By: Iohann Le Frapper, group general counsel of Pierre Fabre and previously chair of the global board of directors of the Association of Corporate Counsel, and Dario de Martino, M&A and private equity partner and co-chair of Blockchain Practice at Morrison & Foerster LLP

This is the second article of Blockchain Basics, a three-part series recapping a roundtable at the ACC Global GC Summit in London that discussed the disruptive technology across several industries. Previously, the authors Iohann Le Frapper, group general counsel at Pierre Fabre Group, and Dario de Martino, partner at Morrison & Foerster LLP and co-chair of the firm’s blockchain group, overviewed what general counsel should know about blockchain.

What are the regulatory issues blockchain technology must address in the United States?

Blockchain technology’s regulatory landscape is unsettled and constantly shifting. Regulators are finding it difficult to establish bright lines and clear rules because blockchain tokens are not a homogenous digital asset class ⁠— they may feature characteristics of securities, commodities, currency units, or a combination thereof. A given token may even change status over time from security to non-security.

Further complicating things, blockchain’s distributed networks may affect international markets, which give disparate treatment to blockchain or cryptoassets depending on the jurisdiction. As a result of these ambiguities, blockchain technology doesn’t fit neatly into our existing regulatory frameworks, and regulatory developments, as well as growing enforcement initiatives in the near future, will likely be uncoordinated and piecemeal. Blockchain technology will also continue to be treated differently in different jurisdictions and even among various domestic agencies.

In the United States, for example, a variety of agencies may have concurrent or overlapping jurisdiction over a particular blockchain-related issue. The Commodity Futures Trading Commission, the Department of Justice, the Financial Crimes Enforcement Network, the Federal Trade Commission, the Internal Revenue Service, the Securities Exchange Commission (SEC), and the Federal Reserve Board of Governors may all assert jurisdiction depending on the circumstances underlying the use of this technology.

For example, the IRS deems virtual currencies to be property, and after collecting data from digital currency exchanges, the IRS issued more than 10,000 tax notices to cryptocurrency owners and requested that they amend and/or file late tax returns. Looming over this regulatory mishmash is congressional silence. As of the time of this publication, the US Congress has yet to provide any input on what a consistent regulatory framework for blockchain-enabled tokens should look like.

How does blockchain overlap with US securities laws, and what is the Howey test?

The SEC is arguably the most zealous regulator of blockchain in the United States, and industry watchers are paying attention to how the agency treats blockchain assets. The reason being is that from the summer of 2017 into the beginning of 2018, many blockchain developers were getting around the typical venture capital and regulated securities offering mechanisms by conducting Initial Coin Offerings (ICOs).

In an ICO, a blockchain or token developer sells tokens to the public with the promise that in time, the tokens would be usable within the to-be-built blockchain-enabled ecosystem. However, unlike a regular securities offering, the tokens do not come with any traditional equity ownership or dividend distribution rights.

Since these offerings are essentially unregistered offerings of securities, the SEC brought a handful of enforcement actions against individuals and organizations that issued such instruments without either registering the offering with the SEC or qualifying for an exemption.

As most market participants know, an old US Supreme Court case known as Howey provides the framework for determining whether certain assets are securities. Under the Howey test, an instrument is deemed to be an “investment contract” if there is (1) an investment of money (2) in a common enterprise (3) with a reasonable expectation of profits (4) to be derived from the efforts of others.

The SEC has concentrated the bulk of its analysis on the latter two prongs and recently published guidance clarifying this part of the analysis. To summarize, regardless of the nomenclature chosen by the issuer, the more a blockchain asset’s value stems from the efforts of the issuer, the more likely the SEC will consider the asset an investment contract under the thumb of security regulations.

Nevertheless, the SEC has consistently maintained that each asset is unique. The SEC’s analysis depends on the facts and circumstances, including the economic realities of the transaction. Any GCs considering releasing a token should therefore proceed with caution in light of this enforcement wave by various US agencies and engage outside counsel to conduct a thorough analysis.

What is the European regulatory framework around blockchain?

Compared to the US approach, which has centered around individual enforcement actions, blockchain and cryptocurrency regulations in Europe have developed with more top-down legislative input willing to leave room for experimentation.


For example, in France, the newly enacted Plan d’Action pour la Croissance et la Transformation des Entreprises (Action Plan for Business Growth and Transformation Act, or PACTE Act) established a legal framework for ICOs with two main features:

  • First, a fully optional visa regime for ICOs: Project sponsors wishing to raise funds through the issuance of virtual tokens (definition exclusive of financial instruments) may seek a visa on their information document (“White Paper”) from the public securities regulatory agency in France, the Autorité des marchés financiers (AMF), provided that (a) they have a legal establishment in France, (b) the White Paper must provide “all relevant information on the token offering, the project to be financed and the company” so that potential investors can understand the related risks, and (c) the project is in compliance with (anti-money laundering, or AML) regulations. The legislator’s purpose is to provide a competitive advantage to legitimate players and projects that can secure the blessing from the AMF and to enhance investors’ protection against scam ICOs.
  • Second, an optional licensing system that allows digital asset service providers to become licensed and supervised by the AMF. As a result, companies are not mandated to apply for these licenses to operate in France, except for specific activities such as digital assets custody services provided to third parties or purchase/sale of cryptocurrencies in exchange for fiat currencies.

One of the benefits of obtaining the AMF visa is the access to financial services (including the ability to open a bank account and access other custodial services), as many banks have been reluctant to provide financial services to French blockchain companies which raised funds in exchange for cryptocurrencies (e.g., banks’ concerns about money laundering and challenges to trace the origins of funds). It is thought that using a voluntary, rather than mandatory, process will result in better investor protection.

France is so confident in this voluntary framework that it is pushing for EU-wide implementation. However, the PACTE Act can attract investors only once several key issues about the framework of transfers of tokens have been clarified, for example, the accounting and tax treatment of such transactions. In that respect, on Aug. 7, 2019, the French tax authorities (link in French) issued a tax ruling regarding the applicable VAT-related framework for ICOs (link in French).


However, France is not alone in its willingness to open the door to digital assets. In Germany, which has historically been wary of cryptocurrencies, the Federal Financial Supervisory Authority (BaFin), has recently approved the token offering proposal of the Berlin-based company Bitbond, and it has provided guidance on the Security Token Offerings offered on the Neufund platform. There is a clear signal that Germany is warming up to cryptocurrencies, since revised generic guidance has been published by BaFin about the regulatory framework applicable to ICOs, and, in particular, a detailed list of requirements with which issuers need to comply.


In order to find the sweet spot between fostering innovation and protecting the public, much of the regulation in Europe has been centered on defining and classifying the different kinds of blockchain assets as they emerge. In Switzerland, for example, guidelines published by the Swiss Financial Market Supervisory Authority (FINMA) in 2018 provide a pragmatic classification of tokens into three types: payment tokens (cryptocurrencies), utility tokens (tokens providing digital access to a good or service), and asset tokens.

Of these different types of tokens, only asset tokens (PDF) are treated like securities. FINMA investigated a company that issued tokens in 2018 and received 90 million Swiss francs from at least 37,000 investors. It was found that the company had violated Swiss laws, in particular, the Banking Act, but there were no concrete sanctions against the company due to the opening of bankruptcy proceedings.


Similarly, in Malta, the Virtual Financial Assets Act was introduced in 2018, making Malta the first country among EU member states to regulate ICOs. It defined three categories for tokens: utility, security, and virtual financial asset (VFA).

However, while these regulatory developments indicate that progress is being made in accommodating blockchain and cryptocurrencies, the regulations are not pervasive and many areas of where we would expect to have a regulatory scheme in place remain unaddressed. Of the major gaps, European jurisdictions still lack definitive guidance on the accounting and tax treatment of tokens, money transmission regulations, and privacy compliance under the General Data Protection Regulation (GDPR).

While notable action in some of these areas appears to be on the horizon, much progress yet remains to be made until Europe can boast of a comprehensive and harmonized regulatory framework. Data privacy regulators in Europe and the EU Parliament have started to look closely at the practical challenges of how to conciliate innovative blockchain solutions and the GDPR framework.

Be sure to check back for the next part in this blockchain series, which discusses how the technology can assist with compliance, supply change management, healthcare, and real estate.

Did you enjoy this article? Whether you are new to in-house or a seasoned veteran, ACC has the tools, connections, and information to help you make a greater impact on your organization. Subscribe to our mailing list today to access ACC’s career-enhancing resources for 30 days.