04 sep Crypto Regulation: 5 Legal Compliance Tips to Set Sail for Scale and Avoid Becoming a Pirate of the Cryptean
Our last piece introduced some useful tips for crypto enthusiasts looking to navigate around red flags in the high ICO seas. This time on the wind has directed our sails to Issuer Island, a large exporter of popular currencies.
The population here is composed of a variety of peculiar individuals who all work together. It is quite easy however to identify two main groups.
In the BizBar we can see The Suits in their natural habitat — conversing between each other with a drink in hand, looking for partnerships and value, trying to convince the ordinary lay to back up their newest venture cruise.
BarCode attracts a vastly different bunch — people here seem to consume larger amounts of imported coffee beans rather than ale. They can also be a bit less outgoing at times, but nevertheless often show more vivid signs of intellectual prowess.
Though there is a slight problem… islanders from both camps may overspend time in the local bars and lose sight of their initial drive. Those that fall prey to the pirate life of plunder and booty choose to no longer comply with established Issuer norms and usually end up cast away to uncharted crypto territories. The law-abiding players on the other hand are left scratching their heads on trying to ensure regular deliveries of grade A tokens to Investor Port.
This could be you running away from lawmakers and frenzied investors.
(hint — the life of a crypto pirate is a lot less fun than Jack Sparrow’s…)
Today we take a deeper dive into the coin market ecosystem, in particular to the Great Legal Reef. The main goal of this journey is to provide Issuer Island inhabitants with some guidance on how they can satisfy increasingly stringent regulatory requirements while also positively enhancing their relationship with Investor Port.
1. Token definition and applicable law
The first step for every issuer should be to determine the extent to which their token is covered by regulation. While at the moment some are totally exempt, those that fall within the scope of the law are normally compared to traditional types of securities such as corporate stock or bonds. They bear certain characteristics that differentiate them from their non-regulated counterparts and require issuers to comply with an array of legislative measures posing appreciable barriers to entry.
In a nutshell, from an EU law point of view, tokens that fall within the scope of securities are transferrable assets with a reliance element whereby the creditor relies on the debtor’s performance with the aim of future returns. Under contemporary EU legislation, issuers of crypto tokens with similar ‘share-like’ elements are required to comply with Directive 2001/34/EC, often referred to as the Prospectus Directive. The Directive obliges every security issuer to draw up a prospectus that is later subject to approval from a Member State’s local asset trading laws.
Although it may not seem like a big deal, writing a bulletproof prospectus is by no means an easy job. Prospectuses are quite lengthy (reputable ones can go on for more than 200 pages) so they are least to say time and effort consuming. Setting one up will further require the use of a team of lawyers seasoned in the field. Finding those guys can be tricky in itself, needless to mention the fact that you will have to untie the purse to lock them in.
Most crypto issuers usually have the aim of listing their token on an exchange. Something to take into account here is that the majority of cryptocurrency exchanges escape scrutiny under securities trading laws by way of excluding securities-like tokens from being traded on their platform. Qualifying as a security would therefore not only subject your coin to legislative oversight, but additionally impair the exchange listing possibility. This might change very soon though as Coinbase has just announced it is has been cleared by regulators to list security tokens.
Lastly, consider the future outlook of your project. If the current plan on the decks is to initiate the offering in a particular jurisdiction that does not automatically point towards compliance exemptions in other markets. US regulatory reach for example is oftentimes considered overarching as the establishment of even the slightest connection to American markets can be enough to invoke jurisdiction. Especially in cases where coins end up listed on exchanges, the regulatory burden comes in many forms and from various sources.
2. Know-Your-Customer (KYC) and Anti-Money-Laundering (AML) rules
There is no way we can stress this enough, every reputable ICO needs to have a KYC & AML system in place to gain the legislator’s favor. The absence of analogous measures brings about a number of associated risks. In the crypto market this is of particular concern due to the sometimes anonymous identity of ICO backers. As tokens can be (as well as have been) used to propel money laundering initiatives, bribery, illegal black market trade, etc., KYC/AML systems help solve this problem through investor background checks, fund tracking and subsequent reporting of sketchy freebooters.
Another mitigated risk is the possibility of investor pooling and market manipulation. Common practice among ICOs is to have a personal investment cap for each investor with the aim of diversifying the investor portfolio. However, some investors are able to bypass this requirement by purchasing tokens from ‘borrowed’ accounts or under different identities. KYC measures mitigate this risk and ensure a level playing field for all potential backers.
No, this is not just for Facebook.
As we continue to store the bulkof our data digitally and become more aware of the challenges stemming from that, transparency and accountability is the name of the game.
In light of the General Data Protection Regulation (GDPR), the EU regulator is introducing a tighter regime for the handling of personal data which is expected to affect businesses worldwide. With the idea to enhance private persons’ control over their own data, the law recently came into force on May 25th and translates into a number of obligations for ICO project leaders.
First, issuers must be aware of the requirement of having a sufficient legal base to conduct KYC/AML background checks. Most governments will expect ICOs to conduct these, but in cases where the law does not explicitly provide it, you would have to ask for the data subject’s consent. And remember, consent can no longer be inferred or shadily obtained under the GDPR — it needs to be asked for explicitly in a clear and intelligible manner.
Second, any collected data must be safe and secure. Internal drives and encryption are a few commonly used methods to achieve this end, but what matters for the EU regulator is the existence of operational and technical safeguards to prevent potential third-party intervention. Further requirements include categorizing the data and conducting internal audits with the aim of identifying potential risks of breach.
Third, users are to be clearly and visibly made aware of their rights regarding their data. Among others, those include rights of access, erasure (‘right to be forgotten’) and data modification. Long story short — users should be able to get a hold of any personal details you might have over them in a timely, organized and widely accessible manner.
Something to consider here is setting up a “data hotline” similar to a feedback form on a website where users can file requests regarding their data. Such a measure signifies a company’s commitment to comply with GDPR expectations to backers and regulators alike.
For the full GDPR text click here.
4. The ICO purchase agreement
Between every issuer and ICO backer stands the ICO purchase agreement.
Similar to a Terms of Service which naturally everybody takes the time to read in full, it contains all the relevant terms governing the contract between the two parties, for example on matters relating to applicable law, choice of court, personal investment cap etc.
The main idea behind the agreement is to create sufficient transparency and correct any information asymmetries between you and your backers. Here it is of utmost importance to clearly define your product and specify any risks associated with it. Just think from the perspective of the buyer — they wouldn’t normally invest in a risk free environment, it just sounds too good to be true… plus you also have to cover your own bum if things go south, right?
Aye, aye! Forget everything I wrote, get your pistols out, bring up the rum and YARRR!
No, but really, come on… in all seriousness this is probably the point where everybody wants to get a taste of that pirate life. Both a problem and a blessing in disguise, the lack of guidelines in this area leaves some leeway for issuers. Bear in mind though, we are merely providing suggestions based on the current ICO state of the art. As there is no definite playbook to look at for inspiration and legislative stances vary significantly, we cannot guarantee the real life applicability of the below information to your individual case.
An ideal first step to take is to choose a jurisdiction with a friendly business climate, one where possibly the token you issue is not considered a security for tax purposes. It is an understandable preference to incorporate at home due to convenience and familiarity with the domestic legal framework, but that might not always be beneficial from a purely business perspective.
Some jurisdictions such as Malta, Switzerland and Lithuania have taken a step further in developing crypto and offer an environment specifically tailored to nurture blockchain technology. Others lure in offshore talent and companies through foreign friendly terms such as a 30% tax exemption in the Netherlands.
Hate moving? In that case there might be another interesting solution for you — digital residency and incorporation in a top EU crypto ecosystem strongly receptive to foreign business! (Can I have some noise for Estonia here?)
So what about VAT? You are in luck, at least for the time being. Given again the absence of guidance from legislators, general consensus is that ICOs in themselves are not considered taxable events for VAT purposes. The reason is because VAT can only materialize after a token has been traded for an identifiable service. Said identifiable service, however, typically does not exist at the time of an initial coin offering. The funds from the purchase of the token are merely used to finance the development of the service rather than enable access thereto.
And what happens to token reserves? The main stress point here is the taxability of appreciation of the value of tokens allocated to the reserve. Issuers may want to be cautious on where reserves are listed on the balance sheet. Based on industry best practices and use cases, a solution might be to list it as a corporate asset.
More and more islanders are flocking to Issuer Island these days. Many, the majority of whom had only taken a stay with the aim to fill their purses, have also left. The growing concerns of Investor Port have caused the Great Legal Reef to take concrete steps in keeping the freebooters and sharks at bay.
With some luck, Issuer Island is set to become a place no longer associated with illegal activity. Legal’s growing activities in the area are set to recognize the beloved isle as a thriving community with a higher purpose than that of scamming the Port.
A busy future lies ahead, yet one where the quality of exported coins will continue to rise. It all starts with the Islanders though — as long as they don’t prioritize plunder and booty the Archipelago will thrive.
Interested to know more? Feeling like we missed something? Let us know via socials or reach out personally, Watson Law is more than glad to answer any questions thrown at us!