Virtual currency and blockchain (VC&B) technology are becoming an important component of the global financial system. Although VC&B were founded on a non-governmental philosophy, the technology is steadily gaining legitimacy.
Global interest in Initial Coin Offerings (ICOs) may have reached a fever pitch last year, but 2017 was also memorable for development of the legal framework that surrounds the use of VC&B, particularly in the US. But the development and legitimization of VC&B also gained momentum in other jurisdictions around the world.
Governments are not only building the legal framework for the commercial and financial use of VC&B, but they are also adopting blockchain-based applications for their own regulatory processes.
While bitcoin developers and virtual currency purists may harbor strong views opposing government intrusion and legal formalities, the emerging legal framework is setting the stage for VC&B to be globally accepted in a way not envisioned even a few years ago. From mainstream consumers to investors, banks and fintech developers, all groups looking to use or develop VC&B products and services can draw comfort from the fact that a legal framework is coalescing, while uncertainty surrounding blockchain technology is disappearing.
A brief history of VC&B
When the pseudonymous Satoshi Nakamoto published Bitcoin: A Peer-to-Peer Electronic Cash System on October 31, 2008, it is unclear whether he/ she envisioned a system designed to alter the role of trusted third parties and government regulators in financial transactions, let alone restructuring the legal framework of the traditional financial system.
Yet, the blockchain or DLT (distributed ledger technology) technology that underpins bitcoin’s defining features—trustless, distributed and immutable—did not take long to migrate to a spectrum of other ubiquitous applications. While change came rapidly, it was not uneventful.
Early on, Bitcoin was often associated with illicit transactions, due in part to the impression that virtual currencies are completely unregulated. While that was initially the case, over the past several years regulators have been creating a legal framework for VC&B. Global initiatives have focused on both the commercial use of VC&B, as well as the use of blockchain technology by governments.
The US experience
US Federal Guidance
Prior to 2017, there was limited federal guidance relating to VC&B.
In March 2013, the Financial Crimes Enforcement Network (FinCEN) issued guidance that defined virtual currency and interpreted the Bank Secrecy Act (BSA) as applying to exchangers and administrators of virtual currency. Soon after, the US Securities and Exchange Commission (SEC) warned about the use of virtual currencies in the context of Ponzi schemes. A year later, the IRS determined that virtual currency is treated the same as property for federal tax purposes. In a September 2015 enforcement order, the US Commodity Futures Trading Commission (CFTC) defined virtual currency as a commodity under the Commodity Exchange Act.
The most notable VC&B development of 2017 was the SEC’s investigation of the DAO—a decentralized autonomous organization built on the Ethereum Blockchain. The Ethereum Blockchain, like the Bitcoin Blockchain, is processed by a distributed network of computers that are compensated with ETH, the Ethereum currency, for their efforts.
While the DAO operated on the Ethereum Blockchain, it had its own virtual tokens (DAO Tokens) that could be used only within the DAO structure. Its developers capitalized the DAO by launching an ICO that allowed investors to use ETH to purchase 1.15 billion DAO Tokens (worth approximately US$150 million). On June 17, 2016, an attack exploited a flaw in the DAO protocol and diverted more than one-third of the ETH from the DAO’s Ethereum address to one controlled by the attacker. The attack triggered significant fallout within the VC&B community and ultimately led to the SEC investigation.
While the SEC ultimately decided not to pursue enforcement action, it issued a report of investigation last June saying that that federal securities law may apply to ICOs. Specifically, the SEC determined that DAO Tokens are securities under the Securities Act of 1933 (Securities Act) and the Securities Exchange Act of 1934 (Exchange Act). As such, it determined that the DAO ICO was a securities offering that should have been registered under federal securities laws. In addition, the SEC noted that online platforms that traded DAO Tokens violated section three of the Securities Act by failing to register as securities exchanges. The SEC stressed that its findings would apply to any virtual coins or tokens offered or sold through an ICO with similar facts and circumstances.
US agencies have also played their part in the development of VC&B. In July 2017, the US General Services Administration hosted the first US Federal Blockchain Forum in connection with its Emerging Citizen Technology program. Teams from 27 federal agencies submitted potential cases for blockchain technology use within their organizations. In October, the US State Department hosted the Blockchain@State Forum and discussed the potential for using blockchain technology to boost transparency and accountability within its own department. Meanwhile, the Federal Trade Commission (FTC) continued its efforts to promote the use of blockchain technology in consumer-facing products and services at its third annual FinTech Forum in March.
Other US agencies embraced the possibility that blockchain technology could improve the security of their information-sharing activities. These included proposals and presentations to use blockchain technology to manage and track physical and digital assets, record internal transactions, verify identities, reconcile internal databases and increase interoperability. For example, the US Food and Drug Administration (FDA) formed a joint initiative with IBM Watson Health to research methods for secure, efficient and scalable exchange of health data using blockchain technology. In October 2017, the Centers for Disease Control and Prevention signed an agreement with IBM to expand the FDA initiative and develop a system to use health data on a blockchain to track disease outbreaks.
The Department of Homeland Security, National Aeronautics and Space Administration, the National Institute of Standards and Technology, and the US Department of Veterans Affairs also began to explore the possibility of adopting blockchain-based solutions in 2017, while the US Congress also got involved with the formation of the Congressional Blockchain Caucus to advance public policy on blockchain development. The full embrace of blockchain by US lawmakers and agencies bodes well for the VC&B ecosystem.
State interest and regulation
The US was also active at the state level, including completion of a draft Uniform Regulation of Virtual Currency Business Act (Uniform VCBA) by the Uniform Law Commission (ULC) in July 2017. While US states are not bound by the model law, it is intended to be used as a template for state legislatures seeking to enact virtual currency legislation. The existence of a Uniform VCBA greatly increases the likelihood of a consistent regulatory framework for virtual currencies across all states. The ULC effort reflects information from the New York State Department of Financial Services (NYDFS) BitLicense Regulatory Framework, as well as the Conference of State Bank Supervisors (CSBS) Model Regulatory Framework for virtual currency activities.
The Uniform VCBA focuses primarily on the licensing requirements for companies that host virtual currency exchanges or provide services that involve the transmission of money. The Uniform VCBA would require a licensee to maintain compliance programs that include procedures to prevent fraud, money laundering and funding of terrorist activities. Each US state legislature may consider the Uniform VCBA for adoption, either with changes or as it stands.
Prior to the approval of the Uniform VCBA, a handful of states, including New York, Oregon and Tennessee, enacted legislation defining virtual currency and requiring money transmitters dealing in the exchange of US dollars with virtual currencies to obtain licenses. In 2017, a number of other state legislatures proposed bills to regulate VC&B, as well as to draw VC&B businesses to their jurisdictions. Perhaps the most important state initiative was from Delaware, which amended the Delaware General Corporation Law (DGCL), to allow Delaware companies to maintain shareholder information on a blockchain. Further, Delaware corporations using DLT for their stock ledgers can use that as the basis for their required investor communications.
The Delaware law, which became effective August 1, 2017, marks a significant step forward for the assimilation of blockchain technology into corporate law because it will allow companies to take advantage of DLT for trading without having to maintain duplicate records for corporate law compliance. Supporters of the amendment believe it will keep Delaware at the forefront of corporate law, and that blockchain will improve transparency, reduce settlement times and, thus, will be beneficial to small and large investors alike.
Arizona, Nevada and Vermont also passed laws promoting the use of VC&B and DLT. In March, Arizona enacted a law that defines and supports blockchain technology for public use. In June, Nevada enacted a law recognizing the legality of smart contracts and prohibiting the state from imposing taxes or fees, or other requirements on the use of VC&B. That same month, Vermont implemented a law providing for broader business and legal application of DLT. While not enacting legislation, Illinois was also active, announcing a partnership with identity solutions leader Evernym to use blockchain technology for a birth registration pilot.
While several states passed or proposed stringent licensing regulations on VC&B, other states took a different tack. For example, in July, Connecticut revised its money transmitter licensing law to require companies to obtain a license to engage in transmissions involving virtual currency and established requirements for licensees that store or maintain control over other persons’ virtual currency. By contrast, in June, New Hampshire enacted a law exempting companies dealing in VC&B from registering as money transmitters.
It is clear that state legislators are seriously considering VC&B regulation but frustratingly for developers and users, there is significant variation among state laws. It remains to be seen whether states will adopt the Uniform VCBA.
Global regulators focus on VC&B
Virtual currencies are by nature borderless, and the rapid growth of VC&B use is an international phenomenon. Bitcoin, for example, has come to rely on mining pools concentrated mostly in China. Governments and regulators in many countries are simultaneously exploring the benefits of VC&B and providing guidelines for its commercial use, all while grappling with the technology’s ability to facilitate cross-border financial crime.
Advancing the use of VC&B – Australia, Europe and Singapore
Australia has been a leader in adopting VC&B and applying DLT, the underlying technology, to its traditional financial system. In 2016, the Australian Stock Exchange (ASX) became the first major securities market to begin testing DLT as a potential replacement for existing settlement systems. During 2017, ASX began running the prototype under the supervision of the Australian Securities and Investments Commission (ASIC), and is expected to announce its decision to move forward with the replacement.
ASIC published Information Sheet 219 (INFO 219) in March 2017, which provided guidance to companies seeking to use DLT to operate market infrastructure or provide financial services. INFO 219 provides six categories of questions that ASIC will use to evaluate any proposed use of DLT. Together, these questions form an assessment tool that firms can use before approaching the regulator in the hope that ASIC will be able to respond more quickly and efficiently. In September 2017, ASIC published Information Sheet 225 (INFO 225) to address the legal status of ICOs in Australia. Although it did not stem from a possible enforcement action as ICO guidance did from its US counterpart, INFO 225 addresses many of the same issues. The ASIC notes that, depending on characteristics of a particular offering, an ICO could be considered as a share offering, a derivatives transaction, or a managed investment scheme. Under Australian law, each of the above are defined as a financial product and the platforms that enable investors to buy and sell such coins would need to hold an Australian market license.
Australia is also supporting VC&B development by actively studying and promoting potential uses of DLT. In May 2017, the Australian National Innovation Science Agenda and the Treasury sponsored two reports by the Commonwealth Scientific and Industrial Research Organisation (CSIRO).
The first report focused on case studies for DLT implementation to identify current limitations and make recommendations. The second report highlights where Australia intends to take DLT over the longer term. In Distributed Ledgers: Scenarios for the Australian economy over the coming decades, CSIRO frames the discussion around what the economy and the world might look like in 2030. Australia views DLT as essential to its future prosperity and competitiveness, and the country believes that a strong partnership between the government and private sector is the only way to fully develop the technology.
In September 2017, the European Central Bank’s Advisory Group on Market Infrastructures for Securities and Collateral released a report on the potential impact of VC&B on harmonization and integration. The ECB report covers three categories where DLT could be implemented—financial market infrastructures; securities settlement and related services; and security and data protection. The ECB report encourages further development of DLT and sees a positive long-term impact from VC&B. It also highlights the potential for DLT to reduce settlement times, streamline collateral management, improve the cyber resilience of financial networks, and develop tokenized digital identities for strengthening AML systems.
In October, the Monetary Authority of Singapore (MAS), one of the leading international regulatory proponents of the opportunities presented with VC&B and DLT, jointly announced with the Association of Banks in Singapore (ABS) that a consortium they are leading through their Project Ubin had "successfully developed software prototypes of three different models for decentralized inter-bank payment and settlements with liquidity savings mechanisms." The project uses DLT for clearing and settlement of payments and securities, and incorporates three software models that are among "the first in the world to implement decentralized netting of payments in a manner that preserves transactional privacy."
International organizations provide legitimacy
In 2017, a number of international organizations also moved toward establishing standards for VC&B and the development of DLT. In late 2016, the International Organization for Standardization (ISO) established Technical Committee 307 to develop standards for blockchain and DLT. The inaugural meeting of the Technical Committee was held on May 24, 2017, in Sydney, Australia, and was attended by representatives from more than 45 countries. Of these, 25 participating countries designated ISO/AWI 22739 as the first standard to be developed to establish uniform terminology and concept descriptions. Although this is a relatively prosaic step, it represents a dramatic change in perception for VC&B. International organizations are working to bring DLT into the legal mainstream less than a decade after Bitcoin’s emergence as an alternative to the traditional financial system.
In addition to the Terminology working group developing ISO/AWI 22739, the Technical Committee has five subcommittees focused on: (1) reference architecture, taxonomy and ontology; (2) use cases; (3) security and privacy; (4) identity; and (5) smart contracts. The goal is to develop standards that are "robust enough to provide guidance to stakeholders and potentially be referenced by regulators in policy," but are technical and "exclude matters pertaining to the law in the development of standards for smart contracts, privacy, security and identity."
The European Parliament also sought to address VC&B issues during 2017. An in-depth analysis published in February 2017 by the Scientific Foresight Unit (STOA) of the European Parliament Research Service sought to identify how blockchain technology would impact the Member States at a societal level. STOA identified the potential for DLT to improve everything from voting to tracking digital media online and from commercial contracts to supply chain logistics. In calling on the European Parliament to engage in anticipatory policymaking, STOA notes that, "the decentralized, cross-boundary character of blockchain raises jurisdictional issues as it seems to diffuse institutional accountability and legal responsibility in an unprecedented manner, rendering the need for a harmonized regulatory approach at the transnational level more pertinent compared with a local or regional one."
Global regulatory attention on ICOs
Following the SEC’s July Bulletin regarding ICOs, financial and securities regulators from many other countries issued their own guidance or alerts. The reaction is not surprising considering more than US$6 billion was raised by ICOs in 2017. Australia’s ASIC responded to rapid ICO expansion with detailed guidance for when an ICO would be regulated. In contrast, the National Internet Finance Association of China (NIFA) published a notice on August 30, 2017 warning of the risks associated with ICOs. Five days later, on September 4, 2017, through a joint notice interagency issuance, China effectively banned ICOs. The notice also banned the trading and exchange of tokens and coins between one another.
Also in September, the UK’s Financial Conduct Authority (FCA) issued its own warning regarding ICOs, stating that "ICOs are very high-risk, speculative investments," and listing the risks associated with ICOs. The FCA noted that whether or not an ICO falls under its jurisdiction is a case-by-case determination. Similar bulletins were issued by other national regulators, including in Singapore, Canada and Hong Kong.
Efforts ramped up but issues remain
In 2017, VC&B development and regulation had a number of important advances. Globally, regulators and international standard-setting bodies have ramped up efforts on VC&B, but many issues remain. And the potential for enforcement actions by financial crime prevention agencies remains untested. While the outstanding questions are important, businesses, financial institutions and governments that have been hesitant to launch VC&B initiatives should see encouraging signs. A regulatory framework has taken shape in 2017, and is providing a foundation for building a path to mainstream acceptance and legitimacy of DLT and the application of VC&B use cases.