Launched in March 2018, the Taskforce (consisting of HM Treasury, the FCA and the Bank of England) is monitoring developments in the cryptoassets industry. Indeed, the FCA has been ramping up its efforts in this sector. In April 2017, it sought stakeholder views on the future development and market integration of DLT1 and published its feedback in December 2017,2 emphasising its ‘technology-neutral’ approach to regulation. The UK’s participation in the Global Financial Innovation Network sandbox initiative exemplifies this approach.
Closely related to the development of DLT is the rise of cryptoassets such as ‘tokens’ (namely, security and utility tokens), often issued through initial coin offerings (ICOs). Earlier in October 2018, the European Securities and Markets Authority (ESMA) set out an own initiative report on how to contain the risks of ICOs and virtual currencies for investors.3 From ESMA’s perspective, the key question was whether and how cryptoassets should be regulated. To help answer this, the report undertook a benefits and risks analysis of various types of tokens, before determining whether they could fit under the specific definitions of ‘transferable securities’ and ‘commodities’ under MiFID II. The significance of these definitions is that whether a token is a transferable security or commodity helps determine whether it is a financial instrument.
If the tokens qualify as financial instruments for the purpose of MiFID II, then by extension the secondary market involving such tokens may be considered as a Multilateral Trading Facility or Organised Trading Facility, thereby bringing the trading platform within the scope of regulation. It is anticipated that ESMA may provide greater clarity through level 3 guidelines on the applicability of these definitions to cryptoassets, and implications for persons giving investment advice on such tokens.
However, the FCA’s ambition of creating ‘technology-neutral’ regulation will not extend to areas such as data regulation, as the trading of cryptoassets, typically over DLT/blockchain networks, raises certain EU General Data Protection Regulation (GDPR) concerns. One such concern is in respect of the homogeneity of DLT/blockchain networks, which would mean that all members of a cryptoasset platform would be considered to be ‘controllers’ who are subject to the GDPR regardless of their location. Another concern relates to the ‘right to be forgotten’ by data subjects, which would be in conflict with the immutability of records that is a cornerstone feature of DLT/blockchain networks.