Are Whitepaper ICOs' Prospectus? The Strict Requirement of Malta VFAA Act 2018 on Publication of Whitepapers

The Virtual Financial Assets Act , 2018 (VFAA Bill) was tabled in parliament on Tuesday, 24 April 2018 by Parliamentary Secretary for Financial Services, Digital Economy & Innovation Hon. Silvio Schembri MP. The Bill is currently going through the normal parliamentary process. Procedurally, a bill is suppose to go through three readings in parliament. Members of parliament will debate and may propose amendment before it is forwarded to the President for ascension. The law is then Gazetted by the responsible Minister.

The Act outlines prerequisites for offering virtual financial assets (e.g. Initial coin offering) in or from Malta. Although the compliance process is important, our interest here is to briefly sketch the significant requirements that will have, in our opinion, immediate impact on ICOs (or Initial Offerings). The first major impact of the Act is the attention given to whitepapers. This will perhaps be one of the significant regulatory constraint impose of DLT projects by the Act. It is a requirement that is more or less inspired by and fashioned in the lines of prospectus requirement in the trading of regulated financial instruments. The bad press that whitepapers have been receiving over the years may not have helped.

While the bill is mostly for virtual assets issued in and from Malta, it will have far reaching implications on the drafting and publication of whitepapers. Possible demonstrative effects are expected to manifest beyond the Jurisdiction of Malta. In short, if the Bill comes to pass as is, we expect both formal replications of the requirements in various levels of details in other jurisdictions, and also informal pressure to adjudge appropriateness or prospect of other whitepapers issued for cryptocurrencies in other jurisdiction. The current laissez-faire approach to crafting of Whitepaper will be brought to an abrupt end when the Bill is Gazetted.

The Bill

The Bill provides that a virtual financial asset is registered as specified by the Act (i.e. as a utility token) unless it is determined to by both the issuer and the VFA Agent to be a financial instrument, whereupon it will be required to abide by the applicable laws. Where that token is established as a utility token (or as the bill provide – a virtual financial asset), the whitepaper will be required to satisfy a whole list of requirements contained in the act and schedule one. In other words, the Bill makes drafting, drawing up, publication and distribution of Whitepaper in relations to issuance of a utility token in Malta a regulated activity.  

General Principles, requirement and Responsibilities

  • Appointment of Agent: The bill requires the issuer to appoint a Virtual Financial Asset Agent (VFA Agent) for their virtual asset project.

  • Signature: Whitepapers will require to be signed by the issuers and the Virtual Financial Asset Agent confirming that the whitepaper is in compliance with the Act’s requirement. It is mandatory that the parties sign the whitepaper ten days prior to its publication. On approval, the whitepaper will remain valid for a period of six months.

  • Malta MFSA Test: The Whitepaper will also be required to be subjected to the test issued by competent regulator (MFSA Financial Instrument Test). This test is a requirement for all ICOs and is meant to establish if the proposed virtual asset falls within the legal perimeter of the VFA Act or comes under existing rules on financial instruments (MIIFID II).

  • Summary: Whitepapers will be required to have a brief summary, in a non-technical language, of the key information of the offering, with the view of aiding investors make informed decision when considering investing in the virtual asset. Civil liability is attached to those persons who have tabled the summary including any translation thereof and applied for its notification.

  • Responsibility: The whitepaper will also require to have details of the persons responsible for the whitepaper, and their declaration that to the best of their knowledge the information contained in the whitepaper is in accordance with the facts and that the whitepaper makes no omission likely to affect its import.

  • Information in the Whitepaper: The Act requires information provided in a whitepaper be presented in such details and format that will enable investors to make informed assessment of the prospects of the issuer, the proposed project and of the features of the virtual financial asset (or token as is popularly known). These requirements cover inclusion of information on issuer’s due diligence, their financial track record, third party details and their contracted relationship including financial implications of the relationship.

  • Offer of the project: The whitepaper will be required to provide rationale of the offer, detail technical description of the protocol, platform and application, detail description of the functionality of the token, its sustainability and scalability, associated and or anticipated challenges and risks.

  • Security of Issuers Wallet: The issuers will be required to include in the whitepaper detailed description of their wallet, its security and safeguarding against hacking of the protocol, and any off-chain activities and to any other wallets used by the issuer.

  • Business and Market Details: The whitepaper will also be required to provide a description of the life cycle of initial virtual financial offering (i.e. ICO); description of its past and future milestones, targeted investor base, exchange rate of the token, the token’s interoperability with other protocols, manner of allocation of funds raised at the ICO, the amount to be raised and purpose of the issue, the total number of token to raised, their features and their distribution, the consensus algorithm where applicable, and the incentive mechanism to secure transactions and applicable fees.

  • Crowd-sale Details: The issuers will also be required to provide in the Whitepaper; description of the estimated speed of transactions in case of a new protocol, applicable taxes on the offering, any soft cap and hard cap for the offering, the period in which the offer is open, any person underwriting or guaranteeing the offer, any reasonably known restrictions on the free transferability of the virtual financial assets being offered, the DLT exchange(s) on which they may be traded, method of payment, specific notice of refund if soft cap is not reach including the manner and timeframe of the refund, the general risks associated with the token and investment therein, and procedure for excise of any right of pre-emption. As regards initial investors, the whitepaper should provide details on the bonuses applicable early investors including discounted purchase prices for the token.

  • Details of Smart Contract: On the smart contracts, the whitepaper will be required to provide a detail description, adopted standards, its underlying protocol, functionality and associated operational costs, details of the person who performed an audit on it, any restrictions embedded in the smart contract deployed, including any investment and or geographical restrictions. The whitepaper should also provide description of the oracle programme used, including detailed description of their characteristics and functionality, and period during which voluntary withdrawals are permitted by smart contract if any.

  • Benefit of third parties: the whitepaper will be required to include details of estimated expenditures, details of payees, contract fees agreed for the VFA Agent, product endorsers etc.

  • Issuers Financial Record: If the issuer has existed for three years, it will be required to submit details of its financial track record



The proposed MFSA Financial Instrument Test that every ICO will be required to subject their whitepaper to is meant to help in establishing the legal exposure of a token to either the VFAA 2018, or the existing rules under the Markets in Financial Instruments (MiFID II) - Directive 2014/65/EU. In both cases, ICO’s will have to publish either a prospectus or a whitepaper both of which will be subject of detailed legislative  guidelines and sanctions.


While the rationale behind the detailed provisions for the drafting, content and responsibility for the whitepaper are self-evident, impact of these rules on the DLT projects will take time to establish. Our common hope is that this will not bureaucratically stifle innovation in the emerging technology.




Initial Coin Offerings and Policy Making

In time, it will get easier and easier to carry out Initial Coin Offerings (ICOs). 

Executing an ICO campaign will be the equivalent of setting up a Wordpress website. It is likely to get even easier than setting up a website. 

Traditional crowdfunding will be overtaken by the token economy. Virtual currency’s (VC) role supporting early ideas will start to fade, or will adapt to this new 'self-help' environment. 

In just two-months from now there will be a few ICOs to make the ICO process easier for people to launch. Which is somewhat ironic. 

Bancor allows for the creation of tokens with a reserve. Adel will develop a decentralised community accelerator where every project can have a token. Starbase is a crowdfunding system that allows for the generation of a token per project. Wings is a decentralised accelerator and crowdfunding platform for ideas backed by their token.

How should policies adapt to this new economy?

Policy Approach

At the UK Digital Currency Association (UKDCA) we suggested that the UK government have a basic standard for consumer protection. In my view, a simple registration for anti-money laundering (AML) purposes is sufficient as this provides some accountability, and standards should be voluntary and industry-led.

Indeed, what is needed for ICOs is some basic governance surrounding access to the funds raised. 

However, prescriptive governance is not warranted. In a previous blog post we talked about the notion of having an ‘ICO Verification Agent’ to verify statements made by ICO campaigns, to avoid fraudulent claims.

Initiatives are popping up to provide governance as a service. One recent example is

Virtual Securities Policy

In terms of Virtual Securities, as discussed in a previous blog post, I would encourage regulators not to regulate them as traditional financial instruments. 

Keep them as digital currency and treat them differently from tightly-regulated financial instruments. For the more exotic type of digital currencies that have 'promises' attached, or give a share of the network fees, ensure they have a simple AML registration requirement for the ICO i.e. treat them as digital currency. 

There is no point in regulating Virtual Securities under the Markets in Financial Instruments Directive (MiFID) or other prohibitive regulations. The last time I saw a prospectus for a company issuing stock it was 100 pages long. No-one reads the text and there is never any protection from bankruptcy or guarantee of success. All those prospectuses do is make it more difficult for startups to get funding to grow. 

Where faced with a Blockchain Security (which is not a Virtual Security), then, of course, recognise it as such. 

Policy Must be Proportionate

This is where 'proportionate' intervention may be appropriate. The Switzerland- and Singapore-based approaches are probably most interesting. 

In Singapore, the notion of a Sandbox represents a full – not partial – exemption from regulations. The UK Sandbox is a partial exemption – it is an exemption from regulations, as opposed to primary law. 

The same is true with the notion of the Sandbox in Switzerland. In Switzerland, authorisation is required after a certain threshold of 20 participants and CHF1 million in the holding of client funds. The notion here is scaled regulation. 

In Singapore, the threshold is more discretionary. Statements from Ravi Menon indicate a measured approach. “Only when they grow and reach a certain critical mass, which then poses a significant impact on the system”From my dealings with blockchain firms, the Monetary Authority of Singapore (MAS) gives some discretionary guidelines to the firms within the sandbox.

Compliant Initial Coin Offerings

How are different countries treating blockchain?

Blockchain digital currencies are tightly regulated in the US. 

The issuance of a digital currency in the US requires registration. Ripple was fined for selling XRP without being registered. 

The Isle of Man added a registration provision for digital currency issuers and exchanges. 

In Europe, the EU will capture exchanges and custodians under the 4th Anti-Money Laundering directive (4AMLD). 

All exchange activity will be captured under anti-money laundering (AML) rules. 

In Asia, Japan has already started to regulate digital currency. Businesses are required to have a payments license to operate an exchange, or pre-sell tokens in Japan. 

Initial Coin Offering Havens

Where are the majority of the Initial Coin Offerings (ICOs)? They are generally from Singapore or Switzerland-based entities. 

The typical Swiss route is a non-profit foundation that issues all the tokens. This is modelled on the ICO approach, pioneered by the Ethereum Foundation. In Singapore, the structure is less important as capital gains are non-taxable. In Singapore more interest is the perceived pragmatism of Monetary Authority of Singapore (MAS).

A critical part of the ICO process is ensuring the proceeds of tokens sales are not taxable as income or a capital gain. This is managed through a foundation or structuring in tax-efficient jurisdictions. 
However, the tokens are often issued without any AML, or counter terrorist financing, controls in place. 

ICOs without AML compliance is a completely unsustainable position as regulations are moving against anonymous crowdsales. 

Looking at only the EU market from June 2017, exchanges and custodians will be subject to the 4th Anti-Money Laundering directive. 

This will capture ICO activity as it is essentially an exchange service.

Importantly, the integration of exchange and custodian activity by the EU into 4AMLD may likely be a prohibitive exercise with huge unintended consequences. The application of these regulations to exchanges and custodians have complete disregard of proportionality. The infamous intervention by the European Banking Authority (EBA) was to suggest that exchanges and custodians must register in every EU state where they have customers. The EBA have never run a startup before and bluntly has no interest in fintech.

Unfortunately, most digital currency activity will shift away from the EU if the application of 4AMLD to exchanges or custodians becomes draconian.

However, Switzerland and Singapore are not in the EU. But that is not to say that Switzerland and Singapore are simply going to give a free hand to anonymous ICOs.

Singapore and Evolutionary Compliance

Singapore prides itself on its clean reputation as a hotbed for innovation. Its Sandbox environment is by far the most pragmatic and effective in operation.

In other words, Singapore has a lot to lose if an anonymous ICO ends up creating a taint on its reputation. 

In view of this, what we are seeing in Singapore is an engagement strategy between ICO projects and the authorities. This engagement seems to lead to incremental steps towards basic compliance. 

DigixDAO is an example of a continual engagement strategy. An article published in September 2016 states: “Whenever there is an update to our business model, we make sure to inform the relevant governing bodies”.

After an anonymous funding round, DigixDAO then introduced Know your customer (KYC) to their platform. This is an evolutionary form of compliance for startups. 

However, a zero to one hundred per cent compliance evolution will no longer be appropriate. Certain basic guidelines will be established we suspect in the near-term.

Switzerland – Stepping Towards Regulation

It is important to note that the current announced fintech regime in Switzerland runs counter to anonymous ICOs. The current proposed fintech framework is for crowdfunding intermediaries to allow for the raising of capital subject, to limited number of investors and a threshold amount of CHF1m. The Swiss regulator has already directed digital currency intermediaries to enter a Self-Regulatory organisation for AML compliance. 

These principles will port across to anonymous ICOs. 

In time, it will be a simple requirement to ensure that an ICO campaign achieves some basic level of compliance.

ICOs Subject to Standard AML

It is expected that in a year from now it will be the norm to register as a coin issuer and perform KYC on investors. 

But who likes KYC? Everyone hates KYC. The users hate KYC and the service providers hate KYC as it increases acquisition costs.

However, many solutions are being conceived of that will give a blockchain compatible compliant identity to users.

In time, it will be possible to do one registration and access one hundres ICOs without having to repeats the compliance process.

At Diacle, we’re working on building such an identity system. There will be many that exist.

But we need to take the pain out of compliance or compliance will continue to be a hindrance to innovation and business rather than an enabler of innovation.

It is my view that the more regtech we have the more startups will be set free to innovate safely. A basic compliant identity solution is one regtech solution needed. 

Let's take a look at how a purely decentralised blockchain service can achieve compliance. 

On the Isle of Man, we have set up what will be the first regulated blockchain lottery in the world. Ninety-nine per cent of the lottery processes run on-chain. It is a fully blockchain integrated solution. Yet it is useless if it isn't compliant.

One way we are achieving compliance is by registering the Ethereum addresses of users and creating a closed-loop between pay and withdraw. This is just a small step.

Of course, in time that ETH address registration won't be necessary as we become compatible with an integrated identity solution. 

Compliance by Design

It is imperative not to re-centralise a decentralised service. 

Controlling other people's private keys and access to their assets is an anathema of blockchain as a concept. Therefore, blockchain design must stay true to opening access global peer to peer markets and user control. 

Joseph Lubin famously quoted that 'decentralisation is a phenomenon’. With blockchain we are re-thinking the basis of relationships between user, objects and governments. 

This is a world where users own and control their assets. This must be the future. 

Injecting trust back into a trustless system is simply missing the point of blockchain and shows a design failure, or is simply a reactive business decision to try and own as much as possible.

In my view, the design decisions of a blockchain product must align with the mission of user control.

But user control does not mean the system cannot be compliant. Quite the contrary. It is just a question of willingness to be compliant.

Towards Compliant ICO Contracts

If you look at the design of the current ICO smart contract code out there, there is no provision for compliance. 

It completely disingenuous to say that compliance is too complicated to add to the ICO smart contract. Since the decentralized autonomous organization (DAO) hack, a freeze function is now commonplace in ICO smart contracts. We have improved the design of the ICO smart contracts by that bad experience.

Let's look at how a compliant ICO might look like. Keep the decentralised design of the ICO Smart Contract but ensure that it is compliant.

The basic process of an ICO smart contract is to start an ICO, receive funds and mint tokens to the addresses of contributors.

Based on that logic, it is simple to you add an additional feature. This feature would be a 'whitelist' function for the funding addresses. 

Investors sign up on a webform, enter their details and registers their ETH address with the smart contract. 

The smart contract then recognises the user when the ICO goes live and only accepts a donation from the registered ETH address.

This simple feature only marginally encumbers the ICO process but achieves a base line of compliance. 

'Whitelist' ICO Smart Contract Business Rationale

From a business point of view there are many complaints regarding missing out on an ICO. They say, "it was over in minutes". 

The pre-registration process increases the chances of a person getting into the ICO as pre-registration and can be from of allocation for users that is guaranteed for them in the ICO for a fixed period, say one hour after ICO goes live. 

This also gives better certainty to the ICO project founders that they will sell out when the ICO starts which is a huge concern for the founders.

The Tellochain Method – Three-dimensional Counting

One of the most useful aspects of blockchain is the immutability factor.

If the balance changes on Ethereum, it cannot be reversed. Even if fixed, an error will always be part of the paper trail.

This immutability can be leveraged in a subtle way to dramatically reduce the administrative activities of companies.

To understand how this may be possible we must understand how we count today and the history of counting.

Today, we count in an abstract manner using numbers. ‘Things’ used to be represented as physical symbols until a method was found to go from images to text. 

Abstraction occurred to make the ‘data processing’ of information more efficient.

Today, we count using tools for counting. The primary tool is the calculator. The extension of the calculator is the spreadsheet.

We enter numbers into the spreadsheet and add a column for what the numbers represent – and that is how we count the world around us. The numbers change and we save the versions. 

This method is used for share registers too. 

A company literally takes an excel spreadsheet and adds the names of the shareholders in one column, adds the address of the shareholders in another column and the number of shares in a third. When a change happens, someone in the company opens the correct version of the share register, updates it, and then prints and signs.

These processes are evidentially extremely inadequate for a process that needs to be 100% accurate.

The fact remains that small companies don’t have the time to sit down and do everything correctly. A small errors can accumulate over time, which turns into a larger problem that needs to be solved.

When startup clients make inconsistent filings with the Company Registrar. After a period it became difficult to know exactly who exactly the shareholders were.

The blockchain therefore offers a practically free immutable counting system.

How Does it Do it?

What is fascinating is that it can do so using the most primitive method known to mankind: ‘accounting tokens’.

Accounting Tokens

Five thousand years ago we used what are referred to as 'accounting tokens'.These were physical objects that represented a commodity such as a sheep or wheat. To count the physical object, you would need an equal amount of the accounting tokens. 

Typically, they were used in ancient Mesopotamia and found in a city called Tello.

These objects disappeared as we discovered numerical abstractions as a mean to count. 

Physical accounting tokens are obviously not particularly scalable for accounting purposes.

Accounting tokens are a physical representation of the world around us. It is the rendering of a three-dimensional world in a physical three-dimensional form. 

Our present accounting and counting methods render a three-dimensional world in a two-dimensional abstract form.

With blockchain, the Tellochain Method is a representation of a three-dimensional world or two-dimensional concept in a three-dimensional blockchain form. 

The blockchain accounting tokens created are immutable and permanent therefore they can be said to exist in a three-dimensional manner. 

With the Tellochain Method – using the share register as an example – a digital three-dimensional view of the share register is simply rendered.

A total amount of blockchain accounting tokens can be created and allows for the transfer of those tokens – the blockchain does the rest. 

What is of particular interest, is that there are no regulations over how you should count.

The blockchain accounting tokens themselves are completely valueless.

So Tellochain is a fantastic way to administer all assets without trying immediately to transfer the existence of a real-world legal concepts such as a share onto a blockchain.

In essence, my view is that we must use this technology immediately.Not wait for 500 old years of legal history surrounding joint stock companies to be updated to appreciating the benefits of blockchain.

Now someone just needs to make a beautiful mobile UX to enable the blockchain spreadsheets generation to utilise all programming languages – not just Solidity.

Blockchain Applications and Regulatory Matters

Two Applications

There are two current main applications of blockchain: one as a digital currency, the second one is used for crowdfunding. 

Let’s look at the evolution of these applications. 

Public blockchain application is digital currency and integrated payment system. 

This innovation has completely removed the need for a trusted third party. 

It allows peers in a network – whomever they may be – to send value to one another, globally and almost instantly.

Bitcoin demonstrated that a distributed community could share a payment system and store of value. 

When something such as bitcoin, works in such a miraculous way, it is natural for others to want to replicate the success of that model.

As a result, enthusiasts wanted to create own version of bitcoin. This resulted in the altcoin explosion.

Many coins in the early 2000’s were similar in many ways, and thousands of coins were created. 

These new cons often were:

  • mining-based digital currencies 
  • or had a mix of mining and pre-mine. 

Ripple – an alternative to bitcoin as a payments network – pre-mined its coin. Ripple’s XRP token is used as an anti-spam token for the network and a conversion token for forex transactions.

The pre-mine of a new protocol was used to raise funding for the protocol itself. 

Then, a new trend emerged which was less about creating a new protocol, but rather leveraging the strength of the bitcoin network in other ways. 

Different communities arose that were building on bitcoin. 

There was the coloured coin protocol, Counterparty and also Mastercoin, now Omni. 

All those layers allowed a user to simply create another token and use the existing basic functions of pay, receive and escrow, for the new token. 

The tokens that were created by a project were often used as a tool to raise capital for the project. 

Before a project was live, the founders would start a campaign to give the community the opportunity to purchase their coin.

This crowd sale campaign came to be known as the Initial Coin Offering (ICO).

MaidSafe on Mastercoin raised around USD5m with its ICO. Factom raised a few million. 

With Maidsafe and Storj, their token is used to pay for the services.

Ethereum then announced that it was going to create a general framework for blockchain programming.

Its own crowdsale ICO in September 2014, raised nearly USD15m. Once Ethereum went live, it became evident that ICOs were going to breathe a new lease of life into the sector. 

Even the Ethereum foundation refers to ‘trustless crowdsales’ on its homepage as a principle application of Ethereum.

So, the second major application of public blockchain is undisputedly crowdfunding.

The interesting effect of blockchain crowdfunding is that it removes the need for crowdfunding platforms themselves. 

What we are seeing now, is that Ethereum has heralded a new generation of ICOs. 

These ICOs raise typically between USD5 million to USD15 million at a time. 

Let's look at some of the token sales projects and the type of instruments that were sold. 

Access Token

This is a type of token used to access software or services. This is generally regulated as a digital currency in most jurisdictions. However, even access tokens can provide incredible capital returns. Ethereum, Storj and Factoids are prime examples of access tokens. 

Virtual Securities Token

This is more like a share in a company. 

The issuer of the token promises one of the following or a combination of:

  • a share of the profits of the company 
  • a portion of gross sales 
  • transaction fees in a network 
  • or a portion of assets.

These types of tokens may be subject to tighter regulations. 

In particular, jurisdictions the sale of these tokens may be deemed to constitute an investment.

The founders often do not structure the tokens to be investments – but their interpretation by courts or authorities may lead to that finding. 

This is a case where substance will often triumph over form.

One labelled ‘virtual’ stock market was created by Ethan Burnside in 2013. 

On the website, it was possible to create what he referred to as ‘virtual’ shares and bonds to raise funding for your project. 

They were labelled ‘virtual’ shares and bonds as the Issuers did not create genuine shares or even legal structures to support the issuance.

Mr Burnside was charged for breaching the Securities Act in the US. 

This precedent from the Securities and Exchange Commission (SEC) states clearly that the formality of the instrument is immaterial in the US. 

If it is not actually a share or a bond but an investment contract, then it will be defined as a ‘security’ under US law.

Enacting Virtual Securities Tokens on ICOs are therefore more complicated.

In the EU, there are restrictions on amounts raised by selling securities without a prospectus.

Reference: Article 3

The Prospectus Directive applies to ‘transferrable securities’.

Transferable securities shall mean:

“— shares in companies and other securities equivalent to shares in companies

— bonds and other forms of securitized debt which are negotiable on the capital market and

— any other securities normally dealt in giving the right to acquire any such transferable securities by subscription or exchange or giving rise to a cash settlement excluding instruments of payment”

Reference: Article 1(4) 

If a Virtual Security Token is deemed a transferable security then the Issuer should be mindful of the Prospectus Directive.

In addition, the standard token issued during an ICO is a fully transferable token. It acts in a similar manner as bitcoin, with the ability to transfer to anyone even if the recipient is not known to the issuer. 

ERC20, which is the standard for Ethereum tokens, have, by default, full and unrestricted transferability.

This ‘bearer’ nature of Virtual Securities Tokens creates issues in certain jurisdictions. 

In October 2014, the recommendation from Financial Action Task Force (FATF) states:

“[…] countries that have legal persons that are able to issue bearer shares or bearer share warrants, or which allow nominee shareholders or nominee directors, should take effective measures to ensure that they are not misused for money laundering or terrorist financing”. 

This led to several countries abolishing bearer shares. In the UK, for example, bearer shares were abolished in 2015. 

Consequently, Virtual Securities ICOs are likely to be affected by bearer share restrictions.

The type of limitations that may affect a virtual securities offering is as follows: 

·      limits on the amount of capital raised (Prospectus Directive)

·      place registration requirements on the issuers – the US in particular, unless exemption applies

·      limits on the number of investors

·      limits on the type of people who can purchase

·      limits on whether the ERC20 token will have transferability due to bearer share restrictions.

There have been many Virtual Securities Offerings. These are obviously some of the most appealing ICOs as they promise a better return on investment. 

Virtual securities are instruments that are:

Model 1: Not defined as such by the Issuers but act like securities.

Model 2: Explicitly acknowledged as a security or investment contract by the Issuer – although an unconventional security. They could give access – similar to share warrants – to a real security or not be linked to a financial instrument at all and give a defined return to the investors in its own right.

Lykke and Blockchain Capital have issued the best Model 2 Virtual Securities so far. Lykke issued a right to a share in their company as a coloured coin. Blockchain Capital set up a fund with an ICO. They raised USD10m. However, there were certain restrictions: US investors had to be accredited, transfer of the token had limitations. Notable that the offering memorandum was extensive. The token will go live on 15 May 2017. 

We have a third trend emerging which is the issuance of a traditional security on the blockchain. This third category is not a Virtual Security. It is a conventional security issued on the blockchain. These instruments are here referred to as Blockchain Securities.

Blockchain Securities

Shares were typically issued in what is known as ‘certificated’ form. 

In the context of a share transfer, this means that there would be a share register and a share certificate for the shareholder. The transfer of a share would involve a stock transfer form, updating of the share register, cancellation of the previous share certificate and issuance of a new certificate. 

These numerous steps would be impractical in a trading environment on a stock market.

When electronic trading emerged on stock markets the system of trading typically involved the equitable ownership of the share moving hands on an electronic trading system then legal ownership being transferred after the event.

New regulations were introduced in the EU to streamline this process further, these were referred to as the ‘Uncertificated Securities Regulations 2001’ or ‘USR2001’.

These regulations allowed for the legal or equitable transfer of shares at the point of electronic settlement. This removed the necessity of a two-step process.

Importantly, USR2001 would only allow the electronic transfer on recognised settlement systems namely with ‘Operators’. 

In the UK, operators are required to be approved by the UK Treasury. An example of a USR2001 Operator would be CREST, which is owned by Euroclear. 

The CREST settlement system itself becomes the share register of the companies it supports. CREST holds the shares in an uncertificated form and the company usually has a duplicate of that record. 

Operator authorisation is needed to ensure the continual reliability of the Operator’s systems. Any inaccuracy could lead to disorder in stock markets.

So, to have Uncertificated shares they must be held by a USR2001 Operator.

These are the requirements.

In contrast, we are finding that progress is being made to enable companies to issue and transfer shares directly onto a blockchain.

In Delaware, US, they are amending the law to have shares issued on the blockchain. 

According to Cooley, the Delaware Blockchain Initiative has suggested amendments to permit the issue of “so-called "Distributed Ledger Shares” under Delaware Corporate law that could be authorised, issued, transferred, redeemed – living their entire life cycle – on a distributed ledger”. 

The notion suggested is that, rather than maintaining a share register, the company maintain its list of shareholders on a distributed ledger.

For the EU, there would need to be policy changes to allow for the blockchain itself to become an Operator. This is unlikely, as parts of market infrastructure regulation are designed to have liability assigned to a legal entity. It would be a significant departure to remove that legal entity altogether. 

A recent report from Euroclear made this point very clear. 

The report said, “the use of DLT by a central securities depository (CSD5), for example, should not by itself trigger any specific regulatory approvals”.

The Central Securities Depository can use blockchain if it so wishes. But its own role cannot be dispensed with blockchain. Not least because its own role is entrenched in legislation. 

Therefore, in the short term, we will start to see Euroclear or other USR2001 Operators offer essentially CREST on blockchain. 

In parallel, other jurisdictions, which have a more nimble legislative process, may take a more flexible approach to Blockchain Securities. 

With that in mind, it may take some time for Blockchain Securities to become commonplace. 

For ‘public’ Blockchain Securities we need to add an identity layer to resolve the ‘bearer asset’ issue. 

Let’s look at where we might be heading. 

Blockchain Companies

Countries may create a regulatory framework for a new type of company.

This company will be created as a smart contract on the blockchain. Its basic functions as a company will exist on the blockchain and it will issue shares on the blockchain. 

It is commonplace for countries to prepare standard articles of association to be used when a company is incorporated. These are referred to as the ‘Model Articles’.

In the future, a blockchain friendly country will provide Model Smart Contracts. 

These Model Smart Contracts will be written for example in Solidity and will cover several areas.

First, a Model Incorporation Contract will be provided – downloadable from the Company Registry’s office. Once published on-chain the company will be incorporated. 

Secondly, there will be a Model Share Issue contract. This contract will be compatible with the Model Incorporation Contract. Publish the code and the shares will be issued. 

Of course, underpinning such as system will be an identity layer – for accountability purposes. 

This all sounds hugely ambitious but the ambition is not a technical one; it is a legal one. 

Decentralised Autonomous Organisations (DAO) are, technically, already being created on Ethereum. 

The only missing piece is complete harmony with the legal systems. Currently, the DAOs created are akin to informal partnerships or community associations, which are fairly unsophisticated legal forms. 

Aragon – a new project that is carrying out an ICO this month – will ensure that creating a DAO is accessible for anyone. Finally, it will be the meshing of blockchain innovations with a legal system that will be the ultimate leap forward.


In this article (video here), we suggest that decentralised autonomous organisation (DAO) governance starts with initial coin offering (ICO) governance. ICOs are now the standard route to funding the setup of DAOs.

More and more tokens involve sharing network or transaction fees with the token holders and some form of participation or responsibility with the token holders for the continuation of the project.

These are all likely to be regulated, but, at times, illegal shares.

However, the purpose of this article is not to comment on the legality of DAO tokens. It is to present a way to address the risks of unaccountable token issues in a way to assure some consumer, and even founder, protection.

The exuberance of ICOs has survived the DAO due to the Ethereum ‘bail-out’. As said, ICOs are the standard funding routes for new blockchain protocols or decentralised applications (DApps). We can’t avoid the mistakes ICO founders will make in designing regulated and sometimes illegal tokens.

But we can set a new trend that goes some way to protect the consumer who will access these tokens. Here we present the notion of a Verification Agent to be there to hold the ICO issuer to account on statements made, and to ensure the Founders reach their project milestones. This is an idea presented to give ‘food for thought’ only – it is not a full blueprint to be relied upon in any way. If the industry is interested enough it will develop the Agency model or think of an alternative solution.

In the same way that building a solid foundation comes before building a house, ICO governance comes before DAO governance.

Even if the Slock IT DAO was high-profile and was presented as one of the first DAOs to be created, in actual fact – in cryptocurrency – we already have DAOs.

Bitcoin was the first fully-decentralised instance of this.

Technology comes in waves and so does nomenclature.

‘DAO’ is just a newer word for a pre-existing concept.

But DAO is not a concept that will go out of fashion.

Most ICOs happening today involve some form of participatory and revenue share-based model. For example: share the network or transaction fees with the token holders.

My piece on governance here is not about how best to maintain a DAO once set up, such as, for example, governance surrounding updating the bitcoin protocol.

Here I am making an assumption.

The assumption is that DAOs of the future will always start with an ICO.

And there is a very simple reason why that is the case; funding is required to build an organisation.

And I suspect there are fewer people with funding and DAO ideas, than there are DAO ideas with no funding.

Zcash is a DAO that raised funding privately. They could afford not to bypass the ICO.

If the assumption is correct that DAO and ICO is the trend, then before we look at the governance model of an organisation that hasn’t been built yet, we should look at the governance with regards to the initial financing by the crowd of that particular organisation.

So, my piece on governance here is also about accountability of the ICO process first.

For me, the driver here is consumer protection.

Now that doesn’t come from altruism per se. It comes from the simple fact that the more you destroy public confidence, the more likely a government reaction will be stern – as no government likes its citizens being exploited – and, as a result, the less likely blockchain technology will reach the mainstream.

Regarding the DAO tokens. One thing that is for sure is that most DAO-like tokens are regulated for the most part in the real world. I don’t and the Securities and Exchange Commission (SEC) would not subscribe to the view that because it is bitcoin or virtual currency, it does not seem to matter.

In certain instances, in fact, the token issued would be illegal. This is based on the fact that if it is deemed a share, then a share must have registered owners. If it does not have a registered owner – like most decentralised cryptocurrencies – then it is a bearer instrument. Bearer instruments are illegal in many countries now. It is important to understand that this article is not to comment on whether DAO tokens are securities and or regulated in some way.

To be quite frank, most projects do not seem to pay much heed to whether the token is regulated or even illegal for that matter. The ICO community simply follows the previous ICO approaches, with the mistaken assumption that the previous guys knew what they were doing.

This is the ‘piggy back’ approach. Piggy back on assumed homework done by the previous ICO, and feel falsely reassured that if a regulator were to go after you then that regulator would have to go after the other projects too.

The point here is that, I, nor any professional, can force a community to reverse a bad trend.

But one area where we can offer value is to create a new trend that has nothing to do with the token itself but promotes good ICO governance.

That could protect the token holders from fraudsters, empty promises and Ponzi schemes.

Obviously, it is not my role to be the guardian of token holders. But it has always been my priority that consumers are protected for the above reasons.

When we founded the UK Digital Currency Association (UKDCA) we argued that regulation of virtual currency was not necessary. Instead, the industry should come together to promote consumer protection standards.

I don’t want to be cynical, but the industry has not taken up this opportunity yet. This is partly because the consequences of a bad ICO are not felt immediately. It usually a few years before the project is ready – and a few years in blockchain is a lifetime. When I started, there were around 300 altcoins, and at the last time of checking there are now 800.

So, let’s look at the current problems?


Oftentimes, founders say: ‘we will build a corporate structure once we have funding’. Therefore, an individual founder or promoter is left controlling the crowdfunding assets. This is a dangerous precedent to set for security and fraud-related issues.


Statements made by founders are rarely verified by an independent source. This may lead to promises that are unlikely to be fulfilled.

For the founders this presents a liability risk – in certain instances it exposes the founders to fraud based claims.

Due diligence for ICOs seems to be outsourced to ‘Reddit’ and ‘Slack’ forums. But this cannot replace standard due diligence expected for any crowdfund.

‘Slack’ and community-based due diligence can supplement not replace standard due diligence expected.

Liquidity of Token is a Problem and Benefit

Standard equity crowdfunding is done with illiquid shares – this means the investors can rarely get out of the investment. Which is a bad thing for a retail investor.

However, founders of a standard company are usually subject to vesting rights. They cannot exit the company early without a consequence for their shareholding.

With ICOs all token holders – including the founders – have the ability to liquidate their holdings.

So understandably the ability to liquidate means the token is increasingly exposed to ‘pump and dump’.


ICOs are exciting to start with but can be problematic in its delivery. To a certain extent there is a lack of standardised transparency on delivery.

Surely, if you were paid to do a job you would have milestones to reach and that your remuneration would be tied to achieving those milestones. How could it be in anyone’s interest to complete a project if they have all the funding upfront?


Share crowdfunding is regulated in certain countries in the EU. The main purpose of regulation in crowdfunding is to protect the investor. A crowdfunding platform provides a service that effectively promotes investments and, as such, the platform owes a duty of care to the investors. With that in mind, it is the role of the crowdfunding platform to provide some independent due diligence on the project at hand. This is not the same as a full regulated listing on a stock market. A listing – understandably – involves an extensive amount of due diligence on the project concerned.

All of the above is to say that ICOs need better support to ensure that investors and founders are adequately protected. 

This is not to say that we need to put ICOs on regulated crowdfunding platforms.

We cannot change the current ICO trend.

But we can think of new solutions that may be able to support what is being done. Now let’s look at the problems again and potential solutions.

In summary, the key problem above of an ICO is accountability. The solution therefore is simply holding the founders accountable.

I suggest this could be done in very a pragmatic way.

I suggest that an independent third party – not a crowdfunding platform or a regulated entity necessarily – assists the ICO issuer in simply verifying certain statements made by the Issuer. That same third-party can hold the ICO issuer to account on the milestones that they set for themselves.

I am referring to this entity as the ICO Verification Agent. This agent receives data from the ICO project founders and reviews and verifies statements made. This is much like the role of an auditor.

This verification service of course could be provided on the blockchain. The Verification Agent would sign with their private key statements recorded on the blockchain possibility in the genesis block of the ICO. Now the question is what is the scope of the role of the Verification Agent.

Does the Verification Agent owe a duty of care to the investors? I would say that they shouldn’t, as no Verification Agent would want that exposure.

The Verification Agent is simply contracted by the project owner to provide independent verification services.

What would the Verification Agent check?

I suspect that the best way of this working is to have a standard format Token Subscription Document.

This Token Subscription Document template could be a standard one-page document that every ICO would use.

In that document, it would state the most basic but essential details about the project. Here are some examples:

·      Who is behind the project?

·      Name of incorporated entity issuing the coins

·      Country of incorporation

·      Allocation of funds

·      Designation of milestones

·      Supplementary services of the Verification Agent. The appointment or not of the Verification Agent to provide co-signing services based on milestones achieved.

·      The appointment or not of the Verification Agent as an arbitrator in the event of a dispute between the parties.

The Verification Agent would not comment on whether the token is legal or not or regulated or not. The Verification Agent is simply there to ensure that the Founders: have done what they have said they have done and do what they say they will do.

If at a later stage the Verification Agent receives notice that the token is illegal or regulated as a Security then it will withdraw from the verification services contract with the project owner.

Two other supplementary roles envisaged would be for the Verification Agent to act as a co-signor for milestones achieved, and/or to act as an arbitrator in the event of dispute.

People have tried to do this before. But they have always been involved in issuing the coins themselves, and dealing with the question of whether the token is a security or not. And that brings heavier risks for the Verification Agent which are not warranted. The role of the Agent is simply to be independent and verify facts or statements made not to issue coins.

In terms of the co-signing responsibilities, the Verification Agent can provide a co-signing service to the Founders, to ensure that the funds were spent in accordance with the subscription document. The co-signing service would be ‘passive’ – in other words, the Verification Agent would not be able to initiate a transaction.

I should envisage that this Verification Agent should become an institution for the whole ICO community. An umbrella organisation servicing all ICOs. The key with this arrangement is that the Verification Agent should not in itself need to be regulated – accountable yes, but not regulated.

So up to here we have looked at accountability and how that can be addressed with ICOs. This is not to say that the above is legal or regulatory advice for someone who may want to set up that Verification Agent service. Of course, a lot of detail and research is needed. This solution presented is merely there to give you – as an industry – food for thought.

There will come a point where consumers get burnt with ICO tokens and that public policy will drive enforcement in this area. Also, remember that fines will apply retrospectively to your activities. ‘Disengorgement’ is a type of damages award that does not let you profit from an offence. It is not a question of if enforcement will happen, it is a matter of when.

I would urge the industry to come together to consider a better and fairer way of doing ICOs. That the consumer and founders should be protected and the founders should be accountable. That surely is the minimum needed.

Well you may argue that what is the point of protecting the consumer by using a Verification Agent, if the SEC will sue you nonetheless. It is in your self-interest to do so to protect you as a founder of a project from claims of misrepresentation (fraud), embezzlement of funds, and other claims that may be raised by third parties.

In conclusion, a DAO should think about governance from the start of its venture. In particular, the largest area, is in the initial financing through an ICO.

Note: the Verification Agent itself could well be a DAO or a Decentralised Autonomous Regulator (DAR).


The Monetary Authority Singapore (MAS) has started an open consultation process on establishing a new regulatory regime for payments. The intention is to consolidate separate licensing regimes into one overall scheme.

MAS states that a “calibrated regulatory regime, applied on an activity basis to payment service providers, rather than specific payment systems” is the framework that they want to adopt. This framework is referred to by MAS as the Proposed Payments Framework (PPF).

This would mean that entities would seek one licence from MAS but select varying permissions depending on the activities that business conducts.

Here is the suggested list of activities:

“Activity 1: Issuing and maintaining payment instruments, such as payment cards, payment accounts, electronic wallets, and cheques; 

Activity 2: Acquiring payment transactions, such as physical and online merchant acquisition services, merchant aggregators, and master merchants; 

Activity 3: Providing money transmission and conversion services, such as domestic and in-bound or out-bound cross-border remittance services, currency-conversion services, and virtual currency intermediation services; 

Activity 4: Operating payments communication platforms, such as payment gateways, payment processors, and kiosks; 

Activity 5: Providing payment instrument aggregation services, such as payment card aggregation and bank transaction account aggregation;

Activity 6: Operating payment systems which facilitate the transfer of funds through processing, switching, clearing, and/or settlement of payment transactions; and, 

Activity 7: Holding stored value facilities (‘SVFs’), such as prepaid cards and prefunded electronic wallets.”

MAS is proposing to include ‘virtual currency intermediation services’ as a regulated activity. It is not clear how many different types of blockchain companies this definition will include. However, it is of importance that there would not be a separate licence for a virtual currency operator.


Hong Kong: A digital Currency Stored Value Facility?

The Payment Systems and Stored Value Facilities Ordinance defines a Stored Value Facility (SVF) as “storing the value of an amount of money”. ‘Money’ in the Ordinance refers to “money in any currency […] or any declared medium of exchange”. Interestingly, the “declared medium of exchange” does not have a fixed definition and, according to the Ordinance, it is for the Hong Kong Monetary Authority (HKMA) to publish in the Gazette whether it declares “a thing to be a medium of exchange” (Section 2C).

With this broad definition of stored value, it is feasible to envisage a digital currency SVF being built in Hong Kong. 

In contrast, in the EU, regulators struggle capturing digital currency financial institutions into the Electronic Money Directive (EMD) because the latter, as currently being interpreted, envisages only electronic representations of ‘fiat’ – or sovereign – money as the scope of the European Banking Authority(EMD). 

In addition, authorities such as the EBA are actively discouraging regulated institutions from handling digital currency. In its latest report it stated that wants to enforce a prohibition on regulated firms dealing with digital currencies

In Hong Kong, digital currencies are considered ‘virtual commodities’. As such it is not inconceivable for the HKMA to publish in the Gazette that digital currencies are indeed a ‘medium of exchange’. 

If so, custodian digital currency wallets handling private keys of customers would ostensibly fall within the definition of an SVF. 

Furthermore, an SVF licence already includes permission to conduct ‘money-changing’ activities. If the HKMA considers digital currencies as a ‘medium of exchange’ then, most likely, the SVF regime will become a comprehensive licence for digital currency exchange operators. 

It remains to be seen whether the HKMA would be willing to extend its scope to capture the global digital currency market. 

The Monetary Authority of Singapore (MAS) is currently in a consultation phase to consolidate their payment services regulations. They envisage a single regime for payments or electronic money with varying permissions for licence holders and have suggested ‘virtual currency intermediation services’ as a licensable activity

As the Hong Kong licensing regime is live, active discussions can be had with the regulator to determine the general appetite to capture the digital currency ecosystem. The launch of the new fintech Sandbox under the supervision of HKMA and the HK Fintech Hub with ASTRI, is an encouraging sign. In addition, the Sandbox description provided by HKMA, expressly invites fintech solutions to the Sandbox that try to “utilise the blockchain or distributed ledger technology”. 

Hong Kong: Overview of Stored Value Facility Regulatory Regime

Hong Kong’s Stored Value Facility (SVF) regime will come into full effect as of November 2016. Currently, a handful of licensees, including Octopus and Alipay Wallet, have already been authorised. 

An SVF is the equivalent of the E-Money Institution in the European Union. As with an e-money institution, an SVF is required to ‘safeguard’ stored value and the licensing regime places a particular emphasis on ‘payment security’ and IT controls.

In the Hong Kong SVF framework, there is a carve out for closed-network stored value or limited-network stored value, although there are caps on these exemptions – formal licensing becomes necessary after HKD1m issued. In addition, the exemptions are partly discretionary allowing the regulator, the Hong Kong Monetary Authority (HKMA), to place additional conditions on exempt entities. 

There are jurisdictional limits to the SVF regime. In section 13 of the explanatory notes the HKMA will consider a multitude of factors to determine if the stored value “appears to be issued in Hong Kong”. Part of these factors relate to establishment, location of marketing. 

The HKMA expresses a slight concern about SVF businesses that are engaged in other business activities. They state that the “principal business of the applicant must be the issue of SVF”.

An add-on to the SVF license is that remittance and/or money changing services is in-built into the SVF licence meaning that an SVF will not need to apply for a separate licence from Hong Kong Customs and Excise (HKCE). 

The capital requirements for a full licence is a HK$25m paid up share capital – compared to EUR350k base capital in the EU – which is not an insignificant sum. Other basic requirements include local executive directors, governance controls or reporting lines, internal controls and compliance or audit functions.

Hong Kong – A Blockchain Consortium Heaven?

The Hong Kong Monetary Authority (HKMA) is the principal regulator of HK banks and Stored Value Institutions. Lately the HKMA has taken a number initiatives to coordinate fintech in Hong Kong. 

It has created the Fintech Facilitation Office (FFO) which is a division within the Hong Kong Monetary Authority (HKMA) mandated to be a:

“(i) a platform for exchanging ideas of innovative fintech initiatives among key stakeholders and conducting outreaching activities;

(ii) an interface between market participants and regulators within the HKMA to help improve the industry’s understanding about the parts of the regulatory landscape which are relevant to them; and

(iii) an initiator of industry research in potential application and risks of fintech solutions.”

The FFO immediately have kicked off with two initiatives: the first is the development of a fintech Hub in HK Science Park where new pre-Sandbox fintech ideas can be tested out. The second initiative is a production ready Sandbox where Stored Value Facilities or Banks can use distributed ledgers in a live environment with customers. The Hub essentially feeds into the Sandbox. 

The HKMA-ASTRI Fintact Innovation Hub

The Hub – which will be located at Hong Kong Applied Science and Technology Research Institute (ASTRI)’s  office in the HK Science Park – is to create:

“a neutral ground of the fintech industry, a place where various stakeholders can collaborate to innovate. Industry players, such as banks, payment service providers, fintech start-ups, the HKMA, etc. can get together at this facility to brainstorm innovative ideas, try out and evaluate new fintech solutions, conduct proof-of-concept trials, and gain an early understanding of the general applicability of creative solutions for banking and payment services”

What is remarkable is that the ‘Hub’ is not just a collaboration forum but a physical location where “around 200 virtual workstations connected in a segregated network segment […] will be assigned to support the trial work at the Hub […] the Hub is equipped to emulate, compare and analyse different financial services and products supported by various fintech solutions at any one time.” 

The Hub is to be used for trials of fintech solutions and proof of concepts examples including “fintech solutions that try to utilise the blockchain or distributed ledger technology in supporting cross-banks financial service” before they are “tested out at stakeholders’ production environment and subsequently launched in the market”. 

In a way the Hub can be viewed as a pre-Sandbox environment for distributed ledgers. (Further the Hub will be used for events, demonstrations to HKMA of ‘regtech’ solutions it may want to adopt.)

The second initiative is the HK Sandbox. This is a facility to permit HKMA’s regulated institutions to experiment with fintech with relaxed supervisory requirements. In a similar vein to the FCA sandbox, the Sandbox will be a live environment but will have boundaries and there will be customer protection measures.  The main difference between the FCA and HKMA Sandbox is that the HKMA is ostensibly focused on existing regulated institutions. 

In all, this is a bold move forwards for Hong Kong and it makes particular sense to offer a physical facility for testing ideas before entering the Sandbox. In view of this vertical integration from blockchain concept to deployment, Hong Kong could become an ideal environment for blockchain consortiums. 

EU: Anti-money laundering (AML) licensing should only apply in other states if the business is ‘established’ there


In this article the author has tried to give more detail surrounding the European Banking Authority’s (EBA’s) assertion that cryptocurrency exchanges and wallets will need, not only to register or get a licence in their member state of incorporation as an ‘Obliged Entity’ but that they may need to register or get licensed in every member state where they intend to provide services.

The implication being that a virtual currency (VC) exchange or wallet, for example, in the UK, will now need to get registered or licensed in every member state where it has customers.

The author has analysed relevant aspects of the 3rd and 4th Anti-Money Laundering Directives, the proposed EU Commission Amendment to the 4th Anti-Money Laundering Directive (4AMLD) to regulate VC exchanges or wallets (VC Institutions) as so-called ‘Obliged Entities’ (EU Proposal) and the EBA’s opinion in further depth.

Based on that analysis, the author takes the view that the only reasonable way to interpret the application of 4AMLD to VC Institutions is that it now:

·       requires VC Institutions to be licensed or registered as Obliged Entities in their Home State (see definition below);

·       but only requires Host State (see definition below) licensing or registration when the VC Institution actually ‘establishes’ itself in the Host State (here ‘establishment’ is strictly defined as the establishment of ‘agencies, branches or subsidiaries’ in another EU member state as found in the EU Treaty not the provision of cross-border online services into another member state).

Thereby, the author completely rejects the EBA’s interpretation that VC Institutions may be “required to be registered or licensed in each Member State in which they intend to provide VC-related services”.

The consequences of the EBA’s view being adopted at large, would be to either to discriminate against VC Institutions versus other Obliged Entities, or lead to the absurd conclusion that all Obliged Entities will need to register or obtain licences in each member state of the EU where they provide services.

The purpose of this article is to raise the importance of this pressing issue and invite other interested parties to submit their views.


Home and Host State: a Home State is the EU member state where a company is incorporated. A Host State is the other EU member states where the same company either: i. provides its services; ii. establishes itself in that state or iii. passports itself to that state.


Financial institutions in the EU benefit from passporting rights. When they are licensed in a Home State they can elect to service other member states. The notion of providing ‘services’ could entail the establishment of a physical presence, or simply online cross-border services.

The passporting process requests ‘passporting’ when filing for a license in a Home State. The Home State regulator’s role is to communicate the applicant’s intent to expand into other member state markets to the relevant Host regulators. A Host regulator will not, in principle, refuse a passporting request sent from a Home State regulator.

The reason for this default acceptance is the basis of a single market in financial services.

That said, there are areas where some additional, or ‘goldplating’, requirements can be imposed by a Host State regulator.

Gold-plating and Anti-money Laundering

In relation to AML, a Host State can impose further requirements which may affect the financial product being provided into the Host State. By way of example, a financial institution may sell pre-paid cards but only verify identities after a threshold of EUR1,000 is deposited. Whereas in a Host State, such as Germany, for AML purposes the regulator may want to make sure that the identity of a customer is verified after EUR100 is deposited on the card.

This ‘goldplating’ is perfectly acceptable and does not undermine the single market in financial services, although it does fragment the consistency of user experience throughout the EU.

Of crucial importance here, is that no financial institution in the EU which is exercising passporting rights need register or obtain licenses from Host States when it provides cross-border services; otherwise there would be absolutely no need for the ‘passporting’ provision.


The Directive (EU) 2015/849 (4AMLD) is a new directive to replace the Directive 2005/60/EC (3AMLD) which has been the standard AML regime in the EU.

The EU Commission aims to have 4AMLD come into effect before the end of the year or beginning of 2017. In 4AMLD it ‘designates’ certain institutions as being ‘obliged’, meaning subject to the provisions in 4AMLD.

The Obliged Entities are not hugely different to the previous regulated institutions under 3AMLD. They are: banks, payment or e-money institutions, insurance firms, investment firms, lawyers, accountants, estate agents, company services, cash handlers and casinos (see article 2 of 3AMLD versus article 2 in 4AMLD). There are some slight variations such as extending the reach to ‘providers of gambling services’ rather than just casinos, but very broadly the same institutions as before.

In 3AMLD it is the role of Competent Authorities in each member state to license or register the institutions covered by 3AMLD (now called ‘Obliged Entities’ – we will use this terminology moving forwards to describe any entity who has been regulated under 3AMLD or who will be under 4AMLD).

Minimum Registration or Licensing Standard

The 3AMLD did set out a minimum standard for registration and or licensing of Obliged Entities in 3AMLD.

It requires that the relevant competent authority in a member state should ensure that the owner or manager of “currency exchange offices and trust and company service providers” (see Section 2 Article 36 3AMLD), casinos and money remittance service providers should be “fit and proper persons”. Article 47 of the 4AMLD has an equivalent clause with a similar requirement, but with a fit and person description that is more prescriptive by requiring member states to take measures “to prevent criminals convicted in relevant areas or their associates” owning or managing an Obliged Entity.

With regards to VC Institutions, the EU Commission has simply amended Article 47 in order to feature this category of business. See below the revised text of 4AMLD with new text suggested by the EU Commission in red.

Section Two


Article 47

1.    Member States shall ensure that providers of exchanging services between virtual currencies and fiat currencies, custodian wallet providers, currency exchange and cheque cashing offices, and trust or company service providers, and that providers of gambling services are regulated.

2.     Member States shall require competent authorities to ensure that the persons who hold a management function in the entities referred to in paragraph 1, or are the beneficial owners of such entities, are fit and proper persons.

3.     With respect to the obliged entities referred to in point (3)(a), (b) and (d) of Article 2(1), Member States shall ensure that competent authorities take the necessary measures to prevent criminals convicted in relevant areas or their associates from holding a management function in or being the beneficial owners of those obliged entities.

Mandatory Registration for VC Institutions

Taking a step back, it is evident that the EU Commission is insisting that VC Institutions should be registered or licensed in some form.

This position can be justified by the simple fact that the EU Commission’s suggested amendment to Article 47 of 4AMLD explicitly states: “Member States shall ensure that providers of exchanging services between virtual currencies and fiat currencies […] are licensed or registered”.

This is not a requirement that is at all unique for VC Institutions. As you can see above Member States should also license or register other particular Obligated Entities.

The implication of requiring a registration or licensing regime for VC Institutions is not controversial in itself.

What is controversial is the EBA’s interpretation of the implications that come with the EU Commission requiring licensing or registration of VC Institutions.

The EBA extrapolates that VC Institutions “may therefore be required to be registered or licensed in each Member State in which they intend to provide VC-related services”.

EBA’S Opinion

It is essential to re-read the relevant section of the EBA Opinion that sets the context for the EBA’s view surrounding state-by-state licensing (emphasis added in following quote):

“The EBA notes that by the proposed amendment to the 4AMLD not designating VCEPs and CWPs as financial institutions, no passporting rights under a sectoral Directive apply. VCEPs and CWPs may therefore be required to be registered or licensed in each Member State in which they intend to provide VC-related services. 

“However, the new entities as well as the innovation itself (VC schemes such as Bitcoin, Litecoin etc.) are characterised by the international nature of the services provided. The transmission of VCs from one subject to another can be made utilizing the Internet and can be offered and accessed by any entity located in any part of the world.

“This results in practical difficulties for a competent authority that imposes national registration or licensing requirements to prevent entities that are not licensed or registered in its jurisdiction from providing VC-related services in its jurisdiction. It is therefore essential that competent authorities from different Member States are able to liaise and exchange information in relation to the operation of VCEPs and CWPs on their territory.”

Notion of Providing VC-services

It is essential to note that in the above quote the EBA does not say that VC Institutions incorporated in one member state, who also ‘establish’ themselves in another member state, need to obtain a licence in the Host State too.


The EBA simply states that a VC Institution will need to obtain a licence in a Host State if it “intends to provide VC-related services” in that state. Obviously, the use of the word ‘intend’ should be taken literally as the EBA cannot seriously expect that a licensing requirement in a Host State flows from an intention to provide a service there.

However, what cannot be ascribed to a typo is the fact that the EBA refers to the provision of services and not ‘establishment’ as being the trigger for Host State licensing or registration.

The EBA further talks of:

·       the “international nature of the services provided”;

·       the use of the “internet” in the services provided; and

·       the difficulties of enforcing a Host State registration or licensing requirement when a VC Institution “[provides] VC-related services in [the Host State’s] jurisdiction”.

It follows that the EBA considers the triggering of the requirement for Host State licensing or registration to be simply from the provision of online services from a Home State into a Host State. In essence, the EBA does not draw any distinction between being ‘established’ in a Host State and providing online services into a Host State.

No Passporting Rights

Let’s breakdown the EBA’s first statement.

“The EBA notes that by the proposed amendment to the 4AMLD not designating VCEPs and CWPs as financial institutions, no passporting rights under a sectoral Directive apply.”

As we have seen above, currently financial institutions under Payment Services or Electronic Money or as Investment businesses ‘passport’ their services throughout the EU. They do so because they have, in essence, an EU-wide licence to conduct their business. An institution that provides payment services is regulated under the Payment Services Directive, which sets out an EU wide licensing regime; same is true for most other areas in financial services.

The EBA refers to these thematic directives, dealing with a particular vertical in financial services, as ‘sectoral’.

If you look at the wording of the EBA’s statement they mention that the EU Commission did not decide to designate VC Institutions as financial institutions. ‘Financial institutions’ in this context – we assume – refers to the definition in Article 3 (2) 4AMLD, which refers to regulated institutions under a relevant ‘sectoral’ financial services directive such as the Payment Services Directive of Electronic Money Directive.

Therefore, in the view of the EBA, because VC Institutions are not defined as Financial Institutions, they cannot rely upon an EU-wide licence, or in other words ‘passporting rights’, and, consequently, avoid state-by-state registration or licensing under 4AMLD.

But if you reverse the logic of the EBA’s statement above the implication is that all non-Financial Institutions – or institutions that do not have access to ‘passporting rights’ – have to do state-by-state registration or licensing under 4AMLD.

We expect, of course, that if the EBA’s Opinion is adopted that the EU Commission – as an institution bound by the Charter of Fundamental Rights namely having to heed to express requirements of due process Article 20 equality before the law and article 21 non-discrimination – will ensure that all non-Financial Institutions who are Obliged Entities shall be subject to the same requirements of state-by-state registration or licensing.

Potential Impact

It follows that if the EBA is correct in its interpretation resulting in state-by-state licensing or registration of VC Institutions, that that requirement will be imposed on all non-financial institutions.

Let’s look at the potential impact in more detail:

·       The following professionals are not ‘financial institutions’ but are Obliged Entities in 4AMLD: auditors, external accountants, tax advisors, notaries, lawyers, trust or company service providers – all of these professionals will need to do state-by-state registration or licensing to provide their services in any other member state other than their Home State.

·       Estate agents are Obliged Entities and so will need to be registered or licensed under 4AMLD in every Member State where they sell houses.

·       Cash handlers and providers of gambling services too.

You might say some of the non-financial institutions above are more local than others. Possibly a notary only provides notarial services in its Home State, but it most likely has a website and, without question, doesn’t just have Home nationals using its services. Same is true for estate agents who may be registered as Obliged Entities in Portugal but selling properties in their country to clients based in France.

Sub-category of Obliged Entities

In response, you may retort that VC Institutions have been placed by the EU Commission into a specific sub-category of Obliged Entities in 4AMLD and that they should only be compared with the Obliged Entities within that sub-category.

What could be that sub-category? As referenced to above, the EU Commission have proposed to amend Article 47 of 4AMLD.

In Article 47 the EU Commission have added VC Institutions together with “currency exchange and cheque cashing offices, and trust or company service providers” as all having to be registered or licensed and the same having to be run by “fit and proper persons”.

If the EU Commission or EBA will argue that the state-by-state licensing or registration is required for VC Institutions then the same should be true for “currency exchange and cheque cashing offices, and trust or company service providers” no?

If so then a UK company incorporation agent servicing other member states in the EU will now need to register in each and every member state where its website is accessible and where it sells its services. If a Greek person asks a UK agent to incorporate a company for them, the UK agent will need to also be registered in Greece as an Obligated Entity. Any online currency exchange services will need to be registered or licensed in every member state where it does business.

If, however, company service providers and currency exchange services are NOT required to register in every member state where they provide services then undoubtedly VC Institutions have been singled out and are being discriminated against by the EU Commission, in effect breaching a requirement of the EU Commission to treat all equally before the law – a Charter obligation.

As you can see if the EBA is correct in its interpretation of the EU Commission’s proposal the consequences are quite absurd and, most likely, unintended.

A More Rational Interpretation

We should hope that the EU Commission will take the more rational view that an Obliged Entity – after it has registered or been licensed in its Home State – will only need to register or obtain a licence in another member state in the EU if it establishes itself there.

If you were to survey any of the non-Financial Institutions from 3AMLD, it is doubtful that they have registered in every member state in order to provide their services there. The inference is that a law firm in the UK would have to register in Bulgaria as an Obliged Entity because it has a Bulgarian client. It is absurd and an anathema to the core principles enshrined in the Treaty on the Functioning of the European Union (the Treaty).

However, if the UK law firm goes to Bulgaria and establishes an office there, sets up a subsidiary there to service the local market, then it could be reasonable to infer that that ‘branch’ or subsidiary should be registered or licensed with the local supervisory authority for Obliged Entities.

Looking At The Treaty

If we look at the definition of the “freedom of establishment” in the Treaty refers to “setting-up of agencies, branches or subsidiaries of any Member State established in the territory of any Member State”.

The core of the definition of establishment in the context of free movement therefore is setting up “agencies, branches or subsidiaries”. The Treaty does not refer to ‘establishment’ as occurring de facto from simply providing services into another member state.

If we look at the VAT Directive (Directive 2006/112/EC) from a tax point of view, it states that the place where a taxable person’s business is established is the place where the functions of the central administration are carried out. Those functions relate to where essential decisions concerning general management are taken, where the registered office is and where management meets. This definition of establishment in the VAT Directive at its core relates to the quality or location of decisions and where the entity is registered.

But as we can see neither the Treaty definition nor the VAT Directive’s definition of establishment points to ‘establishment’ as occurring in a member state by simply selling products or services into that state. The implication would be that if Amazon sells one book to Romania from Luxembourg then it would now be ‘established’ in Romania too.

Therefore, ‘establishment’ can only sensibly be defined as the setting up of an ‘agency, branch or subsidiary’. This definition mirrors that of the Treaty.

With that in mind let’s look at why, contrary to the EBA’s view, we should hope that the EU Commission and Co-Legislators interpret the requirement for additional registration or licensing in the event of ‘establishment’ only.

Article 48 of 4AMLD makes explicit reference to ‘establishment’ in the article just after the article where it requires that VC Institutions be registered or licensed. See as follows (emphasis added):

“Member States shall ensure that competent authorities of the Member State in which the obliged entity operates establishments supervise that those establishments respect the national provisions of that Member State transposing this Directive.

Member States shall ensure that the competent authorities of the Member State in which the obliged entity operates establishments shall cooperate with the competent authorities of the Member State in which the obliged entity has its head office, to ensure effective supervision of the requirements of this Directive.”

The inference here is that competent authorities are supervising Obliged Entities wherever they are ‘established’. It follows if an Obliged Entity is established in multiple member states then it needs to be registered or licensed by the relevant competent authority in ALL the member states where it is established.

In conclusion, the trigger for Host State licensing or registration has to be based on establishing an agency, branch or subsidiary in a Host State. 

If the Author’s opinion is adopted then a VC Institution incorporated, for example, in France will need to be registered or licensed by a supervisory authority in the France. If the same VC Institution decides to set up an ‘agency, branch or subsidiary’ in any other member state then it will need to ensure that either the subsidiary is registered or licensed in the Host State or, if an agent, that the agent is registered or licensed in the Host State and, if a branch, that the French company is registered in the Host State. 

There cannot be another interpretation of the application of 4AMLD to VC Institutions that does not either lead to deliberate discrimination against VC Institutions compared with other Obliged Entities or, worse, complete absurdity where each single Obliged Entity, whether they are selling houses on the internet, or selling currency or VC now needs to get licensing or registration in every single member state where they provide services or have customers.



Bitcoin and the Cambrian blockchain explosion

We seek to offer a basic introduction to the rationale of a decentralised payment system such as bitcoin, to give a basic description of how the payment system functions. This is to form the basis of why we all have, or have had ‘blockchain fever’ and venture capitalists, banks and governments can’t get enough blockchain.

The jargon used in this sector makes understanding the overall utility of bitcoin difficult to grasp, so here, I have tried to keep the language simple to facilitate an easier appreciation of the main concepts. However, this is not meant to be a comprehensive technical description.

Why start with bitcoin?

Bitcoin is the first living and successful working example of a decentralised payment system and bitcoin gave birth to the notion of a blockchain. Bitcoin created the ‘Cambrian explosion’ leading to countless digital currencies with differing ‘protocols’. Conceptually, the distributed ledger or blockchain hype would not have been possible without bitcoin.

What Is Bitcoin?

Bitcoin is the first decentralised payment system that the world has seen. Invented by Satoshi Nakamoto and released in the late 00s.

Satoshi wanted to create a peer-to-peer (P2P) payment system that was designed for the internet age. Bank cards were being used online for payments, using a bank card for remote payments is a deeply flawed payment instrument – purchasing power over someone else’s bank account can be stolen by simply seeing the digits displayed on the front and back of a card. Essentially, the bank card was never designed for online payments.

The incidence today of bank card fraud is colossal. As such, the bank is constantly arbitrating disputes, chargebacks and dealing with identity fraud. All of these costs are incurred simply because the standard payment instrument for online transactions is flawed. It is like driving a car with an in-built hole in the engine for the oil to seep out, but instead of building a car without a hole in the engine you just keep adding oil.

All of that administration and liability leads to the overall costs of the payment system being high and that cost is silently transferred to the users through higher transaction fees charged to merchants and users.

Satoshi wanted a system that would allow for a more accessible, seamless and more secure manner to make remote payments. They saw bitcoin, used in conjunction with escrow services, to provide a simple, yet extremely secure, mechanism for remote payments for goods and services.

Other Payment Systems

There have been countless examples of alternative payment systems, however, not all have been successful. Previously, a number of these systems popped up that were centralised. Where, for example, all transactions had to be validated by a central authority to be approved. One example is E-gold. In reality, this was no different to electronic money or stored value systems, the most successful of which, in this category, is PayPal.

Bitcoin Does Not Have an Issuer in the Payment System

However, what was new about bitcoin was that there was no central issuer – someone responsible for the administration of the payment system, ensuring credits and debits were correct, for example and/or responsible for the backed value.

In most payment systems, the value being transferred is a representation of value not value itself. For example, with PayPal, I transfer USD10 and they immediately issue USD10 of electronic money for me to use online. The electronic money issued is a liability to the customer of USD10.

In other contexts, electronic money can be issued based on real world assets such as gold, or other precious metals. In those instances, again the issuer has a liability to its customer for the value being issued; and the customer, in fact, does not control the underlying asset.

From Digital Credits to Digital Assets

We don’t understand digital assets. Our first exposure to electronic money has always been in the form of a credit. Even our first exposure to money as a concept has been in the form of a credit rather than an asset.

Money, in any form, is deeply associated with credit within the social psyche. Cash is a promissory note, which is a credit from the Central Bank for the face value of the note. However, the credit issued from a Central Bank is a circular notion. In the past, the promissory note was redeemable for a precious metal such as gold, but now it is just redeemable for itself. Private credit institutions, i.e. banks, hold the vast majority of national currency in an economy. When funds are deposited with them they provide a digital credit to their customers. E-money institutions perform the same function as credit institutions, in that they issue digital credits for customers to spend online. Electronic money as a general concept, has always been a credit and never an asset.

However, bitcoin is the first time that a digital asset, which can function in a similar way to money, has been created.

Bitcoin is Value in Itself

Bitcoin is not a representation of value it is value itself. This is part of the innovation of bitcoin. The system is designed with a deflationary supply so that the rarity factor influences its price.

That is party why it has been dubbed ‘digital gold’. Some regulators have even referred to it as a digital commodity, Hong Kong for example.

It follows that if the digital asset is value in itself, then users have direct control over it. If they misplace the passwords to access their digital assets then it is like misplacing the keys for a gold vault.

If they have a balance in bitcoin on their wallet, they actually have that value in their wallet, but not a liability that someone will pay them the face value of the asset.

Why Do That? Why Create The First Ever Digital Asset?

If you are designing a decentralised payment system, then you should remove all central issuers and central counterparties. For the system to be the purest form of P2P payments, it should be used, managed and controlled by the peers in the system. If you introduce an issuer who receives bitcoins from everyone and issues credits representing the right to redeem the credit for bitcoins, then you haven’t achieved the full decentralisation of the payment system.

So, Satoshi’s invention was partly create a new form of value that can live in the decentralised payment system. If we are successful creating a digital asset such as bitcoin, then we can go on to complete the design of the decentralised payment system.

Inherent Value in Bitcoin Means No Need for an Issuer

In summary, giving inherent value to bitcoin means that bitcoin does not, in practice, need an Issuer to distribute digital credits. As a result, there is less dependency on any central or single party.

How to Create a Payment System Without a Central Administrator?

But giving a unique value to a digital asset isn’t enough to turn it into a decentralised payment system.

You now need to take on the technical challenge, which is how to have a payment system with no-one taking responsibility for the administration of the system?

Visa, MasterCard and SWIFT are payment system networks, and they each take responsibility for relaying and executing payment instructions to their network members, according to their own protocols – to which members subscribe when they join the schemes.

How did Satoshi manage to create, what is essentially a Visa payment network but without a single person being held responsible for the payment network?

They decentralised the functions of the payment system administrator – creating a prize-based competition to incentivise peers in the bitcoin network to do the necessary work.

Imagine crowdsourcing all of the payment system functions, but without compromising on security.

The effect of this meant that rather than having one person responsible for keeping the payment system in order, the entire network would be involved in that process.

No-one Owns the Bitcoin Payment System

Satoshi started with the premise that no-one actually owns the bitcoin payment system, or has any special rights over how the payment system functions.

The bitcoin payment system is, in essence, an agreed set of rules, adhered to by anyone who joins the bitcoin network.

This is not anything dissimilar to joining any payment network. If you were to join SWIFT you would have to agree to their messaging protocol in order to use their telegraphic network, to then communicate payment instructions to other banks.

Make the Transactions Public

Satoshi then thought that all the transactions within the payment system should be public for everyone in the network.

These bitcoin transactions are not like publishing your bank statements on Facebook. All transactions are associated with a username – which is not a personal or company name. This means that everyone sees only usernames in the payment system and not personal data. You can see how many bitcoins a particular user has, but you can’t associate that balance to a particular individual.

Transaction Chain

Bitcoin links every previous transaction to the next one so that it creates a linear transaction chain. There is only one transaction chain for bitcoin. This transaction chain is also called the blockchain, but we will go into that a bit later.

Give Everyone the Full History of Payment Transactions

One of the key rules in the bitcoin payment protocol, was to agree that everyone in the network had to download the full transaction chain. This meant everyone in the protocol would have a full history of the entire payment system.

Having a full history makes it possible to spot anomalies being introduced into the payment system, such as a username trying to send bitcoins that have already been sent. This is called a ‘double spend’.

How to Add New Transactions to the Payment System

So everyone has the same record, but how are new transactions added to the history of payment transactions?

The first principle is that anyone can transact in the bitcoin network. When a transaction has been signed by one person to another then that message is sent out to the network but it is ‘unconfirmed’.

This means the protocol doesn’t just add every single transaction being sent into the network onto the transaction chain.

The protocol has a filtering process to determine which transactions should be added to the transaction chain. Until a transaction has been added to that chain and it has been agreed by the network then it will remain ‘unconfirmed’.

Delegate ‘Transaction Processing’ to Everyone in The Network

The next part of the process is the most ingenious part of Satoshi’s invention.

As previously mentioned, Satoshi decentralises the administration of the payment system by having everyone in the network keep a copy of the full transaction chain. This means no one person is responsible for making sure it is accurate.

Then they delegates the responsibility for actually validating the unconfirmed transactions, and adding them to the transaction chain. How does Satoshi do that?

Through economic incentives. Satoshi creates a rule in the protocol which is very much like a prize-based competition.

The basic competition rules are as follows:

–      Take a series of unconfirmed transactions.

–      Work out a mathematical challenge based on those transactions.

–      If successful in that challenge, add the packet containing the unconfirmed transactions – the ‘block’ – onto the bitcoin transaction chain. Or, in other words, the ‘blockchain’.

And if you succeed in that mathematical challenge and you can add your block to the blockchain, then you can pre-load the block with additional bitcoins as a prize.

The people in the network who collect unconfirmed transactions and package them together, in an attempt to win the mathematical challenge, are called the ‘miners’.

Why Bother With Such an Elaborate Process?

The main point of the prize-based competition and mathematical challenge, is to create an incentivised and expend resources. It is the expenditure of resources that secures the network and ensures that there is only one bitcoin transaction chain, or ‘blockchain’.

Spinning Roulette Tables – 20 Tables at Once

NB. Gambling is used here as an example to illustrate the improbability involved.

Winning the bitcoins in the block is simply about getting the right number of preceding zeros as a result of a mathematical challenge.

It is a huge casino of sorts, where everyone is playing roulette, but where everyone is betting on zero each time. Everyone in the room just keeps spinning the wheel until one of the peers in the network wins on zero.

But for bitcoin you must have a number of zeros. Therefore, you need to be spinning at least 20 wheels. And to win the prize all 20 wheels must be zero. Now you can understand the statistical challenge involved.

This process is called ‘mining’ mainly due to the repetitive and highly speculative physical operation involved. With mining, you never know when you will strike gold but you keep going as maybe you will.

What is interesting is that when a miner has found the right number, they are able to show everyone else in the network and everyone in the network will themselves be able to check if the winning number was correct. This is not like a casino where you can never be sure whether the table is rigged or naturally has a bias for zero. With bitcoin, the miners can recreate the ‘roulette spin’ that the winner did to see if it provides the same result.

Because of this verification process, the miner who shouts ‘jackpot’ in the mining pool can add his ‘block’ of transactions to the last block. Others in the network will accept the result because they can verify it. This result therefore becomes an objective and provable truth. The network then rallies and supports the declared result.

Once accepted, it is only at this moment that the transactions in that block are ‘confirmed’. Once confirmed, everyone in the network will automatically run the instructions in the transactions on their blockchain. In other words, everyone’s blockchain will be updated in accordance with the protocol.

This decentralised design means bitcoin is accurate, yet at the same time extremely resilient, as a payment system.

The Beginning of Blockchain Fever

Barter was the first decentralised P2P payment system invented, as physical assets are exchanged directly between peers. Bitcoin is the first remote P2P, fully decentralised payment system invented. But most interest, in abstract, is that bitcoin simply demonstrated that parties can manage a monetary system of records without any form of loyalty or connection between them, i.e. trust. Trust is not needed for bitcoin’s decentralised payment system to work – and that is what makes it powerful.

Bitcoin is also extremely resilient as there are over 5000 main peers in the network with the full blockchain. You would have to eliminate all of them to change the transaction history. You would need to collude with more than 50% to change the course of history.

But Where Else Could the Characteristics of Bitcoin be Applied?

If we look at a payment system, it is essentially a record keeping and communication system. For bitcoin, it is an asset register of sorts; bitcoin moves from one username to another username, It is validated by the network, and once validated, everyone in the network automatically updates their record of who owns what – in what quantities.

Derivative notions

If you replace bitcoin with other assets, you end up with the same benefits that bitcoin offers. That is already being done on bitcoin where bitcoins have been labelled as shares, and then transacted in the bitcoin payment system.

Other initiatives have cropped up where they have evolved the concept of bitcoin, as they found the confirmation process in the bitcoin payment system a bit slow. So, they created a new protocol where they would appoint certain persons in the network to do the transaction validation, to make the process faster. This is the Ripple protocol.

Some institutions have looked at the technology and thought: “I really love this idea of ‘crowdsourcing’ the administration of a record keeping and communications system without compromising on the integrity of the system but I don’t like the idea of everyone in the world being able to see the chain of records even if they will only see usernames”.

So, they deployed their own private network with their own mathematical challenge to reach agreement on how to validate unconfirmed records or transactions.

Shared Ledgers

Furthermore, certain thought leaders looked at bitcoin as this vast shared database, storing one version of the truth. They then thought about how the banking system works with all its information held in silo’s, with one bank having to reconcile their information with another bank’s information about a contract. Then said, “maybe bitcoin” and the idea of sharing the same ledger is the real value of bitcoin. Bitcoin eliminates post-event reconciliation as the ledger is updated constantly, and there is only one version of truth regardless of what that truth is.

Distributed Computing

But when you look at bitcoin, you think, “well couldn’t it do a bit more than just move an asset from A to B?” When a transaction is confirmed, everyone’s piece of bitcoin software automatically updates the transaction ledger. Everyone’s hard drive essentially computes some instructions such as ‘move two bitcoins from username one to username two.

One magnificent idea was to extend what we ask everyone’s hard drive to do in the network. So, rather than just asking everyone’s computer to move two bitcoins from username one to username two, it can run a program that does something. This is the world of smart contracts or distributed applications – these programs are distributed because they run on everyone’s computer in the network, not on a central server.

In conclusion, I hope this article has given you a guided tour of the mechanics and significance of the bitcoin payment system.

As such it should be treated with care as it has potential to offer more social benefits than the internet. If the internet helped with communication and connecting the world, the invention of decentralised payment systems help with financial inclusion and reducing the costs of financial services which benefits everyone.

But beyond that, a system to create a shared, tamperproof record, is a paradigm shift for companies, industries, governments and humanity. The irony of bitcoin was that blockchain was a means to an end. Now, on reflection, blockchain is the end in itself, but what blockchain offers is almost immeasurable in scope.


On 11 August 2016, the European Banking Authority (EBA) laid out their opinions on the application of the 4tht Anti Money Laundering Directive (4AMLD) to virtual currencies (VC) exchanges and wallets.

The EBA mentions that VC exchanges and wallets operating in multiple countries in the EU “may […] be required to be registered or licensed in each Member State in which they intend to provide VC-related services.”

This would be akin to the state-by-state registration process that VC exchanges must carry out in the United States.

This is due to lack of passporting rights granted under the 4AMLD. This is understandable, as the regulations are not designed to facilitate the movement of goods, services or capital, but are simply motivated by the public policy imperative of protecting the European Union from terrorism and crime.

We take the view that a member state level registration is an unnecessary burden placed on VC exchanges and wallets. A small VC exchange and wallet operating in the EU would not only need to register as an Obligated Entity in its home state, but in every other member state of the EU where it operates – an unfathomable task.

Unfair Treatment of VC Exchanges

Further, this particular duplication of registrations creates a disproportionate burden on VC operators, compared to other regulated institutions in the EU. A pre-pay card is issued by an electronic money institution (EMI) licensed by the Electronic Money Directive (EMD). That EMI can ‘passport’ the services it provides to other member states seamlessly through its home state regulator. It goes without saying that EMI still needs to adapt its customer due diligence (CDD) to any additional requirements – i.e. ‘goldplating’ of anti-money laundering (AML) or counter terrorist financing (CTF) laws in the host state. However, the EMI does not need to apply directly state-by-state for AML or CTF registration.

Financial Implication

If a standard authorisation or licence takes from six to 12 months to obtain from application, then what of an AML or CTF registration? Usually this process can take between three to six months. However, the VC exchanges and wallets will now need to contend with language barriers, administration and bureaucratic fragmentation in each member state, in which it wants to do business.

Ironically, registering in 50 states in the US may be easier, as at least the process is in a single language. The same state-by-state requirement in the EU will mean the VC exchange operator will need to contend with 24 official languages.

Paradoxically, the process of state-by-state registration will be far more cumbersome in terms of capital and operational resources, than if the VC exchange and wallet simply applies to become an EMI or, at a push, a ‘Challenger Bank’.

This must be an unintended consequence. The EBA interprets this implication as a matter of fact. However, our view is that this must, at the very least, be unintended, as the result is absurd considering the following preamble statements from the EU Commission:

“In respect of designating providers of exchange services between virtual currencies and fiat currencies as obliged entities, the proposed amendments respect the proportionality principle.

“Similarly, due account was taken of the need to respect the freedom to conduct a business, and while there will be an impact on market players becoming obliged entities and currently not performing any customer due diligence (CDD) on their customers, the ability to operate a virtual currency exchange platform is not affected by the proposed amendments.”

Are You Fit and Proper in Every Single Member State?

The above position is worsened when you consider the requirement that, according to the EBA, the “amendments proposed by the Commission introduce a requirement that those who hold a management function in, or are the beneficial owners of, [VC exchanges and wallets] are fit and proper persons.”

Although evidently the EU Commission has not fleshed out what ‘fit and proper’ test will be in practice, it is reasonable to expect that this will be an assessment of the background of the applicants and provision of documentation (passport, proof of address) possibly notarised/apostilled and translated officially. Imagine a VC exchange or wallet having to do this in 28 member states. Average costs of producing validated documentation that has been officially translated will be a minimum of EUR1-2k per owner/manager.


If the EU Commission were to accept the EBA’s interpretation that all VC exchanges and wallets will be required to register individually in each member state in which they operate, this would be the biggest regulatory blunder for a region expounding the job creation opportunities of fintech.

Overnight, the overheads for VC exchanges and wallets will increase exponentially. It is also most likely that the beginning of January 2017 will see a full consolidation of the VC exchange and wallet market in the EU.

Again, it would be absurd to assume that the intention of the EU Commission is to make it cheaper to set up a licensed payment institution or electronic money institution or even Challenger Bank than be regulated under 4AMLD as a VC exchange or wallet.




The key of a property right is that it is enforceable against all, as opposed to a contractual right which only affects the contracting parties. As such, a property right requires accuracy and validation. Often, the role of the state is to provide a register where land titles are recorded. But when you delve into land registers in different countries, you find that the function of hosting a land register is not an acknowledgement that the records are true and accurate.

There are two competing systems, one is the Torren system whereby the state guarantees that the land titles registered are 100% accurate. The second is a deed-based system where the buyer should investigate the quality of the seller’s title. This involves a historic assessment of the same, referred to as the ‘chain of title’. 

The main advantage of the Torren system is the state’s assurance of title. The Torren system is only used in a handful of states in the world, therefore, by default, we are left with the necessity of investigating title fully before buying. 

For blockchain technology, history is everything, as time moves forward the chain grows, layering irreversibly transactions on each other. So, surely blockchain’s inherent properties, may find relevance with chain of title systems. 

To mitigate fraud, chain of title systems in countries with a strong rule of law, formalise the transfer of title. This is often by delegating due diligence to lawyers, as in the UK, with conveyancing being the exclusive reserve of lawyers. In France, notaries handling all transfers of title and the French notary applying to the local land registry to register the title. 

It is without question that blockchain technology could enhance chain of title systems, as each title on a blockchain could be created and shared between the approved stakeholders: lawyers, notaries, buyers, sellers, and banks and the ‘Blockchain of Titles’ can change and grow giving a full retrospective public record of ownership.

For Torren systems, accuracy is paramount as the state takes liability for inaccuracies. It is this responsibility that may put off many states, unable to dedicate sufficient resources to guaranteeing accuracy. It is likely if the cost of maintaining an accurate register were reduced then maybe governments would consider transitioning to providing full guarantees of title. Perhaps, blockchain offers the prospect of reducing those costs.

Additionally, blockchain may offer the benefit of offering natural resilience due to it being fully distributed. Resilience in property records is welcome, in line with the belief that individual property records should be inalienable and survive governments, catastrophes and geopolitics.

Sweden, recognises the force of the blockchain in land titles and has begun a Proof of Concept (PoC) on the transfer of title. The PoC is to bring all the stakeholders in a property transfer from the government, buyer, seller, broker and bank onto the same system so the transaction can be monitored in real-time. The impetus here may reduce the time delay in completing a property transaction, but the real value of the test is to discover if blockchain can feasibly be used as an enhancement of ‘Chain of Title’ property systems. 



Bitcoin was developed with gaming in mind. Buying bitcoin, ether or any cryptocurrency is a gamble in itself. Couple this with a platform to gamble bitcoin and the speculation doubles. A match made in heaven, maybe. But the uptake of cryptocurrency in traditional gambling is somewhat slow. 

At present, bitcoin and gambling have two separate tracts. Bitcoin processing of deposits or withdrawals for traditional operators or crypto startups expanding a new self-sustaining future for online gaming, built completely on blockchain.

For regulators, there has been some initial reticence regarding regulated operators to integrate bitcoin as a payment method. This was the case in Malta. That said, the Isle of Man have recently been ironing out a detail in their gambling law to ensure that references to ‘money’ includes money’s worth, therefore widening the definition to include cryptocurrency deposits. 

Some of the regulatory concerns stemming from the use of bitcoin as a payment method, can be associated with the difficult question of bitcoin origination. For example, illegal gambling agents can provide their deposit address with an operator to their customers, and the gaming site will struggle to identify that the source of funds is actually from a third party. In addition, virtual currency can act as a circumvention tool designed to defeat domestic gaming prohibitions. Therefore, a gaming site embedding bitcoin should consider how to identify and manage these risks appropriately.

Comprehensive Transparency

That said, blockchain gaming offers potential unrivalled transparency over the full gaming lifecycle: from the supply chain, customer acquisition –payment to affiliates – to service delivery, and mitigates, or potentially eliminates, counterparty risk with a gambling house or in peer-to-peer (P2P) wagering. 

Bitcoin gaming is more receptive to what are known as ‘provably fair’ mechanisms, levelling the playfield – to a certain extent – between heavily, lightly, or even unregulated markets. 

This notion of provably fair systems involves taking three variables; the gaming server encrypted hash, your browser hash and the ‘nonce’, the combination of which produces the random number used in, say, a dice game. The point being that the player him/herself can go through a process after the dice roll to see if the number produced was fair. 

This signals a change from trust based gaming, where users differentiate between sites based on reputation – and how diligently each may be regulated – to a level playing field where the interactive site can be tested to objectively assess their fairness level. 

Of course, fairness may not always be a pre-requisite to playing with a particular site, as marketing has an influence over decisions. However, bitcoin gaming seems to have embraced the notion of provably fair with a number of sites offering this feature (see directory here). 

The Evolution of the Random Number Generator (RNG)

Regarding random number generators (RNGs), regulators traditionally require operators to have their random numbers tested. This involves statistically assessing the approved testing house to ensure the fairness of the RNG. Once the RNG is certified, the regulator would have an assurance that, subject to the constituent RNG being used by the operator, the gaming services are fair. 

For blockchain gamers, the future of the RNG in gaming is the use of blockchain itself as a source of verifiable randomness, meaning that a public ledger – rather than a client side server – produces and records the random numbers for the gaming service provided.

This is a turn towards a fully self-sustaining blockchain gaming ecosystem, where every vertical in the gaming supply chain is inevitably recorded, monitored and is dependent on the same chain. 

To take this concept further; the role of smart contracts can stand to remove the counterparty risk that may occur in playing with the house or in P2P gaming. A smart contract, is a piece of code that two parties subscribe to which self-executes. If the smart contract sets out the rules of the game references an external random number on the blockchain then, in principle, the counterparty risk is removed from the wager – as it is the code that intermediates the transaction. 

I think it is important to observe that although some may find it hard to ascribe a social function to gambling in general, smart contracts experimentation in this area could benefit the build of transparent financial instruments on a blockchain. In the same way that a wager contract is a simpler depiction of a derivative contract. 

In summary, looking at gaming and cryptocurrency is about understanding a new way of levelling the playing field online with the use of provably fair, as a mechanism to empower users. Thereafter, we are likely to see self-sustaining blockchain gaming ecosystems emerge so that everything from the RNG, to the games, to the punters and bookies are all on the same blockchain, embedding transparency and audit trails into every aspect of this new gaming industry.

This will be a radical departure from a somewhat disjointed technology and service ecosystem that exists in online gaming today. In the meantime, bitcoin, as an inherently speculative asset, suits a chance-based industry, so alignment between cryptocurrency and gaming will inevitably start to develop but subject to operators and regulators understanding and managing adequately the associated risks.



Diacle founder Adam Vaziri, was asked by the African Banker Magazine to comment on the role and future of blockchain in that region:

“I think the main point is that banks can benefit from the most advanced open-source technology in the market for financial services that has ever existed and doesn’t cost a dime to access/adopt. Some of the greatest minds around the world are being applied to develop these technologies.

The tangible benefits are not so far off either. For instance, in remittance just last week, Santander announced the launch of a remittance application based on Ripple (an alternative blockchain protocol).

For governments, there is of course a public interest in reducing the costs of sending/receiving money. Mobile Money is but one mechanism competing now with digital currency to reduce the barriers to entry and thereby the costs for consumers.

In a presentation to the Commonwealth telecoms regulators I asked what was their utmost priority. For them ensuring a level playing field was imperative. So digital currency and blockchain offer new tools and a common ‘fabric’ to spur competition into a financial ecosystem.

Certain countries are unsure how to handle digital currency policy. Russia, takes a radical approach and bans bitcoin yet lauds the benefits of blockchain. Kenya, by contrast, warns Kenyans to ‘go slow’ on digital currencies, as the regulators need to catch up first to make it safe.

Regulation is indeed either the brakes or the accelerator of progress. And further adoption by banks requires contextual support from regulators and governments. Of importance are the type of collaborative initiatives such as Sandboxes, Regtech cross-stakeholder initiatives that allow banks to test out new technology with freedom from repercussions but with some reasonable oversight.

For incentives to be aligned between governments and banks, sometimes the benefits of blockchain need to be clearly set out. Bermuda is working with a blockchain group to assess its utility. Dubai, through its Global Blockchain Council, evidently wants to test the technology before offering its formal blessing.

Undeniably things have moved on since the early days of bitcoin. Last year, a bank with a blockchain strategy was quite edgy; now it is a given, the norm. Indeed, now it is the absence of a blockchain strategy that is questioned.

The road has also clearly split. It is no longer surprising to use the ‘b’ word; I mean ‘blockchain’ of course, not ‘bitcoin’. Regarding bitcoin, well digital currencies are a just harder sell for governments in their current form. It requires some re-purposing to see the utility and not just the risk. For instance, Dubai announced a loyalty scheme called Dubai Points (effectively a digital currency), which should be a sound way to explore the benefits and develop a more nuanced view about digital currency opportunities.”


It is a mystery why the UK has an ultra-innovation-keen regulator and a reticent banking system.

The Financial Conduct Authority (FCA) could not do more to welcome fintech and bolster that economy, but most fintech startups either struggle to get accounts in the UK or are banking offshore.

It is a perplexing situation, although the UK is not alone. Hong Kong, like many other jurisdictions advocating the rise of fintech, have an intransigent banking system as the backdrop.

Ultimately, becoming the fintech 'promised land' is about a mix of elements: it requires easy access to the market (visas to bring the talent in, no bureaucracy, cheap/fast/digital incorporations), easy access to banking for startups, pragmatic regulations and strong/real government endorsement of the sector.

Banks in the UK have been systematically uncooperative to the fintech sector. But you can’t blame them.

The reality is that Fintech, unfortunately, bears the brunt of a post-financial-crisis ‘deleverage’ (see report this week on ‘derisking’ from FCA) by a banking sector having to up their capital reserves and yet remain profitable. This is an irony of sorts considering it was the financial crisis that gave birth to fintech (alternative finance, P2P, digital currency) in the first place.

So, in a climate of increasing capital reserves, keeping afloat and exponential anti-money laundering (AML) fines, would it ever make sense for a bank to onboard a fintech unless the fintech was going to make the bank a shed load of money and that the fintech did better compliance than the bank itself? If you look at the fintech market supported by UK banks those two (quite commonsensical) elements will be present.

So what is the fix?

The FCA has a few recommendations or reminders for the banks:

The FCA recommends that banks do not use “AML as an excuse for closing accounts when they are closing them for other reasons”.

The FCA reminds banks that they too are subject to competition law. Banks should be mindful of competition obligations “when deciding to terminate existing relationships or decline new relationships”. This is an indirect way of saying that a bank risks breaching such rules if it refuses to open an account for a fintech that will do a better job than the bank and eat up its market share.  

Lastly, the FCA seems to agree there is no question that the 2nd Payment Services Directive (PSD2) is going to shake things up. As said by the FCA: “payment institutions [will] have access to credit institutions’ payment account services on an objective, non-discriminatory and proportionate basis.” In essence, this means a payment institution will have write access on a banking API, a massive game changer as fintechs become the face the customer sees and the banks the engine.

Although PSD2 is going to shape-shift the financial payments market beyond recognition, it doesn’t mean it will be easier for a fintech to open a bank account with a bank, it is just that the fintech may not need one anymore. But we are not waiting for PSD2 to solve, in one fell swoop, this intractable global miasma called 'de-risking'. 

What else can be done?

I suggest on the policy side a radically different approach.

The UK government effectively owns a few banks in the UK (Lloyds/RBS).

Would it be so odd if the government were to create their own bank that will be the bank-of-last-resort for all the dejected fintech startups chasing their tails in Level 39?

And why not, if we are talking about a bank-of-last-resort, just have the government’s bank itself - the Bank of England - open accounts for startups?

Now that would be a material (and mindblowing) commitment from the UK government to fintech.

However, it may not be as pioneering as one thinks.

Taken from a different view, if private banks shy away from a particular sector, then isn’t that when you need government to pick up the tab? By analogy, if the private prison managers said managing prisons is too unprofitable then do we just let the prisoners free?  

Banking is now unequivocally a utility, like the water in your tap, like the electricity powering your iphone. You could even go as far that banking is a human right, but let’s not go there.

A government genuinely committed to fintech with visions of building the fintech Temple of Solomon in the middle of the City of London, might want to consider stepping in now to deliver a bold vision that will be the last missing piece for London to potentially become the living, breathing, incarnation of fintech.

It is a small cost for the government to provide banking as a utility not as a service, especially when the government already owns banks and the fintech market means jobs, growth - everything a government should want. I appreciate the State Aid specialists will cry 'foul play' governments can't be active in the economy, but the point is that those specialists are assuming that the market is functioning normally when it isn't. It is broken and underserved. In any event, this article suggests that the government steps in as a bank of last resort when everything else fails for startups, and only then. 

I appreciate that you may be thinking what an impractical idea, but what other real solutions are there? If you look deeper, the root of de-risking correlates to AML liability; it doesn’t make sense for banks to take on a startup fintech if the bank is going to be fined for the conduct of that fintech. If banks have to continue to share AML liability with their fintech customers then you’ll never solve the problem.

But the Bank of England can’t be fined for AML failures right; maybe it can but the result would be circular? Food for thought.

Read on LinkedIn Pulse.


A Canadian bitcoin broker was defrauded by a customer who paid for bitcoins by cheque. The transaction appeared as two ‘deposits’ on the broker’s bank account, at which point the broker thought it was safe to deliver the bitcoins to the buyer. He did so. The bank then changed the status of the deposits as they discovered the cheques were written from an empty account. The broker is suing the bank in question, TD bank, for the CAD12k loss. TD Bank suggested a settlement of CAD500, which the broker refused.

Fraud avoidance is the most important incentive for strong Know Your Customer (KYC) procedures. Virtual Currency Exchanges and Brokers view KYC as a hindrance.  However, it protects your business and you. If you need help making your KYC watertight contact us for support.