UK Review of the Payment Services (and E-money) Regulations

The Treasury is calling for evidence to assist in its review of the Payment Services Regulations 2017. This also necessarily involves consideration of the Electronic Money Regulations 2011, since e-money institutions are subject to both. Those regulations implemented corresponding EU directives that are also being reviewed (which the Treasury ignores). You have until 7 April 2023 to submit responses to the UK process. Please let me know if you would like assistance.

Of course, 'elephant in the room' is whether the UK regulations should remain harmonised with the EU directives that they implemented, particularly as most UK payment service providers will have EEA aspirations, at least, if not their own regulated firms within the trade bloc. Indeed, the UK review will seem eerily familiar to many, because the European Commission embarked on its own review of the second Payment Services Directive (PSD2) in May 2022; and in July the European Banking Authority proposed numerous changes that I summarised for Ogier Leman in Ireland, including the merger of PSD2 and the second E-money Directive (EMD2). I suspect the UK review is timed to coincide with likely changes arising from the EU's review process. The timing might not work perfectly, so the UK might make any changes that seem settled or non-controversial in the EU process, then mop up the rest in due course.

The UK government believes that its e-money and payment services regulation should address: 

• 'authorised push payment' (APP) fraud; 
• whether 'strong customer authentication' requirements are too prescriptive and should be 'outcome-based' including delaying payments where APP fraud is suspected to allow for communication with a potentially affected customer;
• the use of cryptoassets or cryptocurrencies as payment methods.

There is no mention of the European Commission or EBA proposals relating to the review of PSD2 and EMD2, let alone consideration of whether those proposals should be addressed in the UK. I guess that is left to the rest of us to consider and submit.

The UK has already made changes to its insolvency regime to cater for the more orderly and efficient wind-down of payment and e-money institutions, as this was something that the EU directives did not really address (aside from the 'pooling' provisions relating to safeguarded funds). The UK government is also inviting evidence on whether these additional arrangements are adequate (and the EBA has urged greater clarity on wind-down arrangements under the EU directive(s).

The government persists in its tediously jingoistic claims that the UK somehow pioneered 'Open Banking' through the API requirements proposed by the Competition and Markets Authority in 2016 (among other remedies to improve competition for retail banking). However, that happened three years after the specific open banking requirements were proposed in the first version of PSD2. In fact, such 'open data' and 'midata' initiatives were fully developed by 2012 common across Europe and, indeed, globally within the context of the World Economic Forum, as I posted at the time. It cites unspecified plans to ‘develop’ and ‘progress’ such services through a Joint Regulatory Oversight Committee after the CMA found that its mandated Open Banking Implementation Entity was improperly managed and lacked corporate governance.

While omitting a focus on whether banks unfairly withhold payment accounts from innovative financial services businesses, the consultation also includes highly irregular claims that the government is concerned about whether payment service providers might be terminating customer relationships in reaction to the customers' right wing, 'libertarian' political views. The paper concedes that there is no evidence at all that this is a genuine issue, merely citing assertions from a Conservative MP based on speculation by a conservative pundit about why PayPal might have regarded his accounts as suspicious. That such nonsense has found its way into a Treasury consultation paper is deeply worrying. It smacks of the false claims about Channel 4's activities by the then Culture Secretary, ironic given the government's decision to boycott and later sell Channel 4 in reaction to what it believed was unwarranted scrutiny of its activities by journalists. Just as the government has been forced to row back on the sale of Channel 4, it would seem unwise to politicise payment services regulation...

Though maybe the drafts-person was fully aware of the irony in referring to the 'Daily Sceptic' and the 'Free Speech Union' in the context of better ways to combat APP fraud.  

UK FCA Guidance on Regulation of CryptoAssets

The regulation of 'cryptoassets' including cryptocurrencies is under permanent review, with the UK's Financial Conduct Authority perhaps the latest financial regulator to finalise its guidance. Despite the often-repeated statement that financial regulation is 'technology-neutral', the decentralised nature of cryptographic or 'distributed ledger technology' (DLT) is awkward because there is no central issuer, operator or service provider to which regulatory responsibility and accountability can be attached. Add to that the flexibility of DLT and the wide range of use-cases, and you have the recipe for widespread regulatory confusion.

The guidance itself is set out in Appendix 1 to the FCA's paper (pp 29-54), including useful case studies and examples, but I've only discussed the different types of cryptoasset below - including a new category added by the FCA.

The FCA's guidance in this context is also separate from:

• anti-money laundering: the fifth money laundering directive (5MLD) will be gold-plated implemented in the UK by January 2020, which will impose anti-money laundering requirements on certain cryptoasset firms, amongst other types of businesses.
• the use of Distributed ledger technology (DLT) for regulated activities such as custody, and settlement.

The guidance may also change pretty quickly because:

• the FCA itself will consult on banning the sale of derivatives linked to certain types of unregulated cryptoassets to retail clients; and
• the UK Treasury will consults on whether (further) regulation of (unregulated) cryptoassets is required; and
• other countries may regulate in a way that it makes sense for the UK to match.

What Are Cryptoassets?

Like the regulatory authorities in most developed markets, the FCA initially embraced the idea that cryptoassets can be defined in terms of three types of cryptographically-generated 'tokens': exchange tokens, utility tokens and security tokens. 

But the FCA has now added a fourth category of "e-money tokens" (those which meet the definition of "electronic money" discussed below). The intention is to leave exchange tokens and utility tokens outside the regulatory perimeter as "unregulated tokens"; and to differentiate the use of tokens as e-money from security tokens (which carry rights and obligations that are essentially the same as specified investments covered by existing securities regulation).

"Stablecoins" don't constitute a separate category because while they're all structured in a way that seeks to limit changes in their perceived value, those structures vary a lot. Some could meet the definition of e-money (e.g. equating in value to a fiat currency and meeting the other requirements), or a security ('backed' by other securities), while others would not.

So, basically, the FCA considers that only e-money tokens and securities tokens will be regulated.  But note that firms which are already regulated by the FCA may have regulatory obligations relating to their unregulated activities where they are carried out by the regulated firm in connection with, or held out as being for the purposes of, a regulated activity. In such cases, the FCA's 11 Principles for Business (PRIN) and individual conduct rules under the Senior Managers and Certification Regime (SMCR) will still apply. The FCA also works with other agencies to indirectly mitigate harm from other types of unlawful activity involving cryptoassets.

It's also possible that tokens could shift categories over time, or meet the definitions of two or more types. The FCA says that: 

"...the regulatory treatment depends on the token’s intrinsic structure, the rights attached to the tokens and how they are used in practice. If the token at a point in time reaches the definition of an e-money token or a security token, then it will fall under regulation. We have provided additional case studies on the fluidity of tokens within the Guidance."

Exchange Tokens

These are cryptoassets that are decentralised and primarily used as a means of exchange (e.g. ‘cryptocurrencies’, ‘crypto-coins’ or ‘payment tokens’) that are typically designed to provide limited or no rights for the holder, and there is usually no (single) issuer to enforce rights or make claims against.

The FCA does not want to regulate exchange tokens themselves (without a change in the law), but may already regulate the participants at either end of the exchange, for instance, where the cryptoasset is used by regulated payment service providers to more efficiently facilitate the processing of payment transactions in 'fiat' currency. 

Anti-money laundering regulation may also apply (particularly from 10 January 2020), but the FCA sees this as a separate to its financial regulatory perimeter (even though it is also a supervisory authority for AML regulation).

Utility Tokens

These are cryptoassets that provide users with access to a current or prospective product or service and often grant rights similar to pre-payment vouchers. Again, these are unregulated where they just provide this type of utility.

Security Tokens

These are cryptoassets with essentially the same rights as regulated investment instruments (securities) such as shares, debentures or units in a collective investment scheme; and the FCA says it will regulate these the same way they regulate their traditional cousins.

Of course, the security tokens are often distributed by means of 'initial coin offerings' and/or 'airdrops' that cross multiple jurisdictions, each of which may treat/regulate them differently. The problem with consistent international regulation is that (certainly outside the 31 countries in the European Economic Area) there are differences in the classification and regulatory treatment of securities that will also affect crypto-securities with the same characteristics. The FCA points to bilateral harmonising efforts and multilateral discussions through the Global Financial Innovation Network (GFIN), the International Organization of Securities Commissions (IOSCO), the European Commission (EC) and the European Supervisory Authorities (ESA) - and one could add central bank co-ordination on the impact of cryptoassets on fiat currencies and currency regulation via the Bank of International Settlements.

E-money Tokens

These are tokens that meet the definition of "electronic money" in the Electronic Money Regulations 2011 (derived from the second EU E-money Directive):

electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions [as defined in PSD2], and which is accepted by a natural or legal person other than the electronic money issuer;

There are also certain specific exclusions, which include instruments used within 'limited networks'  but that's worth a whole series of posts in itself.

Whether this meets the concern of the Financial Markets Law Committee that there's a gap in AML regulation for virtual currencies that share the characteristics of money remains to be seen.

FCA Proposes Guidance On CryptoAssets

The FCA is consulting on new guidance as to when cryptoassets would be regulated, along with a new webpage on the topic. 

The guidance considers when cryptoassets might be specified investments (or out of scope), payment services and/or e-money services - giving context and examples.

Consultation ends on 5 April 2019. 

The Treasury is soon to consult on legislation to extend the FCA's jurisdiction to cover certain cryptoassets; and the FCA aims to publish a policy statement in September, based on its current consultation.

The Trouble With Categorising Cryptocurrencies As The Basis For Regulating ICOs

Securities regulators are trying to figure out whether and how to regulate Initial Coin Offerings (ICOs). In doing so, they are tending to focus on the economic function and purpose of the 'coins' or 'tokens' offered, to put them in categories that most stakeholders should understand. They are then proposing different regulatory treatments for the process of issuing the coins according to the different categories. The challenge is that tokens - like 'fiat' currencies (and barter goods, for that matter) - generally have multiple uses that are completely independent of the 'issuer' or protocol for issuing them, and which may vary from one 'holder' to the next. Therefore it is suggested that it should not be the economic function or purpose of the token itself that should drive the regulatory treatment, but the activities in which the issuers, holders and potential holders of the tokens are engaged. At any rate, before regulating or threatening the impact of existing regulation, we need to develop a much more comprehensive overview of distributed ledger technology; the role and use of 'tokens', 'coins' and 'cryptocurrencies'; and the participants and their activities. 

In its recent guidelines, the Swiss regulator (FINMA) categorises tokens into three types, although it admits hybrid forms are possible:

• Payment tokens are synonymous with cryptocurrencies and have no further functions or links to other development projects. Tokens may in some cases only develop the necessary functionality and become accepted as a means of payment over a period of time.

• Utility tokens are tokens which are intended to provide digital access to an application or service.

• Asset tokens represent assets such as participations in real physical underlyings, companies, or earnings streams, or an entitlement to dividends or interest payments. In terms of their economic function, the tokens are analogous to equities, bonds or derivatives.

FINMA says the resulting regulatory treatment may be flexible where a hybrid of the above is involved, e.g. anti-money laundering regulation would apply to utility tokens that can also be widely used as a means of payment (or are intended to be used that way in time).

The Malta Financial Services Authority says that these are all forms of "virtual currency" (i.e. digital currencies that are not backed by government - as opposed to e-money, which is the digital version of a country's 'fiat' currency). The Maltese definition of a virtual currency may also be wider, as the Swiss guidelines are only aimed at crypto-currencies - those issued or implemented using cryptographic or "distributed ledger technology".  The other differences seem to be in name only - the Maltese would refer to Swiss "payment tokens" as merely "coins" and prefer the name "securitised tokens" for the Swiss "asset tokens".

The MFSA says this approach to classifying types of “digital currency” reflects the Blockchain Policy Initiative Report of July 2017 (and an European Securities and Markets Authority statement from November 2017). 

But does it?

The crowd-sourced Blockchain Policy Initiative Report does not really give a succinct definition of 'cryptocurrency' and there is no mention of 'payment token' or 'utility token' according to my search of the pdf version. The report is a helpful, but long and discursive, explanation of distributed ledger technology (DLT).  It gives little insight into the uses of such technology beyond financial use-cases - which will likely be the majority in due course (if not already). In any event, with so many ICOs occurring so quickly, it's difficult to see how it could be comprehensive and therefore why it should be particularly reliable. It's even possible that there are initial coin offerings that are not presetned as "ICOs".

Consider "Filecoin", for example. Users can "earn" tokens for making available unused data storage capacity; the tokens become a "currency" for exchange with others; and the result is a means of those with flexible storage needs to manage their data storage costs and capacity. Couldn't this satisfy all three categories outlined above? Should a securities (or payments) regulator be involved in data storage capacity management? Should the transfer or sale of 'coins' representing storage capacity be seen as making a "payment" or "exchange" of "currency"? Consider that certain "carbon credits" or "emission allowances" are regulated securities... but why?

This underscores why we need to develop a much more comprehensive overview of distributed ledger technology; the role and use of 'tokens', 'coins' and 'cryptocurrencies'; and the participants and their activities, before regulating or threatening the impact of existing regulation. 

US Regulator Explains The Challenges For Registered CryptoFunds

The Maltese and Swiss securities regulators were not alone in focusing on cryptocurrencies over the Christmas break, as staff at the SEC were also at it in Washington DC.  Importantly, none of these regulators have poured scorn on the notion of ICOs or even funds holding cryptographic assets. All are merely concerned to signpost issues to be resolved.

While the civil law Europeans were typically eager to be as definitive as possible in how they will treat ICOs (since they believe nothing is possible unless the government spells out how it can be done), the common lawyers in the US were more circumspect (as they abide by the maxim that the law must follow commerce), merely explaining "a number of significant investor protection issues that need to be examined before sponsors begin offering these funds to retail investors."

Yet similar issues arise in relation to ICOs as for funds investing in cryptographic assets, particularly those of "securitised tokens" or "asset tokens" which are analogous to equities, bonds or derivatives in their economic function, if not the rights that attach to them.

Specifically, the SEC's concerns relate to valuation, liquidity, custody, arbitrage for exchange traded funds (ETFs), potential manipulation and other risks. For instance:

• do funds have enough information to value their crypto assets each day, including accounting for events like 'hard forks' or differences in types of currency and potential for market manipulation?

• could open-ended funds support daily redemptions?

• how would a fund arrange custody and validate the existence, exclusive ownership and software functionality of private cryptocurrency keys and other ownership records?

• an ETF is required to have a market price that would not deviate materially from the ETF’s net asset value, so in light of the fragmentation, volatility and trading volume of the cryptocurrency marketplace, how would ETFs comply with this term of their orders?

• Although some funds may propose to hold cryptocurrency-related products, rather than cryptocurrencies, the pricing, volatility and resiliency of these derivative markets generally would be expected to be strongly influenced by the underlying markets, which feature substantially less investor protection than traditional securities markets, with correspondingly greater opportunities for fraud and manipulation. So:

• Would investors, including retail investors, have sufficient information to consider any cryptocurrency-related funds and to understand the risks?

• How would broker-dealers analyze the suitability of offering the funds to retail investors?

• Could investment advisers meet their fiduciary obligations when investing in cryptocurrency-related funds on behalf of retail investors?

Assuming the industry can solve these problems, we'll be in a strange new world.

Switzerland Explains How It Will Handle Initial Coin Offerings

Not to be outdone by Malta's announcements, the Swiss regulator (FINMA) has published its own ICO guidelines, which complement earlier Guidance. Unlike Malta, there is no specific regulation proposed at this stage. But FINMA has tried to clarify that, when assessing ICOs, it will focus on the economic function and purpose of the tokens issued by the organiser, and whether they are (or will be) tradeable or transferable.  FINMA categorises tokens into three types, although admits hybrid forms are possible:

• Payment tokens are synonymous with cryptocurrencies and have no further functions or links to other development projects. Tokens may in some cases only develop the necessary functionality and become accepted as a means of payment over a period of time.

• Utility tokens are tokens which are intended to provide digital access to an application or service.

• Asset tokens represent assets such as participations in real physical underlyings, companies, or earnings streams, or an entitlement to dividends or interest payments. In terms of their economic function, the tokens are analogous to equities, bonds or derivatives.

Malta says that these are all forms of "virtual currency" (i.e. digital currencies that are not backed by government - as opposed to e-money, which is the digital version of a country's 'fiat' currency). The Maltese definition of a virtual currency may also be wider, as the Swiss guidelines are only aimed at crypto-currencies - those issued or implemented using cryptographic or "distributed ledger technology".  The other differences seem to be in name only - the Maltese would refer to Swiss "payment tokens" as merely "coins" and prefer the name "securitised tokens" for the Swiss "asset tokens". 

On the basis of the function and transferability of the relevant crypto-currency), FINMA will treat Swiss ICOs as follows (see diagram on page 8 of the Guidelines):

• Payment ICOs: For ICOs where the token is intended to function as a means of payment and can already be transferred, FINMA will require compliance with anti-money laundering regulations. FINMA will not, however, treat such tokens as securities.

• Utility ICOs: These tokens do not qualify as securities only if their sole purpose is to confer digital access rights to an application or service and if the utility token can already be used in this way at the point of issue. If a utility token functions solely or partially as an investment in economic terms, FINMA will treat such tokens as securities (i.e. in the same way as asset tokens).

• Asset ICOs: FINMA regards asset tokens as securities, which means that there are securities law requirements for trading in such tokens, as well as civil law requirements under the Swiss Code of Obligations (e.g. prospectus requirements).

This may be flexible where a hybrid of the above is involved, e.g. anti-money laundering regulation would apply to utility tokens that can also be widely used as a means of payment (or are intended to be used that way in time).

Malta's Proposals On Regulating Virtual Currencies, ICOs etc - Updated

The Malta Financial Services Authority, like other regulators, is in the process of consulting on the policy it proposes to adopt for regulating virtual currencies, the process of issuing them ("Initial Coin Offerings" or "ICOs") and the service providers involved. The MFSA has proposed new legislation that would extend create an additional regime beyond the scope of existing securities and investment regulation, to cover virtual currencies that are not deemed to be financial instruments and therefore already caught by existing laws.

The MFSA published a “Discussion Paper On Initial Coin Offerings, Virtual Currencies And Related Service Providers” in November 2017 and consultation ended on 18 January 2018. The MFSA is yet to finalise its policy or any proposed statute.

The MFSA clearly wishes to support innovation and new technologies for financial services, while ensuring effective investor protection, market integrity and financial stability.  

It’s proposed approach to classifying types of “digital currency” reflects the Blockchain Policy Initiative Report of July 2017 and an European Securities and Markets Authority statement from November 2017.  This contrasts “virtual currency” with “E-money” which is the digital representation of a fiat currency; and defines three types of virtual currency (any of which might also be cryptographic currencies operating on distributed ledger technology or DLT): 

• “utility tokens” (providing only platform or application utility rights or access rights);

• “securitised tokens” (embedding an underlying asset/commodity or rights, like quasi-shares or bonds); and

• “Coins” (that are intended to be, or have become, a means of payment). 

The MFSA is proposing to seek the adoption by the Maltese Parliament of a Virtual Currencies Act to regulate virtual currencies:

• that constitute “financial instruments” (under a test to be devised), by confirming they are subject to existing EU and national financial services regulation; and

• those that do not qualify as financials instruments, by making them subject to new “similar high level regulatory principles on transparency and merit-based regulation as those currently applicable to securities seeking a listing on a regulated market” – although they will be deemed “complex instruments” so their regulatory treatment will be akin to how such instruments are regulated under MiFID. 

Persons involved in activities related to virtual currencies would need to be "'fit and proper', have the competence, sufficient knowledge and expertise, experience, business organisation and systems necessary in the field of information technology, VCs and their underlying technologies, including but not limited to DLT."

Providers of investment services will need a separate licence to provide services in support ICOs etc in relation to virtual currencies that do not qualify as financial instruments under existing laws; and will need to set up a dedicated subsidiary for that purpose. 

All persons subject to the Act would also be subject to anti-money laundering requirements. 

There are specific proposals to regulate issuers, exchanges and investment funds (and other collective investment schemes) that deal in virtual currencies that do not qualify as financial instruments. 

Banks and payment service providers would be permitted to extend their activities to such virtual currencies, but only for clients and under a separate subsidiary licensed under the Act. 

But reinsurers, insurers and pension schemes would still be prohibited from dealing in virtual currencies for their clients or their own account. 

Update 22.02.18: The Maltese government has published a further consultation in response to submissions received on the MFSA discussion paper, which "presents a conceptual framework through which DLT Platforms can be subject to certification in Malta" which will extend to issuers of ICOs and certain service provides dealing in virtual currencies. Consultation responses are due by 9 March 2018.

Three new pieces of legislation are proposed:

• The MDIA Bill will provide for the establishment of an Authority to be known as the Malta Digital Innovation Authority.

• The TAS Bill will set out the regime for the registration of Technology Service Providers and the certification of Technology Arrangements.

• The VC Bill will set out the framework for ICOs and the regulatory regime on to the provision of certain services in relation to VCs. The intermediaries subject to the VC Bill include brokers, exchanges, wallet providers, asset managers, investment advisors and market makers dealing in VCs. 

Review of E-money Regulation: More Regulation For Retailers?

The European Commission has just reported on the status of EU e-money regulation, raising the prospect of more regulation for retailers who offer 'gift cards' and other loyalty schemes.

Electronic money, or "e-money" is basically electronically stored value that can be used to make payments to people other than the issuer, while "limited network" or 'closed-loop' stored value can only be used to pay the issuer (as with a loyalty points scheme, fuel card or gift card, for example).

E-money is not to be confused with "crypto-currencies" like Bitcoin, Ether etc. which are not considered "funds" for regulatory purposes because they are not 'fiat' currencies that are backed by governments as a matter of law ('legal tender').

The issuance of e-money was first regulated distinctly from banking by the EU in 2000, under the E-money Directive (EMD) which was replaced by a new directive (EMD2) from 2011. By then the activities of electronic money issuers/institutions (EMIs) had also become regulated under the Payment Services Directive (PSD) from 2009, which was replaced in mid-January 2018 by regulations implementing PSD2.

Inconsistencies

These directives are supposed to be applied the same way by all member states in the European Economic Area (28 EU member states plus Iceland, Liechtenstein and Norway). But the Commission has found that EMIs "engage in "forum shopping", choosing to register in the Member States that provide the most beneficial legal frameworks from their viewpoint." EMIs can then use a "passport" process to offer their services in the remaining EEA member states.

For example, the Annex to the report shows that the UK is home to 87 of the EU's 172 E-money institutions (EMIs), with Malta being the next most popular base (13) then Cyprus (10). This also means that the 87 EMIs based in the UK will need a new base in one of the remaining EEA member states from which to passport their EEA-facing services after Brexit.

The UK is also home to 19 of the EU's 74 small EMIs (who transact less than €3 million a month over a 12 month period), with the Netherlands home to 23 and Latvia 12. But small EMIs have no passport rights, anyway, so do not raise the same concerns.

Benefits of EMD2

The benefits of EMD2 were cited as more clarity and lower capital requirements than EMD1; on top of the fact that payment services regulated under PSD2 and e-money services can be provided under the EMD2 authorisation.

The Commission did not find any consumer harm associated with using e-money or redeeming it for cash (withdrawing the funds equivalent to their e-money balance to another payment account or via an ATM).

Compliance costs are said to range from 1% to 5% of overall costs (€25,000 to €500,000) offset to some degree by the reduction in capital requirements from €1 million under EMD1 to €350,000 for full EMIs under EMD2 (compared to €125,000 for full payment institutions under PSD2).

Issues

Negative factors associated with EMD2 were found to be mainly the inconsistencies in how each EEA member state views the role of an EMI's "agent" (which the EMI has to register) and "distributor" (of which an EMI just has to notify its regulator); and "limited network" or 'closed-loop' stored value, which is unregulated. The inconsistencies make it more difficult to predict the regulatory status and related requirements from case to case and state to state.

EMIs also complain that banks won't allow them to open bank accounts as easily as other types of firms, although the Commission hopes this will be improved by various access provisions in PSD2, and moves by central banks to allow EMIs (and PIs) access central bank accounts and settlement systems.

Next steps

The Commission will explore ways to improve consistency in interpreting the role of agents, distributors and "limited networks". In addition, it will consider making large 'limited network'  providers subject to some (unspecified) aspects of EMD2, even though they must already register with the local regulator when their network transaction volume exceeds €1 million over a 12 month period).

FCA Weighs In On #InitialCoinOfferings

The Financial Conduct Authority has just published its thoughts on "initial coin offerings" (ICOs), the issue of cryptographic tokens or 'currency'. There is already a wide variety of purposes for ICOs, making them much harder to classify than your typical stock market "initial public offering" (or IPOs) with which some people seem to be equating them.  The FCA has also provided links to guidance from: 

• the U.S. Securities and Exchange Commission, 
• the Monetary Authority of Singapore, 
• the Canadian Securities Administrators, 
• the People’s Bank of China and 
• the Securities and Futures Commission of Hong Kong.

Many additional risks also arise from the fact that the nature of the 'coins' or cryptographic currency and whether there is a market for those - quite apart from the purpose for which funds are being raised and/or invested in - as well as the distributed ledger in which they and related transactions are based. We are a long way from the usual stakeholders (like regulators) understanding and engaging with the new technology, let alone standardising any kind of process for doing ICOs as 'efficiently' as IPOs or even traditional technology projects (hopefully more so!).

I have no reason to think ICOs won't necessarily become fairly commonplace in due course, but it's appropriate for the regulators to be treading cautiously at present - although they should be supportive of genuine attempts to innovate in this area and engage positively with issuers while warning investors of the risks.

Here's a helpful ICO 'tracker' from CoinDesk.

 

Money Laundering Includes... Tax Evasion and Virtual Currencies?

Hot on the heels of the UK's consultation to introduce the 4th Money Laundering Directive comes the imminent EU approval of MLD5. 

A key element involves the creation of a central register of beneficial ownership of legal entities and related ownership arrangements, plus ongoing monitoring of those arrangements, with the intention that: 

"The enhanced public scrutiny will contribute to preventing the misuse of legal entities and legal arrangements for ...predicate offences such as tax evasion."

Other key provisions may be seen as closely related to this ambition: 

• creating a central register of all citizens' bank/payment accounts;
• enabling authorities to go hunting for evidence of suspicious activity even in the absence of a 'suspicious activity report';
• imposing customer due diligence and transaction monitoring obligations on 'virtual currency' exchanges and wallet providers; and
• reducing the limit of anonymity for prepaid cards/instruments.

Needless to say, the members of the European Banking Federation are very uncomfortable with the idea of equating tax evasion with money laundering. The nub of EU banks' concern seems to be that their tax evading customers will simply move their accounts to banks based outside the EEA, the implication being that they'd quite like to retain the business! To be fair, it is a little odd that the list of countries with deficient anti-money laundering regimes doesn't include tax havens typically associated with tax evasion.

But there are reasonable objections on the basis that centralising such sensitive and valuable personal data would be a 'snoopers/fraudsters charter'; and creating a central record of every citizen's bank account and financial arrangements seems mightily disproportionate to the benefit of collecting evidence on the comparatively small proportion of the population that would be involved in significant organised crime or tax evasion. It's surprising that the European Economic and Social Committee ("EESC") did not object on these grounds - either the 'social' aspect of the committee's remit is subordinate to the 'economic' interest, or they consider that the whole of society should happily sacrifice privacy and security to ensure everyone pays their fair share of tax. That's certainly the Scandinavian practice. At any rate, the European Central Bank says that member states' central banks shouldn't have to operate the central registers unless they can bill the government for doing so - highlighting the more important point, that governments are better at wasting the taxes they do manage to collect than collecting taxes in the first place.

The FinTech crowd will no doubt be concerned about stealth regulation of distributed ledger technology or blockchains, via the virtual currency requirements. A "virtual currency" is quite broadly defined as:

"...a digital representation of value that is neither issued by a central bank or a public authority, nor necessarily attached to a fiat currency, but is accepted by a natural or legal person as a means of payment and can be transferred, stored or traded electronically."

Even if exchanges and wallet providers are prepared to tolerate AML regulation as the price for entering the 'mainstream', trying to regulate 'virtual currencies' (or any aspect of digital ledger technology or blockchains) at this early stage is very problematic. The above definition is broad but still does not cover every characteristic of a currency (which the Isle of Man has tried to capture). Indeed, the ECB has bluntly responded that so-called 'virtual currencies' are not currencies or money, pointing out they can also be used for other purposes and the holders don't need to use exchanges or wallet providers. The courts are also struggling with the concept that such 'currencies' are 'ownable' or 'property', as Lavy and Khoo have also explained.

Little wonder that the EESC recommends creating some kind of "European tool for monitoring, coordinating and anticipating technological change." But quite how Europe intends to 'anticipate' let alone 'coordinate' blockchain development is anyone's guess!

In any event, retailers should breathe a sigh of relief. Gift cards and other 'closed loop' instruments generally would not fit the MLD5 definition of a virtual currency, since they typically cannot be transferred or traded electronically. And there is a specific exclusion consistent with the 'limited network' exemption from the definition of electronic money (and therefore 'funds') for instruments that can be used to acquire goods or services only in the premises of the issuer, or within a limited network of service providers under direct commercial agreement with a professional issuer, or that can be used only to acquire a very limited range of goods or services. But note that the limited network exemption will be significantly narrower from January 2018, especially for programs transacting more than EUR1m a year.

At least someone wins!

Isle of Man Goes Crypto-Crazy

I'm indebted to my colleagues in the Isle of Man for pointing me to the IoM's recent Designated Businesses (Registration and Oversight Act 2015, which imposes various registration and anti-money laundering requirements on distributed ledger technology. Do we have a poster-child for how regulation of new technology can go way too far?

The IoM compliance obligations are aimed at: 

"the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating convertible virtual currencies, including crypto-currencies or similar concepts where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity;"

This seems likely to be counter-productive, to say the least, given that the 'currency' aspect of distributed ledgers is often merely there to reward the 'miner' or processor of transactions or events that occur on the ledger, regardless of whether those events are themselves financial in nature - financial services being merely one of many different potential applications.

So, should every business on the IoM that uses, or might wish to use, distributed ledgers register with the authorities and introduce AML controls on everyone it deals with, just in case? Maybe so...

Two specific points to make:

1. ‘convertible virtual currencies’ are defined more broadly than one would expect:

“including crypto-currencies or similar concepts [neither term being defined, except by what follows…] where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity”, 

Most definitions of a ‘currency’ require all these criteria to be met, not just any one of them. Imagine what would happen to the US Dollar, for example, if suddenly it was not accepted as meeting just one of the above criteria...  Indeed, for this reason many people disagree that Bitcoin - the most widely used form of 'crypto-currency' - is still nothing more than a commodity.

In addition, none of the typical exemptions under payment services regulations seem to be imported here. To take but one relevant example: consumer loyalty/rewards programmes are typically exempt on the basis that the rewards are only accepted as a means of payment within a 'limited network'. Do the local authorities really want every business participating in a loyalty scheme on the Isle of Man to register and apply AML controls just because the scheme involves distributed ledger technology? Maybe so...

2.  Similarly, the list of activities that trigger the relevant compliance obligations would seem to cover a vast array of potential services and their providers/users - recognising that these are distributed ledgers to which all computers running the protocol have the same access. Again, just think of consumer loyalty programmes as you go through the list:

the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating...

Even payment services regulation, for instance, exempts technology services that support transactions without the service provider handling funds. And the whole point of the ledger is that no intermediary is actually handling funds - its all happening peer-to-peer amongst machines - indeed perhaps everyone's device is handling the funds. Furthermore, there will be instances where access to a distributed ledger is just one element of a wider system - as in the car-rental example, or tracking shipping containers - and it may not be clear to everyone that a distributed ledger is involved if it's just to share the location or state of a vehicle or container.

Still, the Isle of Man's approach might at least be useful in demonstrating how regulation in this area can go too far...