- It started with great expectations when Bitpanda received its German license in 2022, and the mood was euphoric.
- While other crypto exchanges argued with the authorities or withdrew into offshore zones, Bitpanda presented itself as a solid European showcase project. Wrongfully so, as one can assume today after official audits.
2023 ordered the BaFin the first special audit according to Section 44 of the Banking Act (KWG) at Bitpanda Asset Management GmbH. Such tests are common after a license has been granted, but the results were dismal. The inspectors found 16 defects, five of them serious.
Risk management, IT organization, outsourcing controls and internal documentation were particularly affected – areas that are essential for a regulated financial institution. Internally it was said that the IT was “not yet sufficiently developed to be fully tested”.
BaFin leaves it at the finding of Bitpanda violations
At the end of 2024, BaFin wrote to Bitpanda management that although most of the deficiencies had been remedied, the organization still did not meet the requirements of the KWG. It wasn’t a sanction, but a clear request that improvements needed to be made.
Bitpanda, in turn, publicly emphasized that the deficiencies would be fully remedied by the beginning of 2025. Reference was made to KPMG audit reports and its own – albeit self-ascribed – role as one of the “most strictly regulated” companies in Europe.
BaFin did not confirm this self-assessment and remained silent, but granted the German MiCA license.
Extended list of defects and the question of the future
In January 2026, internal BaFin documents became public. Media reports made the list of defects known and put Bitpanda Germany in a critical light.
At the same time, the company expanded into new segments such as traditional stocks and ETFs, raising questions about how this could be possible given deficiencies in core areas that remained after two years.
While the Austrian Financial Market Authority (FMA) provided Bitpanda with a comprehensive MiCA license, the German offshoot continued to get tangled up in the regulatory jungle despite its own Bafin license.
In the meantime, however, a new, unflattering aspect has become known that affects not only the regulatory authorities in Germany but throughout the EU: The MiCAR cannot be implemented sensibly for the time being because essential implementing regulations are simply unsuitable or missing – CNF reported. The EU flagship project could therefore be delayed by more than a year.
This in turn raises the question: Who actually examines the auditors?
No Comments