Content uploaded by James Camilleri
Author content
All content in this area was uploaded by James Camilleri on Dec 06, 2020
Content may be subject to copyright.
SECURITY TOKEN OFFERINGS:
REGULATORY GAPS IN EXISTING EU
FINANCIAL SERVICES REGULATION
James Camilleri
Dissertation submitted in partial fulfilment of
Master of Laws in European Business Law
Faculty of Laws, University of Malta
September 2020
2
ABSTRACT
The digital revolution is unstoppable and is permeating every aspect of life. Thus, it was only a
question of time before it would enter the financial realm of securities. This has created the
concept of security tokens and STOs – an upshot of the rise to popularity of ICOs. Inheriting the
ground-breaking qualities of DLT-based technologies, security tokens present novel regulatory
challenges when compared to traditional securities. It is possible to assimilate security tokens to
various EU laws, but existing regulatory gaps will debilitate the powers of the blockchain. The
overhaul of the securities market is that security tokens can, inter alia, be more cost-effective and
less time-consuming. These benefits mean that security tokens cannot be, for all intents and
purposes, identical to their traditional counterparts.
With ongoing developments, the technology to reap these benefits is already out there.
Maintaining traditional regulatory frameworks is right and fitting but technological advancements
call for the review of such checks and balances – not as a form of deregulation but as a means of
incorporating change. The financial regulatory authority that denounces new forms of innovation
as a threat to the system is a thing of the past, yet it may have certain reservations for the sake of
public safety. Rather than established financial regulators trying to reinvent themselves to new
technologies, it is easier for a specialised entity to take onboard the supervision of a new sector of
the market that is inherently different from traditional ones. On these lines, the vision of a Digital
Lab, as suggested by France’s AMF, would be to have a supranational entity to cater for STOs and
other innovative technologies and collaborate with existing financial supervisory authorities.
Keywords: Security Token Offerings (STOs); Distributed Ledger Technology (DLT); Financial
Instrument Test; Digital Lab; technology-neutral legislation
3
To my family
4
TABLE OF CONTENTS
ABSTRACT .......................................................................................................................................................... 2
TABLE OF JUDGMENTS ...................................................................................................................................... 6
American Case Law ........................................................................................................................................ 6
European Union Case Law ............................................................................................................................. 6
Italian Case Law ............................................................................................................................................. 6
TABLE OF STATUTES .......................................................................................................................................... 7
European Union Legislation ........................................................................................................................... 7
French Legislation ........................................................................................................................................ 12
German Legislation ...................................................................................................................................... 12
Maltese Legislation ...................................................................................................................................... 12
TABLE OF TREATIES .......................................................................................................................................... 13
ABBREVIATIONS ............................................................................................................................................... 14
INTRODUCTION ............................................................................................................................................... 21
Financial Instruments .................................................................................................................................. 21
The Howey Test ....................................................................................................................................... 22
Innovative Technologies .............................................................................................................................. 23
Fintech ..................................................................................................................................................... 24
Distributed Ledger Technology ............................................................................................................... 24
Securities ..................................................................................................................................................... 25
CHAPTER 1: TOKENISATION ............................................................................................................................. 28
1.1 Characteristics of Tokenisation ....................................................................................................... 29
1.1.1 Intermediation ......................................................................................................................... 29
1.1.2 Efficiency .................................................................................................................................. 30
1.1.3 Scalability ................................................................................................................................. 30
1.1.4 Cryptography ........................................................................................................................... 31
1.1.5 Decentralisation....................................................................................................................... 31
1.1.6 Speed of Transfer .................................................................................................................... 32
1.2 Central Securities Depositories ....................................................................................................... 32
CHAPTER 2: MAIN APPLICABLE EU LAWS AND EXISTING REGULATORY GAPS................................................ 35
2.1 General Concepts ............................................................................................................................ 35
2.1.1 The Principle of Conferral ........................................................................................................ 35
2.1.2 Cassis de Dijon Principle .......................................................................................................... 36
2.1.3 Blockchain in Europe ............................................................................................................... 37
2.1.4 ESMA ........................................................................................................................................ 37
2.2 Table of Relevant EU Statutes ......................................................................................................... 37
2.3 MiFID II............................................................................................................................................. 39
5
2.4 Market Abuse Regulation ................................................................................................................ 40
2.5 Collective Investment Schemes (CISs) ............................................................................................. 41
2.5.1 Undertakings for Collective Investment in Transferable Securities (‘UCITS’) ......................... 41
and Alternative Investment Fund Managers Directive ........................................................................... 41
2.6 Anti-Money Laundering Directive ................................................................................................... 43
2.7 The Prospectus Regulation .............................................................................................................. 44
2.8 CSDR ................................................................................................................................................ 47
CHAPTER 3: ANCILLARY APPLICABLE EU LAWS AND EXISTING REGULATORY GAPS ....................................... 48
3.1 The Right of Withdrawal .................................................................................................................. 49
3.1.1 Consumer Rights and Distance Marketing of Consumer Financial Services Directives .......... 49
3.2 E-Commerce Directive ..................................................................................................................... 52
3.2.1 Country of Origin Rule ............................................................................................................. 53
3.2.2 Contract Forms ........................................................................................................................ 54
3.3 Electronic Money Directive and Payment Services Directive .......................................................... 54
3.4 Transparency Directive .................................................................................................................... 55
3.5 SFD ................................................................................................................................................... 56
CHAPTER 4: STO REGULATION IN MALTA, GERMANY, AND FRANCE .............................................................. 58
4.1 Malta ................................................................................................................................................ 58
4.1.1 Malta Financial Services Authority .......................................................................................... 58
4.2 Germany .......................................................................................................................................... 66
4.2.1 BaFin ........................................................................................................................................ 66
4.3 France .............................................................................................................................................. 67
4.3.1 AMF Announcement ................................................................................................................ 67
CONCLUSION ................................................................................................................................................... 70
BIBLIOGRAPHY ................................................................................................................................................. 75
Conference papers ...................................................................................................................................... 75
Edited books ................................................................................................................................................ 75
European Commission documents .............................................................................................................. 75
Hard copy journals ....................................................................................................................................... 75
Newspaper articles ...................................................................................................................................... 76
Theses .......................................................................................................................................................... 76
Websites and blogs ...................................................................................................................................... 76
Working papers ........................................................................................................................................... 80
6
TABLE OF JUDGMENTS
American Case Law
Securities and Exchange Commission v W.J. Howey Co et al [1946] 328 U.S. 293.
In re RealNetworks No. 00 C 1366, 2000 WL 631341 (N.D. Ill. May, 8, 2000).
European Union Case Law
Case 120/78 Rewe-Zentral AG v Bundesmonopolverwaltung für Branntwein ECLI:EU:C:1979:42.
Case C-481/99 Heininger [2001] ECLI:EU:C:2001:684.
C-639/18 KH v Sparkasse Südholstein [2020] ECLI:EU:C:2020:477.
Italian Case Law
Judgment No. 201 of the Ancona Court of Appeal [2016].
Judgment No. 403 of the Court of Bolzano [2016].
7
TABLE OF STATUTES
European Union Legislation
Council Directive 85/577/EEC of 20 December 1985 to protect the consumer in respect of
contracts negotiated away from business premises [1985] OJ L372/31.
Council Directive 85/611/EEC of 20 December 1985 on the coordination of laws, regulations and
administrative provisions relating to undertakings for collective investment in transferable
securities (UCITS) [1985] OJ L375/3.
Council Directive 93/22/EEC of 10 May 1993 on investment services in the securities field [1993]
OJ L141/27.
Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement
finality in payment and securities settlement systems [1998] OJ L166/45.
Directive 98/48/EC Of the European Parliament and of the Council of 20 July 1998 amending
Directive 98/34/EC laying down a procedure for the provision of information in the field of
technical standards and regulations [1998] OJ L217/18.
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain
legal aspects of information society services, in particular electronic commerce, in the Internal
Market (Directive on electronic commerce) [2000] OJ L178/1.
Directive 2002/65/EC of the European Parliament and the Council of 23 September 2002
concerning distance marketing of consumer financial services and amending Council Directive
90/619/EEC and Directives 97/7/EC and 98/27/EC [2002] OJ L271/16.
Directive 2003/71/EC of the European Parliament and of the Council of 4 November 2003 on the
prospectus to be published when securities are offered to the public or admitted to trading and
amending Directive 2001/34/EC [2003] OJ L345/64.
8
Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets
in financial instruments amending Council Directives 85/611/EEC and 93/6/EEC and Directive
2000/12/EC of the European Parliament and of the Council and repealing Council Directive
93/22/EEC [2004] OJ L145/1.
Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the
harmonisation of transparency requirements in relation to information about issuers whose
securities are admitted to trading on a regulated market and amending Directive 2001/34/EC
[2004] OJ L390/38.
Commission Directive 2007/14/EC of 8 March 2007 laying down detailed rules for the
implementation of certain provisions of Directive 2004/109/EC on the harmonisation of
transparency requirements in relation to information about issuers whose securities are admitted
to trading on a regulated market [2007] OJ L69/27.
Commission Recommendation of 11 October 2007 on the electronic network of officially
appointed mechanisms for the central storage of regulated information referred to in Directive
2004/109/EC of the European Parliament and of the Council (notified under document number
C(2007) 4607) [2007] OJ L267/16.
Directive 2009/65/EC of the European Parliament and of the Council of July 2009 on the
coordination of laws, regulations and administrative provisions relating to undertakings for
collective investment in transferable securities (UCITS) (recast) [2009] OJ L302/32.
Directive 2009/110/EC of the European Union and of the Council of 16 September 2009 on the
taking up, pursuit and prudential supervision of the business of electronic money institutions
amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC [2009] OJ
L267/7.
Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November
2010 establishing a European Supervisory Authority (European Securities and Markets Authority)
amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC [2010] OJ
L331/84.
9
Directive 2011/61/EU of the European Union and of the Council of 8 June 2011 on Alternative
Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations
(EC) No 1060/2009 and (EU) No 1095/2010 [2011] OJ L174/1.
Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on
consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European
Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC
of the European Parliament and of the Council [2011] OJ L304/64.
Directive 2013/50/EU of the European Parliament and of the Council of 22 October 2013
amending Directive 2004/109/EC of the European Parliament and of the Council on the
harmonisation of transparency requirements in relation to information about issuers whose
securities are admitted to trading on a regulated market, Directive 2003/71/EC of the European
Parliament and of the Council on the prospectus to be published when securities are offered to
the public or admitted to trading and Commission Directive 2007/14/EC laying down detailed rules
for the implementation of certain provisions of Directive 2004/109/EC [2013] OJ L294/13.
Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on
market abuse (market abuse regulation) and repealing Directive 2003/6/EC of the European
Parliament and of the Council and Commission Directives 2003/125/EC, 2003/125/EC and
2004/72/EC [2014] OJ L173/1.
Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets
in financial instruments and amending Directive 2202/92/EC and Directive 2011/61/EU (recast)
[2014] OJ L173/349.
Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on
markets in financial instruments and amending Regulation (EU) No 648/2012 [2014] OJ L 173/84.
Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on
improving securities settlement in the European Union and on central securities depositories and
amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 [2014] OJ L257/1.
10
Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the
prevention of the use of the financial system for the purposes of money laundering or terrorist
financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council,
and repealing Directive 2005/60/EC of the European Parliament and of the Council and
Commission Directive 2006/70/EC [2015] OJ l141/73.
Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on
payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and
2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC [2015] OJ
L337/35.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
[2016] OJ L119/1.
Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017 on the
prospectus to be published when securities are offered to the public or admitted to trading on a
regulated market, and repealing Directive 2003/71/EC [2017] OJ L168/12.
Directive (EU) 2018/410 of the European Parliament and of the Council of 14 March 2018
amending Directive 2003/87/EC to enhance cost-effective emission reductions and low-carbon
investments, and Decision (EU) 2015/1814 [2018] OJ L76/3.
Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending
Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of
money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU
[2018] OJ L56/43.
Directive (EU) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on
combating money laundering by criminal law [2018] OJ L284/22.
11
Commission Delegated Regulations (EU) 2019/979 of 14 March 2019 supplementing Regulation
(EU) 2017/1129 of the European Parliament and of the Council with regard to regulatory technical
standards on key financial information in the summary of a prospectus, the publication and
classification of prospectuses, advertisements for securities, supplements to a prospectus, and the
notification portal, and repealing Commission Delegated Regulation (EU) No 382/2014 and
Commission Delegated Regulation (EU) 2016/301 [2019] OJ L166/1.
Commission Delegated Regulations (EU) 2019/980 of 14 March 2019 supplementing Regulation
(EU) 2017/1129 of the European Parliament and of the Council as regards the format, content,
scrutiny and approval of the prospectus to be published when securities are offered to the public
or admitted to trading on a regulated market, and repealing Commission Regulation (EC) No
809/2004 [2019] OJ L166/26.
Regulation (EU) 2019/1156 of the European Parliament and of the Council of 20 June 2019 on
facilitating cross-border distribution of collective investment undertakings and amending
Regulations (EU) No 345/2013, (EU) No 346/2013 and (EU) No 1286/2014 [2019] OJ L188/55.
Directive (EU) 2019/1160 of the European Parliament and of the Council of 20 June 2019
amending Directives 2009/65/EC and 2011/61/EU with regard to cross-border distribution of
collective investment undertakings [2019] OJ L188/106.
12
French Legislation
Code de commerce, partie legislative – Commercial Code
Code monétaire et financier, partie legislative – Monetary and Financial Code
German Legislation
Kapitalanlagegesetzbuch (KAGB) – Capital Investment Code
Kreditwesengesetz (KWG) – Banking Act
Zahlungsdiensteaufsichtsgesetz (ZAG) – Payment Supervision Act
Maltese Legislation
Companies Act, Chapter 386 of the Laws of Malta.
Innovative Technology Arrangements and Services Act, Chapter 592 of the Laws of Malta.
Investment Services Act, Chapter 370 of the Laws of Malta.
Malta Digital Innovation Authority Act, Chapter 591 of the Laws of Malta.
Virtual Financial Assets Act, Chapter 590 of the Laws of Malta.
13
TABLE OF TREATIES
Treaty establishing the European Economic Community [1958].
Consolidated Version of the Treaty on European Union [2012] OJ C326/13.
Consolidated version of the Treaty on the Functioning of the European Union [2012] OJ C 326/47.
14
ABBREVIATIONS
AIFMD
Directive 2011/61/EU of the European Union and of the Council of 8 June
2011 on Alternative Investment Fund Managers and amending Directives
2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU)
No 1095/2010 [2011] OJ L174/1
AMF
Authorité des marches financiers – French Financial Markets Regulator
AMF
Announcement
‘Review and analysis of the application of financial regulations to security
tokens’ (2020) AMF <www.amf-france.org/sites/default/files/2020-
03/legal-analysis-security-tokens-amf-en_1.pdf> accessed 25th August
2020
AML
Anti-Money Laundering
AMLD 4
Directive (EU) 2015/849 of the European Parliament and of the Council of
20 May 2015 on the prevention of the use of the financial system for the
purposes of money laundering or terrorist financing, amending Regulation
(EU) No 648/2012 of the European Parliament and of the Council, and
repealing Directive 2005/60/EC of the European Parliament and of the
Council and Commission Directive 2006/70/EC [2015] OJ l141/73
AMLD 5
Directive (EU) 2018/843 of the European Parliament and of the Council of
30 May 2018 amending Directive (EU) 2015/849 on the prevention of the
use of the financial system for the purposes of money laundering or
terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU
[2018] OJ L56/43
AMLD 6
Directive (EU) 2018/1673 of the European Parliament and of the Council
of 23 October 2018 on combating money laundering by criminal law
[2018] OJ L284/22
15
BaFin
Bundesanstalt für Finanzdienstleistungsaufsicht – German Federal
Financial Supervisory Authority
BFT
Byzantine Fault Tolerance
Cassis de Dijon
Case 120/78 Rewe-Zentral AG v Bundesmonopolverwaltung für
Branntwein ECLI:EU:C:1979:42
CFT
Combating the Financing of Terrorism
CISs
Collective Investment Schemes
CISA
Certified Information Systems Auditor
CISO
Chief Information Security Officer
CMU
Capital Markets Union
CRD
Directive 2011/83/EU of the European Parliament and of the Council of 25
October 2011 on consumer rights, amending Council Directive 93/13/EEC
and Directive 1999/44/EC of the European Parliament and of the Council
and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the
European Parliament and of the Council [2011] OJ L304/64
CSDR
Regulation (EU) No 909/2014 of the European Parliament and of the
Council of 23 July 2014 on improving securities settlement in the
European Union and on central securities depositories and amending
Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012
[2014] OJ L257/1
CSDs
Central Securities Depositories
CJEU
Court of Justice of the European Union
16
Digital Lab
Digital Laboratory
DLT
Distributed Ledger Technology
DMCFSD
Directive 2002/65/EC of the European Parliament and the Council of 23
September 2002 concerning distance marketing of consumer financial
services and amending Council Directive 90/619/EEC and Directives
97/7/EC and 98/27/EC [2002] OJ L271/16
EBA
European Banking Authority
EBSI
European Blockchain Services Infrastructure
ECB
European Central Bank
ECD
Directive 2000/31/EC of the European Parliament and of the Council of 8
June 2000 on certain legal aspects of information society services, in
particular electronic commerce, in the Internal Market (Directive on
electronic commerce) [2000] OJ L178/1
EEA
European Economic Area
EEC Treaty
Treaty establishing the European Economic Community [1958]
EMD 2
Directive 2009/110/EC of the European Union and of the Council of 16
September 2009 on the taking up, pursuit and prudential supervision of
the business of electronic money institutions amending Directives
2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC [2009]
OJ L267/7
Entity
Professional Investor Funds investing in Virtual Currencies; and issuers of
VFAs
17
ESFS
European System of Financial Supervision
ESMA
European Securities and Markets Authority
EU
European Union
FATF
Financial Action Task Force
Feedback
Statement
‘Feedback Statement to the Consultation Document on Security Token
Offering’ (2020) MFSA Ref No: 12-2019
FIT
Financial Instrument Test
GDPR
General Data Protection Regulation
Howey
Securities and Exchange Commission v W.J. Howey Co et al [1946] 328 U.S.
293
ICOs
Initial Coin Offerings
ICT
Information and Communication Technology
IPO
Initial Public Offering
ISA
Investment Services Act, Chapter 370 of the Laws of Malta
ISP
Investment Service Provider
ISS
Information Society Service
IT
Information Technology
18
ITAS Act
Innovative Technology Arrangements and Services Act, Chapter 592 of the
Laws of Malta
KAGB
Kapitalanlagegesetzbuch – German Capital Investment Code
KH
C-639/18 KH v Sparkasse Südholstein [2020] ECLI:EU:C:2020:477
KWG
Kreditwesengesetz – German Banking Act
Landgericht Kiel
Regional Court, Kiel, Germany
MAR
Regulation (EU) No 596/2014 of the European Parliament and of the
Council of 16 April 2014 on market abuse (market abuse regulation) and
repealing Directive 2003/6/EC of the European Parliament and of the
Council and Commission Directives 2003/125/EC, 2003/125/EC and
2004/72/EC [2014] OJ L173/1
MBR
Malta Business Registry
MDIA
Malta Digital Innovation Authority
MDIA Act
Malta Digital Innovation Authority Act, Chapter 591 of the Laws of Malta.
MFSA
Malta Financial Services Authority
MiFID II
Directive 2014/65/EU of the European Parliament and of the Council of 15
May 2014 on markets in financial instruments and amending Directive
2202/92/EC and Directive 2011/61/EU (recast) [2014] OJ L173/349; and
Regulation (EU) No 600/2014 of the European Parliament and of the
Council of 15 May 2014 on markets in financial instruments and amending
Regulation (EU) No 648/2012 [2014] OJ L 173/84
MiFIR
Markets in Financial Instruments Regulation
19
MSs
Member States
MTF
Multilateral Trading Facility
NCAs
National Competent Authorities
OTF
Organised Trading Facility
PC
Personal Computer
PIFs
Professional Investor Funds
Prospectus
Regulation
Regulation (EU) 2017/1129 of the European Parliament and of the Council
of 14 June 2017 on the prospectus to be published when securities are
offered to the public or admitted to trading on a regulated market, and
repealing Directive 2003/71/EC [2017] OJ L168/12
PSD 2
Directive (EU) 2015/2366 of the European Parliament and of the Council
of 25 November 2015 on payment services in the internal market,
amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and
Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC
SFD
Directive 98/26/EC of the European Parliament and of the Council of 19
May 1998 on settlement finality in payment and securities settlement
systems [1998] OJ L166/45
SME
Small and Medium-Sized Enterprises
STOs
Security Token Offerings
TD
Directive 2004/109/EC of the European Parliament and of the Council of
15 December 2004 on the harmonisation of transparency requirements in
20
relation to information about issuers whose securities are admitted to
trading on a regulated market and amending Directive 2001/34/EC [2004]
OJ L390/38
TEU
Consolidated Version of the Treaty on European Union [2012] OJ C326/13
TFEU
Consolidated version of the Treaty on the Functioning of the European
Union [2012] OJ C 326/47
UCITS
Undertakings for Collective Investment in Transferable Securities
UCITS I
Council Directive 85/611/EEC of 20 December 1985 on the coordination of
laws, regulations and administrative provisions relating to undertakings
for collective investment in transferable securities (UCITS) [1985] OJ
L375/3
UCITS IV
Directive 2009/65/EC of the European Parliament and of the Council of
July 2009 on the coordination of laws, regulations and administrative
provisions relating to undertakings for collective investment in
transferable securities (UCITS) (recast) [2009] OJ L302/32
URD
Universal Registration Document
US
United States of America
VFA ACT
Virtual Financial Assets Act, Chapter 590 of the Laws of Malta
VFAs
Virtual Financial Assets
ZAG
Zahlungsdiensteaufsichtsgesetz – German Payment Supervision Act
21
INTRODUCTION
The relationship between the fields of law and technology is a curious one. The law wants stability
and foreseeability. Technology wants to innovate and advance. It would seem the two are not
compatible. Yet the law seeks to regulate everything, and the expansion of the technological
revolution is such that regulation is even more necessary. The uncontainable nature of technology
makes the conventional notions of territory and jurisdiction sound naïve. Its volatile nature makes
things trending today appear old and obsolete tomorrow. Despite these challenges the law has
not failed in the regulation of technology. Instead, it has had to view the art and science of
regulation from a different perspective. The uncontainable nature of technology means there is
only so much a sole jurisdiction can achieve and that efforts at an international level are more
likely to be efficacious. The volatile nature of technology means it is pointless regulating
something which within a short time will have drastically mutated – leading to the concept of
technology-neutral legislation.
As time goes by the union between law and technology gets deeper. The downcast
image of the IT (information technology) geek who knows how to use a computer but cannot
communicate with people in real life is long forgotten. Children of the second millennium are
brought up surrounded by information and communication technology (‘ICT’) devices. A computer
no longer means a bulky set of electronic components connected by a myriad of wires and cables.
Nowadays, computers come in all shapes and sizes: desktop PCs (personal computers), laptops,
tablets, and smartphones – to name the most common. Even in this day and age, not everyone
can be considered an IT guru – many people have only a vague understanding of the technicalities
of connecting to the internet and using some of the household names in social media and
software applications. However, in a developed society relatively few are the people who remain
IT-illiterate. Gone are the days when the legislator will shy away from regulating in the sphere of
technology – although the challenges caused by its uncontainable and volatile nature remain.
Financial Instruments
Falempin, Van Hecke, Coheur and Walsh, in their handbook describe a security as follows:
1
1
Luc Falempin, Philippe Van Hecke, Daniel Coheur and Eamon Walsh, ‘Tokenized Securities: the ultimate handbook on
how to issue compliant securities on the blockchain’ (2019) <https://tokeny.com/wp-
content/uploads/2019/01/TOKENIZED-SECURITIES.pdf> accessed 14th July 2020.
22
[A] security is a fungible and negotiable financial instrument that holds some type of
monetary value. It can represent ownership in a company’s stock, a creditor
relationship with an entity through a bond, or rights to ownership as represented by
an option. To keep it simple, a security can be broken down into three overarching
categories; equities, funds and debts.
The standard definition of a financial instrument is:
2
[A] monetary contract between two parties, which can be traded and settled. The
contract represents an asset to one party (the buyer) and a financial liability to the
other party (the seller).
A financial instrument is deemed to be negotiable if, inter alia, the ownership can be transferred
from one person to another. Falempin et al define equity, debt, and fund (or investment fund) in
the context of securities as follows:
3
Equity is an investment in stock issued by another company. The stock can be either
private or public, and represents ownership of an entity. […]
Debt represents money that is borrowed and has to be repaid. The issuer of the bond
(or debt) owes the holders debt and is therefore generally obliged to pay them
interest, and to pay the principle on the maturity date […]
An investment fund is a supply of capital belonging to numerous investors used to
collectively purchase securities. Each investor retains ownership and control of their
own shares. […]
The Howey Test
All securities are financial instruments but not all financial instruments are securities and for the
topic under review it is important to distinguish which financial instruments are securities and
which are not, irrespectively of whether a new medium is being applied. The Howey test is a set of
criteria developed by the Supreme Court of the United States of America (the ‘US’) to determine
whether a financial instrument qualifies as a security. Securities and Exchange Commission v W.J.
Howey Co et al (‘Howey’) was decided by the US Supreme Court on the 27th May 1946.
4
This
judgment decided whether the process of offering units of agricultural land dedicated to the
cultivation of citrus fruits would qualify under the definition of a security in the US Securities Act
of 1933.
5
Examining the unitisation of a citrus grove under US law may sound remote from the
analysis of STOs under EU law but the principle is still relevant and deserves a mention in this
2
‘Financial instrument definition’ (IG) <www.ig.com/en/glossary-trading-terms/financial-instrument-
definition#:~:text=A%20financial%20instrument%20is%20a,other%20party%20(the%20seller)> accessed 14th July
2020.
3
Falempin et al (n 1).
4
328 U.S. 293.
5
ibid para 1.
23
study. The respondent, W.J. Howey Co, owned agricultural land where citrus fruit trees were
cultivated.
6
Howey Co retained fifty percent of the cultivated land for its own use and the other
fifty percent was offered to the public in the form of units of land.
7
The transfer of units to the
public was affected by way of contract.
8
Howey Co cultivated the land on behalf of the unit owners
and the eventual net profits were distributed accordingly.
9
The court considered the contracts
entered into between Howey Co and the unit owners to be investment contracts.
10
The definition
of an investment contract provided by the court is the basis of the Howey test:
11
[A]n investment contract for purposes of the Securities Act means a contract,
transaction or scheme whereby a person invests his money in a common enterprise
and is led to expect profits solely from the efforts of the promoter or a third party[.]
The Supreme Court concluded that the contracts in question constituted a security under the
Securities Act 1933.
12
Innovative Technologies
There are various examples throughout history of society’s initial rejection of ground-breaking
technologies. ‘The Luddites’ were a movement of the 19th century against the introduction of
manufacturing machines and to this day the word ‘luddite’ still means somebody opposed to new
technologies.
13
The Luddites of the 1800s were a violent movement that resorted to breaking and
burning down machinery.
14
Nonetheless, this did not prevent the industrial revolution from
happening. A more recent example would be the internet and the information revolution. With
hindsight, state-restrictions against something as ground-breaking as the internet seem futile just
like the luddite movement proved to be ineffective against the industrial revolution. However, one
should also recall content-restrictions of the internet as occurs, for example, in China – although
the aim is not to restrict the technology itself, but the diffusion of content deemed to be contrary
to public policy. As it were, initial state-restrictions of a new technology may be stifling as not all
technologies have the power, as does the internet, to drop down barriers. Blockchain technologies
6
ibid para 3.
7
ibid.
8
ibid para 4.
9
ibid para 6.
10
ibid para 12.
11
ibid para 11.
12
ibid para 13.
13
Evan Andrews, ‘Who Were the Luddites?’ (History.com, 26th June 2019) <www.history.com/news/who-were-the-
luddites#:~:text=The%20original%20Luddites%20were%20British,robbing%20them%20of%20their%20livelihood>
accessed 1st August 2020.
14
ibid.
24
are relatively new and have been subject to a fair share of state-restrictions deemed to be in the
public interest. Whether the technology will live up to the expectations has to be seen. The rise of
blockchain technology has been haphazard yet it remains a constant of the digital revolution with
supporters insisting it will eventually lead to a blockchain revolution.
Fintech
The term fintech (financial technology) was not conceived for the introduction of blockchain to the
financial services industry however at present it is amongst the most innovative technologies of
the sector. The automation of financial industry products and services that initiated the fintech
sector as a separate branch has been growing steadily ever since, and the powers of blockchain
have helped it grow further. The adoption of blockchain technology by the fintech sector was
greeted with scepticism by financial experts, state governments and the public. However, some
have sought to strike while the iron is hot. Thus, while some experts in the field have dismissed
crypto assets as being too volatile, others have specialised in it to become the pioneers of
blockchain technology. This also applies to state governments, some of which refuse to
acknowledge it while others have embraced it in the hope of boosting their economy.
Distributed Ledger Technology
Distributed ledger technology (‘DLT’) is a technical subject that in other circumstances would be
obscure to most people other than the IT-specialists. The ensuing development of DLT into the
concept of the blockchain and its ushering into the sphere of finance and economics has
contributed to the rise of DLT from being another acronym of the ‘computer geeks’ to becoming,
with the words ‘blockchain’ and in particular ‘Bitcoin’, a fashion statement. Bitcoin is a
cryptocurrency that acts as a digital medium of exchange comparable, in several respects, to what
is associated with the functionality of money. Never mind the technicalities of DLT, if there is
something that will capture the attention of people – that is mention of the word money. There
has been more than a fair share of attention and speculation surrounding the concept of
blockchain. The fact that some people who jumped on the blockchain bandwagon became rich
overnight has fuelled further speculation. Things in the blockchain world have been moving so fast
that people jumping on the bandwagon one day have made extraordinary returns on investment
and others jumping the next day have not made any profits whatsoever. In toto, the DLT
technology debate remains divided but despite various setbacks this does not mean the sceptics
25
are having the upper hand. Rather than a question of ‘if’ blockchain technology will revolutionise
various industries; it may be a question of ‘how’.
Blockchain technology falls under the nature of uncontainablility and volatility of
technology in general. Its associations with the spheres of finance and economics is
unprecedentedly tight although this was expected to happen sooner or later. Because technology
in its purer form is uncontainable and volatile does not mean it cannot be made more containable
or less volatile. Technology is a manmade artifact and it can be moulded and remoulded into new
forms limited only by the creativity of human beings. The topic under review – security token
offerings (‘STOs’) – is the peculiar union between a well-established concept of the financial world,
securities (also referred to in this study as ‘traditional securities’, to distinguish them from security
tokens), and a concept of the, so to speak, volatile world of blockchain technology called tokens.
This marriage has the potential of leading to new-age technologies that defy the intrinsic nature of
uncontainability and volatility whilst taking advantage of the benefits technology has to offer.
The potential of DLT is such that many (or arguably all) industries may be influenced.
The revolution to the financial industry has predominated the media for various reasons, one of
them possibly being that money is a common denominator people can easily relate to. Several
Member States (‘MSs’), including Malta, have commenced to legislate around blockchain vis-à-vis
the financial sector – in particular, cryptocurrencies. The European Union (‘EU’) institutions may
want to legislate around cryptocurrencies themselves since it defies the process of harmonisation
for each MS to have a different national framework to every other MS, or not have any framework
in place whatsoever. Due to the sensitive nature of cryptocurrencies (or crypto assets) there may
also be public interest concerns the EU will want to tackle at a supranational level.
Securities
The concept of securities is fundamental to understanding the concept of STOs. While some
experts venerate the unlocking of future DLT technology applications, others play down the hype
as being an overstatement. The populist label of blockchain being the technology of the future
may be causing a disservice as some people might regard it as merely science fiction. A brief study
of something as traditional as securities will help to drive home the point that blockchain
26
technology is not something reserved for the Starship Enterprise,
15
but is a technologically
advanced tool applicable in various everyday situations. It also stresses the fact that STOs are a
more stable way of raising capital with the aid of blockchain technology than ICOs.
Securities are a well-known concept of the financial sphere and although STOs fall
under the science of blockchain, securities themselves are distinct from blockchain technology and
the term has its roots in the early developments of finance and commerce of the 16th and 17th
centuries – way before anyone had phantomed the use of DLT technologies.
16
The union between
securities and blockchain tokens is a curious one and would have raised a few eyebrows if it were
not for the fact that blockchain became the hip word it is today and is being associated with
anything under the sun, including Malta’s very own ‘Blockchain Island’. Not everyone, however, is
convinced of the potential of blockchain technology and some are critical of its shortcomings.
Those who are sceptical, consider it a fad that will not live up to the expectations. There is plenty
of speculation surrounding DLT technology fuelled by the media and the digital gold rush. The
truth is that in technology years blockchain has already stood the test of time. Irrespectively of the
enthusiasm or otherwise with which certain investors may jump on the bandwagon in the hope of
becoming IT magnates of the likes of Bill Gates,
17
Mark Zuckerberg,
18
or Jeff Bezos,
19
technology is
in the first place a tool and so long as there is a void which it can fill, there will be a spot for it on
the market.
The demand for securities is undoubted having had a presence in the world of finance
for the past four hundred years or so. Digital tokens are a tool that can be employed in the
circulation of securities and, given the characteristics of DLT technology, have arguably been
proven to effectively work in the intended scope. Information technology and the law are not
always on the best of terms with the IT industry accusing the law of hampering innovation and the
law accusing the IT industry of disregarding public safety. The fragmentation of blockchain
technology regulation in the EU territory means it cannot flourish at a supranational level but
instead only in those jurisdictions where a commitment to regulate has been taken by the
15
Of the Star Trek science fiction franchise, see <https://intl.startrek.com/database_article/enterprise> accessed 14th
July 2020.
16
‘The Development Of Securities Trading’ (Britannica) <www.britannica.com/topic/security-business-economics/The-
development-of-securities-trading> accessed 9th July 2020.
17
Co-founder of software company Microsoft.
18
Co-founder of social media Facebook.
19
Founder of multi-national technology company Amazon.
27
respective legislator. STOs may offer support to overcome the limitations of DLT regulation
fragmentation by being exposed to the regulation of securities for which there is a well-
established legal framework and a better level of harmonisation.
From a regulatory perspective it is interesting to observe how different legislators
react to the traditional securities/blockchain technology combination. Even though technology is
intrinsically uncontainable and volatile does not mean these are indispensable characteristics.
While containing technology is deemed to be counterproductive by the computer scientist; the
legislator will want to do so in the public interest, amongst other things. People investing in crypto
assets and losing money may be said to be victims of the market forces at play, but the
government may not take such a liberal view and want to interfere with the market, as it is
empowered to do. Technology-stifling regulation is frowned upon but the other extreme – no
regulation – is hardly an option. Initial coin offerings (‘ICOs’) are often compared to STOs as an
example of the consequences of insufficient regulation. ICOs quickly gained popularity as a means
of raising funding for various types of projects, particularly for start-up undertakings. It is similar in
principle to an initial public offering (‘IPO’) where a private company begins offering shares to the
public. An IPO works through a regulated stock exchange. In the spirit of DLT technology, ICOs are
decentralised and the role of the middleman removed. This made raising funds through ICOs less
cumbersome than IPOs but the popularity of ICOs eventually dropped. The ease of setting up an
ICO meant that scammers could operate unchecked and investors seeking redress from the law
courts would hardly know where to begin.
28
CHAPTER 1: TOKENISATION
Digital tokens (or ‘tokens’) are defined as:
20
Transferable units generated within a distributed network that tracks ownership of the
units through the application of blockchain technology.
In theory, any real asset can be represented as a digital token through tokenisation which is
defined as:
21
[A] process where some form of assets are converted into a token that can be moved,
stored, or recorded on a blockchain.
This process has found fertile grounds for its use in financial markets and security tokens are the
result of,
22
materializing the ownership in a security through the issuance of a “token” registered
on a distributed ledger (DLT) infrastructure.
Any asset tokenised on the blockchain will impart to its corresponding token the rights attached to
the asset in the real world and hence the continued existence of the asset is indispensable. The
tokenisation of securities has been gaining steady momentum and although trends in the DLT
world evolve rapidly there remains a sustained hype for the potential of STOs. It is usual to
compare STOs to ICOs because of the element of raising capital. Although successful, ICOs are
notorious for not being adequately regulated causing frustration to investors and a growing
distrust towards them. The aim of STOs is for them to fall under the same rules and regulations
applicable to securities causing them to consequently fall under an already well-regulated regime.
The applicable jurisdictions are where the STO is issued and where it is marketed.
23
Some
jurisdictions may either require that an STO be issued directly as a blockchain token or else it is
first issued as a traditional security to be then converted to a token at a later stage.
24
An adequate
regulatory framework is of the essence also in the event of the parties to an STO seeking redress
from the law courts.
25
20
‘Understanding Digital Tokens: Market Overviews and Proposed Guidelines for Policymakers and Practitioners’
Token Alliance, Chamber of Digital Commerce <https://aws.digitalchamber.org/download/7153/> accessed 14th July
2020.
21
‘What is Tokenization’ (eToro) <www.etorox.com/blockchain-academy/what-is-tokenization> accessed 14th July
2020.
22
Falempin et al (n 1).
23
‘The Tokenisation of Assets and Potential Implications for Financial Markets’ (2020) OECD Blockchain Policy Series
<www.oecd.org/finance/The-Tokenisation-of-Assets-and-Potential-Implications-for-Financial-Markets.htm> accessed
15th July 2020.
24
ibid 14.
25
ibid 15.
29
1.1 Characteristics of Tokenisation
1.1.1 Intermediation
The role of intermediaries is often under fire in any DLT discussion. The decentralised nature of
DLT technology is praised by pro-blockchain stakeholders for dispensing with the need of an
intermediary, which presence is considered an added expense and a burden. The invention of
smart contracts is another facet of blockchain technology that has boosted the potential of STOs.
Like a conventional contract, smart contracts entail several obligations, the difference being they
are spelled out in a digital format. A smart contract functions by means of computer programming
code but this is carried out by a third-party that has nothing to do with the purpose of the contract
itself. The actual parties to the contract do not need to know how to code and, in fact, may be
totally obscure to the inner workings of how a smart contract operates. It is coded in such a
manner that it automatically enforces execution of the contract.
26
Smart contracts operate over a
blockchain and hence share the same characteristics of immutability.
27
DLT technology predates
the invention of blockchain and so do smart contracts – the term was coined by Nick Szabo, an
American computer scientist, in 1994.
28
Apart from the third-party that codes the smart contract,
there is no need for intermediaries either in the drafting stage and eventually at the point of
enforcement of the contract.
29
In theory, the smart contract process is secure enough to afford
the contracting parties peace of mind the technology is as reliable as if it were done by a trusted
intermediary, such as a notary. In practice it still needs to be seen what sort of litigation may
ensue in the law courts but theoretically a smart contract is expected to be fool proof. This is
because by running on top of a blockchain the contents of the contract agreed to by the parties
cannot be altered and because it is self-executing, a smart contract cannot be forestalled – what is
agreed to by the parties cannot be different from what is stated in the contract. The savings are
potentially double as the expense of a middleman is spared and so is the need for any subsequent
litigation. Ethereum is a technology frequently associated with smart contracts. It is a software
platform running on a blockchain and includes Ether – a virtual currency.
30
Ethereum accounts can
26
Matthew N. O. Sadiku, Kelechi G. Eze, Sarhan M. Musa, ‘Smart Contracts: A Primer’ (2018) 5 J of Scientific and
Engineering Research 538, 538.
27
ibid.
28
ibid.
29
ibid.
30
Stefano Ferretti and Gabriele D’Angelo, ‘On the Ethereum Blockchain Structure: a Complex Networks Theory
Perspective’ (2019) Currency and Computation Practice and Experience
<www.researchgate.net/publication/335326217_On_the_Ethereum_blockchain_structure_A_complex_networks_the
ory_perspective> accessed 15th July 2020.
30
either be of the type controlled by users or else another type controlled by smart contract code.
31
By having its own cryptocurrency, the Ether is the asset that fuels the Ethereum blockchain.
1.1.2 Efficiency
Another benefit of asset tokenisation is the possibility to trace the transactional history of the
asset and record a set of information concerning the asset in question and the entities interacting
with it.
32
This is bound to lead to higher levels of transparency. However, it should be noted that
certain information can only be as accurate as the data being inputted as this process involves
human interaction and, with the present technology, cannot easily be automated.
33
The possibility
to own a small fraction of an asset could become a reality as a tokenised asset can be divided into
digital slices – thus creating a new market segment for investors. Thus, an expensive asset will not
necessarily require a large investor or a group of larger investors but can instead be tokenised and
digital fractions of it offered to many small investors.
34
Another advantage is the speed at which
the transfer of ownership of tokenised assets can be performed which at best is practically
instantaneous.
35
This is well in contrast to the often bureaucratic procedures where middlemen
are involved.
1.1.3 Scalability
Asset tokenisation does not come without its challenges and these can influence the prospects of
the technology. DLT technology operates across computer networks and the devices connected to
those networks. Asset tokenisation is no exception and any hypothetical expansion of global STO
demands would have to be met by a corresponding increase in network size and number of
connected devices.
36
This is always a concern for any ICT system as the multiplication of networks
and devices in a given system invariably increases the costs and also the skills required to maintain
it. The latter may prejudice the stability of the system and make it prone to system failure as well
as increase the susceptibility to hacker attacks.
37
Any organisation needs to take the threat of
hacking seriously and those operating in the blockchain industry more so. A former key blockchain
industry player called Mt. Gox operated as a successful cryptocurrency exchange between the
31
ibid.
32
OECD Blockchain (n 23) 16.
33
ibid.
34
ibid 17.
35
ibid 18.
36
ibid 19.
37
ibid.
31
years 2010 to 2014, until it was the target of a major hacker attack that eventually led to its filing
for bankruptcy.
38
1.1.4 Cryptography
Cryptography is presently one of the cardinal components of DLT technology. Meanwhile,
quantum computing is slowly but surely gaining ground and cryptographic algorithms considered
robust under current technology would have nothing to offer by way of security if treated using a
quantum computer. This is not to say that cryptographic technology may not also evolve but it is
an important consideration given that an unsecure blockchain is practically of no use. On the other
hand, concerns surrounding anti-money laundering (‘AML’) and combating the financing of
terrorism (‘CFT’) has been steadily gaining momentum and certain characteristics of DLT-based
technologies, notably those offering user-anonymity, have come under fire in the AML/CFT race.
The Financial Action Task Force (‘FATF’) declared in an Interpretation Note to Recommendation 15
on New Technologies (INR. 15):
39
The threat of criminal and terrorist misuse of virtual assets is serious and urgent, and
the FATF expects all countries to take prompt action to implement the FATF
Recommendations in the context of virtual asset activities and service providers. […]
1.1.5 Decentralisation
The automation of intermediary services is having an impact on a substantial part of the financial
services industry. One of the topics for debate is to what extent will intermediary services be
wiped out in practice. In other words, even if in theory intermediation could be completely wiped
out, it could be the case that this will never happen because a total automation of intermediary
services would not be desirable. An important thing to note is that even if blockchain technology is
associated with decentralisation and the elimination of intermediaries, it is not to say that
intermediary services are consequently ruled out as in fact the use of a middleman in the
blockchain sphere is perfectly feasible and in certain cases may make more sense than having the
full automation of all intermediary services.
40
38
Jake Frankenfield, ‘Mt. Gox’ (Investopedia, 2nd February 2020) <www.investopedia.com/terms/m/mt-gox.asp>
accessed 15th July 2020.
39
‘Public Statement on Virtual Assets and Related Providers’ (2019) <www.fatf-
gafi.org/publications/fatfrecommendations/documents/public-statement-virtual-assets.html> accessed 16th July 2020.
40
OECD Blockchain (n 23) 25.
32
1.1.6 Speed of Transfer
It is easy to understand why tokenised assets can speedily be transferred from one owner to
another. The transfer of a tokenised asset is reduced to a computer transaction;
41
just as
nowadays money can be transferred from one account to another by means of a software
platform application. The quasi-instantaneous transfer of tokenised assets is seen as a benefit, but
it also means that as soon as the transfer of ownership is completed so too must all the necessary
payments be settled.
42
This is in stark contrast to what is witnessed presently where a transfer of
asset ownership initiated at a certain point in time will be delayed by various procedural
requirements along the way, and only afterwards will all the necessary payments fall due.
43
The
overall benefits of tokenised securities, such as transparency, efficiency, and speed could have the
effect of making the securities market more accessible both from the issuers’ and from the
investors’ point of view. This will expand the market, making it easier for issuers to release their
products and leave investors with a wider selection of products to choose from. Higher profits,
greater competition and better comparison tools should translate into a market with added
liquidity and lower prices.
44
1.2 Central Securities Depositories
The framework of a financial instruments market must include the use of central securities
depositories (‘CSDs’). In a nutshell, the purpose of CSDs is to ascertain there is a perfect
correlation between the security transactions executed in a given timespan (usually a day) and the
securities actually issued in the same period.
45
This prevents the illicit creation or deletion of
securities, whether intentionally or accidentally.
46
In the days when financial instruments were
originally represented by physical certificates as a proof of ownership, these were inefficient and
precarious.
47
Central depositories first started by filing these certificates in one place rather than
being held by investors themselves.
48
Eventually, the physical certificates held at the CSD were
dispensed with as they became replaced by digital entries in a computer database.
49
Just to show
41
ibid 26.
42
ibid.
43
ibid.
44
ibid 31.
45
‘Chapter 12: Central securities depositories’ (2018) <https://publications.banque-
france.fr/sites/default/files/media/2019/06/28/819029_livre_chapitre_12_en.pdf> accessed 17th July 2020 2.
46
ibid.
47
ibid 3.
48
ibid.
49
ibid.
33
how decentralised asset tokenisation can be – DLT technologies coupled with smart contracts
could recreate an automated version of the CSD registry.
50
This once again highlights the speed
and ease with which tokenised assets can be transferred – rather than going through a
bureaucratic CSD registry, the same procedure can be achieved by means of the DLT technology
characteristics of, inter alia, immutability and transparency and this in the time it takes a
microprocessor to crunch a series of binary digits.
51
This is still more true in theory than in practice
and it is not to say the presence of CSDs will not remain in existence for other political or social
reasons.
52
The powers of decentralisation of blockchain technology is a topic worthy of its own
study. It is true that certain bureaucratic bottlenecks can be automated and the benefits of cost
and efficiency as well as speed of transaction reaped. However, the concept that blockchain
technology can be self-regulating is far from the truth.
53
Different jurisdictions can take different
approaches but the possibility is that if all traditional securities products and services were put on
the blockchain, rather than having a plethora of intermediary services, there could instead be one
principle intermediary regulator – irrespectively of whether such principle intermediary regulator
could also be automated or not.
54
A case in point is the practice of fraud which never fails to exist
in the world of financial services. Fraudsters can be smart enough to be always a step ahead and
blockchain is no exception as new technologies may present novel ways to prevent former fraud
practices, but they may also open new fraud opportunities not previously envisioned.
55
The process of security tokenisation does not alter the underlying principles of trading
in securities. Technically, it is the use of DLT technologies to transfer tokenised securities’
ownership as, formerly, digital entries on a computer database had replaced the movement of
physical certificates from one owner to another. Legally, however, the step from digital entries to
tokenised assets may not be as neat as appears to the computer scientist.
56
It varies from one
jurisdiction to another, but whether tokenised securities are to be treated in the eyes of the law as
traditional securities has not been universally recognised.
57
It is not just a case of inertia of the
50
OECD Blockchain (n 23) 32.
51
ibid.
52
ibid 33.
53
ibid.
54
ibid.
55
ibid 34.
56
ibid 40.
57
ibid.
34
law, there are intrinsic economic considerations that may make tokenised securities different from
traditional ones. Regulation can help but it is no mean feat legislating for an innovative technology
that is still in evolution.
58
58
ibid.
35
CHAPTER 2: MAIN APPLICABLE EU LAWS AND EXISTING REGULATORY GAPS
Comprehending the EU regulation relevant to STOs is not a straightforward endeavour. Applying
existing rules and regulations to new technologies can create confusion and uncertainty which will
invariably need further clarification from the competent authorities. Litigation is an option where
a business concern seeks further clarification from the courts. However, for start-up businesses
the legal costs involved may be prohibitive. Besides, challenging the competent authorities may
prove to be futile. On the other hand, regulating a new technology is something the legislator may
choose not to do or be unable to do because of the pitfalls this entails. STO regulation within the
EU territory both at a supranational and national level presents a variety of statutes that can be
perplexing and yet is the reality of the current situation. EU institutions cannot legislate at a
supranational level as they please but only in the areas where competence has been conferred. At
what point will the EU institutions legislate in the DLT field at the level of a specific EU directive or
regulation is not clear but if the spread of blockchain technology is going to be slow but steady it
may eventually have to do so.
2.1 General Concepts
2.1.1 The Principle of Conferral
The principle of conferral is one of the cornerstones of the EU. It was officially spelled out in the
Consolidated Version of the Treaty on European Union (‘TEU’).
59
Article 4, paragraph 1 of the TEU
declares:
In accordance with Article 5, competences not conferred upon the Union in the
Treaties remain with the Member States.
Article 5, paragraphs 3 and 4 of the TEU declare:
3. Under the principle of subsidiarity, in areas which do not fall within its exclusive
competence, the Union shall act only if and in so far as the objectives of the
proposed action cannot be sufficiently achieved by the Member States […] but
can rather, by reason of the scale or effects of the proposed action, be better
achieved at Union level.
4. Under the principle of proportionality, the content and form of Union action
shall not exceed what is necessary to achieve the objectives of the Treaties.
59
[2012] OJ C326/13.
36
Therefore, before criticising the EU institutions for not doing enough to promote harmonisation in
the DLT technology sphere, it should first be considered whether there is a mandate by the MSs in
such a way as to constitute a conferral on the institutions to regulate at a supranational level.
2.1.2 Cassis de Dijon Principle
The Cassis de Dijon principle is an essential element of the Internal Market. The preliminary
reference ruling itself is a relatively old judgment, but it applies to the free movement of goods
and services and it would be expected this can be applied to the issuance of STOs. Delivered on
the 20th February 1979, Rewe-Zentral AG v Bundesmonopolverwaltung für Branntwein
60
(‘Cassis de
Dijon’) concerned the importation of an alcoholic beverage from France to the Federal Republic of
Germany.
61
Rewe-Zentral AG (‘Rewe’) was an undertaking established in Cologne, Germany.
62
It
applied to the Federal Monopoly Administration for Spirits (‘Bundesmonopolverwaltung’) for the
importation of the liqueur Cassis de Dijon – which application was rejected due to a mismatch in
the percentage alcoholic content of the liqueur and that of the minimum alcoholic percentage
permitted by German national law.
63
The applicant claimed this constituted a quantitative
restriction as stated in Article 30 of the Treaty establishing the European Economic Community,
64
(‘EEC Treaty’) – today Article 34 of the Consolidated version of the Treaty on the Functioning of
the European Union,
65
(‘TFEU’).
66
The court agreed with the applicant that the
Bundesmonopolverwaltung’s action was in breach of Article 30 of the EEC Treaty.
67
For the study
under review, it is worth noting that although the issuance of STOs, in conjunction with Article 56
TFEU, could theoretically benefit from the Cassis de Dijon principle, Article 36 TFEU declares:
The provisions of Article 34 and 35 shall not preclude prohibitions or restrictions on
imports, exports or goods in transit justified on grounds of public morality, public
policy or public security […]
The point is that MSs may seek to restrict innovative technology products, such as security tokens,
on the grounds of public policy or public security.
60
Case 120/78 ECLI:EU:C:1979:42.
61
ibid para 2.
62
ibid 651.
63
ibid para 2.
64
[1958].
65
[2012] OJ C 326/47.
66
Cassis de Dijon (n 60) para 4.
67
ibid 665.
37
2.1.3 Blockchain in Europe
The European Blockchain Partnership brings together the Member States of the EU and members
of the European Economic Area (‘EEA’) and is, inter alia, developing a European Blockchain
Services Infrastructure (‘EBSI’).
68
The European Blockchain Observatory and Forum is a
collaboration of the European Commission and European Parliament to boost innovation in the
field.
69
At this point, there is no sign of harmonisation at an EU level. MSs are encouraged to
benefit from the advantages blockchain technology has to offer but each country is free to be as
liberal or as conservative towards this relatively new technology as they think fit. As a matter of
fact, a practically different approach by each MS of the EU is being witnessed.
2.1.4 ESMA
Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November
2010 establishing a European Supervisory Authority (European Securities and Markets Authority)
[…]
70
(‘ESMA’) is a result of the High-Level Group on Financial Supervision in the EU (the de
Larosière Report).
71
The report was commissioned following the financial crisis of the late 2000s
and led to the creation of the European System of Financial Supervision (‘ESFS’) framework. One of
the main scopes of the authority is the fostering of investor protection. Article 9, paragraph 4 of
the regulation declares that ESMA,
shall establish […] a Committee on financial innovation, which brings together all
relevant competent national supervisory authorities with a view to achieving a
coordinated approach to the regulatory and supervisory treatment of new or
innovative financial activities […]
This is relevant to STO innovation since it is part of ESMA’s constitution to promote the
development of such technologies.
2.2 Table of Relevant EU Statutes
Table 2.1 below, gives the list of EU legislation identified as relevant to the issuance of STOs. Each
piece of legislation will be examined in further detail to understand what it consists of, how it may
be applied to STOs, and what gaps exist in their application to the innovation of security tokens.
68
‘Blockchain Technologies’ (European Commission) <https://ec.europa.eu/digital-single-market/en/blockchain-
technologies> accessed 9th July 2020.
69
ibid.
70
[…] amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC [2010] OJ L331/84.
71
2009.
38
Name of Legislation
Brief Description
Year of
Enactment
Applicability
Regulatory Gaps
AIFMD
[…] on Alternative Investment
Fund Managers […]72
2011
Security tokens forming
part of an alternative
investment fund
Only for transferable securities
admitted to trading on a regulated
market
AMLD 5
[…] on the prevention of the
use of the financial system for
the purposes of money
laundering or terrorist
financing […]73
2018
Definition of ‘virtual
currencies’ is broad
enough to encompass
security tokens
Specific AML/CFT challenges
CRD
[…] on consumer rights […]74
2011
14-day cooling-off
period for parties
contracting security
tokens acting at a
distance
Excludes security tokens subject to
price fluctuations within the
withdrawal period
CSDR
[…] on improving securities
settlement in the European
Union and on central securities
depositories […]75
2014
Security token trading
reported to CSDs
• Must fall under
definition of
‘transferable securities’
in MiFID II
• Incompatibility with
securities settlement
system
DMCFSD
[…] concerning distance
marketing of consumer
financial services […]76
2002
Complementing the CRD
Excludes security tokens subject to
price fluctuations within the
withdrawal period
E-Commerce
Directive
[…] on certain legal aspects of
information society services, in
particular electronic
commerce, in the Internal
Market […]77
2000
• STO issuers
as
information
society
service
providers
• Country of
origin rule
• contracts in
digital form
N/a
EMD 2
[…] on the taking up, pursuit
and prudential supervision of
the business of electronic
money institutions […]78
2009
Tokens as e-money
Must fall under definition of
‘electronic money’
MAR
[…] on market abuse […]79
2014
Market abuse in the
issuance/trade of
security tokens
• Must fall under MiFID II
definition of
‘transferable securities’
• Conflict between
territorial scope and
online security tokens
MiFID II
[…] on markets in financial
instruments […]80
2014
Security tokens as
transferable securities
Must fall under definition of
‘transferable securities’
Prospectus
Regulation
[…] on the prospectus to be
published when securities are
offered to the public or
admitted to trading on a
regulated market […]81
2017
Publication of a
prospectus by issuers of
STOs
• Must fall under
definition of
‘transferable securities’
in MiFID II
• Conflict between
territorial scope and
online STOs
PSD 2
[…] on payment services in the
internal market […]82
2015
Security tokens as e-
money offering payment
services
Must fall under definition of
‘electronic money’ in EMD 2
72
(n 95).
73
(n 103).
74
(n 121).
75
(n 116).
76
(n 124).
77
(n 147).
78
(n 161).
79
(n 88).
80
(n 86).
81
(n 108).
82
(n 166).
39
SFD
[…] on settlement finality in
payment and securities
settlement systems83
1998
Security tokens forming
part of a payment and
securities settlement
system
Must fall under definition of
‘’transferable securities’ in MiFID II
Transparency
Directive
[…] on the harmonisation of
transparency requirements in
relation to information about
issuers whose securities are
admitted to trading on a
regulated market […]84
2004
Transparency
requirements for issuers
of STOs
Must fall under definition of
‘transferable securities’ in MiFID II
UCITS IV
[…] on the coordination of
laws, regulations and
administrative provisions
relating to undertakings for
collective investment in
transferable securities […]85
2009
Security tokens as part
of an undertaking for
collective investment
Must fall under definition of
‘transferable securities’ in MiFID II
Table 2.1: EU legislation applicable to STOs and existing regulatory gaps
2.3 MiFID II
Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets
in financial instruments […]
86
and Regulation (EU) No 600/2014 (‘MiFIR’),
87
(collectively known as
‘MiFID II’) defines ‘transferable securities’ in Article 4, paragraph 1, point 44 as,
those classes of securities which are negotiable on the capital market, with the
exception of instruments of payment […]
Transferable securities are listed as financial instruments under MiFID II and this attaches specific
requirements to those undertakings dealing in financial instruments. Besides, financial
instruments may only be traded in the following recognised venues:
1) Regulated market. This is defined in Article 4, paragraph 1, point 21 of MiFID II as ‘a
multilateral system operated and/or managed by a market operator, which brings
together […] multiple third-party buying and selling interests in financial instruments […] in
a way that results in a contract […] which is authorised and functions regularly and in
accordance with Title III’ of MiFID II – Title III containing the relevant provisions to
‘Regulated Markets.’
2) Multilateral trading facility (‘MTF’). This is defined in Article 4, paragraph 1, point 22 of
MiFID II and is similar to a regulated market ‘operated by an investment firm or a market
operator’ and ‘results in a contract in accordance with Title II’ of MiFID II – Title II
83
(n 171).
84
(n 167).
85
(n 93).
86
[…] and amending Directive 2202/92/EC and Directive 2011/61/EU (recast) [2014] OJ L173/349.
87
Of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending
Regulation (EU) No 648/2012 [2014] OJ L 173/84.
40
containing the relevant provisions for the ‘Authorisation and Operating Conditions for
Investment Firms.’
3) Organised trading facility (‘OTF’). This is defined in Article 4, paragraph 1, point 23 of MiFID
II as ‘a multilateral system which is not a regulated market or an MTF and in which
multiple third-party buying and selling interests in bonds, structured finance products,
emission allowances or derivatives are able to interact in the system in a way that results
in a contract in accordance with Title II’ of MiFID II (see point 2 supra).
4) Systematic internaliser. This is defined in Article 4, paragraph 1, point 20 of MiFID II as ‘an
investment firm which […] deals on own account when executing client orders outside a
regulated market, an MTF or an OTF without operating a multilateral system[.]’
An investment firm is defined in Article 4, paragraph 1, point 1 of MiFID II as,
any legal person whose regular occupation or business is the provision of one or more
investment services to third parties and/or the performance of one or more
investment activities on a professional basis.
Investment firms must comply with the MiFID II requirements, including of
organisation under Articles 16 and 17, and of investor protection and information to
clients of Article 24.
For the issuance of an STO to be regulated by MiFID II, a security token would have to
qualify as a transferable security under the broader concept of a financial instrument. To be
negotiable on a capital market, as required by the definition of ‘transferable securities’, a security
token would have to possess the ability to be traded on any of the four recognised venues
mentioned supra. Therefore, MiFID II would not be applicable to STOs issued with the intent of
being traded on the blockchain, or some other innovative technology, so long as such novel
technologies do not possess the requisites to be recognised as an established capital market.
2.4 Market Abuse Regulation
Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on
market abuse (market abuse regulation) […]
88
(‘MAR’) often invokes the MiFID II definition of
‘transferable securities’ although it also contains a text-book definition of traditional ‘securities’ in
Article 3, paragraph 2 point (a). Security tokens that can be classified as financial instruments and
can be traded on a recognised venue could trigger the application of MAR. For example, insider
88
[…] and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives
2003/125/EC, 2003/125/EC and 2004/72/EC [2014] OJ L173/1.
41
dealing, which may be quintessential for start-up businesses issuing STOs to finance their projects,
would be prohibited under MAR. Insider dealing is understood in Article 8 MAR as,
aris[ing] where a person possesses inside information and uses that information by
acquiring or disposing of, for its own account or for the account of a third-party,
directly or indirectly, financial instruments to which that information relates. […]
The uncontainability of technology makes establishing territorial boundaries one of the
controversial bones of contention of internet-assisted technologies. DLT technology is distributed
because devices are spread apart and can use the networking power of the internet to
communicate almost instantaneously from one side of the planet to another. Jurisdictions operate
on the principle that what occurs within their territory is part of the forum. There are exceptions
to this concept but what occurs outside the territory of the forum is subject to legal uncertainty
despite international treaties and conventions. Article 2, paragraph 4 of MAR declares:
The prohibitions and requirements in this Regulation shall apply to actions and
omissions, in the Union and in a third country […]
In practice, it would be difficult to apply MAR to online security tokens originating from the EU
territory but being traded in a recognised venue located in a third country because it may not be
possible to enforce MAR in such situations.
2.5 Collective Investment Schemes (CISs)
2.5.1 Undertakings for Collective Investment in Transferable Securities (‘UCITS’)
and Alternative Investment Fund Managers Directive
Council Directive of 20 December 1985 on the coordination of laws, regulations and administrative
provisions relating to undertakings for collective investment in transferable securities (UCITS),
89
(the first UCITS Directive, ‘UCITS I’) describes UCITS in Article 1 sub-article 2 as:
• the sole object of which is the collective investment in transferable securities of
capital raised from the public and which operate on the principle of risk-
spreading, and
• the units of which are, at the request of holders, re-purchased or redeemed,
directly or indirectly, out of those undertaking’s assets. Action taken by a UCITS
to ensure that the stock exchange value of its units does not significantly vary
from their net asset value shall be regarded as equivalent to such re-purchase
on redemption.
89
85/611/EEC [1985] OJ L375/3.
42
The main purpose for the drafting and enactment of UCITS I was to create an investment fund
market at the European level as well as a supranational investor protection layer.
90
There are various reasons why security token issuers may want to engage in UCITS
activities. The fact UCITS are regulated at an EU level is one of them. Security token issuers setting
up UCITS will first apply in a particular MS. Following approval, the issuer may register to operate
in any other MS of the EEA. The good reputation of UCITS means they are considered respectable
investment funds including by nations outside the EEA, such as Asia and South America.
91
Also
consequent to their reputation, investors of UCITS face less rigorous due diligence measures.
92
A
depositary must be assigned with the custody of a UCITS fund, as established in Chapter IV
‘Obligations Regarding the Depositary’ of the fourth UCITS Directive (‘UCITS IV’).
93
In line with
Article 25 UCITS IV, a security token issuer shall not act as depositary, or vice versa.
UCITS IV provides the following definition of ‘transferable securities’:
i. shares in companies and other securities equivalent to shares in companies
(shares);
ii. bonds and other forms of securitised debt (debt securities);
iii. any other negotiable securities which carry the right to acquire any such
transferable securities by subscription or exchange[.]
This definition does not add anything new to that of a transferable security under MiFID II.
Therefore, it can be assumed that in order for a security token to form part of a collective
investment fund and benefit from the provisions of UCITS IV it must possess the properties of a
transferable security and have the ability to be traded only on a recognised venue. To engage in
UCITS activities, a security token issuer must have an initial capital of at least €125,000.
94
Directive 2011/61/EU of the European Union and of the Council of 8 June 2011 on
Alternative Investment Fund Managers […]
95
(‘AIFMD’) was a response of the EU institutions to the
90
Raina Pace, ‘A Maltese Study on the UCITS Framework and Investor Protection’ (BCom dissertation, University of
Malta 2017) 2.
91
‘UCITS Guide for asset managers’ (2019) Carne Group, 10 <www.carnegroup.com/wp-
content/uploads/2019/06/300004-CARNE-UCITS-GUIDE-V2.04.19.pdf> accessed 9th August 2020.
92
ibid.
93
Directive 2009/65/EC of the European Parliament and of the Council of July 2009 on the coordination of laws,
regulations and administrative provisions relating to undertakings for collective investment in transferable securities
(UCITS) (recast) [2009] OJ L302/32.
94
Art 7, para (a).
95
[…] and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No
1095/2010 [2011] OJ L174/1.
43
global financial crisis witnessed towards the end of the 2000s.
96
It forms an integral part of the
EU’s Capital Markets Union (‘CMU’) which aims to consolidate the MSs’ capital markets.
97
Since
the enactment of the AIFMD, the traffic of alternative investment funds (‘AIFs’) throughout the
MSs has significantly increased although compatibility issues still persist between one MS’s
regulatory system and another.
98
Recent developments have seen the enactment of Directive (EU)
2019/1160 of the European Parliament and of the Council of 20 June 2019 […] with regard to
cross-border distribution of collective investment undertakings,
99
and Regulation (EU) 2019/1156
of the European Parliament and of the Council of 20 June 2019 on facilitating cross-border
distribution of collective investment undertakings […].
100
An AIF has the same properties as UCITS but is regulated by a different directive. As
with UCITS, a STO licenced as an AIF in a particular MS may register to operate in any other MS of
the EEA – subject to compliance formalities of the jurisdiction hosting the AIF.
101
Article 9,
paragraph 1 AIFMD requires an internally managed AIF to have an initial capital of at least
€300,000; paragraph 2 requires an AIFM appointed as external manager of AIFs to have an initial
capital of at least €125,000. The directive does not define securities but it makes reference to
transferable securities admitted to trading on a regulated market and for all intents and purposes
can be assumed to apply the MiFID II definition to security tokens forming part of an alternative
investment fund.
2.6 Anti-Money Laundering Directive
The growing importance of AML rules and regulations has been noted supra. Under present EU
laws is Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on
the prevention of the use of the financial system for the purposes of money laundering or terrorist
financing […],
102
referred to as the fourth Anti-Money Laundering Directive (‘AMLD 4’) amended by
96
Report from the Commission to the European Parliament and the Council assessing the application and the scope of
Directive 2011/61/EU of the European Parliament and of the Council on Alternative Investment Fund Managers
COM(2020) 232 final, 3.
97
ibid 5.
98
ibid.
99
[…] amending Directives 2009/65/EC and 2011/61/EU [2019] OJ L188/106.
100
[…] and amending Regulations (EU) No 345/2013, (EU) No 346/2013 and (EU) No 1286/2014 [2019] OJ L188/55.
101
‘The Security Token Issuer’s Guide to Alternative Investment Funds (AIFs) in Malta’ (ICO Launch Malta)
<https://icomalta.com/the-security-token-issuers-guide-to-alternative-investors-funds-aifs-in-malta> accessed 8th
September 2020.
102
[…], amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive
2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC [2015] OJ l141/73.
44
Directive (EU) 2018/843
103
(the fifth Anti-Money Laundering Directive, ‘AMLD 5’). Directive (EU)
2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating
money laundering by criminal law
104
(the sixth Anti-Money Laundering Directive, ‘AMLD 6’) shall
become effective as of the 6th December 2020
105
and relevant institutions should implement its
provisions within the following six months. AMLD 4 does not apply to security tokens whereas
AMLD 5 extends to providers engaged in exchange services between virtual currencies and fiat
currencies as well as custodian wallet providers.
106
AMLD 6 flags the need of ad hoc AML measures
for virtual currencies.
107
Article 1, sub-article 2, point (a), romanette (ii), point (d) of AMLD 5 gives
the following definition of ‘virtual currencies’:
[A] digital representation of value that is not issued or guaranteed by a central bank or
a public authority, is not necessarily attached to a legally established currency and
does not possess a legal status of currency or money, but is accepted by natural or
legal persons as a means of exchange and which can be transferred, stored and traded
electronically[.]
Even if not specifically declared, this definition is broad enough to encompass security tokens.
Therefore, it can be assumed that security tokens do benefit from the provisions of the AMLD 5.
2.7 The Prospectus Regulation
The ranking of STOs as financial instruments gives rise to unprecedented assimilations between a
DLT-based technology and traditional pieces of legislation applicable to financial instruments. The
assimilation of Regulation (EU) 2017/1129
108
(‘the Prospectus Regulation’) to STOs has been one
of the hot topics in the ongoing blockchain debate. The assimilation of the Prospectus Regulation
is interesting for the topic under review for two reasons. Firstly, it is a traditional piece of
legislation and, therefore, does not assume any prerequisite knowledge of DLT technologies.
Secondly, it tackles one of the drawbacks of blockchain technology, which is the general lack of
knowledge that surrounds a complex, innovative technology. This lack of knowledge creates
problems both for the STO issuer who may be faced with the distrust of the public to acquire
103
Of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the
prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and
amending Directives 2009/138/EC and 2013/36/EU [2018] OJ L56/43.
104
[2018] OJ L284/22.
105
Art 13(1) AMLD 6.
106
Recital 8 AMLD 5.
107
Recital 6 AMLD 6.
108
Of the European Parliament and of the Council of 14 June 2017 on the prospectus to be published when securities
are offered to the public or admitted to trading on a regulated market, and repealing Directive 2003/71/EC [2017] OJ
L168/12.
45
crypto assets; and for the investor, who may be the victim of a scam or a bad investment due to
not knowing better.
The Prospectus Regulation requires the publication of a prospectus by issuers of
securities. It replaces the former Prospectus Directive, implemented in 2003.
109
The scope of the
Prospectus Regulation as described in Article 1, paragraph 1 is to,
[lay] down requirements for the drawing up, approval and distribution of the
prospectus to be published when securities are offered to the public or admitted to
trading on a regulated market situated or operating within a Member State.
The Prospectus Regulation seeks to make the issuance of securities more user-friendly for issuers
while providing more relevant information for investors.
110
The definition of ‘securities’ in the
Prospectus Regulation is that of ‘transferable securities’ in MiFID II and therefore only security
tokens tradable on a regulated market are allowed. An STO issuer interested in publishing a
prospectus must choose from the following three types:
1) The universal registration document (‘URD’), as outlined in Article 9, paragraph 1 of the
Prospectus Regulation:
Any issuer whose securities are admitted to trading on a regulated market or an MTF
may draw up every financial year a registration document […] describing the
company’s organisation, business, financial position, earnings, and prospectus,
governance and shareholding structure.
2) A simplified prospectus, as outlined in Article 14, paragraph 1 of the Prospectus Regulation:
The following persons may choose to draw up a simplified prospectus under the
simplified regime for secondary issuances […]:
a) issuers whose securities have been admitted to trading on a regulated market or
on an SME [small and medium-sized enterprises] growth market continuously for
at least the last 18 months and who issue securities fungible with existing
securities which have been previously issued.
b) issuers whose equity securities have been admitted to trading on a regulated
market or an SME growth market continuously for at least the last 18 months
and who issue non-equity securities;
c) offerors of securities admitted to trading on a regulated market on an SME
growth market continuously for at least the last 18 months.
3) A growth prospectus, as outlined in Article 15, paragraph 1 of the Prospectus Regulation:
The following persons may choose to draw up an EU Growth prospectus under the
proportionate disclosure regime […]:
109
Directive 2003/71/EC of the European Parliament and of the Council of 4 November 2003 on the prospectus to be
published when securities are offered to the public or admitted to trading and amending Directive 2001/34/EC [2003]
OJ L345/64.
110
Tom Fagernäs, Joel Kanervo, Gabriel Núñez and Andrés Alcalá, ‘The Why and How of the New European Union
Prospectus Regulation’ (2019) 20 Business L Intl 5, 8.
46
a) SMEs;
b) issuers […] whose securities are traded […] on an SME growth market, provided those
issuers had an average market capitalisation of less than EUR 500 000 000 […];
c) issuers […] where the offer of securities to the public is of a total consideration in the
Union that does not exceed EUR 20 000 000 calculated over a period of 12 months […],
d) offerors of securities issued by issuers referred to in points (a) and (b).
The simplified prospectus is an example of issuer user-friendliness by permitting
secondary issuances to take advantage of a less laborious format. Another thing is the URD can be
used for multiple securities issuances rather than having to draw up a different URD for each type
of securities. In a nutshell, the issuances of STOs under this format will consist of three documents:
(i) the URD, of which an STO issuer only needs to maintain one; (ii) a specific securities note; and
(iii) a summary note. Therefore, documents (i), (ii) and (iii) together can be submitted by the STO
issuer as the prospectus seeking approval from the competent authority. An STO issuer will be
exempt from the provision of the Prospectus Regulation where:
• the STO will raise less than €1 million in a year;
111
• the STO is offered to less than 150 people in a year;
112
• an STO with a unit denomination of at least €100,000;
113
Also, a particular MS may choose to exempt STOs raising up to less than €8 Million in a year.
114
STOs would more likely be available online meaning they would technically be offered
in any part of the world where the website is accessible. This creates a conflict between
Commission Delegated Regulation (EU) 2019/980,
115
Annex 28, point 3 which requires the
prospectus to specify the ‘[c]ountry[ies] where the offer(s) to the public takes place.’ Thus, in the
case of STOs made in the online context it is counterproductive to try to limit the territorial scope
of the offer. A solution to this problem, from an EU perspective, would be to inform the
competent authority of every MS to which the online STO applies about the prospectus to be
published. Also, Article 7, paragraph 7, point (b) of the Prospectus Regulation requires that in the
prospectus summary it be identified ‘all markets where the securities are or are to be traded.’ In
111
Art 1, para 3 Prospectus Regulation.
112
ibid art 1, para 4, point (b).
113
ibid art 1, para 4, point (c).
114
ibid art 3, para 2, point (b).
115
Of 14 March 2019 supplementing Regulation (EU) 2017/1129 of the European Parliament and of the Council with
regard to regulatory technical standards on key financial information in the summary of a prospectus, the publication
and classification of prospectuses, advertisements for securities, supplements to a prospectus, and the notification
portal, and repealing Commission Delegated Regulation (EU) No 382/2014 and Commission Delegated Regulation (EU)
2016/301 [2019] OJ L166/1.
47
the case of an online STO the issuer would need the option to omit the provision of such
information.
2.8 CSDR
Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on
improving securities settlement in the European Union and on central securities depositories
[…]
116
(the Central Securities Depositary Regulation, ‘CSDR’) forms part of the ensuing reforms
witnessed at an EU level in response to the global financial crisis that affected various parts of the
world, including the European territory.
117
The CSDR creates a harmonised cross-border playing
field for the MSs’ CSDs. As a result, all the MS CSDs must adhere to the same stringent rules of
procedure.
118
Failure to comply with these rules of procedure will result in sanctions against the
concerned CSD MS.
119
Noteworthy for the study under review is Article 3, paragraph 2 CSDR which
dictates that:
Where a transaction in transferable securities takes place on a trading venue the
relevant securities shall be recorded in book-entry form in a CSD on or before the
intended settlement date […].
The CSD debate is one of the linchpin arguments surrounding STO innovation. Caution would
militate in favour of preserving the role of the CSD and, hence, against the adoption of security
tokens that will disrupt the long history of traditional CSDs. Yet, the writing is on the wall that the
role of CSDs must change even if it is agreed, as many argue, that their presence cannot and will
not be wiped out. Article 2, paragraph 1, point 11 of the CSDR considers the possibility of a
‘settlement internaliser’ that ‘executes transfer orders on behalf of clients or on its own account
other than through a securities settlement system.’ Essentially, the argument is not whether CSD
functions should or should not be automated but that they be automated in a way that preserves
the public safety and security measures which form part of any respectable CSD. However, there
is also in the CSDR an intrinsic propensity towards centralisation that seems to defeat the ability of
introducing decentralising innovative technologies. It is believed the settlement internaliser option
offers a good potential for STO expansion, but it is still not adequately clear how this is to be
reconciled with such provisions of the CSDR as Article 3, paragraph 2 quoted supra.
116
[…] and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 [2014] OJ L257/1.
117
‘Central Securities Depository Regulation (CSDR): Preparing for a New Settlement Regimen’ (2018) Broadridge, 3
<www.broadridge.com/_assets/pdf/broadridge-csdr-wp-october2018.pdf> accessed 15th August 2020.
118
ibid.
119
Art 63 CSDR.
48
CHAPTER 3: ANCILLARY APPLICABLE EU LAWS AND EXISTING REGULATORY
GAPS
The Prospectus Regulation is one of the pieces of EU legislation often associated with STOs, yet if
one is to dig into the piles of EU laws other examples are to be found. These legal instruments
were not drafted with DLT technologies in mind and the extent of their application to STOs is still
being debated. From this perspective, STOs give the impression of a legal catch causing these
pieces of EU law to apply to DLT technologies – at least, with the limitations noted in this study.
This is not against the will of the EU institutions given their efforts to promote blockchain
technology,
120
and confirmed by the fact ESMA, as the relevant competent authority, could have
released a statement forbidding STOs – which it has not done. Besides the principle of conferral
argument, the perils of legislating in the ICT sphere may be overriding. That is to say, the EU
institutions would choose not to legislate specifically in the field of DLT technologies but allow
traditional legal instruments to grow around these technologies. ‘A rolling stone gathers no moss’
– and rising technologies that have a short lifespan will not exist long enough to allow traditional
legal instruments to grow around them. Therefore, one could hypothesize the situation were the
survival of innovative technologies depends, in part, on their ability to assimilate with traditional
laws. An example of this would be ICOs whose popularity rose and then waned again, inter alia,
due to legal uncertainties surrounding them.
The technology of STOs began to ride on the former popularity of ICOs because STOs
found their own legal space ab initio. This turns the tables upside-down for the computer scientist,
who instead of working against the legal current hoping to divert its course; instead rides on the
legal flow and uses it to carry the technology to new heights. A new technology that assimilates
with traditional legal instruments – if it is not forbidden from doing so – has the juridical potential
to grow. Whether the technology continues to expand will then depend on other factors, such as
the ease with which it can be taken up by the public and whether it is superseded by more
innovative technologies. If a new technology that ab initio has legal ground can stand the test of
time; it would eventually influence the legal instruments it is riding (or attempting to ride) on to
the extent where subsequent drafted amending or replacing laws will incorporate the new
technology. If the success of the innovative technology is such as to become a part of society, it is
possible to project a situation where the technology will replace the traditional objects of society.
120
See s 2.1.3.
49
In this scenario, the technologies in question would have come full-circle and be the legal standard
rather than the exception. This is not to say all innovative technologies have to go through this
cycle but with new technologies sprouting like mushrooms, it is more realistic to envision this
hypothesis rather than that the legislator will regulate every new technology to hit the market.
3.1 The Right of Withdrawal
3.1.1 Consumer Rights and Distance Marketing of Consumer Financial Services Directives
Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on
consumer rights […]
121
(Consumer Rights Directive, ‘CRD’) was preceded by a Green Paper on the
Review of the Consumer Acquis.
122
One of the salient features of the CRD is the right of
withdrawal (aka the cooling-off period):
123
[T]he consumer shall have a period of 14 days to withdraw from a distance or off-
premises contract, without giving any reason, and without incurring any costs […]
In other words, where the contracting parties are acting at a distance, each party may unilaterally
undo the contract without suffering any consequences for up to 14 days from when the contract
was agreed to. The fourteen-day right of withdrawal is important enough to merit another
directive specifically for parties contracting financial services that are acting at a distance from
each other. Directive 2002/65/EC of the European Parliament and the Council of 23 September
2002 concerning distance marketing of consumer financial services […]
124
(Distance Marketing of
Consumer Financial Services Directive, ‘DMCFSD’) complements the Consumer Rights Directive.
Pacta sunt servanda (which translates to ‘agreements must be kept’) is a fundamental
principle of contract law. Basically, what it means is a written agreement validly consented to by
the parties has the force of law. Other than attacking the validity of the written agreement,
consenting parties have the obligation to fulfil the contents of the written agreement and, except
by mutual consensus, one party can enforce the fulfilment of the contract on the other party in a
court of law. The right of withdrawal does away with the pacta sunt servanda principle for the
fourteen-day cooling-off period.
121
[…], amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the
Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the
Council [2011] OJ L304/64.
122
[2007] COM(2006) 744 final.
123
Art 9 CRD.
124
[…] and amending Council Directive 90/619/EEC and Directives 97/7/EC and 98/27/EC [2002] OJ L271/16.
50
For example, in Heininger
125
the Sixth Chamber of the Court of Justice of the European
Union (‘CJEU’) was questioned on the interpretation of, inter alia, Council Directive 85/577/EEC of
20 December 1985 to protect the consumer in respect of contracts negotiated away from business
premises,
126
now repealed by the CRD.
127
The applicants, Mr and Mrs Heininger, had agreed to the
terms and conditions of a loan from the bank.
128
The applicants subsequently made a request to
the bank for the cancellation of the loan agreement.
129
They complained the loan agreement had
been concluded at their residence by means of an agent not directly employed by the bank and
who had never informed them of their right of withdrawal.
130
The Munich Regional Court of the
Federal Republic of Germany and the Munich Higher Regional Court turned down the Heiningers
request.
131
The German Federal Court of Justice (‘Bundesgerichtshof’) sought a request for a
preliminary ruling from the CJEU.
132
The Sixth Chamber confirmed the application of Council
Directive 85/577/EEC to the issue at hand and that the agent in question was under the duty to
inform the applicants of the cooling-off period.
133
Since the agent had omitted to do so, the
cooling-off period never commenced and the applicants were entitled to cancel the loan
agreement.
134
However, KH v Sparkasse Südholstein (‘KH’),
135
should also be noted. It concerned
certain loan agreements entered between KH, an individual, and Sparkasse Südholstein
(‘Sparkasse’).
136
The terms and conditions of the contract permitted the initial interest rate to be
reviewed after a certain length of time.
137
In 2008, the two parties communicated remotely to
settle an updated interest rate but Sparkasse did not mention KH’s right of withdrawal.
138
In 2015,
KH communicated to Sparkasse his intention to withdraw from the loan agreement on the basis of
the right of withdrawal which not having been communicated had never started the cooling-off
period.
139
The question ended in the Regional Court, Kiel, Germany (‘Landgericht Kiel’) which then
125
Case C-481/99 [2001] ECLI:EU:C:2001:684.
126
[1985] OJ L372/31.
127
Heininger (n 125) para 1.
128
ibid para 16.
129
ibid para 17.
130
ibid.
131
ibid para 19.
132
ibid para 24.
133
ibid 9986.
134
ibid 9987.
135
C-639/18 [2020] ECLI:EU:C:2020:477.
136
ibid.
137
ibid.
138
C-639/18 KH v Sparkasse Südholstein [2020] ECLI:EU:C:2020:206, Opinion of AG Sharpston, para 21.
139
ibid para 22.
51
sought the reference for a preliminary ruling from the CJEU.
140
The conclusion of the First
Chamber was that the said interest rate modification was not to be considered as a separate
financial services distance contract.
141
Article 2, point (b) DMCFSD defines a financial service as ‘any service of a banking,
credit, insurance, personal pension, investment or payment nature;’ Article 2, point (a) DMCFSD
defines a distance contract as:
[A]ny contract concerning financial services concluded between a supplier and a
consumer under an organised distance sales or service provision scheme run by the
supplier, who, for the purpose of that contract, makes exclusive use of one or more
means of distance communication up to and including the time at which the contract is
concluded;
and Recital 15 of the DMCFSD complements the definition of a distant contract as being ‘those the
offer, negotiation and conclusion of which are carried out at a distance.’
Due to the digital nature of STOs it is highly probable they would thrive online,
particularly if the regulatory obstacles of decentralisation and disintermediation were to be
overcome. Considering online STOs would fit under the definition of financial services contracted
at a distance it is assumed STO investors can avail themselves of the provisions of the CRD and
DMCFSD. However, Article 16, point (b) CRD also declares the right of withdrawal shall not apply
to,
the supply of goods or services for which the price is dependent on fluctuations in the
financial market which cannot be controlled by the trader and which may occur within
the withdrawal period[.]
Security tokens traded online are subject to price fluctuations within the withdrawal period that
are beyond the control of the trader and, therefore, this will exclude the parties to the contract
from availing themselves of the right of withdrawal. On the other hand, the issuance of an online
STO not subject to price fluctuations within the withdrawal period that are beyond the control of
the issuer would be a prime example where the right of withdrawal may be availed of by the
contracting parties.
140
ibid para 1.
141
KH (n 138).
52
The right of withdrawal in the distance contracting of traditional securities was tested
in the Italian courts. In Judgment No. 201 of the Ancona Court of Appeal,
142
an investor contracted
securities at the distributor of a bank acting in representation of a company’s securities
issuance.
143
It turned out the company issuing securities defaulted and the investor sought to
annul the contract because it was signed at a distributor of the bank, therefore off-premises, and
s/he was not informed at the time of signing about the right of withdrawal. The investor’s claim
was turned down by the court because it did not agree the bank’s distributor could be considered
off-premises.
144
Like the KH case supra, Judgment No. 403 of the Court of Bolzano,
145
concerned
the disclosure of the right of withdrawal in subsequent iterations of a contract.
146
The court
agreed the parties contracted at a distance but considered it sufficient for an investor to be
informed of the right of withdrawal at the point of agreeing to contract securities without
requiring once again disclosure at the time of confirming the same agreement.
3.2 E-Commerce Directive
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain
legal aspects of information society services, in particular electronic commerce, in the Internal
Market (Directive on electronic commerce),
147
(the E-Commerce Directive, ‘ECD’) was the first
effort of its kind at a supranational European Community level.
148
The uncontainable nature of the
internet called for regulation in the sphere at a supranational level.
149
Article 2, point (a) of the
ECD defines ‘information society service’ (‘ISS’) as follows:
[A]ny service normally provided for remuneration, at a distance, by electronic means
and at the individual request of a recipient of services.
The term ‘at a distance’ as used here is that understood in Directive 98/48/EC
150
Article 1,
paragraph 2, meaning that ‘the service is provided without the parties being simultaneously
present.’ As with the CRD and the DMCFSD, this can be applied to online STOs since issuers are
142
[2016].
143
‘Two important Italian rulings on right to withdraw from securities transactions’ (Allen & Overy, 18th July 2016)
<www.allenovery.com/en-gb/global/news-and-insights/publications/two-important-italian-rulings-on-right-to-
withdraw-from-securities-transactions> accessed 8th September 2020.
144
ibid.
145
[2016].
146
Allen & Overy (n 143).
147
[2000] OJ L178/1.
148
Youseph Farah, ‘Electronic Contracts and Information Society Services under the E-Commerce Directive’ (2009) J of
Internet L 3, 3.
149
ibid.
150
Of the European Parliament and of the Council of 20 July 1998 amending Directive 98/34/EC laying down a
procedure for the provision of information in the field of technical standards and regulations [1998] OJ L217/18.
53
providing a service through electronic means where the contracting parties are at a distance from
each other. In such event, the issuance and trading of security tokens can be considered an ISS and
benefit from the provisions of the ECD.
3.2.1 Country of Origin Rule
The ECD uses a form of ‘country of origin’ rule that it refers to as a ‘coordinated field.’ It is defined
in Article 2, point (h) ECD. This is to be read in conjunction with Article 3 ECD:
1. Each Member State shall ensure that the information society services provided
by a service provider established on its territory comply with the national
provisions applicable in the Member State in question which fall within the
coordinated field.
2. Member States may not, for reasons falling within the coordinated field,
restrict the freedom to provide information society services from another
Member State.
[…]
These provisions apply to goods or services provided by electronic means.
151
Particularly relevant
to the issuance and trading of security tokens are also the exceptions listed in the Annex of the
ECD, as following:
152
• copyright, neighbouring rights, and certain other intellectual and industrial
property rights;
• the emission of electronic money by certain financial institutions;
• certain provisions of EC [European Community] securities law and insurance
law;
• the freedom of parties to choose the law applicable to their contract;
• contractual obligations concerning consumer contracts;
• the formal validity of real estate contracts where such contracts are subject to
formal requirements in the Member State where the real estate is situated; and
• the permissibility of unsolicited commercial communications by electronic mail.
Under the assumption that security token issuance and trading activities qualify as ISS, their
issuers and traders should benefit from the country of origin rule by arguing that a STO validly
formed under the jurisdiction of one MS could not be restricted from providing services in another
MS by, for example, having to be licensed once again in the other jurisdiction. However, it may be
the case that MSs may seek to prevent the trading of security tokens by applying any of the
restrictions listed supra.
151
Art 2(h)(ii) ECD.
152
Mark F. Kightlinger, ‘A Solution to the Yahoo! Problem? The EC E-Commerce Directive as Model for International
Cooperation on Internet Choice of Law’ (2003) 24 Michigan J of Intl L 719, 735.
54
3.2.2 Contract Forms
Article 9 of the ECD requires MSs to make the validity of contracts in electronic format as
standard. Even in the current digital age, the form of a contract is a fundamental element to a
particular jurisdiction such that a contract lacking the stipulated form will lead to its nullity.
153
STOs would be expected to make use of technological forms of contracting, including the use of
smart contracts.
154
Could these innovative forms of contracting lead to the invalidity of an
otherwise valid contract involving security tokens? Although it should not be taken for granted,
the digital revolution has either caused the legislator to intervene and make contract forms
acceptable in their digital version or, in other cases, the courts have taken a more flexible
approach towards otherwise valid digital contracts that have not yet been specifically recognised
by the legislator.
155
In a judgment of the US District Court, In re RealNetworks,
156
the plaintiffs
brought an action against RealNetworks, a software developing company, alleging its products
allowed RealNetworks to access users’ data without prior consent.
157
The company’s License
Agreement stated such action needed to be resolved by arbitration, however one of the plaintiffs
raised additional arguments opposing the order to have the action so resolved.
158
The defendant’s
software products may be freely downloaded but before installation the user must accept the
company’s digital License Agreement.
159
The intervening plaintiff’s opposition included that the
License Agreement was not a ‘writing.’
160
The US District Court quoted authoritative definitions of
the word ‘writing’ or ‘written’ and came to the conclusion that a License Agreement in electronic
format constitutes a ‘writing.’
3.3 Electronic Money Directive and Payment Services Directive
Directive 2009/110/EC of the European Union and of the Council of 16 September 2009 on the
taking up, pursuit and prudential supervision of the business of electronic money institutions
[…]
161
(the second Electronic Money Directive, ‘EMD 2’) governs the commercial activity of issuing
electronic money (‘e-money’). The definition of e-money is given in Article 2, point 2 of EMD 2:
153
Farah (n 148) 8.
154
See s 1.1.1.
155
Farah (n 148) 8.
156
No. 00 C 1366, 2000 WL 631341 (N.D. Ill. May, 8, 2000).
157
ibid.
158
ibid.
159
ibid.
160
ibid.
161
amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC [2009] OJ L267/7.
55
‘[E]lectronic money’ means electronically, including magnetically, stored monetary
value as represented by a claim on the issuer which is issued on receipt of funds for
the purpose of making payment transactions […], and which is accepted by a national
or legal person other than the electronic money issuer[.]
According to the European Banking Authority’s (‘EBA’) interpretation of this definition, a token
would be considered e-money if it,
162
a. is electronically stored;
b. has monetary value;
c. represents a claim on the issuer;
d. is issued on receipt of funds;
e. is issued for the purpose of making payment transactions;
f. is accepted by persons other than the issuer.
Therefore, if a proposed security token issuance satisfies the definition of electronic
money, an authorisation for the issuer as an electronic money institution would be required
(unless a relevant exemption is available)
163
. To be granted authorisation under the EMD 2 to act
as an electronic money institution, a security token issuer would have to apply to the national
competent authority (‘NCA’). The issuer can first apply for the license and if approved by the NCA,
the STO issuer may allocate the initial capital afterwards, up to six months from the approval of
the licence.
164
The minimum equity capital cannot be less than €350,000.
165
As a licenced
electronic money institution, an STO issuer may apply for authorisation to provide payment
services under Directive (EU) 2015/2366
166
(the second Payment Services Directive, ‘PSD 2’). An
STO issuer granted authorisation as a payment institution, inter alia, under Annex I, point 5 PSD 2
‘Issuing of payment instruments and/or acquiring of payment transactions,’ shall be required to
hold capital that is at no time less than €125,000.
3.4 Transparency Directive
Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the
harmonisation of transparency requirements in relation to information about issuers whose
162
‘Report with advice for the European Commission: on crypto-assets’ (2019) EBA Report, 13
<https://eba.europa.eu/sites/default/documents/files/documents/10180/2545547/67493daa-85a8-4429-aa91-
e9a5ed880684/EBA%20Report%20on%20crypto%20assets.pdf?retry=1> accessed 8th September 2020.
163
Art 9 EMD 2.
164
‘Licensing of payment and e-money institutions in EU’ (Ecovis, 1st July 2016) <https://ecovis.lt/licensing-of-
payment-and-e-money-institutions-in-eu> accessed 8th September 2020.
165
Art 4 EMD 2.
166
Of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market,
amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing
Directive 2007/64/EC [2015] OJ L337/35.
56
securities are admitted to trading on a regulated market […]
167
(the Transparency Directive, ‘TD’),
amended in 2013 by Directive 2013/50/EU,
168
declares in Article 1, paragraph 1 that its scope is:
[To establish] requirements in relation to the disclosure of periodic and ongoing
information about issuers whose securities are already admitted to trading on a
regulated market situated or operating within a Member State.
The TD should be read in the light of Commission Directive 2007/14/EC of 8 March 2007 laying
down detailed rules for the implementation of certain provisions of Directive 2004/109/EC […];
169
and Commission Recommendation of 11 October 2007 on the electronic network of official
appointed mechanisms for the central storage of regulated information referred to in Directive
2004/109/EC […].
170
The definition of ‘securities’ given in the Transparency Directive refers to that
of ‘transferable securities’ in what today is MiFID II and therefore only security tokens tradable on
regulated markets would fall under the provisions of this directive.
3.5 SFD
Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement
finality in payment and securities settlement systems,
171
(the Settlement Finality Directive, ‘SFD’)
was drafted in order to aid in avoiding the systemic risks that come with forming part of a
payment and securities settlement system, especially in the event of one of the participants facing
insolvency.
172
Settlement finality is understood in the financial industry as the point at which a
transaction made over a payment channel becomes irreversible, notwithstanding situations such
as the bankruptcy of any of the parties to the transaction.
173
In the context of security tokens,
settlement finality is achieved by way of the Byzantine Fault Tolerance (‘BFT’) protocol.
174
This is
the point at which two-thirds of the nodes in the blockchain reach consensus – this is in essence, a
167
[…] and amending Directive 2001/34/EC [2004] OJ L390/38.
168
Of the European Parliament and of the Council of 22 October 2013 amending Directive 2004/109/EC of the
European Parliament and of the Council on the harmonisation of transparency requirements in relation to information
about issuers whose securities are admitted to trading on a regulated market, Directive 2003/71/EC of the European
Parliament and of the Council on the prospectus to be published when securities are offered to the public or admitted
to trading and Commission Directive 2007/14/EC laying down detailed rules for the implementation of certain
provisions of Directive 2004/109/EC [2013] OJ L294/13.
169
[…] on the harmonisation of transparency requirements in relation to information about issuers whose securities
are admitted to trading on a regulated market [2007] OJ L69/27.
170
[…] of the European Parliament and of the Council (notified under document number C(2007) 4607) [2007] OJ
L267/16.
171
[1998] OJ L166/45.
172
‘Settlement Finality Directive notifications’ (European Union Open Data Portal, 28th June 2017)
<https://data.europa.eu/euodp/data/dataset/SFD> accessed 15th August 2020.
173
Mels Dees, ‘Settlement finality in DLT for digital securities.’ (Medium, 27th March 2019)
<https://medium.com/dusk-network/settlement-finality-in-dlt-489b7dffe713> accessed 7th September 2020.
174
ibid.
57
probabilistic rather than absolutely final approach.
175
The definition of ‘securities’ in SFD refers to
section B of the Annex to Directive 93/22/EEC,
176
later repealed by Directive 2004/39/EC of the
European Parliament and of the Council of 21 April 2004 on markets in financial instruments, in
turn repealed by MiFID II.
177
Therefore, only security tokens tradable on regulated markets would
fall under the provisions of this directive.
175
Ki Chong Tran, ‘What is Byzantine Fault Tolerance (BFT)?’ (Decrypt, 5th June 2019)
<https://decrypt.co/resources/byzantine-fault-tolerance-what-is-it-explained> accessed 7th September 2020.
176
Of 10 May 1993 on investment services in the securities field [1993] OJ L141/27.
177
[…] amending Council Directives 85/611/EEC and 93/6/EEC and Directive 2000/12/EC of the European Parliament
and of the Council and repealing Council Directive 93/22/EEC
58
CHAPTER 4: STO REGULATION IN MALTA, GERMANY, AND FRANCE
4.1 Malta
4.1.1 Malta Financial Services Authority
The Virtual Financial Assets Act, Chapter 590 of the Laws of Malta (the ‘VFA Act’) was enacted on
the 1st November 2018. It forms part of the government’s efforts to promote the ‘Blockchain
Island’ brand and, more technically, involves the merging of Professional Investor Funds (‘PIFs’)
with the innovation of crypto assets.
178
The main form of regulation of funds in Malta is through
the Investment Services Act of 1994 (the ‘ISA’).
179
The activities of fund managers are licensed and
supervised under the ISA. The Malta Financial Services Authority (the ‘MFSA’) is the sole financial
regulator of the island state. Besides the ISA, PIFs are also governed by the MFSA’s Investment
Services Rules for Professional Investor Funds.
180
PIFs are a watered-down version of UCITS and
AIFs,
181
being less rigorously regulated and requiring a minimum investment of €100,000.
182
The
MFSA’s ‘Discussion Paper on Initial Coin Offerings, Virtual Currencies and Related Service
Providers’ issued on the 30th November 2017,
183
subdivided virtual currencies into coins and
tokens and further distinguished tokens into either securitised or utility.
184
The discussion paper
defines ‘securitised tokens’ as,
185
those embedding either underlying assets (akin to commodities) or rights (e.g. quasi-
equity rights) and effectively refer to those tokens that qualify as financial instruments.
The partial or total lack of crypto asset regulation is regrettable leading in turn to
abuse of the system, not only in Europe but worldwide. For example, in a 2018 Press Release of
the US Securities and Exchange Commission, a court order was obtained against Titanium
Blockchain Infrastructure Services Inc. for running a fraudulent ICO scheme.
186
A similar Press
Release also of 2018 was published in respect to Tomahawk Exploration LLC for running a
178
Christopher P. Buttigieg and Christos Efhymiopoulos, ‘The regulation of crypto assets in Malta: The Virtual Financial
Assets Act and beyond’ (2019) 13 L and Financial Markets Rev 30, 32.
179
Chapter 370 of the Laws of Malta.
180
2015 <www.mfsa.mt/wp-content/uploads/2019/01/001_ISR_PIF-Introduction_20150618.pdf> accessed 22nd
August 2020.
181
See s 2.5.
182
‘Investment services rules for qualifying Professional Investor Funds Part A: The application process’ (2020) MFSA,
Rule 3.09 <www.mfsa.mt/wp-content/uploads/2019/01/20180129_VCFunds_PIFs_PartA.pdf> accessed 22nd August
2020.
183
MFSA Ref: 08-2017 <www.mfsa.mt/wp-content/uploads/2018/12/20171130_DiscussionPaperVCs.pdf> accessed
22nd August 2020.
184
ibid 3.
185
ibid 4.
186
2018-94.
59
fraudulent oil exploration ICO fund.
187
The VFA Act seeks to regulate the public offering of virtual
financial assets (‘VFAs’) which it defines in Article 2, sub-article 2 as:
[A]ny form of digital medium recordation that is used as a digital medium of exchange,
unit of account, or store of value and that is not:
a) electronic money;
b) a financial instrument; or
c) a virtual token[.]
The MFSA purviews the VFA Act in collaboration with the Malta Digital Innovation Authority
(‘MDIA’) established by the MDIA Act enacted on the 15th July 2018.
188
The intrinsic volatility of
crypto assets make them vulnerable to crime and is a major stumbling block for the transition
from traditional to crypto assets. So long as investors fear their DLT investments will unexpectedly
disappear into the digital abyss the blockchain revolution will not occur. The Innovative
Technology Arrangements and Services Act (the ‘ITAS Act’),
189
calls for the engagement of suitably
qualified persons registered with the MDIA to verify the robustness of an innovative technology
arrangement.
190
4.1.1.1 Financial Instrument Test
Following the enactment of Malta’s blockchain statutes package, the MFSA thought it wise to
distinguish between financial services as falling under MiFID II and those caught by the VFA Act.
This was dubbed the Financial Instrument Test (‘FIT’), see Diagram 4.1 below, and it is relevant to
the study under review since one of the objectives of STOs is to be regarded as financial
instruments despite having properties of an innovative technology. The FIT wants to determine if a
DLT-enabled asset falls under (i) the VFA Act, (ii) conventional financial services regulation, and (iii)
neither of points (i) or (ii).
191
Article 2, sub-article 2 of the VFA Act defines DLT as:
[A] database system in which information is recorded, consensually shared, and
synchronised across a network of multiple nodes […]
Given the VFA Act’s definition of a VFA,
192
if it can be established that a DLT-enabled asset is
electronic money, a financial instrument, or a virtual token; consequent to the fact it falls under
one of these categories would exclude it from the provisions of the VFA Act. Following the order of
187
2018-152.
188
Chapter 591 of the Laws of Malta.
189
Chapter 592 of the Laws of Malta.
190
Buttigieg and Efhymiopoulos (n 178) 33.
191
Francesco Sultana, Christos Kinanis and Charalambos Meivatzis, ‘Malta: The Financial Instrument Test’ (Mondaq,
28th August 2018) <www.mondaq.com/fin-tech/731004/the-financial-instrument-test> accessed 22nd August 2020.
192
See supra.
60
sequence of the FIT, if a DLT-enabled asset is a virtual token as defined in the VFA Act then it will
be excluded from the provisions of the act.
193
In the event that a DLT-enabled asset does not
qualify as a virtual token the FIT seeks to establish if it falls under the definition of a ‘transferable
security’ as provided by MiFID II, in which case it will be regulated by the directive.
194
If the DLT-enabled asset does not qualify either as a virtual token or as a transferable
security the next iteration under the FIT is to establish whether it qualifies as a money-market
instrument defined in Article 4, sub-article 1, point 17 MiFID II as,
those classes of instruments which are normally dealt in on the money market, such as
treasury bills, certificates of deposit and commercial papers and excluding instruments
of payment[.]
There again, a DLT-enabled asset falling under the money-market instrument definition will be
governed by MiFID II as opposed to the VFA Act.
195
If it does not qualify as a money-market
instrument, the next iteration is to see if the DLT-enabled asset qualifies as a unit in a collective
investment scheme, in which case it would be regulated by MiFID II.
196
If it does not qualify as a
unit in a collective investment, the DLT-enabled asset is checked to see if it qualifies as a financial
derivative. This is defined at length in MiFID II but, in a nutshell, a derivative is a type of security
which ‘derives’ rights from a transferable security.
197
If the DLT-enabled asset is a financial
derivative under MiFID II then it is governed by the directive.
198
Finally, if it does not qualify as a
financial derivative the FIT examines if the DLT-enabled asset is an emission allowance financial
instrument as understood under Directive (EU) 2018/410 of the European Parliament and of the
Council of 14 March 2018 […] to enhance cost-effective emission reductions and low-carbon
investments […].
199
If the DLT-enabled asset is considered an emission allowance financial
instrument, it will be governed by MiFID II not the VFA Act.
200
A DLT-enabled asset that passes the
FIT and, hence, qualifies as a VFA must also form part of a ‘VFA Service’ as defined in Article 2 and
falling within the Second Schedule of the VFA Act.
193
Sultana, Kinanis and Meivatzis (n 191).
194
ibid.
195
ibid.
196
ibid.
197
See art 4(1) 44 and Annex I s C (4) to (10) MiFID II.
198
Sultana, Kinanis and Meivatzis (n 191).
199
[…] amending Directive 2003/87/EC […], and Decision (EU) 2015/1814 [2018] OJ L76/3.
200
Sultana, Kinanis and Meivatzis (n 191).
61
62
4.1.1.2 MFSA Feedback Statement
In the MFSA’s ‘Feedback Statement to the Consultation Document on Security Token Offering’
published on the 25th February 2020,
201
(‘the Feedback Statement’) the authority believes the first
port of call for issuers of DLT-enabled assets to be marketed, for all intents and purposes as one
would a traditional security, should be the FIT.
202
In the event that the FIT still leaves scope for
doubt, the next step is to consider MiFID II’s definition of a ‘transferable security’.
203
The MFSA
reiterates what is recognised, amongst academic and professional circles, as the fundamental
elements of a transferable security. The first element, as it were, is that of transferability.
204
This is
understood as the intrinsic ability of a security to have its ownership transferred from one person
to another.
205
In order for an asset to be transferable it has to be negotiable on a market.
206
The
regulated capital markets as recognised under MiFID II have been outlined supra,
207
but it is not to
say that if a security token cannot be traded on one of the MiFID II regulated markets, it is by
default illegal within the EU territory.
208
As is being discussed in this study, the relationship between law and technology has
changed over the years and the ‘wild west’ concept of innovative technologies has been gradually
phased out. The change was brought on from both ends of the spectrum. The law has become
more flexible than it used to be back in the days when innovation was often met with scepticism.
Technology too has changed as it no longer considers the law as an enemy that wants to stifle it.
Instead, the situation being witnessed today is that the computer scientist tries to win the
sympathy of the legislator who is willing to cooperate. In the scenario presented here, security
token issuers do not want to trade on an unregulated, let alone illegal, market. On the contrary,
they want to trade on a regulated market and if the current regulated markets cannot adequately
accommodate the new technology it may be the legislator’s move to tweak existing ones or set up
one ad hoc. Traditional securities have varying rights associated with them depending on which
class of securities they belong to.
209
Security tokens emulating traditional securities must be
201
Ref No: 12-2019.
202
ibid s 1.1.2.
203
ibid.
204
ibid.
205
ibid.
206
ibid.
207
See s 2.3.
208
The Feedback Statement (n 201) s 1.1.2.
209
ibid.
63
compatible with a certain class type and offer the same forms of rights.
210
Once again, it is not
excluded novel security class types cannot eventually take shape by virtue of security tokens
although it is still being debated what may such novel security class types consist of.
The MFSA is in collaboration with the Malta Business Registry (the ‘MBR’) to revamp
parts of the Companies Act, Chapter 386 of the Laws of Malta.
211
The objective, is in part to cater
for the use of DLT technologies within the capital structure of a company.
212
On the other hand,
the embracing of innovative technologies should be technology-neutral by not applying a
particular label, such as DLT, but rather be open to new innovations whatever the trend at a
particular point in time may be.
213
Change should not come solely from the regulator’s end, but
even at a micro-level companies can do their part to include DLT technologies at the executive
level.
214
Another reform in the pipeline initiated by the MFSA is to make due diligence
requirements when listing securities on a regulated market in the Maltese territory streamlined
and, as a matter of fact, avoid discriminating between traditional and token securities or between
established and start-up enterprises.
215
The importance of cybersecurity cannot be overemphasised – whether speaking in
general about the current digital age or, more specifically, about DLT technologies. The MFSA’s
‘Guidance Notes on Cybersecurity’
216
recommends entities acting as either Professional Investor
Funds investing in Virtual Currencies,
217
and issuers of VFAs,
218
(collectively referred to as the
‘Entity’) to designate a Chief Information Security Officer (the ‘CISO’),
219
having, inter alia, the
following responsibilities:
220
• Overall integration of cyber defence management aspects within the Entity;
[…]
• Establish a corporate methodology for cyber risk management;
[…]
210
ibid.
211
ibid s 1.1.6.
212
ibid.
213
ibid.
214
ibid.
215
ibid s 1.1.8.
216
<www.mfsa.mt/wp-content/uploads/2019/06/Cybersecurity-Guidance-Notes.pdf> accessed 23rd August 2020.
217
‘Investment Services Rules for Professional Investor Funds Part B: Standard Licence Conditions Appendix I
Supplementary Licence Conditions’ (2018) MFSA, s 9 <www.mfsa.mt/wp-content/uploads/2019/05/PIF_B_AppendixI-
20190614.pdf> accessed 23rd August 2020.
218
‘Virtual Financial Assets Rulebook Chapter 2 Virtual Financial Assets Rules for Issuers of VFAs’ MFSA (2018)
<www.mfsa.mt/wp-content/uploads/2019/02/VFAR_Chapter2_FINAL.pdf> accessed 23rd August 2020.
219
Guidance Notes (n 216) Note 2.2.2.
220
ibid Note 2.3.2.
64
• Promote cyber threats awareness and provide training on mitigation processes
across the Entity including employees, suppliers, partners and customers;
• Work with the relevant functions (technological and business) within the Entity
in order to analyse and assess the levels of inherent risk, the respective controls
required, and the levels of residual risk and exposure to cyber threats;
[…]
• Develop relevant metrics and measurements, prepare and disseminate status
reports and provisioning of continuous reports;
[…]
The MFSA believes stakeholders operating in the field of issuing security tokens should preferably
have a sound knowledge of DLT technologies.
221
Although it is agreed knowledge in the subject
matter of innovative technologies may require expert exposure – it cannot be justified for the
director of a company involved in one way or another in the issuing of security tokens to remain
indifferent to the technicalities involved.
222
As a case in point, attention is drawn to Article 136A,
sub-article 3, point (a) romanette i of the Companies Act calling for company directors to,
be obliged to exercise the degree of care, diligence and skill which would be exercised
by a reasonable diligent person having […] –
i. the knowledge, skill and experience that may reasonably be expected of a
person carrying out the same functions as are carried out by or entrusted to
that director in relation to the company[.]
The study under review has already observed the importance of CSDs, as well as the
inherent powers of disintermediation of DLT technologies. The MFSA acknowledges that the
traditional role of CSDs will be altered by the rise of blockchain-enabled securities and envisions
the option of making use of a blockchain-based system having the same functionality as a CSD.
223
This once again confirms the preference of having the directors of a company engaged in issuing
security tokens to be well-versed in the technology. In the situation where a company chooses to
register securities on a blockchain, the directors will remain responsible for their proper
registration – same as if they were registered with a CSD.
224
The set-up of a STO would qualify as an innovative technology arrangement as
understood in the First Schedule of the ITAS Act. As part of the MDIA’s certification process, an
innovative technology arrangement would need to be vetted by a Systems Auditor, as defined in
Article 2, sub-article 2 ITAS Act. The Systems Auditor may either be an individual or a legal
221
The Feedback Statement (n 201) s 1.1.10.
222
ibid.
223
ibid.
224
ibid.
65
organisation and may act in collaboration with a Subject Matter Expert, an individual who may be
either employed with the Systems Auditor or else sub-contracted.
225
To register as a Systems
Auditor or a Subject Matter Expert, the applicant must meet the requirements detailed in Part IV
ITAS Act and ensemble possess the following qualifications:
226
• a minimum bachelor’s degree in ICT and/or Information Security;
• a Certified Information Systems Auditor (‘CISA’) certification or equivalent;
• have experience in carrying out audits;
• have experience in innovative technology arrangements of not less than two years
during the last three years.
While the MFSA is taking steps to embrace the decentralised abilities of the
blockchain, on the other hand permission-less decentralisation poses, in the opinion of the MFSA,
security concerns that make it difficult to integrate with traditional systems.
227
The Feedback
Statement does not rule out the application of permission-less decentralisation but pinpoints a
conflict with Title IV ‘Transaction Reporting’ of MiFIR Article 26, paragraph 1 which dictates, inter
alia, that:
Investment firms which execute transactions in financial instruments shall report
complete and accurate details of such transactions to the competent authority as
quickly as possible, and no later than the close of the following working day.
In the case of permission-less systems it would be difficult to monitor transactions in such a
manner.
The overall position of the MFSA on the issue of DLT disintermediation powers is that
there is ample room for its utilisation and, to a certain extent, this is a welcome feature of the
blockchain revolution.
228
Having said that, there are valid reasons why a certain level of
intermediation may still be desirable for reasons of public safety, such as, combating AML/CFT.
Therefore, the MFSA believes that even if DLT technologies made it possible, there would still not
be a case for total disintermediation.
229
As typically occurs in such situations, it is likely hybrid
225
‘Chapter 01 Part A Systems Auditor Guidelines (2019) MDIA, 4 <https://mdia.gov.mt/wp-
content/uploads/2019/07/Systems-Auditor-Guidelines.pdf> accessed 24th August 2020.
226
ibid 8.
227
The Feedback Statement (n 201) s 1.3.2.
228
ibid s 1.3.4.
229
ibid.
66
platforms will be witnessed which, depending on their ongoing success, would eventually replace
traditional forms of intermediation.
230
4.2 Germany
4.2.1 BaFin
The German Federal Financial Supervisory Authority (Bundesanstalt für
Finanzdienstleistungsaufsicht, ‘BaFin’) published two relevant guidelines to the study under
review. The Circular of the 20th February 2018 concerns the ‘Regulatory classification of so-called
Initial Coin Offerings (ICOs) lying tokens or cryptocurrencies as financial instruments in the field of
Securities supervision.’
231
The Report of the 16th August 2019 concerns the ‘[P]rospectus and
authorisation requirements in connection with the issue of so-called crypto tokens.’
232
BaFin
believes that for a security to meet the requirements of a transferable security as understood
under MiFID II, the main criterion is for it to possess the ability to be documented.
233
However,
whether a security token does possess this ability cannot be determined prima facie.
234
It must
also meet other regulatory securities supervision requirements as, for instance, the MAR. Thus, if a
security token fails to comply with the necessary national and supranational regulatory
requirements this will result in the prohibition of the security token project from going ahead.
235
In the view of BaFin, security token regulation can be divided into prospectus
requirements and authorisation requirements.
236
The prospectus requirements are mainly those
found in the Prospectus Regulation,
237
supplemented by Commission Delegated Regulations (EU)
2019/979,
238
and (EU) 2019/980. The Prospectus Regulation applies to securities, the definition of
which reverts to that in MiFID II. Thus, as was already determined in this study, if a security token
230
ibid s 1.3.8.
231
WA 11-QB 4100-2017/0010. Original: ‘Aufsichtsrechtliche Einordnung von sog. Initial Coin Offerings (ICOs)
zugrunde liegenden Token bzw. Kryptowährungen als Finanzinstrumente im Bereich der Wertpapieraufsicht.’
232
WA 51-Wp 7100-2019/0011 und IF 1-AZB 1505-2019/0003. Original: ‘Zweites Hinweisschreiben zu Prospekt- und
Erlaubnispflichten im Zusammenhang mit der Ausgabe sogenannter Krypto-Token.’
233
WA 11-QB (n 231).
234
ibid.
235
ibid.
236
WA 51-Wp (n 232) s V(a).
237
See s 2.7.
238
Of 14 March 2019 supplementing Regulation (EU) 2017/1129 of the European Parliament and of the Council with
regard to regulatory technical standards on key financial information in the summary of a prospectus, the publication
and classification of prospectuses, advertisements for securities, supplements to a prospectus, and the notification
portal, and repealing Commission Delegated Regulation (EU) No 382/2014 and Commission Delegated Regulation (EU)
2016/301 [2019] OJ L166/1.
67
fits the MiFID II definition of a security, notwithstanding any other gaps in the statute, the
Prospectus Regulation should apply. The issue of a token under German law may call for an
authorisation, licence, and/or permit depending on the nature of the token.
239
So far BaFin does
not have public rules of procedure for assessing which form of authorisation applies to which type
of token. Given the relative infancy of the technology it can be safely assumed BaFin considers
each request on a case-by-case basis although, as would normally happen, the higher the number
of requests tackled by the regulator, the sooner will a standard procedure take shape.
240
For
example, a token issuance having properties similar to a deposit service would require
authorisation under the Banking Act (Kreditwesengesetz, ‘KWG’).
241
A token issuance having e-
money properties would require a permit under the Payment Supervision Act
(Zahlungsdiensteaufsichtsgesetz, ‘ZAG’).
242
A token issuance having properties similar to
investment services would require authorisation under the Capital Investment Code
(Kapitalanlagegesetzbuch, ‘KAGB’).
243
And a token issuance having properties similar to financial
services would require a permit under the KWG.
244
4.3 France
4.3.1 AMF Announcement
In an announcement of the 27th February 2020 (the ‘AMF Announcement’),
245
the French Financial
Markets Regulator (Authorité des marches financiers, ‘AMF’) tabled a pro-European wide
approach to security tokens. The AMF approves of the application of the Prospectus Regulation to
STOs.
246
It considers EU legislation to be compatible with the advancement of security
tokenisation despite recognising the need to iron out potential conflicts with the CSDR, as
discussed supra.
247
The AMF agrees EU law does not preclude the trading of security tokens on
traditional markets – so long as they do not have an element of decentralisation – in which case
regulated markets would need to be modified to accommodate such innovation.
248
Trading of
239
WA 51-Wp (n 232) s V(d)(aa).
240
ibid.
241
ibid s V(d)(aa)(1).
242
ibid s V(d)(aa)(2).
243
ibid s V(d)(aa)(3).
244
ibid s V(d)(aa)(4).
245
‘Review and analysis of the application of financial regulations to security tokens’ <www.amf-
france.org/sites/default/files/2020-03/legal-analysis-security-tokens-amf-en_1.pdf> accessed 25th August 2020.
246
ibid 1.
247
ibid.
248
ibid 1-2.
68
security tokens not listed on regulated markets, that is directly on the blockchain, is not deemed
illegal by the AMF but, as noted in the study under review, would not fall under those situations
regulated by MiFID II.
249
The AMF’s vision for overcoming the obstacles that exist by virtue of the
CSDR et al is to construct a digital laboratory (‘Digital Lab’) within the purview of ESMA that will
compensate for the disapplication of, inter alia, the CSDR when a conflict occurs between DLT-
based securities and the regulation.
250
Under French law a public offer of traditional securities must go through an
intermediary – usually an investment service provider (‘ISP’), who must comply with the
jurisdiction’s AML/CFT duties.
251
Due to the disintermediation of DLT technologies, there is the
possibility an ISP will not be involved in an STO. Differently to the issuance of traditional securities
where an issuer who does not engage an ISP is exempt from the AML/CFT duties; in the case of
the issuance of ICOs, French law has made it obligatory for the issuer to perform the AML/CFT
duties normally reserved for the ISP.
252
Consequently, it is understood the same applies to issuers
of STOs.
As it stands, French company law also presents obstacles to the implementation of
security tokens.
253
Article L. 211-4 paragraph 1 of the Monetary and Financial Code
254
declares:
255
Transferable securities issued on French soil under French legislation, regardless of
their form, must be entered in accounts maintained by the issuer or an authorised
intermediary.
This is more difficult to implement on the blockchain because the account username and the
user’s actual name are not necessarily the same.
256
The solution would be either for the regulator
to maintain a register of an issuer’s real name with that of the corresponding username; or
another option, which may be simpler, is the operation of a software application that can verify a
249
ibid 2.
250
ibid.
251
ibid.
252
ibid.
253
ibid.
254
Original: ‘Code monétaire et financier, partie legislative’, as of 20th March 2006.
255
Original: ‘Les valeurs mobilières émises en territoire français et soumises à la législation française, quelle que soit
leur forme, doivent être inscrites en comptes tenus par l'émetteur ou par un intermédiaire habilité.’
256
The AMF Announcement (n 245) 13.
69
username’s real identity.
257
Another example of company law obstacles, is found in Article L. 227-2
of the Commercial Code
258
:
259
The société par actions simplifiée [simplified joint-stock companies] may not offer
financial securities to the public nor have its shares admitted for trading on a regulated
market[.]
STOs are popular with start-up ventures which would fall under the definition of a simplified joint-
stock company.
260
However, Article L. 411-2 of the Monetary and Financial Code constitutes
certain exemptions which may still afford start-up ventures the possibility to issue STOs if falling
within certain prescribed parameters.
257
ibid.
258
Original: ‘Code de commerce, partie legislative’; as of 1st July 2013.
259
Original: ‘La société par actions simplifiée ne peut procéder à une offre au public de titres financiers ou à
l'admission aux négociations sur un marché réglementé[.]’
260
The AMF Announcement (n 245) 13.
70
CONCLUSION
It is understood current EU legislation does not fully cater for security tokens. This is not a surprise
since the legislation was tailored for traditional securities. However, it does not mean security
tokens are destined to fail because they do not have absolute legal support. On the contrary,
security tokens are the future and traditional securities, while not becoming obsolete, will have to
make space for innovation. DLT-based technologies do not necessarily constitute the entire future
of innovation, but they still have considerable potential to offer and it is hard to believe they will
not continue being developed over the coming years.
The financial industry strives to be cautious – at least in theory. In practice, cases of
fraudulent governance abound but these distinct cases do not represent the entire industry. The
consequences of a financial crisis can be devastating and when they occur fingers are pointed,
inter alia, against the key players of the industry, such as banking institutions and financial
regulators. Only a fool keeps repeating the same mistakes whereas the wise learn from previous
mistakes. As also happens with other industries, certain checks and balances are the result of
lessons learnt in the aftermath of a crisis – implemented for the sake of public interest and safety.
Certain critics denounce them as bureaucratic measures which benefit the key players more than
the public, however it is not desirable to have a market where there is no consumer protection.
For example, following the financial crisis of the late 2000s, several measures were introduced in
the EU and other jurisdictions of the world that seek to prevent the onslaught of another financial
crisis, or at least one similar to the previous.
A prevalent regulatory gap encountered under EU law is the definition of transferable
securities in MiFID II and the consequent need to be tradable on a regulated market. There are
valid reasons why securities should only be traded on a recognised market, amongst which are
concerns of public interest. It is well and fitting that investors should be protected from scammers
and fraudsters or simply lousy investment proposals. This has created a framework that so far has
worked in protecting investors as much as possible. From an innovative technology perspective,
the transferable securities definition is debilitating. The purpose of asset tokenisation is to create
new boundaries which will open unprecedented horizons in the securities market industry.
Amongst the strengths of blockchain is the power of disintermediation and decentralisation. This
benefit is eradicated if security tokens are tied down to the four trading venues currently
recognised by MiFID II.
71
STOs evolved from ICOs because the former is more stable than the latter. The
evolution, however, needs to continue. The benefits of digitisation should be always coupled with
minimisation of the volatile and uncontainable properties of a technology. The trick is to, on the
one hand, find a balance between containing a technology whilst letting it prosper, and on the
other hand, avoid stifling the technology such that it will fail to exist. Laws aimed at the use of
innovative technologies, such as the CRD, DMCFSD and ECD, are more readily assimilated by STOs.
Other laws operating in more traditional settings, such as the CSDR, stifle innovative technologies.
All those statutes that adopt the MiFID II transferable securities definition have the disadvantage
of preventing security tokens from taking full advantage of the powers of DLT-enabled
technologies
The checks and balances created by the traditional statutes are not being criticised as
archaic and obsolete and not belonging in the present age. Deregulation in the securities market
could lead to a financial bubble which would eventually lead to financial crisis – as the history of
financial markets has proven time and again. Not all forms of disintermediation and
decentralisation are desirable. As with everything, there can be uses and abuses and in fact it is
one of the AML/CFT concerns surrounding blockchain technology that criminals are using the
powers of decentralisation to perpetrate illegalities. This should not be the general label of
anything associated with DLT-enabled technologies, though.
Besides the regulatory gaps at an EU level, namely the MiFID II definition of
‘transferable securities’; those statutes that use the ‘transferable securities’ definition; and the
CSDR, at a MS level there are several regulatory gaps in the national financial supervisory laws,
rules, and regulations. These regulatory gaps are stifling the possibility of STOs to compete with
traditional securities. Is it possible to fill in the MiFID II, CSDR and national legislation regulatory
gaps? The issue is intrinsically a question of decentralisation. Other issues pertinent to security
tokens, such as the difficulty to pinpoint a particular territory in the case of an online setting, or
the prevalence of usernames on a virtual platform can be more easily overcome by the regulator
acknowledging the existing of these teething issues and acting accordingly.
Instead, sorting the MiFID II and CSDR limitations would require the intervention of the
legislator. Regarding decentralised trading of security tokens, it is evident that an ad hoc
recognised venue would have to be established for there to be the same level of control as there is
72
for traditional securities. It is, in a way, a contradiction to expect decentralised trading venues to
be subject to supervisory control but the point about technological innovation is of creating new
playing fields not previously envisioned. Therefore, it could be hypothesised that a specific
regulatory authority was created for the purpose of supervising decentralised blockchain security
token trading venues. Due to the internet-based framework of DLTs it would be easier to regulate
at a supranational than at a national level. This is because a decentralised blockchain trading
venue is unlikely to be confined by a particular jurisdiction. The nature of the internet is
intrinsically cross-border and even though it spans well beyond the boundaries of the EU territory,
it is possible to envision the EU taking a third country approach towards jurisdictions beyond its
territory as it has done in other contexts such as the General Data Protection Regulation (the
‘GDPR’).
261
This could be part of the Digital Lab envisioned by the AMF,
262
which would collaborate
with entities, such as ESMA, with the object of catering for DLT-based security tokens and,
possibly, other future innovative technologies. In other words, the Digital Lab would, inter alia, be
responsible for supervising decentralised security token trading venues and, perhaps using NCAs,
allow them to get licenced. The same concept could also be used in the case of the CSDR. The
duties of CSDs have been shaped over centuries of development and cannot be altered at short
notice. Where an STO cannot satisfy the requirements of the CSDR, the Digital Lab would step-in
to vouch for the STO issuer – so long as the issuer can in turn satisfy the requirements of the
Digital Lab. It should not be forgotten that STO innovation is another cogwheel in the broader DLT-
based technology revolution. Although it is believed security tokenisation can bring a breath of
fresh air to the development of blockchain, because they are more stable than crypto currencies,
there is so much going on by way of innovative technologies that all stakeholders are struggling to
follow what will happen next. Eventually, when the dust begins to settle, the Digital Lab may well
be standing in the horizon.
The point here is to encourage the trend of combining traditional rights with new
technologies, as is being done with STOs, and in so doing gradually eradicate regulatory gaps
between one and the other. Although still in its infancy, the hypothesis would be to view a right as
independent from a specific medium. This ‘independent right’ could be associated with legal
261
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of
natural persons with regard to the processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L119/1.
262
See s 4.3.1.
73
instruments considered traditional but it could likewise be associated with other mediums such as
that of the blockchain. Should blockchain be superseded by some other innovative technology, the
independent right could be ‘grafted’ to it. Talking about superseding blockchain technology may
sound premature but in the volatile world of technology this may not be as farfetched as one
would assume. What matters at this stage is the principle that what is being termed an
‘independent right’ can be associated with one or more mediums. By way of example, it could be
hypothesised the independent right is the ownership of securities and the possible mediums in
which it could be grafted is either the traditional medium or the blockchain medium. Note for the
sake of this hypothesis, the default medium is not necessarily the traditional one – although
everyone assumes it is. Still, it may be a productive train of thought to view traditional securities
and security tokens as both being legitimate children of the same mother, rather than the former
being the legitimate child and the latter an illegitimate one.
When considering the future of STOs, technology-neutral legislation seems to be the
keyword. As already noted apart from national financial services legislation, amongst the prime
impediments to STO development at an EU level are MiFID II and the CSDR. These statues are
difficult to overcome in the given context and this is not surprising. Their role is to, inter alia,
provide stability in the financial services market. History has taught stakeholders in the industry
that prudence is never enough. Therefore, measures catering for the protection of investors are
not to be regarded as an obstacle. Having been drafted in a time when technological innovation
had not yet pervaded the securities sector, these statutes meet the purpose for which they were
drafted – which is the prevention of fraud and financial crises. These objectives still need to be
kept in place as is evidenced by the AML/CFT alerts of the competent authorities towards crypto
assets.
Legislators and regulators need to think in a more technology-neutral perspective and
reap the benefits of innovative technologies while still maintaining high levels of investor
protection. There still need to be regulated markets and recognised trading venues but the ones
envisioned by MiFID II were not intended for security tokens. Hybridisation is the more gradual
way of acknowledging change and still prevent the onslaught of an unsuspected crisis. Therefore,
MiFID II’s recognised trading venues would at first remain intact. To these can be added the legal
acknowledgment that security token may be traded on the blockchain. Without going into too
much detail, DLTs can permit different forms of trading venues. Not all need to be acknowledged
74
by the financial regulator and, for the sake of prudence, only strictly regulated blockchain venues
that can give the concerned stakeholders peace of mind would be considered. This is a catch-22
situation where over regulation does not allow the technology to grow but under regulation will
leave scoundrels free to perpetrate their misdemeanours. Similarly, for the CSDR, without going
into too much detail, hybridisation will legalise blockchain forms of securities settlement systems
that can operate side-by-side with traditional ones.
75
BIBLIOGRAPHY
Conference papers
Mohanta B K, Panda S S and Jena D, ‘An Overview of Smart Contract and Use cases in Blockchain
Technology’ (IEEE – 43488, October 2018).
Edited books
Loos M, ‘Rights of withdrawal’ in G. Howells and R. Schulze (eds), Modernising and harmonising
consumer contract law (Sellier European Law Publishers 2009) 10.
European Commission documents
Commission, ‘Consultation Document: On an EU framework for markets in crypto-assets’
(Directorate-General for Financial Stability, Financial Services and Capital Markets Union).
Report from the Commission of the European Parliament and the Council on the implementation
and impact of Directive 2009/110/EC in particular on the application of prudential requirements
for electronic money institutions COM(2018) 41 final.
Hard copy journals
Bodellini M, ‘Does it still make sense, from the EU perspective, to distinguish between UCITS and
non-UCITS schemes?’ (2016) 11 Capital Markets L J 528.
Buttigieg C P and Chetcuti M, ‘Regulation of funds in Malta: the challenges ahead’ (2013) 21 J of
Financial Regulation and Compliance 121.
Halpin R and Moore R, ‘Developments in electronic money regulation – the Electronic Money
Directive: A better deal for e-money issuers? (2009) 25 Computer L & Security Rev 563.
Kirk S and Hooles A J, ‘E-Commerce Directive’ (2002) 21 Banking & Financial Services Policy Report
7.
Mendelson M, ‘From Initial Coin Offerings to Security Tokens: A U.S. Federal Securities Law
Analysis’ (2019) 22 Stan Tech L Rev 52.
76
Polański P P, ‘Revisiting country of origin principle: Challenges related to regulating e-commerce in
the European Union’ (2018) 34 Computer L & Security Rev 562.
Newspaper articles
‘The rise of Security Token Offerings (STOs)’ The Malta Independent (Malta, 28th July 2020)
<www.independent.com.mt/articles/2020-07-28/business-news/The-rise-of-Security-Token-
Offerings-STOs-6736225568> accessed 30th August 2020.
Warren N, ‘Financial Instruments Test Guidelines – getting tested’ Times of Malta(Malta, 7th
October 2018) <https://timesofmalta.com/articles/view/financial-instruments-test-guidelines-
getting-tested.690971> accessed 30th July 2020.
Theses
Sietiņš R, ‘Security Token Offering in EU: applicable law’ (Master’s thesis, Riga Graduate School of
Law 2019).
Websites and blogs
‘Central Securities Depositories Regulation (CSDR)’ (Deutsche Börse Group) <https://deutsche-
boerse.com/dbg-en/regulation/regulatory-dossiers/csdr> accessed 30th July 2020.
‘Central Securities Depositories Regulation (CSDR)’ (EuroCCP) <https://euroccp.com/csdr>
accessed 30th July 2020.
‘CSDR’ (DTCC) <www.dtcc.com/csdr> accessed 30th July 2020.
‘Five Unsolved Challenges of Crypto Security Tokens’ (Hackernoon, 11th December 2018)
<https://hackernoon.com/https-hackernoon-com-the-5-unsolved-challenges-of-crypto-security-
tokens-4eda8d34cd10> accessed 19th December 2019.
‘Frequently Asked Questions – European Central Securities Depositories Regulation’ (LuxCSD, 24th
April 2020) <www.luxcsd.com/luxcsd-en/about-luxcsd/regulation/frequently-asked-questions-
european-central-securities-depositories-regulation—1276678> accessed 30th July 2020.
77
‘Future of Security Token Offerings in Malta’ (MuscatMizzi Advocates, 16th March 2020)
<www.muscatmizzi.com/insights/future-of-security-token-offerings-in-malta> accessed 30th June
2020.
‘Guidelines on Securities Token Offerings’
<www.lb.lt/uploads/consultations/docs/21877_57f454a0941b935920614c709cf9b937.pdf>
accessed 19th December 2019.
‘Launch Security Token Offering (STO) in Malta’ (Welcome Center Malta) <www.welcome-center-
malta.com/blockchain-services-in-malta/ico-sto-launch-malta/launch-security-token-offering-sto-
in-malta> accessed 30th June 2020.
‘Legal and Regulatory Pitfalls with Token Offerings’ (LEXcellence, 8th May 2019)
<https://lexcellence.swiss/en/news/legal-and-regulatory-pitfalls-token-offerings> accessed 19th
December 2019.
‘Legal issues and practical aspects of raising capital through security token offerings’ (Medium, 8th
February 2019) <https://medium.com/@ingvarrat/legal-issues-and-practical-aspects-of-raising-
capital-through-security-token-offerings-4b2d9ea0e3e0> accessed 19th December 2019.
‘Professional Investor Funds (PIFs)’ (GVZH Advocates) <www.gvzh.com.mt/malta-law/financial-
services-regulation/collective-investment-funds-schemes-cis/categorisation-
schemes/professional-investor-funds-pifs> accessed 30th July 2020.
‘Securities Tokens: Regulatory Challenges Beyond Howey’ (FintechPolicy.org, 10th December 2018)
<https://fintechpolicy.org/2018/12/10/security-tokens-regulatory-challenges-beyond-howey>
accessed 19th December 2019.
‘Security Token Offerings (STOs): “The Future of Coin Offerings” (Updated 2nd Edition)’ (Kinanis
LLC, December 2018) <www.kinanis.com/security-token-offerings-sto-2nd> accessed 19th
December 2019.
78
‘The Financial Instrument Test: A Brief Analysis’ (Dr Werner & Partner, 12th September 2018)
<www.drwerner.com/en/financial-instrument-test-brief-analysis> accessed 30th July 2020.
‘The Central Securities Depositories Regulation (CSDR)’ (BNY Mellon, 4th May 2020)
<www.bnymellon.com/emea/en/our-thinking/central-securities-depositories-regulation.jsp>
accessed 30th July 2020.
‘The Virtual Financial Act (VFA) in Malta’ (Welcome Center Malta) <www.welcome-center-
malta.com/blockchain-services-in-malta/vfa-agent-and-services-in-
malta/#:~:text=The%20Virtual%20Financial%20Assets%20Act%20%28VFAA%29%20endorses%20t
he,accreditations%20before%20being%20allowed%20to%20provide%20any%20services>
accessed 30th June 2020.
‘TokenizEU: ICOs, Security Tokens and Public Offerings in the European Union’ (Medium, 28th
November 2018) <https://medium.com/comistar/the-death-of-icos-security-tokens-and-public-
offerings-in-the-eu-d160e17f7c18> accessed 29th December 2019.
‘UCITS’ (Fidessa, 11th March 2014) <https://regulation.fidessa.com/ataglance/ucits> accessed 8th
August 2020.
Channing E, ‘Security Token Offerings Are (Finally) Set for Takeoff in 2020’ (Coindesk, 20th
December 2019) <www.coindesk.com/security-token-offerings-are-finally-set-for-takeoff-in-2020>
accessed 29th December 2019.
DiStefano R G and Hubbard B, ‘Market Trends 2019/19: Blockchain Security Token Offerings’ (Lexis
Practice Advisor) <www.gtlaw.com/-/media/files/insights/published-articles/2019/08/market-
trends-2018-19-blockchain-security-token-offerings.pdf> accessed 30th June 2020.
Dunn J, ‘Security Token Offering marketing best practices: Interview German Ramirez’
(EspeoBlockchain, 21st February 2019) <https://espeoblockchain.com/blog/sto-marketing-best-
practices> accessed 19th December 2019.
79
Ganado M, ‘Blockchain: Some legal considerations relating to Security Token Issuance’ (Ganado
Advocates, 12th July 2019) <https://ganado.com/insights/publications/blockchain-some-legal-
considerations-relating-to-security-token-issuance> accessed 19th December 2019.
Goffman S, ‘Security Token Offering: analysis, problems and prospects’ (Finextra, 13th December
2018) <www.finextra.com/blogposting/16430/security-token-offering-analysis-problems-and-
prospects> accessed 13th July 2020.
Macy S, ‘Legal aspects of a Security Token Offering’ (Medium, 17th June 2019)
<https://medium.com/security-token-offering/legal-aspects-of-a-security-token-offering-
8a1d15a4fff4> accessed 19th December 2019.
Mass T, ‘Security Token Offerings’ (Law & Blockchain)
<www.lawandblockchain.eu/consultancy/security-token-offering> accessed 19th December 2019.
Meisser C, ‘Legal Challenges for Blockchain-Based Capital Markets’ (Cryptoresearch, 14th January
2019) <https://cryptoresearch.report/crypto-research/legal-challenges-for-blockchain-based-
capital-markets> accessed 19th December 2019.
Micallef R, ‘The Distance Marketing Directive and its application to interest rate agreements
amending existing loan agreements’ (Ganado Advocates, 16th April 2020)
<https://ganado.com/insights/publications/the-distance-marketing-directive> accessed 30th June
2020.
Mifsud Parker P, ‘MFSA simplifies Financial Instruments Test for ICOs’ (CetchutiCauchi Advocates,
25th July 2018) <www.ccmalta.com/news/malta-financial-instruments-test> accessed 30th July
2020.
Mifsud Parker P, ‘Security Token Offering STO’ (CetchutiCauchi Advocates)
<www.chetcuticauchi.com/factsheets/Security-Token-Offering-STO.pdf> accessed 19th December
2019.
80
Mitra R, ‘What Are Security Tokens? [The Most Comprehensive Guide] (Blockgeeks)
<https://blockgeeks.com/guides/security-tokens> accessed 19th December 2019.
Van Kloeten O, ‘Security tokens sweep Europe as countries embrace blockchain regulations’
(Medium, 12th June 2019) <https://medium.com/stellerro/security-tokens-sweep-europe-as-
countries-embrace-blockchain-regulations-a65a5326f402> accessed 29th December 2019.
Zhang K, ‘The Evolution of E-Money: What Is In A Definition? (BCLPLaw, 4th March 2020)
<www.bclplaw.com/en-GB/insights/the-evolution-of-e-money-what-is-in-a-definition.html>
accessed 8th August 2020.
Working papers
‘Advice: Initial Coin Offerings and Crypto-Assets’ (2019) ESMA50-157-1391
<www.esma.europa.eu/sites/default/files/library/esma50-157-1391_crypto_advice.pdf> accessed
19th December 2019.
‘Are token assets the securities of tomorrow?’ (2019) Deloitte
<www2.deloitte.com/content/dam/Deloitte/lu/Documents/technology/lu-are-token-assets-the-
securities-tomorrow.pdf> accessed 19th December 2019.
‘CSDR Settlement Discipline Rules: Implementation Blueprint’ (2020) Baker McKenzie
<www.bakermckenzie.com/en/-/media/files/insight/publications/2020/07/bakermckenzie_csdr-
settlement-discipline-rules.pdf> accessed 30th July 2020.
‘ECSDA Response to the European Commission Consultation on Crypto-Assets’ (2020) European
Central Securities Depositories Association <https://ecsda.eu/wp-
content/uploads/2020/03/2020_03_19_ECSDA_Response_EC_Crypto_consultation.pdf> accessed
1st September 2020.
‘EuroCCP CSDR Settlement Discipline Framework’ (2020) EuroCCP
<https://euroccp.com/document/euroccp-csdr-settlement-discipline-
framework/?wpdmdl=5678&refresh=5f4ac39f5c39d1598735263> accessed 10th August 2020.
81
‘European Regulatory Snapshot: The Amended Transparency Directive’ (2013) Davis Polk
<www.davispolk.com/files/10.24.13.European.Regulatory.Snapshot.pdf> accessed 30th July 2020.
‘Framework for “Investment Contract” Analysis of Digital Assets’ Strategic Hub for Innovation and
Financial Technology <www.sec.gov/corpfin/framework-investment-contract-analysis-digital-
assets> accessed 19th December 2019.
‘Handbook on Securities Statistics’ (2015) International Monetary Fund
<www.imf.org/external/np/sta/wgsd/pdf/hss.pdf> accessed 19th December 2019.
‘Questions and answers – Transparency Directive (2004/109/EC)’ (2019) ESMA31-67-127
<www.esma.europa.eu/sites/default/files/library/esma31-67-
127_qa_document_transparency_related_issues.pdf> accessed 30th July 2020.
‘The Complete Guide to Security Token Offerings’ Applicature.
‘The Ultimate Guide to Security Token Offerings’ 81-c <https://81-c.com/wp-
content/uploads/2019/02/Ultimate_Guide_to_STO_d2-2-1.pdf> accessed 30th June 2020.
‘Virtual Financial Assets Framework – Frequently Asked Questions (2019) MFSA
<www.mfsa.mt/wp-content/uploads/2019/01/20190125_VFARFAQs_v1.01.pdf> accessed 25th
January 2020.
Ante L and Fiedler I, ‘Cheap Signals in Security Token Offerings (STOs)’ (2019) Blockchain Research
Lab
<www.researchgate.net/profile/Lennart_Ante/publication/331287045_Cheap_Signals_in_Security
_Token_Offerings_STOs/links/5d273c3192851cf4407a136f/Cheap-Signals-in-Security-Token-
Offerings-STOs.pdf> accessed 19th December 2019.
Phoebus Athanassiou and Natalia Mas-Guix, ‘Electronic Money Institutions – Current Trends,
Regulatory Issues and Future Prospects’ (2008) European Central Bank Legal Working Paper Series
No 7, 14 <www.ecb.europa.eu/pub/pdf/scplps/ecblwp7.pdf> accessed 8th August 2020.
82
Casadei Bernardi S D, ‘Security Token Offerings in Europe: A definitive guide to security tokens in
Europe from a legal and compliance viewpoint’ (2019) Blockchain Consultus
<www.blockchainconsultus.io/wp-content/uploads/2019/09/SecurityTokenOfferingsEurope.pdf>
accessed 29th December 2019.
Houben R and Snyers A, ‘Crypto-assets: Key developments, regulatory concerns and responses’
(2020) ECON committee
<www.europarl.europa.eu/RegData/etudes/STUD/2020/648779/IPOL_STU(2020)648779_EN.pdf>
accessed 30th June 2020.
Lannoo K and Levin M, ‘Securities Market Regulation in the EU: Everything You Always Wanted to
Know about the Lamfalussy Procedure’ (2004) CEPS Research Report in Finance and Banking, No.
33 <https://www.ceps.eu/download/publication/?id=5037&pdf=1182.pdf> accessed 19th
December 2019.
