Many have compared the enormous crypto-value bubble to the ‘tulip mania’ that struck early 17th-century Netherlands. As trading ‘tips’ saturate social media, articles detailing vast fortunes acquired overnight fill the most respectable publications, and untraceable ‘coins’ ranging from the comparatively established bitcoin and ethereum to an ever-growing pool of ‘alt-coins’ are available to anyone with a smartphone, cryptocurrency offers a perfect storm of anonymity and speculation.
Indeed, to demonstrate how easy – and dangerous – it all is, we engaged in a small experiment. After withdrawing cash from an ATM in the City of London, we took it to a grocer on one of north-west London’s high streets. Inside, using a ‘Satoshi Point Crypto ATM’, we inserted the cash and received a deposit into our smartphone’s cryptocurrency wallet – no identification required. From there, we signed up for a cryptocurrency trading exchange operated out of East Asia – again with no identification – and bought alt-coins generated through an initial coin offering (ICO). Predictably, we soon lost almost 100 per cent of our initial investment. But, had we achieved the hoped-for 1,000 per cent-plus return, which was common during the crypto-value bubble, we could have made our way back to our crypto-ATM and anonymously withdrawn thousands of pounds in cash.
The risks have not gone unnoticed. The G20 Leaders’ declaration summary from last year’s G20 summit in Argentina stated that: ‘We will regulate crypto-assets for anti-money laundering and countering the financing of terrorism in line with FATF standards and we will consider other responses as needed.’ And the need for a more unified approach is manifest, as regulators’ stances across EMEA cover the full spectrum, from Switzerland encouraging ICOs (‘Crypto Valley’ is located in Zug, population 30,000) to the Republic of North Macedonia outlawing any and all cryptocurrency transactions. But as we wait for regulators to settle on standards, the lack of a coherent regulatory framework will inevitably lead to an increasing number of investigations and prosecutions across EMEA, including by US authorities who have already shown a robust appetite for extraterritorial investigations in the area.
This article discusses key securities-related regulatory developments across EMEA. Particularly, we emphasise our work from the past two years, outlining how different regulators are approaching fintech, which has continued to be a key area of regulatory focus. We then turn to cryptocurrencies and ICOs, noting the different approaches adopted by regulators across the region.
Securities regulation review and recent developments
Securities and market regulation is a broad topic, covering everything from insider trading and cutting-edge market manipulation to false or misleading prospectuses and Ponzi schemes (including those masquerading as ICOs). The International Organization of Securities Commissions (IOSCO) – an organisation that includes a number of EMEA regulators as members – defines the three primary objectives of securities regulation as:
- protecting investors;
- ensuring that markets are fair, efficient and transparent; and
- reducing systemic risk.
In May 2017, the IOSCO published its ‘Methodology for Assessing Implementation of the IOSCO Objectives and Principles of Securities Regulation’. Designed ‘to provide IOSCO’s interpretation of its Objectives and Principles of Securities Regulation’, the methodology offers valuable granularity on the IOSCO’s primary objectives and its views on the underlying foundation for securities regulation. For example, because of the cross-border nature of securities investigations, the IOSCO expects that ‘[l]egislation and the enforcement powers of the regulator should be sufficient to ensure that it can be effective in cases of cross-border misconduct.’ The publication of the methodology has yet to lead to any noticeable changes in securities regulators’ behaviour, but we expect that they will continue to use it as a template in the regulatory agenda in 2019, especially in developing economies.
Securities regulators – regional approaches and developments
Across EMEA, regulators have continued to be active in investigating potential securities misconduct and developing their regulatory agendas. As noted, fintech sits high on their list, owing to:
- the potential economic benefits to be gained by creating a financial system that harnesses developing fintech;
- the risks that failing to develop such a system creates for investors and the general public; and
- the rapid advancement of technology, creating a dynamic in which regulators can either get up to speed or get left behind.
European regulators continue to actively police securities markets and work collaboratively with other regulators to educate one another and assist with investigations across borders.
In the United Kingdom, the Financial Conduct Authority (FCA) announced in 2017 that it would be collaborating with the US Commodity Futures Trading Commission (CFTC) on fintech innovation. Shortly before, the FCA canvassed the views of market participants on whether regulators should create a ‘global sandbox’ for innovators to test ideas in a controlled environment and work with regulators to ensure compliance with regulations across multiple jurisdictions. The FCA sandbox has been described as the ‘gold standard’, and such collaboration is a growing trend. In November 2018, the FCA released the conclusions of the Cryptoassets Taskforce which expressed concern about consumers potentially participating in risky purchases, and that a prohibition of the sale of certain cryptoassets to consumers will be taken into consideration.
Regulators across Europe will also be working together to attend to the requirements of the new Markets in Financial Instruments Directive (MiFID II), which came into force across Europe on 3 January 2018. MiFID II aims to ‘strengthen investor protection and improve the functioning of financial markets, making them more efficient, resilient and transparent’. By providing regulators with more information and data in the service of this ideal, we foresee a continuing uptick in cross-border investigations as a likely consequence.
Further, while some firms continue to struggle to establish the necessary systems to comply with MiFID II, regulators’ willingness to tolerate failings will decrease as the year goes by. Any actions conducted by regulators are likely to be cross-border in nature because of the uniform requirements across the Eurozone.
Fintech continues to enjoy widespread support among Middle Eastern regulators. Several, including the Central Bank of Bahrain, the Dubai Financial Services Authority and the Abu Dhabi Global Market (ADGM), have successfully adopted the use of regulatory sandboxes for fintech trials. The ADGM has been particularly active: in March 2019 it opened applications for its fourth round of entrants to its ‘Regulatory Laboratory’, focusing on access to financial services. Demonstrating awareness that the new technology could lead to significant economic benefits, the Middle East should continue to hone its securities regulation landscape to accommodate fintech advances in the coming year.
That said, ongoing political tensions in the region have impacted the cross-border investigation landscape before and may continue to do so. For example, in March 2018, the Central Bank of Qatar asked the CFTC to investigate possible manipulation of Qatar’s currency market by the US subsidiary of First Abu Dhabi Bank. A sovereign’s offensive use of another’s regulatory enforcement apparatus as an alternative means to engage in such a dispute is a trend to watch (and the use of the CFTC to do so underlines the agency’s growing prominence in the cross-border investigations space).
The financial services markets across Africa slowed down over 2018, with 17 initial public offerings compared with 30 the year before. As market activity increased over the past five years, so did regulatory activity. In South Africa, for example, the Financial Sector Regulation Bill was signed in August 2017 and the regulations to the Financial Markets Act 2012 were enacted into law in February 2018. These new regulations govern securities within South Africa, including the trading of over-the-counter derivatives that had previously been unregulated.
The weaknesses of regulators in other jurisdictions, however, has caused the US Securities and Exchange Commission (SEC) to begin investigations involving African affiliates registered with the Public Company Accounting Oversight Board. In 2018, the SEC announced that it was fining a number of firms, including the regional affiliates of Deloitte in Zimbabwe and KPMG (both in Zimbabwe and South Africa), over an audit that circumvented the oversight of the Public Company Accounting Oversight Board. This again demonstrates that market participants around the world must be mindful that, even if their conduct squares with local regulations or escapes the interest of local regulators, US regulators will act in the broad range of instances that they can assert jurisdiction.
Although bitcoin has been in existence since 2009, the prominence of cryptocurrencies – and the issue of whether they should be regulated as securities – reached a crescendo in late 2017, and ebbed through 2019. Indeed, the topic even drew the attention of late-night comedians, with John Oliver quipping that bitcoin is ‘everything you don’t understand about money combined with everything you don’t understand about computers’.
Initially, there was confusion about whether cryptocurrencies were a currency (therefore falling within the jurisdiction of central banks and monetary authorities), a security or merely a way for shady characters to buy items anonymously on the dark web. As the price of a bitcoin exceeded US$10,000, however, the general public (and therefore regulators) became more interested in their investment potential and, most importantly to regulators, the potential risks involved.
The ADGM’s Financial Services Regulatory Authority took an early stand on the classification of cryptocurrency. An October 2017 guidance noted that, rather than being an analogue to currency, ‘virtual currencies have much in common with physical commodities such as precious metals, fuels and agricultural produce’. Announcing that it would treat cryptocurrency as commodities, not currencies, the agency is now reviewing and developing a commodities-based regulatory framework to supervise virtual currency exchanges and intermediaries.
In contrast, the head of the European Banking Authority (EBA) stated in a speech in March 2018 that regulators must develop a more nuanced approach for cryptocurrency, and rejected calls from other central banks to put forward concrete proposals for regulation. Noting that a stand-alone regulatory framework would take years to develop, in January 2019 the EBA essentially delayed any immediate actions by recommending that additional research and analysis be conducted. The EBA stated that current cryptocurrency regulation should rest on three pillars:
- the use of anti-money laundering and counter-terrorist financing regulations to prevent its illegal use;
- warnings to consumers of its dangers; and
- restrictions on regulated financial institutions to prevent them from buying, holding or selling it.
The failure to agree on a way forward increases risks for firms that want to take advantage of the huge profits to be made on cryptocurrency. The US experience makes the point. The CFTC’s chairman testified enthusiastically about bitcoin and other cryptocurrencies before the US Senate on 6 February 2018 and continues to endorse a ‘do no harm’ approach in his March 2019 speech at the 4th Annual DC Blockchain Summit. Later that month, the SEC revealed its approach, serving subpoenas and information requests on a number of companies and advisers involved in cryptocurrency. This disjointed approach seems likely to plague industry players in EMEA too, where a lack of clarity from many regulators persists despite the creation of Europe’s International Association of Trusted Blockchain Applications (INATBA) in 2019.
In April 2019, the SEC published its ‘Framework for “Investment Contract” Analysis of Digital Assets’, providing insight into how the Commission believes the Howey test should apply to digital tokens sold through ICOs. This framework was designed to offer guidance on how companies in the cryptocurrency industry can navigate the relatively unregulated environment around digital token issuances without running afoul of the federal securities laws. While this document sets forth a useful framework for ICOs, it isn’t binding on the SEC and doesn’t explain how the SEC will enforce the laws going forward. As a result, it’s difficult to predict how the SEC’s enforcement activities might impact the cryptocurrency market without further clarification on a number of outstanding issues, such as whether ICOs conducted outside US borders fall under the SEC’s jurisdiction. Despite its shortcomings, the SEC’s new framework represents a meaningful step in the Commission’s effort to develop a stronger relationship with the cryptocurrency industry.
Initial coin offerings
An ICO is a method by which companies can raise financing and capital through the creation of their own cryptocurrency. Typically, the company releasing the ICO will produce a white paper detailing its business plans and the nature of the tokens to be offered. Investors then purchase the cryptocurrency in the hope that its value will soar. One of the most successful ICOs ever, by Ethereum, sold tokens in 2014 at US$0.31 that reached a high of over US$1,293 in early January 2018 before falling off, but still maintaining a value of over US$158, as of April 2019.
Unlike traditional securities, however, there is little to no regulation about:
- the requirements of what must be contained in a company’s white paper;
- who can and cannot invest in an ICO; and
- what measures companies must take to protect consumers.
Across EMEA, regulators have warned consumers about the dangers associated with ICOs (examples are available on the IOSCO’s website). The warnings give some insight into the direction regulators may take going forward, but do not serve as reliable guidance for those assessing the regulatory risk when considering an ICO.
Instead, as the number of ICOs balloons (1,258 ICOs in 2018, which raised over US$7.8 billion), regulators’ concerns lie primarily on the potential for fraud targeting uninformed investors. The Swiss Financial Market Supervisory Authority (FINMA) was the first to buck the trend, offering formal written guidance to ICO organisers. In it, the FINMA clarified a number of aspects of its approach, including that payment tokens (the standard form of cryptocurrency) would not be treated as securities, but that asset tokens (where the token is backed by a physical asset, such as LATOKEN) would be.
The failure of other regulators in the EMEA region to provide similar guidance is likely to lead to more cryptocurrency-focused investigations as regulators work out how old rules – enacted before blockchain technology came about – apply in this new context.
We expect that 2019 will be a busy year for securities regulators across EMEA. The continued lack of guidance regarding cryptocurrency and ICOs creates a significant regulatory risk for firms and, as regulators develop their own approach, cross-border investigations are sure to follow.
applications-with-sme-focus; www.cnbc.com/2017/05/25/dubai-fintechs-invited-to-play-in-regulated-innovation-sandbox.html; www.zawya.com/uae/en/story/Bahrain_Central_Bank_launches_regulatory_sandbox_for_fintech_firms-ZAWYA20180312081526.