The world is your oyster, as they say, when it comes to choosing where to incorporate your business(es) for an ICO. That said, cryptocurrency regulation is new to many jurisdictions, who are looking for ways to define and manage what cryptocurrencies are.
What makes a “good” jurisdiction in which to conduct a cryptocurrency business or issue tokens?
There are several characteristics that separate “good” from “bad” jurisdictions in which to conduct an ICO or run a cryptocurrency business. First, there is, as of today, there are still no truly “mature” regulatory environments in which to run your business. Without exception, the governments in the following jurisdictions are still in the process of evaluating crypto-currencies on multiple levels. The attention that is currently being paid to these businesses means that the days of zero-regulation, self-governed ICOs that escape regulatory attention entirely are, if not over, certainly limited. This has advantages and disadvantages. The advantage being that a more certain regulatory environment means less future risk of a jurisdiction creating and/or enforcing a law retroactively that could undo what you have done in terms of raising capital, forming your business, and issuing your tokens. The disadvantage is that as a practical matter, “legitimizing” cryptocurrencies means, in most cases, more paperwork, more expense, and more restrictions. That is the essence of regulation, however “light” it may be relative to traditional, heavy-handed regulations in the areas of securities laws, banking laws and tax laws.
Second, there are a few themes or values that came up consistently, and are likely to be the “must haves” in your ICO / cryptocurrency enterprise. The values that crop up consistently include anti-money laundering, anti terrorist-financing and investor protection (in that order, in my opinion). The first theme falls with the Bank Secrecy Act, among other legislation, that sets forth the framework for Know Your Customer / Anti-Money Laundering procedures. The second invokes the respective securities laws of each country in which you do business. Sure, this adds “drag” in the form of having to verify the identity of your investors (unlike prior ICOs in which an Ethereum address was enough), but that is the price to pay for keeping the good guys and chasing away the bad ones.
Third, there are several characteristics of the country you want to look for. First and foremost is to ask what history the jurisdiction has with cryptocurrency, and what is their level of sophistication? The regulatory culture is critical. Does the country fundamentally have a positive or a negative view of cryptocurrencies and blockchain-oriented businesses? Obviously it is only worth considering jurisdictions that have a sophisticated understanding of these products, enough to know when and how to lay off businesses without compromising the “core” values described above. Other important characteristics include those that do not deal directly with cryptocurrency but that relate to the business environment as a whole such as: what is the business language of the country? What type of legal system does it have? How easily can you avail yourself of the legal system (either offensively or defensively)? What is your access to banking relationships and how strong is the banking sector? What are the jurisdiction’s tax laws and policies?
Shades Of Regulation
You should view regulation of cryptocurrency companies on a spectrum. On one end your company is fully regulated, mostly under existing securities and banking law, in whichever country you intend to do business. At this extreme, not surprisingly, are the greatest regulatory costs and burdens, including the need for extensive pre and post-ICO disclosures, “lock up” periods for the tokens and the like. At the other extreme one operates in a “permissionless” environment, that is, you conduct your offering however you like, including very limited public disclosures, no KYC/AML procedures and so forth. ICOs that took place prior to and during 2017 largely followed this second model, accepting anonymous investors and providing little public information other than the team’s wish list. As 2017 went on, however, more and more ICOs have begun to adopt elements of the first model. This appears that this is the current trend.
One popular, though commonly misunderstood, manner in which to operate your blockchain company is through regulatory “sandboxes”. Countries such as the United Kingdom, Singapore and Canada have established programs within which some blockchain companies are allowed to operate without having to fully comply with the full battery of (mostly securities) regulations. A “sandbox” does not refer to an all-play, no regulation environment. Rather, it requires compliance with a streamlined set of rules, and in some cases comes with restrictions on what the company can and cannot do.
With this framework in mind I turn to an analysis of the top two jurisdictions which, in my opinion, merit your further consideration as a place in which to incorporate and/or issue tokens:
Switzerland And ICOs
Switzerland needs no introduction as a world financial capital. It has some of the most developed educational, financial and technological systems in the world, and has through public statements adopted a very welcoming attitude towards cryptocurrency related business. The town of Zug is affectionately referred to as “Crypto Valley” for its concentration of innovative Fintech companies that have set up operations there. The Crypto Valley Association (CVA) was formed on January 17, 2018, for the express purpose of attracting blockchain companies to Switzerland.
For the reasons discussed below Switzerland is the second most popular jurisdiction for conducting ICOs (nine, as of February 1, 2018, including Ethereum). Switzerland began discussing ICOs, blockchain and innovative financial companies years ago, before many countries even had a firm understanding of the basics of the industry. A February 11, 2016 publication by the Federal Department of Finance (FDF), for example, set forth a “three pillar” approach to regulation of FinTech companies. Tier 1 addresses “crowdfunding” style campaigns, not unlike the JOBS Act crowdfunding regime in the United States. The second pillar is referred to as the “Innovation Area”, which features a regulatory sandbox approach. The third pillar contemplates a full Fintech license, though with lower regulatory requirements than conventional banks.
The Swiss followed up on this initial guidance with FINMA Guidance 04/2017 (actually dated 29 September 2017)(the “Guidance”) that specifically addressed the parts of Swiss law that could potentially apply to ICOs, or “Token Generating Events”. The tone of the publication is positive and supportive of developing and implementing blockchain solutions in the Swiss financial center. The Guidance does not describe what is a “payment instrument”, the types of obligations that an ICO operator would have, or what constitutes “external management” of ICO assets. It does not define what is a “security” either, although the definition of “securities” has been better explored in multiple jurisdictions. The point to take away from this initial guidance is that it is likely that at least one of the existing legal regimes applies to any given Token Generating Event / ICO.
The Swiss continued their leadership with their “Guidelines for Enquiries Regarding the Regulatory Framework For Initial Coin Offerings (ICOs)” of February 16, 2018 (the “Guidelines”). These Guidelines refined the above-referenced Guidance by categorizing different types of tokens and by further explaining what regulatory regimes apply to which types of tokens. Included in the Guidelines is the questionnaire that FINMA requires of “market participants” who are interested in doing business in Switzerland. The Guidelines do not apply to existing ICOs (which are considered only retrospectively by enforcement bodies), or for those simply requesting information.
The heart of the Guidelines is in Section 3, Principles applied when assessing specific enquiries. Section 3.1 provides that tokens will be viewed according to an “underlying economic function” test, that is, what is the substance of the economic relationships that the token creates, and how does that token fit existing Swiss law. These are the three primary types of tokens and their fundamental characteristics:
- Payment Tokens – Tokens intended to be used, now or in the future, as (1) a “means of payment” for acquiring goods or services, or (2) as a means of money or value transfer (compare Bitcoin)
- Utility Tokens – Those which are intended to provide access digitally to an existing application or service by means of a blockchain-based interface (Compare STEEM).
- Asset Tokens – Tokens that “represent assets such as a debt or equity claim on the issuer”, such as a share in future earnings or capital flows. Asset tokens are “analogous to equities, bonds or derivatives”, and include tokens that enable physical assets to be traded on the blockchain.
The Guidance points out that the categories are not mutually exclusive, and that “hybrid” tokens display more than one set of the above characteristics. In these cases the regulatory requirements for the hybrid tokens are cumulative.
The timing of the ICO versus the development of the network is crucial in how the token is characterized. Tokens that relate to blockchains or networks that are already fully developed at the point of fund-raising are generally categorized according to the categories set forth above, depending on their underlying economic function. Claims (such as SAFTs) and tokens that relate to networks to be developed in the future – known in the Guidance as a “Pre-Financing”- may be treated differently than what the underlying economic function may eventually be. Claims to future tokens in the form of SAFT, for example, are treated as “securities” even if the eventual underlying economic function of the token to be released later is utility. In summary, forming an ICO company in Switzerland offers a level of predictability as to how you might expect your token to be treated that is not found in other jurisdictions.
Gibraltar And ICOs
Gibraltar is a British Overseas Territory and headland on Spain’s south coast. First settled by the Moors in the Middle Ages and later ruled by Spain, the outpost was later ceded to the British in 1713. It is currently considered a British Overseas Territory, rather than an independent nation, but is nevertheless a member of the EU. While only 2.6 square miles in area it is home to close to 30,000 people. Under its 2006 Constitution Gibraltar governs its own affairs, though some powers, such as defense and foreign relations, remain the responsibility of the British government. Today, Gibraltar’s economy is dominated by four main sectors: financial services, online gambling, shipping, and tourism. Its official languages include English and Spanish. It’s corporate tax rate is a favorable 10%.
In 1967, Gibraltar enacted the Companies (Taxation and Concessions) Ordinance (now an Act), which provided for special tax treatment for international business. This was one of the factors leading to the growth of professional services such as private banking and captive insurance management. Gibraltar has several attractive attributes as a financial center, including a common law legal system and access to the EU single market in financial services, although following Brexit there is some uncertainty as to whether this access will continue. The Financial Services Commission (FSC) which was established by an ordinance in 1989 (now an Act) that took effect in 1991, regulates the finance sector.
The Gibraltar DLT License
True to its history in attracting innovating finance companies, Gibraltar has issued partial regulations governing blockchain companies, or “distributed ledger technology” (DLT) companies. The Gibraltar Financial Services Commission has issued numerous statements and conducted interviews in which it has described its approach to DLT, and ICO, regulation. This it to be done in two phases, the first of which is complete in the form of the Financial Services (Distributed Ledger Technology) Regulation LN.2017/204. The second part of the legislation will address ICOs specifically.
“One of the key aspects of the token regulations is that we will be introducing the concept of regulating authorized sponsors who will be responsible for assuring compliance with disclosure and financial crime rules,” said Sian Jones, a senior advisor to the GFSC, according to Reuters. It is not entirely clear who such “authorized sponsors” would be, but in general the Commission’s public statements have reflected a flexible, market-oriented approach.
Gibraltar has since come out with proposals for how DLT and, specifically, token issuers will be regulated. The document, “Token Regulation”, dated March 9, 2018 describes the present regulatory environment, how the Government of Gibraltar views tokens in general, and what new activities will constitute “controlled activities” subject to formal regulations yet to be released. This White Paper advances Gibraltar considerably along the spectrum of regulatory maturity discussed above.
The White Paper begins by characterizing tokens and token issuers in terms somewhat different than other jurisdictions. It points out that at present “raising finance by means of an ICO is unregulated in Gibraltar”. Notably this isn’t cast as a negative thing, rather, the White Paper notes that, according to HM Government of Gibraltar (HMGog) and the Gibraltar Financial Services Commission (GFSC), Gibraltar is expected to “remain … an attractive jurisdiction from which to conduct ICOs”. This is an interesting and critical point in that the government appears to, at least on the surface, approve of ICOs that already occurred from Gibraltar and that will occur even with regulation coming down the pike. This is important because it reduces the risk of retroactive application of punitive provisions (for example, in the case of Switzerland’s look-back approach), and suggests that companies wishing to do ICOs while the new legislation is pending will not necessarily be violating any laws.
The White Paper nevertheless cites prior guidance in setting forth general principles which are likely to apply going forward. This prior guidance sets forth general warnings about the speculative and risky nature of most blockchain projects. The White Paper also cites the provision in the prior guidance that distinguishes between security tokens (“with an equity interest or right to distributions of … profits or in the event of winding up”) and utility tokens that serve an unregulated functional use, “such as prepayment for access to a product of service that is to be developed using funds raised in the ICO”. The White Paper lists lack of regulation and the difficulties in defining exactly what are securities as “defining the problem”.
Gibraltar has a unique take on tokens as securities that is narrower than in other jurisdictions. In fact, the White Paper notes that “most often, tokens do not qualify as securities under Gibraltar or EU legislation”. Rather, tokens constitute “the advance sale of products that entitle holders to access future networks or consume future services”. As such, rather than conferring fixed rights to income or assets (which would most often be securities), the White Paper states that most tokens are “commercial products … not caught by existing securities regulation in Gibraltar.” The White Paper likens tokens to commodities.
The White Paper’s fundamental purpose is to propose regulation in these, previously unregulated areas with the goal of protecting consumers, Gibraltar’s reputation and the safe use of tokens as a means of crowd financing. The White Paper calls for regulation as to:
- The promotion, sale and distribution of tokens;
- Operating secondary market platforms trading in tokens; and
- Providing investment and ancillary services relating to tokens.
It proposes that the GFSC will regulate:
- Authorized sponsors of public token offerings;
- Secondary token market operators; and
- Token investment and ancillary service providers.
Notable is what the White Paper states the government should not regulate:
- Technology;
- Tokens, smart contracts or their functioning;
- Individual public token offerings; or
- Persons involved in the promotion, sale and distribution of tokens.
Consistent with other jurisdictions, the White Paper also proposes to make the proceeds received from token offerings subject to Gibraltar’s anti-money laundering (AML) and countering financing of terrorism (CFT) legislation, and to designate GFSC as their relevant supervisory authority for AML/CFT purposes. As in other jurisdictions the white paper provides that regulation is cumulative, and that the regulated activities described above may also apply to firms or individuals covered by the DLT Regulation.
The White Paper breaks down the expected legislation into “limbs”. The first “limb” is “intended to regulate [the] primary market promotion, sale and distribution of tokens” that are neither securities (which are regulated under existing securities laws) nor “outright gifts or donations”, conducted in or from Gibraltar. Notably, this first limb specifically excludes virtual currencies. The government makes this distinction based on the “underlying economic function” of the token. The White Paper also applies a type of “situs”, or location test, providing that the first limb of the regulations apply to activities that are conducted from Gibraltar, intended to come to the attention or be accessed by any person in Gibraltar, conduced by overseas subsidiaries of Gibraltar-registered legal persons, or conducted by overseas agents or proxies acting on behalf of Gibraltar-registered legal persons, or on behalf of natural persons ordinarily resident in Gibraltar.
While short on specifics, the White Paper calls for robust disclosure of information on the part of ICO organizers. The proposed regulations, it provides, should provide “adequate, accurate and balanced disclosure of information [that is designed to] enable anyone considering purchasing tokens in the primary market to make an informed decision”. What is specific is the provision that brings the proceeds of ICOs (the currencies collected in exchange for tokens) within Gibraltar’s AML regime, specifically the AML and CFT (counter terrorism financing) provisions of the Proceeds of Crimes Act 2015 (POCA). The White Paper directs that these changes be made by separate regulation under the POCA legislation.
An interesting characteristic of the Gibraltar White Paper and the regulations it calls for is its “Authorized Sponsor” (AS) provisions. In short, an Authorized Sponsor is a person who is in essence the official representative of the ICO. This person will be responsible for the organizer’s compliance with the regulations, and must be “appointed in repsect of every public token offering promoted, sold or distributed in or from Gibraltar. The organizer is the one to appoint the AS. The Authorized Sponsor must have “mind and management” (likely, some sort of permanent office) in Gibraltar, and is permitted to provide additional services to the offering other than serving as the representative, such as serving as a custodian of the proceeds or authorizing their release according to the sale conditions.
Each AS must have “Codes of Practice” as to each offering they supervise. These Codes of Practice are intended to assure the organizer’s compliance with the forthcoming regulations, and to establish “best practices” as to an ICO. The White Paper is short on details as to precisely what these Codes of Practice should contain, but is explicit that the GFSC will be flexible as to the format of these Codes provided they reflect “appropriate, relevant knowledge and experience” as to the letter and spirit of the White Paper, and later, the proposed regulations. Notably, Sponsors are free to apply different Codes to different types of tokens and offerings, and may set out such matters as the method for applying and distributing sales proceeds.
The Code of Practice must be incorporated into some sort of agreement between each AS and their sponsorship clients. The Code is part of the organizer’s license application. The GFSC will be maintaining a public register of Authorized Sponsors and their respective past and present codes of practice. As such, the following will be public information as to each ICO:
- The client(s) for whom they act;
- The token(s) included in the offering;
- The code of practice applicable to the offering; and
- Any interest they, and connected persons, have in the tokens offered
As such, Gibraltar law has a public disclosure element that is missing from other jurisdictions, although it is not yet clear to what extent disclosing information about the Authorized Sponsor will require material information about the ICO organizer’s business model or plans.
Importantly, and contrary to other language in the White Paper concerning unregulated ICOs, the White Paper calls for the regulations to create a “new controlled activity and offence”, the controlled activity being the Authorized Sponsor requirement, the offense being the “promoting, selling or distributing tokens” without complying with:
1. The requirement for an authorized sponsor;
2. The requirement for a current entry on the public register;
3. Specified disclosure obligations;
4. Relevant provisions of POCA, where applicable.
This is potentially problematic in that the White Paper puts all ICO organizers on notice that they require a representative whose duties are not fully specified, public disclosure of Codes of Practice yet to be defined, and “disclosures” of information in an unspecified format, the content of which has yet to be determined. Only the anti money-laundering provision (the reference to compliance with POCA) is somewhat easier to comply with in the present, as Know Your Customer and related legislation has been in existence for some time, the compliance regimes for which are available as examples. Unlike, for example, the Code of Conduct provision, which specifies that Authorized Sponsors may exercise discretion in how they propose to comply with the regulations, this latter provision specifies that “promoting, selling or distributing” tokens without these pieces in place is an offense, potentially subjecting the organizer to civil or perhaps even criminal penalties. It is hard to imagine this not having some chilling effect on those looking to issue tokens in the near term, before the regulations are in place.
On the other hand, Gibraltar should not be too quickly written off as too risky simply because there is some delay in getting final regulations. Notwithstanding the single reference to the offense of conducting an unregulated ICO, the fact that Gibraltar is moving at all towards providing clear regulatory guidance itself differentiates it from many other countries that having nothing on the table except enforcement actions, most notably the United States. The overall tone towards DLT and ICOs is, too, unmistakably positive in tone. Further, you may have many parts of the business that are still maturing, and, as such, you may have flexibility in your timetable within which to issue your tokens. Put simply, Gibraltar may be worth the wait.
While uncertainty reigns, at least the White Paper establishes a time table within which (supposedly) the regulations are to be forthcoming. Draft regulations for the promotion, distribution and sale of tokens is supposed to occur in May of 2018, which is not far off from the date this memorandum was written. The limited regulation amending POCA is expected in March, 2018.