The regulation of Blockchain technology remains patchwork and has left many questions unanswered. The German regulator BaFin takes another stab at clarifying some aspects.
The Opening Bell
Little more than a year ago the U.S. Securities and Exchange Commission (SEC) published two documents on Initial Coin Offerings that can with hindsight be seen as the opening bell for the regulatory clampdown on ICOs. When the financial watchdog addressed some open questions about the legal nature of ICOs and in particular the tokens of the famous DAO, the Decentralized Autonomous Organization that raised an unbelievable $150m in less than four weeks and than crashed in spectacular fashion when a hacker exploited a code weakness to steal a large chunk of it. What now sounds like just one in a number of token issuances that have raised similar amounts was poised to draw the attention of the regulators even though no one really lost any money apparently.
The first document, an Investigative Report, determined that DAO Tokens, a digital asset, were, in fact, securities. The second, an Investor Bulletin on Initial Coin Offerings, explained blockchain, digital tokens and some key points to consider when determining whether to participate in an ICO.
The Report clarified why the DAO Tokens were securities and also went to lengths to explain that to establish whether an ICO involves the offer and sale of securities, depends on the facts and circumstances of the offering. Prior to the report, the use of smart contracts was often cited to establish that tokens should not be considered securities. However, the SEC report made it clear that the automation of certain functions through blockchain technology, “smart contracts,” or computer code, does not remove conduct from the purview of the U.S. federal securities laws. As a consequence of the DAO report, the SEC has jurisdiction over all ICOs that were open to US investors, which should be most, if not all as it is difficult to rule out entirely that someone from the US participated in an offering. It was for this reason that the SEC decision sent ripples through the blockchain world as it moved the compliance with financial regulation into the spotlight. Soon, a number of regulators around the world followed suit, most notably the Chinese authorities that cracked down on ICOs and cryptocoin exchanges in September last year.
Despite this wave of regulatory activity, many questions regarding the application of the decentralized structures of blockchain technology remain unanswered.
The German regulator BaFin takes another stab at clarifying some aspects in a publication on digitalization in finance that focuses on the regulatory issues of Big Data, Artificial Intelligence, and – yes, you guessed it – Blockchain.
The Germans seemed to have always been suspicious of ICOs and in fact joined the group of regulators that issued warnings against token offerings and highlighting the risks. Neither this document nor the guidance with regard to the regulatory classification of ICOs as financial instruments addressed the various aspects of blockchain regulation, but a response to an inquiry from the parliament in March provided at least some clarity with regard to tax issues and enforcement action. Nonetheless, still plenty of open questions, so the latest document aims to address these insecurities.
The German Response
So, what does the paper say? First, we get an introduction on the background and the inner workings of blockchain technology before the authors explain the evolution of decentralized ecosystems and the blockchain economy. It is here where we come across the first legal issue that is looking for a solution, i.e. how can it comply with the right to be forgotten of a data subject as introduced recently by the GDPR.
The report doesn’t answer this question and instead moves on to describe the general approach of the German regulator. At its center, BaFin’s places – as it does with regard to all forms of innovative technologies – its principle of “technology neutrality”. This means that regardless of the underlying technology it tries to apply the same regulatory principles it does in respect of the similar activities and risks.
And this is were the trouble starts – at least in the sense of regulatory application and the search for definitive answers. To cut a long story short, the BaFin paper doesn’t get any further than crypto tokens and ICOs – it doesn’t touch on any of the other applications of blockchain technology in financial services – but it kind of explains why this is so difficult.
Crypto tokens, the authors write, are by nature diverse and most tokens differ from each other. Though this is not a very revolutionary statement, it is the basis for the case-by-case evaluation of each token in regulatory terms. Each individual case thus requires a regulatory assessment of the crypto token and the underlying business model. From the tokens the German regulator has already examined, several laws could be applicable depending on the respective case, namely provisions from the German Banking Act (KWG), the German Securities Trading Act and the German Securities Prospectus Act (WpHG, WpPG) or the the law on investment products, the “Vermögensanlangengesetz” (VermAnlG). In addition, numerous other elements of financial regulation come into consideration, in particular the Money Laundering Act (GwG), the Payment Services Supervision Act (ZAG), the Capital Investment Code (KAGB), but also directly applicable European secondary law such as the Market Abuse Regulation (MAR) of the European Union.
So, if you really need clarity on the regulations that come into play with regard to a specific token, you would need to contact BaFin directly to have it determine – at a cost though – the regulatory implications.
Thus the insights and clarification this reports provides are limited. The authors classify cryptotokens in essentially three categories: payment tokens, utility tokens, and security like tokens like equity or other investment tokens, and for each of the categories they provide some interpretation. Payment tokens fall under the rules of the German Payment Services Act (Zahlungsdiensteaufsichtsgesetz – ZAG), something that was already determined in a paper in 2011 with regard to Bitcoin, which in itself means that it doesn’t require authorization. However, if additional aspects other than the pure payment function are involved, authorization might be required, and in any case the exchange of crypto for fiat currencies like Euro is regulated under the German Banking Act.
For security like tokens under the other hand the German Securities Prospectus Act (WpHG) is the most obvious port of call. The first paragraph of § 2 WpHG defines what a security is and since it derives from MiFID II, there is little space for interpretation other than summarizing such a token under the definition of a financial instrument. Which is something BaFin pointed out already in the document on ICOs from earlier this year referred to above. The authors also make reference to potential prospectus obligations in accordance with German and EU law and highlight the obligations in respect of market abuse as set out in the Market Abuse Regulation.
And as for utility tokens, BaFin explains that in theory no authorization would be required. If – and this is a big if- if it is purely a utility token and does not contain any other function such as payments or security elements. Which, in turn, would trigger the respective regulatory consequences.
The report concludes its regulatory analysis by touching briefly on the subject of ICOs itself and differentiates between the obligations with regard to a) the token issue itself and b) the secondary trading of these tokens, which falls under the authorization requirements for marketplaces or the exchange for fiat currencies. Not much here and the section ends with a repetition of the warnings against token offerings and highlighting the risks mentioned above.
The chapter ends with a summarizing statement that determines that despite the remarkable market cap of cryptocurrencies, ICOs do not pose a threat for financial stability (yet).
So, what can we take away from this? One would have hoped that the German regulator would have used this chance to contribute something more else than its view on the regulation of cryptocoins. Especially, since clarity would be very welcome if not vital for the development of blockchain solutions in other fields. But as the German saying goes, “a good horse never jumps higher than it has to”, the regulator leaves it us to delve into its existing pool of financial rules and try to interpret the rules as they are to new activities until, eventually, it will have to take a stand.