The UK FCA (Finally) Speaks About ICOs

Huge disclaimer notice! In red!

I’m an English lawyer, so I want to begin this blog post by saying that I don’t know you, I’m not your lawyer, this blog post is not legal advice, and since structuring ICOs involves navigating more minefields than a British battlecruiser in the Skagerrak during Battle of Jutland, you definitely need to get a qualified lawyer of your own before you do anything ICO-related. Period.

If you have no idea what an ICO is, read this.

This post is a general survey written by a lawyer for other lawyers with a view to opening up a discussion about what the regulatory environment in the UK looks like for cryptocurrencies going forward. You may not rely on it for any purpose.

Finally, as long as I have your attention, I’d like to take this opportunity to say that marmots are just the best.

Moving on to the blog post

Today we received the big news that the UK Financial Conduct Authority (FCA) – the financial regulator in my home jurisdiction of England – joined the Singapore MAS, PBOC (PRC), U.S. Securities and Exchange Commission, the Canadians, and Hong Kong’s Securities and Futures Commission in issuing its opinion on ICOs.

This took the form of a consumer/investor warning, which you may read here. Let’s break down what they said.

1) People treat tokens like investments

The FCA starts off by defining the token as, more or less, performing the function of an investment product:

ICO issuers accept a cryptocurrency, like Bitcoin or Ether, in exchange for a proprietary ‘coin’ or ‘token’ that is related to a specific firm or project. ICOs vary widely in design. The digital token issued may represent a share in a firm, a prepayment voucher for future services or in some cases offer no discernible value at all. Often ICO projects are in a very early stage of development.


ICOs are very high-risk, speculative investments.


You should be conscious of the risks involved (highlighted below) and fully research the specific project if you are thinking about buying digital tokens. You should only invest in an ICO project if you are an experienced investor, confident in the quality of the ICO project itself (e.g. business plan, technology, people involved) and prepared to lose your entire stake.

The FCA terming an ICO an “investment” is not as centrally important to a legal analysis as, say, the American or Canadian regulators calling something an “investment contract.” But we’ll deal with that in about eight paragraphs or so, so sit tight.

The only thing I’d add at this juncture is that Bitcoin and Ethereum are every bit as dangerous to the investing public as an ICO, and the warning should be extended to both of these as well. Lest we forget, Ethereum was itself a $25 million ICO – way back in ancient history (2014) before the Valley and Bitcoinlandia together decided they were happy to give pre-product companies at seed stage $250 million and up. (It could be argued that the current, fairly egregious ICOs are a product of failing to enforce on the original.)

The risk is that these projects choose to raise investment funds through non-traditional avenues that fall outside of existing regulatory frameworks. No matter what the function of the token is, the evangelising behaviour of cryptocurrency users will be more or less the same no matter what.

Apart from that, this is fairly standard “you could lose your shirt, be careful” language that we would normally expect to see from a regulator in a press release such as this.

2) Major sticking points for those of you new to this

The FCA continues:

Whether an ICO falls within the FCA’s regulatory boundaries or not can only be decided case by case.


Many ICOs will fall outside the regulated space. (Emphasis mine.) However, depending on how they are structured, some ICOs may involve regulated investments and firms involved in an ICO may be conducting regulated activities.


Wait a minute, they just told us these things are treated as investments, so they’re regulated by the financial regulator, right?

The answer, my favorite answer, the only answer, is:

“It depends.”

And what “it depends” on depends on how we define and delineate the “regulated space” in England and Wales.

Generally speaking, I find the FCA’s approach more flexible than what I have observed among securities regulators in Canada and the US (in that England does not have a Howey test – more on that below) with the consequence that the kinds of securities regulations we would normally expect to apply to a token sale elsewhere do not appear to apply directly to token sales in the UK. But we’ll get into that in a minute.

First, a bit of background. The FCA possesses and exercises fairly wide-ranging powers granted to it by the UK’s Financial Services and Markets Act 2000 (FSMA) and related/delegated legislation. Although the FCA is fairly cute and cuddly as financial regulators go, rather like, say, a baby raccoon, you are going to have a very bad day if you piss them off.

Painting in very broad strokes here, from my experience of closely observing ICOs, the three show-stopping, red-flag issues with which counsel for an issuer should be most immediately concerned are the following three provisions of FSMA:

  1. The prohibition in dealing in transferable securities for which no prospectus has been published per s. 85 FSMA
  2. The “General Prohibition” on engaging in regulated activities per s. 19 FSMA.
  3. The prohibition on communicating investment promotions in the course of business under s. 21 FSMA.

2.1 Prospectus Land

This rule should be fairly familiar to those of you who are familiar with problems in the U.S.. England has a similar rule to that contained in the Securities Act of 1933; chiefly,

(1) It is unlawful for transferable securities to which this subsection applies to be offered to the public in the United Kingdom unless an approved prospectus has been made available to the public before the offer is made.


(2) It is unlawful to request the admission of transferable securities to which this subsection applies to trading on a regulated market situated or operating in the United Kingdom unless an approved prospectus has been made available to the public before the request is made.


(3)A person who contravenes subsection (1) or (2) is guilty of an offence and liable—


(a)on summary conviction, to imprisonment for a term not exceeding 3 months or a fine not exceeding the statutory maximum or both;


(b)on conviction on indictment, to imprisonment for a term not exceeding 2 years or a fine or both.

That’s pretty grim. Not as bad as America, but grim. So let’s pull this apart a bit. “To the public” means

there is a communication to any person which presents sufficient information on (a) the transferable securities to be offered, and (b) the terms on which they are offered, to enable an investor to decide to buy or subscribe for the securities in question.

So we see this behaviour in relation to token sales. There are exemptions, but in any ICO scenario none of these will really apply. Not good.

But now let’s take a look at the definition of a security under s. 102A:

Securities” means (except in section 74(2) and the expression “transferable securities”) anything which has been, or may be, admitted to the official list.

Ok. So let’s assume that your average token-seller argument makes some sense, chiefly that tokens are akin to software licences or, as Balaji Srinivasan defines them, paid API keys.  Because (a) we haven’t yet shown that these things are securities under English law and (b) on account of this we’re not listing them for trading on a regulated market, this definition should not be of much relevance for this exercise. A little tautological, I know, but if I’ve got that backwards someone can feel free to correct me.

What else?

Transferable securities” means anything which is a transferable security for the purposes of Directive 2004/39/EC of the European Parliament and of the Council on markets in financial instruments, other than money-market instruments for the purposes of that directive which have a maturity of less than 12 months.

And that Directive states:

18) “Transferable securities” means those classes of securities which are negotiable on the capital market, with the exception of instruments of payment, such as:


(a) shares in companies and other securities equivalent to shares in companies, partnerships or other entities, and depositary receipts in respect of shares;


(b) bonds or other forms of securitised debt, including depositary receipts in respect of such securities;


(c) any other securities giving the right to acquire or sell any such transferable securities or giving rise to a cash settlement determined by reference to transferable securities, currencies, interest rates or yields, commodities or other indices or measures;


“Financial instrument” has [(except in section 89F) the meaning given in Article 1.3 of Directive 2003/6/EC of the European Parliament and of the Council of 28 January 2003 on insider dealing and market manipulation [(as modified by Article 69 of Directive 2004/39/EC on markets in financial instruments)]

What about “financial instruments,” which are also considered “securities?” Section 102A points us to the same European directive, which defines these as

– transferable securities as defined in Council Directive 93/22/EEC of 10 May 1993 on investment services in the securities field,


– units in collective investment undertakings,


– money-market instruments,


– financial-futures contracts, including equivalent cash-settled instruments,


– forward interest-rate agreements,


– interest-rate, currency and equity swaps,


– options to acquire or dispose of any instrument falling into these categories, including equivalent cash-settled instruments. This category includes in particular options on currency and on interest rates,


– derivatives on commodities,


– any other instrument admitted to trading on a regulated market in a Member State or for which a request for admission to trading on such a market has been made.

The key here is that the definition of what a security is, for the purposes of issuing prospectuses is defined in statute, is highly prescriptive, and at least on my reading does not create a broad, flexible, common law-style definition of what a “security” is like the Howey Test does in the US.

This should, ostensibly, leave a token issuer free to structure their token offering accordingly so that the token doesn’t perform any of the prescribed functions. It is therefore conceivable your garden-variety token could clear the hurdle of the prospectus directive – at least until the government steps in and decides expressly how this stuff should be regulated.

But that doesn’t mean that calling it a “blockchain” necessarily gets you around the rules. It only means that calling it a blockchain isn’t necessarily subject to the rules, depending on what function the chain performs. As the FCA states in today’s notice:

Some ICOs feature parallels with Initial Public Offerings (IPOs), private placement of securities, crowdfunding or even collective investment schemes. Some tokens may also constitute transferable securities and therefore may fall within the prospectus regime.


Businesses involved in an ICO should carefully consider if their activities could mean they are arranging, dealing or advising on regulated financial investments. Each promoter needs to consider whether their activities amount to regulated activities under the relevant law. In addition, digital currency exchanges that facilitate the exchange of certain tokens should consider if they need to be authorised by the FCA to be able to deliver their services.

So, e.g., doing something similar to what Ethereum, Eos or Protoshares did might warrant a re-think because the token delivered under the contract is not the final token that will be issued and functional for the purposes of the platform; it is a promise to deliver a token at a future date and thus might (emphasis on might) be a futures or other option contract of some kind, and thus require registration.

Similarly, the DAO – with its bundle of voting rights and fund-like structure – could likely be classified, if not as a transferable security, then as something which masqueraded as one (which is worse).

By contrast, a Monero or a Filecoin (when issued) might not have that problem, as a “utility” crypto-token (see here for the diff between a “utility token” and an “investment token”) is probably not, as yet, a transferable security for the purposes of s. 85 et al. FSMA.

The only answer that matters is “it depends,” the standard legal cop-out and unfortunately the only answer that, as a legal blogger, is responsible to give. But there are different versions of “it depends,” and the UK’s is currently a lot better than the ones we get from elsewhere. For example,the United States, where “it depends” comes with some baggage:

“It depends, but it’s very likely problematic and the DAO was certainly problematic. PS we have like a thousand different federal agencies, and 51 different Attorneys General each responsible for their own jurisdiction, any of which could ruin your life if they wake up on the wrong side of the bed next week. Hope you have $10 million for legal fees. Ciao.”

or China’s answer, which we know is

“‘It depends.’ You common law lawyers are a bunch of sissies. In our opinion it’s financial crime. By the way, did we mention we mete out the death penalty for financial crime?”


The tl;dr version of what I just wrote, for those of you who have followed the ICO space for some time, in the UK the “token works on a functional platform” argument advanced by Peter van Valkenburgh and others might actually fly. It’s not what I would choose to do for a variety of reasons I’ll get into later, but as long as the token isn’t performing security-like functions there is  a possibility you don’t have to contend with the prospectus requirement at least.

2.2 Prohibited Activity Land

What else, apart from firearms, is prohibited in the UK? Quite a lot of things, it turns out, but in particular a range of activities prohibited under what is called the “General Prohibition,” which may be found at s. 19 of FSMA 2000. Which states:

No person may carry on a regulated activity in the United Kingdom, or purport to do so, unless he is—


(a) an authorised person; or


(b) an exempt person.

So let’s look at taking deposits from the public, for example. Taking deposits is a regulated activity. You can’t take bank deposits unless you’re authorised by the FCA, which might happen if you are a bank, or one of the exceptions applies, e.g., you’re a solicitor receiving a deposit into your client account.

If you’re engaging in a regulated activity but you’re neither authorized nor exempt, chances are you’re breaching s. 19. So, e.g., if you were in fact dealing or arranging in securities requiring a prospectus under s. 85 you would be conducting a regulated activity. That’s no bueno.

The analysis here should really ask four questions, in the following order:

  • whether the sale of a token is a regulated activity;
  • if so, whether the issuer is authorised to undertake the activity (in most cases of retail tokens, no); and
  • if so, whether the issuer is exempt, and if not, what licensure is required; OR
  • if the sale of a token is not a regulated activity, what other legal considerations might come into play.

Similarly to the rules on prospectuses, regulated activities are prescribed by statute. And, try as I might, I cannot really make an argument that hashing a genesis block where you retain some of the tokens in a pre-mine falls within the prescribed categories we see in the Regulated Activities Order (or if an argument can be made I can come up with a counter-argument much more easily than I could with the Howey Test as the background).

2.3 Financial Promotion Land

We now turn to s. 21 FSMA, which states

21. Restrictions on financial promotion.


(1) A person (“A”) must not, in the course of business, communicate an invitation or inducement to engage in investment activity.


(2) But subsection (1) does not apply if—


(a) A is an authorised person; or


(b) the content of the communication is approved for the purposes of this section by an authorised person.


(3) In the case of a communication originating outside the United Kingdom, subsection (1) applies only if the communication is capable of having an effect in the United Kingdom.

It continues:

8) Engaging in investment activity” means—


(a) entering or offering to enter into an agreement the making or performance of which by either party constitutes a controlled activity; or


(b) exercising any rights conferred by a controlled investment to acquire, dispose of, underwrite or convert a controlled investment.

I am starting to wander out of my wheelhouse as a securitiser and general corporate counsel here, so I will keep my comments brief save to say that this is a box that will almost certainly need to be satisfactorily ticked when tokens are sold directly to the public. I know plenty of good regulatory lawyers at my alma maters, BLP and Norton Rose, to whom I’d be happy to refer you if you should like to like to explore this angle in more depth.

The first issue to consider is that this provision applies to persons engaged in financial promotion in the course of business. Which not all blockchain users are. Query whether this would operate (if it applied) to simply prevent companies and issuers from making unrestricted sales pitches for Bitcoin or Ethereum, or any other token but not bind the token software’s individual users.

The second is that, again, we are dealing with a list of controlled investments and activities prescribed by statute. It’s possible, if your token is in fact an investment product, to find yourself on that list, but equally it’s possible for some tokens to not fall within one of the prescribed categories, as the list is not open-ended. And once again, here, unlike the US, the act of simply hashing a genesis block and retaining some pre-mined coins doesn’t look to me to be one of the activities on that list.

This leaves open the possibility that we could appropriately structure a blockchain network or cryptocurrency to operate on a purely P2P basis and *not* as part of a business, to ensure that the establishment of such network isn’t classified as one of the regulated investment activities. Whether and how to do this is up to the lawyers assessing a particular offering.


Bien sûr! There are always problems with ICOs. It’s just that, in England and Wales, they aren’t necessarily the problems the Financial Conduct Authority has standing or delegated powers to deal with.

Which isn’t to say there isn’t plenty of legislation available to control these things – there is. And prosecutors would need to adapt these rules to control cryptocurrency conduct, unless and until Parliament decides that the provisions of FSMA and other investments should apply to cryptocurrencies directly. The UK’s unfair trade practices regime seems ready-made for this purpose as a stopgap.

In my back of the envelope view (and in the interests of pushing this post out the door), I will just sketch out the issues towards which senior solicitors might want to point their plucky juniors if a client should walk in the door tomorrow, and ask: “how the hell do I do this?”

  • Unfair trade practices as defined in the Consumer Protection from Unfair Trading Regulations 2008, all of Parts 2 and 3 and Schedule 1 paragraphs 11, 13, 14, and 18.
  • The money laundering offences under POCA 2002, particularly s. 328.
  • Straight fraud resulting from subpar disclosures or material omissions in ICO offering documents or on an ongoing basis. I am unsure whether the market abuse regime would apply in the majority of cases due to the fact that this also uses prescribed definitions for securities, etc. which will not account for most peer-to-peer networks.
  • Civil actions relating to misconduct in any of the above categories.

Always happy to have a chat with friends or learned friends alike who should like to learn more. I’m easily reachable on LinkedIn.


Selected comments from third parties. This one from William White:

“I would add one thing. COBS 4.12.6 to 4.12.9 in the FCA handbook are not being followed on who can make investments. Many people are not sophisticated or HNWIs! I would add that to your problems!”

Well, not my problems, strictly speaking. But someone else’s problems for sure. The answer will depend on how successful a token is at steering itself away from the investment categories – a possibility the FCA leaves open – and for this one we’ll need to ascertain whether the token is a “non-mainstream pooled investment” (from my initial reading: no). The onus is on Government here to classify tokens to the extent they continue to defy classification.


And, as a closing note, here’s a picture of a very goofy-looking marmot.



  1. Hey!

    Cracking analysis. Thank you!

    I would add one thing. COBS 4.12.6 to 4.12.9 in the FCA handbook are not being followed on who can make investments. Many people are not sophisticated investors or high net worths. I would add that to your problems!

    Keep up the good work! Will


  2. Food for thought, Marmot. Thx.


  3. Dear Preston, Thank you for another insightful post. Curiositas


  4. […] caveats mean to my English colleagues. One of such English colleagues is Preston Byrne.  In his blog post, Byrne points out that “the key here is that the definition of what a security is, for the […]


  5. Great reasoning and great way to put your analysis forward. Well done !


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s