News

Counsel Kate Gee discusses recent proposals from French regulators regarding cryptocurrency, existing regulation in the UK and EU, as well as the proposed solutions moving forward, in Compliance Monitor.

Kate’s article was published in the October edition of Compliance Monitor and the online version can be found here.

In recent months, we have seen a broad global drive to respond to the increase in crypto fraud with more stringent regulation of cryptocurrencies being proposed worldwide, for example:

• Gibraltar was a pioneer in regulating cryptocurrencies, becoming the world’s first stock exchange to offer investors regulated trading in cryptoassets in 2018, when the Gibraltar Financial Services Commission licenced a Bitcoin exchange. It has adopted a principles-based approach.
• The Carbis Bay G7 Summit Communiqué 2021 committed the G7 nations to work together in order “to urgently address the escalating shared threat from criminal ransomware attacks”, urging “all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions”.
• The European Central Bank President Christine Lagarde called for the global regulation of cryptocurrencies in January 2021, saying that “there has to be regulation. This has to be applied and agreed upon … at a global level because if there is an escape that escape will be used”.
• In January 2021, the now US Secretary of the Treasury, Janet Yellen, told the US Senate Finance Committee that cryptocurrencies are a particular concern, with many being used “at least in a transaction sense, mainly for illicit financing. And I think we really need to examine ways in which we can curtail their use”.

Approach in the UK

The UK does not yet have a bespoke financial regulatory regime specifically designed to regulate cryptocurrencies and other digital assets, although the Financial Conduct Authority (FCA) indicated in July that it is transforming into a “forward-looking, proactive regulator” – and identified crypto assets as a focal point for development.  It is expected that digital currencies backed by major states will soon shake up the world of digital finance. Given the recent wave of ransomware attacks and other frauds involving digital assets and currencies, global regulators are racing to grapple with the reality of cryptocurrencies and how to regulate their use and discourage misuse.  However, regulators and markets are taking inconsistent approaches to regulation, giving rise to potential confusion or competing rules and obligations.

While cryptocurrencies were once regarded as online novelties, the global cryptocurrency market is now worth US$1.5 trillion annually and the FCA estimate that there are 2.3 million UK consumers holding cryptoassets (up 1.9 million last year).  In his July 2021 speech, the CEO of the FCA, Nikhil Rathi observed that:

“when technology is used to promote new investments to consumers, it is essential that the right controls are in place. We’ve seen an explosion among younger people speculating on cryptocurrencies or other high-risk investments. […] Analysis this year found those ‘having a go’ at this kind of investing were younger and, proportionally, more likely from an ethnic minority. There is evidence too that, as with the GameStop episode, more people see investment as entertainment – behaving less rationally and more emotionally, egged on by anonymous and unaccountable social media influencers. This is a category of consumer that we are not used to engaging with – 18 to 30-year-olds more likely to be drawn in by social media. That’s why we are creating an £11m digital marketing campaign to warn them of the risks. […] And those risks are stark. As we have repeatedly made clear: investors in cryptoassets should be prepared to lose all their money.”

 In the UK, the FCA was appointed as the regulator of the cryptocurrency market in January 2020, with responsibility to oversee compliance in terms of anti-money laundering and counter terrorist financing.  At present in the UK, whether or not a particular cryptocurrency is subject to financial regulation depends on whether it falls within the scope of one or more of the Financial Services and Markets Act, 2000, the anti-money laundering (AML) regime, the Payment Services Regulations, 2017 or the Electronic Money Regulations, 2011 – an example of the FCA repurposing or extending the existing regulatory framework (designed for an altogether different purpose of product) to capture crypto assets.

Recently, the FCA has become increasingly interventionist and introduced several new measures to address the use and misuse of crypto assets.  Here are some examples:

1. Warnings

The FCA has also issued stark warnings regarding investing in cryptocurrencies and digital assets, for example: “Cryptoassets are considered very high risk, speculative purchases. If you buy cryptoassets, you should be prepared to lose all your money”).  It has also warned of the risk of scams involving cryptoassets.

2. Registration

In an effort to tackle financial crime at the gateway, crypto asset firms must now register with the FCA and meet required standards under money laundering regulations before they can operate in the UK.  If they have taken the necessary steps, crypto platforms can rely on the Temporary Registrations Regimes to continue offering services in the UK while the FCA assesses their application for registration.  However, last June the FCA’s head of enforcement and market oversight Mark Steward said that, despite the regulator’s efforts, 111 unregistered cryptocurrency providers were operating in Britain, presenting “a very real risk“: “We have a number of firms that are clearly doing business in the UK without being registered with us and they are dealing with someone: banks, payment services firm, consumers.”

In addition, it has been reported that large numbers of companies have been abandoning their applications, often due to their failure to meet AML requirements in time.

3. Prohibition of exchanges / platforms

In May this year, Binance, the world’s largest cryptocurrency exchange, withdrew its application for registration following discussions with the FCA.  In June, the FCA banned it from conducting regulated activities in the UK.  This was widely viewed as a significant indicator of a growing crackdown on the cryptocurrency market by global regulators.

4. Ban on sale of crypto-derivatives to retail consumers

The FCA has banned the sale of derivatives and exchange traded notes that reference certain types of cryptoassets to retail consumers for a number of reasons, including the “inherent nature of the underlying assets [which] means they have no reliable basis for valuation”, the “prevalence of market abuse and financial crime in the secondary market (eg cyber theft)” and “extreme volatility in cryptoasset price movements.”

The FCA’s regulatory crackdown on cryptocurrencies may be just the beginning. Frauds involving cryptocurrencies are now valued in the billions. In the UK, in 2020 alone, around £113 million was stolen in fraudulent cryptocurrency investments. Cyber criminals rely upon the relative anonymity which cryptocurrencies offer, hence the need to regulate cryptocurrencies to prevent ransomware attacks.  However, such regulation needs to be introduced in a way that is compatible with the developing use of blockchain technology for legitimate uses – for example, to ensure the secure sharing of medical data and for cross-border payments.

The EU is taking a similar approach to the UK: it wants to address the illegal use of cryptocurrencies, while also enabling the legitimate use of blockchain technology.  The shape of the EU’s future regulatory regime will be thrashed out in the coming years. The French markets regulator Autorité des Marchés Financiers (AMF), has proposed that the EU markets regulator, the European Securities and Markets Authority (Esma), be given responsibility for regulating the cryptoasset market, instead of member states’ national regulators. AMF argues that “Granting Esma the power of direct supervision of public offers of cryptoassets in the EU and of cryptoasset service providers would create obvious economies of scale for all national supervisors and concentrate expertise in an efficient way, for the common European benefit”.

Given the borderless nature of cryptoassets, a centralised regulatory regime would help to ensure greater regulatory consistency across the EU, though it may prove to be anathema to those member states who are increasingly concerned at the loss of sovereignty to Brussels.

At the same time, the EU is making plans to issue its own central bank-backed digital currency – a digital euro. A public consultation showed broad public support for the creation of a digital euro. The consultation revealed a public willingness for the authorities to track transactions, with two in five respondents saying that “Digital euro transactions should be visible to either intermediaries or the central bank” to “allow the application of anti-money laundering and combating the financing of terrorism”. Only one in ten respondents thought that transfers under a certain threshold should remain completely private. This consultation suggests a broad European willingness to use digital currencies and also to allow them to be regulated to prevent criminal activity.

There’s little doubt that the launch of state-backed digital currencies (potentially including a digital Yuan in China and a digital US dollar) will have a huge impact on cryptocurrencies as we have known them. It will remove many of the arguments for the existence of private and unregulated cryptocurrencies. It is also clear that once states enter into the cryptocurrency market in earnest, it will be in their own interest to stringently regulate private cryptoassets.

Tension between regulation and FinTech innovation

As the UK develops a bespoke regulatory regime for cryptocurrencies, it will be necessary to balance the need to prevent the criminal use of cryptoassets against having a regime which encourages the development of a thriving FinTech sector, which relies increasingly on blockchain technology. The City of London recently commissioned EY to research the position of the UK’s FinTech industry. The report, published last year, found that “The UK remains a global FinTech capital” with the FinTech sector creating some £11 billion in revenue in 2019, up from £6.6 billion in 2015. The report estimated that FinTech accounts for around 8% of the UK’s total financial services output, noting that “in the last five years, the UK FinTech sector has moved mainstream, having inspired and stimulated innovation in broader financial services and technology sectors.”

The report found that, along with access to talent and capital, a key strength for the development of FinTech was the UK’s policy regime. It noted that “the UK policy environment is more mature and progressive [and]… highly supportive of innovation”. Therefore, in order to create a thriving FinTech industry the UK’s future regulatory regime will have to be robust, but also supportive of innovation and the use of new technologies. The UK’s financial services regime, which is guidance and principles-based, certainly has the potential to adapt to new technologies than more rigid regulatory systems.

The eventual shape of the UK’s regulatory approach to cryptoassets will be influenced by political and geopolitical factors, and the speed at which state-backed digital assets begin to emerge around the world. Yet, as post-Brexit Britain seeks to grow financial services as a cornerstone of the economy, the need for robust regulation will have to be balanced against a desire to ensure that the UK remains a leading centre of innovation in digital finance.

Protecting digital assets

In November 2019, the UK Jurisdiction Task Force (UKJT) published an important analysis of how the British legal system may approach cryptoassets, entitled, “Legal statement on cryptoassets and smart contracts”.  From a legal perspective, the UKJT’s key conclusions were that cryptoassets have all the legal characteristics of property, since they are definable, identifiable by third parties, capable of assumption by third parties and have a degree of permanence or stability.  The report found that the intangible nature of cryptoassets and novel features such as distributed ledger technology did not prevent them from being property in the legal sense.

Soon after publication of the UKJT report, the English High Court had the opportunity to consider whether cryptoassets could legally be property in the case of of AA v Persons Unknown [2020] 4 W.L.R. 35. The case involved an application for a proprietary injunction to recover Bitcoins extorted during a ransomware attack on a Canadian insurance company’s computer system. A ransom payment of $950,000 was made in Bitcoin, being 109.25 Bitcoins.  Expert consultants located the Bitcoins at an exchange, finding that 96 of the 109.25 Bitcoins were in an identifiable account. The court held that Bitcoins are in fact “property” in law and duly granted an injunction, enabling the Bitcoins to be recovered.

In the judgment, the court considered the UKJT legal statement at length, finding it “compelling” and holding that it should be adopted by the court. The judge held that “for the reasons identified in that [UKJT] legal statement, I consider that a crypto asset such as Bitcoin are property. They meet the four criteria set out in Lord Wilberforce’s classic definition of property in National Provincial Bank v Ainsworth [1965] 1 AC 1175 as being definable, identifiable by third parties, capable in their nature of assumption by third parties, and having some degree of permanence.” This provides just one example of how the English court’s common law tools for fighting traditional fraud are being successfully adapted to meet challenges presented by the digital age – which is particularly important until a more robust regulatory regime is in place.