i Introduction to the legal and regulatory framework

At present, some but not all types of virtual currencies are regulated in the UK. In general, the structure and substantive characteristics of a virtual currency will determine whether or not it falls within the UK regulatory perimeter, and if so, which regulatory framework or frameworks will apply. This requires a case-by-case analysis of the specific virtual currency, as illustrated by the UK Financial Conduct Authority's (FCA) consumer warning on initial coin offerings (ICOs) issued in September 2017:

Many ICOs will fall outside the regulated space. However, depending on how they are structured, some ICOs may involve regulated investments and firms involved in an ICO may be conducting regulated activities.

Some ICOs feature parallels with Initial Public Offerings (IPOs), private placement of securities, crowdfunding or even collective investment schemes. Some tokens may also constitute transferable securities and therefore may fall within the prospectus regime.

Businesses involved in an ICO should carefully consider if their activities could mean they are arranging, dealing or advising on regulated financial investments. Each promoter needs to consider whether their activities amount to regulated activities under the relevant law.2

i Questions to consider when identifying potentially applicable regulatory regimes

As noted above, there are various ways in which virtual currencies might be regulated in the UK. When analysing whether and, if so how, a particular virtual currency is regulated, it is helpful to consider the following questions:

  1. Might virtual currencies be transferable securities or other types of regulated financial instruments or investments?
  2. Might arrangements relating to the issuance of virtual currencies involve the creation of a collective investment scheme?
  3. Might virtual currencies give rise to deposit-taking, the issuance of electronic money or the provision of payment services?
  4. Might the issuance of virtual currencies or the operation of an exchange for virtual currencies be regulated as crowdfunding?

ii Interaction with EU financial services regulation and impact of Brexit

The UK is currently a Member State of the EU. Therefore, EU-wide rules regulating the provision of financial services apply to the regulation of virtual currencies in the UK, whether through the direct application of EU regulations or under UK legislation implementing the requirements of EU directives.

For instance, the UK has implemented into national law requirements of:

  1. the recast Markets in Financial Instruments Directive (MiFID 2),3 which regulates investment services and activities relating to financial instruments;
  2. the Prospectus Directive (PD),4 which regulates public offerings of securities;
  3. the Capital Requirements Directive and Regulation,5 which regulate the activities of credit institutions, including deposit taking; and
  4. the revised Electronic Money Directive and the revised Payment Services Directive,6 which regulate activities relating to the issuance of electronic money and the provision of payment services, respectively.

These EU regulatory requirements may be integrated into or sit alongside domestic UK regulatory requirements, such as those under the Financial Services and Markets Act 2000 (FSMA), the Electronic Money Regulations 2011 (EMRs) and the Payment Services Regulations 2017 (PSRs).

At the time of writing, the UK is due to leave the EU on 29 March 2019. This follows the outcome of the Brexit referendum vote in June 2016 and service of notice of the UK's intention to leave the EU under Article 50 of the Treaty on European Union on 29 March 2017. However, the government has committed to preserve and onshore most existing EU and EU-derived legislation as it stands immediately before the UK's departure through the European Union (Withdrawal) Act 2018. Therefore, the analysis of whether virtual currencies are regulated in the UK (including under applicable EU-wide regulatory frameworks) should not be affected by Brexit, at least in the short term.

ii Securities and investment services laws

FSMA forms a cornerstone of the UK regulatory regime for financial services. Under Section 19 FSMA, a person must not carry on a regulated activity in the UK or purport to do so unless

he or she is authorised or exempt.7 This is referred to as the general prohibition, breach of which is a criminal offence (see Section VIII.i).

A regulated activity is an activity of a specified kind that is carried on by way of business and relates to an investment of a specified kind.8 The Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO) sets out the kinds of activities and investments that are specified for this purpose. Therefore, a key question is whether some types of virtual currencies may be specified investments under the RAO, and if so, into which category or categories of specified investments they fall. In general, the answer to this question will depend on the substantive features of the virtual currency under consideration, and so a case-by-case analysis of the relevant fact pattern will be needed. However, we set out in subsection i some broad principles about how different types of virtual currencies are likely to be categorised under the UK regulatory regime. At a high level, the FCA has indicated cryptocurrencies and utility tokens are not regulated types of financial instruments, whereas activities relating to cryptocurrency derivatives and securities tokens are regulated. We also consider in subsection ii whether arrangements relating to the issue of virtual currencies could involve the creation of a collective investment scheme (CIS).

i Categories of virtual currencies and specified investments

Cryptocurrencies and cryptocurrency derivatives

The FCA has stated that it does not consider digital currencies to fall within the UK regulatory perimeter for financial services, provided that they do not form part of other regulated products or services.9 In general, this means that digital currencies are not considered to be specified investments under FSMA.10

The FCA reiterated this view in April 2018, stating that cryptocurrencies themselves are not currently regulated financial instruments in the UK.11 However, the FCA has indicated that cryptocurrency derivatives may be financial instruments within the scope of MiFID 2.12 For these purposes, cryptocurrency derivatives include futures, options and contracts for difference referencing cryptocurrencies or tokens issued through an ICO. While the FCA statement is not definitive (and a case-by-case factual analysis would be needed), this means that firms would likely need to be authorised under FSMA to deal in, advise on or arrange transactions in cryptocurrency derivatives, or provide any other regulated services relating to cryptocurrency derivatives in the UK.

In its April 2018 statement, the FCA also indicated that it does not consider cryptocurrencies to be currencies or commodities for regulatory purposes under MiFID 2. This is relevant for assessing which regulatory rules would apply to cryptocurrency derivatives, as specific rules apply to certain categories of derivatives, such as commodity derivatives or derivatives where the underlying is a currency or a regulated financial instrument.

Security tokens

Some types of virtual currencies, such as security tokens, may be classed as securities for the purposes of UK regulatory requirements. Securities are a sub-set of specified investments under the RAO. Further regulatory requirements also apply to virtual currencies that are transferable securities, such as the UK prospectus regime (see Section VII.i).

The FCA has indicated that at least some types of virtual currencies may be transferable securities, for example where blockchain is used as a distribution infrastructure for traditional securities. In particular, it identifies that traditional shares issued on a public blockchain may be transferable securities, and that some ICO tokens may 'amount to a transferable security more akin to regulated equity-based crowdfunding'.13

Meaning of securities

Broadly, the RAO defines securities as including:14

  1. shares;15
  2. bonds, debentures, certificates of deposit, and other instruments creating or acknowledging indebtedness;16
  3. warrants and other instruments giving entitlements to investments in shares, bonds, debentures, certificates of deposit, and other instruments creating or acknowledging indebtedness;17
  4. certificates representing certain securities: that is, certificates or other instruments that confer contractual or property rights in respect of certain types of securities held by another person and the transfer of which may be effected without the consent of that other person;18
  5. units in a CIS;19
  6. rights under a stakeholder or personal pension scheme;20 and
  7. greenhouse gas and other emission allowances.21

The definition of securities also includes rights or interests in these types of investments (with some exceptions, such as in relation to occupational pensions schemes, which are not generally relevant to virtual currencies).22

Persons that carry on specified activities relating to securities tokens (or other virtual currencies that are securities) by way of business in the UK would therefore need to be authorised and have appropriate permissions under FSMA. Relevant specified activities include dealing in (i.e., buying, selling, subscribing for or underwriting) securities as principal or as an agent,23 arranging transactions or making arrangements with a view to transactions in the securities.24

Meaning of transferable securities

If the substantive characteristics of a virtual currency mean that it falls within the definition of a security, it is also necessary to consider whether that security is transferable to identify the applicable regulatory requirements.

The definition of transferable securities under FSMA25 cross-refers to MiFID 2 which in turn defines transferable securities as 'those classes of securities which are negotiable on the capital market, with the exception of instruments of payment'.26

The European Commission has published various Q&As on this definition, which indicate that the concept of being negotiable on the capital market is to be interpreted broadly. In particular, the Commission states that '[i]f the securities in question are of a kind that is capable of being traded on a regulated market or MTF, this will be a conclusive indication that they are transferable securities, even if the individual securities in question are not in fact traded' but conversely, '[i]f restrictions on transfer prevent an instrument from being tradable in such contexts, it is not a transferable security'.27

The term capital market is not defined for this purpose, but the Commission has indicated that the concept is broad, and is intended to include all contexts where buying and selling interests in securities meet.28 This could therefore include a cryptocurrency exchange.This means that those types of virtual currencies that are classed as securities are also likely to qualify as transferable securities where they are traded or capable of being traded on cryptocurrency or other exchanges. They would therefore fall within the prospectus regime (discussed in Section VII.i) and other regulatory requirements that apply specifically to transferable securities.

If security tokens are not negotiable on the capital market, for example due to contractual restrictions on transfer, they may nonetheless fall within the UK crowdfunding regime for non-readily realisable securities (see below and Section V.ii).

Non-readily realisable securities

In 2014, the FCA introduced regulatory rules relating to the promotion of non-readily realisable securities. The FCA defines a non-readily realisable security as a security that is not:

  1. a readily realisable security: this term includes government and public securities, and securities that are listed or regularly traded on certain exchanges. Note that this concept is narrower than that of a transferable security;
  2. a packaged product: this includes units in a regulated CIS as well as certain insurance, pension and other products;
  3. a non-mainstream pooled investment: this includes units in an unregulated CIS, certain securities issued by a special purpose vehicle, and rights or interests to such investments; or
  4. certain types of shares or subordinated debt issued by mutual societies or credit unions.29

It is possible that some types of virtual currencies may be both transferable securities and non-readily realisable securities.

Utility tokens

Utility tokens are not regulated financial instruments in the UK, almost by definition, as the FCA explains describes utility tokens as 'tokens representing a claim on prospective services or products' and explains that they are 'tokens that do not amount to transferable securities or other regulated products and only allow access to a network or product'.30 For example, this would include tokens that entitle the holder to access office space or to use certain software.

ii Could arrangements relating to the issue of virtual currencies involve the creation of a CIS?

Other regulatory requirements will apply if arrangements relating to the issue of a virtual currency involves the creation of a CIS. Units in a CIS are specified investments under the RAO, and establishing, operating or winding up a CIS is a regulated activity under FSMA (subject to the exclusions discussed below in 'Collective investment undertakings and alternative investment funds').31

Collective investment schemes

A CIS is defined as 'any arrangements with respect to property of any description, including money, the purpose or effect of which is to enable persons taking part in the arrangements (whether by becoming owners of the property or any part of it or otherwise) to participate in or receive profits or income arising from the acquisition, holding, management or disposal of the property or sums paid out of such profits or income'.32

In addition, the participants in a CIS must not have day-to-day control over the management of the property; and the arrangements must provide for the contributions of the participants and the profits or income to be pooled, or for the property to be managed as a whole by or on behalf of the operator of the scheme, or both.33

Virtual currency structures that do not involve an investment in underlying assets (such as cryptocurrencies) or that do not provide for participants to participate in or receive profits or income from a pool (such as utility tokens) would not generally fall within the definition of a CIS.

In some cases, it is possible that the issuer of a virtual currency will itself be a CIS albeit that the virtual currency is not a unit, and holders of the virtual currency will not be unitholders, in the CIS. This may arise, for example, where the issuer raises funds from issuing virtual currency and uses the funds raised to acquire assets or make other investments for the benefit of unitholders in the issuance vehicle (but not the holders of the virtual currency).

Collective investment undertakings and alternative investment funds

If a virtual currency is a CIS, it may also be a collective investment undertaking (CIU), an alternative investment fund (AIF), or both.

A CIU an EU-wide concept that is similar but not identical to that of a CIS.34 The European Securities and Markets Authority (ESMA) has issued guidelines on the characteristics of a CIU, which provide that an undertaking will be a CIU where:

(a) the undertaking does not have a general commercial or industrial purpose; (b) the undertaking pools together capital raised from its investors for the purpose of investment with a view to generating a pooled return for those investors; and (c) the unitholders or shareholders of the undertaking – as a collective group – have no day-to-day discretion or control. The fact that one or more but not all of the aforementioned unitholders or shareholders are granted day-to-day discretion or control should not be taken to show that the undertaking is not a collective investment undertaking.35

An AIF is a CIU that raises capital from a number of investors with a view to investing it in accordance with a defined investment policy for the benefit of those investors, and that does not require authorisation under the UCITS Directive.36

In general, a substantive analysis would be required to determine whether a particular virtual currency may be an AIF. If so, the virtual currency would need an authorised or regulated manager (AIFM) that would be responsible for compliance with the UK regulatory requirements applicable to AIFs and AIFMs. Managing an AIF is a regulated activity under FSMA.37

iii Banking and money transmission

In the UK, a number of banking activities should be considered in the context of virtual currencies, including whether any activities performed in connection with virtual currencies might give rise to the acceptance of deposits, the issuance of electronic money or the performance of payment services.

i Accepting deposits

Accepting deposits in the UK is a regulated activity for the purposes of FSMA if money received by way of deposit is lent to others or any other activity of the person accepting the deposit is financed wholly, or to a material extent, out of the capital of or interest on money received by way of deposit.38

For these purposes, a deposit is defined as a sum of money paid on terms:

  1. under which it will be repaid, with or without interest or premium, and either on demand or at a time or in circumstances agreed by or on behalf of the person making the payment and the person receiving it; and
  2. that are not referable to the provision of property (other than currency) or services or the giving of security.

Typically, virtual currencies would not give rise to deposit-taking activity, since issuing virtual currencies does not usually involve the deposit of a sum of money to the issuer (assuming there is an issuer); virtual currencies would often be issued on receipt of other cryptocurrencies. Even if such cryptocurrencies were to be treated as money, they are rarely issued on terms under which such cryptocurrencies would be repaid to the holder.

ii Electronic money

The issuance of electronic money is also a regulated activity in the UK.39 It is a criminal offence to issue electronic money without the appropriate authorisation.

Under the EMRs, electronic money is defined as electronically (including magnetically) stored monetary value as represented by a claim on the electronic money issuer that is issued on receipt of funds for the purpose of making payment transactions; is accepted as a means of payment by persons other than the issuer; and is not otherwise excluded under the EMRs.

A key characteristic for a product to be electronic money is that it must be issued on receipt of funds (i.e., it is a prepaid product whereby a customer pays for the spending power in advance).

In general, virtual currencies are unlikely to give rise to the issuance of electronic money since they do not typically give rise to stored monetary value (the value of cryptocurrencies is often highly volatile, determined by market forces, and is not related to any specific currency). Furthermore, most cryptocurrencies do not give holders a contractual right of claim against an issuer of the relevant cryptocurrency, are not issued on receipt of funds and (with some exceptions) are not usually issued for the purpose of making payment transactions.

That said, however, there are some cryptocurrencies that do function much like electronic money. In particular, stable coins are specifically designed to maintain value and are often pegged to underlying assets, including currencies such as the US dollar. If a stable coin is issued on receipt of fiat currency such as US dollars and represents a claim on the issuer

such that a holder may be entitled to redeem that stable coin for fiat currency, this may well constitute the issuance of electronic money by the issuer.

iii Payment services

The provision of payment services in the UK is regulated under the PSRs. It is a criminal offence to provide payment services without the appropriate authorisation or registration.40

Payment services comprise the following activities when carried out as a regular occupation or business activity in the UK:41

  1. services enabling cash to be placed on a payment account and all of the operations required for operating a payment account;
  2. services enabling cash withdrawals from a payment account and all of the operations required for operating a payment account;
  3. the execution of payment transactions, including transfers of funds on a payment account with a user's payment service provider or with another payment service provider, including:
    • execution of direct debits, including one-off direct debits;
    • execution of payment transactions through a payment card or a similar device; and
    • execution of credit transfers, including standing orders;
  4. the execution of payment transactions where the funds are covered by a credit line for a payment service user, including:
    • execution of direct debits, including one-off direct debits;
    • execution of payment transactions through a payment card or a similar device; and
    • execution of credit transfers, including standing orders;
  5. issuing payment instruments42 or acquiring payment transactions;43
  6. money remittance;44
  7. payment initiation services;45 and
  8. account information services.46

There are, however, a number of exclusions listed in Part 2, Schedule 2 PSRs (activities that do not constitute payment services), including exemptions similar to the limited network exclusion and the electronic communications exclusion described above in relation to the issuance of electronic money.

As the name suggests, the PSRs regulate services rather than products per se. However, as noted in Section II.i, while the FCA has stated that it does not consider cryptocurrencies to generally fall within the UK regulatory perimeter for financial services, they may do so where they do not form part of other regulated products or services. One such example may be where a cryptocurrency is used as an intermediary currency in money remittance, for instance, converting fiat currency into a digital currency and then back into a different fiat currency to transmit to the recipient (e.g., pounds sterling to Bitcoin to US dollar transactions).

As noted above, money remittance is a regulated payment service, and the interposition of a cryptocurrency in the remittance process would not mean that such a service ceases to be characterised as a regulated payment service; rather it will continue to be treated as a regulated payment service. That said, however, the interposition of a cryptocurrency into a money remittance process does not necessarily make the cryptocurrency itself a regulated financial product or mean its exchange for fiat currency would always constitute a regulated payment service. The arrangements and services offered by persons using such cryptocurrencies need to be considered holistically to determine whether, notwithstanding the use of a cryptocurrency, those persons may be engaging in regulated payment services.

iv Anti-money laundering

i Money Laundering Regulations 2017

The Money Laundering Regulations 2017 (MLR)47 apply to relevant persons, including banks and other financial institutions, when they are carrying on certain regulated activities.48 The substantive requirements of the MLR do not apply generally, in respect of other (unregulated) business or activities.49 Therefore, a factual analysis is required to determine whether the business activities or transactions relating to a particular virtual currency fall within the scope of the MLR; this will often depend on whether the virtual currency is itself a regulated financial instrument.

If the MLR do apply, relevant persons will need to comply with requirements under the MLR, including requirements to:

  1. take appropriate steps to identify and assess the risks of money laundering and terrorist financing to which the business is subject, and establish and maintain policies, controls and procedures to mitigate and manage effectively such risks;50 and
  2. carry out customer due diligence to identify customers, verify customers' identities, and assess the purpose and intended nature of a business relationship or transaction.51

The MLR also include requirements relating to record keeping and identification of beneficial ownership.52

The FCA is responsible for overseeing supervision of the UK's anti-money laundering regime under the MLR.53 Breach of the MLR may carry both criminal and civil penalties.54

ii FCA 'Dear CEO' letter on crypto assets and financial crime

The FCA has issued a Dear CEO letter advising banks on how to handle financial crime risks posed by crypto assets, which the FCA defines in the letter as 'any publicly available electronic medium of exchange that features a distributed ledger and a decentralised system for exchanging value'.55 This is the first guidance the FCA has published specifically on how banks should address financial crime risks posed by crypto assets or cryptocurrencies.

The letter states that enhanced scrutiny may be necessary where banks provide services to crypto asset exchanges or clients whose source of wealth arises or is derived from crypto assets, and when arranging, advising or participating in an ICO. The FCA also reminds banks of its 2012 review56 of bank defences against investor fraud, noting that retail customers may be at heightened risk of falling victim to fraud where they invest in ICOs.

v Regulation of exchanges

The regulatory rules (if any) applicable to virtual currency exchanges will depend on the regulatory characterisation of the types of virtual currencies that are traded on the exchange.

i Exchanges for virtual currencies that are MiFID financial instruments

The operator of an exchange on which virtual currencies qualifying as transferable securities or other MiFID financial instruments can be traded may need to be authorised under FSMA as the operator of a multilateral trading facility (MTF) or an organised trading facility (OTF).57

An MTF is 'a multilateral system . . . which brings together multiple third-party buying and selling interests in financial instruments – in the system and in accordance with non-discretionary rules – in a way that results in a contract'.58

The definition of an OTF is similar, but it relates only to trading of non-equity instruments (i.e., bonds, structured finance products, emission allowances and derivatives), and an OTF does not need to have non-discretionary rules setting out how buying and selling interests are to be matched.59

ii Operators of crowdfunding platforms

In the UK, some but not all types of crowdfunding or peer-to-peer financing fall within the regulatory perimeter.

Operating a loan-based or investment-based crowdfunding platform is generally regulated under FSMA, as discussed below. Depending on how the platform operator structures its business, in some cases it may also be managing a CIU, in which case it will be subject to requirements that apply to AIFMs (see Section II.ii: Collective investment undertakings and alternative investment funds).

The FCA also regulates payment services relating to other types of crowdfunding, such as donation-based crowdfunding (i.e., where people give money to businesses or organisations they want to support).

Operating a loan-based crowdfunding platform

Operating a loan-based crowdfunding platform has been regulated under FSMA since 1 April 2014 through the introduction of a new regulated activity of 'operating an electronic system in relation to lending'.60

Loan-based crowdfunding platforms allow investors to extend credit directly to consumers or businesses to make a financial return from interest payments and the repayment of capital over time. For this purpose, credit includes a cash loan and any other form of financial accommodation.61

Some types of virtual currencies may involve the provision of credit, so an exchange that operates an electronic system enabling it to bring issuers of such virtual currencies and investors together may need to be authorised under FSMA and have permission to operate an electronic system in relation to lending.

The FCA launched a consultation in July 2018 on proposed changes to its current rules for loan-based crowdfunding platforms, and intends to publish revised rules by the end of 2018.62

Operating an investment-based crowdfunding platform

Operating an investment-based crowdfunding platform where consumers invest in securities issued by newly established businesses is regulated, as the platform operator will be arranging for others to buy those securities.63

Therefore, an exchange on which securities tokens can be traded may be subject to rules relating to operating an investment-based crowdfunding platform. As indicated in SectionII.i, specific regulatory rules apply to the promotion of non-readily realisable securities.

vi Regulation of miners

There is no specific UK regulatory regime that would capture the activities of miners.

As virtual currencies that are mined are likely to be cryptocurrencies (or other types of virtual currencies that are not regulated financial instruments in the UK), it therefore seems less likely that the activities of miners would be regulated.

However, in some cases, a more detailed factual analysis may be needed as to whether miners' activities involve them carrying on a regulated activity in the UK by way of business for the purposes of FSMA or under the PSRs or EMRs (as discussed at Sections II and III).

vii Regulation of issuers and sponsors

Regulation will depend on the regulatory or legal characterisation of the virtual currency in question.

i Prospectus regime

A prospectus may be needed in respect of securities tokens or other types of virtual currency that are characterised as transferable securities.

An issuer of transferable securities must provide a prospectus where an offer of those securities is made to the public in the UK (subject to certain exemptions). Breach of this requirement is a criminal offence.64

ii Underwriting or issuing securities as regulated activities

A sponsor may be carrying on the regulated activity of dealing in investments as principal to the extent that it underwrites an issue of securities tokens.65 In this case, the sponsor would need to be authorised and have relevant permissions under FSMA.

It is also possible that the issuer of the securities tokens would be dealing in investments as principal (as the concept of selling includes issuing or creating securities).66 However, in many cases the issuer is unlikely to be carrying on this activity by way of business and so would not be carrying on a regulated activity for the purposes of Section 19 FSMA.67

iii Deposits and electronic money

See Section III for a discussion about whether issuing a virtual currency may involve accepting deposits or issuing electronic money.

viii Criminal and civil fraud and enforcement

Nefarious activity concerning virtual currencies have been well-publicised, whether ICOs alleged to be Ponzi schemes, in which 'investors' seek the return of their contributions; hacks of virtual currency exchanges; and thefts of private keys or schemes seeking to defraud holders of their virtual currency via fake exchanges or wallets. In that context, virtual currencies give rise to a number of unique civil and criminal enforcement issues under English law, almost all of which are untested by the English Court.

We address below (1) the regulatory risks arising from unauthorised activities in relation to virtual currencies, and (2) certain liability and enforcement issues regarding virtual currencies, which arise in both the criminal and civil contexts. At the core of the latter is the debate around the correct private law characterisation of virtual currencies, and whether they can be characterised as money or property as a matter of English law. Such characterisation issues will need to be analysed for any type of virtual currency before determining whether any cause of action (at common law or in equity) is available.

i Regulatory enforcement with respect to virtual currencies

FCA enforcement issues

As noted above, to the extent that an activity in relation to a virtual currency is a regulated activity, a failure to be authorised will be in breach of the general prohibition under Section 19 FSMA. Breach of the general prohibition is a criminal offence pursuant to Section 23 FSMA. Further, an officer of the company (including a director, chief executive, manager, secretary and shadow director) will also be guilty of a criminal offence where it was committed with his or her consent or as a result of his neglect.68 The penalty for an offence under Section 23 FSMA is imprisonment for two years, an unlimited fine, or both.

In parallel, the FCA is able to pursue civil remedies to seek injunctive relief against the party engaged in the unauthorised activity (and its officers) restraining the contravention and ordering them to take such steps as the English Court may direct to remedy it.69

The FCA also has the power to seek a restitution order if a person has contravened a relevant requirement under FSMA (or been knowingly concerned in the contravention of such a requirement), and either profits have accrued to that person, or one or more persons have suffered a loss or been otherwise adversely affected (or both).70 Theoretically, that could amount to ordering an issuer to pay the FCA 'such sum as appears to the Court to be just'. The English Court may then direct the FCA to distribute such sum to primary or secondary purchasers of a virtual currency, as persons who have suffered a loss pursuant to Section 382 FSMA.

While the FCA has issued consumer warnings in relation to virtual currency risks, it has yet to publicly announce any enforcement action concerning virtual currencies or ICOs (unlike regulators in other jurisdictions, notably the Securities and Exchange Commission and the Commodity Futures Trading Commission in the US).

Statutory remedies under FSMA

An agreement made by an unauthorised person in breach of the general prohibition is unenforceable against the other contracting party.71 In addition, the contracting party has a statutory right to recover money or property paid or transferred under the agreement (where, if the transfer is a virtual currency, the private law characterisation issues are pertinent) or to be compensated for any resulting loss suffered by his or her, or both.72 The English Court can, however, exercise its discretion to uphold an otherwise unenforceable agreement, or order money and property paid or transferred to be retained where it is just and equitable to do so.73

ii Liability and enforcement issues regarding virtual currencies

Virtual currencies as money

Virtual currencies, unlike fiat currencies, do not embody units of account sanctioned by the state. Thus, the English Court will have to determine whether virtual currencies are money as a matter of statutory construction, or as a matter of private law. The point appears highly arguable, given that virtual currencies have many similar features to money (including their own unique unit of account, and as a store of value that can be transferred).

A related issue is whether it is possible to obtain a judgment in the English Court in a virtual currency. The English Court has previously determined that, as a matter of procedure, it can give judgments in a foreign currency (and not just sterling),74 and could be urged to give judgment in a virtual currency, perhaps by awarding delivery in specie rather than damages.

Virtual currencies as property

Criminal liability

Virtual currencies would appear to be capable of falling within the definition of property under Section 4(1) of the Theft Act 1968, which covers 'money and all other property, real or personal, including things in action and other intangible property', opening the door to the prosecution of a theft of virtual currency under English law.

Depending on the facts, frauds concerning virtual currencies are capable of prosecution, either as common law conspiracy to defraud or under the Fraud Act 2006 (as fraud by false representation).75

Civil liability

Virtual currencies do not fit neatly within the category of either choses in possession or choses in action, and their private law characterisation has yet to be tested by the English Court.

It is more likely that virtual currencies are a species of intangible property. Armstrong DLW GmbH v. Winnington Networks Lt d76 held that the carbon allowances under an EU trading had permanence and stability, were definable, had value, and were identifiable by, and able to be transferred to, third parties, and treated them as intangible property.

In contrast, the Court of Appeal in Your Response Ltd v, Datastream Business Media77 concluded that information in a database is not property (although the physical medium on which it is recorded may be). By analogy, if virtual currencies on blockchain are treated as lines of data or information on a database, common law actions that depend on possession (such as the tort of conversion) will not be available, following OBG Ltd v. Allan.78

If virtual currencies can be treated as intangible property, restitutionary claims at common law or in equity are available to the lawful holder of title to such virtual currency, provided the virtual currency can be traced and the defendant identified.

In the context of blockchain technology, while the location of a virtual currency can typically be established, the legal person behind the public key may be more difficult to identify. In CMOC v. Persons Unknown,79 the English Court demonstrated its ability to adapt to new technology (and the fraud associated with it), granting a without-notice freezing injunction against persons unknown when a company's email was infiltrated and emails were fraudulently sent in the name of a senior individual, directing payments to be made out of the company's bank accounts. Accordingly, the possibility to seek injunctive relief (which may be particularly useful where virtual currency exchanges are involved) remains open in relation to virtual currencies.

ix Tax

There is no specific UK tax legislation applicable to cryptocurrencies, although HMRC Brief 9 of 2014 sets out the basic principles.

i Basic direct tax position

Unlike sterling, but like other currencies, purchases and sales of virtual currencies will generally need to be translated into sterling to determine the UK tax consequences.

For most individuals and companies, buying a cryptocurrency and then selling it will give rise to profits or losses that may be subject to tax, the profit or loss being calculated by translating the purchase and sale price into sterling at the prevailing exchange rate.

For individuals, generally purchases and sales of cryptocurrencies will be taxed as a capital gains item. For companies, profits and losses on exchange movements between currencies (including between sterling and a cryptocurrency) will be taxed as trading profits and losses or possibly as capital gains and losses under normal corporation tax rules for companies liable to UK corporation tax.

Income received by an individual or company from trading transactions in cryptocurrencies (e.g., from sales by a trader of stock priced in a cryptocurrency) will be taxed as part of normal trading income, translated into sterling at the prevailing rate. Similarly, it is probable that income from currency mining would be taxed as part of other income, although the position on this is not entirely clear.

ii VAT

Supplies in the course of a trade priced in cryptocurrency will be liable to VAT in the normal way as for supplies in any other currency.

Income received from cryptocurrency mining will generally be outside the scope of VAT on the basis that the activity does not constitute an economic activity for VAT purposes. Income received by miners for other activities (e.g., the provision of verification services) will generally be exempt from VAT as falling within the category of transactions concerning payments, etcetera.

No VAT is due on the exchange of cryptocurrencies for sterling or other currencies.

x Other issues

i Data protection

The EU General Data Protection Regulation (GDPR)80 introduced significant changes to the UK data privacy rules from May 2018. It has various implications for the storage and processing of personal data81 associated with transactions in virtual currencies, particularly for cryptocurrencies and other virtual currencies that use distributed ledger or blockchain technology.

A detailed discussion of GDPR goes beyond the scope of this chapter. However, the decentralised and immutable nature of a blockchain means that particular technical or practical solutions may be needed to comply with GDPR requirements in this context, such as the requirement to delete or anonymise personal data when it is no longer needed,82 and the rights of individuals to require correction, to be forgotten and to object to the processing of their data.83

ii Application of the Prudential Regulation Authority Fundamental Rules and individual conduct rules to unregulated business

Another consideration for firms regulated by the Prudential Regulation Authority (PRA) is whether broad PRA Fundamental Rules may apply even in relation to unregulated areas of their business, such as trading in or offering services relating to cryptocurrencies.

In June 2018, the PRA issued a Dear CEO letter indicating that PRA-regulated firms should have regard to the PRA's Fundamental Rules 3, 5 and 7 in the context of existing or planned exposures to crypto assets. These rules require firms to act in a prudent manner, to have effective risk strategies and risk management systems, and to deal with the PRA in an open and cooperative way and to disclose to the PRA anything of which it would reasonably expect notice.84

Similarly, most staff at firms regulated by both the PRA and FCA are required to comply with the FCA's Individual Conduct Rules, including a requirement to observe proper standards of market conduct.85 These Individual Conduct Rules apply in respect of both regulated and unregulated activities.86

iii Other legal and regulatory considerations

There are myriad other legal and regulatory issues and considerations that are or may be relevant in the context of virtual currencies. These include intellectual property (and whether, for example, a private key is intellectual property), cybersecurity, consumer protection laws (including in relation to unfair terms and distance selling requirements), outsourcing requirements, sanctions and conflicts of laws analysis.

xi Looking ahead

i Treasury Committee digital currencies inquiry

In February 2018, the House of Commons Treasury Committee launched an inquiry into the use of digital currencies and distributed ledger technology in the UK.87 The inquiry had three main areas of focus, namely:

  1. the role of digital currencies in the UK, including the opportunities and risks they bring;
  2. the potential impact of distributed ledger technology on financial institutions and financial infrastructure, including the Bank of England; and
  3. the UK regulatory response to digital currencies, and how this should balance the need to protect businesses and consumers without stifling innovation.

The UK regulators and various market actors submitted evidence to the enquiry, and the Treasury Committee published a report setting out its conclusions and recommendations from the inquiry in September 2018.88 The Treasury Committee strongly recommended that regulation of crypto assets should be introduced, covering consumer protection and AML risks at a minimum. The report also called on the government and regulators to evaluate further the risks of crypto assets and consider whether their growth should be encouraged through a proportionate regulatory response.

ii Fifth EU Money Laundering Directive

The fifth EU Money Laundering Directive (MLD5)89 will bring cryptocurrency wallet providers and exchange platforms within the scope of the EU anti-money laundering framework from 10 January 2020.90

Among other things, MLD5 will require these entities to have in place policies and procedures to detect, prevent and report money laundering and terrorist financing. MLD5 will also introduce registration or licensing requirements for virtual currency exchange platforms and custodian wallet providers that safeguard private cryptographic keys, potentially bringing these entities within the scope of regulation for the first time.

iii ICOs and the EU Crowdfunding Regulation

The European Parliament is considering introducing provisions to regulate ICOs as part of the proposed Crowdfunding Regulation, which is currently making its way through the EU ordinary legislative process.91

These draft provisions would establish an authorisation and EU-wide passporting regime for crowdfunding platform providers who 'act as an intermediary between an entity issuing tokens via an ICO using a counterparty and investors'.92 The draft Regulation would apply only to primary sales of coins or tokens, and would not apply to private placements, ICOs where there is no counterparty issuing coins or tokens, and ICOs raising more than €8 million.

While the Crowdfunding Regulation and proposed amendments are not yet finalised, this does indicate the likely direction of legislative travel: that is, seeking to regulate (rather than prohibit) ICOs in the EU and in the UK.93


Footnotes

1 Peter Chapman is a senior associate and Laura Douglas is a senior associate (professional support lawyer) at Clifford Chance LLP. The authors would like to thank Kate Scott and David Harkness for their contributions to Sections VIII and IX of this chapter.

2 A Consumer Warning about the Risks of Initial Coin Offerings published by the FCA on 12 September
2017, available at https://www.fca.org.uk/news/statements/initial-coin-offerings.

3 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU.

4 Directive 2003/71/EC of the European Parliament and of the Council of 4 November 2003 on the prospectus to be published when securities are offered to the public or admitted to trading and amending Directive 2001/34/EC. Regulation (EU) 2017/1129 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market repeals, and replace the PD with effect from 21 July 2019 (other than a few provisions that have already been repealed).

5 Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49EC, and Regulation (EU) No. 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/2012.

6 Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC.

7 Section 19 FSMA.

8 Section 22 FSMA.

9 FCA Feedback Statement on Distributed Ledger Technology (December 2017), available at https://www.fca.org.uk/publications/feedback-statements/fs17-4-distributed-ledger-technology.

10 See, for example, the FCA's Feedback Statement on Distributed Ledger Technology.

12 See the FCA Statement on Cryptocurrency Derivatives. MiFID financial instruments form a sub-set of specified investments under the RAO.

13 Paragraph 6 of the FCA's written submission to the House of Commons Treasury Committee digital currencies inquiry, published 22 May 2018, available at http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/treasury-committee/digital-currencies/written/81677.pdf.

14 Article 3(1) RAO.

15 Article 76 RAO.

16 Articles 77, 77A and 78 RAO.

17 Article 79 RAO.

18 Article 80 RAO.

19 Article 81 RAO.

20 Article 82 RAO.

21 Articles 82A and 82B RAO.

22 Article 89 RAO.

23 Articles 14 and 21 RAO.

24 Article 25 RAO.

25 Section 102A(3) FSMA.

26 Article 4(1)(44) MiFID 2. For this purpose, the European Commission defines instruments of payment as 'securities which are used only for the purposes of payment and not for investment. For example, this notion usually includes cheques, bills of exchanges, etc.'. See Your Questions on MiFID, http://ec.europa.eu/internal_market/securities/docs/isd/questions/questions_en.pdf.

27 Question 115, Your Questions on MiFID, updated 31 October 2008, available at http://ec.europa.eu/internal_market/securities/docs/isd/questions/questions_en.pdf.

29 Glossary of the FCA Handbook, available at https://www.handbook.fca.org.uk/handbook/glossary/.

30 Paragraph 6 of the FCA's written submission to the House of Commons Treasury Committee digital currencies inquiry, available at http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/treasury-committee/digital-currencies/written/81677.pdf.

31 Article 51ZE RAO.

32 Section 235(1) FSMA.

33 Section 235(2) and (3) FSMA. PERG 9.4 of the Perimeter Guidance module of the FCA Handbook provides further guidance on the definition of a CIS and the Financial Services and Markets Act 2000 (Collective Investment Schemes) Order 2001 identifies certain types of arrangements that do not amount to a CIS.

34 Note that the UK concept of a CIS is generally understood to encompass the EU-wide concept of a CIU, in keeping with the principle that the UK regulatory perimeter is wide enough to encompass relevant EU regulatory concepts and requirements.

36 Directive 2009/65/EC, as amended. It seems unlikely that virtual currencies would be structured so as to comply with the UCITS regime.

37 Article 51ZC RAO. Note that Article 51ZG RAO provides that the operator of a CIS that is also an AIF will not be carrying on a regulated activity under Article 51ZE RAO, provided that the AIF is managed by a person that is authorised or registered to do so. Article 51ZG RAO also provides a similar exclusion for operators of CIS that are UCITS.

38 Article 5 RAO.

39 Article 63 EMRs and Article 9B RAO for credit institutions, credit unions and municipal banks.

40 Regulation 138 PSRs.

41 Part 1, Schedule 1 PSRs.

42 A payment service by a payment service provider contracting with a payer to provide a payment instrument to initiate payment orders and to process the payer's payment transactions (Article 2(1) PSRs).

43 A payment service provided by a payment service provider contracting with a payee to accept and process payment transactions that result in a transfer of funds to the payee (Article 2(1) PSRs).

44 A service for the transmission of money (or any representation of monetary value), without any payment accounts being created in the name of the payer or the payee, where funds are received from a payer for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee; or funds are received on behalf of, and made available to, the payee (Article 2(1) PSRs).

45 An online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider (Article 2(1) PSRs).

46 An online service to provide consolidated information on one or more payment accounts held by the payment service user with another payment service provider, or with more than one payment service provider, and includes such a service whether information is provided in its original form or after processing; or only to the payment service user or to the payment service user and to another person in accordance with the payment service user's instructions (Article 2(1) PSRs).

47 Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. The MLR implement requirements of the fourth EU Money Laundering Directive (Directive (EU) 2015/849).

48 These activities are listed at Regulation 10 MLR, in respect of banks and financial institutions. Other relevant persons under the MLR include auditors, insolvency practitioners, external accountants and tax advisers, independent legal professionals, trust or company service providers, estate agents, high value dealers and casinos, as such terms are defined in the MLR (Regulation 8 MLR).

49 The categories of relevant persons under the MLR are defined by reference to their carrying on of relevant activities.

50 Regulations 18 and 19 MLR.

51 Regulations 28 MLR. Relevant persons must carry out customer due diligence when establishing a new business relationship and in certain other circumstances set out at regulation 27 MLR.

52 Parts 4 and 5 MLR.

53 The FCA took on this oversight role from January 2017, under the Oversight of Professional Body Anti-Money Laundering and Counter Terrorist Financing Supervision Regulations 2017.

54 The MLR create three criminal offences, of contravening a relevant requirement (regulation 86), prejudicing an investigation (regulation 87) and providing false or misleading information (regulation 88). Civil sanctions for breach of the MLR include fines, suspension or removal of authorisation, prohibitions on firms' senior managers and injunctions (regulations 76, 77, 78 and 80).

55 FCA 'Dear CEO' letter on Cryptoassets and Financial Crime, dated 11 June 2018, available at https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-cryptoassets-financial-crime.pdf.

56 Banks' defences against investment fraud: Detecting perpetrators and protecting victims, Financial Services Authority, June 2018, available at https://www.fca.org.uk/publication/archive/banks-defences-against-investment-fraud.pdf.

57 Articles 25D and 25DA RAO.

58 Article 3(1) RAO, which cross-refers to the definition at Article 4(22) MiFID 2.

59 Article 3(1) RAO, which cross-refers to the definition at Article 4(23) MiFID 2.

60 Article 36H RAO.

61 Articles 36H(9) and 60L RAO.

62 CP18/20: Loan-based ('peer-to-peer') and investment-based crowdfunding platforms: Feedback on our post-implementation review and proposed changes to the regulatory framework, available at https://www.fca.org.uk/publications/consultation-papers/cp18-20-loan-based-peer-peer-and-investment-based-crowdfunding-platforms-feedback-our-post.

63 Arranging is a specified activity under Article 25 RAO.

64 Section 85(1) FSMA. A prospectus is also required where an application is made for securities to be admitted to trading on a regulated market (such as the London Stock Exchange) under Section 85(2) FSMA. However, this is unlikely to be relevant for virtual currencies.

65 Article 14(1) RAO.

66 See the definition of selling at Article 3(1) RAO.

67 Also see FCA guidance at PERG 13.3, Q15A in the Perimeter Guidance sourcebook of the FCA Handbook, available at https://www.handbook.fca.org.uk/handbook/PERG/13/3.html .

68 Section 400(1) FSMA.

69 Section 380 FSMA.

70 Section 382 FSMA.

71 Section 26 FSMA.

72 Section 26(2) FSMA.

73 The English Court has this discretion under Section 28 FSMA.

74 Miliangos v. George Frank [1976] ACC 443.

75 Section 2 Fraud Act 2006.

76 Armstrong DLW GmbH v. Winnington Networks Ltd.

77 Your Response Ltd v. Datastream Business Media [2014] EWCA Civ 291.

78 OBG v. Allan [2007] UKHL 21.

79 CMOC v. Persons Unknown [2017] EWHC 3599 (Comm).

80 Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

81 i.e., information relating to an identified or identifiable natural person, such as a name or national identification number, Article 4(1) GDPR.

82 Article 5(1)(e) GDPR.

83 Articles 16, 17 and 21 GDPR.

84 Dear CEO letter on Existing or planned exposure to cryptoassets, published 28 June 2018, available at https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/letter/2018/existing-or-planned-exposure-to-crypto-assets.pdf. Conversely, following a consultation in November 2017 (CP17/37), the FCA confirmed in its July 2018 policy statement (PS18/18) that it would not extend application of Principle 5 of the FCA's Principles for Businesses, which requires authorised firms to observer proper standards of market conduct, to their unregulated activities. The policy statement is available at https://www.fca.org.uk/publication/policy/ps18-18.pdf.

85 Rule 5, Individual Conduct Rules, at COCON 2.1.5 R in the Code of Conduct module of the FCA Handbook, available at https://www.handbook.fca.org.uk/handbook/COCON/2/1.html.

86 Rules COCON 1.1.6 R and 1.1.7 R in the Code of Conduct module of the FCA Handbook, available at https://www.handbook.fca.org.uk/handbook/COCON/1/1.html.

89 Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU.

90 MLD5 entered into force on 9 July 2018. It requires EU member states to implement its provisions in national law by 10 January 2020. It is currently unclear whether the UK will implement these provisions in national law, as the UK is due to have left the EU before this date.

91 The Commission adopted its proposal for a regulation on European crowdfunding service providers in March 2018, available at https://ec.europa.eu/info/publications/180308-proposal-crowdfunding_en. The European Parliament's Committee on Economic and Monetary Affairs (ECON) sets out draft provisions to regulate ICOs in its draft report on the proposed Crowdfunding Regulation, published on 10 August, available at http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&reference=PE-626.662&format=PDF&language=EN&secondRef=02.

92 The proposal defines an ICO as 'a means raising funds from the public in a dematerialised way using coins or tokens that are put for sale for a limited time by a business or an individual in exchange for fiat or virtual currencies'.

93 The Crowdfunding Regulation will not apply until after March 2019 (i.e., after the UK is due to leave the EU) and so its requirements will not apply in the UK. However, Ashley Fox MEP, who drafted the ECON Committee report, is a British MEP. Therefore, it seems plausible that the UK may take an approach to regulating ICOs similar to the proposals in draft report.