Digital Objects: A New Class of Personal Property in English Law

Following the Law Commission consultation paper published in August 2022, which I later summarised for the SCL, the Commission has now published its report on the consultation process and a related summary. I'm yet to dig into the report fully, but here's a quick run-down on the summary. Professor Sarah Green and her team are to be commended on their consultation paper, the manner in which they conducted the consultation process and the report itself. Theirs is a colossal and momentous achievement that will no doubt form the basis of considerable legal evolution in the years to come.

The Commission has found that English law has recognised "certain digital assets as things to which personal property rights can relate" as a distinct legal category, but that certain complex areas of legal uncertainty remain that law reform could reduce. For instance, there are "difficult boundary issues" in distinguishing between digital 'assets' such as crypto-tokens; private, permissioned blockchain systems; voluntary carbon credits; in-game digital assets; and digital files. These assets may be based on very different technologies and whether they can or should attract personal property rights may depend on particular sets of facts.

Overall, the Commission recommends that this uncertainty would be best met through the evolution of case law and some targeted legislation, with support from a panel of industry-specific technical experts, legal practitioners, academics and judges.

More specifically (but by no means exhaustively), the Commission concludes that, under the law of England & Wales ("English law"): 

1. a 'thing' should not be deprived of legal status as an object of personal property rights merely because it is neither 'a thing in action' nor 'a thing in possession' (the main traditional forms of personal property);
2. personal property rights should relate to a thing that is rivalrous (i.e. where the use or consumption of the thing by one person (or specific group) necessarily prejudices the use or consumption of that thing by others);
3. factual control (plus intention) can found a legal proprietary interest in a digital object, and in certain circumstances such an interest can be separate from (but less than) a superior legal title;
4. it is possible (with the requisite intention) to effect a legal transfer of a crypto-token either off-chain (by a change of control) or on-chain (by a transfer operation that effects a state change);
5. a special defence of 'good faith purchaser for value without notice' can be recognised and developed in common law (i.e. via the courts) in relation to crypto-tokens and other 'third category things';
6. crypto-token intermediated holding arrangements can be characterised and structured as trusts, with rights of co-ownership by way of an 'equitable tenancy in common' (rather than necessarily joint and several interests);
7. recognising a control-based legal proprietary interest could provide the basis for an alternative legal structure for custodial intermediated holding arrangements in addition to trusts, whereby certain holding intermediaries acquire a control-based proprietary interest in crypto-token entitlements that is subject to superior legal title retained by users;
8. the courts could develop principles of tortious liability for wrongful interference with 'third category things' by analogy with the tort of conversion;
9. The Financial Collateral Arrangements (No 2) Regulations 2003 (FCARs) should be amended to confirm and clarify their applicability to crypto-tokens, cryptoassets (including central bank digital currencies (CBDCs) and fiat currency-linked stablecoins) and/ or mere record/register tokens, including where a financial instrument or a credit claim is tokenised and effectively linked or stapled to a crypto-token; 
10. UK company law should be reviewed to assess the merits of reforms to confirm the validity and/or use of crypto-token networks for the issuance/transfer of equities and other registered corporate securities, including the extent to which applicable laws might support the use of public permissionless ledgers for such purposes; and
11. the UK government should establish a multi-disciplinary project to create a bespoke statutory legal framework to facilitate the certain crypto-token and cryptoasset collateral arrangements.

Again, the consultation and report represent a colossal and momentous achievement by the Professor Sarah Green and her team, who should be commended for their efforts. I'm sure their work will form the basis of a great deal of legal evolution in the coming years.

The Payments Industry Required To Cover 'Push Payment' Scams

The UK’s Payment Systems Regulator (PSR) has announced it will impose a new reimbursement requirement for ‘authorised push payment fraud’ (APP fraud) involving the Faster Payments system from 2024, with a further review in 2026. APP fraud occurs where a fraudster tricks someone into sending a payment to a payment account controlled by the fraudster (or a ‘mule’). I've summarised the requirements below for information purposes, but if you need advice on the scope or application of the new requirements, please let me know.

What is APP fraud?

APP fraud involves payments where the victim is deceived into allowing or authorising a payment from their account with a bank or other payment service provider (PSP), including where they intend to transfer the funds to someone else but are deceived into transferring the funds to the fraudster instead (or the fraudster's associate or ‘mule’), or where the victim is deceived as to the purpose of transferring the funds to the account outside their control. 

Examples of APP fraud involve impersonation, investment, romance, purchase, invoice and mandate, CEO fraud and advance fees.

How much APP fraud is there?

According to UK Finance, there were approximately 207,000 reported cases on personal accounts in 2022 (up 6%) worth £485m, but “many cases” go unreported. Most (97%) involve the Faster Payment system (though APP fraud payments make up only 0.1% of all Faster Payments. 

Mandatory reimbursement will be on top of the voluntary Contingent Reimbursement Model (CRM) Code launched in 2019, which covered 66% of APP fraud losses within its scope in 2022; and some other initiatives by individual firms. 

What about other payment methods?

The Bank of England is also committed to achieving similar reimbursement for consumers making larger 'CHAPS' transactions. 

The PSR will also consider whether the new reimbursement requirement should apply to other payment systems in due course, but it will apply to the New Payments Architecture (NPA) that will replace existing inter-bank payment systems by 1 July 2026. 

Which customers are covered?

The new reimbursement requirement applies to consumers, microenterprises and small charities (which are all treated as ‘consumers’ under the Payment Services Regulations and is the same coverage as the CRM Code). 

The sending PSP processing an APP fraud claim should assess the customer’s situation and any potential vulnerability in line with the FCA’s guidance for PSPs on the fair treatment of vulnerable customers. 

A vulnerable customer is someone who, due to their personal circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care. 

If a customer is deemed vulnerable for a specific APP fraud, the sending PSP must not apply the customer standard of caution (gross negligence) or claim excess. 

Which firms are liable for a reimbursement?

The new requirement will mean payment firms must reimburse all in-scope customers who fall victim to APP fraud, sharing the cost of reimbursing victims 50:50 between sending and receiving payment firms, with extra protections for vulnerable customers. PSPs must reimburse customers within 5 business days. There will also be a deadline for firms reimbursing each other, where one pays the customer first. 

The regulator will consult later this year on a potential maximum limits for reimbursements, and claims must be made within 13 months after the final payment to the fraudster. 

Only the PSP that operates the sending payment account and the PSP that operates the receiving payment account for a qualifying transaction are both required to provide reimbursements. This means that a ‘payment initiation service provider’ will not need to provide reimbursements unless it is also acting as the receiving PSP. 

Which payments are covered?

Only payments made using Faster Payments where the victim is deceived into allowing or authorising a payment from their account with a PSP to another account outside the victim's control at another PSP.

Where fraudster persuades the victim to go through several steps - first transferring their money from the sending account at one PSP to another account that the victim has at a different PSP, before then transferring the funds to an account outside the victim’s control at another PSP (‘multi-step APP fraud’), the reimbursement requirement only applies to the Faster Payment made from the victim's last sending account to the receiving account outside the victim’s control.

Which payments are not covered?

The reimbursement requirement does not apply to: 

• civil disputes, such as those relating to the quality of goods/services which are mainly covered by consumer rights legislation; 
• payments which take place across other payment systems; 
• international payments; or 
• payments made for unlawful purposes.  

There will also be no reimbursement where the customer has acted fraudulently (‘first-party fraud’) or with gross negligence, which the PSP must prove. 

The PSR has no regulatory power to require reimbursements for ‘on us’ payments, where the fraudster uses a receiving account with the same PSP where the victim holds the sending account. However, the regulator is seeking to persuade the FCA that this must be the case. The PSR also suggests the same result should apply for users of Bacs and payment cards. 

How will the PSR enforce the requirements?

The Regulator will direct Pay.UK to put the new reimbursement requirement into Faster Payments rules and give a general direction to create a regulatory obligation on in-scope PSPs to comply with the requirement in the Faster Payments rules. The regulator will also issue guidance on what constitutes ‘gross negligence’ by customers. 

This post does not constitute legal advice. If you need advice on the scope or application of the new requirements, please let me know.

UK Authorities To Slam Stable Door On Crypto Promotions In October.

You may have noticed that the UK government has been somewhat distracted (since, oh, 2016), but the FCA has finally received the legislative support to publish its near-final financial promotion rules for cryptoassets and related guidance. These follow final rules for other high-risk investments(i.e. excluding cryptoassets) published in August 2022. The new rules classify currently unregulated cryptoassets as ‘Restricted Mass Market Investments’ and restrict how they can be marketed to UK consumers. The rules take effect from 8 October 2023, with a 4 month transition period thereafter (any comments on the related Guidance should be submitted by 10 August). The FCA promises "robust" enforcement action against firms in breach, such as take down requests, adding firms to the FCA's warning list of unauthorised firms and criminal prosecutions that could result in an unlimited fine and/or 2 years in jail... 

The rules apply to ‘qualifying cryptoassets’ - basically cryptographically secured digital representations of value or contractual rights that are transferable and fungible, but does not include cryptoassets that are regulated as electronic money or an existing 'controlled investment' for financial promotions purposes (since the promotion of those is already regulated).

This means that 'invitations' or 'inducements' to engage in the following activities in relation to the newly qualifying cryptoassets will be caught by the rules: 

• dealing 

• arranging deals 

• managing 

• advising 

• agreeing to carry on specified kinds of activity in relation to these qualifying cryptoassets.

However, cryptoasset exchanges and custodian wallet providers who are registered with the FCA under money laundering regulations and not otherwise authorised firms will be able to communicate their own cryptoasset financial promotions to UK consumers; while firms that are only authorised under the Electronic Money Regulations, or the Payment Services Regulations will not be able to communicate or approve cryptoasset financial promotions at all under the law as it stands.

The result is that there will only be 4 routes for legally promoting cryptoassets to UK consumers: 

• by an authorised person; 

• by an unauthorised person with the approval of an authorised person (a process that will get tougher when authorised firms have to pass through a new regulatory 'gateway' before they can approve financial promotions for unauthorised persons);

• by a cryptoasset business registered with the FCA for money laundering purposes;

• under a specific exemption (but exemptions for 'high net worth' or 'self-certified sophisticated' investors or for the sale of goods or supply of services are not available). 

This post only summarises some of the rules and does not constitute legal advice. If you need assistance with any of this, please let me know.

European Consumer Groups Move Against Social Media Platforms Over Crypto Ads and Influencers

Here's a link to my post on this for Ogier Leman.

The Consumer Association of Ireland was not listed among the members of the European consumer group (BEUC) calling for action against social media platforms for facilitating misleading crypto asset promotions. In the report, Hype or Harm: The Great Social Media Crypto Con, BEUC and member consumer organisations in Denmark, France, Greece, Italy, Lithuania, Portugal, Slovakia and Spain filed a complaint with the European Commission and EU consumer authorities against Instagram, YouTube, TikTok and Twitter for facilitating the misleading promotion of crypto assets in violation of those platforms' own policies.

BEUC points out that under the EU’s Unfair Commercial Practices Directive, social media platforms need to exercise a certain level of care to ensure their users are not harmed by others, including influencers. BEUC alleges that by allowing misleading crypto ads to "multiply" on their platforms through advertising and influencers, the platform operators have engaged in unfair commercial practice, exposing consumers to serious harm, in terms of losing significant amounts of money.

BEUC is also calling on the Consumer Protection Cooperation (CPC) Network of authorities responsible for enforcing EU consumer protection laws to request the following action from the platforms:

Stricter advertising policies (and enforcement of them) on the advertising of crypto;

The adoption of measures to prevent influencers from misleading consumers as to the nature of crypto;

To inform the European Commission about the effectiveness of their measures to protect consumers against unfair crypto practices;

In addition, BEUC calls on European consumer authorities to cooperate with European financial supervisory authorities to ensure the platforms adapt their advertising policies to prevent the misleading promotion of crypto.

Dealing With Cryptoassets: UNIDROIT Principles on Digital Assets and Private Law

The International Institute for the Unification of Private Law (UNIDROIT) has adopted legal guidance on how to approach private law transactions involving "digital assets", with examples. The principles are intended to be "guidelines for States to enable their private laws to be consistent with best practice and international standards in relation to the holding, transfer and use as collateral of digital assets", rather than covering financial or other ‘regulation’ or ‘regulatory law’, such as whether a person must be authorised to engaging in activities relating to digital assets or how digital assets should be 'held' for regulatory purposes. This is one of a number of such initiatives (such as the UK Law Commission consultation on "digital objects") that have been running in parallel for some time. There are some differences in approach, a key one being whether 'control' should be a distinguishing criteria for the purpose legal status or treatment.

The UNIDROIT Principles set out:

• The scope of private law principles in dealing a subset of digital assets that are capable of being subject to 'control', including definitions;

• the principal that a digital asset can be the subject of proprietary rights (without addressing whether they are considered ‘property’ under local law);

• the concept of linked assets;

• applicable private international law; 

• the concept of "control" of a digital asset and the factual 'abilities' needed to demonstrate control;

• identifying a person in control of a digital asset; 

• the rights of innocent acquirers who have 'control' and meet certain additional requirements;

• the rights of transferees from innnocent acquirers ('shelter rule');

• custody, including duties owed by a custodian to its client;

• insolvency of a custodian and related creditor claims;

• secured transactions, including control as a security method;

• priority of security rights (a secured creditor who has control of a digital asset will have priority over other secured creditors with a security right in the same digital asset who do not have control of the digital asset);

• enforcement of security;

• the application of laws to address procedural matters, including enforcement; and

• the effect of insolvency on proprietary rights in digital assets.

The UNIDROIT principles are aimed at gaps in typical state laws and stop short of addressing issues such as intellectual property rights, consumer protection, contract and property law, such as whether a proprietary right in a digital asset has been validly transferred, a security right validly created.

UK Consults On BNPL Regulation

Further to my note in June, the UK Treasury is now consulting on the enabling legislation necessary to narrow the exemption for Buy Now Pay Later (BNPL) products, paving the way for greater supervision of the sector by the Financial Conduct Authority. I've included a quick summary of the provisions below. If you need assistance in understanding the potential impact of the proposed regulatory changes, please let me know.

Basically, the scope of consumer credit regulation is being expanded to include BNPL agreements offered by lenders but not by suppliers directly. The government had intended to regulate all BNPL agreements provided by suppliers either online or at a distance, but this was found to disproportionately impact many types of arrangement where there is little, if any, evidence of consumer detriment.

In effect BNPL agreements will be regulated where they are 'borrower-lender-supplier' agreements for  fixed-sum credit (the existing 'running accounts exemption' is not affected) to individuals, small partnerships etc., which are: 

• interest-free; 
• repayable in 12 or fewer instalments within 12 months or less; 
• the credit is provided by a person that is not the provider of goods or services which the credit agreement finances (i.e. third-party lenders); and 
• not specifically exempt under other consumer credit exemptions (plus a new, related exemption). 

There's an 'anti-avoidance' measure to capture agreements where the merchant has an arrangement with the third-party lender to sell the goods to the lender at the point when the agreement is taken out (seeking to turn the lender into a supplier). 

Trade credit and invoicing arrangements will remain exempt, but new specific carve-outs have had to be made to finance insurance contracts/premiums; registered social landlords to their tenants to finance the provision of goods and services; and where the borrowers are employees and which result from an arrangement between their employer and the lender or supplier.

The relevant agreements will qualify as regulated credit agreements within the consumer credit regime under the Regulated Activities Order (RAO). Firms offering those agreements and related regulated activities will need to be authorised and supervised by the FCA, with complaints referable to the Financial Ombudsman Service. 

These agreements will not benefit from lighter regulation that applies to 'small agreements' but will be spared certain pre-contract explanations under the Consumer Credit Act 1974 (CCA) in favour of more proportionate FCA disclosure rules. Consumers are also spared a deluge of information because certain other distance marketing disclosures won't need to be made for these agreements by unauthorised brokers where the information has already been provided by the authorised lender.

Those introducing borrowers to lenders to obtain regulated BNPL agreements will not need to be authorised for credit broking unless conducting that activity in the borrower's home.   

Advertisements and other 'financial promotions' communicated by unauthorised firms for regulated BNPL agreements will need to be pre-approved by an FCA authorised firm (which will not include a firm acting as a payment or e-money institution).

The new regulations won't apply to relevant agreements entered into prior to the changes taking effect; and there are transitional arrangements to enable firms to carry on certain regulated activities in relation to regulated BNPL agreements for a limited time to allow them to get properly authorised, but the duration is a matter for the FCA. It's worth noting, however, that any business that does take advantage of the 'temporary permission regime' must comply with the law and FCA rules applicable to consumer lending (or exercising a lender's rights) and credit broking (if visiting borrowers' homes). That is unlike previous 'grandfathering' type arrangements, where firms could continue as they were until authorised; and potentially problematic, as any unregulated lender offering BNPL today would likely face a very steep climb to operating on a regulated basis.  

It is also left to the FCA to determine how its rules on credit checks, which could prove a thorny issue to the extent we are focusing on borrowers who can't afford the price of fairly low value consumer items. 

But there remains uncertainty over the extent to which the form of agreements and post-contractual notices will be prescribed.

The limits for the application of 'section 75' CCA liability for suppliers will not be altered (£100 to £30,000).

If you need assistance in understanding the potential impact of the proposed regulatory changes, please let me know.

UK Regulatory Warns Again On Cryptoasset Promotions

The FCA has explained again that there are currently only three ways to communicate cryptoasset promotions to UK consumers, with a fourth channel pending:

1. via an FCA/FSMA authorised firm [which does not include an e-money or payment institution for these purposes]. 
2. via an unauthorised firm but approved by an FCA authorised firm [the govt is proposing a regulatory 'gateway' for authorised firms that wish to approve financial promotions for unauthorised firms]. 
3. a cryptoasset business registered under money laundering regulation with the FCA (cryptoasset exchange and custodian wallet providers), communicating its own promotions [under a pending exemption].
4. the promotion otherwise complies with the terms of an exemption in the Financial Promotion Order.

Even with the new route, promotions not made using one of these channels will constitute a criminal offence punishable by up to 2 years imprisonment.

This post is for information purposes and does not constitute legal advice. Please let me know if you need legal assistance in this area.