UK Green Light to Crypto-Staking For Consumers?

The UK government appears to give a green light to the practice of 'staking', but this should be approached with extreme caution. The law change only means that staking as defined in the exemption from the extensive definition of a "collective investment scheme" (CIS) in the Financial Services & Markets Act 2000 (FSMA). Staking in this context is intended to refer to the concept in 'proof of stake' blockchains (e.g. Ethereum). This is not a feature of 'proof of work' blockchains (e.g. the bitcoin blockchain) and the exemption does not cover 'staking' (effectively lending) of bitcoin or other assets. The exemption is a helpful clarification and removes the serious overhead associated with setting up and running an investment fund for the activities that are within the scope of the exemption. But an apparently minor change in the facts (e.g. affecting the qualification of the underlying cryptoasset) could still result in the staking activity falling outside the definition in the CIS exemption, meaning the staking activity could still qualify as a CIS. In addition, other financial regulation could still be implicated in the way that staking is done under the CIS exemption (e.g. e-money or payment services regulation, even for a qualifying cryptoasset), and the government clearly intends that the financial promotions rules aimed at 'qualifying cryptoassets' will still apply to marketing. Below is a summary for information purposes only. If you need legal advice, please get in touch.

What regulation has been changed to allow staking?

The CIS exemption is deceptively short:

22.—(1) Arrangements for qualifying cryptoasset staking do not amount to a collective investment scheme. 

(2) In this paragraph— 

“blockchain validation” means the validation of transactions on— 

(a) a blockchain [not defined]; or 

(b) a network that uses distributed ledger technology [not defined] or other similar technology; 

“qualifying cryptoasset” has the meaning given [in the Financial Promotions Order (FPO) - see the end of this post] 

“qualifying cryptoasset staking” means the use of a qualifying cryptoasset in blockchain validation.”

As the short Explanatory Note that accompanies the relevant regulation explains:

Staking is a consensus mechanism used by “proof of stake” blockchains. Blockchains are distributed ledgers on which various computers performing the function of “validator nodes” collaboratively enter and validate transactions to achieve consensus on the network’s state.

The longer Explanatory Memorandum adds further detail (at paragraph 5, but particularly 5.3), which will be critical to interpreting the scope of the CIS exemption and the extent to which it operates as a green light.

5.2 Staking is a consensus mechanism used by ‘proof of stake’ blockchains. It is an alternative to cryptoasset ‘mining’, which is the consensus mechanism used in a ‘proof of work’ blockchain. Blockchains are distributed ledgers on which various computers performing the function of ‘validator nodes’ collaboratively enter and validate transactions to achieve consensus on the network’s state. On proof of stake blockchains, participants earn the right to operate a validator node by staking a given amount of their cryptoassets (locking them down on a smart contract or via an alternative software solution). As an incentive to operate the node well, participants that are staking their cryptoassets receive rewards from the blockchain in the form of newly minted cryptoassets or a portion of transaction fees on the blockchain. This prospect of a financial return is a common focus of marketing around staking services. Participants who act in bad faith, for example by trying to add falsified transactions, risk losing the tokens they have staked. 

5.3 On certain blockchains, stakers are required to stake a set number of their cryptoassets to earn the right to operate a validator node, and this minimum amount can be prohibitively high for individuals. Some firms have therefore offered a service whereby customers’ cryptoassets are ‘pooled’ to meet the minimum staking requirements. The firm will then undertake the staking on behalf of its customers, frequently delegating the actual operation of the validator node to a specialist third party. If the firm then receives additional cryptoassets it will transfer a portion of the reward to its customers.

If you need legal advice on the topic, please get in touch.

26F.— Qualifying cryptoasset 

(1) Subject to sub-paragraph (3), a "qualifying cryptoasset" is any cryptoasset which is— 

(a) fungible; and 

(b) transferable.

(2) For the purposes of sub-paragraph (1)(b), the circumstances in which a cryptoasset is to be treated as "transferable" include where— 

(a) it confers transferable rights; or 

(b) a communication made in relation to the cryptoasset describes it as being transferable or conferring transferable rights. 

(3) A cryptoasset does not fall within sub-paragraph (1) if it is— 

(a) a controlled investment falling within any of paragraphs 12 to 26E or, so far as relevant to any such investment, paragraph 27;  

(b) electronic money;  

(c) fiat currency;  

(d) digitally issued fiat currency; or  

(e) a cryptoasset that— 

(i) cannot be transferred or sold in exchange for money or other cryptoassets, except by way of redemption with the issuer; and  

(ii) can only be used in a limited way and meets one of the following conditions— 

(aa) it allows the holder to acquire goods or services only from the issuer; 

(ab) it is issued by a professional issuer and allows the holder to acquire goods or services only within a limited network of service providers which have direct commercial agreements with the issuer; or  

(ac) it may be used only to acquire a very limited range of goods or services.  

(4) In this paragraph— 

"cryptoasset" means any cryptographically secured digital representation of value or contractual rights that—  

(a) can be transferred, stored or traded electronically, and  

(b) uses technology supporting the recording or storage of data (which may include distributed ledger technology);  

"digitally issued fiat currency" means fiat currency issued in digital form; 

"electronic money" has the meaning given by regulation 2(1) (interpretation) of the Electronic Money Regulations 2011.

Latest on EU Crypto Regulation

As I recently posted in more detail on Ogier Leman's 'Insights' page, the Council of the EU has published a further draft of the proposed Regulation on markets in cryptoassets (MiCA). It seems likely that MiCA will be published officially in 2023, with a wide range of transitional arrangements and dependencies on regulatory technical standards being developed by various EU regulatory agencies. Being a regulation, it will apply without needing to be implemented at national level. MiCA's impact will be significant, given the 'libertarian' origins of distributed ledger technology and cryptocurrencies and the goals of many purists, but likely welcomed by those seeking to harness the benefits of the technology to replace legacy systems. 

If you have queries about the regulatory implications of cryptoassets or related activities, please let me know.

EU Parliament Resolution on Distributed Ledger Technologies

The European Parliament has adopted a non-legislative Resolution on distributed ledger technologies (DLT), including blockchain. 

The resolution highlights potential applications of DLT, such as: 

• reporting on clinical health trials. 
• improving supply chains, such as monitoring of origin of goods for consumer protection. 
• allowing households to produce and exchange alternative energy. 
• Tracking, management and protection of intellectual property rights/licensing. 
• financial intermediation and reducing transaction costs. 
• control over personal data management and data sharing. 
• reducing administrative burdens in the public sector. 

The Resolution calls for the development of a European legal framework to solve any jurisdictional problems in dealing with fraud and crime; raise awareness of DLTs; and bridge the digital divide among various member states. 

Money Laundering Includes... Tax Evasion and Virtual Currencies?

Hot on the heels of the UK's consultation to introduce the 4th Money Laundering Directive comes the imminent EU approval of MLD5. 

A key element involves the creation of a central register of beneficial ownership of legal entities and related ownership arrangements, plus ongoing monitoring of those arrangements, with the intention that: 

"The enhanced public scrutiny will contribute to preventing the misuse of legal entities and legal arrangements for ...predicate offences such as tax evasion."

Other key provisions may be seen as closely related to this ambition: 

• creating a central register of all citizens' bank/payment accounts;
• enabling authorities to go hunting for evidence of suspicious activity even in the absence of a 'suspicious activity report';
• imposing customer due diligence and transaction monitoring obligations on 'virtual currency' exchanges and wallet providers; and
• reducing the limit of anonymity for prepaid cards/instruments.

Needless to say, the members of the European Banking Federation are very uncomfortable with the idea of equating tax evasion with money laundering. The nub of EU banks' concern seems to be that their tax evading customers will simply move their accounts to banks based outside the EEA, the implication being that they'd quite like to retain the business! To be fair, it is a little odd that the list of countries with deficient anti-money laundering regimes doesn't include tax havens typically associated with tax evasion.

But there are reasonable objections on the basis that centralising such sensitive and valuable personal data would be a 'snoopers/fraudsters charter'; and creating a central record of every citizen's bank account and financial arrangements seems mightily disproportionate to the benefit of collecting evidence on the comparatively small proportion of the population that would be involved in significant organised crime or tax evasion. It's surprising that the European Economic and Social Committee ("EESC") did not object on these grounds - either the 'social' aspect of the committee's remit is subordinate to the 'economic' interest, or they consider that the whole of society should happily sacrifice privacy and security to ensure everyone pays their fair share of tax. That's certainly the Scandinavian practice. At any rate, the European Central Bank says that member states' central banks shouldn't have to operate the central registers unless they can bill the government for doing so - highlighting the more important point, that governments are better at wasting the taxes they do manage to collect than collecting taxes in the first place.

The FinTech crowd will no doubt be concerned about stealth regulation of distributed ledger technology or blockchains, via the virtual currency requirements. A "virtual currency" is quite broadly defined as:

"...a digital representation of value that is neither issued by a central bank or a public authority, nor necessarily attached to a fiat currency, but is accepted by a natural or legal person as a means of payment and can be transferred, stored or traded electronically."

Even if exchanges and wallet providers are prepared to tolerate AML regulation as the price for entering the 'mainstream', trying to regulate 'virtual currencies' (or any aspect of digital ledger technology or blockchains) at this early stage is very problematic. The above definition is broad but still does not cover every characteristic of a currency (which the Isle of Man has tried to capture). Indeed, the ECB has bluntly responded that so-called 'virtual currencies' are not currencies or money, pointing out they can also be used for other purposes and the holders don't need to use exchanges or wallet providers. The courts are also struggling with the concept that such 'currencies' are 'ownable' or 'property', as Lavy and Khoo have also explained.

Little wonder that the EESC recommends creating some kind of "European tool for monitoring, coordinating and anticipating technological change." But quite how Europe intends to 'anticipate' let alone 'coordinate' blockchain development is anyone's guess!

In any event, retailers should breathe a sigh of relief. Gift cards and other 'closed loop' instruments generally would not fit the MLD5 definition of a virtual currency, since they typically cannot be transferred or traded electronically. And there is a specific exclusion consistent with the 'limited network' exemption from the definition of electronic money (and therefore 'funds') for instruments that can be used to acquire goods or services only in the premises of the issuer, or within a limited network of service providers under direct commercial agreement with a professional issuer, or that can be used only to acquire a very limited range of goods or services. But note that the limited network exemption will be significantly narrower from January 2018, especially for programs transacting more than EUR1m a year.

At least someone wins!

Humans At The Heart of FinTech

My article on this theme has been published by the Society of Computers and Law in connection with the IFCLA conference, where I participated on a panel discussing disruptive technology in financial services. 

It is interesting to see how people's belief in the 'efficient market' and appeals to the authorities for help when things get out of hand is playing out in the context of the Ethereum project and the DAO!

Distributed Ledger Technology: Cutting Through The Hype

A busy start to 2016 has meant the blog has suffered, but I have at least co-written an article with Susan McLean of Morrison & Foerster that cuts through the hype around blockchain and other distributed ledger technology (DLT). 

The article includes updates on a range of DLT initiatives across numerous business sectors; various policy and regulatory responses; as well as some thoughts on the challenges involved in implementing DLTs.

In January, I also posted on Pragmatist about on the potential use of DLTs for tracking and collecting royalties on music and other creative works. But whether this technology will address the root causes lurking beneath the biggest problems that the creative industry faces is another question...

Isle of Man Goes Crypto-Crazy

I'm indebted to my colleagues in the Isle of Man for pointing me to the IoM's recent Designated Businesses (Registration and Oversight Act 2015, which imposes various registration and anti-money laundering requirements on distributed ledger technology. Do we have a poster-child for how regulation of new technology can go way too far?

The IoM compliance obligations are aimed at: 

"the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating convertible virtual currencies, including crypto-currencies or similar concepts where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity;"

This seems likely to be counter-productive, to say the least, given that the 'currency' aspect of distributed ledgers is often merely there to reward the 'miner' or processor of transactions or events that occur on the ledger, regardless of whether those events are themselves financial in nature - financial services being merely one of many different potential applications.

So, should every business on the IoM that uses, or might wish to use, distributed ledgers register with the authorities and introduce AML controls on everyone it deals with, just in case? Maybe so...

Two specific points to make:

1. ‘convertible virtual currencies’ are defined more broadly than one would expect:

“including crypto-currencies or similar concepts [neither term being defined, except by what follows…] where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity”, 

Most definitions of a ‘currency’ require all these criteria to be met, not just any one of them. Imagine what would happen to the US Dollar, for example, if suddenly it was not accepted as meeting just one of the above criteria...  Indeed, for this reason many people disagree that Bitcoin - the most widely used form of 'crypto-currency' - is still nothing more than a commodity.

In addition, none of the typical exemptions under payment services regulations seem to be imported here. To take but one relevant example: consumer loyalty/rewards programmes are typically exempt on the basis that the rewards are only accepted as a means of payment within a 'limited network'. Do the local authorities really want every business participating in a loyalty scheme on the Isle of Man to register and apply AML controls just because the scheme involves distributed ledger technology? Maybe so...

2.  Similarly, the list of activities that trigger the relevant compliance obligations would seem to cover a vast array of potential services and their providers/users - recognising that these are distributed ledgers to which all computers running the protocol have the same access. Again, just think of consumer loyalty programmes as you go through the list:

the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating...

Even payment services regulation, for instance, exempts technology services that support transactions without the service provider handling funds. And the whole point of the ledger is that no intermediary is actually handling funds - its all happening peer-to-peer amongst machines - indeed perhaps everyone's device is handling the funds. Furthermore, there will be instances where access to a distributed ledger is just one element of a wider system - as in the car-rental example, or tracking shipping containers - and it may not be clear to everyone that a distributed ledger is involved if it's just to share the location or state of a vehicle or container.

Still, the Isle of Man's approach might at least be useful in demonstrating how regulation in this area can go too far...

Guest Post at Open Identity Exchange - A Pragmatic Approach To Distributed Ledgers

The post appears here.

Thanks to OIX for the opportunity to support the initiative.

Of #Smart Contracts, Blockchains And Other Distributed Ledgers

Seems I caught Smart Contract Fever at last week's meeting of the Bitcoin & Blockchain Leadership Forum. So rather than continuing to fire random emails at colleagues, I've tried to calm myself down with a post on the topic.

For context it's important to understand that 'smart contracts' rely on the use of a cryptographic technology or protocol which generates a 'ledger' that is accessible to any computer using the same protocol. One type of 'distributed ledger' is known as a 'blockchain', since every transaction which is accepted is then 'hashed' (shortened into a string of letters and numbers) and included with other transactions into a single 'block', which is itself hashed and added to a series or chain of such blocks. The leading distributed ledger is 'Bitcoin', the blockchain-based virtual currency. But virtual currencies (commodities?) are just one use-case for a distributed ledger - indeed the Bitcoin blockchain is being used for all sorts of non-currency applications, as explained in the very informative book, Cryptocurrency: How Bitcoin and Digital Money are Challenging the Global Economic Order. As Jay Cassano also explains, another example is Ripple, which is designed to be interoperable with other ledgers to support the wider payments ecosystem; while Ethereum is even more broadly ambitious in its attempt to use smart contracts as the basis for all kinds of ledger-based applications.

Generally speaking, the process of forming a 'smart contract' would be started by each party publishing a coded bid/offer or offer/acceptance to the same ledger or 'blockchain', using the same cryptographic protocol. These would be like two (or more) mini-apps specifying the terms on which the parties were seeking to agree. When matched, these apps would form a single application encoding the terms of the concluded contract, and this would also be recorded in the distributed ledger accessible to all computers running the same protocol. Further records could be 'published' in the ledger each time a party performed or failed to perform a contractual obligation. So the ledger would act as its own trust mechanism to verify the existence and performance of the contract. Various applications running off the ledger would be interacting with the contract and related performance data, including payment applications, authentication processes and messaging clients of the various people and machines involved as 'customers' or 'suppliers' in the related business processes. In the event of a dispute, a pre-agreed dispute resolution process could be triggered, including enforcement action via a third party's systems that could rely on the performance data posted to the ledger as 'evidence' on which to initiate a specific remedy. 

Some commentators have suggested this will kill-off various types of intermediaries, lawyers and courts etc. But I think the better view is that existing roles and processes in the affected contractual scenarios will adapt to the new contractual methodology. Some roles might be replaced by the ledger itself, or become fully automated, but it's likely that the people or entities occupying today's roles would be somehow part of that evolution (if they aren't too sleepy). The need for a lot of human-readable messages would also disappear, signalling the demise of applications like email, SMS and maybe even the humble Internet browser. Most data could flow among machines, and they could alert humans in ways that don't involve buttons and keyboards.

So what are the benefits?

Well, it might take significant investment to set up such a process, but it should produce great savings in time, cost, record-keeping and so on throughout the lifetime of a contract. And, hey, no more price comparison sites or banner ads! Crypto-tech distributed ledgers would enable you to access and use a 'semantic web' of linked-data, open data, midata, wearables, smart meters, robots, drones and driverless cars - the Internet of Things - to control your day-to-day existence.

The downside?

This also might also play into the hands of the Big Data crowd (if they find a way to snoop on your encrypted contracts), or even the machines themselves. So it's critical that we figure out the right control mechanisms to 'keep humans at the heart of technology - the topic of the SCL's Tech Law Futures Conference in June, for example.

Meanwhile, I'm reviewing my first smart contract, which is proving rather like being involved in the negotiation of a software development agreement - which it is, of course. I'll post on that in due course, confidentiality permitting...

Of #Blockchains And #MultiFactorAuthentication

Okay, so yesterday I was trying to use the car rental scenario to understand the concept of blockchains and distributed ledger technology and ended with the point that all sorts of computer applications could run "on" the blockchain. Some could act as gateways between/among blockchains, and some could link applications on blockchains with the applications running on the Internet - like social media, email - or applications on mobile networks, including SMS. 

So, in the example, the contractual program running on the blockchain that doubles as my car rental contract could also initiate a text message telling me where and when to pick up my rental car. 

I also mentioned that my own request to rent a car could provide the details for where the car rental company's program could go to verify my driver's licence. I didn't mean for identification purposes, but to work out if I'm licensed to drive a vehicle.

On the identity front, I mentioned that both me and the car rental company would be acting pseudonymously. That's important because blockchain transactions are accessible by anyone with a device running the relevant technology. So mine and the rental car company's respective bits of code would have to offer a way for us to authenticate each other. And this is where the public nature of blockchains really come into their own.

Back in 2011, we had a big discussion on identity at the CSFI from which my 'takeaways' were that (1) identity is dynamic, not static - we are better defined by the data generated by everything we do, rather than a birth date or fingerprints. So (2) verifying our identity could be based on a unique snapshot of our behavioural data, which could then be discarded, rather than a passport etc.  which could be copied and used by fraudsters.

The challenge with multi-factor authentication in the Internet world is possibly that the data is subject to alteration (though on a mass scale it could be hard to alter every item of data about a person's behaviour).

But blockchains are infinitely harder to alter, since (I'm told) all the computers running the technology check each block when it is completed and that can't be undone, unless you control most of the computers at any one time (like a villain in a Bond movie).

So our identities could be verified by reference to a series of our blockchain transactions. For privacy and security reasons, each blockchain transaction should be coded so as not to give away much information about the transaction itself. That ought to be easy, since the code only needs to be understood by the computers who process each transaction at that time. At any rate, each transaction could somehow be combined into a unique identity token that would continually evolve to remain unique.

Hey presto, reliable multi-factor authentication!

Do I have any of this right?

 

Of #Blockchain And Other Distributed Ledger Technologies

I'm still trying to get my head around the concept of the blockchain and other 'distributed ledger' technologies, how they are useful and what else needs to happen to harness their potential. To that end, I'm trying to ignore the 'virtual currency' use-case that seems to get everyone tied up in knots. I mean, the Internet is more than a money remittance platform, right? Well, the concept of a 'distributed ledger' is similarly broad - maybe broader than the Internet. According to Ethereum, "a platform for decentralised applications", even the word 'ledger' is too limiting.

Recently, I read the 'call for evidence' on this topic from European Securities and Markets Authority (ESMA), especially as there's been a lot of talk about using the blockchain to cut the time and cost of central clearing and settlement in the financial markets.

Yet, as the call for evidence itself shows, even ESMA is struggling to understand the uses beyond investment products which (a) provide exposure to a virtual currency without buying it, or (b) require you to actually trade in virtual currency in ways that are recorded in the relevant 'blockchain' or other currency ledger. 

This could be because ESMA is viewing the technology through the lens of the existing, heavily intermediated financial market structures and how these might be somehow replicated using the new technology (see the two diagrams in section 4).  But as I've complained for years, financial regulation (for which ESMA is partially responsible) funnels investment funds and opportunities into marketplaces where comparatively few intermediaries are allowed to operate - so they can charge what they like and not bother innovating, except to suit themselves (high frequency trading?). Internet technology has helped a bit, by making it cheaper to build and host systems etc, but that technology is still based on the idea that transactions occur in separate computers and the related data remains locked away in proprietary databases, or displayed only to subscribers.  

Distributed ledger technology seems to herald something far more revolutionary.

As I see it, these technologies basically involve publishing machine-readable applications or programs that can be read by any device running the same technology. Each market participant just needs to publish or display to others what it is offering or what it needs and any 'deal' will be recorded or coded on a nominated blockchain or ledger. Certain stuff can still be kept secret, but enough information can be shared to enable the computers to record the deal publicly so that everyone knows the deal was done.

Take an ordinary consumer transaction like renting a car. The rental car company's computer could publish a certain program that identifies the company itself (pseudonymously), a specific car, the make/model, its current location and the price to rent it for the day (including full collision damage waiver!). If I need to rent a car, I could publish some code that identifies me (pseudonymously), what type of car I need, where, when, how much I'm prepared to pay per day, the payment method and how the rental company can authenticate my driver's licence. Our computers find each other, like what they see and submit a transaction to a third computer which writes it up in code that instructs other computers to take my payment, send me the collection details and so on. In other words, as well as being an open record that the transaction exists, the code can also refer others to more detailed information where necessary.

It seems that very little should need to change outside the above scenario for this begin to happen, since the programming languages are now expressive enough to enable such codes to be written about every day transactions without a lot of fuss over industry standards. However, over time the same technology could be at work all over the place in more technical scenarios. For instance, my driver's licence could also just be a computer code available on a separate blockchain or ledger, to which the rental company's computers could be referred to check when it expires, whether I have any demerit points and so on. Even credit references and so on might be ascertainable in this way. 

In other words, all sorts of computer applications could run "on" the blockchain and/or act as gateways between/among blockchains and between blockchains and the applications running on the ordinary old Internet, like social media, email or those running on mobile networks, like SMS. So, in the example, a program running on the blockchain could initiate a text message telling me where and when to pick up my rental car.

I'm now struggling a little to see the difference between 'distributed ledger technology' and the 'semantic web' or 'Web 3.0', Linked Data, Open Data and so on. But, hey, I'm taking it a day at a time. At any rate, it all seems to promise the death of human-readable price comparison sites and their corny advertising, so bring it on!

UK Plans For #VirtualCurrencies and #Blockchain Technologies

The Treasury has published its response to the recent call for evidence on virtual currencies. The plan is to apply anti-money laundering regulation to virtual currency exchanges and ensure effective enforcement related to the criminal use of the currencies themselves, including seizure. It will also foster the development of standards for consumer protection in conjunction with the British Standards Institute. The government will also invest £10m to address 'research opportunities and challenges'.

In addition to addressing the risks, the report also explores the benefits of digital currencies as methods of payment, including uses beyond the retail scenarios, as well as other applications of blockchain technology; as well as barriers to suppliers setting up in the UK and how the government can help clear the way.

Alternative uses for the “distributed ledger” technology (i.e. beyond retail payment services) that the Treasury identified were:

• transfer of title to digital assets, with inherent authentication, digital ‘signing’ and time-stamping and record-keeping e.g. recording and transferring the ownership of bonds, shares, securities and other financial instruments; passports, driving licences, criminal records, land registry and digital voting; 
• ‘smart contracts’ and smart payments, whereby users encode requirements into a payment instruction or other message in order to achieve autonomous, self-executing payments and contracts that adjust for specific conditions. 
• decentralised data storage solutions (using blockchain technology to store files securely and efficiently);
• encrypted peer-to-peer messaging networks; and 
• links with ‘smart property’ and the Internet of Things, whereby devices (including autonomous vehicles) communicate with each other and maintain and update themselves semi-autonomously.

Great news for the everyone that the government is positively engaging with this technology.