Crypto-assets will remain a highly volatile investment and means of exchange until regulation becomes a legal certainty. When that happens, it will reduce the use of crypto-assets in fraud and will protect investors.

Almost two years after the European Commission adopted its Fintech Action Plan, at the end of 2019 it launched a public consultation on a future EU framework for markets in crypto-assets.

The EU has recognized the inherent policy interests in promoting crypto-assets as one of the major applications of blockchain technologies.

The universal benefits of crypto-assets include ease and integration of payments for users, as well as increased access to financial markets for consumers.

It is, therefore, agreed by regulators globally that the general impetus of any regulatory framework should be a fair and level playing field for users and operators, balancing the need to protect investors and not stifle innovation.

That being said, the commission recognizes the lack of harmonization among EU member states in crypto-asset regulation – and the large portion of crypto-assets that fall outside EU regulation.

Shadow play

There is no single global definition of 'crypto-asset' – labels are as diverse as 'digital', 'virtual', 'electronic', 'cyber', 'payment', 'utility', and 'investment', with the asset being described as a 'currency', 'coin' or 'token'.

Crypto-assets are broadly defined as private digital assets that use cryptography and are designed to work as a medium of exchange.

The most well-known crypto-asset, 'cryptocurrencies', are used as a medium of exchange on exchanges and trading platforms, and were created as an alternative to fiat money.

They include names like Ethereum, Ripple, Litecoin and Bitcoin.

Narrow utilization purpose

On the other hand, crypto 'tokens' generally have a narrower utilization purpose (for example, payment, strict use, or investment).

Most recently, all eyes are on 'stablecoin', a type of cryptocurrency that is normally used to pay for purchases of other crypto-assets on exchanges or trading platforms that do not accept fiat money.

Examples of stablecoin include the JP Morgan Coin, Barclays, NASDAQ and UBS' Utility Settlement Coin (USC) , and Facebook's Libra

The stablecoin is of interest, given that it seeks to bring certainty to crypto-asset markets (by pegging 'stable' fiat currencies), which, until now, have experienced instability and hyperinflation.

In practice, stablecoin arrangements use fiat money, commodities or other cryptocurrencies as collateral to maintain stability (as such, an 'asset-backed' coin). 

Nevertheless, if stablecoins are tied to one or more asset classes, there is an element of relativity in the value of the stablecoin and, thus, they are not absolutely 'stable'.

Bad penny

The share of crypto-assets held globally compared with the aggregate level of global payment transactions is relatively small (estimated market capitalization at €7 billion).

That being said, the regulatory risk in crypto-assets is large, given their borderless nature, anonymity and their payment flows through decentralized platforms, making them vulnerable to abuse and, thereby, a black hole for consumer protection.

Given their anonymous nature, crypto-assets are commonly used for money-laundering and terrorist financing.

Other risks include a lack of investor protection, operational risk around the use of crypto-asset exchanges and trading platforms, as well as tax evasion.

There are several examples where crypto-assets have been used for ransom (such as the WannaCry ransomware attack ) or where crypto-asset exchanges have unexpectedly closed and funds have been liquidated by their operators, or where privacy keys to digital wallets have been lost ( for example, Quadriga Exchange).

It is notable that recent case law around freezing orders shows an ability to track or trace ransom payments to a wallet and have it frozen - although it is not clear until the substantial trial of the action as to how this will work in practice.

Closer to home, in February 2020, an Irish drug dealer reportedly lost €54 million worth of Bitcoin raised from the sale of cannabis.

That case involved the loss of private keys to digital wallets, which were written on a sheet of paper and ended up in a landfill in Galway.

Shake your money-maker

Currently, the only EU regulation where providers of crypto-asset services are regulated is in the EU anti-money-laundering (AML) and countering the financing of terrorism (CFT) space.

AMLD5 describes a virtual currency (VC) as "a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency, and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange, and which can be transferred, stored and traded electronically".

In contrast, the FATF Recommendations define a virtual asset (VA) as “a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes.

VAs do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations .”

Broad definition

It is clear that a broad definition is required to facilitate the rapid shifts in technology and to cover a broad spectrum of virtual assets. There is no glaring divergence in practice between these definitions to somehow cause regulatory arbitration as between the EU and other countries globally.

There is, however, a divergence in EU regulation when it comes to crypto-asset service providers. Crypto-asset service providers include issuers or sponsors, trading platforms and exchanges (both fiat-to-fiat and fiat-to-crypto), and wallet providers.

AMLD5 describes virtual currency service providers (VCSPs) as entities "engaged in exchange services between virtual currencies and fiat currencies", which implicitly disregards crypto-to-crypto exchanges.

The FATF Recommendations include an expansive definition for virtual asset service providers (VASPs) as "a natural or legal person who, as a business, conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

1. Exchange between VAs and fiat currencies,
2. Exchange between one or more forms of VA,
3. Transfer of VAs,
4. Safekeeping and/or administration of VAs or instruments enabling control over VAs, and
5. Participation in and provision of financial services related to an issuer's offer and/or sale of a VA."

This definition recognizes that crypto-to-fiat transactions, as well as crypto-to-crypto transactions, present AML and CFT risks. 

Previously, AMLD4 defined a 'custodian wallet provider' (CWP) as "an entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer VCs".

This definition appears to match limb 4 of the VASPs definition, with the broad definition of VCSPs covering the other applicable activities.

Under AMLD5 (and as a continuation of the FATF Recommendations in June 2018), both CWPs and VCSPs are considered 'obliged entities' under the same AML obligations as other financial institutions, including registering with local authorities, reporting suspicious transactions, and recording information around crypto users, which may be inspected by local authorities and must be held for five years.

No expectations

One of the basic missions of finance is to set up arrangements where individuals can take on risk without themselves being destroyed by risk.

Crypto-assets should become an acceptable means of payment globally rather than teetering on the edge between legality and illegality, and to make their inherent risks more palatable to a broader audience.

Until regulation becomes a legal certainty, crypto-assets will remain a highly volatile investment and means of exchange.

A clear, balanced response to the regulation of crypto-assets will result in a reduction of the use of this novel and fragile asset class for fraud and, above all else, will protect investors who are vulnerable to its volatility and security breaches.

Thorough choice

The European Commission has presented a thorough choice to the market through its consultation. It is clear that the commission seeks to make a robust, clear, comprehensive EU regulatory framework in order to instill a sense of legitimacy to the activities of crypto-asset service providers.

Once the consultation closes, it is anticipated that, in line with the FATF Recommendations , full-scale regulation of crypto-asset service providers, as well as a certain taxonomy around labeling crypto-assets to ensure that the majority of activity is regulated in the EU, will follow.

After that, who knows? We may all be wondering what we ever did without our virtual assets, once regulatory uncertainty is abolished. 

Tumbling dice

The European Commission consultation alludes to the lack of a common definition of crypto-asset, and characterizes a 'crypto-asset' as a "digital asset that may depend on cryptography and exists on a distributed ledger".

The commission firstly notes that crypto-assets may characterize and qualify as a 'financial instrument' under the Markets in Financial Instruments Directive II ( MiFID II ) or as 'e-money' under the E-Money Directive II ( EMD2 ). For the purpose of the consultation, these are referred to as 'security tokens' and 'e-money tokens', respectively.

Based on how market participants respond, the characterization of crypto-asset responses will color the requirement for the commission to assess whether other regulatory changes are necessitated among other relevant EU financial regulations.

Changes may be required to (among others):

• The Prospectus Regulation  (for issuance of crypto-assets),
• The Central Depositories Regulation (for custody services),
• The European Market Infrastructure Regulation and the Settlement Finality Directive (both for post-trade activities relating to security tokens),
• The Deposit Guarantee Scheme Directive (if crypto-assets are characterised as ‘deposits’),
• The Market Abuse Regulation (market abuse around insider dealing, unlawful disclosures of inside information, and market manipulation),
• The Short Selling Regulation (selling securities),
• The Financial Collateral Directive (for the reduction of credit exposure), and
• The Alternative Investment Fund Managers Directive and the Undertakings for Collective Investment in Transferable Securities (for those crypto-assets that do not qualify as financial instruments, but fall under ‘other assets’).

There is no definition of ‘security token’ in EU regulation. Crypto-assets may qualify as ‘transferable securities’ or other types of ‘financial instruments’ under MiFID II.

‘Transferable securities’ are those classes of securities that are negotiable on the capital markets, with the exception of payment instruments. This definition usually covers bonds, shares, depository receipts, and securities giving the right to acquire or sell securities (like warrants).

MiFID II also includes concepts such as ‘investment firms’, ‘investment services and activities’ and ‘trading venues’, which may all become applicable to security tokens that fall under MiFID II.

Stablecoins may also qualify as a ‘financial instrument’ under MiFID II. Consequently, firms providing services concerning security tokens should ensure they have the relevant MiFID authorisations, and that they follow the relevant rules and requirements.

‘E-money token’

There is also no definition of an ‘e-money token’, but the applicable meaning would naturally be supplanted by the EMD2. ‘E-money’ under EMD2 is considered the digital alternative to cash, which enables users to store funds on a device (card or phone) or through the internet and to make payment transactions. This would require the issuer having an e-money licence.

E-money holders also have the right to redeem the monetary value of their e-money at any time and at par value. This represents a claim on the e-money issuer.

The European Banking Authority has advised the commission that there have only been a handful of cases where payment tokens qualify as e-money. Stablecoins may also qualify as 'e-money' under EMD2 and may, therefore, also fall under the Payment Services Directive 2 ( PSD2 ).

It is, however, noted in the commission's consultation that crypto-assets are not banknotes, coins or scriptural money and, therefore, do not fall within the definition of 'funds' under PSD2 unless they are defined as 'e-money'.

Where stablecoin uses traditional payment service channels, using cash deposits and withdrawals from current accounts, this would be considered a payment transaction under the PSD2.

As a consequence, if a firm proposes a payment service related to a crypto-asset (that does not qualify as e-money), it would fall outside the scope of PSD2.

The author thanks Nicholas Pheifer (head of legal, Depfa Bank PLC) and Pearse Ryan (partner, Arthur Cox) for reviewing the article