Digital Objects: A New Class of Personal Property in English Law

Following the Law Commission consultation paper published in August 2022, which I later summarised for the SCL, the Commission has now published its report on the consultation process and a related summary. I'm yet to dig into the report fully, but here's a quick run-down on the summary. Professor Sarah Green and her team are to be commended on their consultation paper, the manner in which they conducted the consultation process and the report itself. Theirs is a colossal and momentous achievement that will no doubt form the basis of considerable legal evolution in the years to come.

The Commission has found that English law has recognised "certain digital assets as things to which personal property rights can relate" as a distinct legal category, but that certain complex areas of legal uncertainty remain that law reform could reduce. For instance, there are "difficult boundary issues" in distinguishing between digital 'assets' such as crypto-tokens; private, permissioned blockchain systems; voluntary carbon credits; in-game digital assets; and digital files. These assets may be based on very different technologies and whether they can or should attract personal property rights may depend on particular sets of facts.

Overall, the Commission recommends that this uncertainty would be best met through the evolution of case law and some targeted legislation, with support from a panel of industry-specific technical experts, legal practitioners, academics and judges.

More specifically (but by no means exhaustively), the Commission concludes that, under the law of England & Wales ("English law"): 

1. a 'thing' should not be deprived of legal status as an object of personal property rights merely because it is neither 'a thing in action' nor 'a thing in possession' (the main traditional forms of personal property);
2. personal property rights should relate to a thing that is rivalrous (i.e. where the use or consumption of the thing by one person (or specific group) necessarily prejudices the use or consumption of that thing by others);
3. factual control (plus intention) can found a legal proprietary interest in a digital object, and in certain circumstances such an interest can be separate from (but less than) a superior legal title;
4. it is possible (with the requisite intention) to effect a legal transfer of a crypto-token either off-chain (by a change of control) or on-chain (by a transfer operation that effects a state change);
5. a special defence of 'good faith purchaser for value without notice' can be recognised and developed in common law (i.e. via the courts) in relation to crypto-tokens and other 'third category things';
6. crypto-token intermediated holding arrangements can be characterised and structured as trusts, with rights of co-ownership by way of an 'equitable tenancy in common' (rather than necessarily joint and several interests);
7. recognising a control-based legal proprietary interest could provide the basis for an alternative legal structure for custodial intermediated holding arrangements in addition to trusts, whereby certain holding intermediaries acquire a control-based proprietary interest in crypto-token entitlements that is subject to superior legal title retained by users;
8. the courts could develop principles of tortious liability for wrongful interference with 'third category things' by analogy with the tort of conversion;
9. The Financial Collateral Arrangements (No 2) Regulations 2003 (FCARs) should be amended to confirm and clarify their applicability to crypto-tokens, cryptoassets (including central bank digital currencies (CBDCs) and fiat currency-linked stablecoins) and/ or mere record/register tokens, including where a financial instrument or a credit claim is tokenised and effectively linked or stapled to a crypto-token; 
10. UK company law should be reviewed to assess the merits of reforms to confirm the validity and/or use of crypto-token networks for the issuance/transfer of equities and other registered corporate securities, including the extent to which applicable laws might support the use of public permissionless ledgers for such purposes; and
11. the UK government should establish a multi-disciplinary project to create a bespoke statutory legal framework to facilitate the certain crypto-token and cryptoasset collateral arrangements.

Again, the consultation and report represent a colossal and momentous achievement by the Professor Sarah Green and her team, who should be commended for their efforts. I'm sure their work will form the basis of a great deal of legal evolution in the coming years.

The Payments Industry Required To Cover 'Push Payment' Scams

The UK’s Payment Systems Regulator (PSR) has announced it will impose a new reimbursement requirement for ‘authorised push payment fraud’ (APP fraud) involving the Faster Payments system from 2024, with a further review in 2026. APP fraud occurs where a fraudster tricks someone into sending a payment to a payment account controlled by the fraudster (or a ‘mule’). I've summarised the requirements below for information purposes, but if you need advice on the scope or application of the new requirements, please let me know.

What is APP fraud?

APP fraud involves payments where the victim is deceived into allowing or authorising a payment from their account with a bank or other payment service provider (PSP), including where they intend to transfer the funds to someone else but are deceived into transferring the funds to the fraudster instead (or the fraudster's associate or ‘mule’), or where the victim is deceived as to the purpose of transferring the funds to the account outside their control. 

Examples of APP fraud involve impersonation, investment, romance, purchase, invoice and mandate, CEO fraud and advance fees.

How much APP fraud is there?

According to UK Finance, there were approximately 207,000 reported cases on personal accounts in 2022 (up 6%) worth £485m, but “many cases” go unreported. Most (97%) involve the Faster Payment system (though APP fraud payments make up only 0.1% of all Faster Payments. 

Mandatory reimbursement will be on top of the voluntary Contingent Reimbursement Model (CRM) Code launched in 2019, which covered 66% of APP fraud losses within its scope in 2022; and some other initiatives by individual firms. 

What about other payment methods?

The Bank of England is also committed to achieving similar reimbursement for consumers making larger 'CHAPS' transactions. 

The PSR will also consider whether the new reimbursement requirement should apply to other payment systems in due course, but it will apply to the New Payments Architecture (NPA) that will replace existing inter-bank payment systems by 1 July 2026. 

Which customers are covered?

The new reimbursement requirement applies to consumers, microenterprises and small charities (which are all treated as ‘consumers’ under the Payment Services Regulations and is the same coverage as the CRM Code). 

The sending PSP processing an APP fraud claim should assess the customer’s situation and any potential vulnerability in line with the FCA’s guidance for PSPs on the fair treatment of vulnerable customers. 

A vulnerable customer is someone who, due to their personal circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care. 

If a customer is deemed vulnerable for a specific APP fraud, the sending PSP must not apply the customer standard of caution (gross negligence) or claim excess. 

Which firms are liable for a reimbursement?

The new requirement will mean payment firms must reimburse all in-scope customers who fall victim to APP fraud, sharing the cost of reimbursing victims 50:50 between sending and receiving payment firms, with extra protections for vulnerable customers. PSPs must reimburse customers within 5 business days. There will also be a deadline for firms reimbursing each other, where one pays the customer first. 

The regulator will consult later this year on a potential maximum limits for reimbursements, and claims must be made within 13 months after the final payment to the fraudster. 

Only the PSP that operates the sending payment account and the PSP that operates the receiving payment account for a qualifying transaction are both required to provide reimbursements. This means that a ‘payment initiation service provider’ will not need to provide reimbursements unless it is also acting as the receiving PSP. 

Which payments are covered?

Only payments made using Faster Payments where the victim is deceived into allowing or authorising a payment from their account with a PSP to another account outside the victim's control at another PSP.

Where fraudster persuades the victim to go through several steps - first transferring their money from the sending account at one PSP to another account that the victim has at a different PSP, before then transferring the funds to an account outside the victim’s control at another PSP (‘multi-step APP fraud’), the reimbursement requirement only applies to the Faster Payment made from the victim's last sending account to the receiving account outside the victim’s control.

Which payments are not covered?

The reimbursement requirement does not apply to: 

• civil disputes, such as those relating to the quality of goods/services which are mainly covered by consumer rights legislation; 
• payments which take place across other payment systems; 
• international payments; or 
• payments made for unlawful purposes.  

There will also be no reimbursement where the customer has acted fraudulently (‘first-party fraud’) or with gross negligence, which the PSP must prove. 

The PSR has no regulatory power to require reimbursements for ‘on us’ payments, where the fraudster uses a receiving account with the same PSP where the victim holds the sending account. However, the regulator is seeking to persuade the FCA that this must be the case. The PSR also suggests the same result should apply for users of Bacs and payment cards. 

How will the PSR enforce the requirements?

The Regulator will direct Pay.UK to put the new reimbursement requirement into Faster Payments rules and give a general direction to create a regulatory obligation on in-scope PSPs to comply with the requirement in the Faster Payments rules. The regulator will also issue guidance on what constitutes ‘gross negligence’ by customers. 

This post does not constitute legal advice. If you need advice on the scope or application of the new requirements, please let me know.

UK Authorities To Slam Stable Door On Crypto Promotions In October.

You may have noticed that the UK government has been somewhat distracted (since, oh, 2016), but the FCA has finally received the legislative support to publish its near-final financial promotion rules for cryptoassets and related guidance. These follow final rules for other high-risk investments(i.e. excluding cryptoassets) published in August 2022. The new rules classify currently unregulated cryptoassets as ‘Restricted Mass Market Investments’ and restrict how they can be marketed to UK consumers. The rules take effect from 8 October 2023, with a 4 month transition period thereafter (any comments on the related Guidance should be submitted by 10 August). The FCA promises "robust" enforcement action against firms in breach, such as take down requests, adding firms to the FCA's warning list of unauthorised firms and criminal prosecutions that could result in an unlimited fine and/or 2 years in jail... 

The rules apply to ‘qualifying cryptoassets’ - basically cryptographically secured digital representations of value or contractual rights that are transferable and fungible, but does not include cryptoassets that are regulated as electronic money or an existing 'controlled investment' for financial promotions purposes (since the promotion of those is already regulated).

This means that 'invitations' or 'inducements' to engage in the following activities in relation to the newly qualifying cryptoassets will be caught by the rules: 

• dealing 

• arranging deals 

• managing 

• advising 

• agreeing to carry on specified kinds of activity in relation to these qualifying cryptoassets.

However, cryptoasset exchanges and custodian wallet providers who are registered with the FCA under money laundering regulations and not otherwise authorised firms will be able to communicate their own cryptoasset financial promotions to UK consumers; while firms that are only authorised under the Electronic Money Regulations, or the Payment Services Regulations will not be able to communicate or approve cryptoasset financial promotions at all under the law as it stands.

The result is that there will only be 4 routes for legally promoting cryptoassets to UK consumers: 

• by an authorised person; 

• by an unauthorised person with the approval of an authorised person (a process that will get tougher when authorised firms have to pass through a new regulatory 'gateway' before they can approve financial promotions for unauthorised persons);

• by a cryptoasset business registered with the FCA for money laundering purposes;

• under a specific exemption (but exemptions for 'high net worth' or 'self-certified sophisticated' investors or for the sale of goods or supply of services are not available). 

This post only summarises some of the rules and does not constitute legal advice. If you need assistance with any of this, please let me know.

European Consumer Groups Move Against Social Media Platforms Over Crypto Ads and Influencers

Here's a link to my post on this for Ogier Leman.

The Consumer Association of Ireland was not listed among the members of the European consumer group (BEUC) calling for action against social media platforms for facilitating misleading crypto asset promotions. In the report, Hype or Harm: The Great Social Media Crypto Con, BEUC and member consumer organisations in Denmark, France, Greece, Italy, Lithuania, Portugal, Slovakia and Spain filed a complaint with the European Commission and EU consumer authorities against Instagram, YouTube, TikTok and Twitter for facilitating the misleading promotion of crypto assets in violation of those platforms' own policies.

BEUC points out that under the EU’s Unfair Commercial Practices Directive, social media platforms need to exercise a certain level of care to ensure their users are not harmed by others, including influencers. BEUC alleges that by allowing misleading crypto ads to "multiply" on their platforms through advertising and influencers, the platform operators have engaged in unfair commercial practice, exposing consumers to serious harm, in terms of losing significant amounts of money.

BEUC is also calling on the Consumer Protection Cooperation (CPC) Network of authorities responsible for enforcing EU consumer protection laws to request the following action from the platforms:

Stricter advertising policies (and enforcement of them) on the advertising of crypto;

The adoption of measures to prevent influencers from misleading consumers as to the nature of crypto;

To inform the European Commission about the effectiveness of their measures to protect consumers against unfair crypto practices;

In addition, BEUC calls on European consumer authorities to cooperate with European financial supervisory authorities to ensure the platforms adapt their advertising policies to prevent the misleading promotion of crypto.