Regulation of ICOs in Ireland: An Overview of the Legal, Tax and Regulatory Position
Fergus Bolster, Mark O'Sullivan and Lorna Daly 10 October 2018
Most offerings of digital assets (whether in the form of tokens, coins or otherwise), most commonly called "initial coin offerings" or "ICOs", are by their nature international and involve multiple jurisdictions worldwide. Accordingly, in addition to the laws of the jurisdiction in which an issuer is incorporated or registered, the laws of each jurisdiction into which coins or tokens are offered or sold, or in which certain regulated activities are carried out, will also be relevant. This is because most countries regulate the offering of certain investments within their territories and the ability of persons to carry out related activities in relation to such investments (such activities typically requiring a governmental or regulatory licence or other authorisation). Ireland is no different in this regard, and its laws and regulations will apply depending on whether the issuing entity is an Irish company or whether the coins or tokens are being offered by a non-Irish entity into Ireland.
Currently, there are no laws specific to offerings of digital assets in Ireland, and it is possible, depending on the nature of the digital assets, that the offering, holding or trading of such assets may fall outside current securities law, financial services regulation and other laws. However, this will not always be the case and, to the extent applicable, the offering, holding and trading of digital assets will be subject to existing securities law, financial services regulation and other applicable laws (including banking, payment services, data protection and consumer protection legislation). The European Securities and Markets Authority ("ESMA") issued a statement to this effect in November 2017, in which it alerted firms involved in ICOs to the need to meet relevant regulatory requirements. In its statement, ESMA advised that such firms must give careful consideration as to whether their activities constitute regulated activities for the purposes of relevant EU legislation, while recognising, depending on how they are structured, that ICOs may fall outside the scope of existing rules and hence outside of the regulated space. ESMA also identified, on a non-exhaustive basis, four key applicable EU directives, all of which are either directly applicable in Ireland or have been transposed into Irish law by local regulations. These are:
1. the Prospectus Directive 2003/71/EC (the "Prospectus Directive"); 2.the Markets in Financial Instruments Directive 2004/39/EC, which has since been repealed and recast by Directive
2014/65/EU ("MiFID II"); 3. the Alternative Investment Fund Managers Directive 2011/61/EU ("AIFMD"); and 4. the Fourth Anti-Money Laundering Directive 2015/849/EU ("4AMLD"). In this note, we look at each of these directives together with other relevant laws, including tax laws. We also set out answers to some of the most frequently asked questions we receive.
The Prospectus Directive
The Prospectus Directive, as implemented in Ireland by S.I. No. 324/2005 (Prospectus (Directive 2003/71/EC) Regulations 2005), as amended, (the "Irish PD Regulations") aims to ensure that adequate information is provided to investors by companies when raising capital in the EU. The Irish PD Regulations require the publication of a prospectus before an offer of securities to the public in Ireland or the admission of securities to trading on a regulated market situated or operating in Ireland, unless certain exclusions or exemptions apply. Such a prospectus must be prepared in accordance with the detailed content requirements of EU law and requires to be approved by the Central Bank of Ireland, the Irish supervisory authority (or by the supervisory authority of another EU member state and passported into Ireland). For the purposes of the Prospectus Directive and the Irish PD Regulations, "securities" means "transferable securities" as defined by Article 4.1(44) of MiFID II (with the exception of "money market instruments" as defined by Article 4.1(17) of MiFID II having a maturity of less than 12 months). Article 4.1(44) of MiFID II defines "transferable securities" as:
"those classes of securities which are negotiable on the capital market, with the exception of instruments of payment, such as: (a)shares in companies and other securities equivalent to shares in companies, partnerships or other entities, and depositary
receipts in respect of shares; (b) bonds or other forms of securitised debt, including depositary receipts in respect of such securities; [and] (c)any other securities giving the right to acquire or sell any such transferable securities or giving rise to a cash settlement
determined by reference to transferable securities, currencies, interest rates or yields, commodities or other indices or measures;" General guidance and commentary on this definition has identified three formal criteria and one more substantive criterion for a security to be considered a "transferable security". The three formal criteria are that a security must be: (i) transferable, (ii) negotiable on the capital market (which is a concept that goes beyond legal transferability, and considers the practical ease of transferability and trading of the securities) and (iii) standardised (such that the security can belong to a class). The more substantive criterion is that a security must belong, or be comparable, to the non-exhaustive list of examples given in sub-paragraphs (a) to (c) of the definition of "transferable securities". Depending on how digital assets are structured, they could potentially fall within the definition of "transferable securities", and, subject to the availability of an exclusion or exemption, an offer of such digital assets may require the preparation, approval and publication of a prospectus. Assuming they satisfy the three formal criteria of being transferable, negotiable and standardised (and, in our experience, most tokens or coins will), digital assets which fall within, or are comparable to, the non-exhaustive list of securities given in sub-paragraphs (a) to (c) of the definition of "transferable securities" will be treated as such. In our view, this would include digital assets (commonly categorised as "asset tokens") which represent a debt or equity claim on the issuer and are analogous to, or contain features of, equities or bonds, together with digital assets in the form of, or comparable to, options or derivatives. On the other end of the spectrum, our view, based on current law and practice, is that digital assets (commonly categorised as "utility tokens") which are only intended to provide access digitally to currently available applications or services, are unlikely to be "transferable securities". Digital assets (commonly categorised as "payment tokens" or "currency tokens") intended to be used as a means of payment for acquiring goods or services should not, based on current law and practice, be considered "transferable securities" on the basis that they qualify as instruments of payment. Unfortunately, there is no definitive guidance from the Central Bank of Ireland or at EU level on what amounts to a "transferable security" in the world of digital assets and certainly no bright line test available. Accordingly, digital assets have to be examined on their individual merits in each situation. This can be complicated by the fact that many tokens have hybrid characteristics and, even where they have the characteristics of pure utility or payment tokens, are often predominantly being marketed and sold for investment purposes.
MiFID II, as implemented in Ireland by S.I. No. 375 of 2017 (European Union (Markets in Financial Instruments) Regulations 2017), as amended, (the "Irish MiFID II Regulations"), aims to create a single market for investment services and activities and to ensure a high degree of harmonised protection for investors in "financial instruments" in the EU. A firm that provides regulated investment and ancillary services in relation to "financial instruments" as defined by the Irish MiFID II Regulations needs to comply with MiFID II requirements as implemented in Ireland, including being appropriately authorised by the Central Bank of Ireland (or the supervisory authority of another member state of the EU). In addition to "transferable securities", "financial instruments" include those instruments listed in Schedule 1, Part 3 of the Irish MiFID II Regulations. Instruments of payment are not "financial instruments". In the case of digital assets (whether in the form of tokens, coins or otherwise), where the coin, token or other asset qualifies as a "transferable security" or other "financial instrument", the process by which the digital asset is created, distributed or traded is likely to involve some MiFID II investment services such as placing, dealing in or advising on "financial instruments", requiring authorisation from the Central Bank of Ireland (or the supervisory authority of another member state of the EU). The operation of a trading platform for "transferable securities" and other "financial instruments" is a regulated investment service that requires authorisation under the Irish MiFID II Regulations. Accordingly, if the digital assets to be traded comprise "transferable securities" or other "financial instruments", a MiFID II authorisation will be required. If the digital assets to be traded are not "transferable securities" or other "financial instruments", as is likely the case with pure utility tokens and payment tokens based on current law and practice, no MiFID II authorisation will be required.
AIFMD, as implemented in Ireland by S.I. No. 257 of 2013 (European Union (Alternative Investment Fund Managers Regulations 2013), as amended, (the "Irish AIFMD Regulations"), lays down the rules for the authorisation, ongoing operation and transparency of the managers of alternative investment funds ("AIFMs") which manage and / or market alternative investment funds ("AIFs") in the EU. An "AIF" is defined in the Irish AIFMD Regulations as a collective investment undertaking, including investment compartments thereof, which raises capital from a number of investors with a view to investing it in accordance with a defined investment policy for the benefit of those investors (other than a collective investment undertaking that requires authorisation under the UCITS Directive (Directive 2009/65/EC). An AIFM covered by the parameters of the Irish AIFMD Regulations is not permitted to manage or market relevant AIFs unless authorised to do so by the Central Bank of Ireland (or the supervisory authority of another member state of the EU). Depending on how it is structured, an offering of digital assets could qualify as an AIF, to the extent used to raise capital from a number of investors with a view to investing the capital raised in accordance with a defined investment policy for the benefit of those investors. Firms involved in ICOs may therefore need to comply with AIFMD rules, including the requirement to be authorised. In particular, AIFMD provides for capital, operational and organisational rules and transparency requirements.
4AMLD prohibits money laundering and terrorist financing. It applies to obliged entities including credit institutions and financial institutions, the latter including MiFID II investment firms, collective investment undertakings marketing their units or shares and firms providing certain services offered by credit institutions without being one. 4AMLD requires obliged entities to carry out due diligence on customers and to have in place appropriate record-keeping and other internal procedures. Firms have an obligation to undertake monitoring and report any suspicious activity and to co-operate with any investigations by relevant public authorities. While 4AMLD has not yet been fully transposed into Irish law, it builds upon earlier anti-money laundering directives, which have been transposed, with the relevant Irish legislation to be found in the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended.
Neither the provisions of 4AMLD nor the provisions of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, as amended, currently apply to the operators of cryptocurrency exchanges unless they are required to be authorised for the purposes of the Irish MiFID II Regulations (i.e., if they facilitate the trading of digital assets that are "transferable securities" or another category of "financial instrument"). However, this position will change. On 19 June 2018, the Fifth Anti-Money Laundering Directive 2018/843/EU ("5AMLD") was formally published following its adoption by the European Parliament and Counsel. 5AMLD will, for the first time, bring cryptocurrency exchanges and wallet providers more generally within the scope of EU (and hence Irish) anti-money laundering / counter-terrorist financing legislation. The Irish government is required to transpose the provisions of 5AMLD into Irish law by 10 January 2020. Under 5AMLD, Ireland is required to ensure that providers of exchange services between virtual currencies and fiat currencies together with custodian wallet providers are registered as "designated persons" with the Irish regulatory authorities and that they implement anti-money laundering policies and procedures normally expected of other regulated financial service providers (such as credit institutions, investment firms, payment institutions, etc.).
Companies Act 2014
If it is proposed to use an Irish company as the issuing entity, it is advisable to use a public company rather than a private company limited by shares. This is because under the Companies Act 2014, a private limited company is prohibited from making an invitation to the public to subscribe for, or an offer to the public of, any shares, debentures or other securities. In this regard "debentures" include debenture stock, bonds and any other securities of a company whether constituting a charge on the assets of the company or not, while "securities" has the same meaning as given to that term in the Irish PD Regulations (i.e., transferable securities as defined by MiFID II with the exception of money market instruments). Accordingly, to the extent that the digital assets being offered in an ICO comprise transferable securities (and potentially all tokens and coins comprise transferable securities), in addition to any Prospectus Directive or MiFID II considerations, the offering would be unlawful under Irish companies law. Irish company law does not restrict public companies in making offers of shares, debenture or other securities to the public.
In addition to above legislation, depending on the precise structure of what is being undertaken, the offering or trading of digital assets may involve activities that fall to be regulated by other laws, including banking legislation, payment services legislation, data protection legislation and consumer protection legislation.
Structuring an ICO, in particular through an Irish entity, requires considered tax analysis. Currently, there is no Irish legislation that specifically addresses the taxation of ICOs. The Irish Revenue Commissioners ("Revenue") have published some guidance ("Taxation of cryptocurrency transactions", Part 02-01-03 of the Tax and Duty Manual, May 2018, the "Guidance") on the tax treatment of cryptocurrencies generally, but have yet to provide substantive guidance on ICOs. In the Guidance, Revenue have outlined their view that cryptocurrency transactions do not require special rules and transactions and should be analysed in line with first principles pursuant to existing legislation and case law. The tax consequences of ICOs will depend largely on the fact profile of the offering and, in particular, the characteristics of the digital asset created, the rights conferred by it, the use of the proceeds from the offering and the activities of the issuing entity. Depending on the features of the digital assets, the proceeds of a token sale could be treated as capital, debt or taxable income. The accounting treatment of the ICO proceeds will also be relevant in this context. Revenue have stressed the need to maintain records of transactions involving cryptocurrencies and have also highlighted the use of appropriate valuations for transactions involving cryptocurrencies. However, no additional guidance was provided on methodologies to value cryptocurrencies other than stating that "a reasonable effort should be made to use an appropriate valuation for the transaction in question". Where arm's length transactions take place between unrelated parties in the context of ICOs, valuation issues are less likely to be relevant. The Court of Justice of the European Union have held in the Hedqvist case (C-264/14) that Bitcoin should be characterised as a "currency" for value added tax ("VAT") purposes and exempt from a VAT perspective. Revenue's view expressed in the Guidance is that Bitcoin and other cryptocurrencies should be regarded as "negotiable instruments" and should be VAT exempt on that basis. The VAT treatment of the issuance and exchange of utility tokens should be considered carefully. Where an ICO is in respect of utility tokens which may ultimately be redeemed in exchange for the provision of goods or services, the VAT treatment is not clear. One analysis is that such tokens may be "multi-purpose vouchers" for the purposes of EU VAT law which are subject to special rules. In this respect, the ultimate redemption of the utility tokens in exchange for goods or services may be subject to VAT depending on the nature of the goods or services supplied. To the extent that the taxable proceeds of an ICO are utilised in development, marketing and production costs of the underlying business, it will be important to ensure that VAT incurred in the context of those costs are fully deductible. If such services are conducted by related entities in order jurisdictions, transfer pricing considerations may come into play.
Frequently Asked Questions
1.Must issuers of digital assets produce a prospectus (or otherwise register their offerings) under the laws of Ireland? If so, what is the applicable registration framework?
If the digital assets are "transferable securities" as defined by Article 4.1(44) of MiFID II (with the exception of "money market instruments" as defined by Article 4.1(17) of MiFID II having a maturity of less than 12 months), the Irish PD Regulations require the publication of a prospectus before an offer of those assets can be made to the public in Ireland unless certain exclusions or exemptions apply. Such a prospectus must be prepared in accordance with the detailed content requirements of EU law and to be approved by the Central Bank of Ireland, the Irish supervisory authority (or by the supervisory authority of another EU member state and passported into Ireland).
Frequently Asked Questions
2.Does the requirement to produce a prospectus (or otherwise register an offering of digital assets) under the laws of Ireland depend on the intended amount to be raised through the offering?
Under the Irish PD Regulations, there is an exemption from the obligation to publish a prospectus for offers of "transferable securities" with a total consideration in the EU of less than 5,000,000 (which is calculated over a period of 12 month). Offers of such securities to the public in Ireland with a total consideration of less than 5,000,000 may still be categorised as "local offers" for the purposes of section 1361 of the Companies Act 2014 thereby requiring the publication of a local offering document which must contain certain prescribed legends and be filed with the Irish Companies Registration Office. The preparation of a local offer document is significantly less burdensome than the preparation of a prospectus.
3.Does the requirement to produce a prospectus (or otherwise register an offering of digital assets) under the laws of Ireland depend on the status of the purchasers to the digital assets?
Under the Irish PD Regulations, there is an exemption from the obligation to publish a prospectus for offers of "transferable securities" addressed solely to "qualified investors". The concept of "qualified investors" includes certain categories of entity considered to be professional clients for the purposes of MiFID II and other persons, including individuals, who may be so treated as professional clients on request for the purposes of MiFID II, provided certain criteria and procedures are fulfilled. In general, a professional client is a client who is considered to possess the experience, knowledge and expertise to make its own investment decisions and properly assess the risks that it incurs. There is a similar exemption to the local offer requirements of the Companies Act 2014.
4.Can an offering of digital assets be made to unsophisticated investors without the publication of a prospectus (or some type of registration) under the laws of Ireland?
Not unless a relevant exclusion or exemption applies. Under the Irish PD Regulations, exemptions from the obligation to publish a prospectus include the following: (a) an offer of "transferable securities" addressed solely to "qualified investors", (b) an offer of "transferable securities" addressed to fewer than 150 natural or legal persons, other than qualified investors, (c) an offer of "transferable securities" addressed to investors where the minimum consideration payable pursuant to the offer is at least 100,000 per investor, (d) an offer of "transferable securities" whose denomination per unit amounts to at least 100,000 and (e) an offer of "transferable securities" with a total consideration in the EU of less than 5,000,000 (which is calculated over a period of 12 months).
Save perhaps for the 5,000,000 exemption, the other exemptions, which are commonly availed of in traditional private placements of shares or bonds, are unlikely to be useful for offerings of digital assets aimed at unsophisticated or retail investors.
5. Must an operator of a platform facilitating the trading of digital assets, be licensed or registered as a broker, dealer, ATS, exchange, lender, or money transmitter (or other similar category) in Ireland?
There are no laws which specifically regulate the operation of platforms facilitating the trading of digital assets in Ireland. However, while there is no bespoke regulatory framework for such platforms, their operation may fall to be regulated under existing laws, in particular the Irish MiFID II Regulations.
Whether or not a platform requires be authorised under the Irish MiFID II Regulations depends on whether the digital assets to be traded on the platform are considered to be "transferable securities" or other "financial instruments", or not. If the digital assets are "transferable securities" or other "financial instruments", the operation of the platform will require to be so authorised. If the digital assets to be traded are not "transferable securities" or other "financial instruments", the operation of the platform will not require to be authorised.
If the operation of the platform requires to be authorised, there are three types of authorised trading platforms provided for under the Irish MiFID II Regulations. These are:
a "regulated market" a multilateral system operated by a market operator which brings together or facilitates bringing together multiple third-party buying and selling interests in "financial instruments" in a way that results in a contract;
a "multilateral trading facility" ("MTF") a multilateral system or facility in which multiple third-party buying and selling trading interests in "financial instruments" are able to interact in the system in a way that results in a contract; and
an "organised trading facility" a multilateral system that is not a regulated market or MTF and which multiple third- party buying and selling interests in certain types of "financial instrument" (namely, bonds, structured finance products, emissionallowances or derivatives) are able to interact in the system in a way that results in a contract.
A "regulated market" is the premium market that meets the highest standards of regulation and governance in the EU. National stock exchanges, such as the London Stock Exchange and the Irish Stock Exchange (trading as Euronext Dublin) operate regulated markets.
Frequently Asked Questions
6 .Must an operator of a platform facilitating the sale or trading of digital assets, be licensed or registered as a lender or money transmitter (or other similar category) in Ireland?
The answer to this question depends on the actual activities being carried out by the operator. In that context, Irish banking and payments services legislation may be of potential application.
Unless a person holds a banking licence, Irish law contains a very broadly worded prohibition which states that a person shall not carry on a banking business, hold himself out or represent himself as a banker or carry on banking business or accept deposits or other repayable funds from the public. Breach of this prohibition is a criminal offence. The term "banking business" is broadly defined in section 7(1) of the Central Bank Act 1971 and involves the acceptance of deposits and lending on account. Furthermore, a person shall be deemed to hold himself out as carrying on regulated banking business if the name of the body includes any of the word "bank", "banker", or "banking" and analogous words. An operator would need to ensure that the procedures in place for accepting and holding funds on behalf of investors make it clear that they are not repayable and consequently do not constitute taking deposits in a way which would trigger a requirement under Irish law to obtain a banking licence. The most practical way to do this, short of getting licensed itself, would be to partner up with an authorised credit institution to hold funds, rather than holding the client funds directly itself.
Payment services legislation
If the operator's business model also involve the operation of payment accounts and / or the placing of investor funds into segregated client accounts, there are a number of additional potential regulatory risks. An authorisation as a payment institution under S.I. No. 6/2018 (European Union (Payment Services) Regulations 2018) (the "Irish Payment Services Regulations") would be required if the operator was to offer any regulated payment services through the platform, including for example:
services enabling cash to be placed on a payment account as well as all the operations required for operating a payment account;
services enabling cash withdrawals from a payment account as well as all the operations required for operating a payment account;
execution of payment transactions, including transfers of funds on a payment account with the user's payment service provider or with another payment service provider, including: (i) execution of direct debits, including one-off direct debits; (ii) execution of payment transactions through a payment card or a similar device; and (iii) execution of credit transfers, including standing orders;
Execution of payment transactions where the funds are covered by a credit line for a payment service user, including: (i) execution of direct debits, including one-off direct debits;
Frequently Asked Questions
(ii) execution of payment transactions through a payment card or a similar device; and
(iii) execution of credit transfers, including standing orders.
issuing of payment instruments and/or acquiring of payment transactions; money remittance; payment initiation services; and account information services.
It is important to note however that even where the Irish Payment Services Regulations do not apply, the regulated activity of money transmission under the Central Bank Act 1997 should also be considered.
7. Is a platform required to establish a local presence in your jurisdiction
This depends on whether a platform requires any regulatory authorisation under Irish law (such as under the Irish MiFID II Regulations, Irish banking law and/or the Irish Payment Services Regulations). Generally speaking, any regulated financial service provider that holds an Irish regulatory authorisation must have a local presence in Ireland. However, please note that it is possible under many Irish regulatory regimes derived from EU law for a firm with a regulatory authorisation in another EU member state (e.g., the UK until Brexit in March 2019, France, Germany, etc.) to passport their regulatory authorisation into Ireland on a freedom of services basis without having to obtain a further Irish regulatory authorisation or establish a local presence in Ireland.
In the absence of a requirement to be authorised under Irish law, there would be no regulatory requirement for a platform to have a local presence in Ireland.
8.What penalties might a digital assets issuer be subject to if it fails to meet securities law or regulatory requirements in Ireland?
Under securities law, it is a criminal offence for an issuer or offeror to make an public offer of "transferable securities" in Ireland without publication of a prospectus, unless an applicable exclusion or exemption applies. Furthermore, where such offence is committed by a body corporate and is proved to have been committed with the consent, connivance or approval of, or to have been attributable to the wilful neglect on the part of, any person, being a director, manager secretary or other officer of the body corporate or a person who was purporting to act in any such capacity, that person as well as the body corporate shall be guilty of the offence. The offence carries potential penalties, on conviction on indictment, of a fine up to 1,000,000 or imprisonment for a term not exceeding 5 years, or both.
There is also statutory civil liability for untrue statements in a prospectus or the omission of information required to be included. Such liability may be imposed on the issuer, its directors and every person who authorised the issue of the prospectus.
It is also a criminal offence to carry on a regulated financial service in Ireland (for example under the Irish MiFID II Regulations or the Irish Payment Services Regulations) without the appropriate regulatory authorisation. By way of example, providing investment services in relation to "financial instruments" in Ireland without an appropriate authorisation under the Irish MiFID II Regulations is an offence under Irish law for which a person, if convicted on indictment, may be subject to a fine not exceeding 10,000,000 or imprisonment for a term not exceeding 10 years, or both.
9.Does an issuer of digital assets in violation of the laws of Ireland face potential liability from both a government authority and private litigants?
Yes, issuers may be prosecuted by government authorities for actions that constitute criminal offences. Private litigants, and in some cases government authorities, can separately sue for civil damages for breaches of statutory obligations, under contract or in tort. Criminal offences are divided between summary (minor) offences and indictable (serious) offences. In general, regulatory bodies are authorised to prosecute summary offences along with the Garda Siochna (the Irish police) and the Director of Public Prosecutions (the "DPP"). However, the DPP has the sole authority to prosecute offences on indictment (except for a limited category of offences still prosecuted at the suit of the Attorney General). In relation to indictable offences, the relevant authority prepares a file and submits it to the DPP for consideration; it is then solely at the discretion of the DPP as to whether a case will be taken in respect of a suspected offence.
10.Does the operator of a platform in violation of the laws of your jurisdiction face potential liability from both a government authority and private litigants?
Yes, operators may be prosecuted by government authorities for actions that constitute criminal offences. Private litigants can separately sue for civil damages for breaches of statutory obligations, under contract or in tort.
Fergus Bolster PARTNER, CORPORATE Efergus.email@example.com Mark O'Sullivan PARTNER, TAX Emark.firstname.lastname@example.org Lorna Daly SENIOR ASSOCIATE, FINANCIAL INSTITUTIONS Elorna.email@example.com
This note pertains to the laws of Ireland only, is general in nature and is not exhaustive of all legal or regulatory issues that may relevant to an offering of digital assets (whether in the form of tokens, coins or otherwise). This note does not constitute legal advice.