ICOs and Policy Making

In time, it will get easier and easier to do ICOs. 

Doing an ICO campaign will be the equivalent of setting up a Wordpress website. It is likely to get even easier than setting up a website. 

Traditional crowdfunding will be overtaken by the token economy. VCs role supporting early ideas will start to fade, or will adapt to this new 'self-help' environment. 

In just two-months from now there will be a few ICOs to make ICOs easier for people to launch. Which is somewhat ironic. 

Bancor allows for the creation of tokens with a reserve. Adel will develop a decentralised community accelerator where every project can have a token. Starbase is a crowdfunding system that allows for the generation of a token per project. Wings is a decentralised accelerator and crowdfunding platform for ideas backed by their token.

How should policies adapt to this new economy?

POLICY APPROACH

At the UKDCA we suggested that the UK government have a basic standard for consumer protection. In my view, a simple registration for AML purposes is sufficient as that provides some accountability and standards should be voluntary and industry-led.

Indeed, what is needed for ICOs is some basic governance surrounding access to the funds raised. 

However, prescriptive governance is not warranted. In a previous blog post we talked about the notion of having an “ICO Verification Agent” to verify statements made by ICO campaigns to avoid fraudulent claims being made.

Initiatives are popping up to provide governance as a service. One recent example is icofunding.com.

VIRTUAL SECURITIES POLICY

In terms of Virtual Securities, as discussed in a previous blog post, I would encourage regulators not to regulate them as traditional financial instruments. 

Keep them as digital currency and treat them differently from tightly regulated financial instruments. For the more exotic type of digital currencies that have 'promises' attached, or give a share of the network fees, ensure the  have a simple AML registration requirement for the ICO i.e. still treat them as digital currency. 

There is no point in regulating Virtual Securities under Mifid or other prohibitive regulations. The last time I saw a prospectus for a company issuing stock it was 100 pages long. Noone reads the text and there is never any protection from bankruptcy or guarantee of success. All those prospectuses do is make it more difficult for startups to get funding to grow. 

Where you are faced with a Blockchain Security (which is not a Virtual Security) then of course recognise it as such. 

POLICY must BE PROPORTIONATE

This is where 'proportionate' intervention may be appropriate. The Swiss- and Singapore-based approaches are probably most interesting. 

In Singapore, the notion of a Sandbox represents a full not partial exemption from regulations. The UK Sandbox is a partial exemption – it is an exemption from regulations as opposed to primary law. 

The same is true with the notion of the Sandbox in Switzerland. In Switzerland authorisation is required after a certain threshold of 20 participants and CHF1 million in the holding of client funds. The notion here is scaled regulation. 

In Singapore, the threshold is more discretionary. Statements from Ravi Menon indicate a measured approach. “Only when they grow and reach a certain critical mass, which then poses a significant impact on the system”. From my dealings with blockchain firms MAS gives some discretionary guidelines to the firms within the sandbox.

Compliant ICOs

How are different countries treating blockchain?

Blockchain digital currencies are tightly regulated in the US. 

The issuance of a digital currency in the US requires registration. Ripple was fined for selling XRP without being registered. 

The Isle of Man added a registration provision for digital currency issuers and exchanges. 

In Europe, the EU will capture exchanges and custodians under the 4th Anti-Money Laundering directive. 

All exchange activity will be captured under AML rules. 

In Asia, Japan has already started to regulate digital currency. Businesses are required to have a payments license to operate an exchange or pre-sell tokens in Japan. 

ICO HAVENS

Where are the majority of the ICOs? They are generally from Singapore or Swiss-based entities. 

The typical Swiss route is a non-profit foundation that issues all the tokens. This is modelled on the ICO approach, pioneered by the Ethereum Foundation. In Singapore, the structure is less important as capital gains are non-taxable. In Singapore more interest is the perceived pragmatism of MAS.

A critical part of the ICO process is ensuring the proceeds of tokens sales are not taxable as income or a capital gain. This is managed through a foundation or structuring in tax-efficient jurisdictions. 
However, the tokens are often issued without any anti-money laundering, or counter terrorist financing, controls in place. 

ICOs without AML compliance is a completely unsustainable position as regulations are moving against anonymous crowdsales. 

Looking at only the EU market from June 2017, exchanges and custodians will be subject to the 4th Anti-Money Laundering directive (4AMLD). 

This will capture ICO activity as it is essentially an exchange service.

Importantly, the integration of exchange and custodian activity by the EU into 4AMLD may likely be a prohibitive exercise with huge unintended consequences. The application of these regulations to exchanges and custodians have complete disregard of proportionality. The infamous intervention by the EBA was to suggest that exchanges and custodians must register in every EU state where they have customers. The EBA have never run a startup before and bluntly has no interest in fintech.

Unfortunately, most digital currency activity will shift away from the EU if the application of 4AMLD to exchanges or custodians becomes draconian.

However, Switzerland and Singapore are not in the EU. But that is not to say that Switzerland and Singapore are simply going to give a free hand to anonymous ICOs.

SINGAPORE AND EVOLUTIONARY COMPLIANCE

Singapore prides itself on its clean reputation as a hotbed for innovation. Its Sandbox environment is by far the most pragmatic and effective in operation.

In other words, Singapore has a lot to lose if an anonymous ICO ends up creating a taint on its reputation. 

In view of this, what we are seeing in Singapore is an engagement strategy between ICO projects and the authorities. This engagement seems to lead to incremental steps towards basic compliance. 

DigixDAO is an example of a continual engagement strategy. An article published in September 2016 states: “Whenever there is an update to our business model, we make sure to inform the relevant governing bodies”.

After an anonymous funding round, DigixDAO then introduced KYC to their platform. This is an evolutionary form of compliance for startups. 

However, a 0–100% compliance evolution will no longer be appropriate. Certain basic guidelines will be established we suspect in the near-term.

SWITZERLAND – STEPPING TOWARDS REGULATION

It is important to note that the current announced fintech regime in Switzerland runs counter to anonymous ICOs. The current proposed fintech framework is for crowdfunding intermediaries to allow for the raising of capital subject, to limited number of investors and a threshold amount of CHF1m. The Swiss regulator has already directed digital currency intermediaries to enter a Self-Regulatory organisation for AML compliance. 

These principles will port across to anonymous ICOs. 

In time, it will be a simple requirement to ensure that an ICO campaign achieves some basic level of compliance.

ICOS WILL BE SUBJECT TO STANDARD AML

It is expected that in a year from now it will be the norm to register as a coin issuer and perform KYC on investors. 

But who likes KYC? Everyone hates KYC. The users hate KYC and the service providers hate KYC as it increases acquisition costs.

However, many solutions are being conceived of that will give a blockchain compatible compliant identity to users.

In time, it will be possible to do one registration and access a 100 ICOs without having to repeats the compliance process.

At Diacle, we’re working on building such an identity system. There will be many that exist.

But we need to take the pain out of compliance or compliance will continue to be a hindrance to innovation and business rather than an enabler of innovation.

It is my view that the more regtech we have the more startups will be set free to innovate safely. A basic compliant identity solution is one regtech solution needed. 

Let's take a look at how a purely decentralised blockchain service can achieve compliance. 

On the Isle of Man we have set up what will be the first regulated blockchain lottery in the world. Ninety-nine per cent of the lottery processes run on-chain. It is a fully blockchain integrated solution. Yet it is useless if it isn't compliant.

One way we are achieving compliance is by registering the Ethereum addresses of users and creating a closed-loop between pay and withdraw. This is just a small step.

Of course, in time that ETH address registration won't be necessary as we become compatible with an integrated identity solution. 

COMPLIANCE BY DESIGN

It is imperative not to re-centralise a decentralised service. 

Controlling other people's private keys and access to their assets is an anathema of blockchain as a concept. Therefore, blockchain design must stay true to opening access global peer to peer markets and user control. 

Joseph Lubin famously quoted that 'decentralisation is a phenomenon’. With blockchain we are re-thinking the basis of relationships between user, objects and governments. 

This is a world where users own and control their assets. This must be the future. 

Injecting trust back into a trustless system is simply missing the point of blockchain and shows a design failure, or is simply a reactive business decision to try and own as much as possible.  

In my view, the design decisions of a blockchain product must align with the mission of user control.

But user control does not mean the system cannot be compliant. Quite the contrary. It is just a question of willingness to be compliant.

TOWARDS COMPLIANT ICO CONTRACTS

If you look at the design of the current ICO smart contract code out there, there is no provision for compliance. 

It completely disingenuous to say that compliance is too complicated to add to the ICO smart contract. Since the DAO hack , a freeze function is now commonplace in ICO smart contracts. We have improved the design of the ICO smart contracts by that bad experience.

Let's look at how a compliant ICO might look like. Keep the decentralised design of the ICO Smart Contract but ensure that it is compliant.

The basic process of an ICO smart contract is to start an ICO, receive funds and mint tokens to the addresses of contributors.

Based on that logic, it is simple to you add an additional feature. This feature would be a 'whitelist' function for the funding addresses. 

Investors sign up on a webform, enter their details and registers their ETH address with the smart contract. 

The smart contract then recognises the user when the ICO goes live and only accepts a donation from the registered ETH address.

This simple feature only marginally encumbers the ICO process but achieves a base line of compliance. 

BUSINESS RATIONALE OF A 'WHITELIST' ICO SMART CONTRACT

From a business point of view there are many complaints regarding missing out on an ICO. They say, "it was over in minutes". 

The pre-registration process increases the chances of a person getting into the ICO as pre-registration and can be from of allocation for users that is guaranteed for them in the ICO for a fixed period, say one hour after ICO goes live. 

This also gives better certainty to the ICO project founders that they will sell out when the ICO starts which is a huge concern for the founders.

The Tellochain Method - three dimensional counting

One of the most useful aspects of blockchain is the immutability factor.

If the balance changes on Ethereum, it cannot be reversed. Even if fixed, an error will always be part of the paper trail.

This immutability can be leveraged in a subtle way to dramatically reduce the administrative activities of companies.

To understand how this may be possible we must understand how we count today and the history of counting.

Today, we count in an abstract manner using numbers. ‘Things’ used to be represented as physical symbols until a method was found to go from images to text. 

Abstraction occurred to make the ‘data processing’ of information more efficient.

Today, we count using tools for counting. The primary tool is the calculator. The extension of the calculator is the spreadsheet.

We enter numbers into the spreadsheet and add a column for what the numbers represent – and that is how we count the world around us. The numbers change and we save the versions. 

This method is used for share registers too. 

A company literally takes an excel spreadsheet and adds the names of the shareholders in one column, adds the address of the shareholders in another column and the number of shares in a third. When a change happens, someone in the company opens the correct version of the share register, updates it, and then prints and signs.

These processes are evidentially extremely inadequate for a process that needs to be 100% accurate.

The fact remains that small companies don’t have the time to sit down and do everything correctly. A small errors can accumulate over time, which turns into a larger problem that needs to be solved.

When startup clients make inconsistent filings with the Company Registrar. After a period it became difficult to know exactly who exactly the shareholders were.

The blockchain therefore offers a practically free immutable counting system.

How does it do it?

What is fascinating is that it can do so using the most primitive method known to mankind: ‘accounting tokens’.

Accounting tokens

Five thousand years ago we used what are referred to as 'accounting tokens'.These were physical objects that represented a commodity such as a sheep or wheat. To count the physical object, you would need an equal amount of the accounting tokens. 

Typically, they were used in ancient Mesopotamia and found in a city called Tello.

These objects disappeared as we discovered numerical abstractions as a mean to count. 

Physical accounting tokens are obviously not particularly scalable for accounting purposes.

Accounting tokens are a physical representation of the world around us. It is the rendering of a three-dimensional world in a physical three-dimensional form. 

Our present accounting and counting methods render a three-dimensional world in a two-dimensional abstract form.

With blockchain, the Tellochain Method is a representation of a three-dimensional world or two-dimensional concept in a three-dimensional blockchain form. 

The blockchain accounting tokens created are immutable and permanent therefore they can be said to exist in a three-dimensional manner. 

With the Tellochain Method – using the share register as an example – a digital three-dimensional view of the share register is simply rendered.

A total amount of blockchain accounting tokens can be created and allows for the transfer of those tokens – the blockchain does the rest. 

What is of particular interest, is that there are no regulations over how you should count.

The blockchain accounting tokens themselves are completely valueless.

So Tellochain is a fantastic way to administer all assets without trying immediately to transfer the existence of a real-world legal concepts such as a share onto a blockchain.

In essence, my view is that we must use this technology immediately.Not wait for 500 old years of legal history surrounding joint stock companies to be updated to appreciating the benefits of blockchain.

Now someone just needs to make a beautiful mobile UX to enable the blockchain spreadsheets generation to utilise all programming languages – not just Solidity.

Blockchain Applications and Regulatory Matters

Two applications

There are two current main applications of blockchain: one as a digital currency, two for crowdfunding. 

Let’s look at the evolution of these applications. 

Public blockchain application is digital currency and integrated payment system. 

This innovation has complete removed the need for a trusted third party. 

It allows peers in a network – whoever they may be – to send value to one another, globally and almost instantly.

Bitcoin demonstrated that a distributed community could share a payment system and store of value. 

When something works in such a miraculous way such as bitcoin, it is natural for others to want to replicate the success of that model.

 As a result, enthusiasts wanted to create own version of bitcoin. This resulted in the altcoin explosion.

Many coins in the early 2000’s were similar in many ways and 1,000s of coins were created. 

These new coins often were:

  • mining based digital currencies or 
  • had a mix of mining and a pre-mine. 

 

Ripple – an alternative to bitcoin as a payments network – pre-mined its coin. Ripple’s XRP token is used as an anti-spam token for the network and a conversion token for forex transactions.

 The pre-mine of a new protocol was used to raise funding for the protocol itself. 

Then a new trend emerged which was less about creating a new protocol but rather leveraging the strength of the bitcoin network in other ways. 

 Different communities arose building on bitcoin. 

There was the coloured coin protocol, Counterparty and Mastercoin (now Omni). 

All of those layers allowed a user to simply create another token and use the existing basic functions of pay, receive and escrow for the new token. 

The tokens that were created by a project were often used as a tool to raise capital for the project. 

Before a project was live, the founders would start a campaign to give the community the opportunity to purchase their coin.

This crowd sale campaign came to be known as the Initial Coin Offering (ICO).

MaidSafe on Mastercoin raised around USD5 million with its ICO. Factom raised a few million. 

With Maidsafe and Storj, their token is used to pay for the services.

Ethereum then announced that it was going to create a general framework for blockchain programming.

Its own crowdsale ICO in September 2014 raised nearly 15 million USD. Once Ethereum went live it became evident that ICOs were going to breathe a new lease of life. 

Even the Ethereum foundation refers to ‘trustless crowdsales’ on its homepage as a principle application of Ethereum.

So the second major application of public blockchain is undisputedly crowdfunding.

The interesting effect of blockchain crowdfunding is that it removes the need for crowdfunding platforms themselves. 

What we are seeing now is that Ethereum has heralded a new generation of ICOs. 

These ICOs raise typically between USD5–15 million at a time. 

Let's look at some of the token sales projects and the type of instruments that were sold. 

Access token

This is a type of token used to access software or services. This is generally regulated as a digital currency in most jurisdictions. However, even access tokens can provide incredible capital returns. Ethereum, Storj and Factoids are prime examples of access tokens. 

Virtual Securities Token

This is more like a share in a company. 

The issuer of the token promises one of the following or a combination:

  • a share of the profits of the company 
  • a portion of gross sales 
  • transaction fees in a network 
  • or a portion of assets

These types of tokens may be subject to tighter regulations. 

In particular, certain jurisdictions the sale of these tokens may be deemed to constitute an investment.

The founders often do not structure the tokens to be investments but their interpretation by courts or authorities may lead to that finding. 

This is a case where substance will often triumphs over form.

One labelled ‘virtual’ stock market [Office2] was created by Ethan Burnside in 2013. 

On the website it was possible to create what he referred to as ‘virtual’ shares and bonds to raise funding for your project. 

They were labelled virtual shares and bonds as the Issuers did not create genuine shares or even legal structures to support the issuance.

Mr Burnside was charged for breaching the Securities Act in the US. 

This precedent from the SEC states clearly that the formality of the instrument is immaterial in the US. 

If it is not actually a share or a bond but an investment contract, then it will be defined as a ‘security’ under US law.

Enacting Virtual Securities Tokens on ICOs are therefore more complicated.

In the EU, there are restrictions on amounts raised by selling securities without a prospectus. (See Article 3 here). 

The Prospectus Directive applies to ‘transferrable securities’.

Transferable securities shall mean:

— shares in companies and other securities equivalent to shares in companies

— bonds and other forms of securitized debt which are negotiable on the capital market and

— any other securities normally dealt in giving the right to acquire any such transferable securities by subscription or exchange or giving rise to a cash settlement excluding instruments of payment” (see Article 1(4) here).

If a Virtual Security Token is deemed a transferable security then the Issuer should be mindful of the Prospectus Directive.

In addition, the standard token issued during an ICO is a fully transferable token. It acts in a similar manner as bitcoin with the ability to transfer to anyone even if the recipient is not known to the issuer. 

ERC20, which is the standard for Ethereum tokens have, by default, full and unrestricted transferability.

This ‘bearer’ nature of Virtual Securities Tokens creates issues in certain jurisdictions. 

Recommendation 24 in October 2014 from Financial Action Task Force (FATF) states:

countries that have legal persons that are able to issue bearer shares or bearer share warrants, or which allow nominee shareholders or nominee directors, should take effective measures to ensure that they are not misused for money laundering or terrorist financing”. 

This led to several countries abolishing bearer shares. In the UK, for example, bearer shares were abolished in 2015. 

Consequently, Virtual Securities ICOs are likely to be affected by bearer share restrictions.

The type of limitations that may affect a Virtual Securities Offering is as follows: 

1) limits on the amount of capital raised (Prospectus Directive)

2) place registration requirements on the issuers – the US in particular, unless exemption applies

3) limits on the number of investors

4) limits on the type of people who are able to purchase

5) limits on whether the ERC20 token will have transferability due to bearer share restrictions

There have been many Virtual Securities Offerings. These are obviously some of the most appealing ICOs as they promise a better return on investment. 

Virtual Securities are instruments that are:

Model 1: Not defined as such by the Issuers but act like securities

Model 2: Are explicitly acknowledged as a security or investment contract by the Issuer (although an unconventional security). They could give access (similar to share warrant) to a real security or not be linked to a financial instrument at all and give a defined return to the investors in its own right.

Lykke and Blockchain Capital have issued the best Model 2 Virtual Securities so far. Lykke issued a right to a share in their company as a coloured coin. Blockchain Capital set up a fund with an ICO. They raised USD10m. However, there were certain restrictions: US investors had to be accredited, transfer of the token had limitations. Notable that the offering memorandum was extensive. The token will go live on 15th May 2017. 

We have a third trend emerging which is the issuance of a traditional security on the blockchain. This third category is not a Virtual Security. It is a conventional security issued on the blockchain. These instruments are here referred to as Blockchain Securities.

Blockchain Securities

Shares were typically issued in what is known as ‘certificated’ form. 

In the context of a share transfer, this means that there would be a share register and a share certificate for the shareholder. The transfer of a share would involve a stock transfer form, updating of the share register, cancellation of the previous share certificate and issuance of a new certificate. 

These numerous steps would be impractical in a trading environment on a stock market.

When electronic trading emerged on stock markets the system of trading typically involved the equitable ownership of the share moving hands on an electronic trading system then legal ownership being transferred after the event.

New regulations were introduced in the EU to streamline this process further, these were referred to as the ‘Uncertificated Securities Regulations (USR) 2001’.

These regulations allowed for the legal/equitable transfer of shares at the point of electronic settlement. This removed the necessity of a two-step process.

Importantly, USR2001 would only allow the electronic transfer on recognised settlement systems namely with ‘Operators’. 

Operators are required (in the UK) to be approved by UK Treasury. An example of a USR2001 Operator would be CREST which is owned by Euroclear. 

The CREST settlement system itself becomes the share register of the companies it supports. CREST holds the shares in an uncertificated form and the company usually has a duplicate of that record. 

Operator authorisation is needed to ensure the continual reliability of the Operator’s systems. Any inaccuracy could lead to disorder in stock markets.

So, to have Uncertificated shares they must be held by a USR2001 Operator.

These are the requirements. In contrast, we are finding that progress is being made to have companies issue and transfer shares directly onto a blockchain.

In Delaware, they are amending the law to have shares issued on the blockchain. 

According to Cooley, the Delaware Blockchain Initiative has suggested amendments to permit under Delaware Corporate law the issue of “so-called "Distributed Ledger Shares" that could be authorised, issued, transferred, redeemed – living their entire life cycle – on a distributed ledger” (see here). 

The notion suggested is that, rather than maintaining a share register, the company maintain its list of shareholders on a distributed ledger.

For the EU there would need to be policy changes to allow for the blockchain itself to become an Operator. This is unlikely, as parts of market infrastructure regulation are designed to have liability assigned to a legal entity. It would be a significant departure to remove that legal entity altogether. 

A recent report from Euroclear made this point very clear. 

The report said “the use of DLT by a central securities depository (CSD5), for example, should not by itself trigger any specific regulatory approvals” (see here).

The Central Securities Depository can naturally use blockchain if it so wishes. But its own role cannot be dispensed with blockchain. Not least because its own role is entrenched in legislation. 

In the short term, therefore, we will start to see Euroclear or other USR2001 Operators offer essentially CREST on blockchain. 

 

In parallel, other jurisdictions, which have a more nimble legislative process, may take a more flexible approach to Blockchain Securities. 

With that in mind, it may take some time for Blockchain Securities to become commonplace. 

For ‘public’ Blockchain Securities we need to add an identity layer to resolve the ‘bearer asset’ issue. 

Let’s look at where we might be heading. 

Blockchain Companies

Countries may create a regulatory framework for a new type of company.

This company will be created as a smart contract on the blockchain. Its basic functions as a company will exist on the blockchain and it will issue shares on the blockchain. 

It is commonplace for countries to prepare standard articles of association to be used when a company is incorporated. These are referred to as the ‘Model Articles’.

In the future, a blockchain friendly country will provide Model Smart Contracts. 

These Model Smart Contracts will be written for example in Solidity and will cover several areas.

First, a Model Incorporation Contract will be provided – downloadable from the Company Registry’s office. Once published on-chain the company will be incorporated. 

Secondly, there will be a Model Share Issue contract. This contract will be compatible with the Model Incorporation Contract. Publish the code and the shares will be issued. 

Of course, underpinning such as system will be an identity layer – of course for accountability purposes. 

This all sounds hugely ambitious but the ambition is not a technical one; it is a legal one. 

Decentralised Autonomous Organisations are, technically, already being created on Ethereum. 

The only missing piece is complete harmony with legal systems. Currently the DAOs created are akin to informal partnerships or community associations, which are fairly unsophisticated legal forms. 

Aragon – a new project that is doing an ICO this month – will make creating a DAO accessible for anyone. Finally, it will be the meshing of blockchain innovations with a legal system that will be the ultimate leap forward.

DAO Governance starts with ICO Governance

In this article (video here) we suggest that DAO governance starts with ICO governance. ICOs are now the standard route to funding the setup of DAOs.

More and more tokens are involving sharing network or transaction fees with the token holders and some form of participation/responsibility with the token holders for the continuation of the project.

These are all likely to be regulated and – at times – illegal shares.

But the purpose of this article is not to comment on the legality of DAO tokens. It is to present a way to address the risks of unaccountable token issues in a way to assure some consumer (and even founder) protection.

The exuberance of ICOs has survived the Slock.it DAO due to the Ethereum ‘bail-out’. As said, ICOs are the standard funding routes for new blockchain protocols/ Dapps. We can’t avoid the mistakes ICO founders will make in designing regulated and sometimes illegal tokens.

But we can set a new trend that goes some way to protect the consumer who will access these tokens. Here we present the notion of a Verification Agent to be there to hold the ICO issuer to account on statements made and to ensure the Founders reach their project milestones. This is a idea presented to give ‘food for thought’ only – it is not a full blueprint to be relied upon in any way. If the industry is interested enough it will develop the Agency model or think of an alternative solution.

ICO governance comes before DAO governance, in the same way that building a solid foundation comes before building a house.

Even if the Slock IT DAO was high profile and was presented as one of the first DAOs to be created, in actual fact – in cryptocurrency – we already have Decentralised Autonomous Organisations (DAOs).

Bitcoin was the first fully decentralised one.

Technology comes in waves and so does nomenclature.

‘DAO’ is just a newer word for a older thing.

But DAO is not a word that will go out of fashion.

Most ICOs happening today involve some form of participatory and revenue share based model. For example: share the network or transaction fees with the token holders.

My piece on governance here is not about how best to maintain a DAO once set up, such as for example governance surrounding updating the bitcoin protocol.

Here I am making an assumption.

The assumption is that DAOs of the future will always start with an ICO.

And there is a very simple reason why that is the case; you need funding first to build an organisation.

And I suspect there are less people with funding and DAO ideas than there are DAO ideas with no funding.

Zcash is a DAO that raised funding privately. They could afford not to do an ICO.

If the assumption is correct that DAO+ICO is the trend then before we look at the governance model of an organisation that hasn’t been built yet, we should look at the governance with regards to the initial financing by the crowd of that organisation.

So my piece on governance here is about accountability of the ICO process first.

And the driver here for me is consumer protection.

Now that doesn’t come from altruism per se. It comes from the simple fact that the more you destroy public confidence, the more likely a government reaction will be stern (as no government likes its citizens being ripped off) and, as a result, the less likely blockchain technology will reach the mainstream.

Regarding the DAO tokens. One thing that is for sure is that most DAO-like tokens – for the most part in the real world – are regulated. I don’t and the SEC would not subscribe to the view that because it is bitcoin/ virtual currency that it does not seem to matter.

In certain instances, in fact, the token issued would be illegal. This is based on the fact that if it is deemed a share then a share has to have registered owners, if it does not have a registered owner (like most decentralised cryptocurrencies) then it is a bearer instrument. Bearer instruments are illegal in many countries now. It is important to understand that this article is not to comment on whether DAO tokens are securities and or regulated in some way.

To be quite frank most projects do not seem to pay much heed to whether the token is regulated or even illegal for that matter. The ICO community simply follows the previous ICO approaches with the mistaken assumption that the previous guys knew what they were doing.

This is the ‘piggy back’ approach. Piggy back on assumed homework done by the previous ICO and feel falsely reassured that if a regulator were to go after you then that regulator would have to go after the other projects.

The point here is I nor any professional can force a community to reverse a bad trend.

But one area where we can offer value is to create a new trend that has nothing to do with the token itself but promotes good ICO governance.

That could protect the token holders from fraudsters, empty promises and ponzi schemes.

Obviously it is not my role to be the guardian of token holders. But it has always been my priority that consumers are protected for the above reasons.

When we founded the UKDCA we argued that regulation of virtual currency was not necessary. Instead that the industry should come together to promote consumer protection standards.

I don’t want be cynical but the industry has not taken up this opportunity yet. This is partly because the consequences of a bad ICO are not felt immediately. It usually a few years before the project is ready and a few years in blockchain is a lifetime. When I started there were 300 altcoins now there are 800 last time I checked.

So let’s look at the current problems?

Accountability. Oftentimes founders say we will build a corporate structure once we have funding. Therefore an individual founder/promoter is left controlling the crowdfunding funds. This is a dangerous precedent to set for security and fraud related issues.

Misrepresentation. Statements made by founders are rarely verified by an independent source. This may lead to promises that are unlikely to be fulfilled.

For the founders this presents a liability risk – in certain instances it exposes the founders to fraud based claims.

Due diligence for ICOs seems to be outsourced to Reddit and Slack forums. But this cannot replace standard due diligence expected for any crowdfund.

Slack and community based due diligence can supplement not replace standard due diligence expected.

Liquidity of token is a problem and benefit. Standard equity crowdfunding is done with illiquid shares – this means the investors can rarely get out of the investment. Which is a bad thing for a retail investor.

However, founders of a standard company are usually subject to vesting rights. They cannot exit the company early without a consequence for their shareholding.

With ICOs all token holders – including the founders – have the ability to liquidate their holdings.

So understandably the ability to liquidate means the token is increasingly exposed to ‘pump and dump’.

Delivery. ICOs are exciting to start with but problematic for the project owners to deliver on. To a certain extent there is a lack of standardised transparency on delivery.

Surely if you were paid to do a job you would have milestones to reach and that your remuneration would be tied to achieving those milestones. How could it be in anyone’s interest to complete a project if they have all the funding upfront?

Regulation. Share crowdfunding is regulated in certain countries in the EU. The main purpose of regulation in crowdfunding is to protect the investor. A crowdfunding platform provides a service that effectively promotes investments and, as such, the platform owes a duty of care to the investors. With that in mind it is the role of the crowdfunding platform to provide some independent due diligence on the project at hand. This is not the same as a full regulated listing on a stock market. A listing – understandably – involves an extensive amount of due diligence on the project concerned.

All of the above is to say that ICOs need better support to ensure that investors and founders are adequately protected.

This is not to say that we need to put ICOs on regulated crowdfunding platforms.

We cannot change the current ICO trend.

But we can think of new solutions that may be able to support what is being done. Now let’s look at the problems again and potential solutions. In summary the key problem above of an ICO is accountability. The solution therefore is simply holding the founders accountable.
I suggest this could be done in very a pragmatic way.

I suggest that an independent third party – not a crowdfunding platform or a regulated entity necessarily – assists the ICO issuer in simply verifying certain statements made by the Issuer. That same third party can hold the ICO issuer to account on the milestones that they set for themselves.

I am referring to this entity as the ICO Verification Agent. This agent receives data from the ICO project founders and reviews and verifies statements made. This is much like the role of an auditor.

This verification service of course could be provided on the blockchain. The Verification Agent would sign with their private key statements recorded on the blockchain possibility in the genesis block of the ICO. Now the question is what is the scope of the role of the Verification Agent.

Does the Verification Agent owe a duty of care to the investors? I would say that they shouldn’t as no Verification Agent would want that exposure.

The Verification Agent is simply contracted by the project owner to provide independent verification services.

What would the Verification Agent check?

I suspect that the best way of this working is to have a standard format Token Subscription Document.

This Token Subscription Document template could be a standard one page document that every ICO would use.

In that document it would state the most basic but essential details about the project (here are just some examples):

• Who is behind the project?
• Name of incorporated entity issuing the coins
• Country of incorporation
• Allocation of funds
• Designation of milestones
• Supplementary services of the Verification Agent:
◦ The appointment or not of the Verification Agent to provide co-signing services based on milestones achieved.
◦ The appointment or not of the Verification Agent as an arbitrator in the event of a dispute between the parties.

The Verification Agent would not comment on whether the token is legal or not or regulated or not. The Verification Agent is simply there to ensure that the Founders:

• Have done what they have said they have done and do what they say they will do.

If at a later stage the Verification Agent receives notice that the token is illegal/ or regulated as a Security then it will withdraw from the verification services contract with the project owner.

Two other supplementary roles envisaged would be for the Verification Agent to act as a co-signor for milestones achieved and or to act as an arbitrator in the event of dispute.

Don’t get me wrong people have tried to do this before. But they have always been involved in issuing the coins themselves and dealing with the question of whether the token is a security or not. And that brings heavier risks for the Verification Agent which are not warranted. The role of the Agent is simply to be independent and verify facts or statements made not to issue coins.

In terms of the co-signing responsibilities, the Verification Agent can provide a co-signing service to the Founders to ensure that the funds were spent in accordance with the subscription document. The co-signing service would be ‘passive’ – in other words the Verification Agent would not be able to initiate a transaction.

I should envisage that this Verification Agent should become an institution for the whole ICO community. An umbrella organisation servicing all ICOs. The key with this arrangement is that the Verification Agent should not in itself need to be regulated (accountable yes, but not regulated).

So up to here we have looked at accountability and how that can be addressed with ICOs. This is not to say that the above is legal/regulatory advice for someone who may want to set up that Verification Agent service. Of course a lot of detail and research is needed. This solution presented is merely there to give you – as an industry – food for thought.

There will come a point where consumers get burnt with ICO tokens and that public policy will drive enforcement in this area. Remember also that fines will apply retrospectively to your activities. ‘Disengorgement’ is a type of damages award that does not let you profit from an offence. It is not a question of if enforcement will happen it is a matter of when.

I would urge the industry to come together to consider a better and fairer way of doing ICOs. That the consumer and founders should be protected and the founders should be accountable. That surely is the minimum needed.

Well you may argue that what is the point of protecting the consumer by using a Verification Agent if the SEC will sue you nonetheless. It is in your self interest to do so to protect you as a founder of a project from claims of misrepresentation (fraud), embezzlement of funds and other claims that may be raised by third parties.

In conclusion a DAO should think about governance from the start of its venture. In particular – the biggest area first – is in the area of initial financing through an ICO.

Note: the Verification Agent itself could well be a DAO or a Decentralised Autonomous Regulator (DAR).

MAS in Singapore Comprehensive Payments Framework

MAS in Singapore has started an open consultation process on establishing a new regulatory regime for payments. The intention is to consolidate separate licensing regimes into one overall scheme.

MAS states that a “calibrated regulatory regime, applied on an activity basis to payment service providers, rather than specific payment systems” is the framework that they want to adopt. This framework is referred to by MAS as the Proposed Payments Framework (PPF).

This would mean that entities would seek one licence from MAS but select varying permissions depending on the activities that business conducts.

Here is the suggested list of activities (emphasis added):

Activity 1: Issuing and maintaining payment instruments, such as payment cards, payment accounts, electronic wallets, and cheques1; 

Activity 2: Acquiring payment transactions, such as physical and online merchant acquisition services, merchant aggregators, and master merchants; 

Activity 3: Providing money transmission and conversion services, such as domestic and in-bound/out-bound cross-border remittance services, currency-conversion services, and virtual currency intermediation services; 

Activity 4: Operating payments communication platforms, such as payment gateways, payment processors, and kiosks; 

Activity 5: Providing payment instrument aggregation services, such as payment card aggregation and bank transaction account aggregation;

Activity 6: Operating payment systems which facilitate the transfer of funds through processing, switching, clearing, and/or settlement of payment transactions; and, 

Activity 7: Holding stored value facilities (“SVFs”), such as prepaid cards and prefunded electronic wallets.

MAS is proposing to including ‘virtual currency intermediation services’ as a regulated activity. It is not clear how many different types of blockchain companies this definition will include but of importance is that there would not be a separate licence for a virtual currency operator.

HK: A digital currency Stored Value Facility?

The Payment Systems and Stored Value Facilities Ordinance defines an Stored Value Facility (SVF) as “storing the value of an amount of money“. ‘Money’ in the Ordinance refers to “money in any currency […] or any declared medium of exchange”. Interestingly, the “declared medium of exchange” does not have a fixed definition and, according to the Ordinance, it is for the HKMA to publish in the Gazette whether it declares “a thing to be a medium of exchange” (Section 2C).

With this broad definition of stored value, it is feasible to envisage a digital currency SVF being built in Hong Kong. 

By contrast, in the EU, regulators struggle capturing digital currency financial institutions into the Electronic Money Directive (EMD) because the latter (as currently being interpreted) envisages only electronic representations of ‘fiat’ (sovereign) money as being the scope of EMD. 

In addition, authorities such as the EBA are actively discouraging regulated institutions from handling digital currency. In its latest report it wants to enforce a prohibition on regulated firms dealing with digital currencies

In HK, digital currencies are considered ‘virtual commodities’. As such it is not inconceivable for the HKMA to publish in the Gazette that digital currencies are indeed a ‘medium of exchange’. 

If so, custodian digital currency wallets handling private keys of customers would ostensibly fall within the definition of an SVF. 

Further an SVF licence already includes permission to conduct ‘money-changing’ activities. If HKMA considers digital currencies as a ‘medium of exchange’ then, most likely, the SVF regime will become a comprehensive licence for digital currency exchange operators

It remains to be seen whether HKMA would be willing to extend its scope to capture the global digital currency market. 

In Singapore, MAS is currently in a consultation phase to consolidate their payment services regulations. They envisage a single regime for payments/electronic money with varying permissions for licence holders and have suggested ‘virtual currency intermediation services’ as a licensable activity

As the HK licensing regime is live, active discussions can be had with the regulator to determine the general appetite to capture the digital currency ecosystem. An encouraging sign is the launch of the new fintech Sandbox under the supervision of HKMA and the HK Fintech Hub with ASTRI. In addition, the Sandbox description provided by HKMA expressly invites fintech solutions to the Sandbox that try to “utilise the blockchain or distributed ledger technology”.  

HK: Overview of Stored Value Facility regulatory regime

HK’s Stored Value Facility (SVF) regime will come into full effect as of November 2016. Currently a handful of licensees, including Octopus and Alipay Wallet, have already been authorised. 

An SVF is the equivalent of the E-Money Institution in the EU. As with an e-money institution, an SVF is required to ‘safeguard’ stored value and the licensing regime places a particular emphasis on ‘payment security’/IT controls.

In the HK SVF framework, there is a carve out for closed-network stored value or limited-network stored value, although there are caps on these exemptions (formal licensing becomes necessary after HKD1m issued). In addition the exemptions are partly discretionary allowing the regulator, the HKMA, to place additional conditions on exempt entity. 

There are jurisdictional limits to the SVF regime. In section 13 of the explanatory notes the HKMA will consider a multitude of factors to determine if the stored value “appears to be issued in Hong Kong”. Part of these factors relate to establishment, location of marketing. 

HKMA expresses a slight concern about SVF businesses that are engaged in other business activities. They state that the “principal business of the applicant must be the issue of SVF”.

An add-on to the SVF license is that remittance and/or money changing services is in-built into the SVF licence meaning that an SVF will not need to apply for a separate licence from HKCE. 

The capital requirements for a full licence are HK$25m paid up share capital (compared with EUR350k base capital in the EU), which is not an insignificant sum. Other basic requirements include local executive directors, governance controls/reporting lines, internal controls and compliance/audit functions.

HK – a Blockchain Consortium heaven?

The Hong Kong Monetary Authority (HKMA) is the principal regulator of HK banks and Stored Value Institutions. Lately the HKMA has taken a number initiatives to coordinate fintech in Hong Kong. 

It has created the Fintech Facilitation Office (FFO) which is a division within the Hong Kong Monetary Authority (HKMA) mandated to be a:

(i) a platform for exchanging ideas of innovative fintech initiatives among key stakeholders and conducting outreaching activities;

(ii) an interface between market participants and regulators within the HKMA to help improve the industry’s understanding about the parts of the regulatory landscape which are relevant to them; and

(iii) an initiator of industry research in potential application and risks of fintech solutions.

The FFO immediately have kicked off with two initiatives: the first is the development of a fintech Hub in HK Science Park where new pre-Sandbox fintech ideas can be tested out. The second initiative is a production ready Sandbox where Stored Value Facilities or Banks can use distributed ledgers in a live environment with customers. The Hub essentially feeds into the Sandbox. 

The HKMA-Astri Fintech Innovation Hub

The Hub – which will be located at Hong Kong Applied Science and Technology Research Institute (ASTRI)’s  office in the HK Science Park – is to create:

a neutral ground of the fintech industry, a place where various stakeholders can collaborate to innovate. Industry players, such as banks, payment service providers, fintech start-ups, the HKMA, etc. can get together at this facility to brainstorm innovative ideas, try out and evaluate new fintech solutions, conduct proof-of-concept trials, and gain an early understanding of the general applicability of creative solutions for banking and payment services

What is remarkable is that the ‘Hub’ is not just a collaboration forum but a physical location where “around 200 virtual workstations connected in a segregated network segment […] will be assigned to support the trial work at the Hub […] the Hub is equipped to emulate, compare and analyse different financial services and products supported by various fintech solutions at any one time.” 

The Hub is to be used for trials of fintech solutions and proof of concepts examples including “fintech solutions that try to utilise the blockchain or distributed ledger technology in supporting cross-banks financial service” before they are “tested out at stakeholders’ production environment and subsequently launched in the market”. 

In a way the Hub can be viewed as a pre-Sandbox environment for distributed ledgers. (Further the Hub will be used for events, demonstrations to HKMA of ‘regtech’ solutions it may want to adopt.)

The second initiative is the HK Sandbox. This is a facility to permit HKMA’s regulated institutions to experiment with fintech with relaxed supervisory requirements. In a similar vein to the FCA sandbox, the Sandbox will be a live environment but will have boundaries and there will be customer protection measures.  The main difference between the FCA and HKMA Sandbox is that the HKMA is ostensibly focused on existing regulated institutions. 
In all, this is a bold move forwards for HK and it makes particular sense to offer a physical facility for testing ideas before entering the Sandbox. In view of this vertical integration from blockchain concept to deployment, HK could become an ideal environment for blockchain consortiums. 

EU: AML licensing should only apply in other states if the business is ‘established’ there

Abstract

In this article the author has tried to give more detail surrounding the EBA’s assertion that cryptocurrency exchanges and wallets will need, not only to register or get a licence in their member state of incorporation as an Obliged Entity but that they may need to get registered/licensed in EVERY member state where they intend to provide services.

The implication being that a virtual currency (VC) exchange/wallet, for example, in the UK, will now need to get registered or licensed in every member state where it has customers.

The author has analysed relevant aspects of the 3rd/4th Anti-Money Laundering Directive, the proposed EU Commission Amendment to the 4th Anti-Money Laundering Directive (4AMLD) to regulate VC exchanges/wallets (VC Institutions) as so-called ‘Obliged Entities’ (EU Proposal) and the EBA’s Opinion in further depth.

Based on that analysis, the author takes the view that the only reasonable way to interpret the application of 4AMLD to VC Institutions is:

  • to require VC Institutions to be licensed or registered as Obliged Entities in their Home State (see definition below);

  • but only require Host State (see definition below) licensing/registration when the VC Institution actually ‘establishes’ itself in the Host State (here ‘establishment’ is strictly defined as the establishment of ‘agencies, branches or subsidiaries’ in another EU member state as found in the EU Treaty  not the provision of cross-border online services into another member state).

Thereby, the author completely rejects the EBA’s interpretation that VC Institutions may be “required to be registered or licensed in each Member State in which they intend to provide VC-related services”.

The consequences of the EBA’s view being adopted would be to either to discriminate against VC Institutions versus other Obliged Entities or lead to the absurd conclusion that all Obliged Entities will need to register/obtain licences in every member state of the EU where they provide services.

The purpose of this article is to raise the importance of this pressing issue and invite other interested parties to submit their views.

Definitions

Home and Host State: a Home State is the EU member state where a company is incorporated and Host State is the other EU member states where the same company either: 1) provides its services; 2) establishes itself in that state or 3) passports itself to that state.

Passporting

Financial institutions in the EU benefit from passporting rights. When they are licensed in a Home State they are able to elect to service other member states. The notion of providing ‘services’ could entail the establishment of a physical presence or simply online cross-border services.

The passporting process, simply put, is to request ‘passporting’ when filing for a licence in a Home State. The Home State regulator’s role is to communicate the applicant’s intent to expand into other member state markets to the relevant Host regulators. A Host regulator will not (in principle) refuse a passporting request sent from a Home State regulator.

The reason for this default acceptance is the basis of a single market in financial services.

That said, there are areas where some additional or ‘goldplating’ requirements can be imposed by a Host State regulator.

Gold-Plating and AML

In relation to Anti-money laundering, a Host State can impose further requirements which may affect the financial product being provided into the Host State. By way of example, a financial institution may sell pre-paid cards but only verify identities after a threshold of EUR1k is deposited, whereas in a Host State, such as Germany, the regulator may want (for AML purposes) that the identity of a customer is verified after EUR100 is deposited on the card.

This ‘goldplating’ is perfectly acceptable and does not undermine the single market in financial services although it does fragment the consistency of user experience throughout the EU.

Of crucial importance here is that no financial institution in the EU which is exercising passporting rights has to register or obtain licences from Host States when it provides cross-border services; otherwise there would be absolutely no need for the ‘passporting’ provision.

4AMLD

The Directive (EU) 2015/849 (4AMLD) is a new directive to replace the Directive 2005/60/EC (3AMLD) which has been the standard AML regime in the EU.

The EU Commission aims to have 4AMLD come into effect before the end of the year or beginning of 2017. In 4AMLD it ‘designates’ certain institutions as being ‘obliged’, meaning subject to the provisions in 4AMLD.

The Obliged Entities are not hugely different to the previous regulated institutions under 3AMLD. They are: banks, payment/e-money institutions, insurance firms, investment firms, lawyers, accountants, estate agents, company services, cash handlers and casinos (see article 2 of 3AMLD versus article 2 in 4AMLD). There are some slight variations such as extending the reach to ‘providers of gambling services’ rather than just casinos, but very broadly the same institutions as before.

In 3AMLD it is the role of Competent Authorities in each member state to licence or register the institutions covered by 3AMLD (now called ‘Obliged Entities’ – we will use this terminology moving forwards to describe any entity who has been regulated under 3AMLD or who will be under 4AMLD).

Minimum registration/licensing standard

The 3AMLD did set out a minimum standard for registration and or licensing of Obliged Entities in 3AMLD.

It requires that the relevant competent authority in a member state should ensure that the owner or manager of “currency exchange offices and trust and company service providers” (see Section 2 Article 36 3AMLD), casinos and money remittance service providers should be “fit and proper persons”.  4AMLD has an equivalent clause with a similar requirements (this is Article 47) but with a fit and person description that is more prescriptive by requiring member states to take measures “to prevent criminals convicted in relevant areas or their associates” owning or managing an Obliged Entity.

With regards to VC Institutions, the EU Commission has simply amended Article 47 to slot in that category of business. See below the revised text of 4AMLD with new text suggested by the EU Commission in red.

SECTION 2

Supervision

Article 47

  1.   Member States shall ensure that providers of exchanging services between virtual currencies and fiat currencies, custodian wallet providers, currency exchange and cheque cashing offices, and trust or company service providers, and that providers of gambling services are regulated.

  2.   Member States shall require competent authorities to ensure that the persons who hold a management function in the entities referred to in paragraph 1, or are the beneficial owners of such entities, are fit and proper persons.

  3.   With respect to the obliged entities referred to in point (3)(a), (b) and (d) of Article 2(1), Member States shall ensure that competent authorities take the necessary measures to prevent criminals convicted in relevant areas or their associates from holding a management function in or being the beneficial owners of those obliged entities.

Mandatory registration for VC Institutions

Taking a step back it is evident that the EU Commission is insisting that VC Institutions shall be registered or licensed in some form.

This position can be justified by the simple fact that the EU Commission’s suggested amendment to Article 47 of 4AMLD explicitly states: “Member States shall ensure that providers of exchanging services between virtual currencies and fiat currencies […] are licensed or registered”.

This is not a requirement that is at all unique for VC Institutions. As you can see above Member States should also license or register other particular Obligated Entities.

The implication of requiring a registration/licensing regime for VC Institutions is not controversial in itself.

What is controversial is the EBA’s interpretation of the implications that come with the EU Commission requiring licensing/registration of VC Institutions.

The EBA extrapolates that VC Institutions “may therefore be required to be registered or licensed in each Member State in which they intend to provide VC-related services”.

EBA’s Opinion

It is essential to re-read the relevant section of the EBA Opinion that sets the context for the EBA’s view surrounding state-by-state licensing (emphasis added in following quote):

The EBA notes that by the proposed amendment to the 4AMLD not designating VCEPs and CWPs as financial institutions, no passporting rights under a sectoral Directive applyVCEPs and CWPs may therefore be required to be registered or licensed in each Member State in which they intend to provide VC-related services

However, the new entities as well as the innovation itself (VC schemes such as Bitcoin, Litecoin etc.) are characterised by the international nature of the services provided. The transmission of VCs from one subject to another can be made utilizing the Internet and can be offered and accessed by any entity located in any part of the world.

This results in practical difficulties for a competent authority that imposes national registration or licensing requirements to prevent entities that are not licensed or registered in its jurisdiction from providing VC-related services in its jurisdiction. It is therefore essential that competent authorities from different Member States are able to liaise and exchange information in relation to the operation of VCEPs and CWPs on their territory.

Notion of providing VC-Services

It is essential to note that in the above quote the EBA does not say that VC Institutions incorporated in one member state, who also ‘establish’ themselves in another member state, need to obtain a licence in the Host State too.

No.

The EBA simply states that a VC Institution will need to obtain a licence in a Host State if it “intends to provide VC-related services” in that state. Obviously, the use of the word ‘intend’ can only be a typo as the EBA cannot seriously expect that a licensing requirement in a Host State flows from an intention to provide a service there.

However, what cannot be ascribed to a typo is the fact that the EBA refers to the provision of services and not ‘establishment’ as being the trigger for Host State licensing/registration.

The EBA further talks of:

  • the “international nature of the services provided”;

  • the use of the “internet” in the services provided; and

  • the difficulties of enforcing a Host State registration/licensing requirement when a VC Institution “[provides] VC-related services in [the Host State’s] jurisdiction”.

It follows that the EBA considers the triggering of the requirement for Host State licensing/registration to be simply from the provision of online services from a Home State into a Host State. In essence, the EBA does not draw any distinction between being ‘established’ in a Host State and providing online services into a Host State.

No passporting rights

Let’s breakdown the EBA’s first statement.

“The EBA notes that by the proposed amendment to the 4AMLD not designating VCEPs and CWPs as financial institutions, no passporting rights under a sectoral Directive apply.”

As we have seen above, currently financial institutions under Payment Services or Electronic Money or as Investment businesses ‘passport’ their services throughout the EU. They do so because they have, in essence, an EU wide licence to conduct their business. An institution that provides payment services is regulated under the Payment Services Directive which sets out an EU wide licensing regime; same is true for most other areas in financial services.

The EBA refers to these thematic directives, dealing with a particular vertical in financial services, as ‘sectoral’.

If you look at the wording of the EBA’s statement they mention that the EU Commission did not decide to designate VC Institutions as financial institutions. (‘Financial institutions’ in this context (we assume) refers to the definition in Article 3 (2) 4AMLD which refers to regulated institutions under a relevant ‘sectoral’ financial services directive such as the Payment Services Directive of Electronic Money Directive.)

Therefore, in the view of the EBA, because VC Institutions are not defined as Financial Institutions they cannot rely upon an EU wide licence (or in other words ‘passporting rights’) and, consequently, avoid state-by-state registration/licensing under 4AMLD.

But if you reverse the logic of the EBA’s statement above the implication is that ALL non-Financial Institutions (or institutions that do not have access to ‘passporting rights’) have to do state-by-state registration/licensing under 4AMLD.

We expect of course that if the EBA’s Opinion is adopted that the EU Commission (as an institution bound by the Charter of Fundamental Rights namely having to heed to express requirements of due process Article 20 equality before the law and article 21 non-discrimination) will ensure that ALL non-Financial Institutions who are Obliged Entities shall be subject to the same requirements of state-by-state registration/licensing.

Potential impact

It follows that if the EBA is correct in its interpretation resulting in state-by-state licensing/registration of VC Institutions, that that requirement will be imposed on ALL non-financial institutions.

Let’s look at the potential impact in more detail:

  • The following professionals are not ‘financial institutions’ but are Obliged Entities in 4AMLD: auditors, external accountants, tax advisors, notaries, lawyers, trust or company service providers – all of these professionals will need to do state-by-state registration/licensing to provide their services in any other member state other than their Home State.

  • Estate agents are Obliged Entities and so will need to be registered/licensed under 4AMLD in every Member State where they sell houses.

  • Cash handlers and providers of gambling services too.

You might say some of the non-financial institutions above are more local than others. Possibly a notary only provides notarial services in its Home State but it most likely has a website and, without question, doesn’t just have Home nationals using its services. Same is true for estate agents who may be registered as Obliged Entities in Portugal but selling properties in their country to clients based in France.

Sub-category of Obliged Entities?

In response you may retort that VC Institutions have been placed by the EU Commission into a specific sub-category of Obliged Entities in 4AMLD and that they should only be compared with the Obliged Entities within that sub-category.

What could be that sub-category? As referenced above the EU Commission have proposed to amend Article 47 of 4AMLD. In Article 47 the EU Commission have added VC Institutions together with “currency exchange and cheque cashing offices, and trust or company service providers” as all having to be registered or licensed and the same having to be run by “fit and proper persons”.

If the EU Commission or EBA will argue that the state-by-state licensing/registration is required for VC Institutions then the same should be true for “currency exchange and cheque cashing offices, and trust or company service providers” no?

If so then a Uk company incorporation agent servicing other member states in the EU will now need to register in each and every member state where its website is accessible and where it sells its services. If a Greek person asks a UK agent to incorporate a company for him/her the UK agent will need to also be registered in Greece as an Obligated Entity. Any online currency exchange services will need to be registered/licensed in every member state where it does business.

If however company service providers and currency exchange services are NOT required to register in every member state where they provide services then undoubtedly VC Institutions have been singled out and are being discriminated against by the EU Commission (in effect) breaching a requirement of the EU Commission to treat all equally before the law (a Charter obligation).

As you can see if the EBA is correct in its interpretation of the EU Commission’s proposal the consequences are quite absurd and, most likely, unintended.

A more rational interpretation

We should hope that the EU Commission will take the more rational view that an Obliged Entity – after it has registered/ been licensed in its Home State – will only need to register/obtain a licence in another member state in the EU if it establishesitself there.

If you were to survey any of the non-Financial Institutions from 3AMLD it is doubtful that they have registered in every member state in order to provide their services there. The inference is that a lawfirm in the UK would have to register in Bulgaria as an Obliged Entity because it has a Bulgarian client. It is absurd and an anathema to the core principles enshrined in the Treaty on the Functioning of the European Union (the Treaty).

However, if the UK lawfirm goes to Bulgaria and establishes an office there, sets up a subsidiary there to service the local market then it could be reasonable to infer that that ‘branch’ or subsidiary should be registered/licensed with the local supervisory authority for Obliged Entities.

Looking at the Treaty

If we look at the definition of the “freedom of establishment” in the Treaty refers to “setting-up of agencies, branches or subsidiaries of any Member State established in the territory of any Member State”.

The core of the definition of establishment in the context of free movement therefore is setting up “agencies, branches or subsidiaries”. The Treaty does not refer to ‘establishment’ as occurring de facto from simply providing services into another member state.

From a tax point of view if we look at the VAT Directive (Directive 2006/112/EC) it states that the place where a taxable person’s business is established is the place where the functions of the central administration are carried out. Those functions relate to where essential decisions concerning general management are taken, where the registered office is and where management meets. This definition of establishment in the VAT Directive at its core relates to the quality/location of decisions and where the entity is registered.

But as we can see neither the Treaty definition nor the VAT Directive’s definition of establishment points to ‘establishment’ as occurring in a member state by simply selling products or services into that state. The implication would be that if Amazon sells one book to Romania from Luxembourg then it would now be ‘established’ in Romania too.

Therefore, ‘establishment’ can only sensibly be defined as the setting up of an ‘agency, branch or subsidiary’. This definition mirrors that of the Treaty.

With that in mind let’s look at why, contrary to the EBA’s view, we should hope that the EU Commission and Co-Legislators interpret the requirement for additional registration/licensing in the event of ‘establishment’ only.

Article 48 of 4AMLD makes explicit reference to ‘establishment’ in the article just after the article where it requires that VC Institutions be registered or licensed.   See as follows (emphasis added):

“Member States shall ensure that competent authorities of the Member State in which the obliged entity operates establishments supervise that those establishments respect the national provisions of that Member State transposing this Directive.

Member States shall ensure that the competent authorities of the Member State in which the obliged entity operates establishments shall cooperate with the competent authorities of the Member State in which the obliged entity has its head office, to ensure effective supervision of the requirements of this Directive.”

The inference here is that competent authorities are supervising Obliged Entities wherever they are ‘established’. It follows if an Obliged Entity is established in multiple member states then it needs to be registered/licensed by the relevant competent authority in ALL the member states where it is established.

In conclusion, the trigger for Host State licensing/registration has to be based on establishing an agency, branch or subsidiary in a Host State. 

If the Author’s opinion is adopted then a VC Institution incorporated, for example, in France will need to be registered/licensed by a supervisory authority in the France. If the same VC Institution decides to set up an ‘agency, branch or subsidiary’ in any other member state then it will need to ensure that either the subsidiary is registered/licensed in the Host State or, if an agent, that the agent is registered/licensed in the Host State and, if a branch, that the French company is registered in the Host State. 

There cannot be another interpretation of the application of 4AMLD to VC Institutions that does not either lead to deliberate discrimination against VC Institutions compared with other Obliged Entities or, worse, complete absurdity where every single Obliged Entity, whether they are selling houses on the internet, or selling currency or VC now needs to get licensing/registration in every single member state where they provide services or have customers.

References:

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L0849

http://ec.europa.eu/justice/criminal/document/files/aml-directive_en.pdf

http://www.eba.europa.eu/documents/10180/1547217/EBA+Opinion+on+the+Commission%E2%80%99s+proposal+to+bring+virtual+currency+entities+into+the+scope+of+4AMLD

Bitcoin & the Cambrian blockchain explosion

In the article below we seek to offer a basic introduction to the rationale of a decentralised payment system such as bitcoin, to give a basic description of how the payment system functions. This is to form the basis of why we all have/ or have had ‘blockchain fever’ and Venture Capitalists, banks and governments can’t get enough blockchain.

This is not meant to be a comprehensive technical description. However, the jargon used in this sector makes understanding the overall utility of bitcoin difficult to grasp, so I have tried to keep the language simple to facilitate an easier appreciation of the main concepts.

Why start with bitcoin? Bitcoin is the first living and successful working example of a decentralised payment system and bitcoin gave birth to the notion of a blockchain. Bitcoin created the Cambrian explosion leading to countless digital currencies out there with differing ‘protocols’. Also, you might have heard about the distributed ledger or blockchain hype; well these concepts would not have been possible without bitcoin.

What is bitcoin?

Bitcoin is the first decentralised payment system that the world has seen. Invented by Satoshi Nakamoto and released in the late 00’s.

Satoshi wanted to create a peer-to-peer (P2P) payment system that was designed for the internet age. Bank cards were being used online for payments, but the bank card for remote payments is a deeply flawed payment instrument: purchasing power over someone else’s bank account can be stolen by simply seeing the digits displayed on the front and back of a card. Essentially, the bank card was never designed for online payments.

The incidence today of bank card fraud is colossal. As such, the bank is constantly arbitrating disputes, chargebacks and dealing with identity fraud. All of these costs being incurred simply because the standard payment instrument for online transactions is flawed. It is like driving a car with an in-built hole in the engine for the oil to seep out, but instead of building a car without a hole in the engine you just keep adding oil.

All of that administration and liability leads to the overall costs of the payment system being high and that cost is silently transferred to the users through higher transaction fees charged to merchants and users.

Satoshi wanted a system that would allow for a more accessible, seamless and more secure manner to make remote payments. He/she saw bitcoin, used in conjunction with escrow services, to provide a simple yet extremely secure mechanism for paying remotely for goods/services.

Other payment systems

There have been countless examples of alternative payment systems, however, not all have been successful.  Previously, a number of these systems (E-Gold for instance) popped up that were centralised where, for example, all transactions had to be validated by a central authority to be approved. This was no different in reality to electronic money/stored value systems, the most successful of which in this category is Paypal.

Bitcoin does not have an Issuer in the payment system

However, what was new about bitcoin was that there wasn’t a central issuer – someone responsible for the administration of the payment system (i.e. ensuring credits and debits were correct) and or responsible for the backed value.

In most payment systems the value being transferred is a representation of value not value itself. For example with Paypal, I transfer USD10 and they immediately issue USD10 of electronic money for me to use online. The electronic money they issue is a liability to the customer of USD10. In other contexts electronic money can be issued based on real world assets such as gold or other precious metals. In those instances again the issuer has a liability to its customer for the value being issued; and the customer, in fact, does not control the underlying asset.

From Digital Credits to Digital Assets

We don’t understand digital assets. Our first exposure to electronic money has always been in the form of a credit. Even our first exposure to money as a concept has been in the form of a credit rather than an asset.

Money in any form is deeply associated within the social psyche with credit. Cash is a promissory note which is a credit from the Central Bank for the face value of the note. However the credit issued from a Central Bank is a circular notion: the promissory note used to be redeemable for a precious metal such as gold but now it is just redeemable for itself. Private credit institutions being banks hold the vast majority of national currency in an economy and when funds are deposited with them they provide a digital credit to their customers. E-money institutions perform the same function as credit institutions in that they issue digital credits for customers to spend online. Electronic money as a general concept has always been a credit and never an asset.

However, bitcoin is the first time that a digital asset, which can function in a similar way to money, has been created.

Bitcoin is value in itself

This is part of the innovation of bitcoin. Bitcoin is not a representation of value it is value itself. The system is designed with a deflationary supply so that the rarity factor influences its price.

That is party why it has been dubbed ‘digital gold’. Some regulators have even referred to it as a digital commodity (Hong Kong for example).

It follows that if the digital asset is value in itself then users have direct control over it. If they misplace the passwords to access their digital assets then it is like misplacing the keys for a gold vault.

If they have a balance in bitcoin on their wallet they actually have that value in their wallet not a liability that someone will pay them the face value of the asset.

Why do that? Why create the first ever digital asset?

If you are designing a decentralised payment system then you have to remove all central issuers and central counterparties. For the system to be the purest form of P2P payments it has to be used, managed and controlled by the peers in the system. If you introduce an issuer who receives bitcoins from everyone and issues credits representing the right to redeem the credit for bitcoins then you haven’t achieved the full decentralisation of the payment system.

So Satoshi’s invention was partly to say let’s create a new form of value that can live in the decentralised payment system. If we are successful creating a digital asset such as bitcoin then we can go on to complete the design of the decentralised payment system.

Inherent value in bitcoin means no need for an Issuer

So, in summary, the key with giving inherent value to bitcoin means that bitcoin does not, in practice, need an Issuer do any issuing of digital credits. As a result there is less dependency on any central or single party.

How to create a payment system without a central administrator?

But giving a unique value to a digital asset isn’t enough to turn it into a decentralised payment system.

That is part of the battle won but you now need to take on the technical challenge which is how can you have a payment system with no-one being responsible for the administration of the system?

Visa and Mastercard and SWIFT are payment system networks and they take responsibility for relaying and executing payment instructions to their network members according to their own protocols which members subscribe to when they join the schemes.

How did Satoshi manage to create essentially a Visa payment network but without a single person being responsible for the payment network?

He decentralised the functions of the payment system administrator – creating a prize based competition to incentivise peers in the bitcoin network to do the work required.

Imagine crowdsourcing all of the payment system functions but without compromising on security.

The effect of this meant that rather than having one person responsible for keeping the payment system in order that the entire network would be involved in that process.

No-one owns the bitcoin payment system

Satoshi started with the premise that no-one actually owns the bitcoin payment system or has any special rights over how the payment system functions.

The bitcoin payment system is, in essence, an agreed set of rules that anyone who joins the bitcoin network would agree to.

Not anything dissimilar to joining any payment network. If you were to join SWIFT you would have to agree to their messaging protocol in order to use their telegraphic network to communicate payment instructions to other banks.

Make the transactions public

Then Satoshi thought all the transactions of the payment system should be public for everyone in the network.

These bitcoin transactions are not like publishing your bank statements on Facebook. All transactions are associated with a username (not someone’s personal name or a company’s name). This means everyone just sees usernames in the payment system and not personal data. You can see how many bitcoins a particular user has but you can’t associate that balance to a particular individual.

Transaction chain

Bitcoin links every previous transaction to the next one so that it creates a linear transaction chain. There is only one transaction chain for bitcoin. This transaction chain is also called the blockchain, but we will go into that a bit later.

Give everyone the full history of payment transactions

One of the key rules in the bitcoin payment protocol was to agree that everyone in the network had to download the full transaction chain. This meant everyone in the protocol would have a full history of the entire payment system.

Having a full history makes it possible to spot anomalies being introduced into the payment system such as a username trying to send bitcoins that have already been sent (called a double spend).

How to add new transactions to the payment system

So everyone has the same record but how are new transactions added to the history of payment transactions?

First principle is that anyone can transact in the bitcoin network. When a transaction has been signed by one person to another then that message is sent out to the network but it is unconfirmed.

This means the protocol doesn’t just add every single transaction being sent into the network onto the transaction chain.

The protocol has a filtering process to determine which transactions should be added to the transaction chain. Until a transaction has been added to that chain and it has been agreed by the network then it will remain ‘unconfirmed’.

Delegate ‘transaction processing’ to everyone in the network

The next part of the process is the most ingenious in terms of Satoshi’s invention.

As said above Satoshi decentralises the administration of the payment system by having everyone in the network keep a copy of the full transaction chain – that means no one person is responsible for making sure it is accurate.

Then he delegates the responsibility for actually validating the unconfirmed transactions and adding them to the transaction chain. How does Satoshi do that?

Through economic incentives. Satoshi creates a rule in the protocol which is very much like a prize based competition.

The basic competition rules are as follows:

Take a series of unconfirmed transactions

Work out a mathematical challenge based on those transactions

and if you succeed in that challenge then you can add the packet containing the unconfirmed transactions (block) onto the bitcoin transaction chain (or, in other words, the blockchain).

And if you succeed in that mathematical challenge and you can add your block to the blockchain then you can pre-load the block with additional bitcoins as a prize.

The people in the network who collect unconfirmed transactions and package them together and who try and win the mathematical challenge are called the ‘miners’.

Why bother with such an elaborate process?

The main point of the prize based competition and mathematical challenge is for people in the network to be incentivised to expend resources. It is the expenditure of resources that secures the network and ensures that there is only one bitcoin transaction chain (blockchain).

Spinning Roulette Tables – 20 tables at once

(Gambling is just been used here as an example to illustrate the improbability involved).
Winning the bitcoins in the block is simply about getting the right number of preceding zeros as a result of a mathematical challenge.

It is a kind of a huge casino where everyone is playing roulette but that everyone is betting on zero every time. Everyone in the room just keeps spinning the wheel until one of the peers in the network gets zero.

But for bitcoin you have to have a number of zeros so you need to be spinning at least 20 wheels and to win the prize all 20 wheels have to be zero. Now you can understand the statistical challenge involved.

This process is called ‘mining’ mainly due to the repetitive and highly speculative physical operation involved. With mining you never know when you will strike gold but you keep going as maybe you will.

What is interesting is that when a miner has found the right number he/she is able to show everyone else in the network and everyone in the network will themselves be able to check if the winning number was correctly arrived at. This is not like a casino where you can never be sure if the table is rigged or naturally has a bias for zero. With bitcoin the miners can recreate the ‘roulette spin’ that the winner did to see if it ends up with the same result.

Because of this verification process, the miner who shouts ‘jackpot’ in the mining pool can add his ‘block’ of transactions to the last block. Others in the network will accept the result because they can verify it. This result therefore becomes an objective proveable truth. The network then rallies and supports the declared result.

Once accepted and only at that moment are the transactions in that block ‘confirmed’. Once confirmed then everyone in the network will automatically run the instructions in the transactions on their blockchain. In other words, everyone’s blockchain will be updated in accordance with the protocol.

This decentralised design means bitcoin is accurate yet at the same time extremely resilient as a payment system.

The beginning of the blockchain fever

Barter was the first decentralised P2P payment system invented, as physical assets are exchanged directly between peers. Bitcoin is the first remote P2P fully decentralised payment system invented. But of most interest, in abstract, is that bitcoin simply demonstrated that parties can manage a monetary system of records without any form of loyalty or connection between them or trust. Trust is not needed for bitcoin’s decentralised payment system to work and that is what makes it powerful.

Bitcoin is also extremely resilient as there are over 5000 main peers in the network with the full blockchain. You would have to eliminate all of them to change the transaction history. You would need to collude with more than 50% to change history moving forwards.

But where else could the characteristics of bitcoin be applied?

If we look at a payment system, all it is essentially is a record keeping and communication system. For bitcoin is it an asset register of sorts; bitcoin moves from one username to another username, it is validated by the network and once validated, everyone in the network automatically updates their record of who owns what and in what quantities.

Well of course just replace bitcoin with other assets and you end up with the same benefits that bitcoin offers. That is already being done on bitcoin where bitcoins are been labelled as shares and then transacted in the bitcoin payment system. (Here I am just explaining a few examples but not the detail of the pros and cons of these derivative notions.)

Other initiatives have cropped up where they have evolved the concept of bitcoin as they found the confirmation process in the bitcoin payment system a bit slow. So they created a new protocol where they would appoint certain persons in the network to do the transaction validation to make the process faster. That is the Ripple protocol.

Some institutions have looked at the technology and thought:  “I really love this idea of ‘crowdsourcing’ the administration of a record keeping and communications system without compromising on the integrity of the system but I don’t like the idea of everyone in the world being able to see the chain of records even if they will only see usernames”. So they deployed their own private network with their own mathematical challenge to reach agreement on how to validate unconfirmed records/transactions.

Shared ledgers

Further, certain thought leaders looked at bitcoin as this vast shared database storing one version of the truth. They then thought about how the banking system works with all its information held in silo,s and one bank having to reconcile their information with another bank’s information about a contract, then said maybe bitcoin and the idea of sharing the same ledger is the real value of bitcoin. Bitcoin eliminates post-event reconciliation as the ledger is updated constantly and there is only one version of truth regardless of what that truth is.

Distributed computing

But when you look at bitcoin you think well couldn’t it do a bit more than just move an asset from A to B. When a transaction is confirmed, everyone’s piece of bitcoin software automatically updates the transaction ledger. Everyone’s computer essentially computes some instructions such as ‘move 2 bitcoins from username 1 to username 2’. One magnificent idea was to extend what we ask everyone’s computer to do in the network. So rather than just asking everyone’s computer to move 2 bitcoins from username 1 to username 2 it can run a program that does something. This is the world of smart contracts or distributed applications – these programs are distributed because they run on everyone’s computer in the network not on a central server.

In conclusion I hope this article has given you a guided tour of the mechanics and significance of the bitcoin payment system.

As such it should be treated with care as it has potential to offer more social benefits than the internet. If the internet helped with communication and connecting the world, the invention of decentralised payment systems help with financial inclusion and reducing the costs of financial services which benefits everyone.

But beyond that, a system to create a shared untamperable record is a paradigm shift for companies, industries, governments and humanity – the irony of bitcoin was that blockchain was a means to an end now, on reflection, blockchain is the end in itself but what blockchain offers is almost immeasurable in scope.

Easier to set up Bank than a Virtual Currency Exchange? Impact of EBA’s Opinion

On 11 August 2016, the EBA wrote an Opinion on the application of 4AMLD to VC exchanges and wallets.

The EBA mentions that VC exchanges and wallets operating in multiple countries in the EU “may […] be required to be registered or licensed in each Member State in which they intend to provide VC-related services“.

This would be akin to the state-by-state registration process that VC exchanges have to do in the United States.

This is due to the fact that there are no passporting rights granted under the 4th Anti-Money Laundering Directive – understandable, as the regulations are not designed to facilitate the movement of goods, services or capital but are simply motivated by the public policy imperative of protecting the European Union from terrorism and crime.

We take the view that a member state level registration is an unnecessary burden placed on VC exchanges and wallets. A small VC exchange and wallet operating in the EU would not only need to register as an Obligated Entity in its home state but in every other member state of the EU where it operates – an unfathomable task.

UNFAIR TREATMENT OF VC EXCHANGES

Further, this particular duplication of registrations creates a disproportionate burden on VC operators compared with other regulated institutions in the EU. A pre-pay card is issued by an electronic money institution (EMI) licensed by the Electronic Money Directive. That EMI can ‘passport’ the services it provides to other member states seamlessly through its home state regulator. (Yes indeed that EMI still needs to adapt its customer due diligence (CDD) to any additional requirements (i.e. ‘goldplating’) of AML or Counter Terrorist Financing (CTF) laws in the host state, however, the EMI does not need to apply directly state-by-state for AML/CTF registration.)

FINANCIAL IMPLICATION

If a standard authorisation/licence takes 6-12 months to obtain from application then what of an AML/CTF registration? Usually that process can take between 3-6 months, however, the VC Exchanges and wallets will now need to contend with language barriers, administration and bureaucratic fragmentation in each member state where it wants to do business.

It is sadly ironic that registering in 50 states in the US may be easier as at least the process is in one language. The same state-by-state requirement in the EU will mean the VC exchange operator will need to contend with 24 official languages.

Paradoxically, the process of state-by-state registration will be far more cumbersome in terms of capital and operational resources than if the VC exchange and wallet simply applies to become an EMI or, at a push, a Challenger Bank.

This surely must be an unintended consequence. The EBA interprets this implication as a matter of fact, however, our view is that this must, at the very least, be unintended as the result is absurd considering the following preambule statements from the EU Commission:

In respect of designating providers of exchange services between virtual currencies and fiat currencies as obliged entities, the proposed amendments respect the proportionality principle

Similarly, due account was taken of the need to respect the freedom to conduct a business, and while there will be an impact on market players becoming obliged entities and currently not performing any customer due diligence (CDD) on their customers, the ability to operate a virtual currency exchange platform is not affected by the proposed amendments.

ARE YOU FIT AND PROPER IN EVERY SINGLE MEMBER STATE?

The above position is worsened when you consider the requirement that, according to the EBA, the “amendments proposed by the Commission introduce a requirement that those who hold a management function in, or are the beneficial owners of, [VC exchanges and wallets] are fit and proper persons“.

Although evidently the EU Commission has not fleshed out what ‘fit and proper’ test will be in practice, it is reasonable to expect that this will be an assessment of the background of the applicants and provision of documentation (passport, proof of address) possibly notarised/apostilled and translated officially. Imagine a VC exchange or wallet having to do this in 28 member states. Average costs of producing validated documentation that has been officially translated will be a minimum of EUR1-2k per owner/manager.

NEXT STEPS

If the EU Commission were to accept the EBA’s interpretation that all VC exchanges and wallets will need to register individually in each member state where they operate, this would be the biggest regulatory blunder for a region expounding the job creation opportunities of fintech. Overnight, the overhead of VC exchanges and wallets will increase exponentially and most likely the beginning of January 2017 will see a full consolidation of the VC exchange and wallet market in the EU.

Again it would be absurd to assume that the intention of the EU Commission is to make it cheaper to set up a licensed payment institution or electronic money institution or even Challenger bank than be regulated under 4AMLD as a VC exchange or wallet.

Blockchain of Titles – Enhancing Property Transfer Systems

The key of a property right is that it is enforceable against all as opposed to a contractual right which only affects the contracting parties. As such, a property right requires accuracy and validation. Often the role of the State is to provide a register where land titles can be recorded. But when you delve into the detail of land registers in different countries you find that the function of hosting a land register is not an acknowledgement that the records are accurate.

There are two competing systems, one is the Torren system whereby the State guarantees that the land titles registered are 100% accurate or a deed based system where the buyer has to investigate the quality of the seller’s title, involving a historic assessment of the same, referred to as the ‘chain of title’. 

The main advantage of the Torren system is the State’s assurance of title. The Torren system is only used in a handful of States in the world, therefore, we, by default, are left with the necessity of investigating title fully before buying. 

For blockchain technology, history is everything, as time moves forward the chain grows, layering irreversibly transactions on each other. So, surely blockchain’s inherent properties, may find relevance with chain of title systems. 

To mitigate fraud, chain of title systems in countries with a strong rule of law, formalise the transfer of title, often by delegating due diligence to lawyers, as in the UK with Conveyancing being the exclusive reserve of lawyers and, in France, notaries handling all transfers of title and the French notary applying to the local land registry to register the title. 

It is without question that blockchain technology could enhance chain of title systems, as each title on a blockchain could be created and shared between the approved stakeholders: lawyers, notaries, buyers, sellers, and banks and the Blockchain of Titles can change and grow giving a full retrospective public record of ownership.

For Torren systems, accuracy is paramount as the State takes liability for inaccuracies. It is this responsibility that may put off many States, unable to dedicate sufficient resources to guaranteeing accuracy. It is likely if the cost of maintaining an accurate register were reduced then maybe governments would consider transitioning to providing full guarantees of title. Perhaps, blockchain offers the prospect of reducing those costs.

Further, blockchain may offer the benefit of offering natural resilience due to it being fully distributed. Resilience in property records is welcome, to the extent you believe individual property records should be inalienable and survive governments, catastrophes and geopolitics.

Sweden, recognises the force of the blockchain in land titles and has begun a Proof of Concept on the transfer of title. The PoC is to bring all the stakeholders in a property transfer from the government, buyer, seller, broker and bank onto the same system so the transaction can be monitored in real-time. The impetus here may be reduce the time delay in completing a property transaction, but the real value of the test is to discover if blockchain can feasibly be used as an enhancement of Chain of Title property systems. 

The Future of Blockchain Gaming – from provably fair to self-sustaining blockchain gaming

Bitcoin was born for gaming. Buying bitcoin, ether or any cryptocurrency is a gamble in itself, couple it with a platform to gamble that bitcoin with and you double the speculation. So you would think this is a match made in heaven but the uptake of cryptocurrency in traditional gambling is somewhat slow. 

At present, bitcoin and gambling have two separate tracts: bitcoin processing of deposits/withdrawals for traditional operators or crypto startups burgeoning a new self-sustaining future for online gaming built completely on blockchain.

For regulators, there has been some initial reticence about allowing regulated operators to integrate bitcoin as a payment method, in particular this was the case in Malta. That said, the Isle of Man recently have been ironing out a detail in their gambling law to ensure that references to ‘money’ includes money’s worth, thus widening the definition to include cryptocurrency deposits.  

Some of the regulatory concerns stemming from the use of bitcoin as a payment method can be associated with the difficult question of bitcoin origination. For example, illegal gambling agents can provide their deposit address with an operator to their customers and the gaming site will struggle to identify that the source of funds is actually from a third party. Further, virtual currency can act as a circumvention tool designed to defeat domestic gaming prohibitions. Therefore, a gaming site embedding bitcoin should consider how to identify/ manage these risks appropriately.

Comprehensive transparency

That said, blockchain gaming offers potential unrivalled transparency over the full gaming lifecycle: from the supply chain, customer aquisition (payment to affiliates), service delivery and mitigates (or potentially eliminates) counterparty risk with a gambling house or in P2P wagering. 

Also, bitcoin gaming is more receptive to what are known as ‘provably fair’ mechanisms, levelling the playfield, to a certain extent, between heavily and lightly or even unregulated markets. 

This notion of provably fair systems involves taking three variables the gaming server encrypted hash, your browser hash and the ‘nonce’, the combination of which produces the random number used in say a dice game. The point being that the player him/herself can go through a process after the roll of the dice to see if the number produced was fair. 

This signals a change from trust based gaming, where users differentiate between sites based on reputation and how diligently each may be regulated, to a level playing field where you can test the sites you interact with to assess objectively their level of fairness. 

Of course, fairness may not always be a pre-requisite to playing with a particular site, as marketing has an influence over decisions; that said, bitcoin gaming seems to have embraced the notion of provably fair with a number of sites offering this feature (see directory here of sites and links where you can verify the fairness of each site). 

The Evolution of the RNG

Regarding RNGs, regulators traditionally require operators to have their random numbers tested. This means going to an approved testing house to assess statistically the fairness of the RNG being used. Once the RNG is certified, then the regulator would have an assurance that, subject to the constituent RNG being used by the operator, the gaming services are fair. 

For blockchain gamers, the future of the RNG in gaming is to use the blockchain itself as a source of verifiable randomness, meaning that a public ledger rather than a client side server produces and records naturally the random numbers for the gaming service provided.

This is a turn towards a fully self-sustaining blockchain gaming ecosystem, where every vertical in the gaming supply chain is inevitably recorded, monitored and depends on the same chain.  

In addition, to take this concept further, the role of smart contracts can stand to remove the counterparty risk that may occur in playing with the house or even in P2P gaming. A smart contract, in essence, is a piece of code that two parties subscribe to which self-executes. If the smart contract sets out the rules of the game and a reference to an external random number on the blockchain then, in principle, the counterparty risk between the parties is removed from the wager as it is the code that intermediates the transaction. 

I think it is important to observe that although some may find it hard to ascribe a social function to gambling in general, experimentation in this area with smart contracts could benefit the build of transparent financial instruments on a blockchain, as a wager contract is a just a simpler depiction of a derivative contract. 

In summary, looking at gaming and cryptocurrency is about understanding a new way of levelling the playing field online by the use of provably fair as a mechanism to empower users. Thereafter, we are likely to see self-sustaining blockchain gaming ecosystems emerge where everything from the RNG, to the games, to the punters and bookies are all on the same blockchain, embedding transparency and audit trails into every aspect of this new gaming industry; this will be a radical departure from a somewhat disjointed technology and service ecosystem that exists in online gaming today. In the meantime, bitcoin, as an inherently speculative asset, suits a chance-based industry, so alignment between cryptocurrency and gaming will inevitably start to develop, subject to operators and regulators understanding and managing adequately the associated risks.

African Banker Magazine Interviews Diacle

Diacle was asked by the African Banker Magazine to comment on the role and future of blockchain in that region:

“I think the main point is that banks can benefit from the most advanced open-source technology in the market for financial services that has ever existed and doesn’t cost a dime to access/adopt. Some of the greatest minds around the world are being applied to develop these technologies.

The tangible benefits are not so far off either. For instance in remittance, just last week, Santander announced the launch of a remittance application based on Ripple (an alternative blockchain protocol).

For governments, there is of course a public interest in reducing the costs of sending/receiving money. Mobile Money is but one mechanism competing now with digital currency to reduce the barriers to entry and thereby the costs for consumers.

In a presentation to the Commonwealth telecoms regulators I asked what was their utmost priority. For them ensuring a level playing field was imperative. So digital currency and blockchain offer new tools and a common ‘fabric’ to spur competition into a financial ecosystem.

Certain countries are unsure how to handle digital currency policy. Russia, takes a radical approach and bans bitcoin yet lauds the benefits of blockchain. Kenya, by contrast, warns Kenyans to ‘go slow’ on digital currencies, as the regulators need to catch up first to make it safe.

Regulation is indeed either the brakes or the accelerator of progress. And further adoption by banks requires contextual support from regulators and governments. Of importance are the type of collaborative initiatives such as Sandboxes, Regtech cross-stakeholder initiatives that allow banks to test out new technology with freedom from repercussions but with some reasonable oversight.

For incentives to be aligned between governments and banks, sometimes the benefits of blockchain need to be clearly set out. Bermuda is working with a blockchain group to assess its utility. Dubai, through its Global Blockchain Council, evidently wants to test the technology before offering its formal blessing.

Undeniably things have moved on since the early days of bitcoin. Last year, a bank with a blockchain strategy was quite edgy; now it is a given, the norm. Indeed, now it is the absence of a blockchain strategy that is questioned.

The road has also clearly split. It is no longer surprising to use the ‘b’ word; I mean ‘blockchain’ of course, not ‘bitcoin’. Regarding bitcoin, well digital currencies are a just harder sell for governments in their current form. It requires some re-purposing to see the utility and not just the risk. For instance, Dubai announced a loyalty scheme called Dubai Points (effectively a digital currency), which should be a sound way to explore the benefits and develop a more nuanced view about digital currency opportunities.”

KYC is not a hinderance – it protects your VC business

A Canadian bitcoin broker was defrauded by a customer who paid for bitcoins by cheque. The transaction appeared as two ‘deposits’ on the broker’s bank account, at which point the broker thought it was safe to deliver the bitcoins to the buyer. He did so, then the bank changed the status of the deposits as they discovered that the cheques were written from an empty account. The broker is suing the bank in question, TD bank, for the CAD12k loss. TD Bank suggested a settlement of CAD500, which the broker refused.

Fraud is the biggest reason to have extremely strong Know Your Customer (KYC) procedures. VC Exchanges and Brokers view KYC as a hindrance. No. It protects your business and protects you. If you need help making your KYC watertight contact Diacle for support.

Banks as digital asset custodians?

Competition and Markets Authority (CME) considers the UK retail and SME banking market to be anti-competitive

Basically, most startups and SMEs open an account with same bank as their personal account. The crux of the problem is, according to the CME, not that more banks are needed, but that people need to be able to easily switch to other providers. CME considers that customers “fear that switching their current account to a new bank will be complicated, time-consuming and risky”.

In terms of statistics, the CME says that “50% of start-ups looking for a SME account choose the bank with which they have a personal current account, over 90% stay with their BCA [Business Current Accounts] when the initial free banking period comes to an end, and around 90% then go to their BCA provider when they are looking for business loans”. The solution is better access to data (through the Midata project) and price comparison sites.

But most likely the real change in retail banking will come with PSD2 in 2018. According to Finextra, retail banking is set to lose 43% of retail payments revenue. Under this new EU directive, payment service providers will have read and write access to banking APIs. This will mean a service such as Transferwise will write a payment via API from a person’s local account to Transferwise rather than a manual transfer process. This will likely cause a seismic shift in retail banking because any payment company will have all the main functions of a bank without the hassle of custodianship.

So where to next?

Digital assets are the future.  

The reason people use banks is because they have a sense of security. If the bank fails the government will bail them out. 

That perception may change as banks have to bail-in (i.e. take customer deposits before asking money from the government). 

That said, banking security is overall robust and that is something the banking industry should be proud about.

In my opinion, the retail bank of the future is a custodian of digital assets. Barclays just gave up its precious metals vault to a Chinese bank. I would use some of that cash to create a digital asset vault. I have clients that come to me (although I am a lawyer) and want to buy large amounts of bitcoin. I ask where do they want to store it. Then they appear slightly baffled because they realise that digital assets actually involve physical delivery just like gold. Lose your private keys for your bitcoin wallet, and they are gone forever. So a bank would be the perfect candidate to provide a virtual vault for digital assets.

New bonds are being issued on the blockchain. Am I going to hold on to the blockchain bond or pass it to someone that knows how to hold stuff safely? 

I think, as you move up the value chain, there comes a point where you need a custodian because too much is at stake. 

Also, an insurance underwriter is more likely to write cyberinsurance for a bank handling digital assets than a startup.

Now there is an obvious regulatory barrier. The EBA discourages banks from holding and transacting with digital assets such as bitcoin. 

That doesn’t mean you can’t create a subsidiary to provide that as a service. More so, acting as a custodian of digital assets is not a regulated activity in the UK (well at least for virtual commodities such as bitcoin or Ether). 

It goes further. I have an important smart contract that I have entered into; could be the sale of my car or it could be an Over the Counter forward contract for a large amount of currency. I want my bank to hold my private keys, because I don’t trust myself to keep them safe. 

Basically, people need to delegate risk and human psychology is such that even if the blockchain is trustless we still need to trust ourselves to look after our own cryptographic keys. 

So there may be light at the end of the tunnel for banking in providing digital asset custodianship and private key management. 

Also, customers want more choice. They don’t want a GBP account when it starts tanking after Brexit. They want a hedge. A few currency accounts by default and maybe they want to buy some bitcoin too from the bank. To be quite honest only uninformed customers will use a bank for forex. It is difficult to compete with Transferwise; why would any business pay £20 to a bank to send £100 to Hong Kong and wait three days?

Either the bank needs to cut costs dramatically on payments/forex or start to offer more innovative solutions. I want to pay a supplier in Vietnam or China. If I use SWIFT, it will take forever i.e. more than 10 mins. If I go on Uphold.com, put some pounds in then send pounds to the supplier, they then convert the funds to bitcoin and withdraw immediately. This is the future. Without optionality in payments, banks will never meet the growing needs of SMEs. The world is globalised and SMEs participate in that world economy. 

As said, the bank’s biggest asset is the perception of operational security. If I lose my bank card, there is a procedure to get me a new one. If I lose all my account details, there is a procedure to find out who I am. If I start buying stuff online from different IP addresses, my bank flags it as fraud, I call them up at any time, and they unblock the card. This is all about operational security. 

But operational security is only the start of a service it is certainly not the end.

I appreciate that banks have set up accelerators and innovation hubs and are investing in the startups that will ultimately compete with the banks. This is a survival instinct being engaged. The key is not only to protect yourself from becoming irrelevant kind of like Blockbusters investing in Netflix, but to leverage your own solid customer base and operational security to surprise the market with your own solutions. 

If I was a bank today, I would have set up a subsidiary to build a custodian solution for digital assets. Innovative solution for an innovation hungry market.

Use EU Law to power your Virtual Currency Exchange

Bitstamp announcing the grant of a Payments licence in Luxembourg is certainly a step forward for the industry. Most important is that such a licence should facilitate their banking relationships. As an unlicensed Virtual Currency (VC) exchange, it is almost impossible to get banking.

With regards to the exact scope of their licence, it is not clear the type of permissions applied for. That won’t be available until it is live, apparently after 1 July.

We should note that the first licensed VC Payment Institution (to my knowledge) was SnapSwap. SnapSwap are a Ripple Gateway who moved their operations to Luxembourg. They were granted permissions for money remittance, execution of payment instructions and operation of a payment account. I expect Bitstamp will have similar permissions with maybe a few more.

The financial services single market in the EU is certainly not harmonised. There is, for example, one law, the Payment Services Directive, but interpreted in many different ways by national regulators.

To elaborate further, the FCA in the UK considers VC exchanges to sit outside of the Payment Services Directive (PSD) mainly because the primary purpose of the VC exchange is not the provision of payment services. In Germany, BAFIN considers VC exchanges to be offering trading in ‘financial instruments’, almost switching the business model from a movement of value to the trading of securities. In contrast, Luxembourg CSSF, looking at the same law, considers that it can licence VC exchanges under PSD.

This fragmentation is just as bad as state-level interpretation in the US: some states don’t regulate, some do but only custodians (New Jersey), some will only regulate VC to fiat exchanges, some will try and regulate everything.

The advantage of the EU approach is that if you are licensed under an EU directive you can put the Single Market behind you to get your services into every member state.

To illustrate this: once authorised by CSSF, there a default single market right to ‘passport’ the licence to the rest of the EU. But, for example, BAFIN may argue that a payments licence can’t cover trading ‘financial instruments’, which it has defined cryptocurrency as. In which case you have to rely on the Single Market freedoms to prove that BAFIN’s interpretation amounts effectively to a trade barrier. This doesn’t work every time especially when public policy is involved, for example: member states are allowed to ‘gold plate’ AML requirements, so if Estonia feels that the KYC threshold should be EUR1,000 then the regulated entity has to meet that particular domestic requirement.

The question is when will these fragmented regulatory interpretations be harmonised? Most likely, the EU Commission will harmonise the interpretation of PSD through legislation or the Court of Justice of the European Union will do the job, which they did with the Ruling on the EU wide VAT exemption. However, after Paris attacks, maybe the Commission may jump ahead of CJEU.

So, to summarise, the Single Market in financial services is not complete nor is it in continual sync with the pace of innovation. A separate example outside of VC would be binary options, these are regulated in some EU states as gambling products in others as financial instruments. The first EU country to regulate them as a financial instrument was Cyprus. The consequence of which saw a large number of operators from around the world queuing up with CySec to pick up a MIFID passport to provide their binary options products to the rest of the EU. Same with Equity Crowdfunding. This is essentially arranging deals in investments (covered under MIFID). When the FCA in the UK started issuing MIFID passports to UK crowdfunding operators they could use that to enter other EU markets where the regulator might not have been as keen on equity crowdfunding or were delaying on having an official position. These are the natural regulatory arbitrage opportunities that exist in the EU. Certainly, I would never advise a client to get a ‘passport’ and go for it without concern or recourse to domestic regulators, but innovation waits for no-one and it would be ridiculous not to use the imperfections of EU Single Market to power your fintech business.