BaFin - Navigation & Service

Go to:

BaFin Perspectives - current issue © BaFin / www.freepik.com

Erscheinung:01.08.2018 | Topic Fintechs Blockchain Technology – Thoughts on Regulation

Content

Digital ledger technologies such as blockchain promote the development of new, decentralised structures. Assessing them under the existing legal framework can shed light on numerous uncertainties.

Introduction

Take elements of game theory dating back to the 1920s and combine them with state-of-the-art encryption and network technology methods. This is how the Bitcoin network surfaced in January 2009.1 Since then, the network has shown that the blockchain technology it is based on can work in a stable and reliable manner. So what does this have to do with BaFin? Its statutory duties include safeguarding the integrity and stability of the financial system and protecting consumers as whole.2 Blockchain technology is not a purely technological development, but also touches on aspects that are relevant from a supervisory perspective – and even has potential implications for financial stability.3 Before the matter can be explored in a supervisory law context, first a basic understanding of blockchain technology is necessary.

A blockchain is an immutable, public, append-only distributed digital ledger. “Public” means that the data can be accessed by anyone. Only certain participants can access private blockchains. “Immutable” means that it is virtually impossible to alter or delete data in a blockchain after it has been saved and encrypted. This means that it is only possible to add new data, as in commercial bookkeeping, which does not allow entries in the book of prime entry to be deleted.4 “Distributed” means that a public blockchain is not subject to the control of a single participant or organisation. Instead, the network (i.e. all participants as a whole) manages and safeguards the data, and each participant generally stores a full copy of all the data. The term “ledger” means that a blockchain can be used, as with Bitcoin, to not only manage and update units of account, but that the same fundamental method can also be used for many other types of digital records.5

The key components of a blockchain generally consist of a combination of cryptography, peer-to-peer network technology, consensus mechanisms, a ledger and a set of rules to define valid transactions.6 This means that a blockchain is a distributed digital data structure that is, according to current knowledge, tamper-proof and can be used to store all kinds of valuable data.7 One of the main characteristics of blockchains is that there is no need for a central authority that has to be trusted (as with cloud computing, for instance) and that each individual participant in a blockchain network has the ability to check and validate each individual transaction themselves from the moment the first transaction is recorded, as with Bitcoin, for example.8 This means that a blockchain does not require any trust to be placed in an intermediary because it allows the participants themselves to create trust.

Emergence of decentralised ecosystems and the blockchain economy

One of the key questions relating to sustainable business activity is how to establish trust between strangers in order to allow transactions to be executed.9To date, this has been made possible by intermediaries such as banks and central securities depositories, although their role also pushes transaction costs up and thus makes the markets less efficient.10 Blockchain technology can help to minimise the level of trust required and, as a result, lower the transaction costs incurred by the parties involved in the transaction, for instance by reducing reliance on intermediaries. To put this in perspective: problems resulting from abuse of trust, such as fraud, have a substantial negative impact on trade and commerce; the global damage caused by fraud, is estimated to amount to more than USD 4 trillion.11

By using blockchain technology, the level of trust required between transaction parties can be reduced by allowing the participants to verify actions taken within the network independently themselves (self-verifiability).12 The “public network” this creates is designed as a deterrent to misconduct and to allow actions to be verified at any time and without the need for specific reasons. This means that blockchain technology could give rise to a new type of decentralised ecosystem: a blockchain economy. In decentralised ecosystems like these, agreed transactions would be executed, and largely enforced, autonomously based on rules such as those defined in smart contracts.13 Decentralised ecosystems would also manifest themselves in a new form of organisational design, based on governance rules specified in the blockchain.14

The emergence of decentralised ecosystems is affecting the traditional, established value chains within the financial services industry. Whereas in the past, these ecosystems aimed at the transfer of information, with the primary business advantage lying in the exploitation of information asymmetry15, the situation has already changed16 due to the advent of fintech companies17. One of the effects caused by these innovative companies, which use technical solutions to specialise in individual parts of the value chain, is that they are making the uniform value chains in the financial services industry more fragmented.18

In decentralised ecosystems in the form of blockchain economies, each link in the value chains could potentially be affected to a much greater extent. The battle for the customer interface19, which is resulting, among other things, in the formation of platform economies, would also be influenced by the blockchain economy. Ultimately, there would be no need to trust a platform operator that could end up generating higher transaction costs in the long run as an intermediary. A blockchain economy has its own infrastructure platform that is created and controlled by its participants.20 Consequently, the blockchain network does not just occupy the customer interface directly and control it on a decentralised basis, it involves the parties in the transaction process much more than any solution developed before. In these decentralised ecosystems, blockchain-based technology and processes can transfer not just information, but value.21

Such a major change in the technological infrastructure of the financial services industry would not only affect the systems used (“Which technology should be used?”) and business processes, organisation and governance in place (“How and with whom should objectives be achieved?”). The potential that blockchain technology offers, could also have a significant effect on the strategy (“What should be done?”) pursued by companies in the financial services industry. Consequently, blockchain technology could potentially have an impact on strategy, processes and systems.22 Looking at blockchain technology only with a view to cutting costs could mean overlooking the earnings potential that it offers.

Questions relating to strategy, processes and systems in connection with the blockchain economy are important, but details critical to its success are also decisive. It is still questionable whether existing requirements, such as the European General Data Protection Regulation (GDPR)23 and its “Right to be forgotten”24, could also be implemented in full via blockchain technology using the procedures that are currently known.

Additionally, the security and protection offered by current blockchain solutions is based on only one level. The defence in depth approach of ISO Security Standard 2703325, however, consists of multiple levels to ensure the maximum possible degree of data security and protection. For instance, the “perimeter” protection level offers the highest level of security and protection. In contrast, the lowest level of protection is the “data” level. All data stored in current blockchains (on-chain data) is at the data level. This raises the question as to what extent a blockchain solution could satisfy the protection needs of entities supervised by BaFin in the context of their respective information risk management.

Basic approach adopted by BaFin

Blockchain technology offers significant innovative capacity across a whole range of sectors, as well as the potential to influence the financial industry in many ways, such as in payment transactions, securities trading, asset management and banking. It is not yet possible to reach a definitive conclusion on the nature and scope of these effects. However, one aspect that stands out is the diminishing role played by intermediaries in a blockchain economy, as mentioned above. At present, BaFin mainly supervises companies with an intermediary function, such as credit institutions. Nevertheless, even in a future blockchain economy, it would still have to be possible to achieve the overarching objectives of ensuring the integrity and stability of the financial system, and collective consumer protection. Technological teething troubles should sound a note of caution and help to curb the widespread indiscriminate enthusiasm for innovation that currently prevails, without blinding us to the potential offered.

When dealing with crypto tokens and with innovative financial technologies in general, BaFin is always guided by the principle of technological neutrality, true to the motto “same business, same risk, same regulation”. This also allows it to continue to uphold the principles of proportionality and equal treatment based on the rule of law.

ICOs and crypto tokens: risks and supervisory classification

Manifestations of the blockchain economy can already be found in the financial market today and have supervisory law implications. In addition to the digital reproduction of what were previously paper-based processes and products, such as the launch of a bond via blockchain technology26 and foreign trade financing using letters of credit27, new constructs of a disruptive nature are also emerging. These include the raising of capital using initial coin offerings (ICOs)28, a concept that has been growing in popularity considerably since around 2017 and which is to be analysed in greater detail in this document due to its current significance for investors and issuers. Another aspect of fundamental importance, not only in the context of ICOs, is supervisory classification of the various options available for representing value digitally in a blockchain using crypto tokens29. The section below therefore begins with a general supervisory assessment of various sub-groups of crypto tokens, before moving on to address the particular features and risks associated with their issue in the context of an ICO.

Crypto tokens

Crypto tokens can have different functions and characteristics. Some tokens are an integral component of a certain blockchain, such as Bitcoin for the Bitcoin blockchain and Ether for Ethereum. In addition, smart contracts can be used to create various function-based tokens, e.g. with Ethereum. These tokens are then created and managed within an existing blockchain infrastructure (in this case, Ethereum). As smart contracts are freely programmable in principle, meaning that the corresponding tokens can differ from each other considerably, a case-by-case assessment is the only way of reliably categorising each token under supervisory law.

Critics of this approach, who understandably want to see straightforward solutions, fail to recognise the diverse ways in which tokens can be designed and their wide range of technical properties. They also do not fully take into account that programmers and distribution teams are free to use the terms that they choose to describe their creations; there might well be a thousand different terms for similar, and even essentially identical tokens. Meanwhile, the same term can be used to refer to a large number of different tokens. The critics also fail to recognise that the blanket assignment of different tokens to certain supervisory categories would, in a large number of cases, produce results that are not justified given the circumstances, and could potentially restrict the scope for innovation. They also ignore the fact that regulatory requirements in the form of vague general definitions that everyone has to adhere to effectively result in standardisation that at least limits the potential for innovation. Requirements like these are also extremely unlikely to take account of the basic legal principles governing regulatory and supervisory activities, namely the principle that administrative authorities are bound by law, the principle of proportionality and the principle of equal treatment.30

In general, crypto tokens can be understood as the digital representation of an intrinsic or market-assigned value using distributed ledger technology (DLT)31. This definition based on value emphasises, in particular, the currently prevalent use of crypto tokens as an investment object, without specifying in advance whether the token in question embodies a claim or obligation of an entity or triggers other payment flows in favour of the holder by virtue of its function.

The term “virtual currency” used in Article 1(2)(d) of the 5th Money Laundering Directive, which is designed to cover all potential uses of virtual currencies, will also prove significant: “digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically”.32

Crypto tokens are not unregulated per se, but rather fall under the existing financial market regulation - depending on the specific structure used in the case in question. This means that they are not regulated as a general category, but rather specifically and in a technology-neutral manner, based on substantive facts (and not on marketing considerations) that are subject to legal interpretation, meaning that they can also include new situations.

As a result, it is the specific individual case that determines the supervisory assessment of a business model based on crypto tokens. Based on the experience gained from evaluating business models in connection with crypto tokens to date, the main regulations that prove relevant for the purposes of the evaluation are those set out in the German Banking Act (Kreditwesengesetz – KWG), the German Securities Trading Act (Wertpapierhandelsgesetz – WpHG), the German Securities Prospectus Act (Wertpapierprospektgesetz – WpPG), and the German Capital Investment Act (Vermögensanlangengesetz – VermAnlG). Numerous other elements of financial market regulation also come into play, such as, in particular, the German Money Laundering Act (Geldwäschegesetz – GwG), the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG), the German Investment Code (Kapitalanlagegesetzbuch – KAGB), but also directly applicable secondary European law such as the EU Market Abuse Regulation (MAR)33.

Clarity regarding the supervisory classification of a specific project involving crypto tokens can be achieved – after reading the preliminary information available at www.bafin.de – by obtaining an information letter from BaFin. Such information letters, as a form of simple sovereign action, are not regulatory in nature as a matter of principle (section 24 of the German Administrative Procedure Act (Verwaltungsverfahrensgesetz – VwVfG)).

In addition, the supervisory laws give BaFin the power, in case of doubt, to make a binding declaratory decision – subject to a fee34 – as to whether a company is subject to supervision under the Banking Act, the German Insurance Supervision Act (Versicherungsaufsichtsgesetz – VAG), the Investment Code or the Payment Services Supervision Act.35 In practice, such individual declaratory decision only arises in special cases, as all four relevant acts generally allow, and normally require, BaFin to intervene by issuing a cessation and/or a winding up order if business operations are found to be unauthorised (applying the German enforcement doctrine of intendiertes Ermessen). In the opposite case, a negative statement regarding a potential authorisation requirement for a business project only makes sense as a non-regulatory form of information, as BaFin cannot decide that an entity is not subject to an authorisation requirement unless it has assessed this entity´s entire business. In both cases, BaFin’s contact form provides company founders with a straightforward digital channel for making initial contact with BaFin free of charge.36

Setting aside the legally relevant constituent statutory elements and their interpretation by BaFin/in the court decisions of the highest administrative courts, crypto tokens can – for the purpose of a simplified overview – be divided into three broad categories37:

  • Payment tokens (like Bitcoin): these are generally used exclusively, or among other things, as a personal means of payment and they tend not to have any intrinsic value. They have no other function, or only limited functions, beyond this.
  • Securities tokens (equity and other investment tokens): users have membership rights or contractual claims involving assets, as with equities and debt instruments.

  • Utility tokens (app tokens, usage or consumption tokens): can only be used in the issuer’s network to purchase goods or services. Very complex legal structures generally apply to utility tokens.

Payment tokens and “virtual currencies

Payment tokens like Bitcoin, Ether and Ripple’s XRP are not currencies in the narrower sense of the term, which correspond to the constitutional framework for a country’s monetary system.38 This means that, from a legal perspective, only legal tender and current account holdings linked to legal tender held at government-approved credit institutions, the latter also referred to in a derogatory sense as fiat money, would qualify as currencies. In economic terms, however, a currency serves as a means of payment, as a store of value and as a unit of account. These properties are directly related to each other. Crypto tokens such as Bitcoin do not, per definitionem, have any of these economic characteristics to a sufficient degree. Moreover, crypto tokens do not resemble currencies or conventional investments either in their performance or in terms of their characteristics. This means that they do not constitute currencies in economic terms, but are to be regarded more as a speculative object.39

BaFin has already assessed Bitcoins and similar “virtual currencies” from a supervisory perspective by including them in the guidance notice “Information on the Payment Services Supervision Act (ZAG)” (Hinweise zu dem Gesetz über die Beaufsichtigung von Zahlungsdiensten) dated 22 December 2011. The guidance notice has since been amended as part of the implementation of the Second Payment Services Directive. But even in its prior version, the guidance notice contained information that still applies today:

“The term “e-money” is a [...] legal term which, typologically speaking, only covers certain aspects of the economic phenomenon of electronic money. Regardless of whether computer network, server-based or card-based electronic units of value serve as means of payment in economic reality, e-money only exists, in particular, where it is issued in return for payment of a cash amount. [...] This means that units of value designated as means of payment that are created in barter clubs, private barter circles or other payment systems in return for real economy services, goods deliveries or services, or that, like Bitcoins, are created in computer networks without any consideration being provided in return, cannot be classified as e-money, even if they serve the same economic function as e-money and, from a money creation perspective, have the actual potential of privately generated means of payment (see also the government’s reasoning regarding section 1a (3), Bundestag printed paper no. 17/3023, page 40). [...] the removal of network money business (section 1 (1) sentence 2 no. 12 of the KWG) in the version of the 6th KWG amendment excluded the aspect of private money creation.”

This means that BaFin not only established the general non-applicability of the provisions governing e-money, as defined in section 1 (2) sentence 3 of the ZAG, to the majority of the virtual currencies known at that time40. It also proved that the removal of network money business by the Fourth Financial Market Promotion Act41 of 1 July 2002 was a conscious decision made by the legislator to abolish the former concept of network money business, which was still considered banking business under section 1 (1) of the KWG in the 6th KWG amendment (entry into force on 1 January 1998), as part of the implementation of the First E-Money Directive. This definition of network money business included the “creation and management of payment units in computer networks”, which not only covers the subsequent e-money within the meaning of the EU E-Money Directives, but also would have included any other kind of virtual units of account which, like Bitcoin, are created without any consideration provided in return and are designed to act as a sort of secondary form of private money alongside legal tender.

The reasons cited by the legislator at that time for the creation of the concept of network money in 1997 appear almost visionary with regard to later developments: “Network money is saved by the user on the PC’s hard drive and is used once or several times to execute remote payments by way of a dialogue between the computers involved, with state-of-the-art cryptographic processes designed to protect against forgery or falsification. The payments are generally executed anonymously, as with cash.”42

With the removal of this concept, which reads as if it had been tailored to reflect the virtual currencies that emerged on the basis of blockchain only years later, it was clarified that the creation and certainly the mere use of virtual currencies as a substitute for cash or book money did not constitute activities subject to authorisation requirements per se. This means that virtual currencies can be used to settle payment obligations between the users involved. Similarly, the mining of these tokens does not constitute an activity subject to authorisation requirements, because the miner does not issue or place the tokens itself, at least not in a system similar to Bitcoin.

Another provision set out in the 6th KWG Amendment was, however, deliberately maintained, namely the classification of units of account as financial instruments (only) within the meaning of the German Banking Act (KWG) pursuant to section 1 (11) sentence 2 no. 7 of the KWG. This meant that the authorisation requirements for transactions involving financial instruments could still be used to address gaps with regard to virtual currencies, in particular also with regard to anti-money laundering measures, while avoiding any conflict between the former network money business, as a form of banking business, and the harmonised regulation of the e-money business.

In 2011, BaFin classified Bitcoins and similar payment tokens as financial instruments in the form of units of account pursuant to section 1 (11) sentence 1 of the KWG. These are units comparable to foreign currencies and not of legal tender. They include value units having the function of private means of payment in barter transactions, as well as any other substitute currency used by virtue of private-law agreements as a means of payment in multilateral settlement accounts. This makes a central issuing party obsolete.43 On the other hand, admissibility under monetary law, as referred to above, is irrelevant for the purposes of assessment as a unit of account and, as a result, as a financial instrument within the meaning of the German Banking Act.44

This means that, if the scenario involves other circumstances aside from use as means of payment or the mining of payment tokens, an authorisation requirement may be triggered – especially if a market is created on which these tokens are traded. The commercial re-conversion of Bitcoin into euros is subject to an authorisation requirement pursuant to section 32 (1) of the KWG as a matter of principle. This service is to be classified as a principal broking service (section 1 (1) sentence 2 no. 4 of the KWG) if the service provider takes the Bitcoins on commission in order to sell them to a third party on the market for the customer’s account. In cases involving action taken in the name and for account of another party (offene Stellvertretung), which are unlikely to be practically relevant, the service would have to be classified as contract broking pursuant to section 1 (1a) sentence 2 no. 2 of the KWG. If the provisions governing the transaction are set out in a purchase agreement between the service provider and the customer, the transaction is to be classified as proprietary trading pursuant to section 1 (1a) sentence 2 no. 4 of the KWG. This often includes providers that offer the direct conversion of common currencies into payment tokens as exchange traders, virtual bureaux de change or by BTC ATMs.

If payment tokens are not directly re-converted between the parties to the reconversion but include involving a third party (such as an Internet platform that functions as a conversion authority for virtual money into legal tender), this might also be subject to an authorisation requirement under section 10 (1) of the ZAG due to the provision of payment services. If, on behalf of the acquirer, the third party transfers the real equivalent value of the virtual currency to the conversion recipient via the third party's own account, the third party is conducting money remittance business (section 1 (1) sentence 2 no. 6, first alternative of the ZAG). If it acts on behalf of the payment recipient, it may, under certain circumstances, be conducting acquiring business within the meaning of section 1 (1) sentence 2 no. 5, second alternative of the ZAG. A combination of the two types of business is conceivable if the payment service provider acts on behalf of both parties to the conversion (often the case with Internet platforms). The specific contractual agreements between the participating parties – as is always the case in assessing the authorisation requirement – are deciding factors. It may be difficult to delimit the types of business in some cases, particularly where business terms have not be set out in accordance with legal standards.45

Authorisation requirements pursuant to the German Banking Act then lead to classification as obliged entities pursuant to section 2 of the GwG which must meet, in particular, general due diligence requirements (section 10 of the GwG) and recording and retention obligations (section 8 of the GwG) and well as comply with internal safeguards (section 6 of the GwG) and report suspicious cases to the Financial Intelligence Unit (FIU) (section 43 of the GwG).

Securities tokens

A large number of newer generation crypto tokens, particularly those issued in initial coin offerings (ICOs)/token generating events (TGEs) represent an intrinsic asset for the owner of the associated private key (equity and investment tokens). This should not be a surprise as the option of digital transfer of assets without intermediaries is a core feature of a blockchain economy.

These may be regarded as securities within the meaning of section 2 (1) of the WpHG depending on the legal position that these tokens convey. Contrary to what the German word for securities, “Wertpapiere”, suggests, the legal definition makes it clear that securities do not need to be on paper. It suffices if transactions can be documented in such a way on the basis of distributed ledger or blockchain technology that the rights embodied in the token can be clearly attributed to an address (not necessarily a name):

“Securities within the meaning of the German Securities Trading Act, whether or not represented by a certificate, are all categories of transferable securities with the exception of instruments of payment which are by their nature negotiable on the financial markets, in particular, shares in companies, other investments equivalent to shares in German or foreign legal persons, partnerships and other enterprises as well as depositary receipts representing shares, debt securities, […]“.

This definition transposes the term of securities pursuant to Article 4 (1) no. 44 of the Markets in Financial Instruments Directive (MiFID II)46 into national law. On this basis, the following criteria must all be met for a token to be regarded as a security pursuant to section 2 (1) of the WpHG:

  • transferability of the token
  • negotiability of the token on the financial markets by its nature
  • embodiment of membership participation rights or contractual rights in the token
  • token not classified as a pure instrument of payment

For this document it is sufficient to continue with a description of the main aspects as, in its advisory letter dated 20 February 201847, BaFin already informed the public in detail of these requirements:

In technical terms, token transferability e.g. requires that the token can be transferred to other users. In so doing, the token must be transferable “according to its type”, i.e. its essential legal substance or technical nature must remain unchanged when tansferred to a third party. Restrictions on the number of possible transfers and transfer only by certain privileged users are aspects that may disqualify generic transfer as a security.

A generic standardisation is decisive in token negotiability. If tokens embody specific rights that differ in each case, they may be transferable, but their negotiability, on the other hand, is not established. It must be possible to determine the type and quantity of tokens in transactions, i.e. they must be fungible. The tokens' capability of being held in custody is, in contrast, not a statutory requirement for their negotiability. Furthermore, negotiability must be given on financial markets. The possibility of negotiation is sufficient; actual negotiation is not required. As a rule, crypto token trading platforms organised on a centralised or decentralised basis are to be regarded as financial markets to this end.

The token must embody share-like membership rights or other property rights of a contractual nature that are sufficiently comparable to the examples of transferable securities listed in section 2 (1) of the WpHG, in particular bonds or debt instruments. It must be ensured, on a case-by-case basis, particularly with regard to the frequently hybrid nature of many tokens flagged as utility tokens, that the instrument in question is a financial instrument rather than an instrument largely attributable to the real economy. A predominant link to the real economy can be questionable, particularly in the case of tokens with which none of the goods or services promised can yet be purchased as they have yet to be developed. In such cases, whether or not the functionality promised in the token itself and associated materials such as whitepapers can be realised depends, among other things, on the efforts of the issuer. The token thereby primarily serves funding purposes, which may be an argument for regarding a certain token as a financial instrument, if the token also embodies rights comparable to securities. Again, it is the assessment of the individual case that is decisive.

The embodiment of membership rights is particularly deemed to be the case if the token conveys a form of participation in an enterprise organised as an association, showing a similarity to a share.48 Constructions similar to depositary receipts that only confer the right to exercise membership rights may embody membership rights as well.

Embodiment of property rights is deemed to exist if the legal positions linked to the token are similar to a debt instrument, in that there are e.g. contractual claims against the token issuer or a third party. However, for this to be the case, it is necessary that, as a rule, the contractual claim be linked to the token and be only transferable along with it.

The token may not be classified as a pure instrument of payment. Instruments of payment include in particular means of payment such as cash, book money and electronic money, as well as other instruments intended to initiate a payment process.49 If a token does not meet the requirements of an instrument of payment, it is excluded, as a purely electronic means of payment, from the definition of securities in the WpHG. In such cases, the above-mentioned classification as a unit of account in accordance with section 1 (11) sentence 1 no. 7 of the KWG applies.

A token that is to be classified as a security also falls under the scope of the capital market law requirements for securities. Potential prospectus obligations pursuant to section 3 (1) of the German Securities Prospectus Act (Wertpapierprospektgesetz – WpPG) or Article 3 (1) of the Prospectus Regulation50 in the case of a public offer, applicability of the organisation requirements and rules of conduct51 as well as the possibility of product intervention pursuant to the WpHG52 are of note here. Furthermore, the regulations on trading obligations and market supervision pursuant to the MiFIR53 would have to be observed, as would the regulations prohibiting market manipulation and insider trading, and on ad hoc obligations for issuers and obligations for financial analyses pursuant to the market abuse regulation (MAR), if the additional requirements under Article 2 of the MAR have been met; that is, if the securities are traded, in particular, on a regulated market, or in a multilateral or organised trading system. This would be the case, if a crypto currency exchange e.g. were admitted as a multilateral trading facility (MTF) or an organised trading facility (OTF) within the scope of the regulation. Not least, business transacted in securities that is of a commercial nature or scale, which requires commercially organised business operations is subject to authorisation requirements of the German Banking Act and thus also fall under the definition of an obliged entity in accordance with section 2 of the GwG.

Utility tokens

With respect to pure utility tokens (app tokens, product use tokens, consumption tokens), the focus is on the sole use for purchasing real-economy goods or services and not on a financial consideration. Utility tokens are not e-money if there is no third-party acceptance or they are only issued in exchange for other payment tokens (such as Bitcoin or Ether). With respect to pure usage tokens, there is also much to suggest that their issue does not induce any authorisation requirements under the Banking Act, the Payment Services Supervision Act or the Investment Code.

Moreover, the possibility of classifying such tokens as a financial instruments pursuant to the Banking Act is also often ruled out, meaning that any trade-based services performed exclusively with these tokens on the secondary market do not require authorisation.

In contrast to virtual currencies, pure product use tokens are not designed as means of payment and thus do not qualify as units of account either; as a general rule, they also do not fall under the concept of other financial instruments pursuant to section 1 (11) of the KWG. However, because of the many hybrid forms, tokens that display elements of both product use tokens and of a virtual currency or securities tokens often require a more in-depth assessment.

If the issuer's offer describes the supposed utility token as also functioning as a means of payment, the token may well be considered to be a unit of account and thus a financial instrument pursuant to the Banking Act. From a supervisory point of view, the utility token category includes tokens that cannot be allocated to the payment token or securities token categories, which give rise to obligations under supervisory law.

Initial coin offerings

ICOs are to be distinguished from initial public offerings (IPOs) both economically as well as organisationally54. ICOs are also referred to, in some cases, as token generating events (TGEs). Tokens are sold or auctioned in an ICO. The main idea of ICOs is to raise funds from third parties for an idea or a business model. ICOs frequently include a white paper, intended to give an overview of the planned project, but it is often not equal to the structure, comparability and informational significance of prospectuses pursuant to the Securities Prospectus Act. Further contact with the issuers is then frequently made using a variety of online channels such as the website, Telegram and Slack. In terms of technology, many ICOs use smart contracts from Ethereum, the second largest blockchain after Bitcoin in terms of market capitalisation. The tokens auctioned or sold in the ICO are managed via the smart contracts.

Economically, there are significant differences between raising capital by means of conventional equity- or debt-based funding instruments and an ideal type of ICO that includes the elements of the blockchain economy explained in this document. Crypto tokens can directly represent the value of decentralised networks determined by means of contributions by third parties, whereas conventional equity investments initially represent the value of the initiating company and only indirectly the value of the decentralised network initiated (but not necessarily operated) by it. From a certain point on, networks organised on a decentralised basis depend on the efforts of the participating community and less on those of the initiator.55 ICOs also give private investors access to investment opportunities similar to venture capital in that they are more liquid but also involve greater risk. At the end of the day, ICOs can use smart contracts to optimise transaction costs. This can be accomplished by means of automated, non-discretionary, decentralised and easy cross-border settlement of contractual agreements. The disintermediation impact of blockchain technology – as the basis of ICOs – further reduces the concentration effects in intermediary-based platform economies and creates competitive pressure on these established intermediaries.56

In supervisory terms, a distinction is to be made between the initial token issue, i.e. the actual ICO, and subsequent trading with tokens on the secondary market. The supervisory classification of the token has an impact on potential obligations at issuance (e.g. prospectus obligation) as well as potential obligations for third parties participating in the issue and in secondary market trading. The authorisation requirements explained above have to be pointed out in particular, especially for secondary market business, such as operating crypto exchanges, or business at the interface to real money. One example here is the operation of exchange machines, because operating businesses like this in Germany without prior authorisation is also a criminal offence. In contrast, for the self-issuance of an ICO, the legal nature of the tokens issued is not decisive as supervisory law grants a broad issuer privilege; real economy companies issuing their own financing instruments do not normally require authorisation requirement under the Banking Act.

ICOs are to be distinguished from another frequent manifestation, the airdrop. In an airdrop, a blockchain project distributes free tokens. Those who want to receive free tokens in an airdrop normally have to hold tokens in the relevant blockchain project. However, likes or retweets are often also demanded in exchange for distribution of airdrop tokens. In general, airdrop tokens are not distinguishable from regular tokens and can be freely traded. The aim of airdrops is to increase awareness, trading volume and in the long term the value of the related crypto token.

In BaFin’s opinion, ICOs are highly speculative investments. Investors should expect high volatility and consider the possibility of a total loss of their investment, particularly in early experimental projects. When investors buy tokens in an ICO, the issuers are not usually located in Germany. In such cases, German consumer protection and protection of personal data do not apply. White paper documentation is generally insufficient and confusing and does not meet the same standard of information as that of prospectuses drawn up in accordance with the Securities Prospectus Act. The ability to assess ICO risks requires an in-depth, particularly technical, understanding of the subject matter. ICOs are often held in the non-regulated area of the financial sector and take advantage of jurisdictions with more lax regulation. Moreover, the structure of ICOs makes them highly vulnerable to abuse and fraud.57

In order to address this risk situation, BaFin published a consumer warning58 and an accompanying article in BaFinJournal59 on 9 November 2017. Moreover, reports on losses in the context of ICOs also increased and there were strong indications of the market overheating. Warnings were even to be heard from the crypto scene itself. BaFin was also aware of findings on technical deficiencies of individual ICO concepts.

The primary or main risks directly related60 to crypto tokens comprise in particular 1) market liquidity and volatility risks, 2) counterparty and project risks as well as 3) technical and operational risks (including cybersecurity risks). These main risks relate to specific features of crypto tokens and their current use as well as to known microfinancial risks in connection with market liquidity, volatility, leverage, etc.61

  • Market liquidity and volatility risks: in respect of crypto tokens, it should be noted in particular that illiquid or flat market structures impair the ability to sell or purchase crypto tokens without impacting the price. The high volatility of market prices also raises doubt that crypto tokens are suitable for private investors or can be used for payment and settlement. Trading volume, prices, price volatility, number of users, bid/ask spreads, price spreads between exchanges and the costs of concluding transactions provide information on specific risks.
  • Counterparty and project risks: The project risk of crypto tokens generated in ICOs and the projects financed with them could impact the positions of the crypto token owners (investors), as, in many projects, the value and stability of the crypto tokens largely depends on the project team behind the crypto tokens or the ICO. The project underlying an ICO e.g. might not be realised, which would ultimately make the crypto tokens worthless. This risk class is relevant, particularly in the context of ICOs, as the total size of the ICO market is currently still small compared to the overall crypto token market. There is, moreover, a counterparty risk for crypto token owners that arises from crypto token brokers, crypto trading platforms, wallet providers and other intermediaries.
  • Technical and operational risks (including cybersecurity risks): blockchain technology will be able to offer a number of advantages in the future. However, crypto tokens – especially those that are part of decentralised projects and that consequently work with governance structures of limited effectiveness – also carry technical and operational risks. These include vulnerability to theft and fraud. Cyberattacks, transaction finality, poor scalability and long delays may also pose operational risks. Such risks, particularly the disproportionately high dependency on functioning IT infrastructures, also exist for service providers and crypto token trading platforms.

The above analysis demonstrates that, depending on their structure in the respective case, not all tokens are subject to capital market regulation in a manner that addresses these risks as it does those of conventional capital market instruments. For this reason, indicators and transmission channels of these risks into the financial system must be monitored, in the interests of both private and institutional investors, but also in terms of financial stability and integrity.62

Conclusion

The crypto token market as a whole shows high innovation speed, strong information asymmetries and gaps in data availability. This means that national supervisory authorities such as BaFin, as well as European supervisory authorities and international standard setters, must continue to work intensively in this area and keep abreast of developments.

At the time of writing, more than 1,600 crypto tokens are currently traded on marketplaces, with the lion’s share of the transaction volume in only five of these crypto tokens. Crypto token prices have significantly declined since the end of 2017, which has resulted in a considerable decline in market capitalisation. Prices at the end of June 2018 were just under one third of the high recorded in January 2018. At the same time, however, there has been a considerable increase in the number and volume of ICOs. Extrapolating the first half-year figures for the whole of 2018 yields an ICO volume almost six times higher than in 2017 (USD 3.9 billion), and extrapolating the first half-year figures to the whole year 2018 for the number of ICOs results in nearly five times as many ICOs for 2018 than occurred in 2017 (210 ICOs). Worldwide, 489 ICOs raised more than USD 11 billion in the first half of 2018 alone.63 Crypto token markets are still small in relation to the global financial system and thus do not yet adversely impact financial stability.64

Given the growth rate, one can indeed speak of hype about ICOs and the crypto tokens they create. However, it is to be expected that the crypto token and ICO phenomena as such will continue even after a cooling-off of the current frenzy, as, in addition to the advantages described above, ICOs may in the foreseeable future become an important source of funding, particularly in the early-stage financing of young businesses.65

Moreover, connections to the traditional financial sector have been limited thus far. Despite the launch of crypto token futures, the volume of financial institutions’ trading and positions still remain small compared to their investments in markets for other asset classes.

The crypto token area continues to experience rapid development in qualitative terms as well. Some market participants e.g. have signalled an interest in the launch of crypto token exchange traded funds (ETFs) that have the potential of quickly elevating crypto token risk for private clients by lowering the technological barriers for directly holding crypto tokens.

Despite the numerous questions that remain, the more attention academics, politicians, international standard setters and supervisory authorities pay to this topic, the more legal security it will bring to the market. Moreover, the stated positive effects of individual manifestations such as ICOs should not be underestimated in spite of all the risks.

The low significance of this market for financial stability attributed at this time can thus not be seen as a final conclusion.66 With respect to regulatory and supervisory assessment of all aspects of the blockchain economy, it is not an unregulated Wild West scenario, particularly in Germany – but there is no fully established supervisory and regulatory landscape either.

Risk-adequate and technology-neutral regulation comes at a price: introducing new business models will become more time-consuming as a result. Individual investor interest in achieving a return on investment as quickly and easily as possible, and issuer interest in raising funds from third parties to use for its own commercial purposes67 must, for BaFin, however, always be reconciled with the overarching goal in the interest of the general public of maintaining a financial market that displays integrity and inspires confidence. This enables sustainable, well-conceived and therefore trustworthy financial innovations to prevail and, ultimately, for each to pay off. Despite the undisputed difficulties from clarifying supervisory issues prior to the market launch of a business model, this fundamental regulatory concept has proved successful in principle over the past few decades, also for financial innovations of the past. Individual case detail aside, the strategic consideration of the manifold applications of blockchain technology, such as tokens, also ensures that unnecessary or obsolete regulatory constraints can be addressed from the perspective of all public and private interests.

Further progress in this area can be expected to be achieved through the strengthening of legal certainty by means of continued market information and a targeted, internationally coordinated analysis of potential regulatory deficits.

Authors

Oliver Fußwinkel
Christoph Kreiterling
Division for Innovations in Financial Techology Federal Financial Supervisory Authority (BaFin)

Footnotes:

  1. 1 Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, https://bitcoin.org/bitcoin.pdf, retrieved on 10 July 2018.
  2. 2 See section 4 of the German Act Establishing the Federal Financial Supervisory Authority (Finanzdienstleistungsaufsichtsgesetz – FinDAG) and, for example, section 6 of the German Banking Act (Kreditwesengesetz – KWG).
  3. 3 Birch/Brown/Parulava, Special issue papers Towards ambient accountability in financial services: Shared ledgers, translucent transactions and the technological legacy of the great financial crisis, in: Journal of Payments Strategy & Systems, Vol. 10, No. 2, 2016, pp. 118-131.
  4. 4 See sections 238 et seq. of the German Commercial Code (Handelsgesetzbuch – HGB) in conjunction with the application of the letter from the German Federal Ministry of Finance (BMF) dated 14 November 2014, ref. IV A 4 - S 0316/13/10003, Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff (GoBD).
  5. 5 MIT Technology Review, Explainer: What is a blockchain? Where it came from, what it does, and how you make one, https://www.technologyreview.com/s/610833/explainer-what-is-a-blockchain/, retrieved on 10 July 2018.
  6. 6 Hileman/Rauchs: 2017 Global Blockchain Benchmarking Study.
  7. 7 Kreiterling/Mögelin, Blockchain - ein Thema für die Finanzaufsicht?, in: Zeitschrift für das gesamte Kreditwesen, no. 11/2017, page 528.
  8. 8 Greenspan, Payment and exchange transactions in shared ledgers, in: Journal of Payments Strategy & Systems, Vol. 10, No. 2, 2016, pp. 172-180.
  9. 9 Pearce/Warford, World without end: economics, environment, and sustainable development, 1st edition 1993
  10. 10 Coase, The nature of the firm, in: Economia, Vol. 4, No. 16, 1937, pp. 386-405.
  11. 11 Gee/Button, The Financial Cost of Fraud 2017: the latest data from around the world, https://brand.crowe.co.uk/wp-content/uploads/sites/2/2017/02/crowe-the-financial-cost-of-fraud-2017.pdf, retrieved ony 10 July 2018.
  12. 12 Peters/Panayi, Understanding Modern Banking Ledgers through Blockchain Technologies: Future of Transaction Processing and Smart Contracts on the Internet of Money, in: Tasca/Aste/Pelizzon/Perony, Banking Beyond Banks and Money. New Economic Windows, 2016, pp. 239-278.
  13. 13 Szabo, The idea of smart contracts, http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html, retrieved on 10 July 2018. While in a democratic state based on the rule of law, the courts remain the last enforcement mechanism under procedural law, the rules contractually agreed between the parties would actually result largely in automated, decentralised enforcement in a blockchain economy.
  14. 14 Beck/Müller-Bloch/King, Governance in the Blockchain Economy: A Framework and Research Agenda, https://www.researchgate.net/publication/323689461_Governance_in_the_Blockchain_Economy_A_Framework_and_Research_Agenda, retrieved on 10 July 2018.
  15. 15 Healy/Krishna/Palepu, Information asymmetry, corporate disclosure, and the capital markets: A review of the empirical disclosure literature, in: Journal of accounting and economics 31.1-3, 2001, pp. 405-440.
  16. 16 There is no generally valid definition of the term “fintech companies” as yet. As a combination of the words financial services and technology, the term generally refers to young companies that use technology-based systems to offer specialised, and particularly customer-centric, financial services.
  17. 17 Alt/Ehrenberg, Fintech - Umbruch der Finanzbranche durch IT, in: Wirtschaftsinformatik & Management 03/2016, pages 8-17.
  18. 18 Chiu, Fintech and Disruptive Business Models in Financial Products, Intermediation and Markets-Policy Implications for Financial Regulators, in: Journal of Technology Law and Policy, Vol. 21 (1), 2016, pp. 55-112.
  19. 19 Goodwin, The battle is for the customer interface, https://techcrunch.com/2015/03/03/in-the-age-of-disintermediation-the-battle-is-all-for-the-customer-interface/, retrieved on 10 July 2018.
  20. 20 Underwood, Blockchain beyond bitcoin, in: Communications of the ACM, Vol 59, No. 1, 2016, pages 15-17.
  21. 21 Church, MIT Management School, Blockchain, explained, An MIT expert on why distributed ledgers and cryptocurrencies have the potential to affect every industry, http://mitsloan.mit.edu/newsroom/articles/blockchain-explained/, retrieved on 10 July 2018.
  22. 22 Österle/Blessing, Business Engineering Modell. In: Österle/Winter, Business Engineering: Auf dem Weg zum Unternehmen des Informationszeitalters, 2. nd edition 2003, pages 65-85.
  23. 23 Regulation (EU) No 2016/679, OJ L 119/1.
  24. 24
  25. 25 See ISO/IEC 27033-2:2012(en) Information technology - Security techniques - Network security - Part 2: Guidelines for the design and implementation of network security, http://www.iso.org/standard/51581.html, retrieved on 4 July 2018.
  26. 26 Daimler press release,Daimler and LBBW successfully uilize blockchain technology for launch of corporate Schuldschein, http://media.daimler.com/marsMediaSite/de/instance/ko/Daimler-und-LBBW-setzen-erfolgreich-Blockchain-bei-Schuldschein-Transaktion-ein.xhtml?oid=22744703, retrieved on 3 July 2018.
  27. 27 Zim press release, ZIM's Groundbreaking Blockchain-Based Bill of Lading, http://www.zim.com/news/press-releases/zims-groundbreaking-blockchain-based-bill-of-lading, retrieved on 03 July 2018.
  28. 28 Often also, and more accurately, referred to as “token generating events” or “token sales”.
  29. 29 We used the term “crypto tokens” for the purpose of this article because it is unbiased and precise. The term is neutral and, unlike other terms such as “cryptocurrencies”, “crypto assets” or “virtual currencies”, does not imply any characteristics that crypto tokens do not necessarily have.
  30. 30 Regarding the principle of proportionality, see also Grzesick, in: Maunz/Dürig, Grundgesetz-Kommentar, 82nd supplement 2018, Article 20 marginal note 107.
  31. 31 The Bank for International Settlements (BIS) describes distributed ledger technology as follows: “DLT refers to the processes and related technologies that enable nodes in a network (or arrangement) to securely propose, validate and record state changes (or updates) to a synchronised ledger that is distributed across the network’s nodes,” BIS, Distributed ledger technology in payment, clearing and settlement, http://www.bis.org/cpmi/publ/d157.htm, retrieved on 3 July 2018.
  32. 32
  33. 33 Regulation (EU) No 596/2014, OJ L 173/1.
  34. 34 Section 14 et seq. of the FinDAG in conjunction with section 2 (1) and Appendix 1 no. 1.1.8.1. of the Regulation on the Imposition of Fees and Allocation of Costs Pursuant to the FinDAG (FinDAGKostVO); the fee amounts to €10,000.00.
  35. 35 See section 4 of the KWG, section 4 of the VAG, section 5 (3) of the KAGB and section 4 (4) of the ZAG.
  36. 36 https://www.bafin.de/SiteGlobals/Forms/Kontakt/Fintech_Integrator.html.
  37. 37 It is possible, and not unusual, to see hybrid forms of tokens.
  38. 38 See section 14 (1) sentence 2 of the Deutsche Bundesbank Act (Gesetz über die Deutsche Bundesbank), Regulation (EC) No 974/98, Article 10 of 1 January 2002.
  39. 39 Thiele/Diehl, Kryptowährung Bitcoin: Währungswettbewerb oder Spekulationsobjekt: Welche Konsequenzen sind für das aktuelle Geldsystem zu erwarten?, in: ifo Schnelldienst 70, no. 22, 2017, pages 3-20.
  40. 40 At that time, section 1a (3) of the ZAG (old version). Assessment on a case-by-case basis, however, is always decisive.
  41. 41 Fourth Financial Market Promotion Act, Federal Law Gazette (BGBl.) I 2002, page 2010.
  42. 42 Draft bill on the implementation of EC directives aimed at harmonising banking and securities supervisory provisions of 6 April 1997 (Regierungsentwurf zur Umsetzung von EG-Richtlinien zur Harmonisierung bank- und wertpapieraufsichtsrechtlicher Vorschriften vom 6.4.1997) (6th KWG Amendment), Bundestag document 13/7142, page 64.
  43. 43 See BaFinJournal January 2014, page 26 et seq
  44. BaFin guidance notice, Information on financial instruments pursuant to section 1 (11) sentences 1 to 3 of the KWG (equities, investments, debt instruments, other rights, units in investment funds, money market instruments, foreign exchange, units of account and emissions certificates) (Hinweise zu Finanzinstrumenten nach § 1 Abs. 11 Sätze 1 bis 3 KWG (Aktien, Vermögensanlagen, Schuldtitel, sonstige Rechte, Anteile an Investmentvermögen, Geldmarktinstrumente, Devisen, Rechnungseinheiten und Emissionszertifikate)), www.bafin.de/dok/7852552, retrieved on 10 July 2018.
  45. 45 See BaFinJournal January 2014, page 26 et seq., and www.bafin.de/dok/7906360.
  46. 46 Directive (EU) 2014/65, OJ L 173/349.
  47. 47 BaFin, Initial Coin Offerings: Advisory letter on the classification of tokens as financial instruments, https://www.bafin.de/dok/10506450, retrieved on 10 July 2018.
  48. 48 Roth, in: Hirte/Möllers, Kölner Kommentar zum WpHG, second edition 2014, section 2 marginal note 48.
  49. 49 BaFin, Guidance notice on financial instruments, loc. cit. (footnote 47).
  50. 50 Regulation (EU) No 2017/1129, OJ L 168/12.
  51. 51 For the rules of conduct and other references, see BaFinJournal May 2018, page 18 et seq.
  52. 52 www.bafin.de/dok/10334186.
  53. 53 Regulation (EU) No 600/2014, OJ L 173/84.
  54. 54 Conley, Blockchain and the Economics of Crypto-tokens and Initial Coin Offerings, http://www.accessecon.com/Pubs/VUECON/VUECON-17-00008.pdf, retrieved on 10 July 2018.
  55. 55 This requires, however, that the network already be operational and that it is not only a promise by the issuer.
  56. 56 Klöhn/Parhofer/Resas, Initial Coin Offerings (ICOs) – Markt, Ökonomik und Regulierung, in: Zeitschrift für Bankrecht und Bankwirtschaft 2018, 89 et seq., 93 et seq. and further references
  57. 57 Pressemeldung Marktwächter Finanzen, Neue Kryptowährungen sind hochriskante Geldanlagen, http://ssl.marktwaechter.de/pressemeldung/neue-kryptowaehrungen-sind-hochriskante-geldanlagen, retrieved on 3 July 2018.
  58. 58 www.bafin.de/dok/10181964.
  59. 59 See BaFin Journal November 2017, page 15.
  60. 60 Of no further note here are the indirect risks of leverage that arise from using crypto tokens as an underlying for derivatives or from purchasing crypto tokens via debt financing such as loans.
  61. 61 For risks that arise specifically from the situation in an ICO, please see the detailed explanation in Klöhn/Parhofer/Resas loc. cit. (footnote 62), page 95 et seq.
  62. 62 FSB, FSB report sets out framework to monitor crypto-asset markets, retrieved on 27 July 2018.
  63. 63 CoinSchedule, Cryptocurreny ICO Stats 2018, http://www.coinschedule.com/stats.html, retrieved on 25 June 2018.
  64. 64 FSB, a.a.O. (footnote 62).
  65. 65 Weitnauer, Initial Coin Offerings, rechtliche Rahmenbedingungen und regulatorische Grenzen, in: Bank- und Kapitalmarktrecht 6/2018, page 231 et seq.; 236; Zickgraf, Initial Coin Offerings – Ein Fall für das Kapitalmarktrecht?, in: Die Aktiengesellschaft 2018, page 293 et seq., 307.
  66. 66 See Financial Stability Committee, Fifth report to the German Bundestag, June 2018, page 42.
  67. 67 No case has yet come to light of an ICO in which the initiators' interest in making a profit has not played a role. Particularly in the context of blockchain technology, this fact is often turned around in marketing-oriented statements addressed to policy makers and investors to explain that investing in an ICO serves a greater good such as the establishment of decentralised platforms without intermediaries. It is indeed a feature of the blockchain economy that it does not need any intermediaries or centralised control of the platform to earn a profit, if you merely retain enough of the tokens initially created for free, with the expectation of a later increase in value.

Additional information

Please note

Did you find this article helpful?

We appreciate your feedback

Your feedback helps us to continuously improve the website and to keep it up to date. If you have any questions and would like us to contact you, please use our contact form. Please send any disclosures about actual or suspected violations of supervisory provisions to our contact point for whistleblowers.

We appreciate your feedback

* Mandatory field