20 Nov 2017
Hot on the heels of confirmation of the introduction of a Distributed Ledger Technology (DLT) regulatory framework, Gibraltar now looks to create a complimentary framework for Initial Coin Offerings (ICOs) which will cover the promotion, sale and distribution of tokens
Whilst there have been very successful ICO campaigns, investing in an ICO is speculative and risky and should only appeal to discerning investors or those with sufficient technical knowledge. So, Gibraltar’s announcement that it will create a regulatory framework which will cover the promotion, sale and distribution of cryptocurrency is welcome news as it is likely to result in interest only from responsible promoters who have well thought out business objectives. The attraction of Gibraltar regulated ICOs will undoubtedly be the additional confidence prospective investors may feel when evaluating whether to invest. As the Gibraltar Financial Services Commission (GFSC) have re-confirmed that Gibraltar is committed to being a sound and safe place to do business with and announced that ICO regulation will be a complementary regulatory framework, aligned to the DLT regulatory framework, let’s start with some basics relating to the DLT regulatory regime. What activities are covered by the DLT regulatory regime? The Financial Services (Distributed Ledger Technology Providers) Regulations 2017 (DLT Regulations) have now been published and will come into operation on 1 January 2018. The DLT Regulations amend the Financial Services (Investment and Fiduciary Services) Act by introducing a new category of restricted activity, that of a DLT Provider – “carrying on by way of business, in or from Gibraltar, the use of distributed ledger technology for storing or transmitting value belonging to others”. “Distributed ledger technology” means a database system in which (a) information is recorded and consensually shared and synchronised across a network of multiple nodes and (b) all copies of the database are regarded as equally authentic. “Value” includes assets, holdings and other forms of ownership, rights or interests, with or without related information, such as agreements or transactions for the transfer of value or its payment, clearing or settlement. The DTL regime therefore covers the use of DLT for storing or transmitting value belonging to others by way of business in or from Gibraltar, but does not cover or seek to regulate:
• Cryptocurrencies themselves
• The development of DLT
• ICOs
• Cryptocurrency investment advice (investment advice is regulated separately)
• Firms or persons using DLT for their own benefit (as opposed to by way of business)
How will GFSC regulate DLT Providers? The DLT Regulations are principles based and outcomes focused. There are 9 core principles as follows. A DLT Provider must: –
• Conduct its business with honesty and integrity;
• Pay due regard to the interests and needs of each and all of its customers and must communicate with them in a way that is fair, clear and not misleading;
• Maintain adequate financial and non-financial resources;
• Manage and control its business effectively, and conduct its business with due skill, care and diligence; including having proper regard to risks to its business and customers;
• Have effective arrangements in place for the protection of customer assets and money when it is responsible for them;
• Have effective corporate governance arrangements;
• Ensure that all of its systems and security access protocols are maintained to appropriate high standards;
• Have systems in place to prevent, detect and disclose financial crime risks such as money laundering and terrorist financing; and
• Be resilient and have contingency arrangements for the orderly and solvent wind down of its business.
A firm intending to apply for a DLT Provider’s licence must first submit an initial application assessment request to GFSC in a form and manner yet to be determined. Upon receiving an initial application, GFSC must: –
• Assess the nature and complexity of the applicant’s proposed business model and the products and services which the applicant proposes to offer and;
• Provide the applicant with an initial assessment notice informing the applicant of –
• Any steps which the applicant must take before making a full application; and
• The documents and other information which must accompany the full application.
GFSC have indicated that when assessing an initial application, it will have regard to the following complexity and risk factors:
• Application of DLT and its maturity
• Use of smart contracts
• Holding or control of client assets
• Type of customers
• Number and variety of products and services
• Interaction and interplay with other types of regulatory regimes
• Investment related products and services
• Outsourcing
• Organisational structure
• Exposure and vulnerability to money laundering and terrorist financing risks
• Tried and tested
• Scale and size
Having regard to the above factors, GFSC will categorise complexity by using 3 levels, Category 1, Category 2 and Category 3 (Category 1 being the lowest and Category 3 the highest in terms of complexity and risk. Once an applicant has received an initial assessment notice from GFSC, it may proceed to make a full application for a DLT Provider’s licence, provided the full application conforms with the requirements of the initial assessment notice. This principles based and outcomes focused DLT regime should not be considered by potential applicants to be light touch or soft regulation. On the contrary, DLT Providers must at all times not only comply with the core principles and any specific conditions its licence may contain, but also with its obligations under the Financial Services (Investment and Fiduciary Services) Act and all other applicable Financial Services Legislation. In fact, GFSC has announced that it will shortly be issuing Guidance Notes which, like all regulatory guidance, will require compulsory compliance. As the DLT space is a fast moving one, the Guidance Notes will be a “live document” which will be adapted and evolve to keep pace with the evolution of the DLT space itself. Also, GFSC intends to appoint a panel of industry experts to assist with the evolving nature Guidance Notes. So as GFSC have announced that it is considering a complementary regulatory framework ICOs which is aligned with the DLT framework, what might the ICO regulatory regime look like? As GFSC’s announcement states that an ICO regulatory framework will be aligned to the DLT framework and re-affirms Gibraltar’s commitment to being a sound and safe place to do business with, we believe that we can also expect a principles based and outcomes focused regime for ICOs. Attias & Levy’s view is that most of the 9 core DLT principles would apply equally well to ICOs as they are principles of best possible practice which focus on consumer protection and risks. In a recent briefing to the financial services industry, GFSC stressed that between now and when the ICO regime comes into being (which may even coincide with the DLT regime coming into operation on 1 January 2018) , it is incumbent on Gibraltar advisers to act as the guardians of Gibraltar’s reputation by ensuring that they fully understand ICOs and considering: –
• The accuracy and completeness of information [contained in White Papers/T&Cs]
• Risk disclosure to customers
• Corporate governance arrangements and procedures
• The fitness and propriety of promotors
• Whether there is a clear strategy following a successful token launch
• Financial crime risks – AML/CFT, risks of fraud
• Reputational risks
We believe the intended new Gibraltar regulatory regime for ICOs will be rolled out sooner rather than later. In fact GFSC have already indicated that they consider that the best term to use is “Initial Token Offering” and therefore the forthcoming ICO regulations will be known as ITO Regulations, watch this space for further news……………………..