From Bitcoin to blockchain: Solving the regulatory cryptogram
Around 18 months ago, most people were still working out what blockchain was and what it meant for their businesses. Roll forward to today, and thousands of cryptocurrency and blockchain-enabled services are conducting millions of real life transactions using these technologies.
On top of this, regulated cryptocurrency exchanges are beginning to appear in various jurisdictions and an increasing range of assets are being "tokenised".
Consequently, institutional interest in this new asset class is rising.
However, as with any rapidly evolving technology, there have been some teething problems.
Many banks, custodians, asset managers and other organisations have been unable to enter this investment arena due to various barriers, including the lack of digital assets traded on recognised exchanges and the requirement for independent custodians to intermediate trades.
Additional challenges are the need for regulated firms who are dealing with crypto-assets to be covered by Professional Indemnity (PI) and Directors and Officers liability (D&O) insurance, which can be difficult to obtain.
Participants in a transaction also need to ensure that adequate know your customer (KYC) and anti-money laundering (AML) checks have been carried out.
While regulators and cryptocurrency companies are still working out acceptable solutions to some of these conundrums, for others, the hurdles appear to be more notional than practical.
Here, we examine some of the more common legal and practical issues faced by businesses in the cryptocurrency and payment platform sectors and discuss the latest thinking on how to overcome these obstacles.
What is cryptocurrency?
One of the main concerns when it comes to defining cryptocurrencies and digital payment technologies for UK regulatory purposes relates to whether these services fall under the remit of the Financial Services and Markets Act 2000 (FSMA).
If so, this then raises the question of which investment category cryptocurrencies belong in. If they do not fit into any existing classification, regulators may need to consider setting up an entirely new category – one which takes into account not only what a crypto-asset is, but also how it is used.
Realistically, most cryptocurrencies should be classified as security tokens, even though they might have previously been termed as "utility" tokens.
Some issuers may still argue that their currency is utility-oriented, but such classification warrants a tough functionality test to make sure these tokens perform in the way they are marketed.
Most mutual funds that the public are able to buy can only invest in assets on a recognised trading exchange, which rules them out of participating in the majority of crypto-assets, as these are not widely available on regulated bourses.
A number of exchanges, such as Tzero and OpenFinance in the US, the Gibraltar Blockchain Exchange (GBX), and the Swiss stock exchange owner, Six, are looking to list crypto-assets, so it is possible that this barrier could be removed in the near future.
However, this still leaves the custody issue. Most regulated fund managers are required to have a third party custodian to intermediate a trade – a requirement that seems out of kilter with the blockchain concept, as it involves inserting a centralised authority into a decentralised environment.
KYC and AML
KYC and AML feature prominently at the top of most of the lists of concerns for regulated companies looking to participate in or use cryptocurrencies.
From a legal perspective, it is perhaps surprising that this is such a worry for businesses, since the very nature of cryptocurrencies and distributed ledger technologies (DLT) makes it relatively easy to track transactions.
In fact, many cryptocurrency businesses have rigorous KYC and AML procedures in place, and several have returned capital to potential investors who have not met their KYC/AML requirements.
Evidence from both the UK and the US has shown that indelible identity stamps on cryptocurrency transactions enable authorities to break down any criminal and terrorist financing networks that may be using digital payments to move money.
The anxiety around KYC and AML in the crypto sector seems to be largely a reputational issue – not helped by the fact that the original meaning of the prefix "crypto" is "secret" or "hidden".
How can AML/KYC be controlled on secondary markets?
Technically, it is relatively straight-forward to KYC and AML-screen cryptocurrency investors at the point of investment.
But when crypto assets enter a secondary market and become tradeable on an exchange or off exchange in the over the counter (OTC) market, it becomes much more difficult for an issuer to keep a register of where these assets have gone.
At present, it is the responsibility of the cryptocurrency issuer, rather than the trading exchange, to ensure tokens are only traded with qualifying entities.
This could prove a tough nut to crack, although some companies are taking the initiative and testing ways of solving this problem, including through the use of crypto-wallets.
Alternatively, we could see a situation where the exchanges become “gatekeepers”, by insisting, as the GBX does, that those wishing to trade first carry out appropriate KYC and AML checks.
In China, this problem has been largely solved by the practically universal use of WeChat, a multi-purpose messaging, social media and mobile payment app that tags every individual user with a unique identifier, which tracks and stores the type of detailed data required for KYC and other identity checks.
Although use of this type of technology is growing in Asia, so far it has not been embraced in Europe or the US – to the extent that scanning and emailing PDFs of utility bills as proof of identity is still common practice in the UK.
However, the WeChat model could be adapted for cryptocurrency and blockchain and might assuage many KYC and AML concerns European and North American regulators are grappling with, while at the same time providing greater privacy controls for the investor.
When is a security not a security?
The crux of the challenge for initial coin offerings (ICOs) – a method of fundraising using cryptocurrencies – is often the question of whether a cryptocurrency is a fund or a security.
Generally speaking, it is currently better to structure your token so as to ensure it can be placed, with as much certainty as possible, into a regulated "bucket", rather than claiming your token is a "genuine utility" and hoping it will fall in unregulated territory.
This is because the areas between the regulated activities are often grey. Unless your token is merely a digital representation of something which is already fully functioning, such as an air miles loyalty scheme, there is always a risk that a regulator in one or more jurisdictions will decide your token is in fact a security – particularly if your business fails and investors lose money and start complaining.
Crypto companies are far better to head off such risk by stating their intention to treat their token like a share, a debt instrument, a fund/collective investment scheme or an alternative investment fund (in the UK/EU). It could also be treated like a derivative or e-money.
Companies also need to consider carefully to whom they promote their offer, how to go about promoting and in what territories, as well as whether a prospectus or other legal document is needed.
In the M&A context, this situation is likely to throw up some unique challenges in due course – particularly for businesses trying to acquire companies that have raised money through ICOs.
When looking to take control of a crypto-backed company, it is unclear whether the purchaser should simply acquire the equity of the target and leave the tokens in the market, or whether they should execute a token for equity exchange or some other structure regain control of the tokens.
Clearly, in such situations, there is the potential for conflict between token-holders and shareholders, especially if there is a mismatch between the valuation expectations of these two groups.
Until a solution is found, this contingency needs to be on checklists for companies looking to conduct M&A in crypto territory.
Where to incorporate?
Many cryptocurrency businesses are well-travelled. Very often, they have considered setting up in one or more of the jurisdictions perceived to be most "crypto-friendly", such as the Cayman Islands, Bermuda, Gibraltar, Malta and Switzerland.
The reality is that, to date, no country has come out with a full suite of definitions and regulations for cryptocurrencies that give the sector satisfactory equivalence with established asset classes.
This uncertainty among regulators has affected the stability of cryptocurrency – which is one of the reasons why there has been significant volatility in the value of traded cryptocurrencies. This is also a reason why many institutions are not trading crypto-assets.
However, the UK’s Financial Conduct Authority (FCA) has taken what looks to be a sensible position of refraining from regulating crypto-assets too early and risk stifling innovation and growth. This is based on the FCA's view that the current legal framework, coupled with its regulatory sandbox initiative for testing new financial technologies, is sufficient for now.
Market participants have called on the FCA to follow up on the outcomes of the sandbox by taking the lessons and successes from the scheme into the market – or risk losing out to other, more commercially-minded regulators who could also benefit from the sandbox's success stories.
The cryptocurrency sector has come a long way in the last 18 months in terms of understanding and the establishment of primary infrastructure to enable digital payment services to develop and grow.
But there is still a long way to go before crypto services become mainstream, trusted financial mechanisms.
Regulatory challenges related to ICOs remain among the murkiest in the cryptocurrency sector. In the UK, it is hoped that the FCA will shortly clarify its thinking on this topic and that the regulator will give cryptocurrency companies the support to help shape and adapt to how the sector is governed.
Definitions also need to be looked at – it is not helpful for regulators to distinguish between different types of tokens, as this adds to uncertainty in the sector, which in turn fuels volatility.
From a banking perspective, new challenger banks which rely on digital payment technologies are helping to carve out new ways of transacting efficiently and safely in the crypto-sphere, free as they are from legacy infrastructure which is proving something of a drag for more established banks.
As for AML and KYC challenges, these are perhaps more easily solved than some of the other issues facing the crypto sector, as they are essentially educational, rather than technical challenges.
Lawyers have a role to play in delivering that education and guidance. Equally, additional clarity from insurance companies on what policies are being written for D&O and PI indemnity cover for cryptocurrency businesses will help build confidence in the sector.