Securities Regulation and Investigations Across EMEA

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

Last year’s article examined securities regulators’ struggle to balance two competing concerns in the fast-growing and under-regulated fintech sector: nurturing growth and controlling it with regulation. This year, we focus on the newest and most controversial topic to hit securities regulation: cryptocurrency.

Many have compared the enormous crypto-value bubble to the ‘tulip mania’ that struck early 17th-century Netherlands. As trading ‘tips’ saturate social media, articles detailing vast fortunes acquired overnight fill the most respectable publications, and untraceable ‘coins’ ranging from the comparatively established bitcoin and ethereum to an ever-growing pool of ‘alt-coins’ are available to anyone with a smartphone, cryptocurrency offers a perfect storm of anonymity and speculation.

Indeed, to demonstrate how easy – and dangerous – it all is, we engaged in a small experiment. After withdrawing cash from an ATM in the City of London, we took it to a grocer on one of north-west London’s high streets. Inside, using a ‘Satoshi Point Crypto ATM’, we inserted the cash and received a deposit into our smartphone’s cryptocurrency wallet – no identification required. From there, we signed up for a cryptocurrency trading exchange operated out of the Far East – again with no identification – and bought alt-coins generated through an initial coin offering (ICO). Predictably, we soon lost almost 100 per cent of our initial investment. But, had we achieved the hoped-for 1,000 per cent-plus return (fingers still crossed!) common during the crypto-value bubble, we could have made our way back to our crypto-ATM and anonymously withdrawn thousands of pounds in cash.

The risks have not gone unnoticed. Both Germany and France have requested adding cryptocurrency to the agenda for this year’s G20 summit in Argentina. And the need for a more unified approach is manifest, as regulators’ stances across EMEA cover the full spectrum, from Switzerland encouraging ICOs (‘Crypto Valley’ is located in Zug, population 30,000) to the Republic of Macedonia outlawing any and all cryptocurrency transactions. But as we wait for regulators to settle on standards, the lack of a coherent regulatory framework will inevitably lead to an increasing number of investigations and prosecutions across EMEA, including by US authorities who have already shown a robust appetite for extraterritorial investigations in the area.

This article first surveys key securities-related regulatory developments across EMEA. Particularly, we pick up on our work from last year, outlining how different regulators are approaching fintech, which has continued to be a key area of regulatory focus. We then turn to cryptocurrencies and ICOs, noting the different approaches adopted by regulators across the region.

Securities regulation review and recent developments

Securities and market regulation is a broad topic, covering everything from insider trading and cutting-edge market manipulation, to false or misleading prospectuses and Ponzi schemes (including those masquerading as ICOs). The International Organization of Securities Commissions (IOSCO) – an organisation that includes a number of EMEA regulators as members – defines the three primary objectives of securities regulation as: 1

protecting investors;
ensuring that markets are fair, efficient and transparent; and
reducing systemic risk.

In May 2017, the IOSCO published its ‘Methodology for Assessing Implementation of the IOSCO Objectives and Principles of Securities Regulation’.2 Designed ‘to provide IOSCO’s interpretation of its Objectives and Principles of Securities Regulation’, the methodology offers valuable granularity on the IOSCO’s primary objectives and its views on the underlying foundation for securities regulation. For example, due to the cross-border nature of securities investigations, the IOSCO expects that ‘[l]egislation and the enforcement powers of the regulator should be sufficient to ensure that it can be effective in cases of cross-border misconduct’. The publication of the methodology has yet to lead to any noticeable changes in securities regulators’ behaviour, but we expect that they will use it as a template in the regulatory agenda in 2018, especially in developing economies.

Securities regulators – regional approaches and developments

Across EMEA, regulators have continued to be active in investigating potential securities misconduct and developing their regulatory agendas. As noted, fintech sits high on their list due to:

the potential economic benefits to be gained by creating a financial system that harnesses developing fintech;
the risks that failing to develop such a system creates for investors and the general public; and
the rapid advancement of technology, creating a dynamic in which regulators can either get up to speed or get left behind.

Europe

European regulators continue to actively police securities markets and work collaboratively with other regulators to educate one another and assist with investigations across borders.

In the United Kingdom, the Financial Conduct Authority (FCA) announced that it would be collaborating with the US Commodity Futures Trading Commission (CFTC) on fintech innovation.3Shortly before, the FCA canvassed the views of market participants on whether regulators should create a ‘global sandbox’ for innovators to test ideas in a controlled environment and work with regulators to ensure compliance with regulations across multiple jurisdictions.4The FCA sandbox has been described as the ‘gold standard’, and such collaboration is a growing trend. With it, we expect to gradually see a more cohesive and uniform approach.

Regulators across Europe will also be working together to attend to the requirements of the new Markets in Financial Instruments Directive (MiFID II), which came into force across Europe on 3 January 2018. MiFID II aims to ‘strengthen investor protection and improve the functioning of financial markets, making them more efficient, resilient and transparent’.5 By providing regulators with more information and data in the service of this ideal, we foresee an uptick in cross-border investigations as a likely consequence.

Further, while some firms continue to struggle to establish the necessary systems to comply with MiFID II, regulators’ willingness to tolerate failings will decrease as the year goes by. Any actions conducted by regulators are likely to be cross-border in nature, due to the uniform requirements across the eurozone.

Middle East

Fintech continues to enjoy widespread support among Middle Eastern regulators. Several, including the Central Bank of Bahrain,6 the Dubai Financial Services Authority7 and the Abu Dhabi Global Market (ADGM), have successfully adopted the use of regulatory sandboxes for fintech trials. (The ADGM has been particularly active: in 2018 it opened applications for its third round of entrants to its ‘Regulatory Laboratory’, focusing on access to financial services.)8Demonstrating awareness that the new technology could lead to significant economic benefits, the Middle East should continue to hone its securities regulation landscape to accommodate fintech advances in the coming year.

That said, ongoing political tensions in the region have impacted the cross-border investigation landscape before and may continue to do so. For example, in March 2018, the Central Bank of Qatar asked the CFTC to investigate possible manipulation of Qatar’s currency market by the US subsidiary of First Abu Dhabi Bank. A sovereign’s offensive use of another’s regulatory enforcement apparatus as an alternative means to engage in such a dispute is a trend to watch (and the use of the CFTC to do so underlines the agency’s growing prominence in the cross-border investigations space).

Africa

The financial services markets across Africa picked up over 2017, with 28 initial public offerings compared with 20 the year before.9 As market activity increased, so did regulatory activity. In South Africa, for example, the Financial Sector Regulation Bill was signed in August 2017 and the regulations to the Financial Markets Act 2012 were enacted into law in February 2018. These new regulations govern securities within South Africa, including the trading of over-the-counter derivatives which had previously been unregulated.

The weaknesses of regulators in other jurisdictions, however, has caused the US Securities and Exchange Commission (SEC) to begin investigations involving African affiliates registered with the Public Company Accounting Oversight Board. In March 2018, the SEC announced that it was fining a number of firms, including the regional affiliates of Deloitte in Zimbabwe and KPMG (both in Zimbabwe and South Africa), over an audit that circumvented the oversight of the Public Company Accounting Oversight Board.10This again demonstrates that market participants around the world must be mindful that, even if their conduct squares with local regulations or escapes the interest of local regulators, US regulators will act in the broad range of instances they can assert jurisdiction.

Recent developments

Cryptocurrencies

Although bitcoin has been in existence since 2009, the prominence of cryptocurrency – and the issue of whether they should be regulated as securities – reached a crescendo in late 2017, and continues into 2018. Indeed, the topic even drew the attention of late-night comedians, with John Oliver quipping that bitcoin is ‘everything you don’t understand about money combined with everything you don’t understand about computers’.11

Initially, there was confusion about whether cryptocurrencies were a currency (thus coming within the jurisdiction of central banks and monetary authorities), a security or merely a way for shady characters to buy items anonymously on the dark web. As the price of a bitcoin exceeded US$10,000, however, the general public (and therefore regulators) became more interested in their investment potential and, most importantly to regulators, the potential risks involved.

The ADGM’s Financial Services Regulatory Authority (FSRA) took an early stand on the classification of cryptocurrency. An October 2017 guidance noted that, rather than being an analogue to currency, ‘virtual currencies have much in common with physical commodities such as precious metals, fuels and agricultural produce’.12 Announcing that it would treat cryptocurrency as commodities, not currencies, the agency is now reviewing and developing a commodities-based regulatory framework to supervise virtual currency exchanges and intermediaries.13

In contrast, the head of the European Banking Authority (EBA) stated in a speech in March 2018 that regulators must develop a more nuanced approach for cryptocurrency, and rejected calls from other central banks to put forward concrete proposals for regulation.14 Noting that a stand-alone regulatory framework would take years to develop, the EBA argued that current cryptocurrency regulation should rest on three pillars:

the use of anti-money laundering and counter-terrorist financing regulations to prevent its illegal use;
warnings to consumers of its dangers; and
restrictions on regulated financial institutions to prevent them from buying, holding or selling it.

The failure to agree on a way forward increases risks for firms that want to take advantage of the huge profits to be made on cryptocurrency. The US experience makes the point. The CFTC’s chairman testified enthusiastically about bitcoin and other cryptocurrencies before the US Senate on 6 February 2018. Later that month, the SEC revealed its approach, serving subpoenas and information requests on a number of companies and advisers involved in cryptocurrency.15 This disjointed approach seems likely to plague industry players in EMEA, too, where a lack of clarity from many regulators persists.

Initial coin offerings

An ICO is a method by which companies can raise financing and capital through the creation of their own cryptocurrency. Typically, the company releasing the ICO will produce a white paper detailing its business plans and the nature of the tokens to be offered. Investors then purchase the cryptocurrency in the hope that its value will soar. One of the most successful ICOs ever, by Ethereum, sold tokens in 2014 at US$0.31 that reached a high of over US$1,293 in early January 2018 before falling off, but still maintaining a value of over US$520, as of April 2018.16

Unlike traditional securities, however, there is little to no regulation about:

the requirements of what must be contained in a company’s white paper;
who can and cannot invest in an ICO; and
what measures companies must take to protect consumers.

Across EMEA, regulators have warned consumers about the dangers associated with ICOs (examples are available on the IOSCO’s website). 17 The warnings give some insight into the direction regulators may take going forward, but do not serve as reliable guidance for those assessing the regulatory risk when considering an ICO.

Instead, as the number of ICOs balloons (approximately 50 in the first two months of 2018 raised over US$1.1 billion), regulators’ concerns lie primarily on the potential for fraud targeting uninformed investors. The Swiss Financial Market Supervisory Authority (FINMA) was the first to buck the trend, offering formal written guidance to ICO organisers.18 In it, the FINMA clarified a number of aspects of its approach, including that it would not treat payment tokens (the standard form of cryptocurrency) as securities, but that asset tokens (where the token is backed by a physical asset, such as LAToken) would be.

The failure of other regulators in the EMEA region to provide similar guidance is likely to lead to more cryptocurrency-focused investigations as regulators work out how old rules – enacted before blockchain technology came about – apply in this new context.

Conclusion

We expect that 2018 will be a busy year for securities regulators across EMEA. The lack of guidance regarding cryptocurrency and ICOs creates a significant regulatory risk for firms and, as regulators develop their own approach, cross-border investigations are sure to follow.

Notes

1 www.iosco.org/about/?subsection=display_committee&cmtid=19&subSection1=principles.

2 https://www.iosco.org/library/pubdocs/pdf/IOSCOPD562.pdf

3 www.fca.org.uk/news/press-releases/fca-and-us-cftc-sign-arrangement-collaborate-fintech-innovation.

4 www.fca.org.uk/firms/regulatory-sandbox/global-sandbox.

5 www.esma.europa.eu/policy-rules/mifid-ii-and-mifir.

6 www.zawya.com/uae/en/story/Bahrain_Central_Bank_launches_regulatory_sandbox_for_fintech_firms-ZAWYA20180312081526/.

7 www.cnbc.com/2017/05/25/dubai-fintechs-invited-to-play-in-regulated-innovation-sandbox.html

8 www.mondovisione.com/media-and-resources/news/abu-dhabi-global-market-welcomes-3rd-reglab-cohort-applications-with-sme-focus/.

9 www.pwc.co.za/en/publications/africa-capital-markets-watch.html.

10 www.wsj.com/articles/kpmg-deloitte-bdo-to-pay-fines-over-audit-at-south-african-company-1520962448.

11 www.theguardian.com/tv-and-radio/2018/mar/12/john-oliver-last-week-tonight-cryptocurrency. See also business.financialpost.com/technology/blockchain/when-your-cab-driver-starts-talking-about-bitcoin-its-time-to-sell.