The FCA has helpfully clarified the current regulatory perimeter and how it applies to cryptoassets… but is an extension to the perimeter on the horizon?
On 23 January 2019, the Financial Conduct Authority (“FCA”) published a consultation paper (CP19/3) providing new guidance and additional clarity on cryptoassets and the circumstances under which cryptoassets could fall within the regulatory perimeter. The FCA’s guidance follows the Cryptoassets Taskforce’s (consisting of HM Treasury, the FCA and the Bank of England) final report, which committed the FCA to providing guidance on its existing regulatory perimeter. The Cryptoasset Taskforce’s final report set out the UK’s policy and regulatory approach to cryptoassets and distributed ledger technology.
The consultation closes on 5 April 2019. The FCA confirms that it will consider feedback from stakeholders before finalising guidance to mitigate any unintended consequences. The FCA intends to publish final guidance by summer 2019.
1. The Regulatory Perimeter
The ‘regulatory perimeter’ describes the boundary that separates regulated and unregulated financial services activities. Activities that fall within the FCA’s perimeter are regulated and firms that carry on regulated activities are generally required to be authorised by the FCA (and in some cases, the Prudential Regulation Authority).
Additionally, firms must not, in the course of business, communicate an invitation or inducement to engage in investment activity, unless the firm is authorised or the content of the communication is approved by an authorised person. Issuing such a “financial promotion” without the necessary authorisation or approval by an authorised person is a criminal offence.
In its consultation, the FCA has made it very clear that firms carrying on regulated activities in relation to cryptoassets in the UK must obtain the appropriate authorisation from the FCA. For example, regulated activities may be carried on by crypto exchanges and trading platforms, advisers, intermediaries, wallet providers and custodians (amongst others). It should be noted that whilst a company that issues its own securities does not carry on a regulated activity, certain regulation may apply to marketing the securities, such as the Prospectus Directive and the financial promotion regime outlined above.
The FCA guidance clarifies whether the different types of cryptoassets fall within the FCA’s regulatory perimeter and outlines whether cryptoassets are likely to be:
‘Specified investments’ under the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (“RAO”);
Financial instruments under Markets in Financial Instruments Directive (“MiFID II”);
E-money under the E-Money Regulations (“EMRs”); and/or
Payment services under the Payment Services Regulations (“PSRs”).
The FCA’s definition of cryptoassets and distributed ledger technology (“DLT”)
The FCA has accepted that there is no single agreed definition of cryptoassets and that cryptoassets vary significantly depending on the rights they grant their owners, as well as their potential and actual uses. In line with the Cryptoasset Taskforce, the FCA has categorised cryptoassets into three types of tokens:
Exchange tokens: these are not issued or backed by any central authority and are intended and designed to be used as a means of exchange. They are, usually, a decentralised tool for buying and selling goods and services without traditional intermediaries;
Security tokens: these are tokens with specific characteristics that mean they meet the definition of a ‘specified investment’ such as a share or a debt instrument as set out in the RAO; and
Utility tokens: these tokens grant holders access to a current or prospective product or service but do not grant holders rights that are the same as those granted by ‘specified investments’.
The FCA has stressed that these categories of cryptoasset are not mutually exclusive, nor exhaustive, and that the nature of a cryptoasset may change during the course of its lifecycle.
Cryptoassets are underpinned by DLT. Like the Cryptoasset Taskforce, the FCA accepts that there is no single formal definition of DLT. The FCA describe it as a ‘set of technological solutions that enables a single, sequenced, standardised and cryptographically-secured record of activity to be safely distributed to, and acted upon by, a network of varied participants’.
When does a cryptoasset fall within the regulatory perimeter?
The FCA explains in its consultation that exchange tokens and utility tokens are unlikely to amount to ‘specified investments’ under the RAO. However, the FCA has said that this does not necessarily bring utility tokens and exchange tokens outside the perimeter completely. Exchange tokens and/or utility tokens may fall within the PSRs or EMRs depending on the cryptoassets particular characteristics.
The FCA also confirms that all firms, including those carrying on cryptoassets activities, need to consider upcoming legislation such as the transposition of the Fifth Anti-Money Laundering Directive.
Security tokens, on the other hand, are likely to fall within the definition of ‘specified investment’ for the purposes of the RAO. For example, cryptoassets that give holders similar rights to shares, like voting rights, or access to a dividend of company profits or the distribution of capital upon liquidation, are likely to be specified investments.
How does this affect firms?
If a firm engages in cryptoasset activities that fall within the regulatory perimeter, they would be required to seek the relevant authorisation to carry on the regulated activity from the FCA.
If the cryptoasset is transferable security and will be either offered to the public in the UK or admitted to trading on a regulated market, the issuer would need to publish a prospectus approved by the FCA, unless an exemption applies.
2. The Cryptoassets Market
As well as providing guidance on the regulatory perimeter, the FCA also provides an overview of the harm it has identified in the cryptoasset market. The FCA states that the protection of consumers and market integrity is a key part of its objectives.
Whilst reliable and comprehensive data on the UK cryptoasset market is not yet available, the FCA has been able to identify “substantial risks to consumers”. The FCA considers that these risks stem from consumers purchasing unsuitable products without having access to adequate information. For example, consumers are often unable to identify if a particular cryptoasset falls within the regulatory perimeter. Consumers may also be unaware of the limited regulatory protections available to them where cryptoassets fall outside the regulatory perimeter. (The Financial Services Compensation Scheme (“FSCS”) and the Financial Ombudsman Service (“FOS”) will not be available to cryptoasset holders where the cryptoasset is not regulated).
The FCA notes that cryptoassets are now viewed as high-value targets for theft. Users, service providers such as custodians/wallet providers and exchanges are increasingly being targeted by cybercriminals to obtain private keys to access and transfer consumers’ cryptoassets. For example, in the first half of 2018 alone, $731 million worth of cryptoassets were stolen from exchanges. By October 2018, hacking of exchanges increased to $927 million.
The FCA considers market volatility and the lack of transparency and oversight as features of cryptoassets that can increase the risk of market manipulation and insider dealing on exchanges and trading platforms. This may prevent the market from functioning effectively and damage confidence in the reputation of the market.
The FCA states that this guidance should help protect consumers, market integrity and competition in the cryptoasset market. In relation to protecting consumers, the FCA considers that publishing this guidance will make it clear that firms carrying on regulated cryptoassets activities in the UK must obtain the appropriate authorisation from the FCA. As a result, consumers should then be able to determine if a cryptoasset falls within the regulatory perimeter and can then use services like the FCA register to determine if the firms they are dealing with have the necessary permissions for the regulated activity that they are carrying on.
In relation to market integrity and competition, the FCA states that this guidance should clarify what the FCA regulates, where regulation applies and what this means for firms. Firms carrying on regulated activities relating to cryptoassets will need to follow the appropriate rules, both contained within this guidance and broader regulation such as those relating to market abuse. The FCA believes that publishing guidance should reduce legal uncertainty and assist firms in developing legitimate cryptoasset activities and business models. This may improve participation in the cryptoasset market and competition in the interests of consumers.
The FCA guidance on its regulatory perimeter provides clarity to market participants, helping them to form a better understanding of when cryptoassets may fall within or outside the regulatory perimeter. The guidance uses case studies and a chapter on frequently asked questions to make it “user friendly” and comprehensible. However, the FCA appreciates that making a determination on whether a cryptoasset falls within the regulatory perimeter is a difficult exercise and legal advice should be sought where there is any uncertainty. Crucially, the FCA has made it clear that any assessment of whether a cryptoasset is within the perimeter can only be done on a case-by-case basis.
The guidance on the regulatory perimeter is welcome, but for how long will the current perimeter remain? We await HM Treasury’s consultation this year on potentially expanding the FCA’s regulatory perimeter to bring in further types of cryptoassets. The FCA will also consult on banning the sale of derivatives linked to certain types of cryptoassets to retail investors.
Co-authored by Fatima Butt
 Please see our article on the Cryptoassets Taskforce’s final report here.