Potential Support for Decentralised Autonomous Organisations (DAOs) Under English Law?

Source: Yield App

Following an earlier consultation that I covered for the SCL, the Law Commission has identified issues and potential reform/innovation to aid the new UK Government in considering whether to support Decentralised Autonomous Organisations (DAOs), under English law.  

The Commission does not think we need a DAO-specific legal entity, but suggests that "a limited liability not-for-profit association with flexible governance options" could be useful, subject to certain issues relating to anti-money laundering, financial services regulation and taxation.

The Commission's paper explains:

• the philosophy and technology behind DAOs;
• their possible legal characterisation, including how liability might be attributed to a DAO or its participants;
• legal entities that might be used as part of a "hybrid" DAO’s structure
• whether England and Wales is an attractive jurisdiction for DAOs, bearing in mind areas of local regulation that may affect them;
• further work that might be useful, if DAOs are considered worthwhile, to ensure that they can be regulated;
• whether current law can accommodate the use of blockchain/DLT for governance purposes.

Personally, under current law it seems likely to me that anyone attempting to set up a DAO in or from the UK is potentially running the risk of incurring unlimited personal liability under UK regulation and English law. In other words, they would be taking on the significant burden of resisting claims by third parties to the effect that they could be personally liable for the relevant activities and obligations, whether from a general liability standpoint or in relation to certain regulatory breaches that might occur, in the process of establishing and operating the DAO.

If you require legal advice on DAOs under UK/English law, please let me know.

Brexit Britain To Gold-Plate 5th EU Money Laundering Directive

Anyone who still dreams that Brexit spells the end of the UK's ménage à trois with bureaucracy and regulation must read the Treasury's plans to implement the fifth EU directive on anti-money laundering.

The UK has always created an EU rod for its own back not only by adding its own weight to the regulatory burden, but also by effectively insisting on literal interpretation of EU law that was only intended to be construed according to its purpose.

This results in directives having a broader impact than they would otherwise have done (known as 'regulatory creep'), saddling British businesses - and ultimately British consumers - with costs they could otherwise avoid.

That is not to say that the UK's approach is always wrong - or is necessarily wrong on this occasion - but the 'blame' for this approach should land in Westminster not Brussels.

In this case, the government proposes to amend the The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ("MLRs") in the ways I've summarised below. Responses to the consultation paper are due by 10 June 2019 and new regulations must take effect in the UK by 10 January 2020.

Tax advisors

• The definition of “tax advisor” in the MLRs to include firms and sole practitioners who by way of business provide, directly or by way of arrangement with other persons, material aid, assistance or advice about the tax affairs of other person.

 Letting agents

• There are numerous options for applying the MLRs to letting agents.

 Cryptoassets

• The MLRs will apply to service providers engaged in exchange services between cryptoassets and fiat currencies, and wallet providers in a way that includes exchange tokens, security tokens and utility tokens and so would also capture crypto-to-crypto exchange service providers; peer-to-peer exchange of both fiat-to-crypto and crypto-to-crypto between prospective “buyers” and “sellers”); cryptoasset ATMs; issuance of new cryptoassets (including ICOs); and the publication of open-source software (which includes, but is not limited to, non-custodian wallet software and other types of cryptoasset related software).

 High Value Dealers

• High value dealers are to include art intermediaries for transactions exceeding €10,000, including art galleries, auction houses and free ports/zones (currently none in the UK) regardless of whether they are paid for in cash (raising many questions in the consultation).

 E-money

• Exemptions for low value e-money instruments will be narrower, as all of the following conditions must be met: the maximum amount that can be stored electronically is €150; it either can't be reloadable or must have a maximum limit on monthly payments of €150 which can only be used in that Member State; used exclusively to purchase goods and services; can't be funded with anonymous e-money; and any single cash redemption or remote payment cannot exceed €50. In addition, EEA acquirers can only accept payments made with anonymous prepaid cards issued in non-EEA countries that impose equivalent AML requirements; and Members States may prohibit payments carried out using anonymous prepaid cards.

E-identification services

• The new requirement for electronic identification processes is for them to be “regulated, recognised, approved or accepted at national level by the national competent authority” which raises questions about which forms in the UK are implicitly within scope.

Companies and officers

• Firms will be required to determine and verify the law to which a body corporate is subject, its constitution and the full names of the board of directors and the senior persons responsible for the operations of the body corporate.

Where beneficial owner cannot be identified

• If a firm has exhausted all possible means of identifying the beneficial owner of a body corporate and hasn’t succeeded, the firm must keep written records of its actions, but such firms will now need to take further measures to verify the identity of the senior person in that body corporate and keep written records of those actions.

Understanding the customer's business/structure

• Firms will be required to understand the nature of their customer’s business and its ownership and control structure (rather than just being required to take "reasonable measures" to do so).

Filing SARs when due diligence fails

• Firms must cease transacting and file a suspicious activity report (SAR) when they cannot apply their due diligence or additional or enhanced measures.

Proof trust/company register was searched

• Firms must also collect proof of registration or an excerpt of the register from the company or the trust that is subject to beneficial ownership registration requirements before a new business relationship is established.

Apply due diligence when beneficial ownership must be reviewed

• Firms must apply due diligence when they have any legal duty in a calendar year to contact the customer for reviewing their relevant beneficial ownership information.

Enhanced due diligence where high risk countries involved

• Firms must apply a newly defined set of enhanced due diligence measures, and monitoring, to business relationships and transactions involving high-risk third countries.

Lists of PEP functions to be taken into account

• The responsibility to apply enhanced due diligence on Politically Exposed Persons (PEPs) will be able to be be discharged by applying the FCA’s July 2017 guidance on how firms should take into account a list of functions in determining whether an individual is a PEP for the purposes of the MLRs.

Information on beneficial owners to be publicly available

• The government must ensure that information on the beneficial ownership of corporate and other legal entities is accessible by members of the general public and “mechanisms” must be in place to ensure that the information held on the central register is adequate, accurate, and current; while the UK must also take appropriate actions to resolve any reported discrepancies in a timely manner and, if appropriate, include a specific mention in the central register in the meantime.

Trusts to be registered

• Trustees or agents of all UK and some non-EU resident express trusts must register those trusts with the Trust Registration Service, whether or not the trust has incurred a UK tax; and the government must share data from the register with a range of persons under certain circumstances.

Bank account registries

• The UK must establish a centralised registry or online retrieval mechanism which allows identification of natural and legal persons who hold or control bank accounts; payment accounts; or safe-deposit boxes held by credit institutions within the UK - including names and account/identification numbers.

Pooled client accounts of unregulated operators

• The government wants further evidence on the administration of checks relating to the use of pooled client accounts (PCAs) under the MLRs, especially those held by non-regulated businesses and any evidence of abuse; and the practical barriers industry face in implementing the current framework and it could be 'enhanced'.

AML risk assessments for new products, practices and channels

• Firms will need to undertake AML risk assessments prior to the launch or use of new products, new business practices and delivery mechanisms.

Provision of Information by branches and subsidiaries

• Firms must have policies relating to the provision of customer, account and transaction information from their branches and subsidiaries.

The UK will not require that "whenever a customer makes their first payment involving a designated high-risk third country, that payment is carried out through an account in the customer’s name with a credit institution subject to the Directive’s customer due diligence standards."

New Money Laundering Guidance

The complexity of the anti-money laundering regime has meant that practical guidance on how to comply has been particularly necessary. The best guidance has come from the Joint Money Laundering Steering Group of various organisations (JMLSG) in three parts. 

New EU directives on money laundering has led to consultation on how these should be implemented in new draft UK regulations that are due to take effect from 26 June 2017. 

And the JMLSG has used the draft regulations as the basis for consultations on updating Part I of its guidance (the mark-up is in 4 separate documents, Chapter 5 of which shows changes to the guidance on electronic identity verification), and more recently on Parts II and III. The consultation versions show the proposed changes to the current guidance, and are an invaluable tool for understanding how a firm's existing approach should change once the new regulations take effect.

Money Laundering Includes... Tax Evasion and Virtual Currencies?

Hot on the heels of the UK's consultation to introduce the 4th Money Laundering Directive comes the imminent EU approval of MLD5. 

A key element involves the creation of a central register of beneficial ownership of legal entities and related ownership arrangements, plus ongoing monitoring of those arrangements, with the intention that: 

"The enhanced public scrutiny will contribute to preventing the misuse of legal entities and legal arrangements for ...predicate offences such as tax evasion."

Other key provisions may be seen as closely related to this ambition: 

• creating a central register of all citizens' bank/payment accounts;
• enabling authorities to go hunting for evidence of suspicious activity even in the absence of a 'suspicious activity report';
• imposing customer due diligence and transaction monitoring obligations on 'virtual currency' exchanges and wallet providers; and
• reducing the limit of anonymity for prepaid cards/instruments.

Needless to say, the members of the European Banking Federation are very uncomfortable with the idea of equating tax evasion with money laundering. The nub of EU banks' concern seems to be that their tax evading customers will simply move their accounts to banks based outside the EEA, the implication being that they'd quite like to retain the business! To be fair, it is a little odd that the list of countries with deficient anti-money laundering regimes doesn't include tax havens typically associated with tax evasion.

But there are reasonable objections on the basis that centralising such sensitive and valuable personal data would be a 'snoopers/fraudsters charter'; and creating a central record of every citizen's bank account and financial arrangements seems mightily disproportionate to the benefit of collecting evidence on the comparatively small proportion of the population that would be involved in significant organised crime or tax evasion. It's surprising that the European Economic and Social Committee ("EESC") did not object on these grounds - either the 'social' aspect of the committee's remit is subordinate to the 'economic' interest, or they consider that the whole of society should happily sacrifice privacy and security to ensure everyone pays their fair share of tax. That's certainly the Scandinavian practice. At any rate, the European Central Bank says that member states' central banks shouldn't have to operate the central registers unless they can bill the government for doing so - highlighting the more important point, that governments are better at wasting the taxes they do manage to collect than collecting taxes in the first place.

The FinTech crowd will no doubt be concerned about stealth regulation of distributed ledger technology or blockchains, via the virtual currency requirements. A "virtual currency" is quite broadly defined as:

"...a digital representation of value that is neither issued by a central bank or a public authority, nor necessarily attached to a fiat currency, but is accepted by a natural or legal person as a means of payment and can be transferred, stored or traded electronically."

Even if exchanges and wallet providers are prepared to tolerate AML regulation as the price for entering the 'mainstream', trying to regulate 'virtual currencies' (or any aspect of digital ledger technology or blockchains) at this early stage is very problematic. The above definition is broad but still does not cover every characteristic of a currency (which the Isle of Man has tried to capture). Indeed, the ECB has bluntly responded that so-called 'virtual currencies' are not currencies or money, pointing out they can also be used for other purposes and the holders don't need to use exchanges or wallet providers. The courts are also struggling with the concept that such 'currencies' are 'ownable' or 'property', as Lavy and Khoo have also explained.

Little wonder that the EESC recommends creating some kind of "European tool for monitoring, coordinating and anticipating technological change." But quite how Europe intends to 'anticipate' let alone 'coordinate' blockchain development is anyone's guess!

In any event, retailers should breathe a sigh of relief. Gift cards and other 'closed loop' instruments generally would not fit the MLD5 definition of a virtual currency, since they typically cannot be transferred or traded electronically. And there is a specific exclusion consistent with the 'limited network' exemption from the definition of electronic money (and therefore 'funds') for instruments that can be used to acquire goods or services only in the premises of the issuer, or within a limited network of service providers under direct commercial agreement with a professional issuer, or that can be used only to acquire a very limited range of goods or services. But note that the limited network exemption will be significantly narrower from January 2018, especially for programs transacting more than EUR1m a year.

At least someone wins!

Boring But Important: UK's Anti-Money Laundering Consultation

The Treasury is consulting on how to implement the fourth Money Laundering Directive into UK law by 26 June 2017, with responses due on 10 November 2016. Draft guidance from the European Banking Authority is also open for consultation. In parallel, a new EU Funds Transfer Regulation will take direct effect, updating the rules on information on payers and payees accompanying the transfer of funds in any currency.

The consultation is important, given that money laundering is also a key enabler of serious and organised crime, estimated by the Home Office to cost us £24 billion a year. Terrorists also tend to use the proceeds of crime as a means to obtain funding, but might also try to obtain finance from (unwitting) legitimate sources.

The current Money Laundering Regulations 2007 cover 150,000 UK businesses, with more likely to be covered due to a lowering of the threshold for eligible transactions in cash (or a series of transactions that appear to be linked) by persons trading goods, from EUR15,000 down to EUR 10,000 (probably about £1000 in 2017 money!); and an extension to include receiving as well as making payments in cash.

With the exception of money remittance, the government is able to exempt from the regulations some persons engaging in certain financial activities on an occasional or very limited basis where there is little risk of money laundering or terrorist financing:

• the financial activity is limited in absolute terms (the proposal is that the total annual turnover from the activity should not exceed £100,000);
• the financial activity is limited on a transaction basis (the proposed maximum threshold per customer and per single transaction, whether the transaction is carried out in a single operation or in several operations which appear to be linked, is £1,000);
• the financial activity is not the main activity of such persons (the proposal is that the activity should not exceed 5% of the total turnover of the natural or legal person concerned);
• the financial activity is ancillary and directly related to the main activity of such persons;
• the main activity of such persons is not an activity referred to in Article 2(1)(3)(a) to (d) or 2(1)(3)(f) of the directive; and
• the financial activity is provided only to the customers of the main activity of such persons and is not generally offered to the public.

The directive requires firms to verify the identity of a customer and any beneficial owner(s) before establishing a business relationship or carrying out a transaction, subject to certain thresholds. But the timing of the verification can be altered: (i) where there is little ML/TF risk and it is necessary so as not to interrupt the normal conduct of business, then verification can be carried out during the establishment of a business relationship - although it shall still be completed as soon as practicable after initial contact; and (ii) an account may be opened with certain institutions provided there are adequate safeguards in place to ensure transactions are not carried out by the customer or on its behalf until the necessary CDD measures are completed.

The directive also requires obliged entities to apply customer due diligence measures to existing customers at appropriate times, using a risk-based approach, as well as to new customers. In particular, such measures should be applied when the circumstances of a customer change, but it is not clear which circumstances are relevant ("e.g. name, address, vocation, marital status etc.") and how a firm would know they had changed. There is a non-exhaustive list of factors in Annex 1 of the MLD that must be taken into account when assessing the risk of money laundering and terrorist financing, raising some uncertainty as to what might constitute an exhaustive list in any given circumstances.

Certain thresholds for implementing customer due diligence apply, but the fact they are expressed in Euros highlights the significant problems posed by the volatility of the pound following the Brexit vote.

Simplified due diligence remains an option, but the list of products currently specified in Regulation 13 is to be replaced by a non-exhaustive list of factors in Annex II of the directive and further guidelines due from the EBA by June 2017 - heralding more uncertainty. In addition, pooled client accounts are no longer mentioned specifically in this context, meaning that the existing explicit option for an institution hosting another firm's client money account (or 'segregated' account or 'safeguarded' account) to apply simplified due diligence in connection with the beneficial owners of the funds in that account will no longer apply.

Enhanced due diligence measures must be implemented in certain circumstances, a non-exhaustive list of which appears in Annex III, with further details in the EBA consultation documents that the Treasury expects everyone to review separately... In fact, there are numerous instances where the various European financial authorities are to draw up regulatory technical standards, so watching that space is very important, as it could act as a brake on innovation.

There has been some increase in the scope of entities that can be relied upon to have conducted customer due diligence, and the Treasury is inviting further suggestions here, particularly to help reduce the regulatory burden. Here it would be very helpful if governments could actually work together to achieve, or at least support, formally 'reliable' ways of verifying the identity of each others' citizens, as envisaged by the eIDAS regulation (there is a single reference to electronic signatures as a means of reducing certain risks, in Annex III).

The new directive is more prescriptive on the internal controls that firms are required to implement, which must vary according to the nature and size of the business concerned. The Treasury is open to suggestions on the thresholds etc., particularly related to a compliance officer and independent audit functions.

There are separate chapters in the consultation specific to gambling, e-money, estate agents, correspondent banking; dealing with politically exposed persons (PEPs); and meeting the requirement for a central register of beneficial owners of corporate and other legal entities incorporated in each member state; as well as reporting, supervision and sanctions for breaches of the regulations.

Worth a read to know what's coming down the 'pike.