Cryptocurrencies and ICOs – A Rough Guide to Regulation

header image

Over the past few years there has been a growing proliferation of cryptocurrencies. More recently, companies which may have limited access to fundraising through traditional methods are turning to cryptocurrencies, and initial coin offering (“ICO”), as a means to raise funds.

(For the purpose of this article, we use the term cryptocurrency to refer to any coins, tokens, or other such units of digital, virtual or e-currency that do not take a physical form, such as bitcoin and ethereum.)

However, this “cryptocurrency mania”, especially new ICOs, has led (to some extent) to a regulatory backlash. Some authorities have issued total bans on ICOs, whilst others have decided to take a more observational approach to regulating the burgeoning industry. Notably, a number of regulators, have issued warnings to consumers about the lack of investor protection, high risk of fraud, and price volatility which can characterise ICOs and cryptocurrencies in general.

Whilst a number of financial services regulators are yet to comment on the legal and regulatory status of cryptocurrencies and ICOs, we can already see trends beginning to emerge and splits beginning to appear amongst those which have. As a result, companies may decide to engage in “jurisdiction shopping” to find the most favourable or clear-cut regulatory framework to launch their ICO. For example, in September 2017 Kik Interactive Inc., chose not to offer its cryptocurrency to those in its native Canada due to the “weak guidance” from the domestic Canadian regulator.

As regulatory scrutiny intensifies, there will be a growing need to engage with regulators and seek specialist legal advice before engaging in cryptocurrency-related activity. This article seeks to provide a brief overview of the approaches taken by a number of regulators and provide readers with an idea of the current regulatory status of cryptocurrencies and ICOs in a number of key FinTech jurisdictions.

“Observational” Jurisdictions

A number of established financial regulators have chosen to adopt an observational “case by case” approach, typically unpopular with entrepreneurs, to the regulation of cryptocurrencies and ICOs. These regulators have typically provided guidance on what factors they will consider when deciding whether the existing regulations apply.


Perhaps the best developed regulatory framework for cryptocurrencies and ICOs is in Japan. Over the past year the Japanese FSA has recognised Bitcoin as legal tender, and authorised 11 companies to operate cryptocurrency exchanges, some of which will be handling a variety of coins including Bitcoin, Ether and Litecoin. On 27 October 2017, the FSA said that ICOs may fall within the scope of the Payment Services Act (“APSA”) and/or the Financial Instruments and Exchange Act, depending on their structure.

According to the FSA, some cryptocurrencies issued in an ICO will be deemed “virtual currencies”. Accordingly, the businesses which provide exchange services of those cryptocurrencies on a regular basis must be registered with applicable Local Finance Bureaus.

In other situations, where the ICO has the characteristics of an investment, the ICO may fall within the scope of the Financial Instruments and Exchange Act.

Other regulators have also provided guidance on how existing regulations may apply to cryptocurrency and ICO activity, rather than seeking to adopt new regulations.

Hong Kong

In 2016, the HKMA issued a whitepaper on distributed ledger technology which stated that bitcoin and other cryptocurrencies may be treated as commodities. This approach has been echoed by the Hong Kong SFC which issued a statement on ICOs on 5 September 2017, confirming that cryptocurrencies may also be treated as securities. One of the key, and increasingly common, examples of where a cryptocurrency will be considered a security, is where the cryptocurrency represents equity or an ownership interest in a company.

If the cryptocurrency falls within the definition of a security, the cryptocurrency/ICO will fall within the regulatory framework of the SFC, regardless of where the parties are located – provided the cryptocurrency/ICO is open to the Hong Kong public.


On 1 August 2017, MAS provided a statement clarifying the regulatory status of ICOs in response to a number of ICOs taking place in Singapore. This affirmed the initial position that cryptocurrencies are not regulated per se. However, MAS confirmed that it would regulate an offer or issue of cryptocurrencies in Singapore if such cryptocurrencies fell within the definition of “securities” under the Securities and Futures Act (“SFA”).

Whether a cryptocurrency would be considered a security depends on its characteristics; if the coin/token in question were deemed a “security”, then issues would arise under the SFA, Financial Advisers Act, and other laws concerning the regulation of financial products. If a cryptocurrency was considered a security under the SFA, the issuer would, most notably, be required to issue a prospectus prior to the ICO, unless there was an exemption.


On 12 September 2017, the FCA issued a statement warning consumers of the risks associated with ICOs and cryptocurrencies commenting that “many ICOs will fall outside the regulated space”. The FCA believes that it is only able to determine the regulatory status of a particular ICO on a “case by case” basis.

The FCA’s statement helpfully highlights a number of factors that it is likely to consider when assessing whether an ICO falls within the scope of existing regulation, including, amongst others, whether the cryptocurrency constitutes a transferable security; similarities between an ICO and IPOs or private placements, and whether the issuer’s activities constitute a regulated activity.


The German Financial Services Authority, “BaFin” has confirmed that cryptocurrencies are financial instruments. However, BaFin has said that the act of merely using cryptocurrencies as cash or deposit money does not require authorisation. BaFin has also confirmed that a service provider or supplier may receive payment for goods/services in a cryptocurrency without carrying out banking business or financial services.

However, there are situations where the use of cryptocurrencies may require authorisation by BaFin, including platforms where the activities could constitute or “are similar enough” to broking services. BaFin provides guidance on factors which indicate that a digital currency exchange or other platform may be carrying out broking services. If no principal broking services are carried out by the platform, they may instead be operating a multilateral trading facility, in which case the platform may need to be authorised.

There is no general requirement for authorisation for the mining of cryptocurrencies. However, where a mining pool offers shares in proceeds, or additionally provides services for the creation/maintenance of a market, authorisation may be required.

ESMA issued a statement on 13 November 2017, reminding companies considering an ICO to have regard for applicable regulatory requirements. ESMA confirmed that cryptocurrencies may constitute financial instruments or securities, and companies will need to analyse the features of the cryptocurrency and the structure of the ICO to determine whether key legislation applies, such as: the Prospectus Directive, Markets in Financial Instruments Directive, and the Alternative Investment Fund Managers Directive.


In 2015 the CFTC stated that it intended to treat Bitcoin, and other cryptocurrencies as commodities. In contrast, in July 2017 the SEC issued a report summarising its findings on the cryptocurrency issued by the Decentralized Autonomous Organization (“DAO”). In respect of this ICO, the SEC determined that the cryptocurrency constituted a security. Though no action was taken against DAO, the SEC confirmed that cryptocurrencies may be securities depending on the “facts and circumstances of each individual ICO”. Where a cryptocurrency is determined to be a security, the ICO may be subject to registration with the SEC and disclosure obligations. Furthermore, if the cryptocurrency is subsequently traded on an exchange, the exchange and any parties involved in the brokering of trades may require registration.

The DAO matter has meant that cryptocurrencies in the USA will be assessed on an individual basis before either the SEC or the CFTC to decide under whose regulatory scope each cryptocurrency falls within.

In addition, the Uniform Law Commission has circulated draft legislation, which would create a statutory structure for regulating transactions in cryptocurrency as transactions in financial assets. This legislation, if enacted, will require the providers of cryptocurrency-related products and services to obtain a licence in order to operate in the states which enact it, unless otherwise exempt.


The CSA issued a staff paper in August 2017 making it clear that cryptocurrencies offered by organisations conducting business within Canada or to Canadian investors could be considered securities or derivatives for the purpose of the Canadian regulatory framework. Nevertheless, each cryptocurrency will need to be reviewed “on its own characteristics”. The CSA states that where the cryptocurrency is tied intrinsically to a business or involves and investment contract it would most likely be considered a security.

Where a cryptocurrency is traded on an exchange active in Canada, the exchange may be considered an alternative trading system, and would therefore need to seek recognition by the Canadian regulator. In addition to this, parties providing advisory services in respect of an ICO may need to be registered unless exceptions apply.


On 4 October 2017, ASIC issued guidance on the legal status of ICOs. This confirmed that it is dependent upon the circumstances of the ICO, such as how it is structured and operated, and the rights attached to the cryptocurrency offered. For example, depending on the structure of the offering, or the rights attached to the cryptocurrency, the ICO may constitute an offer of, amongst others, a managed investment scheme, a share in a company, or a derivative.

Some jurisdictions have, at present, an unclear approach to cryptocurrencies, but their statements suggest an observational approach will be taken. One of the key examples of this is the UAE.


Cryptocurrencies currently have a slightly unclear status, with regulations due to come into effect in January 2018 appearing to be superseded by statements from the Central Bank, which has promised to provide new guidance and regulations. Within the UAE, differing approaches are being taken in different centres.

Dubai is an exciting hub for cryptocurrency development, boasting the creation of the world’s first sharia-compliant crypto-coin. At present, the DFSA does not regulate cryptocurrencies nor does it regulate ICOs. However, industry stakeholders and interested bystanders should keep their eyes peeled in light of the above and the announcement by the Central Bank that “virtual currencies are currently under review…and new regulations will be issued as appropriate”.

In Abu Dhabi, the FSRA takes a similar approach to that of the FCA in the UK, deciding to adopt a case by case approach to the regulation of a cryptocurrency. Broadly speaking, where a cryptocurrency has the characteristics of a security then it most likely will be regulated as such.

Developing Jurisdictions

A number of jurisdictions are seeking to enhance their reputation in the cryptocurrency industry. These jurisdictions have not yet made statements on the regulatory status of cryptocurrencies and ICOs. Instead they have suggested that they will adopt a “friendly” approach, and sought to create partnerships with industry stakeholders in order to develop a strong infrastructure.

One of the best examples of this is Kazakhstan, in which cryptocurrencies and ICO activity appear to be unregulated at present. However, the Astana International Financial Centre (AIFC) is currently developing “the most favourable conditions for FinTech startups – including …flexible regulations and investment promotion”. This signals a clear intention from Kazakhstan to become a leading jurisdiction for FinTech in the future, as shown through the partnerships announced by the AIFC.

##Banned Jurisdictions

China has issued an outright ban on the raising of funds through ICOs, declaring that cryptocurrencies do not have the characteristics of money, or legal status equivalent to that of money and cannot be used or circulated in the market as money.

The decision to impose an outright ban has potentially impacted the policy of neighbouring regulators. For instance, Taiwan’s Financial Supervisory Commission has not yet confirmed the regulatory status of cryptocurrencies or ICOs, but it has hinted at the adoption of an approach similar to that of Japan, rather than that of China.


Regulators are increasingly interested in cryptocurrencies and ICOs. We can already see trends developing between those jurisdictions which are seeking to ban activity until more is known, those which have sought a pragmatic “case by case” approach, and those which have sought not to comment so far. It is likely that a number of other regulators will issue statements in the near future on this topic, with the Russian Central Bank and the Gibraltar Financial Services Commission in particular suggesting that statements will be forthcoming soon.

Where a company seeks to offer a cryptocurrency/ICO to multiple jurisdictions, there is a risk of contradiction between the approaches adopted by the applicable regulators. Whilst we expect to see a degree of coordination between the regulators in this regard, stakeholders will need to be aware of the differences between jurisdictions and calculate their next moves accordingly. Companies should also be aware that a number of the regulators, such as those of the USA and Hong Kong, have confirmed the extra-jurisdictional nature of their authority where a cryptocurrency/ICO issued outside of the country is offered to persons within their jurisdiction. Companies must carefully consider where they offer cryptocurrencies to ensure compliance with all applicable regulations.

One possible reason for the growing interest from regulators, and the approaches taken, is the evolving role of ICOs to provide corporate finance. Initially cryptocurrencies were offered primarily as an electronic alternative to fiat currencies. However, the recent trend has been towards companies using ICOs to launch cryptocurrencies that are inextricably linked to the company’s business, in essence creating a pseudo-share. This has resulted in cryptocurrencies and ICOs being brought towards the more traditional sphere of regulators’ authority, especially in respect of securities regulation. As cryptocurrencies begin to encroach on more “mainstream” areas it is likely that more regulatory oversight will follow. This may also lead to a divergence in the approaches taken by regulators, depending on the type of ICOs and cryptocurrency activity that each jurisdiction most commonly sees. There is also potentially a risk that in seeking to deal with the new type of ICO, a regulator, through a perceived heavy-handed approach, causes “traditional” cryptocurrency activity, where the cryptocurrency is a currency rather than quasi –security, to avoid jurisdictions where the regulatory framework is unclear..

As a rapidly evolving industry, and in light of the above, it is essential that parties involved in the industry seek legal advice and engage with the relevant regulator before carrying out any cryptocurrency or ICO related activities.

  • David Ramm – Partner, Morgan Lewis
  • Jack Shawdon – Trainee Solicitor, Morgan Lewis
  • Philip Stone – Trainee Solicitor, Morgan Lewis