The UK’s Financial Conduct Authority has published draft guidance for market players in the developing cryptoassets sector (see CP19/3). This follows a report published last autumn by the UK’s Cryptoasset Taskforce (consisting of the FCA, PRA and Treasury) that explores the UK’s approach to cryptoassets and distributed ledger technology. The FCA has been a relatively late mover in producing practical guidance on crypto compared to other regulators internationally, but was it worth the wait?

The guidance the FCA has now produced is relatively detailed and engages with the features of different types of tokens – exchange tokens, utility tokens and, of course, security tokens – and  has been generally welcomed for bringing greater clarity to an area where legal and regulatory lines are blurred.  The format that the FCA has chosen to follow is helpful because of the examples and case studies illustrating when different types of cryptoassets may, in the FCA’s view, be caught by financial regulation. For this reason it has the potential to give the sector more confidence when analysing new products and services, and compares favourably to the equivalent offerings from some other regulators.  Indeed, the FCA’s draft guidance ranks alongside offerings from the Swiss FINMA and the Canadian Securities Administrators as amongst the more useful contributions internationally.

The UK’s conduct regulator will consult on the text until 5 April 2019 following which it expects to issue a final version this summer. It is also worth noting that HM Treasury will consult later this year on whether to extend the regulatory perimeter to cover cryptoassets generally (the FCA does not have the power to change the law in this area, so its guidance is focused on application of the existing legal framework).

The FCA reaffirms that it is a technologically neutral regulator meaning it does not prescribe how firms choose to deliver their services or products. This is fine in principle, but the nature of the technology and the risks posed can impact the way supervision is carried out. In this regard, for cryptoassets, the FCA is concerned about the risk of fraudulent activity, failings in market infrastructure, volatility in value and the impact of product fees accompanied by a general lack of transparency and governance. A case in point which recently hit the headlines is crypto-exchange, QuadrigaCX. This operator’s chief executive took encrypted passwords needed to access millions of dollars of assets to his grave, and investors and creditors ended up suffering losses.

Do I need to be authorised? This is the critical question for firms issuing cryptoassets or indeed marketing, buying and selling them, as well as professional advisers, and those operating trading venues. The draft guidance provides a helpful explanation of how the FCA decides whether an activity is a regulated activity and if it falls within the financial promotion regime – thereby requiring a communication to be issued or approved by an authorised person. Central to the guidance, however, is an analysis of the different nature of cryptoassets which largely dictates whether an asset falls within the regulatory perimeter or not.

While substance over form dictates, of the three generally accepted types of cryptoassets, the FCA states that:

  • exchange tokens generally fall outside financial regulation on the basis they represent a means of exchange – although often representing a volatile store of value. Classic examples include Bitcoin and Litecoin.  Despite often being referred to as “cryptocurrencies”, since exchange tokens are not generally accepted as legal tender and are not centrally issued, these tokens lack the usual features of currencies and therefore are not treated as such (this has important implications, for example, in respect of the application of e-money and payment services legislation);
  • utility tokens allow consumers to take up a current or future service or product, perhaps at a discount, and while sometimes traded speculatively they are not a MiFID financial instrument or fall within the wider concept of  a UK specified investment – in short hand they are not a security. This approach is consistent with say, Switzerland or Singapore compared with the US, which does not currently recognise the concept of a utility token. Again, in contrast to the US, just because there is a secondary market this does mean that such tokens are securities. The FCA gives the example of a car maker issuing a token that gives the right to drive one of their luxury cars. Although this token is traded on a secondary market and its price can fluctuate, as it gives no right to payment, ownership or control it is considered to be a utility token; and
  • security tokens themselves – this is where the guidance is most helpful, even if it is not exactly ground-breaking in confirming many aspects that would appear to be self-evident. With reference to different specified investments under the UK Regulated Activities Order (RAO), the FCA examines whether a token would satisfy the relevant criteria providing illustrative examples. The key question is whether a token affords holders some or all of the rights conferred on the holder of a conventional security. So for a shareholder the right to ownership or profits, or distribution of capital in a liquidation, or control over the company (e.g. by way of voting rights). In the case of a debt-security, one asks if the token creates or acknowledges indebtedness – for example, because it entitles the holder to repayment of capital over the life of the token with some form of income stream attached.  Helpfully, the FCA explains that a security will be a transferable security under MiFID 2 if it is negotiable (i.e. capable of being traded with good title passing) on capital markets irrespective of any listed status.  Summing up, in the FCA’s view if something looks like a security and quacks like a security, then it will be a security even if it is issued and held in cryptographical form.   Not revolutionary, but useful confirmation nonetheless.

Elsewhere in the guidance, there is some useful discussion of the differences between the definition of “transferable security” under MiFID and the UK definitions under the RAO – the latter is broader, with no requirement for transferability (unlike the MiFID definition) – and accordingly it is possible that tokens with transfer restrictions / which are not freely tradeable could fall outside the scope of the MiFID definitions but nevertheless could be regulated in the UK.

Also worthy of particular mention are two further types of token referred to by the FCA:

  • first, those which may lack some of the features of a classic share or debt security but, which nevertheless permit the sharing of profits or income or where an investment is managed by an issuer. This is likely to be a collective investment scheme sitting clearly within the perimeter. Such schemes are likely to require a regulated investment manager in order to operate and, furthermore, the promotion of unregulated collective schemes to retail investors is severely restricted under UK regulation, restricting the ability of such schemes to accept retail investment unless they are structured as authorised funds; and
  • secondly, products that reference other tokens are likely to be options, futures or CfDs or some other RAO investment – for example a certificate representing a security (a sort of “crypto GDR”) or “rights to or interests in” an underlying investment.

The guidance also considers whether a token might be regulated as a payment service or as e-money. The answer to the first question is no. This is because under the Payment Services Regulations, payment services are only regulated for banknotes and coins, scriptural money and e-money. So what about e-money?  This is more complex. E-money is an electronically stored monetary value which represents a claim on an e-money issuer that is given in return for funds to make payment transactions accepted by another person, and is not otherwise excluded under the e-money regulations. While the FCA confirms that Bitcoin, Ether and other virtual currencies are not e-money because they are not issued on the receipt of funds and do not represent a claim against an issuer, it emphasises that each case turns on it facts depending on the structure and circumstances. Cryptoassets, however, which seek to peg their value to a fiat currency (to reduce volatility) i.e. a “stablecoin” that are used to pay for goods or services on a network can potentially amount to e-money. If it does turn out that a token is a security, paradoxically, financial regulation may come to the rescue. There may be standard exemptions that cryptoassets in common with conventional securities can benefit from. The FCA refers to an exemption from the obligation to publish an approved prospectus for offers in the UK of less than €8 million in any 12 month period.  However, even in such circumstances, anyone operating a platform for these assets or intermediating their sale is likely to need authorisation.   Unless one of the prospectus exemptions applies, a FCA-approved prospectus may be required,

In terms of each type of cryptoasset and especially security tokens, much depends on the circumstances of each case, the structure, the rights etc. These all require careful analysis against what are complex regulations – and tokens can take a hybrid form. Another factor to be considered, where relevant, is the nature of the network. While the FCA states that this is not determinative, the greater the degree of decentralisation the less likely it is that a token will confer enforceable rights and be a security.  The fact that cryptoassets are novel and perhaps less well understood by the market and regulators adds to the need for market participants to exercise caution to avoid stepping over the perimeter without authorisation by the FCA. Professional advice is essential to avoid potential pitfalls and this may often need to encompass multiple jurisdictions – for example, the laws of the place where the tokens are issued, the laws governing the constitution of any token issuer, as well as the (potentially numerous) jurisdictions in which investors are located

As indicated, the FCA’s consultation is open for responses until 5 April 2019.  Market participants should continue to monitor the FCA’s progress, together with other developments expected in 2019.

Besides HM Treasury’s expected report on whether to extend the perimeter, the sector should also be on the lookout for the FCA’s coming consultation on the prohibition of retail sales of cryptoasset derivatives e.g. referencing Bitcoin – a measure that would go beyond ESMA’s restrictions on consumer sales of CfDs which includes cryptocurrencies. The FCA is also due to publish a report during 2019 on the results of consumer research on the use of cryptoassets. More generally, the UK Taskforce will continue to monitor developments and regularly review the UK’s policy in this area. Having said that, in common with the FCA’s low priority approach to the sector, the Taskforce has limited resources, and reportedly, a dedicated staff of just four, so we should not expect too much more in the way of guidance in the immediate future.


Mark Simpson is a partner in the Financial Services & Regulatory Group in the London office where he practices in the areas of financial regulation, financial crime, and regulatory investigations. He is a member of the Firm's EMEA Financial Services & Insurance Steering Committee, as well as its Global Funds and FinTech Groups. He participates actively in industry bodies including the Alternative Investment Managers Association. He has authored a number of articles and other publications, most notably acting as a general editor of and contributor to the International Guide to Money Laundering Law and Practice, and A Practitioner's Guide to the Law and Regulation of Financial Crime.


Sue McLean is a partner in the IT/Commercial Practice Group in Baker McKenzie's London office. Sue advises clients on technology, sourcing and digital media business models and deals, as well as the legal issues relating to the implementation of new technologies. Sue advises clients (both customers and suppliers) on a wide range of technology matters including outsourcing, digital transformation, technology procurement, development and licensing, m/e-commerce, cloud computing, AI, FinTech, blockchain/DLT, social media, data privacy and cybersecurity. Sue also advises on commercial agreements and the commercial, technology and intellectual property aspects of M&A transactions and joint ventures. Sue has experience across various business sectors, including the financial services, consumer, TMT, travel and life sciences industries. She regularly speaks and writes about the impact of disruptive technologies and has a regular blog for Computerworld.


Richard Powell is a knowledge lawyer within Baker McKenzie's global financial services regulatory group where he is responsible for supporting and developing the group's legal and technical knowledge. Previously he was a member of the UK Financial Conduct Authority's Enforcement Division where he advised on regulatory cases. He has also been an editor of Bloomberg Law's UK Financial Services Law Journal.