Compared with some other regulators globally, the Financial Conduct Authority (FCA) has been 'hands off' in its approach to the fast-growing and often controversial crypto industry. Draft guidance, which sets out a three-category classification approach, provides clarification - but there will likely be grey areas in practice, comment Ian Mason and Sushil Kuner.
In January 2019, the FCA published a consultation paper that sets out guidance on how cryptoassets can be subject to its regulation. The Guidance is relevant to any firm issuing, creating, buying, selling, holding or storing cryptoassets, firms marketing cryptoasset products and services, as well as their advisers.
The Guidance seeks to clarify where different categories of cryptoasset tokens fall in relation to the FCA's regulatory perimeter - ie, the boundary that separates regulated and unregulated financial services activities. Activities that fall within the regulatory perimeter are regulated and require authorisation from the FCA - and in limited circumstances the Prudential Regulation Authority - before they can be carried out. Carrying out regulated activities without the relevant authorisations may constitute a criminal offence.
The FCA has categorised cryptoassets into three types of tokens and has provided guidance on whether these tokens are regulated or unregulated. In categorising cryptoassets as below, the FCA has made clear that the categories of token are not mutually exclusive, nor are they exhaustive of the types of cryptoassets that can exist. Whether a cryptoasset falls within the regulatory perimeter should always be considered on a case-by-case basis, with regard to a number of different factors.
Security tokens include specific characteristics that bring them within the definition of a 'specified investment',  such as a share or a debt instrument, which mean they fall within the regulatory perimeter. They include tokens that grant holders some, or all, of the rights conferred on shareholders or debt-holders, as well as those tokens that give rights to other tokens that are themselves specified investments. The FCA considers a security to refer broadly to an instrument that indicates an ownership position in an entity, a creditor relationship with an entity, or other rights to ownership or profit. Security tokens are securities because they grant certain rights associated with traditional securities.
If you carry on a regulated activity involving security tokens, you will need to make sure that you are appropriately authorised or exempt. Issuers of such tokens may themselves not need to be authorised, however certain requirements related to the issuance of the tokens may still apply - for example prospectus and transparency requirements.
Factors to consider when determining if a token is a security token
Given the complexity of many tokens, the FCA has recognised that it is not always easy to determine whether a token is a specified investment. The FCA has, therefore, set out a non-exhaustive list of factors that it considers are indicative of a security to assist firms in determining whether or not they are undertaking regulated activities:
- the contractual rights and obligations the token-holder has by virtue of holding or owning that cryptoasset;
- any contractual entitlement to profit-share (eg dividends), revenues, or other payment or benefit of any kind;
- any contractual entitlement to ownership in, or control of, the token issuer or other relevant person (eg voting rights);
- the language used in relevant documentation (eg whitepapers). However, the FCA has made clear that if a whitepaper declares a token to be a utility token, but the characteristics of the token indicate it is a specified investment, the FCA would treat it as a security token;
- whether the token is transferable and tradeable on cryptoasset exchanges or any other type of exchange or market;
- whether there is a fl ow of payment from the issuer or other relevant party to token holders; and
- whether any fl ow of payment is a contractual entitlement - the FCA has made clear that it would consider this to be a strong indication that a token is a security.
Exchange tokens are not issued or backed by any central authority and are intended to be designed to be used as a means of exchange. These tokens can enable the buying as well as selling of goods and services without the need for traditional intermediaries such as central or commercial banks (eg, on a peer-to-peer basis).
Exchange tokens are used in a way similar to traditional fiat currency. However, while exchange tokens can be used as a means of exchange, they are not currently recognised as legal tender in the United Kingdom, and are therefore not considered to be 'currency' or 'money' within the UK regulatory framework. Due to the fact that they tend to be decentralised, with no central issuer obliged to honour contractual rights, the FCA's view is that they do not typically grant the holder any of the rights associated with 'specified investments'.
As such, the FCA has confirmed that exchange tokens generally fall outside of the regulatory perimeter. Therefore, transferring, buying and selling these types of token, including the commercial operation of cryptoasset exchanges for exchange tokens, are activities not currently regulated by the FCA. This is the case even when exchange tokens are acquired and held for the purpose of speculation (and in the hope of making a gain) rather than exchange. However, they may be caught by the UK's anti-money laundering regime in future. Her Majesty's Treasury will be consulting separately on the transposition of the European Union's Fifth Anti-Money Laundering Directive, which captures certain activities in relation to cryptoassets, including cryptoasset exchanges and wallet providers, later this year.
Utility tokens provide holders access to a current or prospective product or service but do not grant holders rights that are the same as those granted by specified investments. They may have similarities with rewardsbased crowdfunding where participants contribute funds to a project in exchange for a reward, for example access to products or services at a discount.
The FCA has stated that, much like exchange tokens, utility tokens can usually be traded on the secondary markets and can be used for speculative investment purposes. However, this does not mean these tokens constitute specified investments.
Although utility tokens do not typically exhibit features of specified investments, they could still require FCA authorisation if they constitute 'e-money' or are used to facilitate regulated payment services.
Electronic money and payment services
E-money issuance is an FCA-regulated activity and, depending on how they're structured, cryptoassets can constitute e-money. E-money is electronically stored monetary value as represented by a claim on the electronic money issuer, which is:
- issued on receipt of funds for the purpose of making payment transactions;
- accepted by a person other than the electronic money issuer; and
- not excluded by the Electronic Money Regulations.
Due to the fact that they are not usually centrally issued on the receipt of funds, nor do they represent a claim against an issuer, exchange tokens like bitcoin and ether are unlikely to represent e-money. However, the FCA has pointed out that any category of cryptoasset has the potential to be e-money, depending on its structure and whether it meets the definition of e-money as outlined above. E-money must enable users to make payment transactions with third parties, so must be accepted by more parties than just the issuer.
Similarly, exchange tokens can be used to facilitate regulated payment services such as international money remittance. In the UK, the Payment Services Regulations set out eight different payment services including services relating to the operation of payment accounts - for example, cash deposits and withdrawals from current accounts, execution of payment transactions, card issuing, merchant acquiring and money remittance.
What does this mean for you?
If you engage in activity by way of business in the UK that relates to a security token or to a token that constitutes e-money or is involved in payment services, you should consider whether those activities require authorisation.
If a token is a transferable security and will either be offered to the public in the UK or admitted to trading on a regulated market, an issuer will need to publish a prospectus in accordance with the UK's Prospectus Regime unless an exemption applies.
If your activities fall within the FCA's regulatory perimeter, you should consider, in particular:
- the application of financial promotion rules, including ensuring communications are marketed in a way that is clear, fair and not misleading;
- the application of the Prospectus Directive;
- the application of relevant financial crime controls; and
- operational resilience and cyber security issues - cryptoassets are now regarded as high-value targets for theft and service providers (eg custodians/wallet providers) are increasingly being targeted by cybercriminals to obtain the private keys that enable consumers to access and transfer their cryptoassets.
Comment and next steps
Given the concerns previously raised by regulators about cryptoassets - for example, the perceived increased risk of money laundering, the highly speculative and volatile nature of the investment, and even the potential for market manipulation, it is unsurprising that the FCA proposes to tighten the regulatory net. This approach is in line with other authorities, such as the European Securities and Markets Authority. The fact that the FCA has proposed some draft guidance is welcome clarification, but it is likely that there will be some grey areas in practice. Firms should consider whether the FCA has drawn the regulatory perimeter correctly, and whether the three-category classification works.
If you are a firm proposing to launch a cryptoassetbased offering, it would be sensible to launch it soon before the FCA finalises its guidance - which it intends to do in Summer 2019.
Firms have until Friday 5 April 2019 to respond to the FCA's consultation. They can do so by emailing email@example.com.