UK Green Light to Crypto-Staking For Consumers?

The UK government appears to give a green light to the practice of 'staking', but this should be approached with extreme caution. The law change only means that staking as defined in the exemption from the extensive definition of a "collective investment scheme" (CIS) in the Financial Services & Markets Act 2000 (FSMA). Staking in this context is intended to refer to the concept in 'proof of stake' blockchains (e.g. Ethereum). This is not a feature of 'proof of work' blockchains (e.g. the bitcoin blockchain) and the exemption does not cover 'staking' (effectively lending) of bitcoin or other assets. The exemption is a helpful clarification and removes the serious overhead associated with setting up and running an investment fund for the activities that are within the scope of the exemption. But an apparently minor change in the facts (e.g. affecting the qualification of the underlying cryptoasset) could still result in the staking activity falling outside the definition in the CIS exemption, meaning the staking activity could still qualify as a CIS. In addition, other financial regulation could still be implicated in the way that staking is done under the CIS exemption (e.g. e-money or payment services regulation, even for a qualifying cryptoasset), and the government clearly intends that the financial promotions rules aimed at 'qualifying cryptoassets' will still apply to marketing. Below is a summary for information purposes only. If you need legal advice, please get in touch.

What regulation has been changed to allow staking?

The CIS exemption is deceptively short:

22.—(1) Arrangements for qualifying cryptoasset staking do not amount to a collective investment scheme. 

(2) In this paragraph— 

“blockchain validation” means the validation of transactions on— 

(a) a blockchain [not defined]; or 

(b) a network that uses distributed ledger technology [not defined] or other similar technology; 

“qualifying cryptoasset” has the meaning given [in the Financial Promotions Order (FPO) - see the end of this post] 

“qualifying cryptoasset staking” means the use of a qualifying cryptoasset in blockchain validation.”

As the short Explanatory Note that accompanies the relevant regulation explains:

Staking is a consensus mechanism used by “proof of stake” blockchains. Blockchains are distributed ledgers on which various computers performing the function of “validator nodes” collaboratively enter and validate transactions to achieve consensus on the network’s state.

The longer Explanatory Memorandum adds further detail (at paragraph 5, but particularly 5.3), which will be critical to interpreting the scope of the CIS exemption and the extent to which it operates as a green light.

5.2 Staking is a consensus mechanism used by ‘proof of stake’ blockchains. It is an alternative to cryptoasset ‘mining’, which is the consensus mechanism used in a ‘proof of work’ blockchain. Blockchains are distributed ledgers on which various computers performing the function of ‘validator nodes’ collaboratively enter and validate transactions to achieve consensus on the network’s state. On proof of stake blockchains, participants earn the right to operate a validator node by staking a given amount of their cryptoassets (locking them down on a smart contract or via an alternative software solution). As an incentive to operate the node well, participants that are staking their cryptoassets receive rewards from the blockchain in the form of newly minted cryptoassets or a portion of transaction fees on the blockchain. This prospect of a financial return is a common focus of marketing around staking services. Participants who act in bad faith, for example by trying to add falsified transactions, risk losing the tokens they have staked. 

5.3 On certain blockchains, stakers are required to stake a set number of their cryptoassets to earn the right to operate a validator node, and this minimum amount can be prohibitively high for individuals. Some firms have therefore offered a service whereby customers’ cryptoassets are ‘pooled’ to meet the minimum staking requirements. The firm will then undertake the staking on behalf of its customers, frequently delegating the actual operation of the validator node to a specialist third party. If the firm then receives additional cryptoassets it will transfer a portion of the reward to its customers.

If you need legal advice on the topic, please get in touch.

26F.— Qualifying cryptoasset 

(1) Subject to sub-paragraph (3), a "qualifying cryptoasset" is any cryptoasset which is— 

(a) fungible; and 

(b) transferable.

(2) For the purposes of sub-paragraph (1)(b), the circumstances in which a cryptoasset is to be treated as "transferable" include where— 

(a) it confers transferable rights; or 

(b) a communication made in relation to the cryptoasset describes it as being transferable or conferring transferable rights. 

(3) A cryptoasset does not fall within sub-paragraph (1) if it is— 

(a) a controlled investment falling within any of paragraphs 12 to 26E or, so far as relevant to any such investment, paragraph 27;  

(b) electronic money;  

(c) fiat currency;  

(d) digitally issued fiat currency; or  

(e) a cryptoasset that— 

(i) cannot be transferred or sold in exchange for money or other cryptoassets, except by way of redemption with the issuer; and  

(ii) can only be used in a limited way and meets one of the following conditions— 

(aa) it allows the holder to acquire goods or services only from the issuer; 

(ab) it is issued by a professional issuer and allows the holder to acquire goods or services only within a limited network of service providers which have direct commercial agreements with the issuer; or  

(ac) it may be used only to acquire a very limited range of goods or services.  

(4) In this paragraph— 

"cryptoasset" means any cryptographically secured digital representation of value or contractual rights that—  

(a) can be transferred, stored or traded electronically, and  

(b) uses technology supporting the recording or storage of data (which may include distributed ledger technology);  

"digitally issued fiat currency" means fiat currency issued in digital form; 

"electronic money" has the meaning given by regulation 2(1) (interpretation) of the Electronic Money Regulations 2011.

When Is It Legitimate to Process Personal Data To Develop AI Models And What Happens If It Was Not?

EU data protection regulators have announced their final Opinion on some key issues related to the processing of personal data in AI models. Below is a summary for information purposes only. If you need legal advice, please get in touch.

When is an AI model considered as anonymous?

This can only be decided case-by-case, and there's a non-prescriptive, non-exhaustive list of methods to demonstrate anonymity. In broad terms:

For a model to be anonymous, it should be very unlikely (1) to directly or indirectly identify individuals whose data was used to create the model, and (2) to extract such personal data from the model through queries. 

When/how is 'legitimate interest' an appropriate legal basis for processing personal data to create, update, develop or deploy an AI model? 

Considerations here include a 'three-step test' that assesses:

1. Pursuit of a legitimate interest by the controller or by a third party; 
2. The necessity of the processing to pursue the legitimate interest; 
3. Balance.

In short, the regulator will consider whether the controller's interest is lawful, clear and precisely articulated, real and present; the processing is shown to be strictly necessary; and is balanced in terms of respecting the individual's rights.

What are the consequences for an AI model developed by unlawful processing of personal data? 

Like the FTC in the US (which has ordered some infringing models to be destroyed), an AI model that has been developed with unlawfully processed personal data could also be considered to be unlawfully deployed (unless perhaps the model is anonymised) and regulators have wide investigative and assessment powers, and can take appropriate, necessary and proportionate action depending on the facts of the case.

This post is a summary for information purposes only. If you need legal advice, please get in touch.

Subscription Contracts Reform

The UK government is consulting on the detail of the new subscription contracts regime that is due to take effect in April  2026. The long lead time is a warning signal that there is plenty of devil in the detail... If you would like any legal advice on the potential impact of the new regulations and guidance, please get in touch.

Primarily, it's of course important to understand what is meant by "subscription contract". However: 

• Just because a contract does not meet the definition does not mean that it's unregulated, just that it likely remains regulated under the existing Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (CCRs).
• There is also a very long list of exemptions for contracts that meet the definition, but are regulated under existing regulatory instruments other than the CCRs.

Key obligations include: 

• consumer reminder notices at key points, including before a free or introductory trial comes to an end.  
• easy-to-use ways to cancel/terminate: 
• within an initial cooling-off period; 
• on expiry of any initial free or discounted period; and 
• if the contract renews for a period of 12 months or more. 
• implied contract terms imposing DMCCA compliance obligations on traders, breach of which gives the consumer a further statutory right to cancel the contract.

The latest consultation covers: 

• The consequences of cooling-off cancellation right, including consumer rights to a refund, the trader’s right to recover goods supplied; 
• Consumer rights to a refund after 'cancellation' for a trader’s breach of duty; 
• Timing of refunds; 
• Restrictions on contractual terms that might affect a consumer’s contractual right to terminate; 
• Information notices to be given by traders. 
• proposed guidance for traders on presenting pre-contract information and enabling consumers to easily exit subscription contracts.

If you would like any legal advice on the potential impact of the new regulations and guidance, please get in touch.

Commission Disclosure on Motor Finance Has Broader Significance

Please see my 'Keynote' on this topic.

Update on Buy Now Pay Later Reforms

Please see my 'Keynote' on this topic.

FCA Warns Payment Service Providers To Control Other Types Of APP Fraud

While there is now a mandatory reimbursement regime and other protections for authorised push payment (APP) fraud for consumer payments made within the UK in GBP using the Faster Payment System and the CHAPS system, the FCA has also told banks and other payment service providers that a combination of their obligation to guard against financial crime and their consumer duty means that firms must also offer the same protection in other scenarios where consumers may be tricked into making payments using their services, such as between payment accounts at the same service provider ('on us' APP fraud).

If you are planning to provide a lower level of protection to ‘on us’ APP fraud reimbursement compared to payments made through FPS and CHAPS, we ask you to contact us to provide an explanation of the steps you have taken to meet those obligations.

Of course, 'consumers' include 'micro-enterprises' (who employ fewer than 10 people and have a turnover or annual balance sheet of up to €2m) and small charities (who have annual income of less than £1m).

The FCA's letter to CEOs also sets out various expectations in relation to the mandatory APP regime, including a reminder on anti-fraud controls and the need to factor in the potential level of fraud reimbursement into firms' working capital calculations.

This post is for information purposes, please get in touch if you require legal advice.

The FCA Wonders Out Loud Whether UK E-money Is Really Redeemable at Par...

The 'decoupling drama' surrounding USDT stablecoins appears to be echoing in the UK e-money world amid news from the UK Financial Conduct Authority that it doesn't know whether UK e-money firms fully safeguard the cash corresponding to their customers' e-money balances. This bombshell comes with a commitment to change the safeguarding rules in ways that could bring further problems, casting serious doubt on whether UK authorities' really have a grip on the payments sector.

This post is for information purposes only. If you would like legal advice, please let me know.

Context

The FCA's consultation on proposed changes to the 'safeguarding' rules for non-bank payment service providers makes you wonder who's been responsible for supervising the 24 year old sector. The regulatory regime has been under the FCA's direct supervision since it took over from the beleaguered Financial Services Authority in 2013. The sector comprises over 1,200 firms and processed £1.9 trillion in payment transactions in 2023. Electronic money (basically prepaid stored value that's used for making e-payments to others) represents about £1 trillion of these volumes, issued by 250 firms. Some e-money balances, such as those relating to prepaid card programmes, are significant and held for long periods. 

E-money is supposed to be issued on receipt of funds, and to be 'redeemable' on demand, at 'par value'. So, if you pay £1 to the issuer, it should immediately credit your online payment account in its systems with £1 and that balance should continue to be 'worth' 1 GBP when you transfer, spend or withdraw it. You have the regulatory right to withdraw - or 'redeem' - your e-money balance on demand. 

But e-money balances (like other non-bank payment flows) are not subject to the deposit guarantee under the Financial Services Compensation Scheme that backs bank deposits (up to a limit of £85,000 for all your deposits with the one bank). Instead, the right to redeem your e-money at par is underpinned by a regulatory obligation on the issuer to safeguard the corresponding amount of cash in GBP in a designated bank account, separate from its own funds (or with insurance), so that the funds are available to pay out immediately on demand.

Other types of non-bank payment service provider (payment institutions) must also safeguard customer funds, but they're only supposed to hold funds for as long as it takes to execute/process the related payment order, rather than allow their customers to hold an ongoing balance, so the time during which the funds are 'at risk' of the PSP going bust or dissipating the funds should be shorter than for e-money balances.

What's the immediate problem (opportunity)?

The FCA admits in its consultation paper that it does not know whether firms are failing to fully safeguard funds corresponding to the payment transactions they process or the e-money they issue. Worse, it reveals that in the 5 insolvencies of e-money institutions from 2018-2023 only 20% of funds were available and it took over 2 years on average time for an administrator to distribute the first round of customers' balances...

This seems to echo what happened when the value of  Tether's USDT 'stablecoins' - which aim to trade at parity with the USD - de-pegged from the USD. The scenario presented traders with an arbitrage opportunity: some borrowed amounts in a rival stablecoin and bought USDT at a discounted rate, betting that if USDT returned to its 1:1 peg, they could sell their USDT at parity and repay their loans at a profit.

In principle, there may be little difference between a right to redeem an 'e-money' balance in an online account and a 'fiat-backed stablecoin'. Indeed, the EU regulates fiat-backed stablecoins in the same way that it regulates e-money, while the FCA suggests they should be regulated differently, as recently discussed on LinkedIn.

Could there be an 'arbitrage opportunity' between balances issued by different e-money issuers, based on the extent of their safeguarding and availability of the balances?

Why Doesn't the FCA Make Firms Reveal How Much is Safeguarded At All Times?

Alarmingly, the FCA says the problem arises from firms not understanding how to safeguard, as well as "challenges in supervision and enforcement": 

33. In some firm failures there has been evidence of safeguarding failings which put client funds at risk and resulted in shortfalls. The current light-touch regime around [FCA!] reporting requirements means that supervisors have insufficient information to identify firms that fall short of our expectations. This then prevents the FCA from being able to prioritise resources, be that support or enforcement, on firms that pose the greatest risk to clients prior to insolvency. 

34. In particular, we are concerned about 2 areas. First, regulatory returns do not contain sufficient detail to assess whether firms are meeting their safeguarding obligations. Second, the safeguarding audits provided for in the Approach Document do not have to submitted to the FCA, further limiting our oversight. 

35. Furthermore, the lack of clarity and precision in current provisions leads to difficulties in enforcement as firms may be able to contest findings. This can undermine the credibility of enforcement as a deterrence.

Begging the question: in such circumstances, should the market continue to believe that UK issued/FCA-regulated e-money is really on par with GBP? 

New Rules...

The UK authorities' proposed remedy is to bring in more detailed rules, in two phases: supplementary rules under the current regulations "to reduce the incidence and extent of pre-insolvency shortfalls" (why so late?) and moving the e-money/payment services safeguarding regime under the FCA's wider 'client asset rules' (CASS) regime "to improve the speed and cost of distributing funds post-insolvency" - suggesting that the last attempt to improve the insolvency regime for non-bank payment service providers failed.

The interim rules will only echo current requirements, however, with only monthly reporting on the amount of e-money issued and corresponding cash safeguarded. Will the market be told? Even stablecoin issuers publish the amount of backing assets they hold (to prevent a 'run' on their stablecoins and a crash in the value). Maybe e-money issuers should start doing that, too? 

Among the eventual CASS rules will be an obligation to hold safeguarded funds under a statutory trust in favour of their e-money holders. This reflects the FCA's frustration at having already lost the argument in the case of Ipagoo in the Court of Appeal, which held that there is no statutory trust in favour of e-money holders under the E-money Regulations. The FCA is also pressing for a statutory trust over the cash which 'backs' fiat-backed stablecoins (while the EU has not). 

The statutory trust idea, in particular, raises a number of issues. 

The first issue is whether an e-money holder could have property rights in two distinct assets: the e-money balance (or the right to redeem it at par) and the beneficial interest in the pool of cash held by the issuer in the statutory trust (equating to the par value of e-money held)? If so, does the e-money holder simply have double the value of their e-money balance and/or could the value of these interests diverge?

Secondly, if the e-money itself gives the holder rights in the underlying cash in the statutory trust, why isn't e-money an investment instrument of some kind (the very thing that stablecoin issuers have structured their offerings to avoid, for fear of creating a regulated 'security')? Could it be traded on an exchange (or 'multi-lateral trading facility'), for instance? 

Thirdly, the requirement for the corresponding cash to be held in trust is no guarantee that an adequate amount will be held, or that the issuer won't somehow subvert the trust by, for example, failing to deduct 'own funds' (such as amounts owed in fees). What would such a failure mean for the value of the e-money balance itself (or the right to redeem it at par)?

There are likely other issues, such as those arising where an e-money holder has somehow granted an interest to a third party in either the e-money balance or the beneficial interest in the statutory trust. Currently, only the e-money issuer may have an interest in corresponding cash that is safeguarded. 

None of this is to suggest that there aren't answers in each case. The point is that the new concept of a statutory trust over the cash corresponding to e-money balances raises fresh uncertainty where the situation already appears grave under simpler rules; and without really solving the fundamental problems of potentially safeguarding too little and slow distribution on insolvency. 

More transparency and closer supervision would seem to be preferable.

Conclusion

The potential for new safeguarding rules is an almighty distraction from the critical uncertainty surrounding the integrity of the non-bank payment sector today.  

To ensure market confidence, e-money and payment firms may need to resort to publishing their safeguarding position on a daily basis, regardless of the FCA's requirements.

And new FCA rules will prove futile if the level of supervision remains the same.

This post is for information purposes only. If you would like legal advice, please let me know.