Latest on EU Crypto Regulation

As I recently posted in more detail on Ogier Leman's 'Insights' page, the Council of the EU has published a further draft of the proposed Regulation on markets in cryptoassets (MiCA). It seems likely that MiCA will be published officially in 2023, with a wide range of transitional arrangements and dependencies on regulatory technical standards being developed by various EU regulatory agencies. Being a regulation, it will apply without needing to be implemented at national level. MiCA's impact will be significant, given the 'libertarian' origins of distributed ledger technology and cryptocurrencies and the goals of many purists, but likely welcomed by those seeking to harness the benefits of the technology to replace legacy systems. 

If you have queries about the regulatory implications of cryptoassets or related activities, please let me know.

Anonymity In Central Bank Digital Currency Systems

The European Central Bank has been wrestling with the issue of how to allow a certain degree of privacy in electronic payments using digital cash issued by central banks ("central bank digital currency" or "CBDC"), while complying with anti-money laundering and counter-terrorist financing (AML) requirements. 

Eurozone central banks believe they have now established a proof of concept for anonymity in CBDCs based on a simplified payment system using distributed ledger technology (DLT). This proof of concept allows users some degree of privacy for lower-value transactions, while still ensuring that higher-value transactions are subject to mandatory AML checks. Each user's identity and transaction history cannot be seen by the central bank or intermediaries other than that chosen by the user. Automated enforcement of limits trigger additional checks by an AML authority. 

While the ECB believes that the proof of concept will be instrumental in assessing how CBDCs could work in practice, it says the prospect of central bank initiatives should not discourage or crowd out market-led solutions...

UK FCA Guidance on Regulation of CryptoAssets

The regulation of 'cryptoassets' including cryptocurrencies is under permanent review, with the UK's Financial Conduct Authority perhaps the latest financial regulator to finalise its guidance. Despite the often-repeated statement that financial regulation is 'technology-neutral', the decentralised nature of cryptographic or 'distributed ledger technology' (DLT) is awkward because there is no central issuer, operator or service provider to which regulatory responsibility and accountability can be attached. Add to that the flexibility of DLT and the wide range of use-cases, and you have the recipe for widespread regulatory confusion.

The guidance itself is set out in Appendix 1 to the FCA's paper (pp 29-54), including useful case studies and examples, but I've only discussed the different types of cryptoasset below - including a new category added by the FCA.

The FCA's guidance in this context is also separate from:

• anti-money laundering: the fifth money laundering directive (5MLD) will be gold-plated implemented in the UK by January 2020, which will impose anti-money laundering requirements on certain cryptoasset firms, amongst other types of businesses.
• the use of Distributed ledger technology (DLT) for regulated activities such as custody, and settlement.

The guidance may also change pretty quickly because:

• the FCA itself will consult on banning the sale of derivatives linked to certain types of unregulated cryptoassets to retail clients; and
• the UK Treasury will consults on whether (further) regulation of (unregulated) cryptoassets is required; and
• other countries may regulate in a way that it makes sense for the UK to match.

What Are Cryptoassets?

Like the regulatory authorities in most developed markets, the FCA initially embraced the idea that cryptoassets can be defined in terms of three types of cryptographically-generated 'tokens': exchange tokens, utility tokens and security tokens. 

But the FCA has now added a fourth category of "e-money tokens" (those which meet the definition of "electronic money" discussed below). The intention is to leave exchange tokens and utility tokens outside the regulatory perimeter as "unregulated tokens"; and to differentiate the use of tokens as e-money from security tokens (which carry rights and obligations that are essentially the same as specified investments covered by existing securities regulation).

"Stablecoins" don't constitute a separate category because while they're all structured in a way that seeks to limit changes in their perceived value, those structures vary a lot. Some could meet the definition of e-money (e.g. equating in value to a fiat currency and meeting the other requirements), or a security ('backed' by other securities), while others would not.

So, basically, the FCA considers that only e-money tokens and securities tokens will be regulated.  But note that firms which are already regulated by the FCA may have regulatory obligations relating to their unregulated activities where they are carried out by the regulated firm in connection with, or held out as being for the purposes of, a regulated activity. In such cases, the FCA's 11 Principles for Business (PRIN) and individual conduct rules under the Senior Managers and Certification Regime (SMCR) will still apply. The FCA also works with other agencies to indirectly mitigate harm from other types of unlawful activity involving cryptoassets.

It's also possible that tokens could shift categories over time, or meet the definitions of two or more types. The FCA says that: 

"...the regulatory treatment depends on the token’s intrinsic structure, the rights attached to the tokens and how they are used in practice. If the token at a point in time reaches the definition of an e-money token or a security token, then it will fall under regulation. We have provided additional case studies on the fluidity of tokens within the Guidance."

Exchange Tokens

These are cryptoassets that are decentralised and primarily used as a means of exchange (e.g. ‘cryptocurrencies’, ‘crypto-coins’ or ‘payment tokens’) that are typically designed to provide limited or no rights for the holder, and there is usually no (single) issuer to enforce rights or make claims against.

The FCA does not want to regulate exchange tokens themselves (without a change in the law), but may already regulate the participants at either end of the exchange, for instance, where the cryptoasset is used by regulated payment service providers to more efficiently facilitate the processing of payment transactions in 'fiat' currency. 

Anti-money laundering regulation may also apply (particularly from 10 January 2020), but the FCA sees this as a separate to its financial regulatory perimeter (even though it is also a supervisory authority for AML regulation).

Utility Tokens

These are cryptoassets that provide users with access to a current or prospective product or service and often grant rights similar to pre-payment vouchers. Again, these are unregulated where they just provide this type of utility.

Security Tokens

These are cryptoassets with essentially the same rights as regulated investment instruments (securities) such as shares, debentures or units in a collective investment scheme; and the FCA says it will regulate these the same way they regulate their traditional cousins.

Of course, the security tokens are often distributed by means of 'initial coin offerings' and/or 'airdrops' that cross multiple jurisdictions, each of which may treat/regulate them differently. The problem with consistent international regulation is that (certainly outside the 31 countries in the European Economic Area) there are differences in the classification and regulatory treatment of securities that will also affect crypto-securities with the same characteristics. The FCA points to bilateral harmonising efforts and multilateral discussions through the Global Financial Innovation Network (GFIN), the International Organization of Securities Commissions (IOSCO), the European Commission (EC) and the European Supervisory Authorities (ESA) - and one could add central bank co-ordination on the impact of cryptoassets on fiat currencies and currency regulation via the Bank of International Settlements.

E-money Tokens

These are tokens that meet the definition of "electronic money" in the Electronic Money Regulations 2011 (derived from the second EU E-money Directive):

electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions [as defined in PSD2], and which is accepted by a natural or legal person other than the electronic money issuer;

There are also certain specific exclusions, which include instruments used within 'limited networks'  but that's worth a whole series of posts in itself.

Whether this meets the concern of the Financial Markets Law Committee that there's a gap in AML regulation for virtual currencies that share the characteristics of money remains to be seen.

EU Parliament Resolution on Distributed Ledger Technologies

The European Parliament has adopted a non-legislative Resolution on distributed ledger technologies (DLT), including blockchain. 

The resolution highlights potential applications of DLT, such as: 

• reporting on clinical health trials. 
• improving supply chains, such as monitoring of origin of goods for consumer protection. 
• allowing households to produce and exchange alternative energy. 
• Tracking, management and protection of intellectual property rights/licensing. 
• financial intermediation and reducing transaction costs. 
• control over personal data management and data sharing. 
• reducing administrative burdens in the public sector. 

The Resolution calls for the development of a European legal framework to solve any jurisdictional problems in dealing with fraud and crime; raise awareness of DLTs; and bridge the digital divide among various member states. 

The Trouble With Categorising Cryptocurrencies As The Basis For Regulating ICOs

Securities regulators are trying to figure out whether and how to regulate Initial Coin Offerings (ICOs). In doing so, they are tending to focus on the economic function and purpose of the 'coins' or 'tokens' offered, to put them in categories that most stakeholders should understand. They are then proposing different regulatory treatments for the process of issuing the coins according to the different categories. The challenge is that tokens - like 'fiat' currencies (and barter goods, for that matter) - generally have multiple uses that are completely independent of the 'issuer' or protocol for issuing them, and which may vary from one 'holder' to the next. Therefore it is suggested that it should not be the economic function or purpose of the token itself that should drive the regulatory treatment, but the activities in which the issuers, holders and potential holders of the tokens are engaged. At any rate, before regulating or threatening the impact of existing regulation, we need to develop a much more comprehensive overview of distributed ledger technology; the role and use of 'tokens', 'coins' and 'cryptocurrencies'; and the participants and their activities. 

In its recent guidelines, the Swiss regulator (FINMA) categorises tokens into three types, although it admits hybrid forms are possible:

• Payment tokens are synonymous with cryptocurrencies and have no further functions or links to other development projects. Tokens may in some cases only develop the necessary functionality and become accepted as a means of payment over a period of time.

• Utility tokens are tokens which are intended to provide digital access to an application or service.

• Asset tokens represent assets such as participations in real physical underlyings, companies, or earnings streams, or an entitlement to dividends or interest payments. In terms of their economic function, the tokens are analogous to equities, bonds or derivatives.

FINMA says the resulting regulatory treatment may be flexible where a hybrid of the above is involved, e.g. anti-money laundering regulation would apply to utility tokens that can also be widely used as a means of payment (or are intended to be used that way in time).

The Malta Financial Services Authority says that these are all forms of "virtual currency" (i.e. digital currencies that are not backed by government - as opposed to e-money, which is the digital version of a country's 'fiat' currency). The Maltese definition of a virtual currency may also be wider, as the Swiss guidelines are only aimed at crypto-currencies - those issued or implemented using cryptographic or "distributed ledger technology".  The other differences seem to be in name only - the Maltese would refer to Swiss "payment tokens" as merely "coins" and prefer the name "securitised tokens" for the Swiss "asset tokens".

The MFSA says this approach to classifying types of “digital currency” reflects the Blockchain Policy Initiative Report of July 2017 (and an European Securities and Markets Authority statement from November 2017). 

But does it?

The crowd-sourced Blockchain Policy Initiative Report does not really give a succinct definition of 'cryptocurrency' and there is no mention of 'payment token' or 'utility token' according to my search of the pdf version. The report is a helpful, but long and discursive, explanation of distributed ledger technology (DLT).  It gives little insight into the uses of such technology beyond financial use-cases - which will likely be the majority in due course (if not already). In any event, with so many ICOs occurring so quickly, it's difficult to see how it could be comprehensive and therefore why it should be particularly reliable. It's even possible that there are initial coin offerings that are not presetned as "ICOs".

Consider "Filecoin", for example. Users can "earn" tokens for making available unused data storage capacity; the tokens become a "currency" for exchange with others; and the result is a means of those with flexible storage needs to manage their data storage costs and capacity. Couldn't this satisfy all three categories outlined above? Should a securities (or payments) regulator be involved in data storage capacity management? Should the transfer or sale of 'coins' representing storage capacity be seen as making a "payment" or "exchange" of "currency"? Consider that certain "carbon credits" or "emission allowances" are regulated securities... but why?

This underscores why we need to develop a much more comprehensive overview of distributed ledger technology; the role and use of 'tokens', 'coins' and 'cryptocurrencies'; and the participants and their activities, before regulating or threatening the impact of existing regulation. 

US Regulator Explains The Challenges For Registered CryptoFunds

The Maltese and Swiss securities regulators were not alone in focusing on cryptocurrencies over the Christmas break, as staff at the SEC were also at it in Washington DC.  Importantly, none of these regulators have poured scorn on the notion of ICOs or even funds holding cryptographic assets. All are merely concerned to signpost issues to be resolved.

While the civil law Europeans were typically eager to be as definitive as possible in how they will treat ICOs (since they believe nothing is possible unless the government spells out how it can be done), the common lawyers in the US were more circumspect (as they abide by the maxim that the law must follow commerce), merely explaining "a number of significant investor protection issues that need to be examined before sponsors begin offering these funds to retail investors."

Yet similar issues arise in relation to ICOs as for funds investing in cryptographic assets, particularly those of "securitised tokens" or "asset tokens" which are analogous to equities, bonds or derivatives in their economic function, if not the rights that attach to them.

Specifically, the SEC's concerns relate to valuation, liquidity, custody, arbitrage for exchange traded funds (ETFs), potential manipulation and other risks. For instance:

• do funds have enough information to value their crypto assets each day, including accounting for events like 'hard forks' or differences in types of currency and potential for market manipulation?

• could open-ended funds support daily redemptions?

• how would a fund arrange custody and validate the existence, exclusive ownership and software functionality of private cryptocurrency keys and other ownership records?

• an ETF is required to have a market price that would not deviate materially from the ETF’s net asset value, so in light of the fragmentation, volatility and trading volume of the cryptocurrency marketplace, how would ETFs comply with this term of their orders?

• Although some funds may propose to hold cryptocurrency-related products, rather than cryptocurrencies, the pricing, volatility and resiliency of these derivative markets generally would be expected to be strongly influenced by the underlying markets, which feature substantially less investor protection than traditional securities markets, with correspondingly greater opportunities for fraud and manipulation. So:

• Would investors, including retail investors, have sufficient information to consider any cryptocurrency-related funds and to understand the risks?

• How would broker-dealers analyze the suitability of offering the funds to retail investors?

• Could investment advisers meet their fiduciary obligations when investing in cryptocurrency-related funds on behalf of retail investors?

Assuming the industry can solve these problems, we'll be in a strange new world.

Switzerland Explains How It Will Handle Initial Coin Offerings

Not to be outdone by Malta's announcements, the Swiss regulator (FINMA) has published its own ICO guidelines, which complement earlier Guidance. Unlike Malta, there is no specific regulation proposed at this stage. But FINMA has tried to clarify that, when assessing ICOs, it will focus on the economic function and purpose of the tokens issued by the organiser, and whether they are (or will be) tradeable or transferable.  FINMA categorises tokens into three types, although admits hybrid forms are possible:

• Payment tokens are synonymous with cryptocurrencies and have no further functions or links to other development projects. Tokens may in some cases only develop the necessary functionality and become accepted as a means of payment over a period of time.

• Utility tokens are tokens which are intended to provide digital access to an application or service.

• Asset tokens represent assets such as participations in real physical underlyings, companies, or earnings streams, or an entitlement to dividends or interest payments. In terms of their economic function, the tokens are analogous to equities, bonds or derivatives.

Malta says that these are all forms of "virtual currency" (i.e. digital currencies that are not backed by government - as opposed to e-money, which is the digital version of a country's 'fiat' currency). The Maltese definition of a virtual currency may also be wider, as the Swiss guidelines are only aimed at crypto-currencies - those issued or implemented using cryptographic or "distributed ledger technology".  The other differences seem to be in name only - the Maltese would refer to Swiss "payment tokens" as merely "coins" and prefer the name "securitised tokens" for the Swiss "asset tokens". 

On the basis of the function and transferability of the relevant crypto-currency), FINMA will treat Swiss ICOs as follows (see diagram on page 8 of the Guidelines):

• Payment ICOs: For ICOs where the token is intended to function as a means of payment and can already be transferred, FINMA will require compliance with anti-money laundering regulations. FINMA will not, however, treat such tokens as securities.

• Utility ICOs: These tokens do not qualify as securities only if their sole purpose is to confer digital access rights to an application or service and if the utility token can already be used in this way at the point of issue. If a utility token functions solely or partially as an investment in economic terms, FINMA will treat such tokens as securities (i.e. in the same way as asset tokens).

• Asset ICOs: FINMA regards asset tokens as securities, which means that there are securities law requirements for trading in such tokens, as well as civil law requirements under the Swiss Code of Obligations (e.g. prospectus requirements).

This may be flexible where a hybrid of the above is involved, e.g. anti-money laundering regulation would apply to utility tokens that can also be widely used as a means of payment (or are intended to be used that way in time).

Malta's Proposals On Regulating Virtual Currencies, ICOs etc - Updated

The Malta Financial Services Authority, like other regulators, is in the process of consulting on the policy it proposes to adopt for regulating virtual currencies, the process of issuing them ("Initial Coin Offerings" or "ICOs") and the service providers involved. The MFSA has proposed new legislation that would extend create an additional regime beyond the scope of existing securities and investment regulation, to cover virtual currencies that are not deemed to be financial instruments and therefore already caught by existing laws.

The MFSA published a “Discussion Paper On Initial Coin Offerings, Virtual Currencies And Related Service Providers” in November 2017 and consultation ended on 18 January 2018. The MFSA is yet to finalise its policy or any proposed statute.

The MFSA clearly wishes to support innovation and new technologies for financial services, while ensuring effective investor protection, market integrity and financial stability.  

It’s proposed approach to classifying types of “digital currency” reflects the Blockchain Policy Initiative Report of July 2017 and an European Securities and Markets Authority statement from November 2017.  This contrasts “virtual currency” with “E-money” which is the digital representation of a fiat currency; and defines three types of virtual currency (any of which might also be cryptographic currencies operating on distributed ledger technology or DLT): 

• “utility tokens” (providing only platform or application utility rights or access rights);

• “securitised tokens” (embedding an underlying asset/commodity or rights, like quasi-shares or bonds); and

• “Coins” (that are intended to be, or have become, a means of payment). 

The MFSA is proposing to seek the adoption by the Maltese Parliament of a Virtual Currencies Act to regulate virtual currencies:

• that constitute “financial instruments” (under a test to be devised), by confirming they are subject to existing EU and national financial services regulation; and

• those that do not qualify as financials instruments, by making them subject to new “similar high level regulatory principles on transparency and merit-based regulation as those currently applicable to securities seeking a listing on a regulated market” – although they will be deemed “complex instruments” so their regulatory treatment will be akin to how such instruments are regulated under MiFID. 

Persons involved in activities related to virtual currencies would need to be "'fit and proper', have the competence, sufficient knowledge and expertise, experience, business organisation and systems necessary in the field of information technology, VCs and their underlying technologies, including but not limited to DLT."

Providers of investment services will need a separate licence to provide services in support ICOs etc in relation to virtual currencies that do not qualify as financial instruments under existing laws; and will need to set up a dedicated subsidiary for that purpose. 

All persons subject to the Act would also be subject to anti-money laundering requirements. 

There are specific proposals to regulate issuers, exchanges and investment funds (and other collective investment schemes) that deal in virtual currencies that do not qualify as financial instruments. 

Banks and payment service providers would be permitted to extend their activities to such virtual currencies, but only for clients and under a separate subsidiary licensed under the Act. 

But reinsurers, insurers and pension schemes would still be prohibited from dealing in virtual currencies for their clients or their own account. 

Update 22.02.18: The Maltese government has published a further consultation in response to submissions received on the MFSA discussion paper, which "presents a conceptual framework through which DLT Platforms can be subject to certification in Malta" which will extend to issuers of ICOs and certain service provides dealing in virtual currencies. Consultation responses are due by 9 March 2018.

Three new pieces of legislation are proposed:

• The MDIA Bill will provide for the establishment of an Authority to be known as the Malta Digital Innovation Authority.

• The TAS Bill will set out the regime for the registration of Technology Service Providers and the certification of Technology Arrangements.

• The VC Bill will set out the framework for ICOs and the regulatory regime on to the provision of certain services in relation to VCs. The intermediaries subject to the VC Bill include brokers, exchanges, wallet providers, asset managers, investment advisors and market makers dealing in VCs. 

Distributed Ledger Technology: Cutting Through The Hype

A busy start to 2016 has meant the blog has suffered, but I have at least co-written an article with Susan McLean of Morrison & Foerster that cuts through the hype around blockchain and other distributed ledger technology (DLT). 

The article includes updates on a range of DLT initiatives across numerous business sectors; various policy and regulatory responses; as well as some thoughts on the challenges involved in implementing DLTs.

In January, I also posted on Pragmatist about on the potential use of DLTs for tracking and collecting royalties on music and other creative works. But whether this technology will address the root causes lurking beneath the biggest problems that the creative industry faces is another question...