As cryptocurrencies and other forms of financial technology continue to increase in popularity, there has been a surge of startup businesses in the FinTech sector. This rapid rise in new businesses has left many entrepreneurs in need of funding to get their products off the ground. One investment vehicle that has sparked the interest of both investors and cryptocurrency companies alike is the use of Initial Coin Offerings.

In the previous edition of our newsletter, we discussed the use of cryptocurrencies as a relatively new financial tool in both Turkey and on a global scale and delved into the main questions surrounding the regulation of cryptocurrencies.[1]  In this article, we will explore cryptocurrencies within the context of Initial Coin Offerings and will take a look at how regulators around the world, including Turkey, are handling this financial phenomenon. Arbitration Clauses Incorporated by Reference

What is an ICO?

Initial Coin Offerings (“ICOs”) are a funding structure in which issuers sell their newly issued cryptocurrency tokens or cryptocurrency coins in exchange for other cryptocurrencies (such as Bitcoin or Ethereum). Companies use ICOs to fund new units of cryptocurrencies that investors hope will perform well in the future, thus yielding a profit. Investors have quickly taken a positive approach to this new source of funding, and since the first ICO launched online in July 2013 for Mastercoin (now renamed Omni), ICOs have raised over USD 20 billion for startups.[2]  Organizations, companies, and entrepreneurs use ICOs as an open call for funding in order to raise money through cryptocurrencies, which is beneficial to smaller scale investors because they can join together with other investors to provide funding, similar to the concept of crowdfunding.[3]  ICOs are advantageous for startups as they are not subject to the fundraising regulations imposed on banks and venture capitalists and instead offer simplified procedures to ease the process.

In a typical ICO, a project or startup will first create a “whitepaper” to promote the ICO on various platforms and forums to increase the number of potential investors. These whitepapers are similar to a conventional “IPO” (Initial Public Offering) prospectus and include a summary of the project goals, information on the unique features of the project, details on the project team, and the deployment plan.  Alongside a whitepaper, the project company may also issue a “yellowpaper” which explains the project in more technical detail, such as complex calculations regarding the cryptocurrency structure, value, and creation.[4]    Investors will then begin purchasing tokens through the relevant ICO platform to support the project or business, and the company will collect funding until they reach their desired goal. The startup may choose to rely on an extensive marketing campaign in order to ensure that the required number of investors is reached before the sale of tokens actually begins.  Upon completion of the goal, the project is actualized, tokens are distributed to investors, and the product is sold on crypto exchanges to hopefully turn a profit.

The term “ICO” itself has been a popular topic of debate because it heavily resembles the term “IPO”, a process in which a company lists its shares in a securities exchange for the first time for the public to purchase shares. While the inherent logic of ICOs and IPOs are the same, that is investors provide funds to a company in need of capital in exchange for a stake in the company, there are inherent differences that make ICOs a much riskier option than IPOs. ICOs bear three primary structural differences from IPOs: (i) they are decentralized, (ii) sparsely regulated, and (iii) there is no standardized format for how ICOs are conducted. Although the current lack of regulation and decentralized nature eases this process for startups and investors, it has also given rise to several issues including making ICOs an attractive vehicle for scammers.

The Risks of ICOs

While there have been a number of successful ICOs, such as the one carried out by the Ethereum Foundation which raised 31,000 bitcoin, or USD 18 m, in 42 days and grew to be the second largest cryptocurrency platform, there have also been instances where investors have fallen victim to some of the inherent risks associated with ICOs. The lack of ICO regulations has enabled this investment method to become a common platform used for scams and fraud. A 2018 report by the digital item and blockchain technology consulting firm Satis Group LLC found that 80% of all ICOs were scams and an estimated USD 9 million was said to have been lost each day due to these scams.[5]   Furthermore, given the characteristic decentralized network of ICOs, financial authorities like the Banking Regulation and Supervision Agency (“BRSA”) in Turkey or the Securities Exchange Commission (“SEC”) in the United States may not have the power to assist investors who have fallen victim to such scams in recovering their loss.  One of the most notable ICO frauds is the Ifan and Pincoin scam, where a fraudulent ICO was initiated in Vietnam that accumulated USD approximately 60 million in funding before magically disappearing from the face of the internet along with all of the investors’ funds.[6]

In addition to intentional fraud, ICOs are also at risk of being hacked as was the case in the DAO cyberattack. The DAO, short for Decentralized Autonomous Organization, was an organization that was established to facilitate cryptocurrency transactions, acting similar to a venture capital fund by collecting financing from various investors to be used for ICO investments. Many investors found the DAO appealing and it gained a huge share of all issued tokens (approximately 14%). However, after a short period of time, the DAO was hacked resulting in a loss of USD 50 million. In response, the SEC made a statement claiming that the DAO was issuing tokens that qualify as securities and therefore should have been subject to federal securities laws, triggering a crackdown on registering ICOs as securities for the purposes of oversight in the US.[7]

To protect investors from these looming cybersecurity risks, the regulation of ICOs becomes exceedingly important. We will now take a look at how regulators across the globe are handling ICOs on the legislative front.

The Regulatory Approach to ICOs around the World

Regulators’ approach to ICOs vary greatly from country to country. Some states, such as Malta and Switzerland who are known leaders in the FinTech sector, have already developed a robust regulatory plan for how to handle ICOs, while others have made ICOs flat out illegal or have yet to take any legislative action.

In February 2018, in response to the growing interest in ICOs, the Swiss Financial Market Supervisory Authority (“FINMA”) published its ICO guidelines.[8]  These guidelines state that an individual assessment will be made for ICOs on a case-by-case basis by taking into account the purpose of the tokens and which category the tokens fall into.[9]  The guidelines also state that because the risk of fraud is especially high, the Swiss Anti-Money Laundering Act is applicable to most ICO cases.

In Malta, the main three pieces of crypto legislation are also applicable to ICOs: (i) The Malta Digital Innovation Authority Act; (ii) the Innovative Technology Arrangement and Services Act; and (iii) the Virtual Financial Assets Act.[10]  In addition to the triad of legislation implemented to govern cryptocurrency transactions (including ICOs), the Malta Financial Services Authority (“MFSA”) established the Maltese Digital Innovation Authority (“MDIA”) to specifically determine if crypto businesses, including those seeking to initiate an ICO, are eligible to receive a license.  The Virtual Financial Assets Act specifically outlines the Maltese Financial Instruments Test that all companies wishing to utilize ICOs must pass in order to be eligible for a license.[11] 

In the United States, the SEC has created a cyber-unit to prevent and enforce misconduct related to ICOs; however, as discussed in our previous article, there is debate over whether the SEC has such authority because they are only authorized to oversee securities transactions.[12]  Since 2016, the SEC has filed charges against 27 companies, indicating that it is seeking strict enforcement of ICOs by qualifying them as securities and applying existing securities legislation.[13]

In the European Union (EU), there has been far less movement when it comes to regulating ICOs. In 2018, the European Commission published its “Fintech Action Plan” which simply states ICOs may offer firms new ways of raising capital but presents clear risks to investors.[14]  The Commission noted that ICOs may fall under existing EU legislation[15] and invited the European Supervisory Authorities to assess the existing legislation and present recommendations to the Commission if necessary. The plan further stated that the Commission would continue to monitor the developments of ICOs and assess whether regulatory action at the EU level is required. On 9 January 2019, the European Banking Authority (“EBA”) and the European Securities and Markets Authority (“ESMA”) both released their own reports in response to this request. The report released by EBA[16] stated that while crypto-asset-related activity in the EU is limited, there are certain activities that do not fall within the scope of the existing EU financial services law. Therefore, the EBA recommended that the Commission carry out a cost/benefit analysis to decide whether EU-level action is necessary. The ESMA report[17] stated that provided that the appropriate safeguards were in place, ICOs could be beneficial, but expressed concern regarding the volatility and fraudulent practices existing in this area. As of the date of this article, no EU-level regulation regarding ICOs is currently in force.

Furthermore, in contrast with the Maltese and Swiss legislation that encourages the regulated and monitored use of ICOs, countries like China and South Korea have made ICOs illegal entirely. The question then remains: where does Turkey fall on this wide spectrum of thought?

The Regulation of ICOs in Turkey

In the previous edition of our newsletter, we discussed the current and potential future legal treatment of cryptocurrencies in Turkey, concluding that while the regulation of cryptocurrencies was a topic of interest amongst banking authorities, the relevant regulatory bodies have yet to take action. As of the date of this article, a similar situation exists in relation to ICOs as there is no proposed or existing legislation regulating ICOs in Turkey. Additionally, since the current legislation does not specify whether cryptocurrencies are classified as currencies, securities, or commodities, the authority with the power to regulate their sale remains unclear. So far, a total of 26 ICOs have taken place in Turkey and companies utilizing ICOs have raised a total of USD 14 m, indicating a strong appetite for ICOs in Turkey, and thus a need for regulation.[18] 

It may be argued that the similarities between ICOs and IPOs are sufficient enough to place them under the same regulating authority. In its bulletin dated 27 September 2018,[19] the Capital Markets Board of Turkey (“CMB”), the regulator approving IPOs, touched upon ICOs, referring to them as “cryptocurrency sales” or “token sales”. However, the bulletin stated that such sales largely fall outside the scope of the regulation authority of the CMB, substantiating the argument in favor of classifying cryptocurrencies as commodities.  The CMB argued that ICOs are extremely risky and speculative investments and that the lack of regulation and supervision in this area means that fraudulent practices are highly common. As such, Turkish authorities recommend that potential investors be wary of the risks posed by ICOs and to exercise caution before getting investing.

The CMB went on to explain that work for the issuance of secondary legislation in relation to regulating crowdfunding activities was currently underway. Recognizing that ICOs have certain similarities to crowdfunding activities and IPOs, it stated that whether token sales are subject to such regulation would be evaluated on a case-by-case basis.[20]  However, such statement should not be construed to mean that the CMB has blessed ICOs or their alterations, but we believe it implies that the CMB is closely watching the current ICO related activities in the market.

The Future of ICOs in Turkey

Given the volume of ICO investments made in Turkey thus far, clear interest from market participants indicates that it will be beneficial for Turkish authorities to place certain regulations on ICOs to ensure safety and security. A report by the Blockchain Turkey Platform published in May 2020[21] listed the measures that may be taken to that end, such as the mandatory licensing of cryptocurrency sales, purchases and intermediary platforms, standardization of the data required from consumers to participate in such activities and requiring these platforms to comply with the Law on the Protection of Personal Data numbered 6698, and the inclusion of ICOs in the Capital Markets Law no. 6362, therefore falling under the umbrella of the authority of the CMB.