving you the freedom to deposit, stake, and withdraw your assets and grow your portfolio.
How does custody at Finoa work?
Private keys for your assets are generated and stored in Hardware Security Modules (HSMs) that provide military-grade cold storage. Through the application of core banking technology to blockchain infrastructure, digital assets can be deposited, withdrawn, or staked within seconds. Our multi-signature functionality serves as an additional layer of security for your assets.
What is a multi-signature wallet?
Multi-signature is the process of validating a specific operation (such as a withdrawal) based on the confirmation from a predefined number of signatures. It acts as a security mechanism to ensure that the funds’ governance is respected. A multi-signature process splits the responsibility among multiple people, eliminating a single point of failure and making it substantially more difficult for funds to be compromised.
Finoa staking
What is Proof of Stake?
Proof of Stake is a type of consensus mechanism where the size of a validator's stakes determines the chances of them being chosen to mine the next block.
What is staking?
Staking means delegating your tokens into the blockchain network to act as a validator of transactions. By staking tokens, one helps in securing the network and in return, receives rewards for doing so.
Which assets can I stake with Finoa?
Finoa's in-custody staking services support Polkadot (DOT), Oasis (ROSE), SKALE (SKL), Near (NEAR), Mina (MINA), Flow (FLOW), Audius (AUDIO), Axelar (AXL), Agoric (BLD), Kyve (KYVE), and more to come. Read an overview of our Proof-of-Stake assets.
What are my staking options with Finoa?
Finoa offers a range of staking options, including:
In-custody staking through the Finoa platform
Delegated staking, via public validators
Finoa prime brokerage
Am I eligible for trading?
Trading is available only to Finoa Custody clients.
Additionally, clients registered in a sanctioned country do not qualify for this product. Clients based in the United States are only eligible if they have an entity based in the European Union.
What is DLT Finance?
DLT Finance is a brand of DLT Securities GmbH (regulated as a securities trading firm by the German Federal Financial Supervisory Authority (BaFin)) and DLT Custody GmbH (granted a preliminary Crypto Asset Custodian License (§ 64y Para. 1 KWG) by the German Federal Financial Supervisory Authority (BaFin).
How can I know more about prime brokerage?
Visit our dedicated page to know more about Finoa's brokerage service or contact us.
Finoa Consensus Services
Question?
Yes, you can try us for free for 30 days. Our friendly team will work with you to get you up and running as soon as possible.
Question?
Of course. Our pricing scales with your company. Chat to our friendly team to find a solution that works for you.
Question?
We understand that things change. You can cancel your plan at any time and we’ll refund you the difference already paid.
Question?
At the moment, the only way to add additional information to invoices is to add the information to the workspace's name.
Question?
Plans are per workspace, not per account. You can upgrade one workspace, and still have any number of free workspaces.
Pricing and Billing
General questions
Yes, you can try us for free for 30 days. Our friendly team will work with you to get you up and running as soon as possible.
Finoa fee schedule - Individuals
Of course. Our pricing scales with your company. Chat to our friendly team to find a solution that works for you.
Finoa fee schedule - Institutions
We understand that things change. You can cancel your plan at any time and we’ll refund you the difference already paid.
Supported assets
Which digital assets are supported?
Finoa supports custody for over 180 crypto-assets such as Bitcoin, Ether, Celestia, Nillion Near, Flow, Mina, SKALE Network, Mina Protocol, Oasis Network, and many more. An overview of supported assets can be found on our assets page.
What if I can't find an asset I am interested in?
If you would like to deposit an asset for which we do not currently offer custody support, please get in touch with our team via the contact form. We are constantly adding more assets to meet our customers' needs.
Two-factor authentication (2FA) is a method of confirming a user's identity by requesting two different types of information to confirm a login. It acts as an extra layer of account security.
How does Finoa's 2FA work?
Two-factor authentication is enabled in your Finoa account through the Finoa mobile app. The latter works by cryptographically pairing your biometric data (fingerprint or face ID) on your smartphone with your Finoa account. 2FA serves as the means to enable a multi-signature functionality to your Finoa account.
Which mobile phones are supported by the Finoa mobile app?
For security reasons, the Finoa mobile app only supports devices with the iOS version 15 or higher. We highly recommend that you keep your iPhone up to date and install the recommended iOS updates regularly, to ensure the security of your iPhone.
Android users can access the Finoa mobile app on devices running Android version 10 or higher. These devices have the required security features, such as an integrated hardware security module (Secure Enclave, Trusted Execution Environment), as well as supporting biometric authentication methods (fingerprint or Face ID). However, as supported devices vary greatly in the Android ecosystem, Finoa cannot grant compatibility with our mobile app for these.
Compatibility can only be fully assessed by trial, which is why Finoa encourages adopting an iPhone as the preferred device choice. As always, we highly recommend the following for the security of your device:
Keep the software on your device up to date and install updates regularly.
Only install apps and use services from trusted sources.
Secure your phone adequately for the event of theft. Set up a screen lock with a strong PIN or a biometric factor (e.g. fingerprint).
Report anything suspicious.
Disclaimer: note that there are exceptions to the device models supported by the Finoa mobile app.
Developers
Is Finoa offering RESTful API?
Yes, Finoa has developed a simple and robust RESTful API to integrate our secure custody solution into your existing applications and services. If you are interested in finding out more about our API, please reach out to our team by filling in the form on our contact page.
How can I access to Finoa API documentation?
If you would like to have access to Finoa's API documentation, please reach out to our team by filling in the form on our contact page.
