The DFSA issues a General Investor Statement on Cryptocurrencies

The Dubai Financial Services Authority (the DFSA) has issued a "General Investor Statement on Cryptocurrencies" on 13 September 2017, warning potential investors about the risks associated with such investments. This article provides an introduction to the issues raised, as well as recent statements or edicts of a number of other financial services regulators on cryptocurrencies.

  • Submitted 19 September 2017
  • Applicable Law United Arab Emirates , United Arab Emirates (Dubai International Financial Centre) , UK , USA , People's Republic of China
  • Topic Capital Markets & Derivatives
    FinTech

Cryptocurrencies - The background

Cryptocurrencies are a type of digital money. The technology which allows cryptocurrencies to work is known as "blockchain technology". The blockchain is a database containing evidence of transactions between different users. The way it works is that multiple networked computers hold all or part of a sequence of information, which is arranged into "blocks". The information is sequenced in chronological order and added to the blockchain by the network without reference to users’ identities or personal details. The updated blockchain is then saved so rapidly across the network that it is almost impossible for a hacker to change the information contained on every single computer on the network in order to manipulate a transaction (assuming there are no vulnerabilities in the software). This effectively means that once a transaction has been recorded, it cannot be edited or deleted. It therefore acts as a digital ledger which is secure and usually anonymous.

Security and anonymity are key reasons for the popularity of cryptocurrencies. The first cryptocurrency was Bitcoin but since its release in 2009, there are now over 900 different types. Cryptocurrencies can be bought or sold with other currencies, used to purchase goods from sellers who are willing to accept cryptocurrencies as payment, make investments in various assets and are being retained as investments themselves. A number of organisations around the world have taken to raising funds digitally (or crowd-funding) through "Initial Coin Offerings" (or ICOs - also known as "Initial Token Offerings" or "Token Sales"), whereby investors pay using cryptocurrencies or conventional currencies in exchange for a new cryptocurrency created and issued by a company (real or virtual). This company then uses the currency raised to hold assets and fund projects. It is this potential for cryptocurrencies to be treated as an equity investment which is one of the reasons for increased scrutiny from regulators.

The DFSA Statement

The DFSA, the independent financial services regulator for the Dubai International Financial Centre (the DIFC), issued a "General Investor Statement on Cryptocurrencies" on 13 September 2017 (the General Statement). It warned that it considered ICOs to be high risk investments due, in part, to the complex systems and technology on which they are based. According to the General Statement, “They have their own unique risks, which may not be easy to identify or understand; such risks may increase where offerings are made on a cross-border basis.”

In addition to the risks to investors’ money, cryptocurrencies have been linked to money laundering and criminal and terrorist financing. The Financial Action Task Force (FATF) Report on Virtual Currencies: Key Definitions and Potential AML/CFT Risks explains some of the risks associated with cryptocurrencies. Firstly, they allow for greater anonymity when transacting; due to the way blockchains are created, transactions are virtually untraceable. Moreover, the decentralised nature of cryptocurrencies, whose transactions require complex infrastructures, means that law enforcement cannot target one location. The number of entities typically involved in the completion of a cryptocurrency transaction means that it is also unclear who is responsible for anti-money laundering (AML) and counter terrorism financing (CTF) efforts.

Under the DFSA Rulebook Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (AML) (the AML Module), firms authorised to conduct financial services in the DIFC should “establish and maintain effective policies, procedures, systems and controls to prevent opportunities for money laundering” (Rule 5.2.1(a) of the AML Module). Therefore, the General Statement serves as a reminder to such firms that the growth of ICOs may prompt the need to review their AML/CTF practices.

The DFSA does not currently regulate these types of offerings or indeed licence DIFC firms to undertake such activities. Therefore, according to the General Statement, potential investors are strongly urged to conduct due diligence and exercise caution. The General Statement directs potential investors to make use of the DFSA’s public register of regulated firms and "Authorised Individuals" and its warnings on avoiding scams.

Other recent actions by financial services regulators globally

United Kingdom

Whilst the DFSA has emphasised its concerns regarding such token-based crowd-funding activities, it has notably not banned them. This approach is very much in-line with that taken by the UK’s Financial Conduct Authority (the FCA), which released its own consumer warning about the risks of Initial Coin Offerings, a day before the DFSA’s General Statement, on 12 September 2017. Some of the risks highlighted in the FCA’s warning include the:

  • price volatility of cryptocurrencies
  • potential for fraud, in that the recipient of investments may not apply the funds to the stated project
  • inadequate documentation, instead of a regulated prospectus, which might be “unbalanced, incomplete or misleading”, and
  • early stages of the projects usually seeking investment which means a substantial chance of an investor losing their whole stake.

However, the FCA did refer to a framework for potentially regulating such activities under the Financial Services and Markets Act 2000 (as amended) and associated instruments. The FCA has indicated that it will take a case-by-case approach to determining whether particular activities are indeed regulated.

United States of America

The United States’ Securities and Exchange Commission (the SEC) appears to have gone further than most other regulators. Following an investigation into “The DAO” attack, where a "virtual" organisation (Decentralized Autonomous Organization), was hacked after its ICO due to a flaw in its coding, the SEC released a Report of Investigation under Section 21(a) of the Securities Exchange Act of 1934 on 25 July 2017 (the SEC Report), which concluded that these offerings were indeed subject to the US Securities Act of 1933 (the US Securities Act) and the US Securities Exchange Act of 1934 (the US Securities Exchange Act). As discussed in the SEC Report, virtual coins or tokens may be considered securities and subject to the federal securities laws, unless an exemption applies. The federal securities laws provide disclosure requirements and other important protections of which investors should be aware.

The SEC Report came to the conclusion that the DAO "tokens" sold were considered "investment contracts" under Section 2(a)(1) of the Securities Act and Section 3(a)(10) of the Exchange Act - which, with the interpretative guidance from US case law, is “an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.”

US case law (such as SEC v W.J. Howey Co. (1946) and United Housing Found., Inc. v Forman (1975)) provides guidance in that the definition is intended to be “flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits” (emphasis added). The SEC utilised case law judgements which state that in analysing whether something is a security, “form should be disregarded for substance,” (Tcherepnin v Knight (1967)), “and the emphasis should be on economic realities underlying a transaction, and not on the name appended thereto”, (United Housing Found (1975)), in arriving at the conclusion that that DAO tokens were to be considered a "security".

Following the SEC Report, the SEC's Office of Investor Education and Advocacy has issued an investor bulletin on 25 July 2017, to provide education to investors about ICOs.

The SEC has also recently issued trading suspensions on the common stock of several issuers indicating that it is willing to take appropriate enforcement action in this area where necessary (eg In re Sunshine Capital, Inc. (11 April 2017), In re Bitcoin Investment Trust and SecondMarket, Inc. (11 July 2016), and SEC v Homero Joshua Garza, Gaw Miners, LLC, and ZenMiner, LLC (d/b/a Zen Cloud) (01 December 2015), amongst others).

People’s Republic of China

The SEC, by bringing ICOs within the remit of existing legislation, has decided not to outlaw them entirely, as the financial services regulators in China have done (as covered by our separate elexica note). Seven of China’s regulators, including the People's Bank of China (PBOC) and the China Securities Regulatory Commission (CSRC), have together expressed the view that the risk to their market from financial speculation and the volatility of cryptocurrencies, along with the risk of fraud and money laundering, are too great to accept. The Chinese Government has also directed local regulatory bodies to investigate 60 major ICO platforms. The decisions taken by the regulators in China have had a significant impact on the market price of cryptocurrencies.

Conclusion

Cryptocurrencies and ICOs have mushroomed in recent years, attracting a great deal of attention and speculation. Policy makers and regulators have increasingly been voicing their concerns. The recent regulatory statements discussed above have provided some much needed guidance on the positions of the respective regulators. Indeed, there appears to be a growing consensus amongst the financial regulators around the perceived risks.

Whilst cryptocurrencies and ICOs are seen by many market players and commentators as a way in which to increase competition and efficiency, there are clearly some inherent risks which need to be addressed. The current total market capitalisation of all cryptocurrencies has been estimated to be over $135bn and this is growing rapidly. However, recent events have indicated the potential volatility of this market, and the regulators have the difficult task of balancing the need for greater innovation and competition in the financial services sector with the protection of consumers and the stability of the markets.

For further information, please liaise with Muneer Khan and Samir Safar-Aly or your usual contact at the firm.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.