I INTRODUCTION TO THE LEGAL AND REGULATORY FRAMEWORK

In the United Kingdom, the term 'cryptoasset' is defined in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) as 'a cryptographically secured digital representation of value or contractual rights that uses a form of distributed ledger technology (DLT) and can be transferred, stored or traded electronically'. Similarly, other UK regulatory rules and guidance generally use the term cryptoasset (rather than virtual currency) and so, where we refer in this chapter to virtual currencies, this should be understood as a reference to all types of cryptoassets (as well as e-money tokens).

At present, some (but not all) types of virtual currencies are regulated in the UK. In general, the structure and substantive characteristics of a virtual currency will determine whether or not it falls within the UK regulatory perimeter, and if so, which regulatory framework or frameworks will apply. In its Guidance on Cryptoassets,2 the UK Financial Conduct Authority (FCA) identifies three broad categories of virtual currencies, with the following features:

  1. Security tokens: virtual currencies with characteristics that mean they provide rights and obligations akin to traditional instruments such as shares, debentures or units in a collective investment scheme, meaning that they fall within the UK regulatory perimeter as 'specified investments' under the Financial Services and Markets Act 2000 (FSMA).
  2. E-money tokens: virtual currencies that meet the definition of electronic money (or e-money) under the Electronic Money Regulations 2011 (EMRs). Again, they fall within the UK regulatory perimeter as specified investments under the FSMA.
  3. Unregulated tokens: virtual currencies that are neither security tokens nor e-money tokens. They are not specified investments under the FSMA and so fall outside the UK regulatory perimeter (other than in relation to anti-money laundering-related requirements; see Section IV). They include virtual currencies that are not issued or backed by any central authority and are intended and designed to be used directly as a means of exchange, which the FCA refers to as exchange tokens but are often called cryptocurrencies. Unregulated tokens also include 'utility tokens', which grant holders access to a current or prospective service or product but exhibit features that would make them akin to securities. Utility tokens may be the same as or similar to reward-based crowdfunding.

In its Guidance, the FCA states that although it recognises these three broad categories of cryptoassets 'they may move between categories during their lifecycle' and assessing whether a particular virtual currency falls within the UK regulatory perimeter 'can only be done on a case-by-case basis, with reference to a number of different factors'. More generally, the Guidance sets out the FCA's views on when virtual currencies fall within the current UK regulatory perimeter. This Guidance is not binding on the courts but may be persuasive in any determination by the courts, for example when enforcing contracts.

i Questions to consider when identifying potentially applicable regulatory regimes

There are various ways in which market participants' activities relating to virtual currencies might be regulated in the UK. When analysing whether, and if so how, activities relating to a particular virtual currency may be regulated, it is helpful to consider the following questions:

  1. Might virtual currencies be transferable securities or other types of regulated financial instruments or investments?
  2. Might arrangements relating to the issuance of virtual currencies involve the creation of a collective investment scheme?
  3. Might virtual currencies give rise to deposit-taking, the issuance of electronic money or the provision of payment services?
  4. Might the issuance of virtual currencies or the operation of an exchange for virtual currencies be regulated as crowdfunding?
  5. Might the relevant activities concerning virtual currencies fall within the scope of the UK anti-money laundering legal and regulatory regime?

ii Interaction with EU financial services regulation and the impact of Brexit

The UK ceased to be a Member State of the European Union (EU) on 31 January 2020. The withdrawal agreement concluded by the UK and EU provides for a transition period scheduled to end on 31 December 2020, during which period EU-wide rules regulating the provision of financial services continue to apply in the UK. At the end of the transition period, the European Union (Withdrawal) Act 2018 (EUWA) provides for the 'onshoring' of EU financial services legislation that applies at that date into UK domestic law. The EUWA also grants the UK government powers to make statutory instruments remedying deficiencies in this retained EU legislation, with the aim of ensuring that the UK has a functioning statute book at the end of the transition period reflecting the fact that the UK is not (and will no longer be treated as) an EU Member State.

The 'onshored' versions of EU regulations (and UK legislation implementing the requirements of EU directives) will form part of domestic law in the UK after the end of the transition period. Therefore, the analysis of whether virtual currencies are regulated in the UK (including under applicable EU-wide regulatory frameworks) should not be affected by Brexit, at least in the short term.

II SECURITIES AND INVESTMENT SERVICES LAWS

The FSMA forms a cornerstone of the UK regulatory regime for financial services. Under Section 19 FSMA, a person must not carry on a regulated activity in the UK or purport to do so unless he or she is authorised or exempt.3 This is referred to as the general prohibition, breach of which is a criminal offence (see Section VIII.i).

A regulated activity is an activity of a specified kind that is carried on by way of business and relates to an investment of a specified kind.4 The Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO) sets out the kinds of activities and investments that are specified for this purpose. Therefore, a key question is whether some types of virtual currencies may be specified investments under the RAO, and if so, into which category or categories of specified investments they fall. In general, the answer to this question will depend on the substantive features of the virtual currency under consideration, and so a case-by-case analysis of the relevant fact pattern will be needed. However, we set out in subsection i some broad principles about how different types of virtual currencies are likely to be categorised under the UK regulatory regime. At a high level, the FCA has indicated exchange tokens (i.e., cryptocurrencies) and utility tokens are not regulated types of financial instruments, whereas activities relating to cryptocurrency derivatives and securities tokens are regulated. We also consider in subsection ii whether arrangements relating to the issue of virtual currencies could involve the creation of a collective investment scheme (CIS).

Even if virtual currencies are not specified investments under the RAO, firms carrying on activities relating to virtual currencies may be subject to regulatory requirements discussed in the subsequent sections of this chapter.

i Categories of virtual currencies and specified investments

Exchange tokens (cryptocurrencies) and cryptocurrency derivatives

The FCA has made various statements indicating that it does not consider exchange tokens (which it has sometimes referred to as cryptocurrencies or digital currencies) to fall within the UK regulatory perimeter for financial services, provided that they do not form part of other regulated products or services.5 In general, this means that cryptocurrencies are not considered to be specified investments under the FSMA.6

However, in April 2018, the FCA indicated that cryptocurrency derivatives may be financial instruments within the scope of the recast Markets in Financial Instruments Directive (MiFID II),7 even though cryptocurrencies themselves are not regulated financial instruments in the UK.8 In this statement, the FCA indicated that cryptocurrency derivatives include futures, options and contracts for difference referencing cryptocurrencies or tokens issued through an ICO. While the FCA statement is not definitive (and a case-by-case factual analysis would be needed), this means that firms would likely need to be authorised under the FSMA to deal in, advise on or arrange transactions in cryptocurrency derivatives, or provide any other regulated services relating to cryptocurrency derivatives in the UK.

In its April 2018 statement, the FCA also indicated that it does not consider cryptocurrencies to be currencies or commodities for regulatory purposes under MiFID II. This is relevant for assessing which regulatory rules would apply to cryptocurrency derivatives, as specific rules apply to certain categories of derivatives, such as commodity derivatives or derivatives where the underlying is a currency or a regulated financial instrument.

Security tokens

In its Guidance on Cryptoassets, the FCA describes security tokens as virtual currencies that constitute specified investments under the RAO, excluding e-money tokens (see Section III.ii for a discussion of e-money tokens). In many cases, security tokens are likely to fall within the definition of 'securities' under the RAO, which are a subset of specified investments under the RAO. Further regulatory requirements also apply to virtual currencies that are transferable securities, such as the UK prospectus regime (see Section VII.i).

The FCA has indicated that at least some types of virtual currencies may be transferable securities, for example where blockchain is used as a distribution infrastructure for traditional securities. In particular, it identifies that traditional shares issued on a public blockchain may be transferable securities, and that some ICO tokens may 'amount to a transferable security more akin to regulated equity-based crowdfunding'.9

Meaning of securities

Broadly, the RAO defines securities as including:10

  1. shares;11
  2. bonds, debentures, certificates of deposit, and other instruments creating or acknowledging indebtedness;12
  3. warrants and other instruments giving entitlements to investments in shares, bonds, debentures, certificates of deposit, and other instruments creating or acknowledging indebtedness;13
  4. certificates representing certain securities: that is, certificates or other instruments that confer contractual or property rights in respect of certain types of securities held by another person and the transfer of which may be effected without the consent of that other person;14
  5. units in a CIS (see subsection ii for further detail on CIS);15
  6. rights under a stakeholder or personal pension scheme;16 and
  7. greenhouse gas and other emission allowances.17

The definition of securities also includes rights or interests in these types of investments (with some exceptions, such as in relation to occupational pensions schemes, which are not generally relevant to virtual currencies).18

In its Guidance on Cryptoassets, the FCA provides a non-exhaustive list of factors that are indicative of a security token, including any contractual entitlement holders may have to share in profits or exercise control or voting rights in relation to the issuer's activities. Other factors may include the language used in relevant documentation, although the FCA notes that labels are not definitive and it is the substantive analysis that would determine whether or not a virtual currency is a security token.

Persons that carry on specified activities relating to securities tokens by way of business in the UK would therefore need to be authorised and have appropriate permissions under the FSMA. Relevant specified activities include dealing in (i.e., buying, selling, subscribing for or underwriting) securities as principal or as an agent,19 arranging transactions or making arrangements with a view to transactions in the securities.20

Meaning of transferable securities

If the substantive characteristics of a virtual currency mean that it falls within the definition of a security, it is also necessary to consider whether that security is transferable to identify the applicable regulatory requirements.

The definition of transferable securities under the FSMA21 cross-refers to MiFID II, which in turn defines transferable securities as 'those classes of securities which are negotiable on the capital market, with the exception of instruments of payment'.22

The European Commission has published various Q&As on this definition, which indicate that the concept of being negotiable on the capital market is to be interpreted broadly. In particular, the Commission states that '[i]f the securities in question are of a kind that is capable of being traded on a regulated market or MTF, this will be a conclusive indication that they are transferable securities, even if the individual securities in question are not in fact traded' but conversely, '[i]f restrictions on transfer prevent an instrument from being tradable in such contexts, it is not a transferable security'.23

The term 'capital market' is not defined for this purpose, but the Commission has indicated that the concept is broad, and is intended to include all contexts where buying and selling interests in securities meet.24 This could, therefore, include a cryptocurrency exchange. This means that those types of virtual currencies that are classed as securities are also likely to qualify as transferable securities where they are traded or capable of being traded on cryptocurrency or other exchanges. They would therefore fall within the prospectus regime (discussed in Section VII.i) and other regulatory requirements that apply specifically to transferable securities.

If security tokens are not negotiable on the capital market, for example due to contractual restrictions on transfer, they may nonetheless fall within the UK crowdfunding regime for non-readily realisable securities (see below and Section V.ii).

Non-readily realisable securities

In 2014, the FCA introduced regulatory rules relating to the promotion of non-readily realisable securities. The FCA defines a non-readily realisable security as a security that is not:

  1. a readily realisable security: this term includes government and public securities, and securities that are listed or regularly traded on certain exchanges – note that this concept is narrower than that of a transferable security;
  2. a packaged product: this includes units in a regulated CIS as well as certain insurance, pension and other products;
  3. a non-mainstream pooled investment: this includes units in an unregulated CIS, certain securities issued by a special purpose vehicle, and rights or interests to such investments; or
  4. certain types of shares or subordinated debt issued by mutual societies or credit unions.25

It is possible that some types of virtual currencies may be both transferable securities and non-readily realisable securities.

Utility tokens

Utility tokens are not regulated financial instruments in the UK. The FCA describes utility tokens as 'tokens representing a claim on prospective services or products' and explains that they are 'tokens that do not amount to transferable securities or other regulated products and only allow access to a network or product'.26 For example, this would include tokens that entitle the holder to access office space or to use certain software.

ii Could arrangements relating to the issue of virtual currencies involve the creation of a CIS?

Additional regulatory requirements will apply if arrangements relating to the issue of a virtual currency involve the creation of a CIS. Units in a CIS are specified investments under the RAO, and establishing, operating or winding up a CIS is a regulated activity under the FSMA (subject to the exclusions discussed below in 'Collective investment undertakings and alternative investment funds').27

Collective investment schemes

A CIS is defined as 'any arrangements with respect to property of any description, including money, the purpose or effect of which is to enable persons taking part in the arrangements (whether by becoming owners of the property or any part of it or otherwise) to participate in or receive profits or income arising from the acquisition, holding, management or disposal of the property or sums paid out of such profits or income'.28

In addition, the participants in a CIS must not have day-to-day control over the management of the property; and the arrangements must provide for the contributions of the participants and the profits or income to be pooled, or for the property to be managed as a whole by or on behalf of the operator of the scheme, or both.29

Virtual currency structures that do not involve an investment in underlying assets (such as cryptocurrencies) or that do not provide for participants to participate in or receive profits or income from a pool (such as utility tokens) would not generally fall within the definition of a CIS.

In some cases, it is possible that the issuer of a virtual currency will itself be a CIS, albeit that the virtual currency is not a unit, and holders of the virtual currency will not be unitholders in the CIS. This may arise, for example, where the issuer raises funds from issuing virtual currency and uses the funds raised to acquire assets or make other investments for the benefit of unitholders in the issuance vehicle (but not the holders of the virtual currency).

Collective investment undertakings and alternative investment funds

If a virtual currency is a CIS, it may also be a collective investment undertaking (CIU), an alternative investment fund (AIF), or both.

A CIU is an EU-wide concept that is similar but not identical to that of a CIS.30 The European Securities and Markets Authority (ESMA) has issued guidelines on the characteristics of a CIU, which provide that an undertaking will be a CIU where:

(a) the undertaking does not have a general commercial or industrial purpose; (b) the undertaking pools together capital raised from its investors for the purpose of investment with a view to generating a pooled return for those investors; and (c) the unitholders or shareholders of the undertaking – as a collective group – have no day-to-day discretion or control. The fact that one or more but not all of the aforementioned unitholders or shareholders are granted day-to-day discretion or control should not be taken to show that the undertaking is not a collective investment undertaking.31

An AIF is a CIU that raises capital from a number of investors with a view to investing it in accordance with a defined investment policy for the benefit of those investors, and that does not require authorisation under the Undertakings for Collective Investment in Transferable Securities Directive.32

In general, a substantive analysis would be required to determine whether a particular virtual currency may be an AIF. If so, the virtual currency would need an authorised or regulated manager (AIFM) that would be responsible for compliance with the UK regulatory requirements applicable to AIFs and AIFMs. Managing an AIF is a regulated activity under the FSMA.33

III BANKING AND MONEY TRANSMISSION

In the UK, a number of banking activities should be considered in the context of virtual currencies, including whether any activities performed in connection with virtual currencies might give rise to the acceptance of deposits, the issuance of electronic money or the performance of payment services.

i Accepting deposits

Accepting deposits in the UK is a regulated activity for the purposes of the FSMA if money received by way of deposit is lent to others or any other activity of the person accepting the deposit is financed wholly, or to a material extent, out of the capital of or interest on money received by way of deposit.34

For these purposes, a deposit is defined as a sum of money paid on terms:

  1. under which it will be repaid, with or without interest or premium, and either on demand or at a time or in circumstances agreed by or on behalf of the person making the payment and the person receiving it; and
  2. that are not referable to the provision of property (other than currency) or services or the giving of security.

Typically, virtual currencies would not give rise to deposit-taking activity, as issuing virtual currencies does not usually involve the deposit of a sum of money to the issuer (assuming there is an issuer); virtual currencies would often be issued on receipt of other cryptocurrencies. Even if the other cryptocurrencies were to be treated as money, they are rarely issued on terms under which they would be repaid to the holder.

ii Electronic money

The issuance of electronic money is also a regulated activity in the UK.35 It is a criminal offence to issue electronic money without the appropriate authorisation.

Under the EMRs, electronic money is defined as electronically (including magnetically) stored monetary value as represented by a claim on the electronic money issuer that is issued on receipt of funds for the purpose of making payment transactions; is accepted as a means of payment by persons other than the issuer; and is not otherwise excluded under the EMRs.

A key characteristic for a product to be electronic money is that it must be issued on receipt of funds (i.e., it is a prepaid product whereby a customer pays for the spending power in advance).

In general, cryptocurrencies are unlikely to give rise to the issuance of electronic money as they do not typically give rise to stored monetary value (the value of cryptocurrencies is often highly volatile, determined by market forces, and is not related to any specific currency). Furthermore, most cryptocurrencies do not give holders a contractual right of claim against an issuer of the relevant cryptocurrency, are not issued on receipt of funds and (with some exceptions) are not usually issued for the purpose of making payment transactions.

However, there are some types of virtual currencies that do function much like electronic money. The FCA refers to virtual currencies that meet the definition of electronic money under the EMRs as e-money tokens in its Guidance on Cryptoassets. In particular, stablecoins are specifically designed to maintain value and are often pegged to underlying assets, including currencies such as the US dollar. If a stablecoin is issued on receipt of fiat currency, such as US dollars, and represents a claim on the issuer such that a holder may be entitled to redeem that stablecoin for fiat currency, this may well constitute the issuance of electronic money by the issuer.

However, in its Guidance on Cryptoassets, the FCA notes stablecoins may be structured and stabilised in different ways, which may impact their regulatory characterisation. For example, some types of stablecoins may be crypto-collateralised, asset-backed or algorithmically stabilised. The FCA notes that, depending on how it is structured, a stablecoin 'could be considered a unit in a collective investment scheme, a debt security, e-money or another type of specified investment. It might also fall outside of the FCA's remit. Ultimately, this can only be determined on a case-by-case basis.'

iii Payment services

The provision of payment services in the UK is regulated under the Payment Services Regulations 2017 (PSRs). It is a criminal offence to provide payment services without the appropriate authorisation or registration.36

Payment services comprise the following activities when carried out as a regular occupation or business activity in the UK:37

  1. services enabling cash to be placed on a payment account and all of the operations required for operating a payment account;
  2. services enabling cash withdrawals from a payment account and all of the operations required for operating a payment account;
  3. the execution of payment transactions, including transfers of funds on a payment account with a user's payment service provider or with another payment service provider, including:
    • execution of direct debits, including one-off direct debits;
    • execution of payment transactions through a payment card or a similar device; and
    • execution of credit transfers, including standing orders;
  4. the execution of payment transactions where the funds are covered by a credit line for a payment service user, including:
    • execution of direct debits, including one-off direct debits;
    • execution of payment transactions through a payment card or a similar device; and
    • execution of credit transfers, including standing orders;
  5. issuing payment instruments38 or acquiring payment transactions;39
  6. money remittance;40
  7. payment initiation services;41 and
  8. account information services.42

There are, however, a number of exclusions listed in Part 2 of Schedule 1 PSRs (activities that do not constitute payment services), including exemptions similar to the limited network exclusion and the electronic communications exclusion described above in relation to the issuance of electronic money.

The PSRs define 'funds' for these purposes as including banknotes and coins, scriptural money and e-money. Therefore, provision of payment services (such as execution of payment transactions) with respect to virtual currencies that qualify as e-money would be regulated under the PSRs. Other types of virtual currencies (such as cryptocurrencies) would not qualify as funds under the PSRs.

Nevertheless, transactions or remittance services involving both fiat currency (or e-money) and cryptocurrencies may involve the provision of regulated payment services under the PSRs. One such example may be where a cryptocurrency is used as an intermediary currency in money remittance, for instance, converting fiat currency into a digital currency and then back into a different fiat currency to transmit to the recipient (e.g., pounds sterling to Bitcoin to US dollar transactions).

As noted above, money remittance is a regulated payment service, and the interposition of a cryptocurrency in the remittance process would not mean that such a service ceases to be characterised as a regulated payment service; rather it will continue to be treated as a regulated payment service. That said, however, the interposition of a cryptocurrency into a money remittance process does not necessarily make the cryptocurrency itself a regulated financial product or mean its exchange for fiat currency would always constitute a regulated payment service. In its draft Guidance on Cryptoassets,43 the FCA explained that '[t]he PSRs cover each side of the remittance, but do not cover the use of cryptoassets in between which act as the vehicle for remittance.' In general, the arrangements and services offered by persons using such cryptocurrencies need to be considered holistically to determine whether, notwithstanding the use of a cryptocurrency, those persons may be engaging in regulated payment services.

IV ANTI-MONEY LAUNDERING

i Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

The MLRs apply to 'relevant persons', including banks, other financial institutions and (from 10 January 2020) firms carrying on certain cryptoasset-related activities in the UK by way of business, referred to as 'cryptoasset exchange providers' and 'custodian wallet providers'.

Cryptoasset exchange providers are firms that exchange, arrange or make arrangements with a view to the exchange of money (i.e., fiat currency) and cryptoassets, or of one cryptoasset for another, or that operate a machine that utilises automated processes to exchange cryptoassets for money or money for cryptoassets. Custodian wallet providers are firms that provide services to safeguard, or to safeguard and administer, cryptoassets or private cryptographic keys on behalf of its customers, or to hold, store and transfer cryptoassets. The MLRs include a broad definition of 'cryptoasset' for this purpose, which is a cryptographically secured digital representation of value or contractual rights that uses a form of DLT and that can be transferred, stored or traded electronically.44

Cryptoasset exchange providers and custodian wallet providers must be registered with the FCA in order to carry on their business (subject to a transitional period running until 10 June 2021 for businesses in operation before 10 January 2020). They must also comply with ongoing obligations under the MLRs, including requirements to:

  1. take appropriate steps to identify and assess the risks of money laundering and terrorist financing to which the business is subject, and establish and maintain policies, controls and procedures to mitigate and manage effectively such risks;45 and
  2. carry out customer due diligence to identify customers, verify customers' identities, and assess the purpose and intended nature of a business relationship or transaction.46

The MLRs also include requirements relating to record keeping and identification of beneficial ownership.47

Banks and other financial institutions are subject to the requirements of the MLRs when they are carrying on certain listed activities48 but not in respect of other (unregulated) business or activities.49 Therefore, banks and other financial institutions carrying on activities relating to virtual currencies may need to carry out a factual analysis to determine whether these business activities or transactions fall within the scope of the MLRs as a listed activity or whether the firm is acting as a cryptoasset exchange provider or custodian wallet provider in this context (and so may be subject to the requirements of the MLRs applicable to cryptoasset exchange providers and custodian wallet providers). This analysis may depend on whether the virtual currency qualifies as e-money or another type of regulated financial instrument.

The FCA is responsible for overseeing supervision of the UK's anti-money laundering (AML) regime under the MLRs by banks, other financial services institutions,50 cryptoasset exchange providers and custodian wallet providers.51 Breach of the MLRs may carry both criminal and civil penalties.52

ii FCA 'Dear CEO' letter on cryptoassets and financial crime

The FCA has issued guidance to banks on how it expects firms to handle financial crime risks posed by cryptoassets, in its June 2018 Dear CEO letter. This letter defined 'cryptoassets' as 'any publicly available electronic medium of exchange that features a distributed ledger and a decentralised system for exchanging value'.53 This was the first guidance the FCA published specifically on how banks should address financial crime risks posed by cryptoassets or cryptocurrencies.

The letter stated that enhanced scrutiny may be necessary where banks provide services to cryptoasset exchanges or clients whose source of wealth arises or is derived from cryptoassets, and where banks arrange, advise or participate in an ICO. The FCA also reminded banks of its 2012 review54 of bank defences against investor fraud, noting that retail customers may be at heightened risk of falling victim to fraud where they invest in ICOs.

V REGULATION OF EXCHANGES

Virtual currency exchanges are likely to be cryptoasset exchange providers subject to FCA registration and ongoing AML-related requirements under the MLRs (as discussed in Section IV). In some cases, other regulatory rules may apply to virtual currency exchanges depending on the regulatory characterisation of the types of virtual currencies that are traded on the exchange.

i Exchanges for virtual currencies that are specified investments or MiFID financial instruments (or both)

The operator of an exchange on which virtual currencies qualifying as transferable securities or other MiFID financial instruments can be traded may need to be authorised under the FSMA as the operator of a multilateral trading facility (MTF) or an organised trading facility (OTF).55

An MTF is 'a multilateral system . . . which brings together multiple third-party buying and selling interests in financial instruments – in the system and in accordance with non-discretionary rules – in a way that results in a contract'.56

The definition of an OTF is similar, but it relates only to trading of non-equity instruments (i.e., bonds, structured finance products, emission allowances and derivatives), and an OTF does not need to have non-discretionary rules setting out how buying and selling interests are to be matched.57

Depending on the way in which the exchange or trading platform operates, the operator may also be carrying on other regulated activities under the FSMA, such as dealing in investments as a principal or agent, arranging deals in investments or making arrangements with a view to investments, sending dematerialised instructions, managing investments or safeguarding and administering investments.

ii Operators of crowdfunding platforms

In the UK, some but not all types of crowdfunding or peer-to-peer financing fall within the regulatory perimeter.

Operating a loan-based or investment-based crowdfunding platform is generally regulated under the FSMA, as discussed below. Depending on how the platform operator structures its business, in some cases it may also be managing a CIU, in which case it will be subject to requirements that apply to AIFMs (see Section II.ii, 'Collective investment undertakings and alternative investment funds').

The FCA also regulates payment services relating to other types of crowdfunding, such as donation-based crowdfunding (i.e., where people give money to businesses or organisations they want to support).

Operating a loan-based crowdfunding platform

Operating a loan-based crowdfunding platform has been regulated under the FSMA since 1 April 2014 through the introduction of a new regulated activity of 'operating an electronic system in relation to lending'.58

Loan-based crowdfunding platforms allow investors to extend credit directly to consumers or businesses to make a financial return from interest payments and the repayment of capital over time. For this purpose, credit includes a cash loan and any other form of financial accommodation.59

Some types of virtual currencies may involve the provision of credit, so an exchange that operates an electronic system enabling it to bring issuers of such virtual currencies and investors together may need to be authorised under the FSMA and have permission to operate an electronic system in relation to lending.

In June 2019, the FCA published new rules for loan- and investment-based crowdfunding platforms, including in relating to platforms' governance, systems and controls, and wind-down plans. The new rules also aim to better protect investors by introducing minimum information requirements, an investment limit for retail customers and a requirement for platforms to assess investors' knowledge and experience where they have not received advice. Most of these new requirements apply from 9 December 2019.60

Operating an investment-based crowdfunding platform

Operating an investment-based crowdfunding platform where consumers invest in securities issued by newly established businesses is regulated, as the platform operator will be arranging for others to buy those securities.61

Therefore, an exchange on which securities tokens can be traded may be subject to FCA rules relating to operating an investment-based crowdfunding platform. As indicated in Section II.i, specific regulatory rules apply to the promotion of non-readily realisable securities.

VI REGULATION OF MINERS

There is no specific UK regulatory regime that would capture the activities of miners.

As virtual currencies that are mined are likely to be cryptocurrencies (or other types of virtual currencies that are not regulated financial instruments in the UK), it therefore seems less likely that the activities of miners would be regulated.

However, in some cases, a more detailed factual analysis may be needed as to whether miners' activities involve them carrying on a regulated activity in the UK by way of business for the purposes of the FSMA or under the PSRs or EMRs (as discussed in Sections II and III) or whether their activities may mean they fall within the definition of a cryptoasset exchange provider subject to FCA registration and ongoing AML-related requirements under the MLRs (as discussed in Section IV).

VII REGULATION OF ISSUERS AND SPONSORS

Regulation will depend on the regulatory or legal characterisation of the virtual currency in question.

i Prospectus regime

A prospectus may be needed in respect of securities tokens or other types of virtual currency that are characterised as transferable securities.

An issuer of transferable securities must publish a prospectus where an offer of those securities is made to the public in the UK (unless an exemption applies). Breach of this requirement is a criminal offence.62

ii Underwriting or issuing security tokens as regulated activities

A sponsor may be carrying on the regulated activity of dealing in investments as principal to the extent that it underwrites an issue of securities tokens63 or may be 'arranging' the transaction even if it is not underwriting the issuance of security tokens.64 In this case, the sponsor would need to be authorised and have relevant permissions under the FSMA.

A sponsor's activities with respect to an issuance of securities tokens or unregulated virtual currencies may also fall within the scope of the definition of 'cryptoasset exchange provider' under the MLRs, to the extent that it is involved in arranging or making arrangements with a view to the exchange of money and cryptoassets, or of one cryptoasset for another. Therefore, the sponsor may need to be registered with the FCA as a cryptoasset exchange provider and comply with ongoing AML-related requirements under the MLRs (as discussed in Section IV).

It is also possible that the issuer of the securities tokens would be dealing in investments as principal (as the concept of selling includes issuing or creating securities).65 However, in many cases the issuer is unlikely to be carrying on this activity by way of business and so would not be carrying on a regulated activity for the purposes of Section 19 FSMA.66

iii Deposits, electronic money and payment systems

See Section III for a discussion about whether issuing a virtual currency may involve accepting deposits or issuing electronic money.

In addition, the Bank of England's Financial Policy Committee has indicated in a statement that 'global stablecoins' (such as Libra) could also become systemically important payment systems67 subject to recognition and Bank of England oversight under Part 5 of the Banking Act 2009.

iv AML requirements

In respect of an issuance of securities tokens or unregulated virtual currencies, the activities of both issuers and sponsors may also fall within the scope of the definition of 'cryptoasset exchange provider' under the MLRs. This is because the issuer is likely to be exchanging money and cryptoassets, or one cryptoasset for another as part of the issuance process. Similarly, the sponsor is likely to be arranging or making arrangements with a view to the exchange of money and cryptoassets, or of one cryptoasset for another. Therefore, the issuer and sponsor may need to be registered with the FCA as a cryptoasset exchange provider and comply with ongoing AML-related requirements under the MLRs.

VIII CRIMINAL AND CIVIL FRAUD AND ENFORCEMENT

Nefarious activity concerning virtual currencies has been well-publicised, whether ICOs alleged to be Ponzi schemes, in which 'investors' seek the return of their contributions; hacks of virtual currency exchanges; or theft of private keys or schemes seeking to defraud holders of their virtual currency via fake exchanges or wallets. In that context, virtual currencies give rise to a number of unique civil and criminal enforcement issues under English law, almost all of which are untested by the English courts.

We address below (1) the regulatory risks arising from unauthorised activities in relation to virtual currencies, and (2) certain liability and enforcement issues regarding virtual currencies, which arise in both the criminal and civil contexts. At the core of the latter is the debate around the correct private law characterisation of virtual currencies, and whether they can be characterised as money or property as a matter of English law. Such characterisation issues will need to be analysed for any type of virtual currency before determining whether any cause of action (at common law or in equity) is available.

i Regulatory enforcement with respect to virtual currencies

FCA enforcement issues

To the extent that an activity in relation to a virtual currency is a regulated activity and the firm engaged in those activities is authorised, it will be subject to the FCA's High Level Principles for Businesses and other Rules set out in the FCA Handbook in relation to its conduct of that regulated activity. The High Level Principles include the obligations to conduct business with integrity; to take reasonable steps to implement appropriate systems and controls; to observe proper standards of market conduct; to treat customers fairly; and to manage conflicts of interest appropriately. Breach of the Principles or underlying Rules may result in an enforcement investigation by the FCA resulting in a range of potential disciplinary sanctions, including financial penalty, restriction of business, suspension of authorisation and public censure. Individuals within the firm may also face liability under the applicable individual accountability regimes.

Firms whose activities bring them within scope of the MLRs face separate enforcement risks for breach of the requirements in the MLRs. These are strict liability requirements that may be treated by the FCA as civil or criminal infringements without the need to show any criminal intent. Again, individuals within the firm may also face liability where a breach of the rules by the firm has been committed through their actions or neglect.

Firms and individuals may face civil or criminal liability for market abuse in relation to virtual currencies that fall within the scope of the market abuse regime, regardless of whether the activities in question are regulated activities or within scope of the MLRs. So for example, publishing misleading information relating to a security token may result in liability for market manipulation, regardless of the status of the individual publishing the information. Similarly trading security tokens in an abusive manner, for example to ramp prices, may result in liability for market manipulation regardless of whether the person engaged in the trading is regulated. Market abuse may be treated as a civil offence punishable by a fine, or a criminal offence punishable by a fine or imprisonment, or both.

As noted above, to the extent that an activity in relation to a virtual currency is a regulated activity, failure to be authorised will be in breach of the general prohibition under Section 19 FSMA. Breach of the general prohibition is a criminal offence pursuant to Section 23 FSMA. Further, an officer of the company (including a director, chief executive, manager, secretary and shadow director) will also be guilty of a criminal offence where it was committed with his or her consent or as a result of his or her neglect.68 The penalty for an offence under Section 23 FSMA is imprisonment for two years or an unlimited fine, or both.

In parallel, the FCA is able to pursue civil remedies to seek injunctive relief against the party engaged in the unauthorised activity (and its officers) restraining the contravention and ordering them to take such steps as the English courts may direct to remedy it.69

The FCA also has the power to seek a restitution order if a person has contravened a relevant requirement under the FSMA (or been knowingly concerned in the contravention of such a requirement), and either profits have accrued to that person, or one or more persons have suffered a loss or been otherwise adversely affected (or both).70 Theoretically, that could amount to ordering an issuer to pay the FCA 'such sum as appears to the Court to be just'. The English courts may then direct the FCA to distribute such sum to primary or secondary purchasers of a virtual currency, as persons who have suffered a loss pursuant to Section 382 FSMA.

While the FCA has issued consumer warnings in relation to virtual currency risks, it has yet to publicly announce any enforcement action concerning virtual currencies or ICOs (unlike regulators in other jurisdictions, notably the Securities and Exchange Commission and the Commodity Futures Trading Commission in the United States).

Statutory remedies under the FSMA

An agreement made by an unauthorised person in breach of the general prohibition is unenforceable against the other contracting party.71 In addition, the contracting party has a statutory right to recover money or property paid or transferred under the agreement (where, if the transfer is a virtual currency, the private law characterisation issues are pertinent) or to be compensated for any resulting loss suffered by him or her, or both.72 The English courts can, however, exercise their discretion to uphold an otherwise unenforceable agreement, or order money and property paid or transferred to be retained where it is just and equitable to do so.73

ii Liability and enforcement issues regarding virtual currencies

Virtual currencies as money

Virtual currencies, unlike fiat currencies, do not embody units of account sanctioned by the state. Thus, the English courts will have to determine whether virtual currencies are money as a matter of statutory construction, or as a matter of private law. The point appears highly arguable, given that virtual currencies have many similar features to money (including their own unique unit of account, and as a store of value that can be transferred).

A related issue is whether it is possible to obtain a judgment in the English courts in a virtual currency. The English courts have previously determined that, as a matter of procedure, they can give judgments in a foreign currency (and not just sterling),74 and could be urged to give judgment in a virtual currency, perhaps by awarding delivery in specie rather than damages.

Virtual currencies as property

Civil liability

The private law characterisation of virtual currencies, and whether they can be characterised as property under English law, is important for determining whether or not a particular cause of action (at common law or in equity) is available in respect of a virtual currency. In particular, if virtual currencies can be treated as intangible property, restitutionary claims at common law or in equity are available to the lawful holder of title to such virtual currency, provided the virtual currency can be traced and the defendant identified.

This question has been the subject of debate in recent years, as virtual currencies do not fit neatly within the traditional categories of either choses in possession or choses in action. However, the UK Jurisdiction Taskforce of the LawTech Delivery Panel issued a statement in November 201975 indicating that cryptoassets are capable of being owned and transferred as property under English law.

While the legal statement itself is not binding, the private law characterisation of virtual currencies has also been considered by the English courts, notably in the case of AA v. Persons Unknown [2019] EWHC 3556 (Comm), where Mr Justice Bryan expressly considered the legal statement and agreed with its conclusions, holding in this case that Bitcoin was a form of property capable of being the subject of a proprietary injunction.

In the context of blockchain technology, while the location of a virtual currency can typically be established, the legal person behind the public key may be more difficult to identify. In CMOC v. Persons Unknown,76 the High Court demonstrated its ability to adapt to new technology (and the fraud associated with it), granting a without-notice freezing injunction against persons unknown when a company's email account was infiltrated and emails were fraudulently sent in the name of a senior individual, directing payments to be made out of the company's bank accounts. Accordingly, the possibility of seeking injunctive relief (which may be particularly useful where virtual currency exchanges are involved) remains open in relation to virtual currencies. The English courts have, in unreported cases, made disclosure orders requiring a defendant to disclose e-wallets under his or her control, in relation to claims for cryptocurrency.77

Criminal liability

Virtual currencies would also appear to be capable of falling within the definition of property under Section 4(1) of the Theft Act 1968, which covers 'money and all other property, real or personal, including things in action and other intangible property', opening the door to the prosecution of a theft of virtual currency under English law.

Depending on the facts, fraud concerning virtual currencies is capable of prosecution, either as common law conspiracy to defraud or under the Fraud Act 2006 (as fraud by false representation).78

IX TAX

There is no specific UK tax legislation applicable to cryptoassets, although two HMRC Policy Papers (in respect of individuals and businesses respectively) set out HMRC's view of the treatment based on normal principles.

i Individuals

Income tax

Receipt of cryptoassets from an employer will be treated as 'money's worth'. Income tax will fall due in respect of the sterling value of the cryptoassets at the time of receipt.

Where the cryptoassets are readily convertible assets (e.g., they are tradable on a recognised investment exchange), UK-resident employers will need to operate PAYE and Class 1 National Insurance in the usual way based on the value of the cryptoasset. If the cryptoassets are not readily convertible assets, the provision of the cryptoassets by UK-resident employers will be treated as a benefit in kind subject to Class 1A National Insurance contributions; PAYE will not operate but the employee must declare any amount received under the Self Assessment rules and will be liable to income tax on that income.

Origination of assets through cryptoasset mining may amount either to trading income or miscellaneous income.

Capital gains tax

Where cryptoassets are held as personal investments, holders will be liable to pay capital gains tax upon disposal. The ordinary rules concerning disposals, allowable costs and pooling apply.

Rarely, an individual may trade cryptoassets so frequently as to amount to a financial trade, in which case income tax rather than capital gains tax will fall due.

ii Businesses

The frequency, intention and level of organisation with which a business buys and sells exchange cryptoassets will determine whether it amounts to a trade. The same is also true of mining.

Corporation tax

Chargeable gains treatment of cryptoassets held by companies mirrors the capital gains tax analysis under subsection i.

For corporation tax purposes, HMRC does not consider any cryptoassets to be money or currency. They are therefore not subject to, for example, the foreign currency rules.

VAT

Supplies in the course of a trade priced in cryptoassets will be liable to VAT in the normal way as for supplies in any other currency.

Income received from cryptoasset mining will generally be outside the scope of VAT on the basis that the activity does not constitute an economic activity for VAT purposes. Income received by miners for other activities (e.g., the provision of verification services) will generally be exempt from VAT as falling within the category of transactions concerning payments, etc.

Exchanges of cryptoassets for traditional currencies are financial transactions and will generally be exempt from VAT.

Stamp taxes

Transfers of cryptoassets would need to meet the definition of 'stock or marketable securities' or 'chargeable securities' for stamp duty or stamp duty reserve tax to apply. Generally, cryptoassets do not meet these definitions, so neither tax will apply on such transfers.

Where cryptoassets are used as consideration for purchases of stock or marketable securities or chargeable assets, stamp duty reserve tax may apply. This is because chargeable consideration under stamp duty reserve tax is 'money or money's worth'; cryptoassets will count as money's worth. The same is true in respect of purchases of land in England and Northern Ireland under the stamp duty land tax rules. In contrast, it would appear that, because HMRC does not consider cryptoassets to be currency or money, they do not meet the definitions of money, debt or stock or marketable securities for stamp duty purposes so that (based on HMRC's current view) if used as consideration for a transfer of assets to which stamp duty on transfer applies, no stamp duty would be exigible.

iii Security tokens and utility tokens

The guidance in subsections i and ii applies in respect of exchange tokens. At least for the taxation of individuals, HMRC considers that similar principles are applicable in respect of security tokens and utility tokens. However, HMRC has indicated that it will issue more detailed guidance on these kinds of tokens in the future.

X OTHER ISSUES

i Data protection

The EU General Data Protection Regulation (GDPR)79 introduced significant changes to the UK data privacy rules from May 2018. It has various implications for the storage and processing of personal data80 associated with transactions in virtual currencies, particularly for cryptocurrencies and other virtual currencies that use distributed ledger or blockchain technology.

A detailed discussion of GDPR goes beyond the scope of this chapter. However, the decentralised and immutable nature of a blockchain means that particular technical or practical solutions may be needed to comply with GDPR requirements in this context, such as the requirement to delete or anonymise personal data when it is no longer needed,81 and the rights of individuals to require correction, to be forgotten and to object to the processing of their data.82

ii Financial promotions

Under Section 21 FSMA, a person must not communicate an invitation or inducement to engage in investment activity in the course of business unless that person is authorised under the FSMA or the content of the communication is approved by an authorised person. This may include promotions relating to virtual currencies. Breach of Section 21 FSMA is a criminal offence.

In its draft Guidance on Cryptoassets, the FCA indicates that it expects market participants to 'apply the financial promotion rules and communicate financial promotions for products and services, whether regulated or unregulated, in a way which is clear, fair and not misleading'. Regulated firms must also make clear in their promotions whether they relate to regulated or unregulated products and activities and must not suggest that their authorisation extends to unregulated products.

iii Application of regulatory rules to unregulated business

Regulated firms should also consider the extent to which regulatory rules and principles apply even in relation to unregulated areas of their business, such as trading in or offering services relating to cryptocurrencies.

For example, in June 2018, the Prudential Regulation Authority (PRA) issued a Dear CEO letter indicating that PRA-regulated firms should have regard to the PRA's Fundamental Rules 3, 5 and 7 in the context of existing or planned exposures to cryptoassets. These rules require firms to act in a prudent manner, to have effective risk strategies and risk management systems, and to deal with the PRA in an open and cooperative way and to disclose to the PRA anything of which it would reasonably expect notice.83

In its draft Guidance on Cryptoassets, the FCA also highlighted that its Principles for Business 3, 4 and 11 generally apply to unregulated activities of authorised firms (although for Principle 3 this is limited to unregulated activities that may have a negative impact on the integrity of the UK financial system, or the ability of the firm to meet the suitability threshold condition). These principles require firms to: take reasonable care to organise and control their affairs responsibly and effectively, with adequate risk management systems; maintain adequate financial resources; and deal with the FCA in an open and cooperative way, and disclose to the FCA anything of which it would reasonably expect notice.

Similarly, most staff at firms regulated by both the PRA and FCA are required to comply with the FCA's individual conduct rules, including a requirement to observe proper standards of market conduct.84 The individual conduct rules apply in respect of both regulated and unregulated activities.85

iv Other legal and regulatory considerations

There are myriad other legal and regulatory issues and considerations that are or may be relevant in the context of virtual currencies. These include intellectual property (and whether, for example, a private key is intellectual property), cybersecurity, consumer protection laws (including in relation to unfair terms and distance selling requirements), outsourcing requirements, sanctions and conflicts of laws analysis.

XI LOOKING AHEAD

i HM Treasury consultations on virtual currencies and the regulatory perimeter

HM Treasury is expected to publish a consultation in summer 2020 exploring legislative change to potentially broaden the UK financial promotions regime to include further types of virtual currencies that are currently unregulated and so fall outside that regime.86

HM Treasury is also expected to publish a consultation later in 2020 or early 2021 on the broader regulatory approach to virtual currencies, including new challenges posed by stablecoins. This was one of the further actions recommended in the final report on the House of Commons Treasury Committee's inquiry into the use of digital currencies and DLT in the UK.87 UK policy developments with respect to stablecoins may also be informed by international developments in this area, such as the Financial Stability Board's consultation on recommendations to address the regulatory, supervisory and oversight challenges raised by 'global stablecoin' arrangements.88

ii FCA consultation on prohibiting retail investment products referencing certain cryptoassets

The FCA has consulted on a potential ban on the sale, marketing and distribution of derivatives and exchange traded notes referencing cryptoassets to retail clients.89 The outcome of this consultation is expected in the coming months and if the ban is introduced, it would replace the existing rules90 restricting how contracts for differences referencing cryptocurrencies are sold to retail clients.

iii Prudential treatment of virtual currencies

The prudential treatment of virtual currencies is not expressly specified under the current UK regulatory regime (or under related EU and international prudential standards). The PRA's Dear CEO letter published in June 2018 indicated that classification of virtual currency exposures for prudential purposes should reflect firms' comprehensive assessment of the risks involved and that firms should take these into account in their internal capital adequacy assessment process (for banks and designated investment firms) or own risk and solvency assessment (for insurers) where relevant.

However, looking ahead, the Basel Committee on Banking Supervision (BCBS) is considering the development of internationally agreed minimum standards for the prudential treatment for virtual currencies. The BCBS published an initial discussion paper in December 201991 and may consult further on the development of proposals to specify a prudential treatment of virtual currencies.


Footnotes

1 Laura Douglas is a senior associate knowledge lawyer at Clifford Chance LLP. The author would like to thank Kate Scott and David Harkness for their contributions to Sections VIII and IX of this chapter and Peter Chapman for his contributions to previous editions of the chapter.

2 Policy Statement PS19/22: Guidance on Cryptoassets published by the FCA on 31 July 2019, available at https://www.fca.org.uk/publications/policy-statements/ps19-22-guidance-cryptoassets.

3 Section 19 FSMA.

4 Section 22 FSMA.

5 See, for example, the FCA Feedback Statement on Distributed Ledger Technology (December 2017), available at https://www.fca.org.uk/publications/feedback-statements/fs17-4-distributed-ledger-technology and the FCA's Guidance on Cryptoassets.

6 See, for example, the FCA's Feedback Statement on Distributed Ledger Technology.

7 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments.

9 Paragraph 6 of the FCA's written submission to the House of Commons Treasury Committee digital currencies inquiry, published 22 May 2018, available at http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/treasury-committee/digital-currencies/written/81677.pdf.

10 Article 3(1) RAO.

11 Article 76 RAO.

12 Articles 77, 77A and 78 RAO.

13 Article 79 RAO.

14 Article 80 RAO.

15 Article 81 RAO.

16 Article 82 RAO.

17 Articles 82A and 82B RAO.

18 Article 89 RAO.

19 Articles 14 and 21 RAO.

20 Article 25 RAO.

21 Section 102A(3) FSMA.

22 Article 4(1)(44) MiFID II. For this purpose, the European Commission defines instruments of payment as 'securities which are used only for the purposes of payment and not for investment. For example, this notion usually includes cheques, bills of exchanges, etc.'. See Commission Questions and Answers on MiFID, https://ec.europa.eu/info/sites/info/files/business_economy_euro/banking_and_finance/documents/mifid-2004-0039-commission-questions-answers_en_0.pdf.

24 ibid.

25 Glossary of the FCA Handbook, available at https://www.handbook.fca.org.uk/handbook/glossary/.

26 Paragraph 6 of the FCA's written submission to the House of Commons Treasury Committee digital currencies inquiry, available at http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/treasury-committee/digital-currencies/written/81677.pdf.

27 Article 51ZE RAO.

28 Section 235(1) FSMA.

29 Section 235(2) and (3) FSMA. PERG 9.4 of the Perimeter Guidance module of the FCA Handbook provides further guidance on the definition of a CIS and the Financial Services and Markets Act 2000 (Collective Investment Schemes) Order 2001 identifies certain types of arrangements that do not amount to a CIS.

30 Note that the UK concept of a CIS is generally understood to encompass the EU-wide concept of a CIU, in keeping with the principle that the UK regulatory perimeter is wide enough to encompass relevant EU regulatory concepts and requirements.

32 Directive 2009/65/EC, as amended. It seems unlikely that virtual currencies would be structured so as to comply with the Undertakings for Collective Investment in Transferable Securities (UCITS) regime.

33 Article 51ZC RAO. Note that Article 51ZG RAO provides that the operator of a CIS that is also an AIF will not be carrying on a regulated activity under Article 51ZE RAO, provided that the AIF is managed by a person that is authorised or registered to do so. Article 51ZG RAO also provides a similar exclusion for operators of CIS that are UCITS.

34 Article 5 RAO.

35 Article 63 EMRs and Article 9B RAO for credit institutions, credit unions and municipal banks.

36 Regulation 138 PSRs.

37 Part 1, Schedule 1 PSRs.

38 A payment service by a payment service provider contracting with a payer to provide a payment instrument to initiate payment orders and to process the payer's payment transactions (Article 2(1) PSRs).

39 A payment service provided by a payment service provider contracting with a payee to accept and process payment transactions that result in a transfer of funds to the payee (Article 2(1) PSRs).

40 A service for the transmission of money (or any representation of monetary value), without any payment accounts being created in the name of the payer or the payee, where funds are received from a payer for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee; or funds are received on behalf of, and made available to, the payee (Article 2(1) PSRs).

41 An online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider (Article 2(1) PSRs).

42 An online service to provide consolidated information on one or more payment accounts held by the payment service user with another payment service provider, or with more than one payment service provider, and includes such a service whether information is provided in its original form or after processing; or only to the payment service user or to the payment service user and to another person in accordance with the payment service user's instructions (Article 2(1) PSRs).

43 Consultation Paper CP19/3 on Guidance on Cryptoassets published by the FCA on 23 January 2019, available at https://www.fca.org.uk/publication/consultation/cp19-03.pdf.

44 Note that this definition is similar to the Financial Action Task Force definition of 'virtual asset' and is broader than the definition used in the fifth EU Anti-Money Laundering Directive (EU) 2018/843.

45 Regulations 18 and 19 MLRs.

46 Regulation 28 MLRs. Relevant persons must carry out customer due diligence when establishing a new business relationship and in certain other circumstances set out at Regulation 27 MLRs.

47 Parts 4 and 5 MLRs.

48 These activities are listed at Regulation 10 MLRs, in respect of banks and financial institutions. Other relevant persons under the MLRs include auditors, insolvency practitioners, external accountants and tax advisers, independent legal professionals, trust or company service providers, estate agents, high value dealers and casinos, as such terms are defined in the MLRs (Regulation 8). Also see Section XI in relation to the future expansion of the scope of UK AML regulation to virtual currency exchanges and wallet providers.

49 The categories of relevant persons under the MLRs are defined by reference to their carrying on of relevant activities.

50 The FCA took on this oversight role from January 2017, under the Oversight of Professional Body Anti-Money Laundering and Counter Terrorist Financing Supervision Regulations 2017.

52 The MLRs create three criminal offences, of contravening a relevant requirement (Regulation 86), prejudicing an investigation (Regulation 87) and providing false or misleading information (Regulation 88). Civil sanctions for breach of the MLRs include fines, suspension or removal of authorisation, prohibitions on firms' senior managers and injunctions (Regulations 76, 77, 78 and 80).

53 FCA 'Dear CEO' letter on Cryptoassets and Financial Crime, dated 11 June 2018, available at https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-cryptoassets-financial-crime.pdf.

54 'Banks' defences against investment fraud: Detecting perpetrators and protecting victims', Financial Services Authority, June 2018, available at https://www.fca.org.uk/publication/archive/banks-defences -against-investment-fraud.pdf.

55 Articles 25D and 25DA RAO.

56 Article 3(1) RAO, which cross-refers to the definition at Article 4(22) MiFID II.

57 Article 3(1) RAO, which cross-refers to the definition at Article 4(23) MiFID II.

58 Article 36H RAO.

59 Articles 36H(9) and 60L RAO.

60 FCA Policy Statement PS19/14: Loan-based ('peer-to-peer') and investment-based crowdfunding platforms: Feedback to CP18/20 and final rules, published 4 June 2019 and available at https://www.fca.org.uk/publications/policy-statements/ps19-14-loan-based-peer-to-peer-investment-based-crowdfunding-platforms-feedback-final-rules.

61 Arranging is a specified activity under Article 25 RAO.

62 Section 85(1) FSMA. A prospectus is also required where an application is made for securities to be admitted to trading on a regulated market such as the London Stock Exchange (Section 85(2) FSMA). However, this is unlikely to be relevant for virtual currencies.

63 Article 14(1) RAO.

64 Article 25(1) RAO.

65 See the definition of selling at Article 3(1) RAO.

66 Also see FCA guidance at PERG 13.3, Q15A in the Perimeter Guidance sourcebook of the FCA Handbook, available at https://www.handbook.fca.org.uk/handbook/PERG/13/3.html.

67 See the Bank of England Financial Policy Summary and Record, October 2019, available at https://www.bankofengland.co.uk/financial-policy-summary-and-record/2019/october-2019.

68 Section 400(1) FSMA.

69 Section 380 FSMA.

70 Section 382 FSMA.

71 Section 26 FSMA.

72 Section 26(2) FSMA.

73 The English courts have this discretion under Section 28 FSMA.

74 Miliangos v. George Frank [1976] ACC 443.

76 CMOC v. Persons Unknown [2017] EWHC 3599 (Comm).

77 'Identifying and tracing the origins and flows of cryptocurrency', Journal of International Banking and Financial Law, Volume 34(3), 2019, pp. 173–174.

78 Section 2 Fraud Act 2006.

79 Regulation (EU) 2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

80 i.e., information relating to an identified or identifiable natural person, such as a name or national identification number, Article 4(1) GDPR.

81 Article 5(1)(e) GDPR.

82 Articles 16, 17 and 21 GDPR.

83 Dear CEO letter on Existing or planned exposure to cryptoassets, published 28 June 2018, available at https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/letter/2018/existing-or -planned-exposure-to-crypto-assets.pdf. Conversely, following a consultation in November 2017 (CP17/37), the FCA confirmed in its July 2018 policy statement (PS18/18) that it would not extend application of Principle 5 of the FCA's Principles for Businesses, which requires authorised firms to observer proper standards of market conduct, to their unregulated activities. The policy statement is available at https://www.fca.org.uk/publication/policy/ps18-18.pdf.

84 Rule 5, Individual Conduct Rules, at COCON 2.1.5 R in the Code of Conduct module of the FCA Handbook, available at https://www.handbook.fca.org.uk/handbook/COCON/2/1.html.

85 Rules COCON 1.1.6 R and 1.1.7 R in the Code of Conduct module of the FCA Handbook, available at https://www.handbook.fca.org.uk/handbook/COCON/1/1.html.

86 As indicated in the Regulatory Initiatives Grid published in May 2020, available at https://www.fca.org.uk/publication/corporate/regulatory-intitiatives-grid.pdf.

89 FCA consultation CP19/22: Restricting the sale to retail clients of investment products that reference cryptoassets, available at https://www.fca.org.uk/publications/consultation-papers/cp19-22-restricting-sale- retail-clients-investment-products-reference-cryptoassets.

90 As set out in FCA Policy Statement PS19/18, available at https://www.fca.org.uk/publication/policy/ps19-18.pdf.