Investment Management Update Germany July 2025

BMF Publishes Draft Bill on DAC 8 Implementation Act

On 26 June 2025, the German Federal Ministry of Finance (Bundesministerium der Finanzen, or BMF) published a new draft bill (following the formation of a new government) for an act to implement the DAC 8 Directive (DAC 8-UmsG). 

The DAC 8-UmsG is intended to introduce an obligation for providers of crypto-asset services to report information on certain transactions by crypto-asset users to the tax authorities. At the same time, the existing reporting obligations in relation to financial accounts will be extended to certain digital payment instruments, namely electronic money (e-money) and digital central bank money.

In addition to the transposition of the DAC 8 Directive into German law, the requirements for reporting by providers of crypto-asset services in accordance with the Crypto-Asset Reporting Framework of the Organisation for Economic Co-operation and Development (OECD) and the amended requirements of the Common Reporting Standard with regard to financial accounts are to be implemented. These standards are intended to ensure internationally consistent reporting obligations and minimize circumvention possibilities. The economic activities of crypto-asset users are to become more transparent for the tax authorities.

It is planned that the act will enter into force on 1 January 2026.

ESMA Publishes Final Report on Incorporation by Reference in Securities Prospectuses

On 15 July 2025, the European Securities and Markets Authority (ESMA) published its final report for a delegated regulation laying down regulatory technical standards (RTS) in relation to the incorporation of information by reference in securities prospectuses.

The EU Prospectus Regulation provides that certain information from other documents may be incorporated by reference into a securities prospectus. These include documents approved by authorities under this regulation or annual or interim financial statements. ESMA draws up and updates the list of documents from which information may be incorporated by reference.

With the RTS, ESMA is now adding two document types to the list. Firstly, information from documents that were not approved or filed under the current EU Prospectus Regulation, but under the previous EU Prospectus Directive, may also be incorporated by reference. Secondly, issuers of bonds marketed as environmentally sustainable or of sustainability-linked bonds (so-called green bonds) shall be allowed to incorporate by reference the information disclosed prior to issue in accordance with the EU Green Bonds Regulation.

The European Commission now has three months to decide on the adoption of the proposed Delegated Regulation.

BaFin Applies ESAs’ Fit & Proper Guidelines

On 15 July 2025, the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, or BaFin) announced that it will apply the joint guidelines of the European Supervisory Authorities (ESAs) on the system for the exchange of information relevant to the assessment of the fitness and propriety of holders of qualifying holdings, directors, and key function holders of financial institutions and financial market participants by competent authorities (Fit & Proper).

Among other things, the guidelines aim to create a consistent, efficient, and effective assessment of the fitness and propriety of holders of qualifying holdings, directors, and key function holders of financial institutions and financial market participants.

ESMA Publishes Final Report on Sustainability Disclosures for Funds 

On 30 June 2025, ESMA published its final report on the integration of sustainability risks and disclosures in the investment-fund sector, which was based on a joint assessment with the competent national authorities of the compliance of supervised entities with relevant EU legislation.

ESMA found that compliance with the legal requirements and the integration of sustainability risks and disclosures into the decision-making process of fund managers was satisfactory. Nevertheless, some weaknesses were also identified, including in particular the missing or incomplete description of sustainability indicators, the insufficient description of escalation processes in the investment guidelines, the lack of information on specific criteria and indicators for measuring management remuneration, and insufficient information on the principal adverse impacts on sustainability factors (PAIs). ESMA’s final report therefore sets out examples of good, below-average, and noncompliant practices in relation to the inclusion of sustainability risks and disclosures in the structure of the decision-making process and corporate governance and the disclosure requirements at company level and at product level based on the provisions of the EU Sustainable Finance Disclosure Regulation (SFDR). Identified weaknesses are to be remedied in the future by the national competent authorities in joint cooperation with market participants.

BGH Ruling on the Time Limitation of Repayment Claims

On 3 June 2025, the German Federal Court of Justice (Bundesgerichtshof, or BGH) ruled on a model declaratory action (Musterfeststellungsklage) for the repayment of account maintenance fees (case reference: XI ZR 45/24) in connection with an earlier BGH ruling on the ineffectiveness of a fiction of consent in relation to unilateral contract amendments and price increases in the general terms and conditions of banks (case reference: XI ZR 26/20). In addition to other points, the plaintiff particularly claimed that the limitation period for consumers’ claims for reimbursement of overpaid fees only begins to run from that point in time when they were aware of the ineffectiveness of the fictitious consent clause or could have been aware of it without gross negligence. Alternatively, the declaratory action plaintiff sought a declaration that the knowledge-dependent limitation period began to run at the earliest at the end of 2021.

While the lower court dismissed the model declaratory action on this point, the BGH has now ruled that the corresponding declaratory judgment is unfounded. However, it has also clarified in this context that the present consumer claims for reimbursement are subject to the regular limitation period of three years, which begins to run at the end of the year in which the claim for reimbursement arose and the consumer became aware of the circumstances giving rise to the claim or should have become aware of them without gross negligence in accordance with § 199 (1) of the German Civil Code (Bürgerliches Gesetzbuch, or BGB). However, contrary to what the banks and savings banks had argued, the BGH ruled that the entitlement to repayment did not arise when the ineffectively charged fee was debited, but rather only when the relevant current account balances were authorized by the consumer. This usually only occurs after the expiry of a period of six weeks after the end of the month in which the relevant balance statement was drawn up, provided that the consumer has not objected to the balance statement within this period. As far as the consumer’s knowledge is concerned, the judgment of 27 April 2021 does not necessarily have to be taken into account as there was no uncertain or doubtful legal situation with regard to the ineffectiveness of fictitious consent clauses. Knowledge may therefore regularly have already occurred at an earlier point in time.

On this point, the BGH thus essentially confirms the legal position of the banks and savings banks, which have invoked an earlier limitation period. However, due to the slightly later start of the limitation period, this may, under certain circumstances, result in a pushback by one calendar year, specifically when it comes to the fees covered by a balance statement at the end of a calendar year, as the associated withdrawal period does not end until the following year. Many consumers’ claims for repayment dating back further are therefore likely to have become time-barred and therefore irrecoverable.

BaFin Circular 08/2025 (GW) on High-Risk Jurisdictions

In its Circular 08/2025 (GW), BaFin has defined the measures to be taken by all persons that are subject to the German Money Laundering Act (Geldwäschegesetz, or GwG) under its supervision in relation to so-called high-risk jurisdictions, i.e., third countries whose systems for combating money laundering and terrorist financing have strategic deficiencies that create significant risks to the international financial system. The background to this is a corresponding statement by the Financial Action Task Force (FATF) of 13 June 2025 in relation to the Democratic People’s Republic of Korea, Iran, and Myanmar (High Risk Jurisdictions subject to a Call for Action). In a report of 13 June 2025, the FATF also named 24 jurisdictions that are under monitoring but where progress has been made (Jurisdictions under Increased Monitoring); although there is no immediate obligation to take action and no additional due diligence and organizational obligations need to be fulfilled, the situation in these countries or of persons from these countries must be appropriately considered when assessing country risk in the context of money-laundering prevention. BaFin also points out that for business transactions falling under the provisions of § 15 (3) No. 2 GwG in relation to countries other than those mentioned above and that are listed in the Delegated Regulation (EU) 2016/1675 that has been issued on the basis of Art. 9 of Directive (EU) 2015/849 (Fourth Money Laundering Directive) and that fall under the provisions of § 15 (3) No. 2 GwG, at least the enhanced due diligence obligations listed in § 15 (5) GwG must be fulfilled.

ESMA Published Criteria on Knowledge and Competence of Staff Providing Information on Crypto-Assets

On 11 July 2025, ESMA has published the guidelines for the criteria on the assessment of knowledge and competence under the Markets in Crypto Assets Regulation (MiCA). The new criteria aim to enhance investor protection within the rapidly evolving digital-asset market. The guidelines describe the appropriate knowledge and competence required from natural persons giving information or advice on crypto-assets or crypto-asset services on behalf of crypto-asset service providers. Specifically, the guidelines outline the necessary understanding that staff must possess regarding blockchain technology, the specific features of crypto-assets, risk factors, as well as regulatory frameworks. Training and assessment methods will play an important role in meeting the prescribed standards.

Crypto-asset service providers should set out the responsibilities of staff and ensure that, in accordance with the services provided by the crypto-asset service provider and its internal organization, there is a clear distinction in the description of responsibilities between giving advice and giving information.

Existing members of staff giving information or advice on crypto-assets or crypto-asset services may be considered by crypto-asset service providers as having the necessary knowledge and competence to fulfill their obligations by successfully giving information or providing advice on crypto-assets or crypto-asset services on a full-time equivalent basis and for a minimum period of one year prior to the entry into application of these guidelines.
The guidelines will be translated into all EU languages and published on ESMA’s website. They will start applying six months after the publication of the translations on the ESMA website.

Commission Delegated Regulation (EU) 2025/532 Supplementing DORA Published and Entered into Force

On 2 July 2025, Commission Delegated Regulation (EU) 2025/532 was published in the Official Journal of the European Union. This Delegated Regulation supplements the Digital Operational Resilience Act (DORA) with regard to RTS specifying the elements that a financial entity has to determine and assess when subcontracting information and communication technology (ICT) services supporting critical or important functions.

The Delegated Regulation aims to ensure that financial entities maintain operational resilience by thoroughly evaluating risks across the entire ICT subcontracting chain. Entities must identify all subcontractors involved, especially those whose service disruptions could impair continuity or security. Key provisions include comprehensive due diligence and risk assessment before subcontracting ICT services that support critical or important functions, detailed requirements for contractual agreements, and group-wide consistency in applying subcontracting policies.

This Delegated Regulation entered into force on 22 July 2025, marking a significant step in harmonizing ICT risk management across the EU financial sector.