Crypto Law

Looking to establish a crypto business? 

Every crypto product brings a set of different legal questions. Whether you are creating a custodial and non-custodial wallet, exchange, allowing crypto to crypto or crypto to fiat, NFT exchange, staking and mining business, token generator, or launchpad, crypto projects are not immune from the Law. 

Let us answer the basic questions every crypto founder should ask when starting their business and help you learn how to set your business up for success.

1. Define Your Crypto Product

Defining your product is crucial as it can determine where to incorporate your company and whether you require any licence or registration. For instance, even small iterations in your product’s data collection and processing flows may have consequences for privacy regulation setup, know your customer (KYC) and anti-money laundering (AML), while how decentralised your product is may have consequences for the legal classification of tokens used and for the liability of the company and founders.

The law is looking at the actual state of your product, not the label. Therefore the most important thing is what the product does in practice.

The questions that will help you define your product are discussed below in section 4.

2. Regulation

Blockchain technology aspires to introduce a network without borders, with smart contracts dictating what happens at any given moment and without intervention from third parties. BUT, even if the on-chain (blockchain ledger) world is hard to govern and change, the off-chain world (founders, companies, internet service providers, etc.) can be reached by regulators.

Where to Establish Crypto Business?

The law governing crypto varies by country, so it will depend on your product which jurisdiction is right for you. There are also practical aspects of doing business in some countries to consider.

If you choose country A without crypto regulation and expect easier operation than in country B with crypto regulation, your decision can backfire. Country A’s status is often not permanent and brings a level of uncertainty of regulatory change, which can have a negative effect on both your product development and potential investors. When you choose a country with no abundant legislation, you do not know what to expect or the authority practices. This brings a need to prepare for multiple scenarios and therefore higher costs (more scenarios mean more to consider and costs are piling up).

In most cases, it is better to choose a country with a clearer regulatory framework concerning the crypto and blockchain space (such as Estonia, Lichtenstein, Switzerland) or countries without a specific crypto regulation but at least with a predictable legal system in general (such as Slovakia, the Czech Republic and Germany) than countries which do not regulate almost any area (such as the Cayman Islands).

When you choose a country with no specific crypto regulation, but with rich legislation in other areas, you are given flexibility within a certain range (grey area) of legal rules or guidelines within which you can operate. Uncertainty lies then in the question of how close you get to the “edge”. On the other hand, the “any crypto regulation is better than no crypto regulation” approach is not necessarily a one size fits all solution, and may not fully work for DeFi or DAO projects as these concepts are still mostly unknown to the existing legislative frameworks and any attempts to structure them according to traditional legal concepts may result in a non-functioning project.

Finally, operating under a jurisdiction where the government is supporting blockchain development (for example Liechtenstein with specialised legislation, Liechtenstein’s Blockchain Act) can bring you clarity and certainty in the limits of your product, even if it does impose restrictions and additional administration.

To sum up, the key here is to find the right balance between a reasonably liberal regulatory space that allows your business to grow, and having a sufficient level of certainty when it comes to the questions of what is permitted and how to conduct business legally.

Registrations and Licences

Registrations and licences are used by countries to set requirements for some types of crypto projects to comply with. The requirements differ from country to country and a licence in one country often cannot just be passported to other countries.

It is recommended to start planning ahead as obtaining the licence or filing registration may take several months. Depending on the jurisdiction, obtaining a licence can require submitting certain information such as your ID or proof of residence. Moreover, a poorly completed application can delay or even cancel processing by the authorities.

EstoniaYou need a licence for services for the storage and exchange of cryptocurrencies
GermanyYou need a licence for crypto custody and trading
LithuaniaYou need a licence for a virtual (crypto) currency wallet service
Czech RepublicYou need a special trade licence for providing services related to the virtual asset
SpainYou need to register with the central bank if you want to provide virtual currency exchange services for fiat or crypto custody
 
Examples of countries and crypto projects for which you need a licence, a special trade licence or registration. Requirements listed above are correct as of May 2022.

Regulatory sandboxes (an artificial environment created and controlled by the state) provide a way for startups, entrepreneurs and established companies to launch products on a limited and temporary scale without having to comply with all legal requirements and with the guidance from the regulator. It allows consumers to test the software before it is opened to the market. Countries which run those sandboxes include, for example, the United Kingdom, Singapore, United Arab Emirates, Austria, Australia and in the US – Arizona, Wyoming, Utah and Kentucky. Sandboxes can also provide a platform for the earliest of ideas by having little or no requirements for applications. For example, in Arizona companies can participate in programs without having an office or employees in the state.

Anonymity of Crypto

KYC and AML compliance is required for many crypto projects in most jurisdictions. Historically, AML regulation targeted mostly banks and other financial institutions, but as cryptocurrencies, DeFi and other blockchain products entered the mainstream market, policymakers have been increasingly looking at how to expand AML compliance.

It is precisely AML regulation that creates, through KYC, conflict with the general premises of privacy and anonymization which exists in the blockchain space. If AML regulations are applicable, you can be obliged to identify your users, keep all related documents and share them with the state authorities upon a request. As a consequence, you will have to find a way to effectively verify the participants of your blockchain network and obtain the necessary information about them. With products already developed, it is sometimes impossible to comply with these obligations (the premise of blockchain is immutability and changes to introduce identification may not be technically possible) and therefore it is necessary to keep this in mind during development. 

For blockchain projects connected with a financial system, there is a high chance that obligations regarding AML and KYC (mostly due to the classification of the token used and application of security laws) will apply.

The relevant authorities that are active in the crypto area are, for example, FINTRAC in Canada; FinCEN, OCC, SEC and CFTC in the US, FCA in the UK, MAS in Singapore, BaFin in Germany, FAÚ in the Czech Republic, EBA in Europe or global FATF.

Breaches of AML regulations can result in both criminal and civil penalties, fines and prison terms (for example BitMex was charged with a $100 million penalty). Companies that are found to have broken AML laws also often suffer reputational damage and may have to further operate under restrictions imposed by the respected authorities (e.g. to freeze your bank accounts).

EU and US Regulation

Neither the EU nor the US has effectively created a harmonised regulatory environment in crypto yet.

What could bring more harmonisation in the EU is the “Markets in Crypto-Assets Regulation” (MiCA). It’s part of the EU’s digital finance strategy, and it tries to deal in a holistic manner with the crypto ecosystem to establish clear and passport-able licencing, meaning you will be able to use a licence obtained in one state also in other EU states. MiCA would allow firms to operate across the EU under the same rules, and also increase consumer protection standards. Although MiCA will only come into force in 2024 at the earliest, it is recommended to monitor developments and changes in this effort and plan projects that already comply with it.

On the other hand, the US does not yet have these harmonisation efforts. There is often a clash between federal and state laws. Some states are very supportive of crypto (Wyoming), while others are not so much (New Jersey). The legislation applicable will mostly come down to federal regulators like the SEC. The US in general is one of the countries with the most active regulators (SEC has been involved in crypto disputes since 2013) and regulation is quickly evolving (Wyoming’s world-first law on DAOs for example).

3. Tokenization

A token is a special virtual asset. It represents tradable assets or utilities that reside on the blockchain. Tokens can be used for various purposes (e.g., as an investment, to store value, to establish a right to a particular service/product or a right to participate in the governance of a blockchain network).

In other words, a token is a representation of a particular right. It can be:

  • a right to influence the future of a protocol or an app (such as the say in the governance of the network);
  • an ownership right to an asset whether unique digital or real-world asset (such as NFTs); or
  • a right to a utility, meaning a right to use a digital application (such as a right to rent the computing power in Golem Network).

The main categories of tokens are:

  • utility tokens – providing rights to access or use a digital application or service;
  • payment tokens – providing a means of payment; and
  • security (asset) tokens – providing the crypto equivalent of traditional securities like stocks and bonds.

 Security Tokens

If you are planning to issue a token you should first check whether you are creating a security token. If the transaction would be considered a security transaction, the regulatory requirements for it increase significantly, including, for example, the requirement for AML compliance, a need for professional managers or publication of a prospectus before the offer of your token.

You should also be aware that at different stages of your product the category of the token can change. Examples of when this can occur include if your crypto becomes more decentralised or if the token becomes subject to multiple jurisdictions with varying laws.

Another challenge here is that attention must be paid not only to the laws of the jurisdiction where you are domiciled but also to the local laws of your users. This sometimes leads to a decision to forbid users from a jurisdiction where the laws are stricter and authorities rather active, e.g the US.

Utility Tokens

In the case of utility tokens, to avoid falling under security regulation, avoid promising users any interests, profit sharing or other compensation (such as shares or bonds). Please be aware that in some jurisdictions, such as the US, even mentioning any profit expectation in the white paper or advertising materials, could lead to a subsequent application of security laws.

On the other hand, a mere description of a token as a “utility token” is not enough, it is the factual state of the tokens that matters. Utility tokens, mostly, bring only issues regarding general civil law, consumer protection law and the law regarding general terms and conditions.

4. Important Questions for All Crypto Founders

The following questions can help you define your product and the legal frameworks which may apply.

 Composition of Product

Is the product fully decentralised, fully centralised or a hybrid of both? Is your company or another party going to be able to interfere with transactions, take custody of tokens or funds, and have a significant effect on voting? What will be the role of founders? Will they manage, only deploy the product on the blockchain network or a hybrid of both?

These questions will help to determine aspects of the potential liability of founders and other cooperating entities for matters connected with a product. These depend mainly on the involvement of the various parties that are present on your blockchain product’s network. In general, the greater the involvement and impact of a party (for example in management, marketing or promotion), the greater the likelihood and degree of potential liability.

Customers

Who will your customers be? Are you creating a B2B or B2C product or service? From which countries will your customers come from? Can you even determine where your customers are (can you meet the KYC requirements?)?

This is not a direct crypto issue, but it is also important to mention. Many consumer rights apply regardless of any contract terms and conditions agreed by the parties (unfair terms, distance selling regulations, product liability, etc.).

In this area, targeting US customers can bring regulatory hurdles (e.g. the need for registration with SEC). Because of the activity of the SEC and other US government agencies (e.g. the actions taken against Telegram, DAO network and Kik proceedings), it is difficult to complete most token-generating events involving US persons.

Monetization

What is the planned monetization model? Is it feasible from legal and tax perspectives?

It is always necessary to devise a strategy for the flow of money into the project, but also the flow of money from the project back to the founders.

Jurisdiction of Founders and Product

What jurisdiction will your business operate out of?

It usually does not matter where you are based formally (“on paper”). Instead regulators often look at your physical operation and business activity in a given country (such as from where your users are connecting, you are working and your programmers develop the product). This can be important from a perspective of taxation, consumer protection, labour, IP.

5. Additional Sources

There are many recognized sources providing crypto/blockchain-related content where you can find out more:

  • Kraken‘s crypto guide provides descriptions of how some of the top crypto projects work. This guide will help you understand projects that are already operating.
  • Binance Academy has useful information about all blockchain and crypto topics. Whether you are a crypto rookie or a veteran, you can always find something useful there.
  • Coinbase Academy is aimed at crypto beginners. This source includes guides and explainers for your crypto questions.
  • The European Union Blockchain Observatory and Forum provides more detailed research papers designed for intermediate crypto enthusiasts.
  • Spotify channel Coin Bureau contains hundreds of episodes on crypto news, big cases and other information on crypto topics.

Posted
Feedback