Staying the right side of the regulatory perimeter fence with cryptoassets

In February 2009, the creator of Bitcoin, Satoshi Nakamoto, said that the main problem with conventional currency is that it relies on trust to make it work. Central banks, he said, must be trusted not to debase the currency, but the history of government-issued currencies is full of breaches of that trust.

In the immediate wake of the 2008 financial crisis, an unknown programmer or group of programmers, using the pseudonym Satoshi Nakamoto, released the first version of a peer-to-peer digital money system and currency and called it Bitcoin. Although Bitcoin was not the first digital currency, it was the first to utilise a decentralised and cryptographic proof-of-work blockchain to form the record of all transactions between users. The blockchain allows parties to send money directly to one another without the need for transaction validation by a third-party financial institution.

As revolutionary as it may be, decentralised financial systems like the blockchain give regulators a thumping headache. The UK’s regulatory framework has been created by parliament and the courts based on a centralised financial system and is not well designed to deal with decentralised finance and cryptoassets. The intangible and changeable nature of cryptoassets creates uncertainty and confusion in the minds of users as to the regulatory status of cryptoassets, which is not as regulators want things to be.

If you are currently engaged, or wish to become engaged, in operational or investment activities with cryptoassets, it is important to understand the lay of the regulatory landscape.

The regulatory perimeter fence

There has been no legislative or judicial change to the regulatory perimeter - the boundary between what is and is not regulated by the Financial Conduct Authority (FCA) - to accommodate the increasing prevalence of cryptoassets. The FCA is, therefore, challenged to categorise and fit cryptoassets into a Procrustean regulatory framework. For those whose cryptoasset activities currently fall outside the regulatory perimeter, it is important to be aware that reform is on the horizon. This will likely mean making significant changes to business models or regulatory status ahead of any regulatory changes coming into force.

Getting the basics right

Under current financial services regulation, you must not carry on a regulated activity in the UK unless authorised or exempt. If you do, you will be committing a criminal offence.

It is, therefore, vitally important to determine (a) if the cryptoassets you are dealing with are ‘specified investments’ (b) if your activity is a ‘specified activity’ (c) if your activity is ‘in the UK’ and (d) if your activity is ‘by way of business’. In the unlikely event that one (or more than one) of these criteria is not met, then you are not likely to be engaging in regulated cryptoasset activity. A specialist regulatory lawyer will be able to provide you with a legal opinion on this.

Are the cryptoassets you are dealing with specified investments?

The FCA recognises four categories of cryptoasset - e-money tokens, security tokens, exchange tokens, and utility tokens. Of these four, only security tokens and e-money tokens fall within the regulatory perimeter, both being captured by different pieces of legislation. The characteristics of cryptoassets can change throughout their lifetime and classifying them can be very tricky. For example, a cryptoasset may start its life as an unregulated utility token but go on to convert, perhaps through the operation of a smart contract, to a security token.

You should also be wary of stablecoins. Stablecoins are cryptoassets which are pegged to or stabilised by another asset. The pegged asset is often a fiat currency, but stablecoins can also be backed by traditional specified investments, unregulated assets, and other collateralised cryptoassets, or stabilised algorithmically. A stablecoin could, therefore, fall into any one or more of the four token categories, depending on the asset that backs the token.

When we talk about security tokens and e-money tokens being ‘regulated tokens’ that does not necessarily mean they are specified investments, but rather their characteristics are such that they align with one or more specified investments listed in the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO) or they fit the definition of another regulated asset, service, or product.

E-money tokens are, relative to security tokens, easier to identify. Any token which meets the e-money definition under the Electronic Money Regulations 2011 (EMRs) is an e-money token. Security tokens on the other hand are a different kettle of fish. The FCA considers security tokens to be specified investments if they grant rights associated with traditional securities, or rights to tokens which are themselves specified investments.

Although the FCA has said that if you follow their guidance, you will be treated by them as having complied with the relevant rules, regulations, or requirements, deciding that a token is a security token can be extremely difficult. For example, what regulatory treatment would you give to a synthetic cryptoasset which is derived from shares in a USA listed company, but where the holders of it do not actually own the shares in that company and have no voting or dividend rights?

Is your activity specified activity?

The EMRs are designed to regulate the issuers of e-money. If your involvement with e-money is not as an issuer in exchange for fiat funds, you are unlikely to be captured by the EMRs but take advice on this.

For security tokens, you need to look through the full list of specified activities contained in the RAO. Security tokens essentially are digital investment assets so you can tailor your search to the investment type activities like dealing in investments, arranging deals in investments, managing investments, safeguarding, and administering investments, and advising on investments. Before embarking on this search of the RAO, take some time to think about what you really do in relation to cryptoassets. There is guidance out there that will help you lay the regulation over your factual matrix, but it would be best to take advice on this from a specialist regulatory lawyer.

Is your activity in the UK and by way of business?

The decentralised and multijurisdictional nature of cryptoassets makes deciding whether your activities are being carried on in the UK very difficult. Based on FCA guidance, our view is that you should err on the side of caution. The FCA is quite clear that even where part of your activity is out of the UK, you may still be carrying on that activity in the UK.

Determining whether your activities are being carried on by way of business is a question of judgment and will largely be fact dependent. For example, if you occasionally give some free tips to your friends about which security tokens to buy, this is probably not going to be ‘by way of business’. On the other hand, if you hold yourself out as a crypto adviser and you regularly charge fees for giving advice about which security tokens to buy, it is almost certain that your activity will satisfy the ‘by way of business’ test. These two examples are at polar ends of a spectrum and your activity will likely fall somewhere in between.

Being authorised or exempt

If the conclusion is that you are, or will be, engaging in regulated cryptoasset activity, you must either become FCA authorised or adopt an exempt status. There are pros and cons of each option and, again, it would be wise to seek specialist legal advice on this.

FCA authorisation speaks for itself and the issue is the time it takes to become authorised and the associated costs of getting and being authorised.

When it comes to adopting exempt status, the most feasible option is likely to become an appointed representative of an FCA authorised firm. Whilst this arrangement will give you a very good platform from which you can carry on regulated cryptoasset activity, making sure that the appointed representative agreement is clear and watertight and that you contract with an organisation that shares your vision and ambitions.

And be aware that customer protections only extend to those cryptoassets which are regulated. If you propose to deal with a pic-n-mix of regulated and unregulated tokens, you will have to be very clear with the customer about when protections are available and when they are not.

Other considerations

Even if you are dealing with unregulated tokens, for example exchange tokens with no pegged value, your activities in relation to such tokens could bring you within the definition of a ‘relevant person’ under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). Although supervision and enforcement of the MLRs is within the FCA’s ambit, you must still comply with the requirements of the MLRs. All relevant cryptoasset businesses must comply, regardless of their regulatory status.

In summary

As more large corporates (electric vehicle manufacturers, for instance) and traditional banks are taking positions in the crypto markets, there appears to be plenty of potential for growth and profit in decentralised finance. Our view is that the regulators are playing catch up and the current UK regulatory regime in relation to cryptoassets is not entirely fit for purpose. With an extension of the regulatory perimeter proposed by HM Government, activities or assets that are currently unregulated, may soon become regulated. Fall on the wrong side of the regulation and you could find yourself significantly exposed.

For further information, please speak to Josh Bates, Kathryn Howard, or Paul O’Connor by emailing,, or contact us.