The Virtual Currency Regulation Review: Luxembourg
Introduction to the legal and regulatory framework
As a globally recognised financial centre with international outreach, Luxembourg has positioned itself as a world leader in the sphere of digital financial services and as a financial technology hub.2 It has always considered innovation to be an essential driver for the development of financial services and the financial sector in general. Having this mindset, by 2019 it had already adopted a law that clearly states that securities can be legally held and transferred through distributed ledger technologies,3 thus adding one more layer to its long tradition of 'innovation through law', of which legal certainty is one of the essential pillars. In 2021, the Luxembourg legislature introduced further innovation by adopting a law that expressly recognises the possibility of issuing dematerialised securities through distributed ledger technology such as blockchains.4 It was also the first country in Europe to license virtual currency exchange platforms as payment institutions.
If the issuing of virtual currencies as such is not subject to authorisation, the service provided by the intermediary – receiving funds from the buyer of Bitcoin to transfer them afterwards to the seller – is covered by the authorisation as a payment institution. This authorisation echoed the opinion of the Financial Sector Supervisory Commission (CSSF), which in 2014 was the first financial sector regulator that was in favour of the regulation of platforms for the exchange of virtual currencies when carrying out an activity of the financial sector.5 In a press release dated 14 February 2014, the CSSF considered that activities such as the issuing of means of payments in the form of virtual or other currencies, the provision of payment services using virtual or other currencies, and the creation of a market (platform) to trade virtual or other currencies are to be defined as being financial activities, and that any person wishing to become established in Luxembourg to carry out such an activity has to receive a ministerial authorisation. On 19 April 2016, the Minister of Finance authorised Bitstamp Europe SA, a platform allowing its clients to exchange Bitcoin, euros and US dollars. bitFlyer, a Japanese virtual currencies exchange platform, was granted a licence in January 2018.
A consumer warning on virtual currencies issued by the CSSF on 14 March 2018 reiterated this position by asserting that, even though there is currently no legal framework in Luxembourg that specifically applies to virtual currencies, it should be borne in mind that any provision of financial sector services by a natural or legal person requires an authorisation by the Minister of Finance.
In another consumer warning issued on the same date, on initial coin offerings (ICOs) and tokens, the CSSF acknowledged that raising funds from the public through ICOs is not subject to specific regulation and does not benefit from any guarantee or other form of regulatory protection. Furthermore, the CSSF considers that despite the lack of specific applicable regulations, activities related to ICOs or to the creation of tokens and the collection and raising of funds may be subject to certain legal provisions and thus to a number of supervisory requirements, depending on the activities' characteristics.6
The CSSF specifies in the warning that it will:
assess such fundraising activities by extending its analysis to the objectives pursued in order to assess whether it could be a scheme to circumvent or avoid financial sector regulations, notably the provisions of the Law of 10 July 2005 on prospectuses for securities and the Law of 5 April 1993 on the financial sector. The CSSF considers that for any fundraising, the initiators of such ICOs are required to establish anti-money laundering and terrorist financing procedures.
The Law of 25 March 2020 amending the Law of 12 November 2004 on Anti-Money Laundering and Counter-Terrorist Financing (the AML/CTF Law) introduced new registration and governance requirements for virtual asset service providers (VASPs) and provides legal definitions related to VASPs, virtual assets, virtual currencies, safekeeping or administration service providers and custodian wallet providers.
Hence, VASPs are entities providing for, or on behalf of, their customers, one or more of the following services:
- exchange between virtual assets and fiat currencies, including the service of exchange between virtual currencies and fiat currencies;
- exchange between one or more forms of virtual assets;
- transfer of virtual assets;
- safekeeping or administration of virtual assets or of instruments enabling control over virtual assets, including custodian wallet services; and
- participation in and the provision of financial services related to the offer of an issuer or the sale of virtual assets.7
In accordance with the AML/CTF Law, a 'virtual asset' means a digital representation of value, including a virtual currency, that can be digitally traded or transferred and can be used for payment or investment purposes, except for virtual assets that fulfil the conditions of electronic money within the meaning of point 29 of Article 1 of the Law of 10 November 2009 on Payment Services, as amended (the Law on Payment Services), and the virtual assets that fulfil the conditions of financial instruments within the meaning of point 19 of Article 1 of the Law of 5 April 1993 on the Financial Sector, as amended (the Law on the Financial Sector).8
The AML/CTF Law defines a 'virtual currency' as a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money but is accepted by persons as a means of exchange and can be transferred, stored and traded digitally.9
'Safekeeping or administration service provider' shall, in accordance with the AML/CTF Law, 'mean the safekeeping or administration service provider of virtual assets or instruments enabling control over virtual assets, including the service of wallet custody'.10
A 'custodian wallet service' is defined as a service to safeguard private cryptographic keys on behalf of customers, to hold, store and transfer virtual currencies.11
The AML/CTF Law designates the CSSF as the competent supervisory authority for virtual assets and VASPs. The CSSF's role in this context is limited to registration, supervision and enforcement for AML and CTF purposes only.12
In 2021, the first VASPs were registered in Luxembourg in the register established by the CSSF: these were bitFlyer and, shortly after, Swissquote Bank Europe SA.
Securities and investment laws
In its warning on ICOs, the CSSF has not provided for a classification of tokens or cryptocurrencies underlying ICOs as financial instruments or otherwise. The CSSF at the same time acknowledges that this type of activity might be subject to supervisory requirements in Luxembourg.
The CSSF warning is in line with the European Securities and Markets Authority (ESMA) position on ICOs.13 ESMA also considers that firms involved in ICOs must give careful consideration to whether their activities constitute regulated activities. If this is the case, firms have to comply with the relevant legislation and any failure to comply would constitute a breach.
Actors who would like to provide services related to tokens, be it dealing with tokens or publicly offering those tokens within a regulated financial framework, should be allowed to do so as long as all applicable legal requirements are fulfilled.
According to an ESMA paper dated November 2017, the features and purpose of coins or tokens vary across ICOs. Some coins or tokens serve to access or purchase a service or product that the issuer develops using the proceeds of the ICO. Others provide voting rights or a share in the future revenues of the issuing venture. Some have no tangible value. Some coins or tokens are traded or may be exchanged, or both, for traditional or virtual currencies at specialised coin exchanges after issuance.14
ICO campaigns are conducted online, using the internet and social media. The coins or tokens are typically created and disseminated using distributed ledger or blockchain technology. ICOs are used to raise funds for a variety of projects, including but not limited to businesses leveraging on a distributed ledger. Virtually anyone who has access to the internet can participate in an ICO.15
Commonly, the following three types of tokens can be identified within an ICO context:16
- Payment or cryptocurrency tokens: these are intended to be used, now or in the future, as a means of payment for acquiring goods or services, or as a means of money or value transfer. Cryptocurrencies give rise to no claims on their issuer.17 Payment tokens are subject to the Law on Payment Services.18
- Utility tokens: these provide access digitally to an application or service by means of a blockchain-based infrastructure.19
- Asset tokens: these represent assets such as a debt or equity claim on the issuer. Asset tokens promise, for example, a share in a future company's earnings or future capital flows. In terms of their economic function, therefore, these tokens are analogous to equities, bonds or derivatives. Tokens that enable physical assets to be traded on a blockchain also fall into this category.20
Taking as a starting point the CSSF's warning on ICOs, and in particular the statement that asset tokens might be subject to regulatory supervision in line with the position taken by several European countries with regard to ICOs,21 it is our view that, depending on the nature of the token, an ICO could, inter alia, fall within the scope of the Law on the Financial Sector, the amended Law of 30 May 2018 on Markets in Financial Instruments (the Law on Markets in Financial Instruments), the amended Law of 17 December 2010 on Undertakings for Collective Investment (the Law on Undertakings for Collective Investment) and the amended Law of 10 July 2005 on Prospectuses for Securities (the Law on Prospectuses for Securities).
We therefore consider that asset tokens need to be analysed with respect to the concept of financial instruments and the laws and regulations applicable thereto.22 Depending on its structure, a token may qualify as a transferable security or as a unit in a collective investment undertaking, or it could serve as the underlying asset for a derivative contract.
Tokenisation of securities in Luxembourg has been given a serious push by the legislator through the adoption of the Law of 1 March 2019 amending the Law of 1 August 2001 on the Circulation of Securities. In its new Article 18 bis, the Law on the Circulation of Securities provides that securities can be held using distributed ledger technologies and these technologies can also be used to register transfers. This Law was completed by the Law of 22 January 2021 amending the Law on the Financial Sector and the Law of 6 April 2013 on Dematerialised Securities, which expressly recognises the possibility of issuing dematerialised securities through distributed ledger technology such as blockchains.
i Transferable security
The Law on Markets in Financial Instruments23 defines transferable securities as those classes of securities that are negotiable on the capital market (with the exception of instruments of payment) such as:
- shares in companies and other securities equivalent to shares in companies, partnerships or other entities, and depositary receipts in respect of shares;
- bonds or other forms of securitised debt, including depositary receipts in respect of such securities; and
- any other securities giving the right to acquire or sell any such transferable securities or giving rise to a cash settlement determined by reference to transferable securities, currencies, interest rates or yields, commodities or other indices or measures.
According to this definition, if a token is transferable, negotiable and embodies certain rights, it can prima facie be defined as a security in the following situations.
- With regard to transferability, in its statement,24 the Finance Working Group of the Blockchain Bundesverband considers transferability to mean that units can be assigned to another person, irrespective of the existence of a certificate that registers or documents the existence of the units. These concepts can be applied mutatis mutandis for Luxembourg. The important point is that the transfer can be made and registered without the need for a written document.25
- Whether a token is negotiable needs to be analysed against the classical background of the negotiability of securities. Securities are negotiable, in particular, when they are traded on exchanges or platforms.26
- As to the rights attached to the tokens, these need to be share-type rights, bond-type rights or rights that allow for the acquisition or sale of the above-mentioned type of security or rights related thereto.
A three-factor test can be applied to a token to determine whether it qualifies as a security:27
- The first factor is related to the economic rationale behind the issuing of the token. Why is the token issued? What is the project behind it? Is it a business or economic project? What is the objective of the issuer?
- The second factor is related to the rights of the token owner. Are these share-type or bond-type rights?
- The third factor is linked to the purpose of the buyer or seller. Why is he or she buying the token? Is the holder participating in the profits made? Does he or she have an interest in the economic and financial development of the company or the project?
This test will be relevant and will assist in determining whether a token is a security. In practice, it could well be that the second and third factors (points (b) and (c) above) coincide in many instances.
The investment substance has to be considered. If in substance a token corresponds to a security and produces effects similar to those of a security, it has to be regulated like a security.28 It should not be possible to argue that, because of the innovative character of tokens and owing to their underlying technology, they would be exempted from complying with financial regulation, specifically (but not exclusively) with regard to investor protection and AML/CTF aspects.29 This is confirmed by the European Commission's draft proposal for a regulation on markets in cryptoassets (the MiCA regulation), which was adopted on 24 September 2020 and which explicitly excludes from its scope cryptoassets that qualify as financial instruments within the meaning of MiFID II.30
ii Unit in a collective investment undertaking
A token could also be structured in such a way as to qualify as a unit in an investment fund, as defined by the Law on Undertakings for Collective Investment. A token could also be based on or represent a unit in a collective investment undertaking.
iii Underlying asset for a derivative contract
In line with the ESMA paper, one of the conclusions of the qualification of tokens as financial instruments is that the firms involved in ICOs conduct regulated investment activities such as placing, dealing in or advising on financial instruments, or managing or marketing collective investment schemes.33
For instance, virtual currency exchange platforms that intend to allow trading of tokens, qualifying as financial instruments, on their platforms would need to be authorised as a multilateral trading facility under the Law on the Financial Sector.34
In conclusion, depending on the exact qualification of the token and on the financial service provided, the following laws may apply:
- the Law on Prospectuses for Securities;
- the Law on the Financial Sector;
- the Law on Markets in Financial Instruments;
- the Law on Undertakings for Collective Investment;
- the Law of 12 July 2013 on Alternative Investment Fund Managers, as amended; and
- the AML/CTF Law.
Banking and money transmission
A money remittance business equivalent to a money services business (MSB) in the United States is regulated in Luxembourg by the Law on Payment Services. Unlike MSBs in the United States, Luxembourg payment institutions are fully regulated.35
The AML/CTF Law applies to tokens as soon as they fall within the scope of financial sector regulation. Virtual currency exchange platforms also have to comply with the AML/CTF Law and, more specifically, with the requirements related to customer due diligence obligations, obligations of adequate internal organisation and the obligation to cooperate with the authorities.36
In 2020, an amendment to the AML/CTF Law brought VASPs into the scope of the AML/CTF Law.37 It should be noted that, in accordance with the AML/CTF Law, 'virtual asset' means a digital representation of value, including a virtual currency that can be digitally traded, transferred or used for payment or investment purposes, and that does not meet the conditions to be qualified as electronic money within the meaning of the Law on Payment Services or the conditions to be qualified as a financial instrument under the Law on the Financial Sector.38
According to the AML/CTF Law, VASPs that carry on activities other than the provision of payment services must be registered as a VASP with the CSSF. They must submit a request for registration to the CSSF, which must include information such as: the applicant's name; the address of its central administration; a description of the activities performed, in particular, a list of the types of virtual asset services envisaged and their relevant qualification; and a description of the money laundering and terrorist financing risks to which the applicant will be exposed and the internal control mechanisms established by the applicant to mitigate these risks and to comply with the professional obligations defined in the AML/CTF Law and in Regulation (EU) 2015/847 on information accompanying transfers of funds.39 This new requirement applies to VASPs that are either established in Luxembourg or provide their services in Luxembourg.
In its Communication of 9 April 2020, the CSSF requested that any entity that already offers any of the virtual asset services described by the AML/CTF Law, including any entity already licensed or registered by a competent authority and in particular any licensed financial institution, should:
- promptly notify the CSSF thereof by email;
- submit a registration file to the CSSF to be specifically registered as a VASP as soon as possible and at the latest by 30 May 2020; and
- comply with the professional obligations and the conditions described in the amended AML/CTF Law.
In addition, the same entity must have registered beforehand as a VASP and must comply with the professional obligations and the conditions described in the AML/CTF Law.
Regulation of exchanges
Virtual currency exchange platforms willing to establish in Luxembourg are required to obtain a licence as a payment institution. This requirement applies to platforms allowing for the exchange from virtual currencies to fiat currencies and vice versa. It is important to highlight that only the fund flows that qualify as payment services are subject to regulation.
All legal requirements under the Law on Payment Services apply, meaning that exchange platforms will have to submit an application to the CSSF for authorisation as a payment institution. The Law on Payment Services further requires that payment institutions, having been granted authorisation, need to comply on a permanent basis with the conditions of the authorisation and fulfil the requirements for reporting to the CSSF.
In addition, and as already mentioned in Section IV, according to the AML/CTF Law40 and the CSSF Communication dated 9 April 2020, exchange platforms must be registered as VASPs with the CSSF.
i Authorisation procedure
According to the Law on Payment Services, no person other than a payment service provider shall be allowed to provide payment services in Luxembourg.
Like any payment institution, exchange platforms providing for virtual-to-fiat currency exchanges (and vice versa) willing to establish in Luxembourg will have to provide the CSSF with all the information required by law and listed in the application for authorisation form published on the CSSF website and implementing the European Banking Authority Guidelines.41
The authorisation form requires applicants to submit:
- identification details;
- a programme of operations;
- a business plan;
- the structural organisation of the business;
- evidence of the initial capital; and
- measures to safeguard the funds of payment services users.
Additionally, applicants have to submit to the CSSF:
- their governance and internal control mechanisms;
- their procedure for monitoring, handling and following up on security incidents and security-related customer complaints; and
- a process for the filing, monitoring and tracking of, and the restricting of access to, sensitive payment data and business continuity arrangements.
The form also requires the submission of:
- the principles and definitions applicable to the collection of statistical data on performance, transactions and fraud;
- a security policy document; and
- internal control mechanisms for compliance with AML/CTF obligations.
Furthermore, the CSSF shall require information on persons with qualifying holdings in the applicant to allow the CSSF to proceed to assess the identity and suitability of the directors and persons responsible for the management of the payment institution. The identity of the statutory auditors also has to be provided.
The CSSF application form requires that the information provided by applicants is true, complete, accurate and up to date, and that the applicants comply with all the provisions of the application form.
The level of detail of the information provided has to be proportionate to the applicant's size and internal organisation, and to the nature, scope, complexity and risk of the services that the applicant intends to provide.
From a practical point of view, it needs to be emphasised that, because of the innovative character of the services provided by virtual currency exchange platforms (and particularly the distributed ledger technology underlying virtual currencies and the fact that pure virtual currency transfers are currently not monitored by public authorities within the European Union), providers of those services should pay particular attention to information technology (IT) and AML and CTF risks, and in general the risks linked to their product.
ii Post-authorisation requirements
Once a licence is granted, virtual currency exchange platforms must comply with the legal requirements set out by the Law on Payment Services on a permanent basis. Article 11 of this Law requires that, to ensure the sound and prudent management of a payment institution, it shall dispose for the performance of payment services of a robust internal governance arrangement that includes:
- a clear organisational structure with well-defined, transparent and consistent lines of responsibility;
- effective processes to identify, manage, monitor and report the risks they are or might be exposed to; and
- adequate internal control mechanisms, including sound administrative and accounting procedures as well as control and security arrangements for information-processing systems.
The arrangement, processes and mechanisms shall be comprehensive and proportionate to the nature, scale and complexity of the payment services provided by the payment institution.
Several CSSF circulars further define the obligations of a payment institution while operating in and out of Luxembourg.
Specific emphasis needs to be given to the requirement regarding entities' central administration. According to CSSF Circular 95/120, a payment institution must not only have a registered office in Luxembourg, but also has to have its central administration, including its decision-making centre and its head office, in Luxembourg. The Circular also explicitly requires that the persons responsible for the management, and the managers of various business and administrative functions or the various departments or divisions existing within the institution, in principle have to be permanently present on site as a matter of principle. On 9 April 2021, the CSSF also issued Circular CSSF 21/769,42 setting out governance and security requirements that must be respected when implementing telework solutions. With regard to governance requirements, the Circular specifies that:
Supervised Entities are required to maintain, at all times, a robust central administration in Luxembourg and to maintain sufficient substance in its premises, also in order to allow them to deal with emergencies and other time-critical issues in due time.
Notably, the CSSF circular requirements apply under normal general working conditions (i.e., not in crisis situations such as the covid-19 pandemic, nor in other exceptional circumstances with a comparable impact on general working conditions).
CSSF circulars also clarify the legal requirements with regard to the administrative and accounting organisation of a payment institution, as well as to its internal control and compliance functions, and outsourcing requirements.43
Particular attention needs to be paid by exchange platforms to the circulars relating to institutions' IT security and the security of internet payments. Payment institutions are authorised to use cloud computing resources provided by an external cloud services provider to run their business.44 For all practical purposes, this is important because most, if not all, exchanges rely on cloud solutions.
Payment institutions must provide periodic reports to the CSSF. Circular 11/511 of the CSSF refers to the periodic reporting scheme for payments institutions.
After the end of the financial year, a short-form report as well as the final version of the periodic reporting tables and the internal audit and control reports have to be submitted to the CSSF. One month after the ordinary general meeting, a long-form audit report has to be submitted to the CSSF with a number of other corporate documents.
The compliance of payment institutions with all the requirements set out above is assessed in the context of the off-site prudential supervision and is subject to regular on-site inspections.
Regulation of miners
There are no specific licensing requirements for miners under Luxembourg law. However, if a miner exercises its activities in a professional way, he or she would have to apply for an ordinary business licence and hence be considered as a professional service provider.
Regulation of issuers and sponsors
As discussed in Section II, if ICO tokens qualify as financial instruments, the firms involved in ICOs are conducting regulated financial activities in Luxembourg and therefore need to comply with relevant regulations.
An issuer of a token qualifying as a financial instrument will, for instance, be required to publish a prospectus according to the Law on Prospectuses for Securities. Additionally, the EU Prospectus Regulation will be applicable.45
It is relevant in this context that as of 21 July 2018, the Prospectus Regulation exempts security offers to the public with a total consideration of less than €1 million in the European Union, calculated over 12 months from the obligation to publish a prospectus,46 as European legislators consider that the costs of producing a prospectus are likely to be disproportionate to the proceeds envisaged from the offer.47
An additional exemption also applies and this has been implemented into Luxembourg law. The Prospectus Regulation offers Member States the option not to require the publication of a prospectus for offers of securities to the public not exceeding €8 million over 12 months, but only to the extent that the offer is limited to one single Member State and it does not benefit from the passporting regime.48
Since 21 July 2019, other exemptions have also been applicable; for example, in relation to:
- offers made to qualified investors or offers addressed to fewer than 150 persons per Member State (other than qualified investors);
- offers of securities whose denomination per unit amounts to at least €100,000; or
- offers addressed to investors who acquire securities for a total consideration of at least €100,000 per investor for each separate offer.49
Issuers will have to comply with the AML/CTF Law, as well as ordinary civil and commercial law provisions.
If ICO tokens do not qualify as financial instruments, the firms involved in ICOs that fall within the scope of the new Article 1(20c) of the AML/CTF Law must comply with the new requirements applicable to VASPs. They must register with the CSSF and comply with all the requirements of the AML/CTF Law and Regulation (EU) 2015/847 on information accompanying transfers of funds.
To register, VASPs must also comply with the governance requirements of Article 7-1 Paragraph 3 of the AML/CTF Law on the individuals exercising management functions and the ultimate beneficial owners (UBOs) of the providers themselves. The individuals exercising management functions and the UBOs must submit evidence of their professional standing to the CSSF. Professional standing is assessed on the basis of police records and any other elements showing that the persons concerned are of good repute and offer every guarantee of irreproachable conduct.
The AML/CTF Law also requires that at least two individuals must be in charge of the management of the entity and must be empowered to effectively determine the direction taken by the business and any change to the members of the management or the UBOs must be pre-approved by the CSSF. These individuals must possess adequate professional experience and must submit evidence of their professional standing.50
Criminal and civil fraud and enforcement
Most, if not all, of the laws referred to in this chapter contain provisions on enforcement, which carry administrative as well as criminal sanctions. Ordinary civil, consumer protection, commercial and criminal law can also be applied in the context of fraud and enforcement.
Regarding direct taxation, the tax administration issued a circular on 26 July 2018,51 the essential parts of which can be summarised as follows:
- virtual currencies are intangible assets for accounting and tax purposes;
- professionals mining or selling virtual currencies are subject to ordinary taxation; and
- in a non-professional environment, profits made through transactions whereby a virtual currency is exchanged against another currency (fiat or virtual), or whereby a virtual currency is used to pay for goods or services, are subject to taxation under the rules applying to speculation profits if the virtual currency transferred has been held for less than six months.
For indirect taxes, and in line with well-established EU law principles, financial services are not subject to value added tax (VAT). The exchange of fiat currency against virtual currency itself shall not be subject to VAT, in accordance with the Hedqvist ruling of the European Court of Justice.52
If a token corresponds to the definition of electronic money – that is, in substance a monetary value represented by a claim on the issuer, which is electronically stored and issued on receipt of funds for the purpose of making payment transactions, and is accepted by a natural or legal person other than the issuer – the issuer would have to apply for an e-money licence.53
Tokens backed by fiat currencies and designed solely in a way to be used as a payment instrument would fall under the remit of this definition.
The licensing process applicable to e-money issuers is similar to the process applicable to applicants for a payment institution licence.54 Just like payment institutions, e-money institutions have to comply with the legal requirements set out by the Law on Payment Services on a permanent basis. CSSF circulars clarify the legal requirements.
With distributed ledger technologies and cryptocurrencies here to stay,55 since 2014 Luxembourg has shown its capacity to innovate in the sphere of fintech. We firmly believe that Luxembourg will also become an EU hub for regulated token offerings in the future.
1 Jean-Louis Schiltz is the senior partner and Nadia Manzari is a partner at Schiltz & Schiltz SA.
3 Law of 1 March 2019 amending the Law of 1 August 2001 on the Circulation of Securities.
4 Law of 22 January 2021 amending the Law of 5 April 1993 on the Financial Sector (the Law on the Financial Sector) and the Law of 6 April 2013 on Dematerialised Securities.
5 CSSF annual report 2016.
6 CSSF Warning regarding initial coin offerings ('ICOs') and tokens, issued 14 March 2018.
7 Article 1(20c) of the AML/CTF Law.
8 Article 1(20b) of the AML/CTF Law.
9 Article 1(20a) of the AML/CTF Law.
10 Article 1(20d) of the AML/CTF Law.
11 Article 1(20e) of the AML/CTF Law.
12 CSSF Communication of 9 April 2020 on virtual assets, virtual asset service providers and the related registration process.
13 ESMA statements of 13 November 2017 ESMA 50-157-828.
16 Swiss Financial Market Supervisory Authority (FINMA) Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs). Published 16 February 2018.
18 Law of 10 November 2009 on Payment Services, on the activity of electronic money institutions and settlement finality in payment and securities settlement systems – as modified by the Law of 20 July 2018.
19 FINMA Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs).
21 Germany Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) advisory letter WA 11-QB 4100-2017/0010, France Draft Law 'Relatif à la croissance et la transformation des entreprises' dated 19 June 2018; FINMA Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs).
22 Article 1(19) of the Law on the Financial Sector and Annex II Section B of the same law.
23 Article 1(55) implementing Article 4(1)(44) of Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014.
24 Blockchain Bundesverband, Finance Working Group, Statement on token regulation with a focus on token sales.
25 This is in line with Luxembourg law, which largely recognises unmaterialised securities: the Law of 1 August 2001 on the Circulation of Securities and the Law of 6 April 2013 on Dematerialised Securities.
26 See also BaFin advisory letter WA 11-QB 4100-2017/0010, which considers that 'trading platforms for cryptocurrencies can, in principle, be deemed financial or capital markets within the meaning of the definition of a security'.
27 Similar to the Howey Test created by the US Supreme Court for determining whether certain transactions qualify as investment contracts. See ICOs and financial regulation, presentation by Jean-Louis Schiltz at the Bourse de Luxembourg on 4 October 2017 and at the University of Münster on 7 November 2017.
28 This is in line with the FINMA approach, which looks at the economic function and purpose of the tokens issued:
In assessing ICOs, we look at the economic function and purpose of the tokens that are issued. In other words, if it looks like a duck, swims like a duck, and quacks like a duck, then FINMA will treat it like a duck. . . .
So using the duck test: payment tokens like bitcoin or their newer cousins look like means of payment and are therefore subject to AML requirements. And asset tokens look like securities and therefore fall under securities law. (Mark Branson, FINMA chief executive officer, Keynote at the Swiss–UK Dialogue held on 13 March 2018 in London.)
29 See Mark Branson, FINMA chief executive officer, Keynote at the Swiss–UK Dialogue held on 13 March 2018 in London.
30 Article 2, 2(a) of the Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937).
31 Point (4), (9) or (10) of Annex II Section B of the Law on the Financial Sector.
32 Germany BaFin advisory letter WA 11-QB 4100-2017/0010.
33 ESMA statements of 13 November 2017.
34 Article 24-9 of the Law on the Financial Sector.
35 As we understand, payment institutions are basically subject to the Financial Crimes Enforcement Network requirements (i.e., AML and CTF) regulations.
36 See Section V.
37 Article 2(1) point 16 of the AML/CTF Law.
38 Article 1 point 20b of the AML/CTF Law.
39 Article 7-1 Paragraph 2 of the AML/CTF Law.
40 Article 7-1 of the AML/CTF Law.
41 Guidelines on the information to be provided for the authorisation of payment institutions and for the registration of account information service providers under Article 5(5) of Directive (EU) 2015/2366.
42 Circular CSSF 21/769 Governance and security requirements for Supervised Entities to perform tasks or activities through Telework.
43 Circular IML 96/126, Circular IML 98/143 (as amended by Circular CSSF 04/155), Circular CSSF 04/155.
44 Circular CSSF 17/654 clarifies the regulatory framework governing IT outsourcing relying on a cloud computing infrastructure provided by an external provider.
45 Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market, and repealing Directive 2003/71/EC.
46 Article 1(3) of Regulation (EU) 2017/1129.
47 Recital 13 of Regulation (EU) 2017/1129.
48 Article 1(3) of the Regulation (EU) 2017/1129 is a Member State option. Article 18(2) point 5 of the Law of 16 July 2019 on Prospectuses for Securities implemented this option into Luxembourg law.
49 Article 1(4) of the Regulation (EU) 2017/1129.
50 Article 7-1 Paragraph 3 of the AML/CTF Law.
51 Circulaire du directeur des contributions L.I.R. No. 14/5 – 99/3 – 99 bis/3 of 26 July 2018.
52 Court of Justice of the European Union Press Release No. 128/15 Luxembourg, 22 October 2015, Case C 264/14 Skatteverket v. David Hedqvist. This was confirmed by Circular No. 787 of 11 June 2018 of the Direction de l'Administration et des Domaines.
53 Article 1(29) of the Law on Payment Services.
54 Article 24-1 et seq. of the Law on Payment Services.
55 Luxembourg Finance Minister Speech in Hong Kong dated 16 January 2018.