Following the proliferation of initial coin offerings (ICOs) last year, in which funds raised through the sale of digital tokens surpassed venture capital funding, we have seen different approaches, interpretations and developments evolve rapidly in the space. The Government of Gibraltar (GoG) has taken the bold move of being the first authority to publish proposals for specifically regulating certain activity in this new area of crowd financing.
Recent proposals in France are also aiming to provide legal certainty, but in the form of an optional authorisation scheme where certain initiatives would aim to operate within an approval system and be required to provide certain guarantees, while those that choose not to comply would not be restricted from operating. Other regulators are approaching the ICO space quite differently. The Luxembourg regulator (the CSSF) has recently issued a warning against investments in the space, raising the issue of the absence of consumer protection, and lack of verifiable information. Some regulators such as FINMA in Switzerland have issued guidance assisting to classify tokens in separate categories, to which certain requirements would apply, while others, such as the MAS in Singapore, have offered some guidance around the interpretation issues that are relevant in categorising tokens within the existing financial services regulatory scope.
It is probably fair to comment that the growing concerns about the vast sums of money being raised through ICOs, without appropriate regulatory oversight or regulatory standards, have been well documented and discussed across international communities. Mark Carney, Governor of the Bank of England and Chairman of the G20’s Financial Stability Board, for example, referred to the “anarchy of crypto-asset markets” in his speech to the inaugural Scottish Economics Conference on 2 March 2018. It therefore comes as no surprise that 2018 is likely to be the year of cryptoregulation, with many regulatory authorities placing crypto-related activities high up on their regulatory agenda and stepping up their efforts in this space.
However, how is this going to occur on an international basis? Developments around the world and interpretation issues around concepts relating to SAFT arrangements, the relevance of functionality (on a jurisdictional test basis) and its implications, the focus on the way that a particular sale takes place, or how it takes place, the disclosure requirements, material information standards that are specific to Blockchain tokens, the general application of associated law, and interpretations around arrangements that may or may not trigger existing regulatory requirements, are all points that are evolving and fast moving.
As such, it is very positive to see Gibraltar again strive to be at the forefront of regulatory developments in this space (following on from the introduction of the DLT regulations back in January this year).
In the past week, the GoG has released proposals on how it intends to regulate activities relating to the issue of tokens. In addition to the proposed regulatory framework that the GoG has put forward, it is interesting to note that the proposal document identifies a number of different token utilities/functionalities, openly acknowledging that “most often, tokens do not qualify as securities under Gibraltar or EU legislation”. The point of course is that even tokens that do not qualify under these regimes, but which are issued from Gibraltar, will be subject to regulatory requirements that are built out in a suitable, appropriate and relevant manner. That is, that they do not aim to directly replicate securities law or prospectus directive requirements, written an age before the concept of a token sale even existed, on a simple replication basis, or to bring token sales into those frameworks automatically. It must be possible for those rules, practices and standards to be able to evolve and develop, and to be specifically relevant to this industry.
The Proposals for Token Regulation
At an overview level, the proposals focus on introducing regulations to cover the following activities conducted in or from Gibraltar:
- The promotion, sale and distribution of tokens;
- Operating secondary market platforms trading in tokens; and
- Providing investment and ancillary services relating to tokens.
The underlying objectives of these proposals are centred on core issues that financial services authorities will no doubt have at the forefront of their minds – protecting the interests of consumers/investors and protecting the integrity and reputation of the jurisdiction. Encouragingly, the proposals also highlight supporting “the safe use of tokens as a means of crowd financing” as one of the main objectives behind the introduction of a regulatory framework. It is therefore extremely positive that the GoG recognises the important role that these innovative methods of fundraising have to play in supporting new ventures in this developing sector.
Token Sale Compliance with Regulatory Standards
So what will be the key factors for a token sale conducted from Gibraltar to adhere to the regulatory standards expected by the GoG and the Gibraltar Financial Services Commission (GFSC)? Those with experience of listing rules on regulated capital markets will be familiar with the key requirements being flagged:
- Adequate and accurate disclosure of information; and
- Adherence with AML/CFT provisions.
These are issues that have long been discussed as needing to be addressed in the context of token offerings and therefore it was only a matter of time before such requirements were codified into practice. The modus operandi of conducting token sales started shifting several months ago and best practices already dictate compliance with such requirements in order to be able to forge relationships with regulated financial service providers, so this should not come as a surprise to prospective token issuers.
The proposal document highlights that disclosure rules setting out the form and nature of disclosures will be published by the GFSC and there will no doubt be many people curious to see what disclosure obligations may be involved. It will be especially interesting to learn how such disclosure requirements may compare, or be equivalent to, the disclosure regime applicable to listing equities or debt securities on regulated capital markets.
This is something that will certainly require careful consideration as it would be unrealistic to hold a start-up venture with little to no operating history to the same level of disclosure as established issuers of securities on matured capital markets. Similarly, disclosure requirements will need to make sense and be specialised for the space in order to cover information that will actually provide useful and relevant disclosure to potential participants, as well as cover the key issues that may be relevant to an offering relating purely to a digital asset.
The crypto industry often refers to the concept of “self-regulation”, and best practice frameworks for token offerings have already started emerging over the past few months. Examples of this include efforts by regional blockchain associations such as the Fintech Association of Hong Kong’s document on Best Practices for Token Sales, and private initiatives that include The Brooklyn Project by ConsenSys and the Messari Project by Ryan Selkis. It would therefore be prudent to at least consider such self-regulatory frameworks in establishing applicable disclosure rules for token offerings under the proposed regulations. However, the key difference, of course, is that the concept of self-regulation, while being attractive in the sense that it may be said to decentralise certain standards and requirements, is also in many senses ‘voluntary’ and does not raise the standards through any legally enforceable framework such as the one being proposed in Gibraltar.
Compliance with AML/CFT Provisions
Following the announcement of the token regulation proposals, an amendment to the Proceeds of Crime Act 2015 was enacted to extend AML/CFT requirements on “undertakings that receive, whether on their own account or on behalf of another person, proceeds in any form from the sale of tokenised digital assets…”
The message is clear from the GoG that, even before the token regulations are brought into force, there will be statutory requirements on all token issuers to carry out due diligence on token purchasers and mitigate AML/CFT risks. Some argue that the application of these rules is not relevant or appropriate but the reality is that there will need to be an on-going interaction with the existing financial services industry and framework for any successful business in the space. A simple example of this is any form of interaction with the banking industry. In our mind, the application of these rules is entirely relevant and appropriate and is in fact already followed by most groups in the space in any event.
The days of pseudonymous token sale raises were short-lived and it had been widely touted that compliance with AML/CFT regulations would be a key issue that would require identification and verification of token purchasers. It is now generally accepted that issuers should perform KYC on token purchasers and guard against receiving funds that may be derived from illegitimate sources. Both traditional KYC providers as well as crypto specific KYC solutions (e.g. Coinfirm) are emerging in the token offering industry and becoming increasingly relevant in this sector.
From a Gibraltar standpoint, due diligence on token purchasers (prior to the recent legislative amendments) has been driven largely by local banking requirements, which make the implementation of suitable KYC procedures a pre-requisite to opening an account and depositing the fiat conversion of any token sale proceeds. Coupled with this, there are legitimate concerns as to whether directors and officers of entities involved in conducting token sales are properly performing their duties if they fail to adopt appropriate measures to safeguard against the receipt of criminal proceeds. These factors have led many projects to take a more a conservative approach with regards to AML/CFT, which is sensible given the emphasis placed on such areas in today’s global financial ecosystem.
Focus on Service Providers
What is particularly interesting is that the proposals make it clear that the GoG will not seek to regulate promoters and issuers of tokens, nor will they regulate the underlying technology or the tokens themselves. Instead, the primary focus of the regulations will be on:
- Authorised sponsors of public token offerings;
- Secondary token market operators (i.e. crypto-exchanges); and
- Token investment and ancillary service providers.
It therefore appears that the onus of ensuring compliance with appropriate standards will be on the service providers and token trading platform operators and we explore the role and function of each of these in further detail below.
Sponsors will be the principal “gatekeepers” responsible for ensuring that token issuers are adhering to regulatory standards and industry best practice. Every Gibraltar-based token issuer will be required to appoint an authorised sponsor as a pre-condition to launch.
Sponsors shall be subject to an authorisation and supervision process by the GFSC and must possess suitable knowledge and experience of the industry to be admitted into the sponsorship regime. A critical component for sponsors to be authorised is to have local presence in Gibraltar, with “mind and management” based in the jurisdiction. The onus will also be on sponsors to produce their own codes of conduct, setting out what they consider to be best practices relating to token sales, and these codes will form part of a prospective sponsor’s application for authorisation.
The introduction of a sponsor regime is comparable to what currently exists today in the UK in relation to regulated public market listings, where Sponsors and Nominated Advisors effectively act as listing agents that guide prospective issuers through the flotation process. It appears this same model is being adapted for token sponsors to handhold prospective issuers through a compliant token sale process. In applying the listing agent model to token sales, it raises a number of important questions that will need to be carefully thought out.
For example, since sponsors will invariably have a vested interest in the success of token sales they advise on, whose best interests will be at the forefront of a sponsor’s actions? Will it be the token issuers who pay them? The token purchasers so they are not misled into participating in the sale? Secondary market traders who should have access to adequate and accurate disclosures to make informed decisions? The independence and integrity of sponsors together with the management of conflicts will therefore be critical to the entire process. It will also be important to consider how the actions of sponsors will be policed so as to ensure standards are regularly monitored and maintained. These are just some of the issues relating to the sponsorship regime that will need to be addressed.
Secondary Market Operators
The second “gatekeeper” under the proposals will be crypto-exchanges. Most operators of crypto-exchanges are likely to be regarded as using DLT in some way to store / transfer value belonging to others and will consequently be caught by Gibraltar’s existing DLT regulations. Accordingly, it will be interesting to see the inter-relationship between the different regulatory frameworks insofar as they apply to crypto-exchanges. The proposal document provides little information in this regard, other than stating that it intends to regulate secondary market platforms to the extent not already covered by other regulations.
Although the proposals refer to the introduction of further transaction reporting and disclosure requirements as well as extending the application of regulations to cover trading of derivative token products, they do not elaborate on specific regulatory obligations that may be imposed. They do however mention modelling the proposed regulations on market platform provisions under MiFID II and MiFIR, so far as is appropriate, proportionate and relevant. This of course will be another key factor as the requirements within MiFID II and MiFIR set out extensive obligations relating to an extensive set of requirements. Additionally, there are no references to the Market Abuse Directive or regulations which relate specifically to insider trading and market manipulation, which are hot topics in the crypto-exchange space.
Regardless of the above, trends have already started emerging in token offerings where issuers, concerned about the regulatory implications of conducting public sales, are instead fundraising exclusively through private sale arrangements and limiting participation to accredited/professional investors. Such issuers then rely on exchanges, who list the tokens, to open up the token market to prospective retail purchasers. This shift, together with recent security breaches that have resulted in the theft of consumer assets, has led to increased regulatory risk for cryptoexchanges who are falling subject to greater scrutiny than ever before.
We have already seen regulators take a much firmer stance towards crypto-exchanges, with the Chinese imposing outright bans, the Japanese FSA announcing that it will investigate a number of unlicensed token exchanges and the SEC starting enforcement action and effectively stating that crypto-exchanges must either operate as licensed securities exchanges or regulated ATS. While we welcome the position that is being taken, it will be interesting to see if there are any differentiators between the treatment of exchanges relating to pure tokens, and those that relate to exchange transactions involving pure fiat currencies (which are already treated differently to existing securities or derivatives exchanges).
The starting point for crypto-exchanges with regard to token listings usually centres on the security versus utility argument. This is naturally a key aspect for exchanges as it presents the greatest regulatory risk if it is deemed that the exchange is unlawfully offering its users a security trading platform. Exchanges will therefore need to carefully vet individual token offerings and ensure their platforms are not being used as a conduit for securities trading. Given the disparity in securities legislation from jurisdiction to jurisdiction, it will be interesting to see how regulations will tackle this issue in the context of secondary market token trading. With the onus being put on exchanges to decide which tokens may or may not be listed on their platforms, clear guidance will be required to give exchanges regulatory comfort in offering their services to the international community from Gibraltar.
Investment and Ancillary Service Providers
The final “gatekeepers” will be providers of investment and ancillary services relating to tokens and in particular those offering;
- Generic advice (setting out fairly and in a neutral manner the facts relating to token investments and services);
- Product-related advice (setting out in a selective and judgemental manner the advantages and disadvantages of a particular token investment and service); and
- Personal recommendations (based on the particular needs and circumstances of the individual investor).
This limb of the proposed regulations will be proportionately modelled on provisions that currently exist under MiFID 2, with the aim of ensuring that such services are provided fairly, transparently and professionally. There are of course multiple issues that would need to be considered here which are well beyond the scope of this article.
In the past 12-18 months, a plethora of token advisors and so-called crypto-experts have emerged and therefore it is refreshing to see the GoG aim to hold such service providers to account through an appropriate licensing regime. Nevertheless, little guidance is given on the specific types of advisors involved in a token sale process that will be caught by the proposals (e.g. introducers, marketing professionals, technical developers and smart contract auditors, economic, legal and tax advisors, cybersecurity firms, escrow agents etc.). This will require careful thought and different standards may need to be developed depending the nature of activity being offered by any given provider. Further, to what extent will providers to Gibraltar-based token issuers be caught by the regulations if such providers are based abroad, or the majority of their services are outsourced to teams based in other countries? There is also a reference to MiFID 2 but no reference yet to a suitability regime equivalent to the MiFID universe.
The GoG and GFSC must be commended on pursuing a clear and proportionate path towards token regulation and it will no doubt be welcomed by enthusiasts of the industry who have long been seeking regulatory clarity and certainty in respect of businesses activities in the crypto/DLT space. However, this does not come without its challenges and many questions remain to be answered. It will therefore be crucial that all stakeholders contribute towards the development of a robust framework that will achieve the underlying objectives of the proposals whilst simultaneously continuing to support innovation and disruption!
By Isolas LLP DLT Team