Crypto View - September 2024

There is a distinct “back to school” feel in the air as we leave summer (except for our readers in the southern hemisphere…) In this edition we take a look at a crackdown on crypto ATMs in both the UK and in Europe, and a number of regulatory developments in the Middle East, including some promising regulatory coordination in the UAE. We also look at HMRC’s recent interventions on taxation of crypto in the UK, the publication of a crypto annex to the GMRA, a publication by the Basel Committee on banks use of cryptoassets, and the impact of DORA on crypto firms.

Financial Promotions

Turning first to one of our perennial topics of discussion in Crypto View - financial promotions. It might not feel like it (or maybe it does…) but the first anniversary of the implementation of the UK’s financial promotion regime is approaching. To celebrate(?) Simmons is hosting a one-day conference with our friends at Englebert to discuss all things FinProm – and maybe some other things as well. There will be panels, presentations, and workshops, looking at a range of different questions, from DeFi, practical implementation and promotions from offshore.

See here for more information.

Please keep an eye on your inbox as we’ll be sending out invitations to Crypto View subscribers soon.

FCA goes six months without registering a single crypto firm

We saw this month that the Financial Conduct Authority (FCA) hasn't registered a crypto firm since February of this year, which runs counter to the intention for the UK to be a “crypto hub”. Since January 2020, the FCA has received 359 applications but only approved 47 (14%). Over the past year, 86% of applications failed, with most firms being encouraged by the FCA to withdraw. While clearly a number of firms are not up to the required standard, it does seem that the FCA can be quite arbitrary in its consideration of applications. We are aware of a number of applicants who are presented with new requirements or questions on their business model at the 11th hour, with a feeling that the FCA are looking for reasons why not to approve firms. Having had what appeared to be a pro-crypto government in place until July, it remains to be seen how Labour policies will impact the regulatory environment for crypto in the UK, if at all.

Transparency is the key to avoid runs, according to EBA researchers

For those considering launching a stablecoin in the near future, the European Banking Authority (EBA) has published research on the optimal design for stablecoin frameworks. The paper notes that stablecoin issuers face similar instability risks to traditional banks, including runs and bankruptcy. Just like banks, without adequate regulation issuers are incentivised to hold disproportionate amounts of high-yield but illiquid assets, which can be volatile. Such volatility may cause investors to redeem their stablecoins suddenly, triggering a run. The paper suggests that the best way to regulate stablecoins and mitigate the impact of shocks and runs is through greater transparency by issuers. Transparency can significantly reduce the fragility of stablecoin issuers by encouraging them to maintain more liquid and stable reserves. We have seen that approach being taken in the EU under MiCA, though are still awaiting development of a UK stablecoin regime following the FCA’s Discussion Paper last year.

HMRC issues “nudge letters” to crypto investors over tax compliance

HMRC has once again been issuing ‘nudge letters’ to crypto investors suspected of not accurately reporting their tax liabilities on crypto gains. While this approach by HMRC is not unprecedented, the explicit mention in their communications - "[w]e’re writing to you as our records show you have disposed of cryptoassets" [emphasis added] - underscores the authority's proactive stance in leveraging its investigatory powers.

Although these letters are targeting investors, they serve as a pivotal reminder of HMRC's broader strategy - making further statutory information requests from operators, including exchanges and financial institutions. These requests, which can start with details of investors and their trading activities, can broaden in scope. Compliance with such requests is obligatory (and highlights the importance of maintaining accurate records and being prepared to provide sufficient information). It is also crucial to ensure that any request is properly examined and, if necessary, challenged.

If you have received an information request from HMRC and have concerns about compliance with it, please reach out to my colleague James Cherry.

A question of Property

The recent judgment in D'Aloia v Persons Unknown & Ors [2024] EWHC 2342 is a relatively rare thing: a judgment about crypto which follows a trial where both parties were represented and the Court heard arguments on both sides (most judgments to date have been interim decisions following hearings where only one of the parties was present). It therefore provides detailed analysis and greater legal certainty on the issues considered.

The case confirms that USDT constitutes property for the purposes of English law, meaning it can be subject to tracing and proprietary claims. The timing could not have been more apt, following the introduction of the Property (Digital Assets etc.) Bill only a day before the judgment (which affirms that digital assets can constitute property under English law).

The Claimant sought to recover misappropriated USDT by holding an exchange which received the USDT liable – arguing that the exchange was liable as constructive trustee or in unjust enrichment. However, the claims against the exchange failed. Although the Court accepted that a constructive trust could arise over the assets, meaning that the exchange could in principle be liable, the Claimant failed to prove that the USDT had been sent to the wallet provided by the exchange or that the exchange still held USDT over which a proprietary claim could be asserted.

The Judge also held that there was a significant gap in the claim as it did not include a claim of knowing receipt against the exchange. This is a personal, rather than a proprietary, claim and can therefore be used against an exchange even where it no longer holds the assets in question.

An important point for exchanges to note is that the Court considered that the exchange had actual notice of suspicious activity in the accounts (due to poor AML controls) – which meant it could not rely on the defence that it was a bona fide purchaser for value. In this case, the exchange did not need to rely on this defence, but it could prove decisive in future cases where the Claimant has better evidence to prove that their assets went to an exchange’s wallet.

If you would like to discuss this case further, or have questions of property in relation to cryptoassets, please reach out to my colleagues Doug Robinson or Oli Ward.

Why crypto firms should pay attention to DORA

The Digital Operational Resilience Act (DORA) is a pivotal piece of legislation for the financial sector within the European Union, designed to bolster the operational resilience of financial entities against Information and Communication Technology (ICT) disruptions, with the intention that financial entities can withstand and recover from ICT disruptions. The Act entered into force on 16 January 2024 and will apply in full from 17 January 2025. Importantly for the crypto sector, following the implementation of MiCA, DORA applies to crypto-asset service providers (CASPs) in the EEA as well.

Firms that fall under DORA must create a robust ICT risk management framework, which involves identifying, categorising, and documenting ICT-related business activities, alongside managing ICT incidents. They are also expected to develop information security policies, incident detection systems, ICT business continuity plans, backup solutions, and plans for managing and communicating about ICT incidents.

The penalties under DORA are substantial and aim to ensure compliance by imposing daily fines. Firms that are found to be non-compliant could face a periodic penalty payment of 1% of their average daily global turnover from the previous year, for a duration of up to six months, until they achieve compliance. The criteria for determining when compliance has been “achieved” remains unclear, raising questions about how this penalty system will integrate with other financial compliance frameworks.

If you would like to discuss any aspects of DORA, please reach out to my colleague Sophie Sheldon, who would be happy to answer any questions you may have.

A crackdown on crypto ATMs

We have seen two separate regulators crackdown on crypto ATMs this month.

First, Germany’s financial watchdog, the Federal Financial Supervisory Authority (BaFin), seized 13 crypto ATMs and almost €250,000 in a nationwide crackdown. According to the BaFin, these ATMs were illegally installed under the Banking Act and raised money-laundering concerns by facilitating unregulated exchanges of euros and cryptocurrencies.

The UK also saw similar enforcement, with the first individual in the UK to be charged with running illegal crypto ATMs. This is also the FCA's first criminal prosecution relating to unregistered cryptoasset activity under the MLRs, which have required registration to carry on certain cryptoasset activities in the UK since January 2020. There are no crypto ATMs registered in the UK, and it is clearly the position of regulators across the UK and Europe that they are particularly high-risk in terms of money laundering.

UAE: Proposed framework for fiat-referenced tokens

Moving now to the Middle East, and we have seen the Financial Services Regulatory Authority (FSRA) of Abu Dhabi’s Global Market (ADGM) release a consultation paper proposing a regulatory framework for issuing fiat-referenced tokens (FRTs) – a type of stablecoin backed by high-quality, liquid assets and intended to be used as a means of payment. The FSRA aims to adopt a risk-based approach similar to leading global jurisdictions, ensuring FRT issuers operate safely. This move follows the UAE Central Bank's recent stablecoin regulation, which permits the use of Dirham-backed stablecoins for payments within the UAE. The consultation period ends on 3 October 2024, and if you would like to discuss responding to the consultation, or have questions on stablecoins in the UAE please reach out to my colleague Adam Wolstenholme.

Marketing in Dubai

Dubai’s cryptoasset regulator, VARA, will be introducing its Marketing Regulations, effective from 01 October 2024. These regulations are accompanied by a Marketing Guidance Document, with the new rules applying to all marketing relating to crypto asset activity in, or targeting, Onshore UAE. These Marketing Regulations are applicable to all entities, both domestic and overseas, and regardless of whether they are authorised and licensed by VARA or not.

The Regulations stipulate general requirements for marketing, such as that marketing must be fair, clear and not misleading, as well as more specific restrictions. For instance, the Marketing Regulations prohibit the marketing of any “Anonymity-Enhanced Cryptocurrencies” in the UAE. The Marketing Regulations also seem to enshrine the concept of reverse enquiry in the jurisdiction, confirming that the requirements do not apply to firms that:

• Are not located in the UAE
• Do not carry out any virtual asset activities in the UAE; and
• Do not carry out any marketing of, or relating to, any virtual asset or virtual asset activity in, or targeting, the UAE.

If you would like to discuss this further, please reach out to my colleague Adam Wolstenholme.

Dubai: Dubai court gives the green light to crypto salaries

Adding to the flurry of news in the UAE, the Dubai Court of First Instance has recognised crypto payments for salaries under employment contracts. This marks a significant shift in the Dubai's judicial stance on digital currencies, contrasting with a 2023 ruling that denied a similar claim. The court ruled in favour of the employee, validating crypto payments and ordering the salary to be paid in tokens. This ruling underscores the importance of upholding clear contractual agreements and sets a precedent for further integration of digital currencies in various sectors.

While the judgment doesn’t necessarily mean salaries can be paid entirely in crypto yet, it does permit crypto to be part of a compensation package. However, concerns remain, such as which types of crypto are acceptable and whether approval from Dubai’s Virtual Assets Regulatory Authority is required.

UAE Regulatory Cooperation

In an important piece of collaboration in the UAE, we saw VARA, Dubai’s cryptoasset regulator, and the UAE’s Securities and Commodities Authority (SCA), announce a streamlining of the regulatory process for VASPs. Those VASPs operating in/from Dubai, or wishing to service the emirate of Dubai are required to obtain a licence from VARA, but going forward, they will now be able to be registered by default with the SCA, and so able to service the wider UAE. VASPs wishing to operate out of any other Emirates, must be licensed by the SCA to do so. As above, if you would like to discuss this further, please reach out to my colleague Adam Wolstenholme.

Qatar: New regulatory framework for digital assets

Moving up the coast, the Qatar Financial Centre Authority (QFCA) and Qatar Financial Centre Regulatory Authority (QFCRA) have launched the QFC Digital Assets Framework 2024. This comprehensive regime aims to regulate digital assets, including tokenisation, property rights, custody, transfer, exchange, and smart contracts. Developed as part of the Third Financial Sector Strategic Plan, the framework ensures a secure and transparent digital asset ecosystem in line with international standards, fostering trust among consumers, service providers, and industry stakeholders.

With the framework now live, companies can now apply for a license to operate as token service providers – this won’t be a surprise, but if you would like to discuss this further, please reach out to my colleague Adam Wolstenholme.

BCBS highlights risks for banks using permissionless blockchains

A recent paper by the Basel Committee on Banking Supervision (BCBS) looks at the various risks that banks using permissionless blockchains or similar distributed ledger technologies (DLTs) face – including operational, security, governance, legal, compliance, money laundering, and terrorism financing concerns, as well as settlement finality issues – and more importantly, suggests some further measures that banks could take to mitigate these risks. Although current mitigation practices are still evolving and untested under stress, the BCBS suggests the following measures that could help mitigate risks:

• Business Continuity Plan:
  • Off-Chain Registry: Using an off-chain database to recover ownership during disruptions.
  • Internal Processes: Ensuring traceability, data recovery, and quick retrieval of ownership records.
  • Contingency Chain: Designating an alternative blockchain for asset transfer if the primary one fails.
• Technology-based Control: using smart contracts on permissionless blockchains to control tokens' attributes and limitations, which helps mitigate risks like money laundering and terrorism financing.

If you would like to discuss your operational resilience concerns, please reach out to my colleague Rosali Pretorius.

ICMA publishes GMRA Digital Assets Annex

The International Capital Market Association (ICMA) has launched the Digital Assets Annex, a landmark development for the 2011 Global Master Repurchase Agreement (GMRA 2011).

This addition was the result of a collaborative effort between ICMA and the International Securities Lending Association (ISLA), designed to standardise the contractual terms for transactions involving digital assets in the repurchase (repo) and securities lending markets (ISLA has simultaneously launched the Digital Assets Annex to the GMSLA 2010).

A key motivation behind the Digital Assets Annex is to address the unique commercial and operational considerations brought about by digital assets. In the repo space, notably this includes the feasibility of intra-day repo transactions facilitated by the reduced settlement times inherent to digital platforms.
The Annex represents a significant stride towards integrating digital assets into mainstream financial transactions, offering a standardised contractual framework that could pave the way for further innovation and growth in the digital asset space.

For firms with existing transactions involving digital assets, we expect that bespoke contractual terms will already have been negotiated and agreed. The Digital Assets Annex is a pro-forma document for parties to negotiate and enter into if they wish to do so – if they do not, their transactions are unaffected by it. However, in our view, it is well worth firms familiarising themselves with the Digital Assets Annex. If it is taken up by the markets, then buy-side firms in particular may find that it is presented to them as the starting point for negotiations with their sell-side counterparties. For firms about to enter into the digital assets space, the Digital Assets Annex is a useful resource for understanding some of the contractual considerations associated with digital assets trading.

If you would like to discuss the Digital Asset Annex or any other aspect of digital assets trading with us, please get in touch with my colleague Paul Metcalfe.

This month in MiCA: Regulatory Arbitrage Risks in Crypto Brokerage Models

As highlighted in our previous edition, ESMA's opinion to national competent authorities (NCAs) on addressing regulatory and supervisory arbitrage risks associated with firms broking onto other group entities. This is a pretty big (and late) change to the approach that a lot of firms were expecting to take.

We saw this month the Dutch regulator, the AFM, updated its FAQs on MiCA to confirm that it is considering the opinion, and that it wants to avoid letterbox/empty entities as this hampers effective management of the activities of the CASP as well as effective supervision by the AFM. We expect other local regulators will be taking a similar approach.

The Central Bank of Ireland has also updated its MiCA page with information on the authorisation process for CASPs and FAQs. The authorisation will be divided into a pre-application stage (comprising an initial engagement with the Central Bank and the submission of a Key Facts Document or KFD), and an application stage (comprising the submission of the formal application, and the assessment and decision of the Central Bank). The Central Bank has also confirmed that a VASP registration will not automatically convert to CASP authorisation, and that VASPs will be required to go through the full MiCA application process.

Interestingly, in the FAQs the CBI has also made it clear that it expects firms applying for authorisation to cease providing crypto asset services in relation to non-compliant Electronic Money and Asset-referenced Tokens. It references a recent EBA statement that advised firms to stop carrying out services that constitute offering to the public, seeking admission to trading or placing any ARTs/EMTs which are not compliant with MiCA. The CBI has moved from this to confirm that it “expects that firms listing any stablecoins that are not compliant with MiCA to implement these actions as soon as possible and they should aim to complete this work by year-end 2024.” While merely listing stablecoins does not amount to offering to the public, seeking admission to trading or placing under MiCA, and so there is no strict requirement on trading platforms to delist, we expect more regulators to take this approach when assessing firms’ authorisation applications.