The Financial Conduct Authority ("FCA") this month published Final Guidance on Cryptoassets in an attempt to help firms understand whether, and the extent to which, their cryptoasset activities fall under FCA regulation (PS 19/22: Guidance on Cryptoassets) ("the Final Guidance").
In this Insight, Sushil Kuner from our Financial Services Regulatory team explores how the FCA's guidance on cryptoassets has evolved since publication of its Consultation Paper on the same earlier this year (CP 19/3) ("the CP"). In particular, she explains the FCA's new taxonomy of cryptoassets and why authorised firms using unregulated cryptoassets need to be mindful of certain regulatory requirements which may still apply.
The Final Guidance seeks to clarify where different categories of cryptoassets fall in relation to the FCA's regulatory perimeter, i.e. the boundary that separates regulated and unregulated financial services activities. Activities which fall within the regulatory perimeter are regulated and require authorisation from the FCA, and in limited circumstances the Prudential Regulation Authority, before they can be carried out. Carrying out regulated activities without the relevant authorisations may constitute a criminal offence.
While the Final Guidance does not materially differ to the draft guidance consulted on in the CP, the FCA has reframed the taxonomy of tokens to reflect market observations that greater clarity is needed in certain areas.
Changes to the Cryptoasset Taxonomy
In the CP, the FCA recognised three categories of cryptoassets which it described as follows:
- exchange tokens - not issued or backed by any central authority and designed to be used as a means of exchange. The FCA confirmed that these types of token generally fall outside of the regulatory perimeter because they usually provide limited or no rights for token holders and there is not a single issuer to enforce rights against. Cryptoasset exchanges simply providing a platform for the trading of exchange tokens therefore currently fall outside of the regulatory perimeter. This is the case even when exchange tokens are acquired and held for the purpose of speculation (and in the hope of making a gain) rather than exchange;
- security tokens - include specific characteristics which bring them within the definition of a 'specified investment', such as a share or a debt instrument, which mean they do fall within the regulatory perimeter. They include tokens that grant holders some, or all, of the rights conferred on shareholders or debt-holders, as well as those tokens that give rights to other tokens that are themselves specified investments; and
- utility tokens - grant holders access to a current or prospective product or service but do not grant holders rights that are the same as those granted by specified investments. Instead, they grant rights similar to pre-payment vouchers.
Although they are not specified investments, the FCA highlighted that exchange and/or utility tokens could still require FCA authorisation if they constitute 'e-money' or are used to facilitate regulated payment services.
While, on the whole, respondents agreed with the FCA's views on the regulatory status of each type of token, some respondents felt that there could be greater clarity in explaining which tokens fall within the regulatory perimeter and which tokens fall outside of it. As such, the FCA has, in its Final Guidance, repositioned the cryptoasset taxonomy and created three new categories of cryptoasset as follows:
- regulated tokens - these are tokens that are regulated by the FCA and generally comprise of security tokens and e-money tokens. There have been no significant changes to the characterisation of security tokens from the CP and our alert on the FCA's CP issued earlier this year details the factors to consider when determining if a token is a security token. Firms carrying on a specified activity, by way of business in the UK, involving a cryptoasset which is a specified investment (e.g. security tokens) may require authorisation and the relevant permission. Market participants should also be aware of the FCA's financial promotions regime; it is an offence to communicate an invitation or inducement to engage in investment activity unless that person is an authorised person or the content is approved by an authorised person. An offer of security tokens to the public may also be caught by the UK Prospectus Regime;
- e-money tokens - these are tokens that meet the definition of electronic money in the E-Money Regulations 2011 ("EMRs"). These tokens are subject to the EMRs and firms must ensure that they have the correct permissions and follow the relevant rules and regulations. This category formerly fell within the utility tokens category in the CP but have been given their own classification to make it clear that they fall within the FCA's regulatory perimeter. E-money is defined in the EMRs as:
- electronically stored monetary value that represents a claim on the issuer;
- issued on receipt of funds for the purpose of making payment transactions;
- accepted by a person other than the issuer; and
- not excluded from the definition of e-money in the EMRs; and
- unregulated tokens - these are tokens that do not provide rights or obligations akin to specified investments like shares, debt securities and e-money. These tokens include exchange tokens and utility tokens as set out above. They can be centrally issued, decentralised, primarily used as a means of exchange, or grant access to a current or prospective product or service. They might be used in one or many networks or ecosystems and can be fully transferable or have restricted transferability. The key point is that any token that is not a security token or an e-money token is an unregulated token.
Stablecoins are tokens whose value the issuers have attempted to stabilise using a variety of mechanisms. For example, tokens which are backed with fiat currencies or a reserve of low-volatility assets (e.g. bank deposits and short term government securities in currencies from stable central banks).
The FCA has made clear that while they may have a common purpose, they vary greatly in their structure and arrangement, making them inappropriate for any single classification. They could therefore fall into any category of security, e-money or unregulated tokens and issuers should analyse the characteristics of their tokens carefully to ascertain which category of cryptoasset their stablecoins fall into.
Irrespective of the type of token being issued, firms should consider whether their tokens are being used to facilitate payment services. If they are then this will likely need the appropriate authorisation under the Payment Services Regulations 2017 ("the PSRs"), unless an exemption under the PSRs applies.
Authorised Firms and Unregulated Cryptoassets
The FCA has made clear in its Final Guidance that where an FCA authorised firm carries on unregulated activities (for example, in relation to an unregulated cryptoasset), while that activity may not require a permission itself, it is possible that some FCA rules, Principles for Business and individual conduct rules under the Senior Managers and Certification Regime ("SMCR") may apply to those unregulated activities.
For example, under the SMCR, which applies to all UK deposit takers, dual regulated investment firms, insurers and will extend to all FCA solo-regulated firms in December 2019, all relevant individuals within authorised firms are subject to the FCA's conduct rules. These rules apply to both regulated and unregulated activities. Accordingly, activities by relevant individuals within authorised firms in relation to unregulated cryptoassets may be covered by the conduct rules of the SMCR, meaning that the FCA would be able to take action against those individuals for breaches of those rules where the conduct is covered by those rules.
Similarly, regulatory provisions such as the FCA's Principles for Business apply to regulated activities of authorised firms but can also apply, in certain circumstances, to unregulated activities carried on by authorised firms.
Authorised firms which carry out activities in relation to unregulated cryptoassets must also make sure that they do not, in any way, communicate that their authorisation extends to those cryptoassets. All communications should be transparent to ensure consumers are aware which activities the firm is authorised for.
It should be noted that some respondents to the CP shared concerns about the unregulated nature of certain tokens. The FCA acknowledged these concerns and has made clear that the location of the regulatory perimeter is ultimately a decision for legislation and the courts and all that it can do is to offer guidance on how the current regulatory perimeter applies to different types of cryptoasset. Things could look very different if and when the Cryptoassets Taskforce (comprising HMT, the Bank of England and the FCA) determine that policy changes need to be made.
In addition, HMT will be consulting separately on the transposition of the EU's 5th Money Laundering Directive ("5MLD"), which will capture wallet providers and cryptoasset exchanges, later this year. The FCA has indicated that UK policy may go wider than 5MLD but what that looks like is yet to be seen.
If you are affected by any of the above, we recommend you review the characteristics of your tokens, what the purpose of them is and how they are used, to determine how the FCA would classify them. The Final Guidance applies immediately. We would be delighted to assist you with your review and any follow up work.