EU Approach to ICO Regulation

The last few weeks have seen a number of notable developments in the US regulatory landscape for cryptocurrency and initial coin offerings (ICOs). 

Firstly, in what is being described by commentators as a “sweeping probe” into the ICO industry, the Securities Exchange Commission (SEC) is reported to have issued more than 80 subpoenas to ICO issuers and gatekeepers. While the scale of the probe is remarkable, the fact that the SEC is targeting ICOs is not news, the agency having made it clear back in July and in several statements since, that in its view certain tokens (and perhaps most tokens) constitute securities for US federal securities laws purposes. 

Hot on the heels of reports of the SEC probe, a federal judge in New York issued a judgment confirming the view of the Commodity Futures and Trading Commission (CFTC) that certain virtual currencies can constitute “commodities” for federal commodities law purposes. Again, this was not altogether surprising since the CFTC – the federal agency tasked with the regulation of the US futures and options markets - has openly defined virtual currencies as commodities for federal regulatory purposes as far back as 2015. Indeed, in a primer issued in October 2017, the agency indicated that “there is no inconsistency between the SEC’s analysis [that ICO tokens may be securities] and the CFTC’s determination that virtual currencies are commodities and that virtual tokens may be commodities or derivatives contracts depending on the particular facts and circumstances.” 

Perhaps somewhat more surprising was the unofficial statement from the US Financial Crimes Enforcement Network (FinCEN) - the federal agency charged with enforcing US anti-money laundering laws – that came to light in a letter released to the public recently, in which it indicated that it regards developers as well as exchanges of ICO coins or tokens as “money transmitters” for the purposes of the US Bank Secrecy Act. As such, they would be required to register with FinCEN, collect information about their customers and take steps to combat money laundering and terrorist financing. FinCen’s unofficial interpretation has been described by some commentators as a “major regulatory blow to ICOs and exchanges”. 

The combined result of these developments is that ICOs now find themselves potentially falling within at east three regulatory buckets and within the jurisdiction of at least three federal regulators in the US (or four, if you count federal tax laws and the IRS), namely: 

  • the SEC – on the basis that tokens may be securities;
  • the CTFC – on the basis that tokens may be commodities; and
  • FinCEN and the Bank Secrecy Act – on the basis that tokens may be money.

This is not to mention any additional regulatory authorities and additional regulatory frameworks that may apply at state level on a state-by-state basis. 

With so many cooks now operating in the US regulatory kitchen, it’s little wonder that many ICO issuers are now opting to exclude US participants from their offerings. Which begs the question: Have EU regulators adopted a similar approach as their US counterparts or does the EU offer a more straightforward regulatory environment for ICOs? 

The EU Approach: A More Straightforward Regulatory Environment?

Within the EU, the European Securities and Markets Authority (ESMA) has adopted a similar approach to the SEC on the application of EU securities laws to ICOs, taking the view that “depending on how the ICO is structured, the coins or tokens could, potentially, fall within the definition of a transferable security”. Where that is the case, the ICO could require the publication of a prospectus which would be subject to the approval of a competent authority in the EU, unless an exemption applies. 

Equally, ESMA has expressed a similar view to the CFTC, warning that certain coins or tokens may constitute “financial instruments” (which encompasses commodities derivatives) for EU law purposes. Where that is the case, firms involved in ICOs may be regarded as conducting regulated investment activities, such as placing, dealing, or advising on financial instruments or managing or marketing collective investment schemes, in which case they may need to comply with regulatory requirements under the Markets in Financial Instruments Directive II (MiFID II) and the Alternative Investment Fund Managers Directive (AiFMD). 

However, unlike FinCEN, EU regulators have to date generally declined to treat virtual currency or tokens as money or currency for the purpose of EU licensing laws around money transmission and payment services. 

Money Transmission and the Regulation of Virtual Currency in the EU

FinCEN regulates money transmitters pursuant to a legislative framework known as the Bank Secrecy Act (BSA), which includes elements of the Patriot Act, together with other laws and implementing regulations. Within the EU, while we don’t have an identical regime to the BSA, businesses that would be regarded as money transmitters under BSA could conceivably fall to be regulated and subject to licensing requirements under the following EU legislation: 

  • The E-Money Directive – which regulates the activity of issuing electronic money in the EU and sets out rules for business practices and authorization of e-money institutions; 
  • The Payment Services Directive 2 (PSD2) - which regulates payment services and sets out rule relating to the authorization of payment service providers in the EU; and/or 
  • The 4th Anti-Money Laundering Directive (4AMLD) - which sets out anti-money laundering requirements and related authorization requirements for “obliged firms”. 

While the specific approach outlined in the FinCEN letter (and, in particular, the application of money transmission rules to ICO issuers) clearly needs to be “discussed, unpacked and eventually finalized in a more formal and transparent setting“, FinCEN has expressed the view as early as 2013 that the definition of a money transmitter under the BSA does not differentiate between real currencies and convertible virtual currencies. Indeed, in the letter, FinCEN points out that virtual currency exchangers and administrators have “been subject to the BSA’s money transmitter requirements since 2011.” 

By contrast to the approach adopted by FinCEN, EU authorities have made a clear distinction between real currencies and “virtual currency” – the latter having been most recently defined by EU regulators as a “digital representation of value that is neither issued or guaranteed by a central bank or public authority and does not have the legal status of currency or money”. 

The European Central Bank (ECB) has commented that virtual currencies are “not scriptural, electronic, digital or virtual forms of a particular currency. They are something else, different from known currencies”. Accordingly, the ECB has indicated that “in the EU, virtual currency is not currently regulated and cannot be regarded as being subject to the (current) Payment Services Directive or the E-Money Directive”. 

Equally, the European Banking Authority (EBA) – the body that is jointly responsible (together with national supervisory authorities) for the regulation and supervision of payment services providers under PSD2, e-money institutions under the E-Money Directive and obliged entities under 4AMLD, has consistently expressed the view that virtual currencies do not fall within the scope of that body of legislation. Indeed, in an opinion issued in 2016, it expressed its agreement with the European Commission’s decision not to regulate virtual currency within the scope of existing directives in the financial services sector, being of the view that “a separate regulatory regime, or more far-reaching amendments to PSD2, would be required” to appropriately address the specific risks arising in the context of virtual currency transactions. 

More recently, in a joint opinion issued by the EBA, ESMA and the European Occupational Pensions and Insurance Authority in February 2018, the three agencies (the ESAs) again emphasised that “despite EU anti-money laundering requirements that will enter into force later in 2018 and which will become applicable to wallet providers and virtual currency exchange platforms, virtual currencies remain unregulated under EU law.” 

5AMLD: Moving Towards a US-Style Licensing Regime? 

As alluded to by the ESAs in their joint opinion, the 5th Anti-Money Laundering Directive (5AMLD), when it comes into effect, will expressly bring wallet providers and virtual currency exchange platforms within the scope of EU anti-money laundering requirements (and related registration and licensing requirements) by including them in the definition of “obliged entities”. 

While 5AMLD will close the gap somewhat between the EU regulatory framework and the US money transmission rules, based on the final compromise text (agreed in December 2017), the proposed amendments will only cover exchanges between virtual and fiat currencies, while virtual-to-virtual currency exchanges will generally remain outside the scope of the EU legislation. While the final text of 5AMLD still needs to be formally approved and signed by the European Council and Parliament, the European Commission’s approach has generally been focused on regulating “gatekeepers” between virtual and fiat currency, so it seems unlikely that this approach will change in the final approved version. 

Equally, unlike FinCEN, which has expressly indicated in its letter that it regards developers as well as exchanges of ICO tokens as “money transmitters” subject to BSA licensing requirements, issuers and/or developers of tokens or virtual currency have not been expressly included as “obliged entities” in 5AMLD. 

Needless to say, every ICO should nevertheless be analysed on its own facts, taking into account the particular structure, proposed business activities and any particular nuances that may apply under the national laws of any member state in which the tokens are being offered. That being said, as a general rule, unless an ICO issuer otherwise falls within the definition of “obliged entity” (e.g. because it will be carrying on regulated investment activities for the purposes of MiFID II), it should not per se be subject to licensing and authorization requirements under 5AMLD. 

What’s Next for ICO and Virtual Currency Regulation in the EU?

The European Commission recently published a 2018 Fintech Action Plan in which it expressed the view that an “assessment of the suitability of the current EU regulatory framework with regard to ICOs and cryptoassets in general is necessary”. The Commission committed in the Action Plan to continuing to “monitor developments” regarding cryptoassets and ICOs, together with the ESAs, the ECB and the Financial Stability Board (FSB), and other international standard setters, to assess whether regulatory action at EU level is required. The Commission commented that: 

On the one hand, the aim should be to make sure that EU firms, investors and consumers can take advantage of this technical innovation within a fair and transparent framework in order to make Europe a leading player in developing new ways to rapidly fund growing businesses. On the other hand, potential financial stability, market integrity, investor and consumer protection, personal data protection and money laundering and terrorist-financial related risks should be appropriately addressed.  

There is a lot to be said for the Commission’s approach. Certainly, addressing the lacunae in the existing regulatory framework through the introduction of bespoke legislation makes better sense than leaving it to regulators to try to squeeze this novel asset class into existing regulatory buckets that may not be fit for purpose. 

Moreover, the introduction of ICO and cryptoasset regulation at EU level will help to pre-empt a state-by-state, patchwork approach to ICOs across the EU: Already we are seeing a number of EU countries introducing crypto-friendly laws and initiatives. We have even seen one member state launch its own cryptocurrency! 

However, as the Commission points out in its report, cryptoassets are a “worldwide phenomenon” and, in that context, “international coordination and consistency” is essential to appropriately dealing with this asset class. With EU member states introducing piecemeal regulation at national rather than EU-level, certain EU countries will inevitably emerge as more “innovation friendly” (or, depending on your perspective, “light touch"). While this is not necessarily a bad thing of itself, it creates a patchwork and complex business environment for companies operating on a cross-jurisdictional basis in the EU – which will inevitably be a deterrent to innovation. It could also lead to patchwork consumer protection standards throughout the EU. Action at EU-level can help to pre-empt this by providing for a uniform, measured approach across the EU. 

One can only hope that the European Commission won’t drag its heels too long in working out what regulatory action is required to regulate the industry. With reports that almost 50% of the ICOs carried out last year have failed, there is potentially a lot of EU consumers’ money to be lost as the Commission continues to “monitor developments”. Equally, Europe, like the US, may begin to lose out on innovative and ground breaking projects as ICO issuers seek out other friendlier jurisdictions with more clear and certain regulatory frameworks. 

For more information contact Gina Conheady, Head of A&L Goodbody's San Francisco Office.

This article was first published by Bloomberg on March 23 2018 - Reproduced with permission from Copyright 2018 The Bureau of National Affairs, Inc. (800-372-1033) www.bna.com.