Month: June 2023

A version of this article was republished on CoinDesk.

Earlier this month, the UK’s financial conduct regulator, the Financial Conduct Authority or FCA, announced new, near-final proposed rules, following recently-enacted secondary legislation, on financial promotion of crypto-assets within the country. Taken together with the passage of the UK Financial Services and Markets Act 2023 (the “2023 Act”) earlier this week, which brings crypto-assets under the UK’s broader financial regulatory regime contained in the UK Financial Services and Markets Act 2000 (“FSMA”), including FSMA’s rules on financial promotions, it is now all but inevitable that the FCA’s new rules – or ones very close to them – will be entering into force on schedule on or about October 8^th. 

This is the culmination of a yearslong effort in the UK government to create new rules to govern cryptocurrency business within its borders. As such it represents something of a departure for the UK from its usual approach to cryptoasset regulation. Historically, the United Kingdom’s financial regulators have not had the power to regulate – and thus have avoided regulating – crypto-assets such as Bitcoin, Ethereum, Cardano, or Cosmos in their capacity as investments, at least in the same manner that they regulated TradFi instruments such as securities. This differs significantly from the regulatory landscape in the United States where, infamously, the U.S. Securities and Exchange Commission asserts more or less plenary authority over the cryptocurrency sector by utilizing 90-year-old securities legislation, and in relation to which it has been prosecuting a regulation-by-enforcement campaign in the federal courts.

Among many other things the 2023 Act does, it folds certain types of regulated activities, like arranging deals in or managing investments when crypto is the underlying product, into the FCA’s regulatory scheme. It also grants additional, and as far as I can tell open-ended, powers under a new “Designated Activities Regime” to impose crypto-specific, as-yet-undetermined rules and restrictions on the industry, which in the government’s opinion include powers to go so far as banning of particular types of crypto business or asset. 

The most immediately relevant provisions from the Act for cryptocurrency developers, though, are aforementioned changes which bring cryptocurrency marketing fully under the existing financial promotions regime. Generally speaking, in the UK one is not allowed to “communicate an invitation or inducement to engage in investment activity” in the course of business to a prospective customer unless conducted or approved via a regulated entity, or an exemption applies. Regulated entities under the new regime for crypto include FCA authorized firms, registered cryptoasset firms, or authorized firms which have passed through regulatory gateway legislation (which is currently with Parliament). How these communications may be made and what they must contain is governed by complex rules, too; given that penalties for noncompliance include fines and potential imprisonment, strict adherence to the rules is a must. 

Current state of play

What does this mean? Unlike in the U.S., and news stories saying “crypto is now a regulated activity,” cryptocurrency itself has not been redesignated as a regulated product. As far as this writer can tell, the act of hashing a genesis block, mining coins, and distributing them otherwise than in the course of business still isn’t regulated, whereas in America there are those who would argue that it is. 

Engaging in certain types of “regulated activities” which are already regulated vis a vis other kinds of investments in relation to crypto, however, will be regulated going forward. For service providers undertaking what would otherwise be regulated activities, it means compliance and licensure. Developers and issuers, on the other hand, should still consider the UK open for business, although they will need to approach doing business in the UK and with UK consumers with considerably more care than before. Unlike in the U.S. where the regulator is asserting that crypto-assets are securities, cryptoassets qua cryptoassets are more or less treated the same as they were a year ago. Extremely stringent rules around marketing cryptocurrency to consumers are proceeding ahead with dispatch, and it is in this marketing where the heaviest compliance burden for devs will arise.

The types of marketing covered by the financial promotion regime could include not only marketing in a formal sense like a television advertisement or an investment memorandum, but also less formal communications where cryptocurrency companies usually market their protocols such as podcasts, hackathons, conference events, and meetups, or online banner ads and Tweets. The new regime also includes communications to high-net-worth and sophisticated investors.

Moreover, at least based on my reading, the new rules make no distinction between ICO-based cryptoassets like Polkadot or Cosmos and cryptocurrencies which are generally regarded as “decentralized” and not subject to much regulation even in the United States, such as Bitcoin or Ethereum. This means that something as seemingly harmless as a cryptocurrency ATM might need to have any marketing copy it displays on its user interface (“Buy crypto here!”) reviewed by an FCA-authorized firm and brought into compliance with the new rules.

The bargain that appears to be emerging in the UK is that the price of freedom to develop and trade crypto is tight regulation on how it is marketed to consumers. If things get too out of hand, more rules may follow. But they haven’t followed yet. This is a novel approach which, unlike the draconian regulatory crackdown underway in America, strikes what feels like a fairer balance between free markets and consumer protection. This approach gives the crypto markets latitude to evolve on their own while also incentivizing higher levels of disclosure from those who seek to make money selling to those markets. 

The tantalizing possibility here is that the UK Treasury exercises restraint with its new powers and that existing, regulated market participants with large UK presences – companies like BnkToTheFuture and eToro immediately come to mind – might fill the gap and develop businesses which evaluate and prepare the volumes of marketing disclosures that will be needed to promote the sale of cryptocurrencies available for sale on their platforms, while the government remains hands-off of developers and software startups operating within its borders. 

If the regulators can exercise a bit of self-control and sit on their hands, there’s a good possibility Britain could eat America’s lunch. Whether they can resist that temptation remains to be seen.

I developed something of a reputation for being a skeptic about the legal propriety of selling cryptocurrency tokens in the United States. I used to write about this extensively, particularly in 2017-18 when I was studying for my LL.M. to get dual-qualified in America and, accordingly, had more free time and latitude to say what I wanted than I do now as a partner in an American law firm.

Moreover, I held this position when it was unpopular and non-obvious, unlike the recent crop of crypto critics like former government lawyer John Reed Stark who seems to take endless glee in kicking the industry while it’s down. See, e.g., on July 9th, 2014, when my friend Tim Swanson and I were quoted in a CoinTelegraph article, “Mitigating the Legal Risks of Issuing Securities on a Cryptoledger,” when I said that “[Virtually] nobody has done this correctly. To date I have not seen a single crypto-security that has been properly structured.”

People thought I was crazy at the time. Others probably thought I was just a jerk. The truth is probably somewhere between the two. Keep in mind, of course, that in 2014 the idea of an “Initial Coin Offering” didn’t really exist; entrepreneurs like Joel Dietz marketed his “Swarm” crowdfunding token as “crypto-equity,” a term which fell into disfavor by more sophisticated projects like Ethereum which, only a month after I was quoted in the CT article, launched its ICO. But even that wasn’t called an ICO. That, presumably per whatever advice was given to Joe Lubin by his lawyers, was a “sale of crypto fuel for the Ethereum network.”

Ethereum subsequently exploded in 2017 and with it came a thousand imitators and other variations just like it. U.S. regulators were slow to respond. SEC Director Bill Hinman added fuel to the ICO fire when made his famous “Hinman Speech” which set out the (now-discredited) “sufficiently decentralized” exception to the Howey test. (Keeping in mind that Hinman was based out of San Francisco, the general assumption among those of us who were not in the cool SF VC crowd was that they had successfully convinced that office that Ethereum – a popular investment out there – was the next Internet and the best thing for the government to do would be to get out of the way and let Ethereum prove it.)

I think it is safe to say, five years later, that Ethereum has not cracked a lot of the scaling issues it would have needed to crack in order to become the next Internet. With those broken promises on one side, perhaps it is not surprising that the government has decided to adopt a more traditional approach as well, with the NYAG’s office alleging that Ethereum is a security in her recent lawsuit against KuCoin for violating New York’s Martin Act. (For reference, I have been arguing Ethereum should have been regulated as a security for several years – see my 2018-era blog posts Whether Ether is a Security and Ether is not a Security?)

What followed the Hinman Speech can only be described as confusing. Up till the Hinman speech, the SEC really had only gotten involved in the crypto business in cases of obvious and notorious fraud. The first such case that I can recall was the case of SEC vs. Trendon Shavers and Bitcoin Savings and Trust (a Ponzi scheme) and SEC v. GAW Miners, Joshua Homero Garza et al. (another Ponzi scheme involving the sale of “mining contracts” and a $20 stable coin called “paycoin”).

In terms of non-fraud enforcement, the SEC started to bring its first set of enforcement actions, announced by way of settlements, with a number of coin-related projects in late 2018, only months after the Hinman Speech was published. The first such settlement, with a founder of early decentralized exchange, or “DEX,” EtherDelta, was announced on Nov. 8th, 2018; the SEC claimed that the DEX operator was operating an unregistered exchange, which necessarily implied that the SEC took the view that some of the assets on EtherDelta – being Ether and ERC-20s – were securities. Ten days later, the SEC announced its first settlements with two otherwise completely unmemorable ICO issues, Airfox and Paragon; both respondents agreed to register their tokens as securities (which does not appear to have happened as far as I can tell).

What followed over the next year was a range of weird settlements which failed to serve as a deterrent to further ICO issuance being conducted at the same time as a bunch of weird transactions (such as the Filecoin Reg D pre-sale of functional storage tokens which the SEC now alleges, in the Coinbase lawsuit, are securities) which tried to pretzel their way into compliance with the non-guidance guidance issued by Bill Hinman. EOS, for example, which advertised its product on a giant Times Square billboard during Consensus 2017 and raised north of $4 billion in crypto (as valued at the time), was somehow allowed to skate by paying a $24 million fine – and not even a requirement to register! Other projects were not so lucky. Kik Interactive, Telegram, and Ripple Labs (which I said was a security before it was cool) each launched absolutely gargantuan ICOs; both Kik and Telegram lost badly in federal court, and I do not rate Ripple’s chances. Similarly the much-smaller LBRY project, based in New Hampshire and which pre-dated EOS by some years, was not, as far as I am aware, offered a settlement deal with the SEC which would have permitted their business to continue operating; the only logical reason I have been able to deduce for this is that the SEC’s Boston office wanted a scalp and the only place you’ll find a crypto startup in New England is in New Hampshire.

This brings us to the Coinbase complaint. Nothing about this lawsuit against Coinbase will come as a surprise to any attorney who has been practicing in the U.S. after 2018.

The charges alleged are numerous. The SEC accuses Coinbase of violating the registration requirement of the Securities Act of 1933 in relation to its custodial staking offering.

It also charges Coinbase with violating the Exchange Act’s registration requirements, which require anyone effecting transactions in securities to register and be supervised by the Commission. Furthermore, Coinbase is charged as operating as an unregistered broker-dealer and with operating as an unregistered clearing agency, being “any person who acts as an intermediary in making payments or deliveries or both in connection with transactions in securities or… provides facilities for comparison of data respecting the terms of settlement of securities transactions.”

I am not going to spend this entire blog post quoting chapter and verse on broker-dealer registration requirements because that would be boring. I also won’t go into a detailed Howey analysis on many of the coins mentioned in the complaint – including Solana, ADA, Matic, Filecoin, SAND, AXS, CHZ, FLOW, ICP, NEAR, VGX, DASH, and NEXO. The important thing here is that the SEC is seeking, as a remedy, a permanent injunction against Coinbase from operating an unlicensed exchange. If they can get one of the tokens to stick and win at trial, they may be able to shut down Coinbase’s core business completely.

What did surprise me is that it took this long. Back in 2017, I hypothesized that one day there would come an event – one I referred to as the law enforcement would launch something akin to “simultaneous dawn raids at the major exchanges and the homes and offices of the major ICO promoters, with a variety of agencies in a variety of countries co-ordinating their activities.” It’s hard to tell whether we’re at the beginning of a process that extensive, but if the SEC is going after Coinbase, no one in Coinbase’s business is safe. I called that event “The Zombie Marmot Apocalypse,” said it was massively bearish for crypto and I think it is safe to say that it is now upon us.

Our discussion thus turns to what comes next.

Is that all you got? pic.twitter.com/5sAsxvEA46

— nic 🌠 carter (@nic__carter) June 6, 2023

Crypto isn’t going anywhere, so I think the answer is “new exchanges that aren’t carrying all this regulatory baggage.” In terms of how that might look, here’s my current thinking:

1. Paradoxically, there is probably no better time – other than 2012 – to start a crypto exchange than today. For the first time since perhaps the start of Bitcoin itself, compliance will cost less than non-compliance. Existing industry giants have a lot of legal-technical debt they need to work through which will distract them and cost enormous amounts of money.
   
2. The United States have 4.25% (and shrinking) of the world’s population. Crypto is not going to die. In places where it is growing most quickly, particularly Latin America and Africa, there is neither the political will nor the harmonized enforcement capacity to shut it down.
   
3. Making companies like Coinbase treat crypto tokens as old-fashioned securities is like trying to regulate Starlink like we regulate road traffic. Equally, expecting the U.S. government to simply just let crypto happen was not realistic. Increased lobbying efforts and an openness to compromise by U.S. crypto giants will result in a middle path in the U.S. which will regularize crypto business within the next five years if not sooner. This will ideally include a separate regulatory path for cryptotokens which are currently regulated as securities but really shouldn’t be.
   
4. The companies that will succeed will have a growth strategy which doesn’t include the United States, and will then need to be ready to move to the United States on hair-trigger alert once regulations are favorable – or, in the alternative, they’ll need to develop a subsidiary that operates like INX and gets the appropriate regulatory approvals. I suspect that regulations will eventually loosen up so that companies like INX can operate more like companies like Coinbase and Gemini do today. To achieve scale, startups will need to build a toehold in countries with substantial populations of English-speaking crypto users which don’t ban ICOs and permit exchanges to trade spot crypto without regulating them as broker-dealers or clearing agencies.
   
5. The only G20 country I can think of which satisfies these criteria is the United Kingdom. (EDIT: the Australians apparently are G20 and are in my DMs chirping that they meet these criteria, too – excuse the omission!) The UK should be used as a launchpoint to access English-speaking Africa and India while the U.S. gets its act together and (likely) has a change in Presidential administrations to one that doesn’t want to completely eliminate avenues of escape from the dollar.

So. Crypto’s not dead, it’s just in need of a little legal tune-up. May the best and most compliant startup win.