Utility Token Offerings and Crypto Exchange Listings

Utility Token Offerings and Crypto Exchange Listings: how regulation can help? Vlad Burilov1 Tilburg Law School Tilburg University

1

Vlad Burilov is a Research Master in Law student at Tilburg Law School, Associate at O2 Consulting law firm and legal team member of KEYICO consortium. The paper was drafted for presentation at the International Conference “Blockchain, Public Trust, Law and Governance” (November 29-30, University of Groningen, the Netherlands).

1

Table of Contents Introduction .............................................................................................................................. 3 Chapter 1: Protocol tokens and application tokens .............................................................. 5 1.1.

Protocol tokens.............................................................................................................................. 5

1.2.

Application tokens ......................................................................................................................... 7

Chapter 2: Legal Structure of ICO. Security Tokens vs. Utility Tokens ..............................10 2.1.

Legal structure of ICO ................................................................................................................. 10

2.2.

Utility Tokens and security tokens............................................................................................... 11

Chapter 3. Economic analysis of ICO: consumptive and speculative intent ......................15 3.1.

Utility Token Pre-Sale to qualified investors ............................................................................... 15

3.2.

Token distribution model ............................................................................................................. 16

3.3.

Token allocation model ............................................................................................................... 20

3.4.

Valuation of Utility Tokens........................................................................................................... 21

Chapter 4. Empirical and case study of crypto exchange listing rules ...............................24 4.1.

Methodology of Empirical Study.................................................................................................. 24

4.2.

Results of Empirical Study .......................................................................................................... 26

4.3.

Case Study: Community Voting .................................................................................................. 29

Chapter 5. Listing standards of traditional securities exchanges .......................................32 Chapter 6. Regulation of Utility Token ICOs. Challenges and Solutions ............................35 6.1.

Anti-money laundering regulations.............................................................................................. 35

6.2.

Overlap with financial market regulation and ambiguity of legal qualification ............................. 36

6.3.

Benefits and drawbacks of direct regulation of Utility Token ICOs: Maltese regulations ........... 41

6.4.

Application of Sandbox regimes to collaborate token listing rules .............................................. 49

Conclusion ..............................................................................................................................52 Bibliography ............................................................................................................................54 Appendix 1 ..............................................................................................................................62 Appendix 2A ............................................................................................................................67 Appendix 2B ............................................................................................................................71 Appendix 3A ............................................................................................................................73 Appendix 3B ............................................................................................................................77 Appendix 4 ..............................................................................................................................79

2

Introduction Between January 2014 and June 2018, initial coin offerings (ICOs), the alternative instrument of financing startups through distribution of crypto tokens, raised between $13 billion and $18 billion2. Developers have used ICOs to create and finance a wide variety of decentralized online applications both business- and retail- oriented in the fields of financial services, hi-tech, media and entertainment, marketing, healthcare, etc.)3. Most of ICOs are run on top of Ethereum protocol. However, Ethereum is a general purpose development platform and therefore it has been intended to encourage developers to use blockchain and smart contracts in wider fields of finance and non-monetary applications,4 not necessarily to democratize venture financing of traditional business models. In some instances, crypto tokens fulfil this intent and serve as an integral part of technology and economics behind the project. In others – they have no purpose other than to fuel ICOs and raise financing at the early stage of the business development. The latter practice, of course, is prone to abuse, which questions the integrity of ICO market, as such. Out of 80,000 blockchain projects launched worldwide allegedly only 8% 5 are still active today. Of the 902 start-ups that launched an ICO in 2017 46%6 are cited to have been disappeared. The ICO numbers so far have no empirically evidenced jump-start effect on the blockchain applications, yet many positive effects have been observed in academic literature. Advocates use economic theory to claim that apart from the obvious benefits of financing the development costs, ICOs help to fuel the sharing economy by resolving coordination problems and attracting a critical mass of users to the project7. ICOs may be a measure of consumer demand8, may give a “quality stamp” to the projects with the most potential and may create a degree of consumer commitment and brand recognition 9. 2

The total funds raised by ICO worldwide amounted to between USD 4 billion and USD 6 billion in 2017 (the amounts raised mainly in the last few months of year), compared to USD 100 million in 2016. Since the beginning of 2018, total funds raised between 1 January and 1 June amounted to USD 9.5 billion, or nearly USD 2 billion per month. See Howell, Sabrina T., Marina Niessner, and David Yermack. Initial coin offerings: Financing growth with cryptocurrency token sales. No. w24774. National Bureau of Economic Research, 2018, at p.1 (hereinafter - Howell et al., 2018). 3 Most popular are projects developing B2B decentralized blockchain, hi-tech infrastructure, crypto-related financial services. Other popular ICO startups are not necessarily decentralized: peer-to-peer marketplaces, business services, media (advertising), entertainment (gambling, gaming), healthcare. See the empirical studies: Adhami, S., Giudici, G., & Martinazzi, S. (2018). Why do businesses go crypto? An empirical analysis of Initial Coin Offerings. Journal of Economics and Business (hereinafter - Adhami et al., 2018); Fenu, Gianni, et al. "The ICO phenomenon and its relationships with ethereum smart contract environment." Blockchain Oriented Software Engineering (IWBOSE), 2018 International Workshop on. IEEE, 2018. (hereinafter - Fenu et al, 2018); Howell et al., 2018. . 4 The Ethereum project has been intended to have both financial (payment arrangements) and non-financial application (digital identity, reputation systems, data storage, governance, cloud computing, prediction) Vitalik Buterin, “The Ethereum Whitepaper. A next generation smart contract & decentralized application platform” (2013) available at (last accessed on Nov. 13, 2018) http://blockchainlab.com/pdf/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platformvitalik-buterin.pdf , (hereinafter - Buterin, 2013). 5 According to a study by the Chinese Academy of Information and Communication Technologies (CAICT) released on May 28, 2018 See “Les crypto-monnaies”, Rapport au Ministre de l’Économie et des Finances Jean-Pierre Landau avec la collaboration d’Alban Genais, 4 juillet 2018 (hereinafter - Landau & Genais Report) (last accessed Oct. 31, 2018): https://www.mindfintech.fr/files/documents/Etudes/Landau_rapport_cryptomonnaies_2018.pdf . 6 According to a study by the site Bitcoin.com, see the Landau & Genais Report. 7 See Howell et al., 2018, Li J., Mann W. Initial coin offering and platform building. – 2018 (hereinafter - Li & Mann, 2018), Rohr, J., & Wright, A. (2017). Blockchain-based token sales, initial coin offerings, and the democratization of public capital markets (hereinafter - Rohr & Wright, 2017), 8 See Catalini, C., & Gans, J. S. (2018). Initial coin offerings and the value of crypto tokens (No. w24418). National Bureau of Economic Research (hereinafter - Catalini and Gans, 2018). 9 See Howell et al., 2018.

3

Finally, ICOs compensate initial platform developers without giving them more corporate control and at the same time may align their incentives with that of consumers: to build the value of the decentralized project and the token10. In this regard, one may wonder, why Vitalik Buterin, has publicly acknowledged that nine out of ten start-up companies issuing tokens are doomed to fail11. The problem may lie in the assumption that ICOs are designed to attract mainly consumers (not speculators) who are willing to spend tokens for services on the platform (so-called “utility tokens”). However, the reality shows that the majority of ICOs are first and foremost intended to attract investments from the public at large and for this purpose de facto favor speculation over consumption.12 First, ICOs produce freely transferable crypto tokens. Second, they facilitate the exchange of crypto tokens for traditional (fiat) currencies by listing them on crypto exchanges.13 The unregulated crypto market and free access of retail crypto investors to trading could be ultimately the main reason why the ICO market is overwhelmed with «bad ideas» and «scams»14. While the declared utility value of the tokens and plans to create a new blockchain protocol could be taken for granted by retail investors, they probably find proxies of ICO quality in news on venture capital investment into the project, clear ICO structure, third party rankings and commitment to list the token on crypto exchanges15. Listing of utility tokens on crypto exchanges provides room for an easy exit from investment which in turn could increase the share of speculative participation in ICOs, and, as a result, bring more “bad actors” into the ICO supply chain. As a corollary, unregulated crypto exchange markets could jeopardize the integrity of the startups` efforts to deliver innovative, commercially viable products and there is centralized authority to help investors distinguish the “peaches” from the “lemons” in the ICO industry. At the same time, crypto exchanges compete in the market for attracting utility tokens with the best prospects of maintaining high trade volume – the source of profits and reputational capital for the crypto exchanges. Some of them maintain elaborate token selection procedures which leverage decision-making upon the expertise of venture capitalists, blockchain professionals and crypto exchanges` community of traders. They issue their own tokens to incentivize and fuel decentralization of token listing. So, can crypto exchanges be both the disease and the cure of ICO industry? Can they act as gatekeepers: reduce fraud and uphold the minimum quality standard for utility tokens? Which regime shall govern utility token ICOs and listing: traditional securities 10

See Li & Mann, 2018, Howell et al., 2018, Rohr & Wright, 2017. Vitalik Buterin: 90% of ICOs Will Fail” in CoinJournal, Oct. 27, 2017 (last accessed Oct. 31, 2018) https://coinjournal.net/vitalikbuterin-90-icos-will-fail/ . 12 See Landau & Genais Report, at p. 11. 13 See Howell et al., 2018. 14 According to Satis Research Group 78% of all ICOs by number were scams in 2017 with the value of USD 1,34 billion and 4% of all ICOs by number failed with their value of USD 1,66 billion. Only 7% were regarded as successful with the trading value of USD 6,62 billion as of Oct., 2018. The “success criteria” were (i) deployment of a base-layer protocol or platform; (ii) transparent project road map; and (iii) code contribution activity on Github within a three-month period. See “Own Initiative Report on Initial Coin Offerings and Crypto-Assets” by Securities and Markets Stakeholder Group, European Securities Market Authority (ESMA), at p. 7 (the “SMSG Report”) available at (last accessed on Nov. 5, 2018) https://www.esma.europa.eu/sites/default/files/library/esma22106-1338_smsg_advice_-_report_on_icos_and_crypto-assets.pdf . 15 As of October, 2018 reportedly 241 crypto exchanges listed ether (Ethereum protocol token). See statistics posted by Lennart Ante in his blog post "Comparison of Blockchain Networks for Token Issuance: Oct 18" (last accessed Oct. 31, 2018): https://medium.com/sicos-publication/comparison-of-blockchain-networks-for-token-issuance-oct-18-6a9fffb74b47 . According to the Landau & Genais Report as of June, 2018 between 130 and 180 platforms were active in the world. 11

4

market regulation, new rigorous set of regulations specifically tailored to the new phenomenon or something in between: traditional exemption and safeguard provision for an offering and the listing rules adhering to a certain standard? The purpose of this paper is to try to answer these questions in several steps. The first three chapters will provide an analytical setting for understanding operational logic (chapter 1); legal structure and legal qualification (chapter 2); and economic incentives (chapter 3) underlying utility token ICOs. The fourth chapter will provide a case study of token listing rules and selection procedures based on a sample of eight crypto exchanges with a discussion following on their quality and focus. The fifth chapter will address existing traditional forms of regulating security exchanges and potential implications of imposing qualitative and quantitative requirements for listing candidates. The sixth chapter will describe problematic aspects of regulating utility token ICOs in general, will critically analyze the ICO regulations adopted in Malta as of November 1, 2018 and will discuss the benefits and risks of applying different modes of regulation to utility token ICOs. Finally, the paper will summarize theses for consideration by scholars, commentators and policy-makers.

Chapter 1: Protocol tokens and application tokens The scope of this article is limited to Ethereum-based application tokens (“utility tokens”, as defined below) and we do not focus on security tokens or cryptocurrencies. The first chapter delineates the difference between the two concepts: protocol tokens and application tokens which provides for a good starting point in understanding the nature of utility tokens. 1.1.

Protocol tokens

Most of the protocol tokens (often termed cryptocurrency, coins) are designed to be transferred on their native public blockchain network16 and to serve as a medium of exchange on that network17. For example, users of Bitcoin blockchain network agreed that bitcoin has value and therefore accept it in payment18. Therefore, the main functionality of Bitcoin blockchain network is to create protocol tokens and maintain transfers between sellers and buyers of bitcoins. The purpose of these transfers is not predefined and anyone can transfer or receive bitcoins on the network. At the same time, Bitcoin network is structured so that bitcoins are created and transferred as rewards to miners for maintenance of transactions on the network. Further, mandatory transaction processing fees are also paid by transaction parties in bitcoins to miners19. Therefore, the role of miners, autonomous token allocation (creation) method 16

A blockchain is a chronological database of transactions recorded by a network of computers. A copy of the blockchain is stored on every computer in the network (“nod”) and these nodes periodically synchronize to make sure that all of them have the same shared database. See Wright, A., & De Filippi, P. (2015). Decentralized blockchain technology and the rise of lex cryptographia (hereinafter – “Wright and Filippi, 2015”). 17 Rohr and Wright, 2017 call the creation and transfer of Bitcoin “the unifying purpose of the entire network”. 18 See Kroll, J. A., Davey, I. C., & Felten, E. W. (2013, June). The economics of Bitcoin mining, or Bitcoin in the presence of adversaries. In Proceedings of WEIS (Vol. 2013, p. 11). 19 The network is managed by an open source software protocol (“consensus protocol”) which governs how members of a blockchain network (colloquially called “miners”) process and validate protocol token transfers. In the case of Bitcoin, miners compete in

5

and the systems of transaction fees together suggest that by design bitcoin is also an integral part of the incentive mechanism which secures its general function – to be used as a means of exchange between transaction parties. In case of Ethereum, a protocol token blockchain network20, the ether token, in addition to its general payment function, also serves as a transaction fee paid by network users to miners for smart contracts’ processing. The nature of smart contracts is unique enough to suggest that ether in this particular case is an inherent part of the mechanism to provide specific services to network users (execution of smart contracts). The term “smart contract” will be defined in the next paragraph. Table 1 Protocol Tokens Design

Generated by blockchain-based protocol

Allocation Method

Blockchain protocol rewards miners

General Function

Means of exchange between blockchainbased network users which accept the token’s value (bitcoin, ether)

Additional Function

Part of the incentive mechanism to maintain General Function: -

reward from blockchain protocol to miners in a “proof of work” consensus model;

-

transaction fee (from network user to miner) in a “proof of work” and a “proof of stake”21 consensus model

Specific Function

Means of payment for execution of smart contracts (ether)

Link to blockchain

Blockchain serves the function of transaction ledger. Miners validate transactions and receive protocol tokens in return

spending their computational resources to generate a valid block and add it to the blockchain ledger (“proof of work” consensus mechanism). Having added the valid block, the miner receives Bitcoins as a reward from the blockchain protocol and as a small transaction fee from the party to the validated transaction. See Rohr and Wright, 2017. 20 See Rohr and Wright, 2017. 21 Proof of stake (PoS) is a type of algorithm by which a cryptocurrency blockchain network aims to achieve distributed consensus. In PoS-based cryptocurrencies the creator of the next block is chosen via various combinations of random selection and wealth or age (i.e., the stake). See https://en.wikipedia.org/wiki/Proof-of-stake .

6

1.2.

Application tokens

To determine the nature and functions of application (app or platform) tokens we shall elaborate more on smart contracts and Ethereum blockchain. As was abovementioned the specific function of ether is to enable Ethereum network users to execute autonomous computer programs called “smart contracts.” Potential functionality of smart contracts is very broad and may be generalized as intermediation of “economic or social activity online”22. For the purposes of the analysis, one specific function of Ethereum enabled smart contracts shall be highlighted – creation of application tokens. How smart contract issues app tokens Most of the existing app tokens are derivative from (built on the top of) Ethereum network. They are created by software developers (collectively, “Issuer”) who are in the process of developing an online application, service or platform (“Platform”, “Application”). The Issuer often uses a standardized smart contract (ERC20-standard) and assigns its Platform tokens with various economic, voting, participation, consumptive, or utilization rights within its Platforms. The ERC20 smart contract acts as an electronic agent for both the Issuer and any person to whom app token is issued by the smart contract (“Initial Token Holder”). The smart contract enables the Issuer to set a supply of Platform tokens. First, the terms of supply are coded into the program so that the smart contract understands which amount of Platform tokens to issue. Secondly, the smart contract only issues Platform tokens against a triggering event: upon instruction of the Issuer, receipt of payment in ether from token purchasers or another event that it can verify. Thirdly, upon receipt of tokens by Initial Token Holders the smart contact maintains a record of token holders and token transfers. “Initial coin offering” or “ICO” is a colloquial term for the method of financing used by the Issuer to further develop and commercialize its Application. In this case smart contracts are programmed so to issue app tokens against receipt of payment from Initial Token Holders in ether automatically or against instruction upon receipt of payment by the ssuer. “Air-drop” is a form of gratuitous issuance of app tokens to Initial Token Holders and thus it is not a method of financing but rather an incentive to use the Platform. Function of the app token In contrast to the general function of protocol tokens (medium of exchange on the native blockchain network) application tokens may have multiple functions within an individual application or organization23. Whereas the value of protocol tokens is (at least to some extent) supported by their additional functions (“proof of work” reward, transaction fees) and their blockchain network infrastructure (e.g. computational efforts in a “proof of work” mechanism), the value of application tokens stems (also to some extent) from “various economic, voting, participation, consumptive, or utilization rights” assigned to these tokens by the app developers24. Protocol tokens do not give any rights per se – network users agreed that they have value because of their underlying infrastructure. App tokens vest their holders “with predefined rights, privileges, and rewards within a

22

See Rohr and Wright, 2017. The Ethereum project has been intended to have both financial (payment arrangements) and nonfinancial application (digital identity, reputation systems, data storage, governance, cloud computing, prediction) See Buterin, 2013. 23 See Buterin, 2013. 24 See Rohr and Wright, 2017.

7

particular online application or service”25 which may be triggered either by their transfer or mere holding. In either case, determination of the infrastructure and the value model is shifted from the blockchain network to Application and to the way it is structured. For instance, a hypothetical fully decentralized Application will only process on-chain transactions where all rights embedded in app tokens are executed by smart contracts. On the other end of the scale are fully centralized Applications which host off-chain transactions (accounted only in the books of the app operator but not on blockchain) and where execution of the rights assigned to app tokens is fully contingent on the app operator and / or app participants and their respect for their contractual obligations. Thus, depending on the scale of the Platform`s decentralization an app token may “coordinate activity related to online services and other collaborative endeavors”26 by being part of the decentralized infrastructure or in a centralized ecosystem may be just a digital record certifying an entitlement to whatever the contractual framework of the app operator provides for. The latter is often the case for ICOs based on ERC20 standard because of the scalability limitations of Ethereum blockchain (as will be discussed below). Most of the app tokens are created over-the-top of existent protocol token infrastructure. Apart from Ethereum there are other blockchain platforms supporting application tokens such as EOS, Omni, Neo, Waves, Ardor, etc.27 The app tokens built on these protocols are very easy to deploy regardless of the complexity or development stage of the app. However, Ethereum ERC20 standard proved to be the first, the easiest and the most popular way to deploy an app token. Indeed, statistics shows that Ethereum-based app tokens dominate the application token market in terms of variety 28 and market capitalization29. Apparently, at least part of the success of ERC20 standard app token may be contributed to the highest level of user adoption (network participant) and market dominance of the underlying protocol token. As of October 1, 2018 ether is listed on 241 crypto exchanges, has the daily trading volume of more than USD2 billion, daily active (user) addresses of more than 215,000 and market capitalization of more than USD23 billion30. However, the level of user adoption of ERC20 standard app tokens is hardly as impressive. Surprisingly enough, EOS-based applications account for 2x times the number of daily users and 3x times the daily number of on-chain transactions as compared to Ethereum-based apps31. This is understandable given that the scaling limita25

See Rohr and Wright, 2017. See Rohr and Wright, 2017. 27 Information on applicability of these project to application tokens may be found here: “EOS Platform — What You Should Know” in Cryptodigestnews, available on (last accessed Oct. 31, 2018): https://cryptodigestnews.com/eos-platform-what-you-should-know58da830d2aa8 ; O'Neill T. "NEP-5: NEO’s Answer to Ethereum ERC-20 Tokens" on hackernoon.com, available on (last accessed Oct. 31, 2018): https://hackernoon.com/nep-5-neos-answer-to-ethereum-erc-20-tokens-69d9b082c9e1;http://www.omnilayer.org/; Explanation of Waves platform: https://wavesplatform.com/product ; Garner B. "What is Ardor: Blockchain as a Service, Explained" (07 January, 2018) on coincentral.com, available on (last accessed Oct. 31, 2018): https://coincentral.com/what-is-ardor-blockchainas-a-service-explained/ . 28 More than 13,000 Ethereum blockchain tokens have been deployed as of October 21, 2018 according to Etherscan (https://etherscan.io/tokens). 29 Ethereum-based tokens dominate the application token market with the market share of 95% across the top 100 app tokens and 90% across the top 500 app tokens (based on market capitalization). See the post “Comparison of Blockchain Networks for Token Issuance: Oct 18” by Lennart Ante, available at: https://medium.com/sicos-publication/comparison-of-blockchain-networks-for-tokenissuance-oct-18-6a9fffb74b47. 30 EOS is ranked the second being listed on 129 crypto exchanges and having a daily active (user) addresses, market capitalization and 24h trading volume of more than 20 thousand, USD5 billion and USD629 million, respectively. Only Ethereum Classic, Qtum and NEO from all blockchain platforms for application tokens had 24h trading volume exceeding USD 100 million. Only Ethereum Classic accompanied Ethereum and EOS and passed a threshold of 5 thousand in terms of the volume of daily active (user) addresses. See Id. 31 See supra, ft. 29. 26

8

tion of the Ethereum blockchain does not allow to process more than around 15 transactions per second (as compared to thousands in case of EOS) and that Ethereum prescribes for the transaction fee system which may be at cost to the users (no transaction costs in case of EOS). Thus, a truly decentralized app model based on ERC20-standard token model by design discourages long-term user adoption which is why some Platforms hosting ERC20-standard tokens opt for a centralized off-chain model of transactions first, with a plan to shift to their own native blockchain later on. Alternatively, some business models may opt for non-fungible token standards (such as ERC-721) which favor possession of the app token over its transfer. In contrast to an ERC-20 token, a non-fungible token is unique (not one in a series of identical tokens) and is not divisible, that is, it must be transferred in whole. Apps may assign unique (meta)data to nonfungible tokens which will certify, for instance, their holders` identity, status, qualification or asset ownership. Such business models may still envisage a viable decentralized app with a high user adoption rate but low-frequency on-chain transactions. Fungibility of ERC-20 standard tokens explains potential for their liquidity. While being easy to deploy, identical and divisible ERC20-standard token has been the primary choice for ICO projects (from 50% to 85%32 of ICOs use ERC20-standard tokens)33. Table 2 Application Tokens Design

Generated by one or more smart contracts. Smart contract is created by developer of online application

Allocation method

ICO (in the majority of cases), air-drop

Function

Link to smart contract after deployment



Means of exchange with embedded rights against participants / operator of online application



Non-fungible representation of unique status of the token holder

Smart contract serves the function of the ledger and bookkeeper

Before moving to the next chapter describing ICO legal structure it shall be first mentioned that for the purpose of this article we classify application tokens as a derivative of protocol tokens and at the same time limit the scope of the underlying protocol to Ethereum. The reason for such classification is consistent with the purpose of the article which is not to provide a taxonomy of tokens but rather to limit the research to the most popular Ethereum blockchain-based token model for ICO. 32

The Ethereum blockchain is dominant, with 74 percent of tokens using the ERC20 smart contract. See Howell et al., 2018. Nearly 85% of ICOs use Ethereum (569 out of 675 according to Coin Market Cap and 381 out of 435 according to ICO Drops). See Rhue, L. (2018). Trust is All You Need: An Empirical Exploration of Initial Coin Offerings (ICOs) and ICO Reputation Scores (hereinafter – “Rhue, 2018”). Over 540 app tokens in public circulation, with a total market capitalization that has widely fluctuated, reaching over $365 billion in terms of total token supply as of January 2018. Almost half of these tokens have been deployed on the Ethereum blockchain, and the majority of these tokens have been sold in 2017 See Rohr & Wright, 2017. 33 See Rohr & Wright, 2017, Howell et al., 2018. See also Rhue, 2018.

9

Chapter 2: Legal Structure of ICO. Security Tokens vs. Utility Tokens The second chapter describes a standard legal structure of an ICO and discusses dichotomy of a “utility token” and a “security token”. 2.1.

Legal structure of ICO

ICO may be generally defined as “a kickstarter-style crowdfunding campaign that allows the public to participate in an early-stage project” and a project team to “raise financial capital to support the development of its project” across the globe34. Very narrowly defined, ICO is just an event of creation and distribution of application tokens by smart contract to initial token holders against payment (not an air-drop). Following publication of the Cooley’s Framework35 many Issuers have launched their ICOs in two stages: an investment stage where tokens are offered to qualified investors36 when the token is still not issued and not functional on the Platform (“Pre-sale”) under a standardized investment contract called Simple Agreement for Future Token (“SAFT”) and, subsequently, a public stage whereby tokens are offered to the public at the time when they are fully operational on the Platform (“Crowdsale”) under standardized agreements for commercial sale of digital goods or services (“Public Sale Agreement”). Prior to the Pre-sale stage, it is a common practice for the Issuer to draft a whitepaper37 to postulate business plan of the Platform, outline a development roadmap, technical specifications, future functionality of the token and its estimated decentralized use on the Platform, announce the terms of token sale and how the proceeds of Pre-Sale and Crowdsale are to be used (“Whitepaper”). Whitepaper is a marketing document which is usually publicly available on the website dedicated by the Issuer to the ICO. In limited instances Issuers prefer to privately circulate Whitepapers among qualified investors during the Pre-sale stage. Marketing campaigns are often the main cost of an ICO with marketing efforts of Issuers reaching global audience through ICO website, banner advertisements, press releases, conference pitches and collaboration with media outlets. A token distribution model, which usually makes part of Whitepaper, determines the total supply of app tokens throughout the Platform’s lifecycle. It may be fixed, meaning that the total supply of tokens is capped at the time of ICO and is either distributed in whole during the ICO or is subject to additional post-ICO token generation events. Alternatively, the total supply may be uncapped at the time of ICO, meaning that the Issu-

34

See Chen, Y. (2018). Blockchain tokens and the potential democratization of entrepreneurship and innovation. Business Horizons, at p. 570. 35 “The SAFT Project: Toward a Compliant Token Sale Framework”, Batiz-Benet J., Santori M. and Clayburgh J., Oct. 2, 2017 (hereinafter – “the Cooley’s Framework”). 36 A qualified investor is professional, high net wealth or sophisticated person which is recognized by the law applicable to such person as eligible to make investments of high risk. For individuals, it is common for the national legislation to set income, professional qualification and trading experience requirements which, if satisfied by such individual and attested by an intermediary, would qualify such individual as a qualified investor. 37 See id.

10

er has full discretion over the amount of tokens that will be generated after ICO takes place. A standard ICO model published in Whitepaper presupposes that apart from token sales a portion of total supply is reserved for distribution to the Issuer and its ICO advisors as a type of reward for their efforts in developing the token’s functionality on the Platform and running the ICO campaign. Additionally, a reserve may provide for future tokens to be air-dropped to Platform users or to persons who maintain or develop the Platform. A portion of tokens may also be reserved for future ICOs and for sales by the Issuer on crypto exchanges when downward pressure on the token`s market price is required in order to stabilize Platform’s cryptoeconomy (see chapter 3 below). 2.2.

Utility Tokens and security tokens

Some of the app tokens are colloquially called “utility tokens” and entitle their owners to access and consume products of the Platform38 or commit work to the Platform39. Others, are colloquially called “security tokens” and provide their holders with economic interest such as a share of profits of the Platform40. The structure of ICO and the rights assigned to tokens together determine the legal qualification of the token as a utility or a security. To better understand the importance of ICO structure in legal qualification of an app token we elaborate below on existing approaches to regulation of security tokens based on anecdotal sample of jurisdictions. From a legal standpoint, on a very general level there may be two types of security tokens. The first type by its nature falls under definition of one or more financial instruments41. Traditional transferrable securities (shares, bonds and derivatives thereof, etc.) are also financial instruments. In order to be qualified as a bond (securitized debt) under MIFID II a token shall provide a debt entitlement to its holder (nature of security) and must be capable of being negotiable on the capital markets (form of security)42. A token would satisfy the form requirement if it is distributed under a single standard (series) and under standard token sale agreements, if multiple ICO participants are present and the token is freely transferable beyond the Platform (e.g. ERC20 token capable of being listed on a crypto exchange). Importantly, the absolute majority of ICO structures regardless of the “nature of security” requirement, satisfy this “form of security” criterion. The second type is a “collective investment scheme” (also, “CIS”) qualification which stricto sensu is not a security, does not have to be “capable of being negotiable on the capital markets” and is subject to a different layer of financial market laws43. Thus, only the “nature of security” is left to be compared with the nature of the token. In very general terms, a “collective investment scheme” is an arrangement between investors and a 38

See Rohr & Wright, 2017, Adhami et al., 2018. See Howell et al., 2018. 40 See Rohr & Wright, 2017. 41 See, for instance, the list of financial instruments in the Annex I of Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU, OJ L173/349 (June 2014) (recast) (“MiFID II”). 42 Art. 4 par. 44 (b) of MiFID II. 43 See, for instance, Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers (“AIFMD”), Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (“UCITS”). 39

11

manager whereby investors contribute property and the manager contributes efforts for the purpose of distributing the proceeds from managing such property to investors44. In other words, managerial efforts and investors` entitlement to profits shall be linked together by management of the investors` property. In a typical ICO structure the property in question is fiat money or cryptocurrency received by the Issuer in exchange for app tokens. The question is, therefore, whether the Issuer manages the proceeds for the interest of token holders and whether token holders will be entitled by virtue of their contribution to profit distributions derivative from such management. A simple illustration is a crypto fund engaged in managing proceeds of token sales by investing them into crypto assets and distributing its profits through the Platform among the token holders. All the elements of an ”arrangement” are present here: profits directly resulting from management of the property are agreed to be distributed to passive investors. Conversely, at first glance there appears to be no “arrangement” in a scenario where the property is not managed in the interest of token holders but spent to develop and promote the Platform and where token holders are only rewarded for their active use or facilitation of the services on the Platform, in other words, where utility tokens are concerned. However, tradability of utility tokens on crypto exchanges gives grounds for further uncertainty which we discuss below. Remarkably, utility tokens pose the most controversial case for CIS qualification which tokens neither per se nor through the Platform entitle to any passive profits (financial or monetary entitlements45) but are still negotiable, liquid and hypothetically may be sold at a premium to their purchase price on the crypto exchange market (herein below we refer to application tokens which provide any non-financial and non-managerial entitlements to be utilized on the Platform as “Utility Tokens”). In case of Utility Tokens, definition of a “collective investment scheme” may be difficult to satisfy because the Issuer is neither engaged in (portfolio) management of the property nor obliged to distribute management proceeds to passive token holders. Consequently, the qualification depends on how narrowly or broadly regulators interpret the “managerial efforts” test. For instance, the position of Switzerland is narrow and the Swiss financial market authority (FINMA) does not apply CIS regulation to ICOs unless the proceeds of ICO are separated from the assets of the Issuer and are managed by a third party46. The position of U.S. is broad and the U.S. Securities and Exchange Commission (SEC) may apply the “investment contract” definition to Utility Tokens` ICOs despite absence of any fiduciary arrangements and distributable profits47. However, even the far-reaching U.S. “investment contract”48 concept in particular cases may be leaving Utility Tokens beyond its scope, first, because the requirement for cauSee, for instance, definition of the term “collective investment scheme” in sec. 2(1) of the Securities and Futures Act of Singapore and in Sec. 1 of the Collective Investment Schemes Act 2008 of the Isle of Man. See definition of the term “mutual fund” in the Mutual Funds Law (2012 revision) of the Cayman Islands. 45 The SMSG Report recognizes the following classification criteria of utility tokens: “non-financial entitlement”, “no decision power on the project”, provide “access to specific application or service” and “are not accepted as a means of payment for other applications”. See the SMSG Report, at par. 16 and 47. 46 See FINMA Guidelines published on Feb. 16, 2018 available at (last accessed Oct. 31, 2018) https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/1bewilligung/fintech/wegleitung-ico.pdf?la=en . 47 The United States Supreme Court has indicated that the word “profit” includes inter alia the increased value of the investment. See SEC v. Edwards, 540 U.S. 389 (2004). 48 See Securities Act, Section 2(a)(1), 15 U.S.C. § 77b(a)(1). See SEC v. W.J. Howey Co., 328 U.S. 293, 298–99 (1946) for case law interpretation of the concept. 44

12

sality between efforts and profits may vary depending on the ICO structure, namely, the timing of the token sales. According to the Cooley`s Framework49, the required link between “expectation of profits” and “managerial efforts” is very strong at Pre-Sale stage when tokens are not in circulation and are not functional on the Platform. The Issuer uses Pre-Sale proceeds to develop and test the token`s functionality on the Platform, to market the Platform to developers and future users, to implement business plan, legal and corporate governance structure. Pre-Sale contracts (SAFTs), introduced by Cooley, are not transferable and consequently do not give rise to a market in them and are only concluded with qualified investors. As a corollary, it is suggested by the drafters of the SAFT framework that only SAFT, as a contract, is a security and the underlying token is a consumptive product sold at Crowdsale to general public50. FINMA appears to adopt a similar interpretation by suggesting that Pre-Sale of non-transferable claims to future tokens does not by itself implicate qualification of tokens as securities51. The second main argument of the Cooley`s Framework is that at Crowdsale, when a fully functional Utility Token is offered to general public followed by listing on crypto exchanges the Issuer’s managerial efforts lose predominance and the relation with “expectation of profits” becomes blurred. Once a Utility Token is fully functional on the Platform only marginal improvements will be delivered by the Issuer after Crowdsale leading to hypothetical marginal token value appreciation. Moreover, because of listing on crypto exchanges the token’s price discovery may experience a confounding influence of market forces. However, the Cooley`s Framework has faced considerable critique in terms of underlying assumptions, supporting case law and reasoning52. Apparently, the bone of contention is the term “fully functional” and “predominance of managerial efforts” which are viewed as declaratory and if considered alone, prone to ambiguity and abuse. According to the Cardozo Report it is artificial to weigh managerial efforts differently (irrespective of the ICO structure as a whole) depending on whether they were financed by qualified investors at Pre-Sale or by general public at Crowdsale. More importantly, the SAFT framework and the Issuer’s intent to feed the investment interest of qualified investors, if not kept private, may tilt the Crowdsale marketing campaign from a consumption-focused to an investment-focused53.

Under the Cooley’s framework an already-functional utility token is less likely to meet the “managerial efforts” test because purchasers who buy tokens with an eye toward profit upon resale can expect those profits to be determined by a variety of market factors that predominate the efforts of the seller in updating the token’s functionality. Because there is no central authority to exert “monetary policy,” the secondary market price of a decentralized token system is driven predominantly by supply and demand. One of the other factors could be the efforts of the development team creating the token’s functionality; but once that functionality is created, any “essential” efforts have by definition already been applied. However, the application of the technical and managerial efforts of the seller is likely the predominant factor in the price of a pre-functional utility token until it transitions to being a functional utility token. See the Cooley’s Framework. 50 According to the Cooley’s Framework, SAFT is an investment contract compliant with US federal securities laws. Therefore, the two contracts (SAFT and Public Sale Agreement) are regulated differently – SAFT under securities laws and Public Sale Agreement - under consumer protection laws. See the Cooley’s Framework. 51 A contrario interpretation of FINMA`s statement: “In the case of the pre-financing and pre-sale phases of an ICO which confer claims to acquire tokens in the future, these claims will also be treated as securities (i.e. in the same way as asset tokens) if they are standardised and suitable for mass standardised trading.” See supra, ft. 46. 52 See Cardozo Blockchain Project Research Report #1 NOT SO FAST—RISKS RELATED TO THE USE OF A “SAFT” FOR TOKEN SALES // November 21, 2017 (hereinafter - “the Cardozo Report”). See also Rohr & Wright, 2017: at 70. 53 See Cardozo Report, 2017 at p.4,5: “[S]ellers using a SAFT naturally will emphasize the speculative, profit-generating aspects of the utility tokens they are developing in a way that could trigger federal securities law scrutiny well beyond the initial SAFT sale.” 49

13

The criticism of the SAFT framework strives to reconcile legal qualification of Utility Tokens with economic realities by placing intentions of an ordinary Crowdsale participant at the center of attention54. A fully functional Utility Token alone is by itself not determinative of a consumptive intent55. Rather, the level of Utility Token’s functionality at the time of Crowdsale, the token distribution model and the focus of the ICO marketing campaign together evidence the intent of the Issuer and the corresponding expectation of Crowdsale participants. For illustration, one extreme investment-aimed ICO scenario is where the token is sold to public at the time the Platform has 1,000 registered users; 50% of the token’s total supply is air-dropped to the Issuer; the Issuer retains the ability to redeem (“burn”) tokens out of circulation, promises high market valuation for the token and listing on crypto exchanges; marketing is directed at crypto community as a whole regardless of potential interest in the use of the services on the Platform. On the other end of the spectrum is a product-aimed ICO where token is sold at the time the Platform’s active user base is 50,000; the Issuer receives a minority of tokens; the total supply of tokens is fixed without the right of redemption; marketing is focused on the utilities of the Platform and is directed at potential active users who may not purchase more than a certain number of tokens (individual purchase cap). It appears that regulators also focus on objectivized intent of Crowdsale participants. In arguing for satisfaction of the “expectation of profits from the managerial efforts of others” test SEC in the Munchee Report56 relied, inter alia, on 1) the Pre-Sale character of the token offering; 2) the offering terms providing for specific efforts of the Issuer directed at value appreciation of the token (redemption of the tokens) and at ensuring secondary market for the token; and 3) the marketing campaign directed at cryptoinvestors. In a similar vein, FINMA flags any indication of “an investment purpose at the point of issue” as indicia of a security token57. Against the above, it may be concluded that in applying securities market regulations to the nature of Utility Token regulators generally follow a case-by-case approach where not only the token functionality but also the ICO structure as a whole has to be analyzed including its token distribution and marketing framework. The purpose of the analysis is to determine whether the overall ICO structure is aimed to attract consumers to the Platform or speculators to crypto exchange trading. Absent transferability restrictions this principle-based approach leaves for the court or regulator to decide whether ICO structure shall evidence that consumption forms the only (FINMA position) or the predominant (SEC position58) intent of initial token holders. Finally, without quantitative or qualitative safe harbor requirements, best practices or interpretative guidelines there may be uncertainty as to what is “fully functional token”, how the token distribution model and the marketing campaign shall be structured to procure for solely or predominantly consumptive intent.

54

See Cardozo Report, 2017, at. p.5, See Rohr & Wright,2017 at p.56-58. See Rohr & Wright, 2017, at p. 72. 56 See the SEC Release No. 10445, Order Instituting Cease-And-Desist Proceedings Pursuant to Section 8A of the Securities Act of 1933, Making Findings, and Imposing a Cease-And-Desist Order (hereinafter - the “Munchee Report”) (Dec. 11, 2017) at p. 9., available at https://www.sec.gov/litigation/admin/2017/33-10445.pdf . 57 See supra, ft. 46. 58 See the Munchee Report. See also Rohr & Wright, at p. 56. 55

14

Table 3 ICO Legal Structure ICO campaign stages Token supply Token distribution

Rights from token



Pre-Sale (qualified investors)



Public Sale (general public)

Capped / non-capped 

Initial token holders (qualified investors, general public);



Incentives (founders, advisors, developers, Platform users);



Reserve (downward support for the market price).



Utility Token



Security Token

Chapter 3. Economic analysis of ICO: consumptive and speculative intent The purpose of the third chapter is to look at the structure of Utility Token ICO from the perspective of economic incentives. In particular, we focus on the following factors which may indicate consumptive or investment intent of the Issuer: 

Utility Token Pre-Sale to qualified investors;



Utility Token distribution model;



Utility Token allocation model;



Valuation of Utility Tokens.

3.1.

Utility Token Pre-Sale to qualified investors

Pre-Sale of tokens to qualified investors is done mainly to raise funds for development of the token`s functionality on the Platform, finance the costs of Crowdsale and market the token to potential Crowdsale purchasers. Akin to venture capital investors, qualified investors receive discounts at Pre-Sale for taking on more risk while the token is still not functional on the Platform. Similarly, the advantages of traditional venture capital financing may be observed in Pre-sale financing. First of all, qualified investors could have substantial knowledge of blockchain-based businesses and provide business-related advice or require governance-related preconditions to be fulfilled by the startup in order for the investment to take place. Secondly, Pre-Sale could help determine demand for Utility Tokens if the Pre-Sale price is not fixed but determinable by an auction in a way 15

similar to book-building in a conventional IPO process59. Finally, a high demand from qualified investors signals quality to Crowdsale participants especially if a well-known expert or institutional investor is involved60. Howel et al., 2018 observe 45 percent of ICOs in their sample to have been preceded by Pre-Sales and conclude that in fact Pre-Sales may signal value of early expert investors because such ICOs correlate with higher liquidity and volume of trade in the secondary market. 3.2.

Token distribution model

As we have established in the previous chapter regulators look inter alia at the terms of token supply to argue that the intent of the Issuer was to attract investments (speculators) rather than users, developers, partners (participants) to the Platform. Below we explain different incentives that Issuers may give to speculators or Platform participants by defining the terms of token distribution at and post ICO stage. Uncapped and capped financing As of present, hardly any regulator in the world places a cap on the amounts which a startup may raise at ICO. In order to maximize the volume of financing Issuers may structure their token distribution models without a “hard cap”, i.e. the startup will not return the oversubscribed amounts but will include them into the total supply structure after ICO is over61. One way to do it is through an auction based model where the token`s sale price is determined at the end of an ICO after all payments have been made. At the same time, maximum token supply (the number of tokens ever-to-be-issued) is fixed prior to the start of an ICO. An example of this model is AUGUR (REP) 62. Another way to raise uncapped financing is through fixing the token sale price prior to ICO and by defining the maximum token supply based on the purchase amounts received. An example of this model is Bancor (BNT). An obvious critique is that the resulting proceeds of uncapped ICO models are incommensurable to the operating needs of the startup. Moreover, moral hazard of having too much funds before the product and the governance structure are in place may put a lot of pressure on Issuers’ incentives and performance. Furthermore, leaving the maximum See Sherman, Ann E and Sheridan Titman, “Building the IPO order book: underpricing and participation limits with costly information,” Journal of Financial Economics, 2002, 65 (1), 3–29. See Derrien, Francois and Kent L Womack, “Auctions vs. bookbuilding and the control of underpricing in hot IPO markets,” The Review of Financial Studies, 2003, 16 (1), 31–61. 60 See Hellmann, Thomas and Manju Puri, “Venture capital and the professionalization of start-up firms: Empirical evidence,” The Journal of Finance, 2002, 57 (1), 169–197. 61 It is worth mentioning that an uncapped financing model may provide for a financing goal and even a contingent hard cap but there is still no absolute hard cap, i.e. the amounts collected beyond the fundraising goal or hard cap are not returned to purchasers. For illustration, Bancor (BNT) Crowdsale was to proceed for 14 days or until the “hidden” (not disclosed ex ante to public) hard cap of 80% was reached. However, during the first hour of sale all contributions were to be accepted regardless of the hidden cap. This resulted in the Crowdsale’s closure after 3 hours and oversubscription over the goal (250,000 ether) of about 146,194 ethers. See information on BNT ICO terms and results here: Bancor, "Bancor Network Token (BNT) Contribution & Token Allocation Terms" on medium.com (june 5, 2017) (last accessed on November 18, 2018): https://medium.com/@bancor/bancor-network-token-bntcontribution-token-creation-terms-48cc85a63812; Higgins S. "$150 Million: Tim Draper-Backed Bancor Completes Largest-Ever ICO" (June 12, 2017) on coindesk.com available on (last accessed Oct. 31, 2018) https://www.coindesk.com/150-million-tim-draperbacked-bancor-completes-largest-ever-ico/; Lan Wong J. "Ethereum unleashed the “initial coin offering” craze, but it can’t handle its insane success" (June 15, 2017) on qz.com, available on (last accessed Oct. 31, 2018): https://qz.com/1004892/the-bancor-ico-justraised-153-million-on-ethereum-in-three-hours/; Benartzi G. "The Community of the Currency" (June 8, 2017) in blog network blog, available on (last accessed Oct. 31, 2018): https://blog.bancor.network/the-community-of-the-currency-9770087fde17. 62 See particulars of Augur`s “live-action” sale auction here (last accessed on November 18, 2018): http://augur.strikingly.com/blog/the-augur-crowdsale. 59

16

total supply without ceiling may give “high uncertainty about the floor of valuation” of the purchaser`s stake63 and as a result “create unexpected dilution”64 of its stake in the total token supply. Uncertainty in total funding prior to the end of an ICO and the inability to reverse transactions pushes purchasers to “wait until the last hour, creating an order overload and network jam”65. Finally, an exorbitant market valuation achieved as a result of uncapped ICO may easily go down once the token is listed on a crypto exchange because the demand was fully satisfied at ICO66. On the upside, however, uncapped financing models provide a “guarantee of participation” and do not discriminate between “whales”67 and purchasers with small orders (whether speculators, long-term investors or participants of the Platform). As a result, there is no “fear of missing out”68 and no irrational haste among purchasers which makes capped Crowdsales end in a matter of hours, minutes or even seconds69. A capped financing model is more popular among ICO startups70. A capped ICO has a maximum fundraising goal which is either made known to purchasers in advance (hard cap) or revealed ex post (hidden hard cap). Tokens may be sold at a predetermined fixed price with the total supply of tokens known in advance or at a progressively changing price with the total token supply determined ex post. Regardless of the pricing model the oversubscribed amounts are always refunded to purchasers. The main advantage of a capped ICO is that it potentially leads to oversubscription 71 meaning that the demand was not satisfied at ICO which will naturally bolster the market price when the token is listed on a secondary market72. From speculative and longterm investment perspective a capped ICO provides certainty about the valuation of the tokens acquired73. The level of certainty varies, though, depending on the token allocation model discussed further below. On the downside, participation in a capped ICO may create “fear of missing out”74 and favor “whales” over other small stake purchasers. An extreme example is the Golem (GNT) and the Basic Attention Token (BAT) sale both of which had no limits on individual purchase amounts which resulted in the post-ICO 515 and 184 number of

63

See Id. "EY research: initial coin offerings (ICOs)" Ernst & Young report published on December 18, 2017 available at (last accessed on Oct. 31, 2018) (the “EY report”) https://www.ey.com/Publication/vwLUAssets/ey-research-initial-coin-offerings-icos/$File/eyresearch-initial-coin-offerings-icos.pdf. 65 See Id. 66 See the blog post “I Don't Like Big ICOs” by Changpenq Zhao (CEO of Binance crypto-exchange), available on (last accessed Oct. 31, 2018):https://steemit.com/binance/@czbinance/5mm9uo-i-don-t-like-big-icos. 67 “Whales” is a colloquial term for wealthy purchasers who acquired their wealth by early adopting bitcoin and who purchase big stakes in the token supply with a speculative, diversification or long-term investment interest. See the term explained at: https://cryptovest.com/education/crypto-giants-explained-what-are-whales/ . 68 On the “fear of missing out” see the blog post “Analyzing Token Sale Models” by Vitalik Buterin dated June 9, 2017 available on (last accessed Oct. 31, 2018): https://vitalik.ca/general/2017/06/09/sales.html . 69 For instance, the capped token sale of basic attention tokens (BAT) was completed within 30 seconds. See Russel J. "Former Mozilla CEO raises $35M in under 30 seconds for his browser startup Brave" on techcrunch, available on (last accessed Oct. 31, 2018): https://techcrunch.com/2017/06/01/brave-ico-35-million-30-seconds-brendan-eich/ . 70 Examples are OmiseGo (OMG), 0x (ZRX), Basic Attention Token (BAT), Pundi X (NPXS), Golem (GNT), Status Network (SNT), Decentraland (MANA), KyberNetwork (KNC), Aragon (ANT), Atonomi (ATMI), TRON (TRX), Wepower (WPR) and many others. 71 See supra, ft. 68. 72 See supra, ft. 66. 73 See supra, ft. 68. 74 See Id. 64

17

unique token holders, respectively75. A capped ICO with no caps on individual purchase amounts creates incentives to get in first and acquire big stakes either with the aim to offload with premium at the secondary market or to pursue a long-term investment. In contrast, a capped individual participation is a prima facie evidence of a consumptive intent – first, by white listing potential purchasers Issuers create a pool of eligible ICO participants (examples are ICOs of 0x (ZRX), KyberNetwork (KNC)) and then set a maximum purchase amount per participant with such cap being increased or lifted in case the financing goal was not reached on the first day of sale. Another solution was proposed by Status Network ICO which used “dynamic ceilings”76 model with multiple hidden caps throughout the period of Crowdsale which resulted in more refunds of oversubscribed amounts than the actual amount of financing received. Participation caps and dynamic ceilings are effective tools of attracting a wider pool of ICO participants with a smaller individual purchase amount as evidenced in the below table. Table № 477 Token distribution model with a Max unique ICO buyers participation cap / dynamic ceiling

ETH spent per ICO buyer

Wepower (WPR)

22471

0.46

Kybernetwork (KNC)

21306

4.62

Status Network (SNT)

20359

27.87

Atonomi (ATMI)

14373

0.97

0x (ZRX)

11506

7.39

Golem Network (GNT)

515

1592

Basic Attention Token (BAT)

184

849

Token distribution model with no participation cap / dynamic ceiling

However, the limits on individual purchase amounts at ICO probably have no influence over the potential to attract a wider pool of token holders and transferors at the secondary market (crypto exchanges) as suggested by the table below. Table № 578 Token distribution model with a Unique sender / unique % of total supply held See Lennart Ante`s blog post “A Look at On-Chain Data of 25 Tokens on the Ethereum Blockchain” available here (last accessed on November 18, 2018): https://medium.com/sicos-publication/a-look-at-on-chain-data-of-25-tokens-on-the-ethereum-blockchain2a8370a81d80 . 75

See description of the “dynamic ceiling” model in Hope J. "Distribution & Dynamic Ceilings", (June 5, 2017) on Medium.com, available here (last accessed on November 18, 2018): https://blog.status.im/distribution-dynamic-ceilings-e2f427f5cca . 77 The data was copied from Lennart Ante`s blog post “A Look at On-Chain Data of 25 Tokens on the Ethereum Blockchain” available here (last accessed on November 18, 2018): https://medium.com/sicos-publication/a-look-at-on-chain-data-of-25-tokenson-the-ethereum-blockchain-2a8370a81d80 . Lennart Ante collected data from Bloxy website (https://bloxy.info/). 78 See Id. 76

18

participation cap / dynamic ceil- receiver ing ratio79

by 100 wallets

Status Network (SNT)

80.62%

89.64%

Kybernetwork (KNC)

71.73%

82.98%

0x (ZRX)

69.61%

76.43%

Atonomi (ATMI)

67.51%

77.54%

Wepower (WPR)

50.62%

82.26%

Golem Network (GNT)

76.93%

75.30%

Basic Attention Token (BAT)

66.34%

67.97%

Token distribution model with no participation cap / dynamic ceiling

The low unique sender / receiver ratio may show relatively low velocity in random transfers of tokens indicating preference to hold rather than transfer. The high concentration of token holdings with the biggest 100 wallets shows that token ownership is not equally distributed and single entities could theoretically exercise significant down pressure on the market price by selling their holdings. The token distribution terms, of course, cannot influence this dynamics. Probably, the existence and adoption of the services on the token`s Platform can. Nevertheless, by placing caps on individual participation Issuers discourage speculative interest in ICO (at least from “whales”) and provide a guarantee of participation to whitelisted purchasers. One of the main concerns which is shared for both capped and uncapped financing ICO models is absolute absence of accountability for accurate, complete and not misleading character of the terms of token sale. In practice, Issuers may unilaterally and without notice alter fundraising goals, Crowdsale timeframes, participation caps and hidden hard caps without being held accountable before the token purchasers80. Publicly disclosed terms of token sale are sometimes incomplete and do not reflect the full room for discretion (and abuse) which the Issuer has left to themselves when designing the smart contract81. Purchasers may be further misled by independent audits of the smart contract where a different or amended smart contract is later deployed by the Issuer for the token sale82. Finally, independent purchasers may find it difficult to participate in the Crowdsale which is capped and does not provide for a guarantee of participation.

79

It is assumed that If the token is rotating randomly between token users / traders, the ration of unique senders and receivers should be heading toward 100%. See https://stat.bloxy.info/superset/dashboard/distribution/?standalone=true . At the same time, a low ratio “can be an indicator that (1) the token isn’t used, (2) the token isn’t used on the blockchain but inside a centralized platform or (3) the tokens use isn’t enforced through transactions (but maybe by proving ownership of it)” See supra, ft. 75. 80 On the occasions of unilateral alteration of the terms of token sales see in relation to Basic Attention Token see Leigh J. "Lessons from the Brave Token Sale" (June 1, 2017) on Medium.com, available here (last accessed on November 18, 2018): https://medium.com/@alwaysbcoding/lessons-from-the-brave-token-sale-bda2a634f34a . 81 See the EY Report, supra, ft. 64. 82 See supra, ft. 61.

19

3.3.

Token allocation model

A capped ICO does not mean that all of the ever-to-be-issued tokens are sold to purchasers. In fact, Issuers often sell only a fraction of the maximum token supply (50%80%83) to public with the remaining tokens distributed or reserved for creation (or minting) according to the predetermined token allocation model. By design of the token allocation model one could infer how robust, thought-through and well-grounded is the governance model of the Platform and of the startup. First, Issuers typically make sure that efforts of the team (founders, key employees, core developers) and advisors (blockchain experts, angels, ICO promoters and consultants), exercised prior to ICO, are remunerated with a fraction of tokens (10% - 20% of the maximum token supply84). Generally, these tokens are issued for free to their grantees after ICO is completed, however, on some occasions85 Issuers vest predevelopment “genesis tokens” to early developers before ICO and convert them into ICO tokens on completion. A natural continuation of such an incentive mechanism is to reserve a fraction of tokens (10% - 20% of the total token supply86) for compensating future employees of the startup (akin to employee stock ownership plan), technical support and development of the Platform (maintenance of on-chain transactions on the Platform, development of the Platform`s own blockchain protocol (colloquially called “mainnet”), bug bounty programs, etc. Secondly, Issuers, willing to attract new participants to their Platform, may design loyalty programs which will grant tokens only to those persons who provide or consume services on the Platform. Thirdly, ICOs with moderate financing goals may be willing to reserve tokens for further financing rounds (additional token sales). Finally, a portion of tokens may be reserved with the startup for sale on the secondary market so as to exercise a downward pressure on the market price (loyalty programs and tokens reserved for future sale or issuance together comprise 10-30% of the total supply87). It is a popular belief that a well-designed token allocation scheme may help to align incentives of the start-up`s team and Platform participants without giving away corporate control: with the common aim to build the value of the Platform and the token88. Naturally, such hypothesis may only hold if the incentive mechanism encourages long-term holding of tokens by the team. For these purposes, special limitations are often embedded into the smart contract which prohibit immediate disposal of tokens acquired at ICO by the founders (lock-up) and provide for a gradual creation and transfer of tokens to incentivize future managerial and development efforts (vesting schedules)89. In a similar vein, in order not to destabilize the token`s market price Pre-sale private purchasers90 and ICO advisors are often prevented from selling their tokens immediately on completion of Crowdsale under a lock-up provision. On very limited occasions, Crowdsale par83

The percentage is based on ICOs of OmiseGo, 0x, Pundi X, Golem, Augur, Status, Decentraland, Bancor, KyberNetwork, Aragon, Wepower. 84

See Id. See the token allocation model of Status Network supra, ft. 80. 86 See supra, ft. 83. 87 See Id. 88 See Li & Mann, 2018, Howell et al., 2018, Rohr & Wright, 2017. 89 For instance, see the allocation terms for OmiseGo, 0x, Status Network, Decentraland, Bancor, KyberNetwork, Aragon. 90 For instance, the terms of pre-sale of Filecoin provided for 12, 24, or 36 months of lock-up and discounts on the purchase price of 7.5, 15, and 30 percent, respectively. See Howell et al., 2018. 85

20

ticipants are also encouraged to hold rather than spend their tokens91. It shall be mentioned that only full automation of the lock-up and vesting features of the token allocation model enables to build trust with token purchasers and to regard these incentive plans as a true bonding (commitment) mechanism92. However, apart from a fully automated smart contract token allocation models may be centrally administered by an externally operated account, or by a smart contract with instructions given by a central operator. Such models negate the advantages of immutable governance systems: Issuers can withdraw tokens from the market, arbitrarily issue new ones, change lock-up and vesting provisions. Arguably, Issuers who have not finalized their governance and business model before opting for ICO campaign automatize the token sale but leave more discretion to themselves in implementation of the overall token allocation model. By reserving substantial share of maximum token supply with themselves (sometimes up to 95%93) Issuers may exercise the “central bank” function over the token`s circulation which could give them control over the token’s market price94. This kind of concern gave rise to proposals which embed the monetary policy in the smart contract. For instance, the “safe token sale” model95 ensures that token is “sold” by the smart contract at a fixed price and the accumulated proceeds of sale in ether are automatically used to buy-back tokens at a fixed price. This strategy allegedly can preclude market price manipulation including “pump-and-dump” schemes but may be inflexible and vulnerable to security threats. It appears justified that Issuers shall have a detailed token allocation plan with implementation mechanics in place before ICO campaign is started. An impact assessment analysis shall provide rationale for setting a particular number of tokens aside and selecting a monetary policy which will not control the market price but rather complement the business plan and incentivize development of and participation in the Platform. The latter argument will be elaborated further below. 3.4.

Valuation of Utility Tokens

Utility Tokens are not backed by any form of material asset, legal tender or redemption rights and have no underlying cash flow to be used in financial modelling. According to some testimonials96, the equation of exchange97 (MV = PQ) shall be the cornerstone of Utility Token valuation. This means that the total number (mass) (M) of tokens in circulation multiplied by their turnover (velocity) (V) in a given period shall equal the quantity (Q) of the digital service (resource) being performed in a given period on the Platform multiplied by the price (P) of such service. 91

For instance, Pundi X token sale provided for a vesting scheme whereby a purchaser would only receive 30% of tokens at ICO and the rest 70% in installments provided that the tokens are not disposed for 36 months. See the allocation terms of Pundi X at https://pundix.com/pdf/PundiX_Whitepaper_EN_Ver.pdf . 92 See Howell et al., 2018. 93 The Gnosis Network had sold only 4.5% of it’s token supply for USD12.5 million. See "Gnosis token sale ends with $312.8 million raised in minutes" (april 24, 2017) on CryptoNinjas, available on (last accessed on Oct. 31, 2018) https://www.cryptoninjas.net/2017/04/24/gnosis-token-sale-ends-312-8-million-raised-hour/ . 94 See supra, ft. 58. 95 See the blog post by Zamfir V. “A safe token sale mechanism” (March 13, 2017) on medium.com, available on (last accessed on November 18, 2018): https://medium.com/@Vlad_Zamfir/a-safe-token-sale-mechanism-8d73c430ddd1. 96 The EY Report, See Chris Burniske`s blog post (Sep. 24, 2017) on medium.com, available on (last accessed on November 18, 2018): https://medium.com/@cburniske/cryptoasset-valuations-ac83479ffca7. 97 Bordo, M. D. (1989). Equation of exchange. In Money (pp. 151-156). Palgrave Macmillan, London.

21

The first problem in applying the equation of exchange to practice is that few very startups leverage their ICOs on an existent minimum viable product (MVP) or a prototype98. Even if the MVP exists the user adoption rates are weak, to say the least99. Consequently, one does not calculate the right side of equation (PQ) based on the existing adoption rate of Utility Token Platform but rather on the expected future value of such Platform. In a similar vein, the left side of the equation (MV) cannot be calculated based on the existent high velocity of Utility Tokens which is the result of speculation on crypto exchanges but not of trade in digital services100. Consequently, it may be concluded that in order to design Utility Token allocation model and implement the monetary policy (in other words, to understand how many Utility Tokens are needed to serve the supported Platform) the startup shall make at least two initial assumptions: about the expected future value of the serviced economy (PQ) and about the expected velocity of transactions in that service (V)101. Future value of the serviced economy There appears to be a fundamental problem in applying the exchange equation to Utility Tokens. For illustration, in the case of the Filecoin Platform the PQ will be the amount of storage expected to be serviced in gigabytes (Q) at the time Filecoin reaches its target market share (say, 10 years) multiplied by the price per GB (P). Conversely, to make just one calculation (PQ) one shall assume the size of the relevant market in services ten years from its deployment on the Platform, the share that the Platform will take of the market at that time and what the service`s (e.g. per GB) price will be at that time102. The second problem with applying the exchange equation was underpinned by Anshuman Mehta103 who noted that calculation of P (e.g. price per GB) in U.S. dollars is conceptually incorrect because the left side of equation is expressed in Utility Tokens which means that P also shall be expressed in Utility Tokens as a unit of account. Otherwise, the equation becomes circular: to produce U.S. denominated revenues Filecoin users shall first buy Utility Tokens at a certain Utility Token / U.S. dollar exchange rate (distinct from 1:1) and then transfer them as transaction fees to service providers. Similarly, transaction fees, when received in Utility Tokens, may not be accounted for as revenues unless fixed according to U.S. dollar exchange rate at a certain date. If the Utility Token / U.S. dollar exchange rate was 1:1 one could assume that the transaction fees in Utility Tokens are an equivalent of the same amount in U.S. dollars and thus the ten years` revenues in Utility Tokens would equal revenues in U.S. dollars. But this would be pointless for the purpose of MV = PQ equation since we arbitrarily fixed the price of Utility Token at 1 USD. At the same time, if the Utility Token`s price is variable it is absolutely 98

0x, Brave browser of Basic Attention Token, Wepower are examples of MVP / prototype-based ICOs. According to “State of the Dapps” statistics for the Monthly Active dapp Users shows (as of Oct. 29, 2018): OmiseGo – 7, 718 (raised USD 25 million at ICO on June 23, 2017), Bancor – 3,191 (raised USD 153 million at ICO on June, 12, 2017), 0x – 843 (raised USD24 million at ICO on Aug. 16, 2017), Augur – 369 (raised USD 5 million at ICO on Aug. 1, 2015). See the source here: https://www.stateofthedapps.com/rankings . 100 Today, the market value and the trade volume of all Utility Tokens seems to be disproportionately high relative to their platforms` adoption rate. According to Coinmarketcap statistics for the market capitalization / 24h trade volume shows (as of Oct. 29, 2018): OmiseGo - USD 450,773,436 / USD 23,434,465, 0x - USD 442,279,939 / USD 15,245,630, Bancor - USD 76,708,014 / USD2,430,363, Augur - USD 163,621,186 / USD 2,447,378. See the source here: https://coinmarketcap.com/ . 101 See Burniske, Chris and Tatar, Jack. Cryptoassets: The Innovative Investor’s Guide to Bitcoin and Beyond. New York: McGrawHill Education, 2017. At p. 178 (hereinafter – “Burniske & Tatar”). 102 See Id. 103 See Anshuman M. “MV=P…Que? Love and Circularity in the Time of Crypto” (Feb. 23, 2018) on medium.com, available on (last accessed on Oct. 31, 2018) https://medium.com/@anshumanmehta/mv-p-que-love-and-circularity-in-the-time-of-cryptodb70c9d5c015. 99

22

impossible to calculate in advance the aggregate amount of U.S. dollar equivalent which will be spent on the purchase and transfer of Utility Tokens in the next 10 years. Velocity of trade in services Because It is very difficult to estimate future V when there is no trade in services on the Platform it is a common practice among startups to arbitrarily estimate it based on projected user adoption and token holder incentives104. However, even if the Platform is actively used and there is turnover the process is not easy. One shall first deduct from the turnover on-chain data transactions made for speculative purposes. Velocity of “0” shall be attributed to Utility Tokens which are bonded or staked in the “proof of stake” consensus mechanism, and which are held as investments105. This means that when the total supply of Utility Tokens is divided by the volume of transactions the resulting figure shall be adjusted pro rata to the zero-valued Utility Tokens. Token price paradox Why velocity is so important to the startup? The reason is that startup can control the pricing of transaction fees for maintenance of the digital service if the velocity of onchain transactions moves the price of Utility Token inadequately low or high. Why Utility Token price needs to be controlled? Customers are willing to pay for digital storage space in fiat currencies but may be not ready to pay for the services in Utility Tokens if they have to buy these tokens on the market for a constantly increasing price. The paradox is in the valuation loop: the value of the Utility Token is inverse to the cost of services. When the Utility Token becomes more profitable to sell on the market rather than use, more users could abandon the Platform and start speculation with the token. Naturally, the price of the Utility Token may fall with the decrease in the number of trade in services but there is no empirical evidence supporting an argument that decrease in the velocity of trade in services has more influence on the market price rather than the volume of trades in Utility Token. It shall be finally noted that the market price of Utility Token is a hindrance to the adoption of the Platform. Startups actually have to control the market price and the resulting price of trade in services by increasing total circulation through inflation mechanisms, additional issuances and sales or by taking tokens out of circulation through buy-backs and burns. Arguably, for an ordinary user (not cryptocurrency investor) there is no added value in the fluctuating price of the Utility Token and vice versa, for the crypto investor, investment is the only meaningful purpose of acquiring Utility Tokens. One could wonder why a startup willing to bring about network effects, commercialize and incentivize active users to consume services on the Platform would voluntarily want to substitute trade in services on the Platform by the trade in tokens on crypto exchanges. Complexities and risks of controlling the marked-to-market price of service fees further add grounds to the argument that Utility Tokens, if listed on crypto exchanges, are securities.

104 105

See Id. See supra, ft. 101.

23

Chapter 4. Empirical and case study of crypto exchange listing rules 4.1.

Methodology of Empirical Study

The methodology of our case study is as follows. We have compiled a sample of eight crypto exchanges with a different trading volume106: Binance (#1), OKEx (#3), Huobi (#4), Bibox (#8), BitFinex (#9), Kraken (#25), Poloniex (#49), GBX (n/a). The selection was predetermined by availability of public information on the listing application process (including the application form), token selection guidelines and procedures (including community voting). The information was manually retrieved from the primary source (support section or account interface of the crypto exchange website). We have selected as a single point of reference the Digital Asset Framework published by crypto exchange Coinbase107. The framework is used by Coinbase to make an initial recommendation of which new asset to add to GDAX (Coin Base Pro) crypto exchange. The framework appears to be the most comprehensive example of methodology applied by a given crypto exchange to token selection process. The framework consists of six main headings: 1) Mission and Values; 2) Technology; 3) Legal & Compliance; 4) Market Supply; 5) Market Demand; 6) Cryptoeconomics. Each heading is broken down into one-to-four subheadings: 1) Mission and Values 

Open Financial System

2) Technology 

Security and Code



Team



Governance



Scalability

3) Legal and Compliance 

Regulation

4) Market Supply 

Liquidity



Global Distribution

5) Market Demand 

Demand



Network Standards

6) Cryptoeconomics 106 107

Adjusted 24h volume as of 09.10.2018 sourced from coinmarketcap.com. Available on (last accessed on November 18, 2018) https://www.gdax.com/static/digital-asset-framework-2017-11.pdf.

24



Economic Incentives



Token Sale Structure

Each of the subheadings of the Framework has a clarification comment so that a particular subject or aspect of the subheading is clarified, e.g. “Scalability” – “Assessment of a network's potential barriers to scaling and ability to grow and handle user adoption”. Each of the subheadings is further broken down into one to six categories describing particular quality feature of the subheading and also followed by a clarification comment, e.g.: 1) Technology 

Security and Code (Assessment of engineering and product quality) o Source Code (open-source code, well-documented peer-review, and testing by contributors); o MVP / Prototype (working alpha or beta product on a testnet or mainnet); o Security & Code [demonstrable record of responding to and improving the code after a disclosure of vulnerability, and a robust bug bounty program or third party security audit].



Team



Governance



Scalability

See Appendix 1 for the text of the full Framework. We allocated each category to one of the four indicia 1) Product; 2) Governance; 3) Market 4) Legal (See Appendix 2A). Product-related categories address innovativeness, quality, commercial viability and user adoption of the blockchain infrastructure developed by the token listing applicants. Governance-related categories address experience of the applicants in bringing venture projects to market and the consensus mechanism (if any). Market-related categories address liquidity, investor demand and the token supply (total supply, inflation rate, circulation). Finally, Legal-related categories address regulation (securities market laws, payment services laws, KYC/AML requirements). Some of the categories fall under more than one indicia. For instance, category 5.1.1. Consumer Demand falls under both the Product indicia (number of Product’s users) and under the Market indicia (number of participants in ICO). We allocated Productrelated categories to one of the six headings: 1) Technology; 2) Scalability; 3) Open Financial System; 4) Consumer Demand; 5) Network Effects; and 6) Economic Incentives; and Market-related indicia to one of the two headings: 1) Liquidity; and 2) Investor Demand (See Appendix 2B). We analyzed the context of the listing application forms (questionnaires) of all crypto exchanges in the sample. We modelled hypothetical rationale for including each question or request for data in the application forms by allocating such questions and requests to one or more categories of the Framework. If the an25

swer to the question or the data requested could plausibly be the source of one or more of the qualification categories, then we designated such question or request with such category(-ies). Then, we analyzed the information related to the token selection policies of some of the crypto exchanges in the sample (OKEx, Binance, Bittrex) which was available in the support sections of their websites. Finally, we analyzed one framework (the Circle Asset Framework) applied by the Poloniex exchange to their token selection process. Likewise, in the case of application forms, we compared the context of such policies and the Framework with the qualification categories and designated the context with such category(ies) wherever such context and categories could possibly be reconciled. From the above we inferred whether each crypto exchange in the sample had at least once addressed each of the qualification categories of the Framework in its application form, token listing policy and framework (as the case may be). If the category was addressed by the crypto exchange we gave it a score of “1” (irrespective of the number of times addressed). Conversely, we gave the category “0” score where neither of the analyzed documents and information had been at least once designated with the relevant category. Therefore, each category received the score as maximum as “8” and as minimum as “0” (See Appendix 2A-2B). 4.2.

Results of Empirical Study

Charts № 1-4 show the results with the categories in the sample grouped by their aggregate scores and the indicia / headings assigned to them.

26

The results suggest that the listing application forms and guidelines are more concerned with liquidity of the token (see Liquidity-related questions on Chart №2) than with the commercial potential, innovativeness and adoption rate of the Platform (see Network Effect-, Scalability-, Open Financial System- and Consumer Demand-related questions on Chart № 1). Crypto exchanges want to assess first compliance (Regulation, Type of Token), acknowledge themselves with crypto economics (Total Supply, Inflation), understand status of the technology (MVP / Prototype, Security and Code) and the team (Founders and Leadership) (see Chart №4).

However, generally there is no explicit evidence that blockchain or decentralization is required to be the essential basis of commercial success, competitive advantage and innovativeness of the project. Native blockchain protocol is not a prerequisite whereas justification of the token`s utility is limited to formal questions of the token`s legal qualification and not to the robustness, irreplaceability and added value of economic incentives provided by the token. 27

28

The same goes for the maintenance of the native blockchain on the Platform (Nodes, Transactions, Fees and Addresses, Consensus Process, Network Operating Costs) which are rarely mentioned exposing the general lack of specific focus on decentralization, governance and incentives (see Chart №4). Scalability of the Platform`s use, the minimum level and challenges of the Platform`s adoption, practical applicability of the token, design of the incentive mechanism and its potential to bring about network effects – such proof-of-concept driven issues appear not to form the top of the agenda for the application process. At the same time, the results of the prior ICO event (ICO investor base, Venture Investors) appear to be used more and form a proxy for investor demand (see Chart №4). Together with the analysis of the token distribution model (see the previous chapter) they could give a reasonable expectation of what the initial trading volume could look like after the listing takes place. Remarkably, commitment to some basic consumer- as opposed to investor-focused governance rules during the ICO (Participation Equality, Ethics or Code of Conduct) is not explicitly valued (see Chart №4). The levels of consumer demand (Community Activity, Product`s User Base, Product Partnerships) seems to be of relatively high importance together with investor demand (ICO investor base, Venture Investors) which in aggregate could have a direct influence on liquidity potential of the token (see Chart №4). However, there is no evidence that the questions give substantial weigh to inclusiveness of community and external developers into the governance, consumer feedback and technology development process. There is no indication that the community and developers shall necessarily support and understand the vision of the project and be directly interested / involved in its use. The relation between the history of development milestones and dynamics of community growth is also not emphasized. Finally, the least number of questions deals with the values and quality stand of the business model (Economic Freedom, Equality of Opportunity, Type of Blockchain and Decentralization (See Chart №1 and Chart №4)). 4.3.

Case Study: Community Voting

“Community voting” is a method of token listing procedure whereby generally community of the crypto exchange votes with the crypto exchange tokens they hold for the tokens they want to be listed and receive in return tokens of the newly listed startup. Such technique forms part of the decentralized governance structure of some crypto exchanges (e.g. OKEx, HADAX (HUOBI), EthFinex (BitFinex), Bibox) but is not applied by others (e.g. Binance, Coinbase, Bittrex, Poloniex). For instance, Binance CEO claims that community voting “favors whales” implying that the minority of large crypto exchange token holders can have a determinative say in the token selection process. Ethfinex crypto exchange which adopts such method admits that sometimes it is not effective in attracting deep and high volume markets after listing. However, the adopters of community voting often mitigate that risk by making it only the part of the token selection procedure (e.g. HADAX (HUOBI), Bibox), by introducing it only as one of the methods to list a token (e.g. OKEx, EthFinex (BitFinex)) or by both (OKEx). OKEx introduced three distinct methods of listing: through community voting, collaboration and community building. If the startup selects community voting, then it shall first 29

submit an application set to the listing review committee of the crypto exchange and be short listed for community vote. The review is rendered by the personnel of the crypto exchange and the pool of “prime investors” - individuals and institutions expert in the blockchain industry and holding a minimum threshold amount of crypto exchange tokens. Following successful review, the token is added into the voting list. Community of the crypto exchange can vote on the tokens included in the list with their crypto exchange tokens or with their prime investor status (one prime investor - one vote). The purpose of community voting is to further short list the candidates and to leave a list three tokens for the ultimate decision of the crypto exchange. OKEx may use a collaboration method to list tokens following an investment into the startup by Prime Investors and OKEx venture fund. Finally, a project may be listed if it has sufficient market demand and it may bring 50,000 new registered users to the crypto exchange and 20,000 of the users must be regular traders with trade balances of at least 1 ETH. Irrespective of the token listing method used the project shall produce a clear structure of marketing expenses and the record of trading liquidity. As a measure of compliance with the crypto exchange rules a security deposit shall be transferred by the listed startup to the exchange in the crypto tokens of the exchange. Following listing the deposit is monthly returned in installments but is withheld by the crypto exchange in case of irregularities, e.g. if the startup discloses inaccurate information on the token. HADAX (HUOBI) also provides for a multi-stage token selection procedure with an application first being reviewed by Endorsers, a concept which is a similar to “Prime Investors” - third party institutions, expert in crypto investment holding a minimum threshold of crypto exchange tokens which are reserved for voting. After all submitted projects are cross-evaluated by Endorsers those which score the most pass to the presentation stage. During the seven days of this stage projects work together with their Endorsers to present themselves to crypto exchange community (financial reports, project documentation, videos, etc.). Before the voting startups have to announce the voting target – the number of crypto exchange tokens they want to collect from the voting community during the community voting procedure (e.g. 100,000). They also have to deposit a portion of their tokens with the crypto exchange as a reserve for voting rewards for distribution among community members who voted for the listed token (e.g. 100 million). Thus, following successful listing crypto exchange tokens are effectively exchanged for the listed tokens (e.g. 1,000 startup token against 1 crypto exchange token) – the startup and the community members monthly receive in 12 installments the proceeds of the voting procedure. Following the presentation week the crypto exchange community votes with crypto exchange tokens for the enlisted projects. An individual may vote with fewer maximum number of tokens than institutions (4 times difference). The two startups which achieve both the voting target and the highest number of votes become eligible for listing. EthFINEX (BITFINEX) and Bibox have less elaborate rules on the token selection process than OKEx and HADAX (HUOBI). In comparison to OKEx and HADAX, Bibox has simplified rules: first, an application is reviewed by the crypto exchange and a short list of 10 candidates is formed. Second, the community votes with the crypto exchange tokens and the two top tokens will be listed within seven business days after verification of the voting results. Similar to OKEx a deposit amount of crypto exchange tokens shall be transferred by the winning startup to the crypto exchange and is returned to the startup 30

in 12 installments throughout the year. In case of delisting the fund would serve as compensation for traders. Much like in HADAX (HUOBI) community voting, Bibox requires startups to incentivize voting with rewards of their tokens but the particulars of the reward program are subject to discretion of and change by the startup. One notable difference is that in contrast to HADAX the crypto exchange tokens which are the proceeds of community voting are not transferred to the startup but form the profit of the crypto exchange and that the community voting is directly decisive – the winning token does not require further clearance and is listed within seven business days after verification of the voting results. EthFINEX standards for community voting give more discretion and equality to the voters – community voters can choose one of the two methods of community voting: the original, where they only vote with their crypto exchange tokens and the crypto exchanges preselects the tokens for the leaderboard and the new one where they can add tokens to the leaderboard and can vote for them based on the principle one trader – one vote. The top three tokens with the most votes at the end of each two-week cycle are added to Ethfinex and Bitfinex, pending a final due diligence check. Community voting appears to be approached by crypto exchanges as a complementary governance model which follows the internal token selection process (short listing). Only on one occasion as an alternative way selection process is initiated by the community (Ethfinex) with crypto exchange due diligence following the selection. Remarkably, crypto exchanges align economic incentives of both Issuers and traders by requiring the former to deposit crypto exchange tokens and the latter to vote in crypto exchange tokens (OKEx) or by requiring Issuers to adopt crypto exchange tokens as a means of fundraising and exchange for listed tokens with which votes are given (HADAX). This hybrid voting and fundraising function of crypto token is somehow reminiscent of the concept of “token-curated registries” or TCRs which are “decentrally-curated lists with intrinsic economic incentives for token holders to curate the list’s contents judiciously”108. TCR uses the “wisdom of the crowd” to decide whether to include or exclude new listing into the register. A candidate for listing in a token-curated registry submits a deposit in the registry’s intrinsic token and initiates application process. If all voters agree on the listing an application period lapses the candidate becomes listed. However, if one of the voters challenges the submission during the application period by matching the submission deposit, then the voting process begins. If the registry’s token holders decide not to list the submission then the candidate`s deposit is lost and redistributed to the challenger and to the majority voters. However, if the majority of voters decide to list the token the challenge deposit is lost and redistributed to the listed candidate and the majority voters. Potential TCR use cases include quality control, fraud prevention and whitelisting. Application of a TCR model may be interesting from the community voting perspective. For instance, rather than short list candidates the crypto exchange community could whitelist startups before or after they are scrutinized by crypto exchanges or their nominated experts. If used ex ante, TCR could be viewed as a first filter mechanism which 108

See explanation of the concept in the blog post of Goldin M. "Token-Curated Registries 1.0" (Sep. 14, 2017) on medium.com, available on: (last accessed on Nov. 18, 2018): https://medium.com/@ilovebagels/token-curated-registries-1-0-61a232f8dac7 (last accessed on Nov. 18, 2018): https://medium.com/@ilovebagels/token-curated-registries-1-0-61a232f8dac7 .

31

will leave projects without substantial community support behind. If used ex post, TCR could legitimize the listing decisions made by the crypto exchange. Naturally, if not balanced with venture capital expertise the “wisdom of the crowd’ mechanism may provide too much room for democratization and manipulation of the listing process. Another interesting observation may be derived from the role of expert voters or “Sponsors” (prime investors, endorsers) who in the case of endorsers also happen to provide expert knowledge in preparation to community voting (financial reports, project documentation, videos). The crypto exchange token may align the incentives of the Issuers, Sponsors, the exchange and the community and substitute other protocol tokens (e.g. ether) as a means of fundraising. Hypothetically, a structure is possible whereby a startup raises venture financing under SAFT agreements which requires the startup to issue its tokens directly at a particular crypto exchange in future and receive the crypto exchange tokens as proceeds of the community votes, in return. Such “Safe Agreements for Future Listing” could be offered by Sponsors who are institutional or individual blockchain investors and who provide expert knowledge and assistance to the startup in preparation for the community voting stage. To sum this chapter, blockchain-based governance models provide new opportunities not only to democratize the token listing process but also to balance it between the “wisdom of the crowd” and expert knowledge. Hypothetically, to mitigate the negative effects of present ICO models (uncapped funding goals and participation, applicability of blockchain to the Platform, investor-oriented token supply, commercial viability) one could think of limiting ICOs to primary listings on crypto exchanges with a focus on regulating the listing rules and listing intermediation which is the subject of the next chapter.

Chapter 5. Listing standards of traditional securities exchanges The present chapter is aimed to analyze listing rules and governance of traditional securities exchanges and to draw some comparisons with Utility Token listing rules and governance of crypto exchanges. The role of traditional securities exchanges as “gatekeepers” has been often associated with their listing standards. By introducing and enforcing quantitative and qualitative listing standards, stock exchanges perform a screening function which informs traders` investment decisions and hypothetically can solve the 'lemons problem' described by George Akerlof109. In a similar vein, comprehensive listing rules and reputation of the exchange can together present the required “quality stamp” and a proxy for quality of the listed company. Quantitative and qualitative listing standards Before a security exchange can even consider listing a stock it must ensure that the candidate is financially sound, has achieved the right stage of development the and will 109

See Harris, A. D. (2006). The impact of hot issue markets and noise traders on stock exchange listing standards. University of Toronto Law Journal, 223-280, at p. 228.

32

be capable of producing the level of velocity acceptable to the exchange. To accommodate these purposes stock exchanges impose quantitative thresholds regarding minimum financial conditions (earnings; cash flow and assets), operating history (three years of existence) of the candidate and ongoing liquidity-related thresholds (in relation to market capitalization and volume of trades). Naturally, exchanges apply different scales and weights to these thresholds. For instance, TSX in applying its standards for 'technology' companies within the industrial category has foregone an operating history requirement but instead focuses on market capitalization and is willing to list any technology company where it maintains ongoing liquidity thresholds. At the same time, in the case of TSX, the financial conditions presuppose that the amount of funds to-beraised during the listing is accounted for the purpose of the “assets” threshold but needs to be justified by the business plan and committed to specific development and capital expenditures in the detailed use of funds specification. Taking a look back at the crypto exchange listing rules we discussed in the previous chapter one could point out a similar focus on the liquidity potential of the candidate`s token (market capitalization, volume of trades, investor demand at ICO). But instead of imposing financial conditions (which are of no use because the majority of candidates are at the early development stage and have yet to show any financial results) crypto exchanges infer conclusions from the perceived quality of the technology, team, community support, governance and investor base. In traditional stock exchange listing rules the quality standard often complements financial conditions and focuses on the supportive evidence that the candidate`s business model is at the advanced stage of development or commercialization110. Such evidence includes the “fit and proper” test for the team the background, experience, and technical expertise of which is scrutinized by the listing committee. Accounting and corporate governance practices of growth stage companies are also included into consideration. Arguably, the difference between stock exchanges and crypto exchanges in this qualitycheck process is that the latter have to be very inquisitive into the technology side of the candidate’s product. When traditional stock exchanges could rely in their quality assessment on the financial track-record of the candidate and defer to internal governance and accountability check as a promise of good financial performance in future, crypto exchanges have to question commercial viability of the project if they are concerned about their reputation. It could be further argued that the moment the listing rules become focused on whether the utility, applicability and security of the underlying technology and business model has been tested, they cease to be liquidity providers and start to be venture capital crowdfunding platforms or venture exchanges. Venture exchanges and community governance A “venture exchange” is a platform which provides liquidity to small companies by listing their stock and making it available to retail investors111. Venture exchanges could act as a feeder system to the more mature organized markets like Nasdaq or Alternative Investment Market (AIM). The idea is that rather than focusing on extensive disclosure, corporate governance, and internal controls requirements venture platforms shall be ac110

See, TSX listing rules for technology companies in industrial category. See elaboration on the framework for “venture exchanges” in Schwartz, J. (2016). Venture exchange regulation: Listing standards, market microstructure, and investor protection. 111

33

tively engaged in a substantive review of the candidates and be watchful for “obvious markers of fraud”. At the same time, the minimum revenue and operational history listing requirements could assure some level of business continuity and protect against abuse and backdoor deregulation. An important distinguishing feature of venture exchanges` listing procedure could be the shift from quantitative financial requirements to the quality and innovativeness of the business concept as evidenced by community ties, in other words, by support for the company’s product and mission. In the crypto exchange setting analysis of community ties is a proxy for consumer demand. Crypto exchanges may view the community`s strength as the source of their trader base but also as a shared belief for the innovativeness and commercial viability of the product. At the same time, crypto exchanges include their trader base in the collaborative token selection process by introducing community voting. Thus, we could hypothesize a governance mechanism whereby community ties of the given startup directly participate in the collaborative token listing model. The “wisdom of the crowd” could be balanced by Sponsors who are shortlisting candidates and prepare them for community voting. Delegated token listing process The concept of delegated gatekeeping (prime investors, endorsers, sponsers) is not new and may be observed in the listing process of several traditional security exchanges, the most notable of which is the Alternative Investment Market (AIM) of the London Stock Exchange. The United Kingdom’s AIM Market is considered to be the most successful112 exchange-regulated venue for listing of companies and a feeder for listing on the London Stock Exchange. Companies listed on AIM have a small number of investors (predominantly institutional) with whom they maintain tight links. The main feature of AIM we would like to address is the relaxed admission requirements and ongoing obligations of the market and the designation of powers to select candidates for listing with private parties - the Nominated Adviser ("Nomad"). The role of Nomad includes gatekeeping, advisory, and supervisory function. In particular, Nomads shall certify that the successful candidate has passed a suitability test designed by AIM which includes principle-based requirements concerning management composition, corporate governance, business viability, market potential, and working capital. As a result, Nomads shall be capable of analyzing not only the applicant's management structure, financial and legal status but also the business plan and whether the application reached the appropriate stage of its growth cycle. Nomads, before being allowed to practice shall themselves pass a “fit and proper” test - be qualified in corporate finance, have relevant transactional experience and employ at least four qualified executives. Nomads are sometimes criticized for having a vested interest in the applicants. It appears that the conflict of interest may arise when the party subject to listing process is also the one that pays for it. Nevertheless, Nomads are legally responsible for misstatements and irregularities of their supervised applicants and may incur civil and criminal liability. However, in practice liability is rare113. It is also argued sometimes that the Nomad’s role of reputational intermediary could be served by other qualified investors instead of compensated finan-

112 113

See Id. At p. 26:28. See Id. At p. 27:28.

34

cial intermediaries114. Finally, much like securities exchanges Nomads have to find a trade-off between their reputational capital and the number of applicants to enroll. In order to qualify as a Nomad a firm would need to (i) have practiced corporate finance for at least the last two years; (ii) have acted on at least three relevant transactions during that two year period, and (iii) satisfy the “qualified personnel” standard.

Chapter 6. Regulation of Utility Token ICOs. Challenges and Solutions The present chapter will provide a mapping of policy actions rendered so far on the subject of ICO regulation and classification of Utility Tokens. We conclude the chapter with a case study on the Maltese ICO regulations and a discussion on the potential function of different modes of regulation. 6.1.

Anti-money laundering regulations

Five years have passed after the demise of the notorious Silk Road web black market and after the related money laundering conspiracy involving the bitcoin exchange BitInstant115 has been revealed. Since then no one appears to doubt that intermediation of virtual assets (the term used by Financial Action Task Force (FATF) which is sufficiently broadly defined to include both protocol and fungible application tokens 116) shall be subject to anti-money laundering regulations. On the EU level custodian wallet providers and providers engaged in exchange services between virtual currencies117 and fiat currencies have been subject to anti-money laundering and countering the financing of terrorism (AML/CFT) requirements (customer due diligence, transactions record-keeping, suspicious activity reporting, etc.) and required to be registered with the national authorities responsible for AML supervision118. In a similar vein, FATF Recommendations have been amended in order to impose AML/CFT controls on exchanges and wallet providers, including a licensing or registration regime119. Given the effectiveness120 of 114

See Id. At p. 28:28. See Raymond N. "Bitcoin backer gets two years prison for illicit transfers" (Dec. 19, 2014) on reuters.com, available on (last accessed on Nov. 5th, 2018) https://www.reuters.com/article/us-usa-crime-bitcoin/bitcoin-backer-gets-two-years-prison-for-illicittransfers-idUSKBN0JX2CW20141219. 116 A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes safe for digital representations of fiat currencies, securities and other financial assets already covered by FATF Recommendations. See “International Standards on Combatting Money Laundering and the Financing of Terrorism and Proliferation, the Financial Action Task Fource (FATF) Recommendations”, at. p. 124, updated October 2018, available at (last accessed on Nov. 5th, 2018) http://www.fatfgafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%202012.pdf . 117 “Virtual currency” is defined as "a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically". See Article 1 (2)(d)(18) of the Directive (EU) 2018/843 of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing (the “EU AML Directive”). 118 See Article (1)(c) and Article 1(29) of the EU AML Directive. 119 See supra, ft. 116. 120 The FATF program of mutual evaluation has been very efficient in the field of bringing international exchange of tax-related information to a common standard sometimes even at the expense of the rights of taxpayers. See Burilov V. "Legislative drafting in the Netherlands: the case of failed proportionality and collective win over taxpayer`s interest" at p.10. available at https://www.academia.edu/36035726/Legislative_drafting_in_the_Netherlands_the_case_of_failed_proportionality_and_collective_ win_over_taxpayers_interest . 115

35

the peer review instrument which is at the disposal of FATF it is very likely that most of the FATF member states will accord to the standard and extend their KYC / AML standard to national virtual asset intermediaries. Remarkably, the extension of KYC / AML requirements to ICO promoters is prescribed by neither the EU Directive nor the FATF Recommendations. Nevertheless, sixteen countries, including Switzerland, have already made Issuers subject to AML/CFT rules and procedures121. The Landau & Genais Report observes two alternatives in this respect: an opt-in (optional) application of AML / CFT rules in their entirety to ICO promoters or an ad hoc partial application of the rules based on the assessment of money-laundering risks posed by particular token in question122. From a practical perspective ICO promoters may in fact be willing to opt in or subject themselves to such an assessment in order to streamline their relationships with banks and payment processors. Banks will be more willing to open bank accounts and process fiat transactions of a licensed / registered ICO startup. 6.2.

Overlap with financial market regulation and ambiguity of legal qualification

Absent direct regulation or clear exemption Utility Tokens, if qualified as security, collective investment scheme or payment instrument, may be potentially subject to financial market regulation or payment services laws together with their offerings and crypto exchange listings. This could trigger prospectus registration requirements, mandatory licensing of the Issuers and exchanges with financial conduct authorities and ongoing compliance123. However, if Utility Tokens do not fall under the definitions of existing law or are exempted by virtue of a new law, traditional regulation will not apply to the startup / crypto exchange. This, will in turn mean that no existing public policy protects token holders from the weaknesses of traditional financial markets (volatility, liquidity, credit risk, insider trading, manipulative trading practices and outright fraud). In a speech on the future of the currency dated March 2, 2018, the president of the Financial Stability Board, Mark Carney has identified three possible approaches to cryptocurrencies: isolate them, regulate them, integrate them124. The prospect for the policy decision is therefore threefold: (i) prohibition on ICOs, crypto exchanges any cryptorelated activity of financial institutions125 (“isolate them”); (ii) “soft law” statements warning that traditional regulation applies and cautioning financial institutions against servicing the cryptoeconomy, ad hoc enforcement of traditional regulation in cases of outright fraud and regulatory evasion126 (“integrate them”); or (iii) introduction of a new regulato121

See the Landau & Genais Report at 54. See Id. Including market conduct rules, cybersecurity, information reporting and disclosures. 124 See the speech by Mark Carney “The Future of Money” available on (last accessed on Nov. 18, 2018): https://www.bankofengland.co.uk/speech/2018/mark-carney-speech-to-the-inaugural-scottisheconomics-conference . 125 In China the authorities first banned banks and other financial institutions from holding and carrying out transactions in cryptocurrencies in 2013, then prohibited ICOs and crypto exchanges in 2017, finally in 2018 introduced measures against Bitcoin mining farms. In September 2017, the Reserve Bank of India indicated that Bitcoin and other cryptocurrencies were not legal means of payment and could not be used for this purpose. A month later, in October 2017, Bank Indonesia also banned the use of virtual currencies for payment purposes. 126 A quarter of the national regulators of the Financial Stability Board's member jurisdictions - in this case, the US, Chinese, French, German, Hong Kong and Swiss regulators - have already declared that they have imposed administrative sanctions against an issuer of cryptocurrencies. However, only two FSB member jurisdictions - in this case, the United States and Canada - have taken legal action against promoters or issuers of cryptocurrencies. In the United States, the Department of Justice (DoJ), in collaboration with the CFTC, opened on May 27, 2018, a judicial inquiry into possible manipulations of Bitcoin and other cryptocurrencies. The 122 123

36

ry regime for ICOs, crypto exchanges and related financial services, exemption from traditional regulation (“regulate them”). The policy choice will also determine application of consumer protection laws127 and tax laws to Utility Token ICOs and secondary trading128. In the context of ICOs regulators are mostly concerned about protecting ordinary people from being defrauded and solicited into uninformed decision-making. Volatility, security breaches and manipulative trading practices are common risks of crypto exchanges which further add arguments in favor of extending traditional regulation on Utility Token ICOs and listing. Even if one assumes that direct regulation (whether “regulate them” or “integrate them”) is the right policy approach to ICOs and crypto exchanges it is first necessary to draw a qualification line between Utility Tokens, payment tokens on the one side of the scale to which non or new regulation applies and security tokens and payment tokens to which traditional regulation applies. Then, in case of new regulation governing Utility Token offerings and listings, the policy question is whether these rules shall be analogous by design to traditional financial market rules aimed to protect interests of cryptocurrency purchasers (retail investors). As was explained in chapter 2 an ordinary person in practice is not restricted from participating in Crowdsale (in contrast to Pre-Sale which is limited to qualified investors129). The token nature is a conundrum to lawyers and regulators – are the underlying protocol and app tokens securities, collective investment schemes, payment instruments, entitlements to consumer services or a hybrid thereof? Further, which layer of regulation applies: securities laws, collective investment schemes laws, payment services laws or consumer protection laws? Finally, if the nature of the token and applicable law is known is there sufficient infrastructure and regulatory guidance in place to perform obligations required under the applicable law? Quite a few jurisdictions have deterred themselves from providing clarity on the subject leaving token holders without any reliance on official interpretation130. Others have sought to clarify the legal status of cryptocurrencies and tokens by publishing the "soft law" guidelines131. In fact, seventeen of the Financial Stability Board member jurisdictions have already enacted such guidelines, with four others actively considering such action132. The majority of the published guidelines, however, function more as a warning without instilling much certainty. They underpin the importance of a case-by-case examination of whether a particular ICO or a token exchange activity is in conformity with laws already in force within their territory and provide a high-level guidance on cases of potential applicability of such laws133. FiFSB's member courts protect traditional financial markets by rejecting exchange traded funds applications for cryptocurrencies, banning one or more ICOs, prohibiting financial institutions from providing payment services to cryptocurrency trading platforms. 127 The SMSG Report points out that in the EU context by default relationship between the Issuers as business undertakings and token purchasers as consumers is governed by the Unfair Commercial Practices Directive (UCPD 2005/29/EC). See the SMSG Report, at p. 12. 128 See Tyson Cross, “Planning To Do An ICO? Don’t Forget About Taxes” Forbes (21 November 2017) (last accessed on Nov. 18, 2018): . 129 See supra, ft.36. 130 E.g. Croatia, Czech Republic, Greece, Hungary, Italy, Latvia, Poland, Republic of Cyprus, Romania, Slovakia, Slovenia, Sweden, Norway and Iceland. See the SMSG Report, at p.8. 131 See “Regulators' Statements on Initial Coin Offerings” available at: https://www.iosco.org/publications/?subsection=icostatements. 132 See the Landau & Genais Report, at p.49. 133 E.g. Austria, Belgium, Bulgaria, Denmark, Estonia, Finland, Germany, Ireland, Luxembourg, Netherlands, Portugal, Spain, United Kingdom, Lichtenstein and Guernsey. See supra, ft. 130.

37

nally, Malta, Switzerland, Gibraltar, France, Lithuania, Jersey, Isle of Man,134 Singapore135 and the USA136 provide or expect to provide for a more nuanced interpretation framework either in the form of an elaborate guideline, report on enforcement action or as part of a new law regulating ICOs with accompanying interpretations. Generally, these guidelines present a variety of divergent approaches to the typology of tokens137. For instance, FINMA (Switzerland) distinguishes between payment tokens, asset tokens, utility tokens and hybrids thereof but applies a horizontal approach by recognizing securities in either of these models based on the presence of “investment purpose at the point of issue”138. Another approach is not to provide for taxonomy but to render a nuanced interpretation of how traditional regulation applies to ICOs related services accompanied by case studies139. The US approach is to give interpretative signals to the market with the analysis of the cases subject to SEC’s, Commodity Futures Trading Commission’s (CFTC’s) and Financial Crimes Enforcement Network’s (FinCEN’s) enforcement actions140. These reports, although elaborate, are limited in their legal application only to the cases in question and therefore arguably provide only a static snapshot of what the regulator’s policy view on the subject is at the moment. Finally, the Maltese concept appears to be the first comprehensive model to be enacted so far in terms of depth of guidance and qualification procedure141. We discuss the Maltese model in detail below. Maltese approach to legal classification of Utility Tokens First of all, the VFA Act applies only to virtual financial assets (VFA), the term which by definition excludes from the new regulatory regime electronic money, financial instruments and, subject to a caveat, virtual tokens142. In the latter case, the concept of “virtual tokens” is meant to cover Utility Tokens and is defined as “a form of digital medium recordation whose utility, value or application is restricted solely to the acquisition of goods or services, either solely within the DLT143 platform on or in relation to which it was issued or within a limited network of DLT platforms”144. The first critical observation shall be made. One may view the part “solely to the acquisition of goods or services” as excessively narrowing the definition of “virtual token”. For instance, Utility Tokens may 134

See Id. See “A guide to digital token offerings” by Monetary Authority of Singapore (the “MAS Guide”) available (last accessed on Nov. 5th, 2018) at http://www.mas.gov.sg/~/media/MAS/Regulations%20and%20Financial%20Stability/Regulations%20Guidance%20and%20Licensin g/Securities%20Futures%20and%20Fund%20Management/Regulations%20Guidance%20and%20Licensing/Guidelines/A%20Guid e%20to%20Digital%20Token%20Offerings%20%2014%20Nov%202017.pdf. 136 See the Munchee Report. 137 See Id. 138 See supra ft. 46 and the discussion in Chapter 2 on utility vs security tokens and principled-based approach to qualification. 139 See supra ft. 135. 140 See the Munchee Report, See CFTC’s order G001 available at (last accessed on Nov. 18, 2018) https://www.cftc.gov/sites/default/files/idc/groups/public/@lrenforcementactions/documents/legalpleading/enfbfxnaorder060216.pdf . See FIN-2013-G001 available at (last accessed on Nov. 18, 2018) https://www.fincen.gov/sites/default/files/shared/FIN-2013G001.pdf . 141 See the Virtual Financial Assets Act, 2018 available on (last accessed on Nov. 19, 2018) https://www.mfsa.com.mt/pages/viewcontent.aspx?id=674 (hereinafter – “VFA Act”). See the Innovative Technology Arrangements and Services Act, 2018 available on (last accessed on Nov. 19, 2018) http://www.justiceservices.gov.mt/DownloadDocument.aspx?app=lom&itemid=12874&l=1 (hereinafter – “ITAS Act”). See Digital Innovation Authority Act, 2018 available on (last accessed on Nov. 19, 2018) http://justiceservices.gov.mt/DownloadDocument.aspx?app=lp&itemid=29080&l=1. 142 See section 2 (Interpretation) of Part I of the VFA Act. 143 Distributed Ledger Technology. 144 See Id. 135

38

be designed to give a variety of rights not limited to “acquisition of goods and services” including the right to render work by bonding tokens in a “proof-of-stake’ consensus mechanism or the voting rights in a token-curated registry (see Chapter 4). Consequently, under the Maltese framework such forms of Utility Tokens are arguably beyond the scope of “virtual token” definition and are regulated as virtual financial assets even though there is hardly any reasonable justification present for exempting one and regulating the other. On the other hand, non-fungible tokens (see Chapter 1) are arguably beyond the scope of “virtual financial assets” definition because they are not “used as a digital medium of exchange, unit of account or store of value”, their purpose, instead is to certify status whether in the form of identity, qualification or asset ownership. From the policy perspective this observation could be explained as a drawback of direct regulation which purports “to classify and thus to rigidify essentially moving and still unidentified objects” in the wake of “rapid evolution of technology”145. However, the above criticism does not imply that direct regulation and token classification is per se the wrong policy approach. Rather, more principle-based and generic definitions could be applied. For instance, both the Whitepaper registration proposal in France146 and the EU Crowdfunding Proposal147 use a binary approach for defining tokens based on whether they vest any “claim(-s)” to the holder or “use a counterparty” (which effectively means the same). The SMSG Report follows a similar approach by classifying utility tokens as “non-monetary entitlements” within “a specific application or service” which give “no decision power on the project”148. The second observation concerns the term “solely within the DLT platform” which excludes exchanges149. Hence, Utility Tokens are “included back” into the term “virtual financial asset” if such tokens are “exchangeable within” exchanges. At first sight it may be not clear what “exchangeable within” means: exchangeable by design, i.e. non capable of being negotiable on exchange or only “not intended to be listed by the issuer” which could provide room for wide interpretation and “directing innovations towards regulatory evasion”150. Conversely, If the former is true, then the absolute majority of Utility Token ICO models based on fungible ERC20-standard are subject to the new regulatory regime. In fact, this is the case and the underlying token standard should not allow for trading on exchanges in order to be exempt from regulation151. The potential rationale for such treatment is the need to protect investors and the market integrity by regulating only liquid tokens. This strategy is also underpinned by the SMSG Report which proposed to include transferable Utility Tokens in the MiFID II list of financial in-

145

See the Landau & Genais Report, at p.2. See article 26 of the draft law registered at the Presidency of the National Assembly on June 19, 2018 available at: (last accessed on November 19, 2018) http://www.assemblee-nationale.fr/15/textes/1088.asp#D_Article_26. 147 See the Draft Report on the proposal for a regulation of the European Parliament and of the Council on European Crowdfunding Service Providers (ECSP) for Business (COM(2018)0113 – C8-0103/2018 – 2018/0048(COD)) available at: (last accessed on November, 19, 2018) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=%2F%2FEP%2F%2FNONSGML%2BCOMPARL%2BPE-626.662%2B02%2BDOC%2BPDF%2BV0%2F%2FEN (hereinafter – “Crowdfunding Proposal”). 148 See the SMSG Report, par. 16, par. 47. 149 See Guidance Note to the Financial Instrument Test, p. 10, available at (last accessed on November 19, 2018) https://www.mfsa.com.mt/pages/readfile.aspx?f=/Files/LegislationRegulation/regulation/VF%20Framework/20180724_GuidanceFIT est.pdf (hereinafter - “Guidance Note”). 150 See supra, ft. 145. 151 See Virtual Financial Assets Framework, Frequently Asked Questions, at p. 7 available at: https://www.mfsa.com.mt/pages/readfile.aspx?f=/files/Announcements/PressReleases/2018/20181010_PressRelease_FAQ.pdf. 146

39

struments in order to regulate secondary trading in them152. However, the Maltese approach fails to apply this “transferability rule” equally to “virtual financial assets” and “virtual tokens”. As a corollary, a work token, a voting token, or a token-curated registry token could fall out of “virtual token” definition because it is not used for acquisition of goods or services but would still fall under the scope of “virtual financial asset” and VFA Act even if by design it is not exchangeable beyond Issuer’s DLT platform. Another feature of token qualification in Malta is the “financial instrument test” 153 – a questionnaire-style test promulgated by the Maltese regulator, Malta Financial Services Authority (MFSA). The test is composed of 13 qualification sub-tests154 each of which qualifications needs to be “failed” in order for the VFA Act to apply. To the extent the token is recognized as a financial instrument, money market instrument or electronic money rules on securities business, prospectus, anti-money laundering, licensing requirements continue to apply to such offering, as the case may be. Despite having specific questions in each sub-test section and interpretation guidelines the assessment framework may have certain flaws. For instance, MiFID II excludes from its the scope instruments of payment155 and therefore a token which satisfies an “instrument of payment” test would be exempt from the regulation. However, under the Maltese financial instrument framework all tokens which function as means of exchange are recognized as payment instruments and to this extent excluded from the definition of “transferable securities” under MiFID II156. This appears to be a questionable approach given that most app tokens have a hybrid nature. The “means of exchange function” is the most basic function of an app token but what distinguishes them is a combination of underlying social and economic entitlements assigned in addition to the basic means of exchange function (see Chapter 2 above). Thus, in our opinion, only protocol tokens (i) serving exclusively a means of exchange function and (ii) which give no entitlements whatsoever, could potentially be exempt from MiFID as a payment instrument. Our argument is in line with ESMA Securities and Markets Stakeholder Group’s opinion on the subject which views such limited-purpose protocol tokens (“payment tokens”) as currently unregulated under MiFID II157. Remarkably, the SMSG Report proposes to include payment tokens into the list of financial instruments of MiFID in view of the policy interest (investor protection and financial market integrity)158. It may be concluded that by focusing on regulating only exchangeable tokens direct regulation can aim to preserve control over the interfaces between the cryptocurrency world and the monetary and financial system. At the same time, regulation shall address the actors and not the products themselves. Placement of app tokens with hybrid nature into one of four buckets like “virtual tokens”, “virtual financial assets”, “electronic money” or “financial instruments” may be a very cumbersome, superficial and subjective task which raises the questions of the quality of assessments, technological neutrali152

See the SMSG Report, par. 49. See the website of the Malta Financial Services Authority at: https://mfsa.com.mt/pages/viewcontent.aspx?id=680 . 154 See Id. The list includes qualifications of virtual tokens, money market instruments, units in collective investment schemes, financial instruments under MiFID (transferable securities, derivatives, etc.) and electronic money. 155 See the definitions of “transferable securities” and “money-market instruments” under MiFID II. 156 See the Guidance Note, at p. 12-13. 157 The SMSG Report claims that all protocol tokens have mutable scarcity of supply which can be amended by software update and for this reason compares them to fiat currencies with controlled scarcity of supply. See the SMSG Report at p. 13. 158 This would also allow to consider secondary markets in such payment tokens as MiFID Multilateral Trading Facilities or Organised Trading Facilities, subject to the Market Abuse Regulation. See Id. at p. 14. 153

40

ty159,divergent regulatory approaches, regulatory missteps160, regulatory arbitrage161 and evasion. Is there something we can do to increase certainty and simplify the rules162? In our opinion, to determine application of traditional financial market rules to Utility Tokens regulators shall strive to apply a generic classification based on binary economic characteristics which would demand a simple yes/no answer. Where it is not feasible, a principle-based approach shall be applied and interpretative case studies published. For Utility Tokens falling out of the scope of traditional regulation the risk profile shall be assessed. A high risk profile may necessitate regulation of both primary offerings (mandatory Whitepaper registration, cap on the maximum investment amount, cap on the maximum fundraising amount) and secondary trading (token listing rules, market conduct rules, security, solvency, settlement, etc.) A medium to low risk profile may cause regulators to opt for mandatory licensing of crypto exchanges and leave primary offerings with a voluntary Whitepaper registration regime. A voluntary registration regime may be very appealing where a regulator is concerned163 that the new regulatory regime (including mandatory caps on participation and maximum fundraising amount, consultation on each Whitepaper and on token’s classification, ongoing disclosures and reporting, timeline and costs of collaboration, etc.) is incommensurately burdensome for the nascent and mobile market of Utility Token ICOs not covered under the scope of traditional financial market regulation. 6.3.

Benefits and drawbacks of direct regulation of Utility Token ICOs: Maltese regulations

An overview of the cryptocurrency-related regulatory measures taken to date highlights the fact that these measures were motivated more by the desire to limit risks related to the integrity of financial markets and the protection of investors than to prohibit or encourage the development of cryptocurrency-related businesses164. In this respect, varying statistics on the ICO startups’ failure to perform as committed or on the fraudulent nature165 of such commitments necessitates urgent regulatory response. Countries such as Malta166, Gibraltar167, Jersey168 and France169 already introduced or are con-

“The regulation must be . […] Outside of finance, technology offers prospects for the preservation and secure transmission of currencies. […] Standardizing actors and technology today would paralyze these advance […] We must dissociate technological innovation, which must be encouraged and stimulated, from monetary and financial innovation, which must be considered with caution. […] The regulatory effort must therefore focus on the interfaces between the cryptocurrency world and the monetary and financial system.” See the Landau and Genais Report at p. 2,44. 160 For instance, a hacker's attack on BitFinex's exchange costing investors USD 72 million is cited by many as caused by the fine and CFTC regulations which required BitFinex to store 100% of its client assets in hot wallets. See Burniske & Tatar, at p. 224. 161 The risk is that a normative classification distinguishing financial tokens or "securities" - conferring rights to income or the decision - utility tokens or "utilities" - conferring a right of use - is ultimately to offer companies wishing to raise funds a regulatory arbitrage between applicable standards depending on the nature of the asset. See the Landau and Genais Report at p. 60. 162 See Powell J. “Kraken’s Position on Regulation” (April 22, 2018) on Kraken exchange blog, available on (last accessed on Nov. 7, 2018) https://blog.kraken.com/post/1561/krakens-position-on-regulation/. 163 In 2015 the state of New York introduced a regulatory framework which required New York virtual currency operations to obtain a BitLicense from the state’s Department of Financial Services. It has been argued that because of prohibitive costs of applying for a BitLicense, by 2017 only three licenses have been granted to Circle, Ripple, and Coinbase with smaller startups quickly relocating. See Finck, Michele. "Blockchains: Regulating the Unknown." German LJ 19 (2018): 665. At 680. See Michael del Castillo, Bitcoin Exchange Coinbase Receives New York BitLicense, COINDESK (Jan. 17, 2017), http://www.coindesk.com/bitcoin-exchangecoinbase-receives-bitlicense/. 164 See the Landau and Genais Report at p. 48. 165 See supra ft. 5,6. 166 See supra, ft. 141. 167 See the document "Token Regulation" published by HM Government of Gibraltar in March, 2018 available at: (last accessed on November 19, 2018) http://gibraltarfinance.gi/20180309-token-regulation---policy-document-v2.1-final.pdf. 159

41

templating in their draft bills a form of regulatory control over the representations given by Issuers in Whitepaper and marketing information. For instance, the Maltese VFA Act, already in force, establishes a mandatory170 Whitepaper registration procedure and provides an investor protection regime based on transparency and accountability. First of all, the act establishes liability of the Issuer for direct damages incurred by either Initial Token Holder or a crypto exchange trader by reason of any “misleading or otherwise inaccurate or inconsistent” contained in Whitepaper171. This includes, inter alia, profit forecasts made in Whitepaper or any advertisements the text of which shall be included in Whitepaper. Further, statements on financial position in Whitepaper have to the be based on financial records of the Issuer172. This may be reinforced by a requirement for the Issuer to prepare audited annual accounts for each of the last three (3) financial years or for such shorter period that the Issuer has been established173. Any changes in Whitepaper before the end of the offering period shall be approved by MFSA and mentioned in a supplement appended to the Whitepaper174. Offerees have the right to withdraw their acceptance within two working days after the publication of the supplement175. Finally, the Issuer shall be liable not only for misstatements in Whitepaper but also for any damages incurred by willful or negligent failure to perform in whole or in part its obligations under the offering 176, e.g. to reach the milestones of the project. Delivery under the milestones of the project shall be closely monitored. The detailed description of the past and future DLT platform development deliverables (“milestones”) have to be included in Whitepaper and regularly accounted for in public announcements made by the Issuer prior and following the ICO event as controlled by Issuer’s VFA Agent (to be discussed below)) and MFSA177. In the event of the milestones not being met, this must be stated in the public announcement and should the delays potentially affect the risk parameters of the project, the Issuer would need to update the white paper accordingly and inform investors of their right to opt out178. It is not clear whether the right to opt out only refers to the time until the tokens are delivered and the offering is over. If this is the case, then the refund procedure is straightforward – the custodian (whether a third party or a smart contract) refunds the purchase price to the opted out investors179. However, if the regulations allow investors 168

See the Guidance Note "The Application Process for Issuers of Initial Coin Offerings (ICOs)" published by Jersey Financial Services Commission in July, 2018 and available at: (last accessed on November, 19, 2018) https://www.jerseyfsc.org/media/1999/gn-ico-july-2018.pdf . 169 See supra, ft. 146. 170 Mandatory registration of Whitepaper with the regulator is also contemplated by prospective Gibraltar and enacted Jersey regulations. Voluntary registration may be introduced in France. 171 See Art. 10(1) of the VFA Act “The issuer shall be liable for damages sustained by a person as a direct consequence of such person having bought virtual financial assets, either as part of an initial VFA offering by such issuer or on a DLT exchange, on the basis of information contained in the whitepaper, website or advertisement by reason of any untrue statement included therein: Provided that a statement included in a whitepaper, website or advertisement shall be deemed to be untrue if it is misleading or otherwise inaccurate or inconsistent, either willfully or in consequence of gross negligence, in the form and context in which it is included”. 172 See R1-3.3.9 of the “Virtual Financial Assets Rulebook, Chapter 1, Virtual Financial Assets, Rules for VFA Agents”, available at: (last accessed on November 19, 2018) https://www.mfsa.com.mt/pages/viewcontent.aspx?id=674 . (hereinafter – “VFAR 1”). 173 See R2-3.2.1.2 of the “Virtual Financial Assets Rulebook, Chapter 2, Virtual Financial Assets, Rules for Issuers of Virtual Financial Assets”, available at: (last accessed on November 19, 2018) https://www.mfsa.com.mt/pages/viewcontent.aspx?id=674 . (hereinafter – “VFAR 2”). 174 See sec. 15 of the First Schedule of the VFA Act. 175 See Id. 176 See R2-2.3.6 of VFAR 2. 177 R1-3.3.4 of the VFAR 1. 178 See R2-2.4.2 of VFAR 2. 179 See R2-2.4.4.3 of VFAR 2.

42

to opt out after they receive the tokens, then the reimbursement procedure may result to be the curse rather than the cure because of similarities to a collective investment scheme with (i) an investment management declaration in place, namely, the binding milestones and (ii) a redemption scheme with a fixed (nominal) amount of refund in case of failure to deliver under the milestones. Hence, MFSA will probably consider such extension of investor protection as superfluous. All in all, the aforementioned investor protection provisions are aimed to give legitimacy to Whitepapers stamped with regulatory approval. Investors in such ICOs can no longer waive all of the investor and consumer protections they would have availed themselves in a traditional financial transaction with a similar risk-setting. Investors, arguably, do not incur the costs of verifying the accurateness and completeness of information presented in Whitepaper (which are shifted to VFA Agent as discussed below). More importantly, mandatory disclosures of changes in Whitepaper and of updates on milestones provide investors with the statutory right to claim back their investments prior to the end of the offering period. This, in turn, encourages ICO Issuers to be more cautious about representations made in Whitepaper and to focus more on DLT platform development and communication with investors. However, following receipt of the tokens the offering lapses and the Issuer is no longer obliged to refund the investor if the milestones are not reached. This risk of losing the investment as a result of the startup’s failure (absent fraud and negligence on its part) is exacerbated by the token’s price volatility risks driven by the market which of itself is non-transparent, fragmented and unregulated. Hence, the final layer of investor protection which the Maltese ICO regulations impose (and, arguably, the most controversial) is the statutory cap on participation of each investor in a Maltese ICO. By default, the cap is fixed at equivalent of EUR 5,000 in tokens of one Issuer over a 12-month period180. However, Experienced Investors may invest into Maltese ICO as much as one percent of their net wealth provided that they are aware of risks and had previously invested in other ICOs in the amount exceeding the equivalent of EUR 10,000181. To this extent, the public policy interest follows the same logic prescribed by division of investors under financial market regulations into retail and qualified investors: retail investors are not allowed to risk losing more than they can afford. However, the Experienced Investor threshold is not of itself based on the criteria of professional investor in the context of MiFID182. In contrast to the MiFID concept, the Experienced Investor threshold is capped, meaning that a person meeting the threshold cannot invest unlimited amount of funds into the ICO (which is allowed in the MiFID context). Technological standard. Systems Audit Report. Certification In Chapter 3 we noted the difference which occurs in practice between the token distribution terms committed to in Whitepaper and those embedded into smart contract with potential room for unilateral change of the terms of token sale by the Issuer. We also 180

See R2-2.2.6.1 of VFAR2. See Id. See p.3 of the MFSA Circular "Publication of the Virtual Financial Assets Rules for Issuers of VFAs" available at: (last accessed on November 19, 2018) https://www.mfsa.com.mt/pages/viewcontent.aspx?id=674. 182 See Annex II of MIFID II. 181

43

noted at least one occasion on which an audited smart contract was later replaced by a different smart contract by the Issuer. The divergent and arbitrary practice of setting token distribution terms was also posed as a problem: purchasers are often left with no guarantee of participation in ICO and have no protection against the “central bank” function of the Issuer which by controlling reserved tokens, future issuances or executing a “burning” strategy substantially influences token`s circulation and market price. Finally, from a consumptive perspective, issuing total token supply in advance or fixing an inflation rate in a smart contract is not flexible enough to maintain stable prices for the trade in services on the decentralized Platform. Since the value of the Utility Token is inverse to the cost of services we argued that the design of the token distribution model by itself may shift the consumptive interest to that of investment. In this regard, Issuers of Utility Tokens need to justify how system functionality, usability and minimum performance levels of the existing Platform support mainstream adoption of the Platform despite “distractions” caused by the volatility of the token`s price on the market. For these purposes an independent expert quality check of the underlying technology (including the blockchain’s integration into the Platform) and smart contract (token distribution terms) is absolutely necessary to ensure the minimum transparency, integrity and viability of the startup’s commitments presented in the Whitepaper. In this regard, the Maltese Systems Audit requirements shall be described and analyzed below. Both smart contracts and DLT platforms are defined in the law 183 as innovative technology arrangements (ITAs). Under the ICO regulations184 the Issuer is required to appoint a licensed Systems Auditor which will be responsible for reviewing and auditing all of the Issuer’s ITAs, including the smart contract deployed for the token’s distribution. Prior to offering tokens in Malta the Issuer shall procure that an independent Systems Auditor prepares a report certifying that the particular elements of Whitepaper are coded into the smart contract, including token distribution terms (soft cap / hard cap, transfer limitations, refund mechanisms, dispute resolutions, vesting schedule and burning protocols)185 and that it is impossible to “unilaterally mutate, amend and, or destroy without leaving trace” the smart contract186. More importantly, prior to ICO and subsequently on an annual basis an Issuer shall procure confirmation from the Systems Auditor that the Issuer’s ITAs comply with any qualitative standards set and guidelines issued by the Malta Digital Innovation Authority (‘MDIA’)187. So far MDIA has set an audit standard in its guidelines188 which applies to both Systems Audits rendered as part of virtual financial assets’ ICO procedure and as part of voluntary certification of ITAs. In the case of an issuer of a VFA, System Auditor’s opinion shall confirm that (i) the specific Whitepaper requirements (See Appendix 3A) are fairly represented in the designed ITAs (the Platform and smart contract); (ii) the controls in relation to the ITA (the Platform) are in place which if operated effectively would meet the Control Objectives and Key Princi183

See the ITAS Act. See R2-2.4.2.1, R2-2.4.2.6 of VFAR2. 185 See R2-2.4.2.11, R2-3.2.2.4. of VFAR2. 186 See R2-2.4.2.12 of VFAR2. 187 See R2-3.2.1.2 of VFAR2., see R1-3.3.3, R1-3.3.10.2 of VFAR1. 188 See Systems Auditor Guidelines (Chapter 01, Part A), Systems Auditor Report Guidelines (Chapter 01, Part B), Systems Audit Control Objectives (Chapter 01, Part C), ITA Blueprint Guidelines, Technology Stack Nomenclature, available on (last accessed on November 19, 2018) https://mdia.gov.mt/guidelines/. 184

44

ples (See Appendix 3B). Annual confirmation of compliance with (i) and (ii) above requires Systems Auditor to provide ongoing opinions to the Issuer and MFSA on the operating effectiveness of the controls installed and procedures implemented in the context of meeting the Control Objectives. The specific Whitepaper’s content requirements subject to Systems Audit include technical features of the underlying ITAs (description of the Platform, smart contract’s, wallet’s underlying protocol; consensus algorithm (if any); security safeguards; interoperability), commercial viability-related issues (speed of transactions; risks and challenges of technology and mitigating measures; functionality of the VFA, incentive mechanisms and transaction fees) and audit of encoded token distribution terms (offering period, transferability, Soft / Hard Caps and refunds, total supply, limitations and dependencies). Remarkably, voluntary189 certification of ITA with MDIA, which also requires Systems Audit, relies on a different set of content requirements which are outlined in Blueprint (See Appendix 3A). In Blueprint the applicant shall describe the purposes, qualities, aspects, attributes, behaviors and limitations (together – “Features”) of an ITA which will be assessed by Systems Auditor against the underlying ITA. Before Blueprint is filled in the regulator requires the applicant to attribute its ITA to one or more abstract DLT layers from the taxonomy of layers (“Technology Stack”) prescribed by MDIA (Off-DLT Application Layer, DLT Application Layer (e.g. smart contract), DLT Implementation Layer (e.g. blockchain protocol) and Networking, Infrastructure and Physical). It appears that the content of Blueprint for certification reasons shall be even more detailed and specific than that of Whitepaper. For instance, Blueprint shall include a broader set of ITA’s features (including functionality, limitations, capabilities, risks, user demand and quality assurance) and shall place these features in the context of Key Principles: integrity of data processing, data availability, traceability, accessibility, privacy and confidentiality. In contrast, Whitepaper’s content requirements are neither based on Features and Key Principles, nor require the Issuer to follow a specific methodology in drafting Whitepaper. Further, unique specifications shall be included in Blueprint based on the applicability of particular DLT layer to ITA which is also not the case for Whitepaper. Finally, information security measures are addressed separately: applicants for ITA certification need to describe security algorithms and render security risk assessment. Again, this is not part of Whitepaper content requirements. Other important issues missing in Whitepaper are features that distinguish the ITA from other ITA projects of a similar nature, assessment of forking circumstances and means to address them, limitations on the operational boundaries of the system, etc. (See Appendix 3A). Arguably, Blueprint is a more detailed but onerous document, the burden which is justified by the voluntary nature of ITA certification, but which may be difficult to uphold in the context of mandatory audit of ICO-related ITAs. The second main errand of Systems Auditor in the ICO context is to check whether the Issuer’s procedures, systems and operations can effectively meet Control Objectives (See Appendix 3B). It is not clear which document enables System Auditor to render this check given that Whitepaper’s content requirements (in contrast to Blueprint re189

It is not required for ICO purposes.

45

quirements) shall not be designed specifically to fulfill this purpose. Therefore, Systems Auditor will probably be provided with additional information including the Issuer’s cybersecurity framework required to be established by law190. As part of the inquiry, Systems Auditor will have to assess information and data security roles and responsibilities; access, sensitive data and threats management policies; business continuity, response and recovery plans; security education and training, etc. As a result, Systems Auditor shall provide periodic assurances that the DLT platform while being actively developed, implemented and maintained by the Issuer before and after the ICO is operated in accordance with Whitepaper and in compliance with the Key Principles, Control Objectives and any prospective qualitative standards prescribed by MFSA and MDIA. To this extent, Systems Auditor’s opinion may become a standard not only for the purpose of ensuring the exact and secure implementation of token’s distribution terms but also for development, implementation and maintenance of a commercially viable DLT project. The imposed need to integrate and account for Control Objectives (including the Platform’s functionality, regulatory compliance, security of system operations and processing capacity) may encourage Issuers to allocate resources in advance towards building a transparent, balanced and robust operational model customized to the particular features and risks of their DLT technology. At the end of the day, the mandatory audit may cause Issuers to postpone Crowdsale and focus first on their technology and internal operations resulting in more mature businesses being brought to the market. Excessive transparency and accountability standards, however, may discourage Issuers from launching their Crowdsales in Malta, in the first place. In this regard, data localization requirements and rules for in-built mutability of DLT transactions, have a good chance of tipping the scales in favor of less pervasive jurisdictions. Both regulated ICOs and certified ITAs require the Issuer or Technical Administrator (in case of certification) to store a copy of the DLT data locally in Malta by introducing a Forensic Node concept191. Forensic Node shall be implemented by the Issuer / certification applicant and shall receive all of the data recorded within the distributed ledger and thus serve the purpose of “a live replication server” in Malta 192. To this extent, MFSA and MDIA ensure their continuous access to the DLT transactions data in Malta in case regulatory investigation or intervention is deemed necessary. In this regard, ITA certification procedure (but not ICO Whitepaper registration) requires an applicant to establish procedures and in-built technology features in its ITA which will enable Technical Administrator to intervene in the event of a material cause of loss to any user; or a material breach of law193. In this manner the policy approach establishes “conditional irreversibility of DLT transactions” meaning that to protect public interest upon request of the authority the chain of DLT transactions shall be capable of being reversed or amended (e.g. by forking of the ledger). Remarkably, only the data localization rule (but not the power to intervene) is imposed on ICO Issuers which can be the result of tradeoff between the policy interest and the practical need to make the rules attractive to startups. 190

See R2-2.5.1 of VFAR2. See ITA Blueprint Guidelines. 192 See R2-2.7.2 of the VFAR2. See Systems Audit Control Objectives (Chapter 01, Part C). 193 See article 8(4)(d)(iii) of the ITAS Act. 191

46

VFA Agent Virtually all of the abovementioned rules relating to investor protection and audit have to be organized in Malta by the Issuer through a licensed independent VFA agent. VFA Agents shall act as liaison between the Issuer and MFSA on all matters arising in connection with the registration of Whitepaper or the trading of the Issuer’s VFA on a DLT exchange. In particular, a VFA Agent shall make all submissions to MFSA on behalf of the Issuer including, inter alia (i) the results of the Financial Instrument Test signed by the Issuer and endorsed by its VFA Agent with any assumptions and / or reservations added by the latter; (ii) the signed Whitepaper after the VFA Agent satisfied itself that the Issuer’s board members were fit and proper to prepare Whitepaper and that information so disclosed was complete, accurate and not misleading; (iii) Issuer’s development roadmap (milestones) and information on any failure of the Issuer to meet such milestones; (iv) annual certificate evidencing compliance with regulatory requirements (annual Systems Auditor’s report, AML/CFT requirements, fitness and properness of the Issuer, statement of any breaches of law)194. In order to qualify as a VFA Agent, an applicant shall be (i) fit and proper; (ii) solvent and (iii) competent in terms of regulatory framework (both traditional and under the VFA Act)195. In view of such requirements it may be concluded that the role of the VFA Agent is not analogous to that of Sponsor (see Chapter 4) or that of Nomad (see Chapter 5). VFA Agents are required to have background neither in corporate finance (crypto investment), nor in technology (blockchain). Thus, the only role of the VFA Agent is to help the Issuer navigate the financial instrument test and regulatory requirements imposed by the VFA Act without necessarily advising on the merits and challenges of the Issuer’s DLT platform, long-term sustainability of the token distribution terms, prospects of user adoption and listing. Such a single-contact approach is naturally resource-effective for regulators but it is unlikely to be cost-effective for Issuers who will be required to retain VFA Agents and comply with ongoing requirements for indefinite time after rendering a Crowdsale or after being listed in Malta. Such double spending on intermediation and regulatory compliance may be less of a problem in the context of Alternative Investment Marker of the London Stock Exchange (see Chapter 5) because of the unique relaxed admission requirements established on AIM relative to other mainstream exchanges. Contrariwise, the Maltese VFA Act appears to be the first comprehensive approach directly regulating both primary and secondary VFA offerings. If one keeps voluntary Whitepaper registration proposal of France and an opt-in EU Crowdfunding Proposal in mind, in the short-term future there could be less-costly alternative regulatory regimes to consider. Maltese Listing Rules Despite investor protection rules and systems quality controls discussed above the Maltese regulatory framework so far lacks the DLT platform’s minimum viability control checks which would include critical assessment of commercial potential and user adoption of the Platform. In fact, a startup may have only a smart contract with token distribu194 195

See R2-2.4.3.7, R2-2.4.3.8, R2-3.2.1.2 of VFAR2. See Section 2 of VFAR1.

47

tion terms and no prototype of the DLT platform by the time of the Crowdsale and it will still be eligible to register Whitepaper, raise funds at ICO and commit to deliver afterwards. In this regard, crypto exchanges, if designated with venture platform’s function (as was discussed in Chapter 5) could be viewed as a natural barrier to listing attempts which lack sufficient merits in terms of proven working DLT platform and minimum user adoption rate. From results of our case study in Chapter 4 we infer that the present listing rules and token selection processes adopted by the leading crypto exchanges are more focused on potential for immediate liquidity of the candidate’s token and on Issuer’s monetary policy than on the viability of the business model and long-term functionality of the token. Although security checks and the state of DLT platform`s development are at the top of the token selection agenda, lack of specific focus on decentralization, governance and incentives may leave viability conclusions without support in the longterm. At the same time, the consumer demand rate may be valued by exchanges relatively high which includes not only the user adoption rate but also activity of community, external developers and stakeholders. Finally, certain exchanges employ the “wisdom of the crowd” and expert knowledge to balance and democratize the token listing process. Below we will analyze and critically assess the Maltese VFA listing rules in view of the above insights. A licensed VFA exchange in Malta shall assess the quality of the candidate’s VFA based on the non-exhaustive list of factors specified in Appendix 4 which we assigned with the same indicia as in the case study of Chapter 4.

48

Chart №5 suggests that the listing assessment requirements have been designed to cater first and foremost for the substantive review of the candidate’s DLT platform: assessment of the technology, security, scalability and innovativeness. Security checks of the candidate’s DLT platform, smart contract and crypto wallet as rendered by Systems Auditor and verified under the listing standards align the interests of the regulator, investors and crypto exchanges196. The second place in the agenda is shared by compliance issues (financial instrument test, AML/CFT, Common Objectives as certified by Systems Auditor) and liquidity indicators (geographic distribution, other exchanges, consumer demand). Finally, governance check (team, transparency, code of conduct) closes the assessment list. It shall be first noted that the above assessment requirements are not exhaustive and therefore VFA exchanges may freely exercise venture platform’s function by further subjecting listing candidates to minimum technology and adoption rate quality standards not prescribed by the regulator. In addition, substantial deference of the regulator to VFA exchanges’ self-governance procedures prescribed by their bye-laws allows for innovative governance and the use of collaborative screening and voting techniques in the token selection process. Consequently, the regulatory requirements appear not to impose qualitative or quantitative thresholds on the token selection process but rather accord to the practices developed in traditional financial markets whereby the trade in VFA assets is regulated indirectly through the authority to demand from the VFA exchange suspension or removal of a virtual financial asset from trading197. 6.4. Application of Sandbox regimes to collaborate token listing rules In recent years we have witnessed a sharp rise in collaborative regulatory approaches. The SMSG’s Report cites 18 out of 31 EEA countries have announced or introduced an “innovation unit” within their supervisory authorities198. Similarly, the Landau Report cites 60% of the Financial Stability Board members to have put in place or have announced a regulatory sandbox199. As of present the Swiss FINMA and the Hong Kong’s Securities and Futures Commission are considering a regulatory sandbox regime for blockchain-based applications and crypto exchanges200. Finally, in August 2018 a “global sandbox” initiative was announced by 12 financial regulators only two of which were representing EU member states201.

196

Repeated episodes of significant fraud (hacking Coincheck in January 2018 to 534 million US dollars resounding failure in 2015 of the first flat - global form of exchange of Bitcoin, MtGox 380) illustrate the vulnerability of the ecosystem crypto - assets and the high level of associated risks, in the absence of guarantee mechanisms. As Jesse Powell, CEO of Kraken crypto exchange stated “What traders actually care about is 1) Token selection; 2) Fast trade execution; 3) User Interface; 4) 24/7/365 continuous markets; 5) Uptime; 6) Security (until it fails, then they realize it’s #1”, see supra ft. 162. 197 See sec. 41(2)(e) of the VFA Act. 198 Austria, Belgium, Bulgaria, Denmark, Finland, France, Germany, Iceland, Italy, Latvia, Lichtenstein, Luxembourg, Netherlands, Norway, Poland, Spain, Sweden, and the United Kingdom. See the SMSG Report, Annex 1-2. 199 See the Landau & Genais Report, at p. 50. 200 Nikolova M. "Swiss authorities consider launch of sandbox for blockchain applications", (Sep.3, 2018), in Financefeeds, , available at (last accessed on Nov. 12, 2018) https://financefeeds.com/swiss-authorities-consider-launch-sandbox-blockchainapplications/; "Hong Kong’s SFC Plans Regulatory “Sandbox” Proposal for All Bitcoin Exchanges", Nov. 1, 2018, BitcoinExchangeGuide, available at (last accessed on Nov.12, 2018) https://bitcoinexchangeguide.com/hong-kongs-sfc-plansregulatory-sandbox-proposal-for-all-bitcoin-exchanges/ . 201 See supra, ft. 198.

49

A regulatory sandbox may be generally described as a joint venture between an innovative startup and regulator which is of mutual benefit to the parties. A startup may develop its business model, offer its products to a limited consumer base and interact with market participants within a pre-determined threshold of limitations, exemptions and safe harbor provisions applied by the regulator202. In many respects, the collaborative regime does not exempt from but rather provides certainty of regulation203. At the same time, certain disclosure and reporting requirements (e.g. prospectus, audited financial statements), prudential standards, security-related requirements and licensing fees may be lifted204. In the EU context, these waivers, however, cannot limit application of European-wide laws and regulations205. Not every startup can participate in a regulatory sandbox – certain principle-based prerequisites or “tests” shall be satisfied. We exemplify the test below based on a model of a DLT platform startup. First, the startup shall provide evidence of innovativeness of the project, in other words, that the application of DLT is a novel approach to solving an existing problem in financial service industry and benefiting consumers206. The particular problems solved by the DLT platform may relate to investor protection, financial markets’ stability, transparency, integrity, efficiency, etc.207 The second test is deemed satisfied if the DLT platform is not sufficiently covered by existing law and regulations but in view of its fast pace of technological development it is unnecessary to regulate it with full scope of traditional financial market laws or new regulation208. Alternatively, the DLT platform may not be formally subject to regulation but may potentially pose new risks to integrity of financial markets for which traditional security and market conduct rules are inefficient. Traditional safeguards and compliance mechanisms may be adjusted and pre-emptively built in the DLT platform and tested prior to setting them “in stone” on a legislation level – digitization of regulatory requirements, in short: RegTech209. For this reason, collaboration in the field of crypto exchanges sometimes includes national stock exchanges which contribute their profound knowledge of both traditional infrastructure and compliance.210 Thirdly, and finally, the DLT platform needs to have entered the development stage and to have engaged in risk management211.

202

See Zetzsche, D. A., Buckley, R. P., Barberis, J. N., & Arner, D. W. (2017). Regulating a Revolution: From Regulatory Sandboxes to Smart Regulation. Fordham J. Corp. & Fin. L., 23, 31., at p. 64. (hereinafter – Zetzsche et al., 2017) See Finck, Michele. "Blockchains: Regulating the Unknown." German LJ 19 (2018): 665. at p. 677 (hereinafter - Finck, 2018); Ducas, E., & Wilner, A. (2017). The security and financial implications of blockchain technologies: Regulating emerging technologies in Canada. International Journal, 72(4), 538-562, at p. 558 (hereinafter - Ducas & Wilner, 2017). 203 “The operator would still be required to abide by the same rules that apply to other market operators (therefore legislative and regulatory boundaries would not be expected to be diluted to allow for any special economic benefit to accrue).” The SMSG Report, Annex 2. “[T]hey operate in a responsible manner with regards to established AML/ATF, sanctions, privacy, and consumer protection obligations" See Ducas & Wilner, 2017, at p. 558. See also Zetzsche et al., 2017, at p. 76. 204 See Zetzsche et al., 2017, at p. 76. 205 See Id. at p. 76. 206 See Id. at p. 69-70. 207 See Id. 208 See Id. at p. 71. 209 See Id. at p. 97. 210 See "20|30 accepted to FCA regulatory sandbox with first platform to test primary issuance of equity tokens" (July, 6th, 2018) Global Banking & Finance review available at (last accessed on Nov. 12, 2018) at https://www.globalbankingandfinance.com/2030accepted-to-fca-regulatory-sandbox-with-first-platform-to-test-primary-issuance-of-equity-tokens/ . 211 See supra ft. 204 at p. 71.

50

Exchange of expertise and furtherance of innovation at capped risk have been cited as the two main advantages of a regulatory sandbox212. Arguably, a collaborative and inclusive approach could mitigate the adverse applications of direct regulation of Utility Token ICOs by providing specific waivers from full-fledged compliance213. Additionally, given the “entry test” requirements the exemptions would be available only to those DLT platforms which proved to have innovative application and are developed enough to be tested for user demand, novelty and utility within an initial community base. An obvious problem stems from the lack of scalability of a regulatory sandbox214 – the majority of Utility Token ICOs would still have to assess application of traditional financial market laws and new regulation to their business models and fully comply with burdensome and not necessarily proportionate regulations. However, to deal with uncertainty of the token classification regulators may provide individual consultations to the startups through their “innovation hubs”215 - a special unit assigned to respond to token classification-related enquiries. As for the general regulatory burden it is posed that mandatory Whitepaper registration reinforced by maximum participation caps and a heavy set of mandatory intermediaries and reporting standards (akin to Maltese rules) may encourage smaller DLT projects to launch their ICOs elsewhere216. In this particular respect, a voluntary registration may serve the purpose of educating the innovative hub of the regulator on the aspects, risks and implications of particular business models and thus provide grounds for more nuanced customizable regulation in future with less intermediaries. Alternatively, instead of applying horizontal participation caps in addition to mandatory Whitepaper registration regulators could provide for safe harbor rules exempting offerings from Whitepaper registration if limited amount of funds is raised217 or individual participation caps are installed. Other limitations of a regulatory sandbox regime may restrain its application to ICO concept. The regime is limited to a single jurisdiction which can create considerable difficulty for ICO offerings which are by default transnational218. Access to unlimited number of retail investors during an ICO would require significant concessions and flexibility from the regulator which, given the risk-versus-benefit purpose of a sandbox may be against its purpose. Finally, non-transparency219 of a sandbox regime and selection process, as well as lack of certainty associated with regulation could make the approach even less attractive. In this regard, a restricted license, safe harbor provision or a voluntary registration may provide enduring legal certainty for the startup and fewer restrictions220. What else can be cost-effective for participants and resource-effective for regulators? In our opinion, regulators could engage existing crypto exchanges in a sandbox model in order to understand how the collaborative governance systems and the token selection 212

See supra ft. 204 at p. 78-79. For instance, VFA Act provides MFSA with discretion to waiver Whitepaper content requirements if deemed necessary. See the last par. of sec. 7, First Schedule, VFA Act. 214 See supra ft. 204 at p. 46. 215 See the SMSG Report, Annex 2. 216 See supra ft. 163. 217 For instance, the Crowdfunding Proposal includes the maximum amount of EUR 8 million which does not trigger prospectus registration requirements under the EU Prospectus Directive. 218 Ducas & Wilner, 2017, at p. 679. 219 See Finck, 2018, at p. 678. 220 See supra ft. 204 at p. 91. 213

51

process, in particular, work. Regulatory dispensations (akin to relieve orders, no-action letters) could be provided in exchange for knowledge sharing and commitment by exchanges for more transparent, quality-based and balanced token selection process. The impact of community ties both in the context of DLT platform’s user base and crypto exchange’s trader-voter base on the governance of ICO projects and token listing procedure shall be analyzed with an eye for further experiments and potential standards. The policy interest of combatting fraud and ensuring a “quality stamp” for innovative commercially viable projects could arguably be aligned with the interest of established crypto exchanges to onboard only secure and liquid assets. Understanding of innovative governance and incentive models applied in token selection procedures (such as community voting, engagement of Sponsors, token curated registries) as well as of the risks brought by different token distribution models could help regulators shape a balanced approach towards incentivizing innovation and protecting the policy interest.

Conclusion To sum up, we believe that present ICO practices and Utility Token models listed on crypto exchanges can seriously challenge the consumptive nature of digital services and even erode the user base of the underlying DLT platform in favor of speculators. Startups shall be focused more on the challenges of scalability, user adoption and security before attempting to raise ICO financing. Commercial testing of the project could be the milestone which strengthens community ties and external development base of the project. Regulators may consider applying a balanced approach to regulation by shifting the projects’ quality control to crypto exchanges but introducing legal certainty of qualifications and retaining mechanisms of investor protection. Listing standards have a potential to give more value to the innovativeness of the DLT project and genuine applicability of the Utility Token to the Platform. The below theses encourage policy-makers to shift their attention to crypto exchanges and their token selection process when considering how to regulate ICOs: 1) opt for voluntary Whitepaper registration at the ICO stage or a mandatory registration with waivers and exemptions (safe harbors) for ICOs not exceeding the maximum participation threshold or maximum fundraising amount threshold. 2) introduce generic and principle-based Utility Token classification regulations supported by a competent and functional innovation hub unit within the supervisory authority for case-by-case interpretations. Utility Token distribution models shall be scrutinized for long-term capacity to meet the demand of consumers in the DLT platform’s services irrespective of the token’s price fluctuations. 3) facilitate creation of legal certainty in relation to “venture exchange” segment for Utility Token offerings with the opportunity for crypto exchanges to self-regulate and introduce or waive listing rules. 4) engage established crypto exchanges in a regulatory sandbox in order to evaluate the merits and potential policy implications of a collaborative token selection process (community voting, Sponsors` shortlisting, TCR whitelisting). 52

5) engage established crypto exchanges in a dialogue on prospects of light-touch regulation and standardization of the token selection process with a principlebased focus on security, commercial viability and innovativeness of the project.

53

Bibliography Articles and Books Adhami, S., Giudici, G., & Martinazzi, S. (2018). Why do businesses go crypto? An empirical analysis of Initial Coin Offerings. Journal of Economics and Business (Adhami et al., 2018). Batiz-Benet, J., Santori, M., & Clayburgh, J. (2017). The SAFT Project: Toward a Compliant Token Sale Framework. SAFT Project White Paper, Cooley (Cooley’s Framework). Bordo, M. D. (1989). Equation of exchange. In Money (pp. 151-156). Palgrave Macmillan, London. Burilov V. "Legislative drafting in the Netherlands: the case of failed proportionality and collective win over taxpayer`s interest" at p.10. available at https://www.academia.edu/36035726/Legislative_drafting_in_the_Netherlands_the_cas e_of_failed_proportionality_and_collective_win_over_taxpayers_interest. Burniske, C., & Tatar, J. (2017). Cryptoassets: The Innovative Investor's Guide to Bitcoin and Beyond. McGraw Hill Professional. At p. 178 (Burniske & Tatar). Buterin, V. (2013). Ethereum white paper: a next generation smart contract & decentralized application platform (Buterin, 2013). Cardozo Blockchain Project Research Report #1 NOT SO FAST—RISKS RELATED TO THE USE OF A “SAFT” FOR TOKEN SALES // November 21, 2017 (Cardozo Report). Catalini, C., & Gans, J. S. (2018). Initial coin offerings and the value of crypto tokens (No. w24418). National Bureau of Economic Research (Catalini and Gans, 2018). Chen, Y. (2018). Blockchain tokens and the potential democratization of entrepreneurship and innovation. Business Horizons. Derrien, F. and Kent L W., “Auctions vs. bookbuilding and the control of underpricing in hot IPO markets,” The Review of Financial Studies, 2003, 16 (1), 31–61. Ducas, E., & Wilner, A. (2017). The security and financial implications of blockchain technologies: Regulating emerging technologies in Canada. International Journal, 72(4), 538-562, at p. 558 (Ducas & Wilner, 2017). Fenu, G., Marchesi, L., Marchesi, M., & Tonelli, R. (2018, March). The ICO phenomenon and its relationships with ethereum smart contract environment. In Blockchain Oriented Software Engineering (IWBOSE), 2018 International Workshop on (pp. 26-32). IEEE (Fenu et al, 2018). Finck, Michele. "Blockchains: Regulating the Unknown." German LJ 19 (2018): 665. at p. 677 (Finck, 2018). Harris, A. D. (2006). The impact of hot issue markets and noise traders on stock exchange listing standards. University of Toronto Law Journal, 223-280. 54

Hellmann, Thomas and Manju Puri, “Venture capital and the professionalization of startup firms: Empirical evidence,” The Journal of Finance, 2002, 57 (1), 169–197. Howell, Sabrina T., Marina Niessner, and David Yermack. Initial coin offerings: Financing growth with cryptocurrency token sales. No. w24774. National Bureau of Economic Research, 2018 (Howell et al., 2018). Kroll, J. A., Davey, I. C., & Felten, E. W. (2013, June). The economics of Bitcoin mining, or Bitcoin in the presence of adversaries. In Proceedings of WEIS (Vol. 2013, p. 11). Li J., Mann W. Initial coin offering and platform building. – 2018 (Li & Mann, 2018). Mendoza, J. M. (2008). Securities regulation in low-tier listing venues: The rise of the Alternative Investment Market. Fordham J. Corp. & Fin. L., 13, 257. Rhue, L. (2018). Trust is All You Need: An Empirical Exploration of Initial Coin Offerings (ICOs) and ICO Reputation Scores (Rhue, 2018). Rohr, J., & Wright, A. (2017). Blockchain-based token sales, initial coin offerings, and the democratization of public capital markets (Rohr & Wright, 2017). Schwartz, J. (2016). Venture exchange regulation: Listing standards, market microstructure, and investor protection. Sherman, Ann E and Sheridan Titman, “Building the IPO order book: underpricing and participation limits with costly information,” Journal of Financial Economics, 2002, 65 (1), 3–29. Wright, A., & De Filippi, P. (2015). Decentralized blockchain technology and the rise of lex cryptographia (Wright and Filippi, 2015). Zetzsche, D. A., Buckley, R. P., Barberis, J. N., & Arner, D. W. (2017). Regulating a Revolution: From Regulatory Sandboxes to Smart Regulation. Fordham J. Corp. & Fin. L., 23, 31., at p. 64. (hereinafter – Zetzsche et al., 2017).

Blog posts, Media and Speeches  Anshuman M. “MV=P…Que? Love and Circularity in the Time of Crypto” (Feb. 23, 2018) on medium.com, available at (last accessed on Oct. 31, 2018) https://medium.com/@anshumanmehta/mv-p-que-love-and-circularity-in-the-time-ofcrypto-db70c9d5c015.  Bancor, "Bancor Network Token (BNT) Contribution & Token Allocation Terms" on medium.com (june 5, 2017) (last accessed on November 18, 2018): https://medium.com/@bancor/bancor-network-token-bnt-contribution-token-creationterms-48cc85a63812.  Benartzi G. "The Community of the Currency" (June 8, 2017) in blog network blog, available on (last accessed Oct. 31, 2018): https://blog.bancor.network/thecommunity-of-the-currency-9770087fde17.  Burniske C., “Cryptoasset Valuations” (Sep. 24, 2017) on medium.com, available at https://medium.com/@cburniske/cryptoasset-valuations-ac83479ffca7. 55

 Buterin V. “Analyzing Token Sale Models” (June 9, 2017), available on (last accessed Oct. 31, 2018): https://vitalik.ca/general/2017/06/09/sales.html.  Carney M. “The Future of Money” available on (last accessed on Nov. 18, 2018): https://www.bankofengland.co.uk/speech/2018/mark-carney-speech-to-the-inauguralscottisheconomics-conference.  Cross T., “Planning To Do An ICO? Don’t Forget About Taxes” Forbes (21 November 2017) (last accessed on Nov. 18, 2018): https://www.forbes.com/sites/tysoncross/2017/11/21/planning-to-do-an-ico-dontforget-about-taxes/#198a3a82a915.  Del Castillo M. "Bitcoin Exchange Coinbase Receives New York BitLicense", COINDESK (Jan. 17, 2017), available on (last accessed on Nov. 7, 2018) http://www.coindesk.com/bitcoin-exchange-coinbase-receives-bitlicense/.  Garner B. "What is Ardor: Blockchain as a Service, Explained" (07 January, 2018) on coincentral.com, available on (last accessed Oct. 31, 2018): https://coincentral.com/what-is-ardor-blockchain-as-a-service-explained/.  "Gnosis token sale ends with $312.8 million raised in minutes" (april 24, 2017) on CryptoNinjas, available on (last accessed on Oct. 31, 2018) https://www.cryptoninjas.net/2017/04/24/gnosis-token-sale-ends-312-8-million-raisedhour/.  Goldin M. "Token-Curated Registries 1.0" (Sep. 14, 2017) on medium.com, available on: (last accessed on Nov. 18, 2018): https://medium.com/@ilovebagels/tokencurated-registries-1-0-61a232f8dac7 (last accessed on Nov. 18, 2018): https://medium.com/@ilovebagels/token-curated-registries-1-0-61a232f8dac7. .  Higgins S. "$150 Million: Tim Draper-Backed Bancor Completes Largest-Ever ICO" (June 12, 2017) on coindesk.com available on (last accessed Oct. 31, 2018): https://www.coindesk.com/150-million-tim-draper-backed-bancor-completes-largestever-ico/.  "Hong Kong’s SFC Plans Regulatory “Sandbox” Proposal for All Bitcoin Exchanges" (Nov. 1, 2018), BitcoinExchangeGuide, available at (last accessed on Nov.12, 2018) https://bitcoinexchangeguide.com/hong-kongs-sfc-plans-regulatory-sandboxproposal-for-all-bitcoin-exchanges/.  Hope J. "Distribution & Dynamic Ceilings", (June 5, 2017) on Medium.com, available here (last accessed on November 18, 2018): https://blog.status.im/distributiondynamic-ceilings-e2f427f5cca.  Katalyse.io, “EOS Platform — W hat You Should Know” in Cryptodigestnews, available on (last accessed Oct. 31, 2018): https://cryptodigestnews.com/eos-platform-whatyou-should-know-58da830d2aa8.  Lan Wong J. "Ethereum unleashed the “initial coin offering” craze, but it can’t handle its insane success" (June 15, 2017) on qz.com, available on (last accessed Oct. 31, 2018): https://qz.com/1004892/the-bancor-ico-just-raised-153-million-on-ethereum-inthree-hours/. 56

 Leigh J. "Lessons from the Brave Token Sale" (June 1, 2017) on Medium.com, available here (last accessed on November 18, 2018): https://medium.com/@alwaysbcoding/lessons-from-the-brave-token-salebda2a634f34a.  Lennart A. "Comparison of Blockchain Networks for Token Issuance: Oct 18", on Medium.com, available on (last accessed Oct. 31, 2018): https://medium.com/sicospublication/comparison-of-blockchain-networks-for-token-issuance-oct-186a9fffb74b47.  Lennart A. “A Look at On-Chain Data of 25 Tokens on the Ethereum Blockchain” on Medium.com, available here (last accessed on November 18, 2018): https://medium.com/sicos-publication/a-look-at-on-chain-data-of-25-tokens-on-theethereum-blockchain-2a8370a81d80.  Nikolova M. "Swiss authorities consider launch of sandbox for blockchain applications", (Sep.3, 2018), in Financefeeds, , available at (last accessed on Nov. 12, 2018) https://financefeeds.com/swiss-authorities-consider-launch-sandbox-blockchainapplications/.  O'Neill T. "NEP-5: NEO’s Answer to Ethereum ERC-20 Tokens" on hackernoon.com, available on (last accessed Oct. 31, 2018): https://hackernoon.com/nep-5-neosanswer-to-ethereum-erc-20-tokens-69d9b082c9e1;http://www.omnilayer.org/.  Powell J. “Kraken’s Position on Regulation” (April 22, 2018) on Kraken exchange blog, available on (last accessed on Nov. 7, 2018) https://blog.kraken.com/post/1561/krakens-position-on-regulation/.  Raymond N. "Bitcoin backer gets two years prison for illicit transfers" (Dec. 19, 2014) on reuters.com, available on (last accessed on Nov. 5th, 2018) https://www.reuters.com/article/us-usa-crime-bitcoin/bitcoin-backer-gets-two-yearsprison-for-illicit-transfers-idUSKBN0JX2CW20141219.  Russel J. "Former Mozilla CEO raises $35M in under 30 seconds for his browser startup Brave" on techcrunch, available on (last accessed Oct. 31, 2018): https://techcrunch.com/2017/06/01/brave-ico-35-million-30-seconds-brendan-eich/ .  Zamfir V. “A safe token sale mechanism” (March 13, 2017) on medium.com, available on (last accessed on November 18, 2018): https://medium.com/@Vlad_Zamfir/asafe-token-sale-mechanism-8d73c430ddd1.  Zhao C. “I Don't Like Big ICOs” on steemit, available on (last accessed Oct. 31, 2018): https://steemit.com/binance/@czbinance/5mm9uo-i-don-t-like-big-icos.  "20|30 accepted to FCA regulatory sandbox with first platform to test primary issuance of equity tokens" (July, 6th, 2018) Global Banking & Finance review available at (last accessed on Nov. 12, 2018) at https://www.globalbankingandfinance.com/2030accepted-to-fca-regulatory-sandbox-with-first-platform-to-test-primary-issuance-ofequity-tokens/.

57

Media articles and websites links  Coinbase Digital Asset Framework, available on (last accessed on November 18, 2018) https://www.gdax.com/static/digital-asset-framework-2017-11.pdf.  Explanation of Waves platform: https://wavesplatform.com/product.  Explanation of proof-of-stake concept: https://en.wikipedia.org/wiki/Proof-of-stake.  Explanation of the term “whales”: https://cryptovest.com/education/crypto-giantsexplained-what-are-whales/.  On the number of Ethereum-based tokens deployed: https://etherscan.io/tokens.  On the Augur Crowdsale: http://augur.strikingly.com/blog/the-augur-crowdsale.  Pundi X Whitepaper: https://pundix.com/pdf/PundiX_Whitepaper_EN_Ver.pdf.  Primary sources of ICO regulation on Malta Financial Services Authority’s website at: https://mfsa.com.mt/pages/viewcontent.aspx?id=680.  “Regulators' Statements on Initial Coin Offerings” https://www.iosco.org/publications/?subsection=ico-statements.

available

at:

 Statistics on Dapps: https://www.stateofthedapps.com/rankings.  Statistics on tokens’ market https://coinmarketcap.com/.

capitalization

/

24h

trade

volume:

Legislation, Bills, Standards, Case Law and Soft Law Cayman Islands  Mutual Funds Law (2012 revision) of the Cayman Islands. European Union  Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU, OJ L173/349 (June 2014) (recast) (MiFID II).  Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS).  Directive (EU) 2018/843 of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing (EU AML Directive).  Draft Report on the proposal for a regulation of the European Parliament and of the Council on European Crowdfunding Service Providers (ECSP) for Business 58

(COM(2018)0113 – C8-0103/2018 – 2018/0048(COD)) available at: (last accessed on November, 19, 2018) http://www.europarl.europa.eu/sides/getDoc.do?pubRef=%2F%2FEP%2F%2FNONSGML%2BCOMPARL%2BPE626.662%2B02%2BDOC%2BPDF%2BV0%2F%2FEN (Crowdfunding Proposal).  European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers (AIFMD). FATF  “International Standards on Combatting Money Laundering and the Financing of Terrorism and Proliferation, the Financial Action Task Fource (FATF) Recommendations”, at. p. 124, updated October 2018, available at (last accessed on Nov. 5 th, 2018) http://www.fatfgafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations% 202012.pdf. France  Draft law registered at the Presidency of the National Assembly on June 19, 2018 available at: (last accessed on November 19, 2018) http://www.assembleenationale.fr/15/textes/1088.asp#D_Article_26. Gibraltar  "Token Regulation" published by HM Government of Gibraltar in March, 2018 available at: (last accessed on November 19, 2018) http://gibraltarfinance.gi/20180309token-regulation---policy-document-v2.1-final.pdf Isle of Man 

Collective Investment Schemes Act 2008 of the Isle of Man.

Jersey 

Guidance Note "The Application Process for Issuers of Initial Coin Offerings (ICOs)" published by Jersey Financial Services Commission in July, 2018 and available at: (last accessed on November, 19, 2018) https://www.jerseyfsc.org/media/1999/gn-ico-july-2018.pdf.

Malta 

Digital Innovation Authority Act, 2018 available on (last accessed on Nov. 19, 2018) 59

http://justiceservices.gov.mt/DownloadDocument.aspx?app=lp&itemid=29080&l= 1 

Guidance Note to the Financial Instrument Test, p. 10, available at (last accessed on November 19, 2018) https://www.mfsa.com.mt/pages/readfile.aspx?f=/Files/LegislationRegulation/reg ulation/VF%20Framework/20180724_GuidanceFITest.pdf (Guidance Note)



Innovative Technology Arrangements and Services Act, 2018 available on (last accessed on Nov. 19, 2018) http://www.justiceservices.gov.mt/DownloadDocument.aspx?app=lom&itemid=12 874&l=1 (ITAS Act).



MFSA Circular "Publication of the Virtual Financial Assets Rules for Issuers of VFAs" available at: (last accessed on November 19, 2018) https://www.mfsa.com.mt/pages/viewcontent.aspx?id=674.



Systems Auditor Guidelines (Chapter 01, Part A), Systems Auditor Report Guidelines (Chapter 01, Part B), Systems Audit Control Objectives (Chapter 01, Part C), ITA Blueprint Guidelines, Technology Stack Nomenclature, available on (last accessed on November 19, 2018) https://mdia.gov.mt/guidelines/.



Virtual Financial Assets Act, 2018 available on (last accessed on Nov. 19, 2018) https://www.mfsa.com.mt/pages/viewcontent.aspx?id=674 (VFA Act).



Virtual Financial Assets Framework, Frequently Asked Questions, at p. 7 available at: https://www.mfsa.com.mt/pages/readfile.aspx?f=/files/Announcements/PressRele ases/2018/20181010_PressRelease_FAQ.pdf.



“Virtual Financial Assets Rulebook, Chapter 1, Virtual Financial Assets, Rules for VFA Agents”, available at: (last accessed on November 19, 2018) https://www.mfsa.com.mt/pages/viewcontent.aspx?id=674 . (VFAR 1).



“Virtual Financial Assets Rulebook, Chapter 2, Virtual Financial Assets, Rules for Issuers of Virtual Financial Assets”, available at: (last accessed on November 19, 2018) https://www.mfsa.com.mt/pages/viewcontent.aspx?id=674 . (VFAR 2). U.S. Securities Act.

Singapore 

Securities and Futures Act.



“A guide to digital token offerings” by Monetary Authority of Singapore (MAS Guide) available (last accessed on Nov. 5th, 2018) at http://www.mas.gov.sg/~/media/MAS/Regulations%20and%20Financial%20Stabi lity/Regulations%20Guidance%20and%20Licensing/Securities%20Futures%20a nd%20Fund%20Management/Regulations%20Guidance%20and%20Licensing/ Guidelines/A%20Guide%20to%20Digital%20Token%20Offerings%20%2014%20 Nov%202017.pdf.

60

Switzerland 

FINMA Guidelines published on Feb. 16, 2018 available at (last accessed Oct. 31, 2018) https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/1 bewilligung/fintech/wegleitung-ico.pdf?la=en.

USA 

CFTC’s order G001 available at (last accessed on Nov. 18, 2018) https://www.cftc.gov/sites/default/files/idc/groups/public/@lrenforcementactions/d ocuments/legalpleading/enfbfxnaorder060216.pdf .



FIN-2013-G001 available at (last accessed on Nov. 18, https://www.fincen.gov/sites/default/files/shared/FIN-2013-G001.pdf.



SEC Release No. 10445, Order Instituting Cease-And-Desist Proceedings Pursuant to Section 8A of the Securities Act of 1933, Making Findings, and Imposing a Cease-And-Desist Order (Dec. 11, 2017) (Munchee Report)



SEC v. Edwards, 540 U.S. 389 (2004), SEC v. W.J. Howey Co., 328 U.S. 293, 298–99 (1946).



Securities Act, 1933.

2018)

Reports by Institutions  "EY research: initial coin offerings (ICOs)" Ernst & Young report published on December 18, 2017 available at (last accessed on Oct. 31, 2018) (EY report) https://www.ey.com/Publication/vwLUAssets/ey-research-initial-coin-offeringsicos/$File/ey-research-initial-coin-offerings-icos.pdf.  “Les crypto-monnaies”, Rapport au Ministre de l’Économie et des Finances JeanPierre Landau avec la collaboration d’Alban Genais, 4 juillet 2018 available at (last accessed on Nov. 5, 2018) https://www.mindfintech.fr/files/documents/Etudes/Landau_rapport_cryptomonnaies_ 2018.pdf (Landau & Genais Report). 

“Own Initiative Report on Initial Coin Offerings and Crypto-Assets” by Securities and Markets Stakeholder Group, European Securities Market Authority (ESMA), at p. 7 (SMSG Report) available at (last accessed on Nov. 5, 2018) https://www.esma.europa.eu/sites/default/files/library/esma22-1061338_smsg_advice_-_report_on_icos_and_crypto-assets.pdf .

61

Appendix 1 Application for Listing In the application you need to explain generally (based on Coinbase Digital Asset Framework): 1. MISSION AND VALUES 1.1.

Open Financial System // Open financial system is defined as being available to

everyone and not controlled by a single entity 1.1.1. Innovation (new product, market, solves efficiency problem, etc.); 1.1.2. Economic Freedom [Ease of access (permissionless, public). The technology enables individuals to have more control over their own wealth and property, or the freedom to consume, produce, invest, or work as they choose.] 1.1.3. Equality of Opportunity [Accessible to use by anyone with a smartphone or access to the internet.] 1.1.4. Decentralization (public, decentralized, and enables trustless consensus);

2.

TECHNOLOGY

2.1.

Security & Code // Assessment of engineering and product quality

2.1.1. Source Code (open-source code, well-documented peer-review, and testing by contributors); 2.1.2. MVP / Prototype (working alpha or beta product on a testnet or mainnet); 2.1.3. Security & Code [demonstrable record of responding to and improving the code after a disclosure of vulnerability, and a robust bug bounty program or third party security audit]

2.2.

Team // Assessment of short-term operating expectations and decision making

2.2.1. Founders and Leadership [Able with a track record.] 2.2.2. Engineering [track record of setting and achieving deadlines] 2.2.3. Business & Operations 2.2.3.1.

History of interacting with the community,

2.2.3.2.

History of setting a reasonable budget and managing funds, and achieving

project milestones. 62

2.2.4. Specialized Knowledge and Key People [The project leadership is not highly centralized or dependent on a small number of key persons. Specialized knowledge in this field is not limited to a small group of people.]

2.3.

Governance // Assessment of long-term operating expectations and decision

making. 2.3.1. Consensus Process (a structured process to propose and implement major updates to the code / system or voting process for conflict resolution); 2.3.2. Future Development Funding (a plan or built-in mechanism for raising, rewarding, or allocating funds to future development, beyond the funds raised from the ICO or traditional investors) 2.3.3. White Paper (Justifies the use case for a decentralized network and outlines project goals from a business and technology perspective. NOT a requirement.) 2.4.

SCALABILITY [Assessment of a network's potential barriers to scaling and abil-

ity to grow and handle user adoption] 2.4.1. Roadmap (timeline, milestones, development incentives) 2.4.2. Network Operating Costs (The barriers to scaling, solutions: The resource consumption costs are not the main deterrents to participation) 2.4.3. Practical Applications (examples of real-world implementation or future practical applications) 2.4.4. Type of Blockchain (separate blockchain with a new architecture system and network, OR it leverages an existing blockchain for synergies and network effects) 3.

LEGAL & COMPLIANCE

3.1.

Regulation [legal opinion on securities laws, money service business law and

AML];

4.

MARKET SUPPLY

4.1.

Liquidity (how liquid is asset?); 63

4.1.1. Global Market Capitalization [How does the market capitalization compare to the total market capitalizations of other assets?] 4.1.2. Asset velocity [Trade velocity, or turnover - how easily the asset can be converted to another asset]; 4.1.3. Circulation [For service or work tokens, new supply is created through consensus protocols. If the supply is capped, then a material amount of the total tokens should be available to the public].

4.2.

Global Distribution (Where is this asset available to trade?)

4.2.1. Total # of Exchanges [The number of exchanges that support the asset] 4.2.2. Geographic Distribution [The asset is not limited to a single geographic region and is available to trade on decentralized exchanges] 4.2.3. Fiat and Crypto Pairs [Fiat and crypto trading pairs exist] 4.2.4. Exchange Volume Distribution [If secondary markets exist, then volume should be relatively distributed across exchanges]

5.

MARKET DEMAND

5.1.

Demand [What is driving demand for this asset and does it lead to stronger net-

work effects?]; 5.1.1. Consumer Demand [any asset which is created from a fork, airdrop, or automated token distribution is subject to a separate set of criteria]; 5.1.2. Developers and Contributors [Growing developer base and measured progress as defined by the number of repositories, commits, and contributors.] 5.1.3. Community Activity [Dedicated forums are available where developers, supporters, users, and founders can interact and build a community and offer transparency into the project. The team provides regular updates or is responsive to feedback.]

64

5.1.4. External Stakeholders [There are investments from venture firms or hedge funds which have experience working with crypto companies or projects. The project has corporate partnerships, joint ventures, or dedicated consortiums.]

5.2.

Network Standards [Rudimentary assessment of a growing network effect]

5.2.1. Change in Market Capitalization [The market capitalization has grown after the network has activated, demonstrating increased demand for the asset after the project's launch.] 5.2.2. Nodes [Growing # of nodes on the underlying blockchain. The project has a globally distributed node network, meaning operating nodes are not contained in a single country or geographic region.] 5.2.3. Transactions, Fees & Addresses [Growing # of transactions and fees paid over time. Growing # of asset or token holders, which is an indicator of asset distribution]

6.

CRYPTOECONOMICS

6.1.

Economic Incentives [Are the economic structures designed to incentivize all

parties to act in the best interest of the network?]

6.1.1. Type of Token [It is a service, work, or hybrid token.] 6.1.2. Token Utility [There is utility from obtaining, holding, participating, or spending the token. The team identifies a clear and compelling reason for the native digital asset to exist (i.e. the main purpose is not fundraising)] 6.1.3. Inflation (Money Supply) [algorithmically programmed inflation rate which incentivizes security and network effects. Or, if the total supply is capped, then a majority of the tokens should be available for trade when the network launches] 6.1.4. Rewards and Penalties [There are mechanisms (such as transaction fees) which incentivize miners, validators, and other participants to exhibit 'good' behavior. Conversely, there are mechanisms which deter 'bad' behavior.]

65

6.2.

TOKEN SALE STRUCTURE [A small subset of what we believe are best prac-

tices for ICOs and indicators of the token's future ability. If the token did not have a sale, this section is not applicable.] 6.2.1. Security [There is a focus on stringent security protocols and best practices to limit scams, hacks, and theft of funds] 6.2.2. Participation Equality [Best efforts by the team to allow a fair distribution of tokens (i.e. setting initial individual purchase caps to limit the risk of small number of investors from taking a majority of the supply)] 6.2.3. Team Ownership [The ownership stake retained by the team is a minority stake. There should be a lock-up period and reasonable vesting schedule to ensure the team is economically incentivized to improve the network into the future] 6.2.4. Transparency [The team should be available and responsive to questions or feedback about the product, token sale, or use of funds across multiple forums.] 6.2.5. Total Supply [The team should sell a fixed percentage of the total supply, and participants should know the percentage of total supply that their purchase represents, or have a clear understanding of the inflation rate.] 6.2.6. Ethics or Code of Conduct [White paper or project website should have an ethical or professional code of conduct.]

66

Appendix 2A Categories assigned with indicia and aggregate score Product

Governance

Market

Legal

1.1.1. Innovation (5) 2.2.1. Founders (new product, and Leadership market, solves (fitness and track efficiency probrecord) lem, etc.)

(6) 4.1.1. Global Market Capitalization

(5) 3.1. Regula- (8) tion (legal opinion on securities laws, money service business law and AML)

1.1.2. Economic Freedom (utility to consumers)

(5) 4.1.2. Asset velocity (trade velocity or turnover)

(4) 6.1.1. Type of (6) Token (not a security)

(2) 2.2.2. Engineering (fitness and track record)

1.1.3. Equality of (1) 2.2.3.1. History of Opportunity interacting with (permissionless) the community

(5) 4.1.3. Circula(4) tion (tokens from total supply is circulation )

1.1.4. Decentralization (public, decentralized, and enables trustless consensus)

(1) 2.2.3.2. History of setting a reasonable budget and managing funds, and achieving project milestones

(3) 4.2.1. Total # of Exchanges (which listed the token)

(6)

2.1.1. Source Code (opensource code, well-documented peer-review and testing by contributors)

(6) 2.2.4. Specialized Knowledge and Key People (decentralized leadership)

(1) 4.2.2. Geographic Distribution (in which countries token is available for trade)

(6)

2.1.2. MVP / Prototype (working alpha or beta product)

(6) 2.3.1. Consensus Process (major updates to the code / voting process for conflict resolution)

(1) 4.2.3. Fiat and Crypto Pairs (exist)

(6)

2.1.3. Security & Code (bug bounty program and / or third party se-

(6) 2.3.2. Future Development Funding (beyond ICO)

(1) 4.2.4. Ex(6) change Volume Distribution (distribution 67

curity audit)

of volume across exchanges)

2.3.3. White Paper (justifies the use case for a decentralized network)

(5) 2.4.1. Roadmap (timeline, milestones, development incentives)

(5) 5.1.1. Consumer Demand (ICO investor base)

(4)

2.4.2. Network Operating Costs (solutions and barriers to scaling)

(2) 6.2.3. Team Own- (6) 6.1.3. Inflation ership (minority (Money Supstake, lock-up) ply)

(6)

2.4.3. Practical Applications (real-world implementation)

(4) 6.2.4. Transparency (team responding to feedback about the product, token sale, or use of funds)

(5) 5.1.4. External Stakeholders (venture investors)

(4)

2.4.4. Type of Blockchain (separate or existing)

(1) 6.2.6. Ethics or (0) 6.2.5. Total Code of Conduct Supply (inflation rate / total capped supply available during ICO)

(5)

5.1.1. Consumer Demand (Product’s User Base)

(4)

5.1.2. Develop(3) ers and Contributors (developer base growth as defined by the number of repositories, commits, and contributors) 5.1.3. Community Activity (Dedicated forums, updates and feedback)

(5)

5.1.4. External

(2) 68

Stakeholders (product partnerships) 5.2.1. Change in Market Capitalization (after the network has activated)

(0)

5.2.2. Nodes (a globally distributed node network)

(2)

5.2.3. Transactions, Fees & Addresses (growing # of transactions and fees)

(1)

6.1.2. Token Utility (clear reason for the native digital asset to exist)

(4)

6.1.3. Inflation (Money Supply) (total supply is capped and majority of the tokens are issued / programmed inflation rate)

(6)

6.1.4. Rewards and Penalties (incentivizing and deterring mechanisms for miners, validators, and other participants)

(1)

6.2.1. Security (6) (stringent security protocols) 6.2.2. Participation Equality

(0)

69

(individual ICO purchase caps) 6.2.4. Transparency (Users` feedback about the product, token sale, or use of funds across multiple forums)

(5)

6.2.5. Total Supply (inflation rate / total capped supply available during ICO)

(6)

Product

Governance

78 / 200 (39%)

32 / 80 (40%)

Market 56 / 88 (63%)

Legal 14 / 16 (87%)

70

Appendix 2B Aggregate score ranking of categories assigned with heading (wherever applicable)

Category

Score

3.1. Regulation

(8)

4.2.2. Geographic Distribution (LIQUIDITY)

(6)

6.2.5. Total Supply

(LIQUIDITY)

(SCALABILITY)

(6)

6.2.3. Team Ownership

(6)

2.1.1. Source Code (TECHNOLOGY)

(6)

2.1.2. MVP / Prototype (TECHNOLOGY)

(6)

2.1.3. Security & Code (TECHNOLOGY)

(6)

6.1.1. Type of Token

(6)

2.2.1. Founders and Leadership

(6)

4.2.1. Total # of Exchanges (LIQUIDITY)

(6)

6.1.3. Inflation (Money Supply) (LIQUIDITY)

(SCALABILITY)

(6)

6.2.1. Security (TECHNOLOGY)

(6)

4.2.3. Fiat and Crypto Pairs (LIQUIDITY)

(6)

4.2.4. Exchange Volume Distribution (LIQUIDITY)

(6)

2.3.3. White Paper (NETWORK EFFECT)

(5)

1.1.1. Innovation (OPEN FINANCIAL SYSTEM)

(5)

6.2.4. Transparency (CONSUMER DEMAND)

(5)

2.2.3.1. History of interacting with the community

(5)

5.1.3. Community Activity (CONSUMER DEMAND)

(5)

2.2.2. Engineering

(5)

2.4.1. Roadmap

(5)

4.1.1. Global Market Capitalization (INVESTOR DEMAND)

(5)

5.1.4. External Stakeholders (venture investors) (INVESTOR DEMAND)

(4)

5.1.1. Consumer Demand (Product`s User Base) (CONSUMER DEMAND)

(4)

5.1.1. Consumer Demand (ICO investor base) (INVESTOR DEMAND)

(4)

2.4.3. Practical Applications (SCALABILITY)

(4)

6.1.2. Token Utility (ECONOMIC INCENTIVES)

(4)

4.1.2. Asset velocity (LIQUIDITY)

(4)

4.1.3. Circulation (LIQUIDITY)

(4) 71

5.1.2. Developers and Contributors (NETWORK EFFECTS)

(3)

2.2.3.2. History of setting a reasonable budget and managing funds, and achieving project milestones

(3)

5.1.4. External Stakeholders (product partnerships) (CONSUMER DEMAND)

(2)

2.4.2. Network Operating Costs (SCALABILITY)

(2)

5.2.2. Nodes (NETWORK EFFECT)

(2)

1.1.2. Economic Freedom (OPEN FINANCIAL SYSTEM)

(2)

1.1.3. Equality of Opportunity (OPEN FINANCIAL SYSTEM)

(1)

1.1.4. Decentralization (OPEN FINANCIAL SYSTEM)

(1)

2.4.4. Type of Blockchain (SCALABILITY)

(1)

5.2.3. Transactions, Fees & Addresses (NETWORK EFFECT)

(1)

2.3.2. Future Development Funding

(1)

6.1.4. Rewards and Penalties (ECONOMIC INCENTIVES)

(1)

2.2.4. Specialized Knowledge and Key People

(1)

2.3.1. Consensus Process

(1)

6.2.6. Ethics or Code of Conduct

(0)

5.2.1. Change in Market Capitalization (NETWORK EFFECT)

(0)

6.2.2. Participation Equality (CONSUMER DEMAND)

(0)

72

Appendix 3A Maltese Systems Audit Requirements Blueprint content requirements (“BlueWhitepaper content requirements (in bold – specific Whitepaper require- print” - information submitted to MDIA for ments the Systems Auditor is expected to ITA certification and used by Systems cover as part of Platform Implementation Auditor to verify the implementation of the Control Objective) Control Objectives) Purposes: The reasons for which the ITA Platform is being, or was, created Qualities: The specific characteristics  technical description of the that the ITA offers to its users Aspects: The specific elements or protocol, platform, issuer’s wallet and the as- boundaries of the ITA that are subject to the certification sociated benefits;  associated challenges, risks and Attributes: The inherent capabilities of the ITA mitigating measures;  characteristics and functionality of Behaviours: The manner how the ITA responds to unexpected processes and the virtual financial assets  the consensus algorithm, where inputs Limitations: The technical and/or operaapplicable  in the case of a new protocol, the tional restrictions of the ITA estimated speed of transactions;  description of the underlying Product protocol’s interoperability with  User demand for ITA other protocols;  security safeguards against cyber  Benefits from the use of ITA (customer) threats to the underlying protocol,  Benefits from the supply of ITA (issuto any off-chain activities and to er) any wallets used by the issuer  Targeted audience  the reason behind ICO  sustainability and scalability of the  How was quality assurance practised during the development and/or improposed project, plementation of the ITA  incentive mechanism to secure any transactions, and/or any other applicable fees; Information for each of the layers below Smart contract  fidelity to the claimed functionality  detailed description of the smart  privacy, integrity and confidentiality contract/s, including adopted  programming language for ITA standards, its/their underlying  access control mechanisms protocol/s, functionality/-ies and  external interface for ITA associated operational costs;  external dependency of ITA  description of any restrictions  DLT metrics relevant to the function73



 

embedded in the smart contract/s deployed, if any, including inter alia any investment and/or geographical restrictions the programme agents used to obtain data and verify occurrences from smart contracts (also known as ‘oracles’) used and detailed description of their characteristics and functionality thereof; the period during which voluntary withdrawals are permitted by the smart contract, if any; details of the smart contract’s auditor;

 

ality of the ITA underlying technologies of the ITA what are the data flows between the various components of the ITA

For Off-DLT Application Layer (e.g. web pages that are served from outside of the DLT, which provide users with services to interact with the DLT platform)  use of any third party platforms?  processing done outside of the ITA?  dependencies or links to other data sources?

DLT Application Layer (this layer could allow for applications to be loaded by users who may not necessarily be develop detailed description of the issuer, VFA ers of or run a participating node within agent, development team, advisors the DLT Implementation Layer on which it and any other service providers; is meant to execute. The application logic  the past and future milestones and that this layer encapsulates is often project financing termed Smart Contracts)  description of the manner funds raised through the initial virtual financial asset  features and functions including offering will be allocated; any capabilities which tackle any regulatory obligation  the amount and purpose of the issue  logic behind the DLT application Compliance and Legal  performance requirements  data protection by design and/or data  description of the issuer’s adopted protection by default white-listing and anti-money  any automated and/or manual error laundering and counter financing of correcting mechanisms terrorism procedures in terms of the  any immutable/mutable characterisPrevention of Money Laundering Act tics within the ITA and any regulations made and rules issued thereunder; DLT Implementation Layer (network ac methods of payment  intellectual property rights associated cess and node discovery, validation, conwith the offering and protection flict resolution, incentivisation, an application execution environment, governance thereof; mechanisms, a means of consensus and any applicable taxes; any other code or logic that is required to implement and provide the DLT platform) Investor protection  detailed description of the risks  features and functions including associated with the virtual financial any capabilities which tackle any assets and the investment therein regulatory obligation Governance

74

  

    



  



detailed description of the targeted investor base exchange rate of the virtual financial assets; any person underwriting or guaranteeing the offer

    

mining or other resources to reach consensus scalability creation of new nodes/blocks consensus process of the ITA availability safeguards built into the ITA integrity of the data secure communication protocols functionality between public and private blockchain setups?

Token distribution terms  the total number of virtual financial  assets to be issued and their  features; the period during which the offer is open; (if encoded) Networking, Infrastructure and Physithe methods of and time-limits for cal Layer (TCP/IP protocols, hardware delivery of the virtual financial network interfaces, routers and other assets; (if encoded) networking infrastructure) any set soft cap and hard cap for  access to the Network the offering (if encoded)  infrastructure requirements any restrictions on the free  hardware or virtual factors required in transferability of the virtual financial order for the ITA to function correctly assets being offered and the DLT  hardware availability safeguards built exchange/s on which they may be into the ITA traded; description of the refund Information security mechanism, including the expected  security algorithms time-line of when such refund will  operation of a risk assessment plan be completed; (if encoded)  documented risk assessment on the the distribution of virtual financial ITA includes: assets - Risk reference the procedure for the exercise of any - Risk description right of preemption; - Risk type bonuses applicable to early investors - Scenario including inter alia discounted - Threat actor purchase price for virtual financial - Affected assets assets; - Risk owner detailed description of the life cycle of - Original risk rating the initial virtual financial asset offering - Implemented mitigation controls and the proposed project; - Effectiveness of control - Likelihood of happening - Inherent risk - Residual risk - Financial impact value of risk Intervention powers

75

The powers and the technology features proposed to enable the Technical Administrator, or the Authority (in the case of unjustifiable failure by the Technology Administrator) to intervene in the event of:  A material cause of loss to any user  A material breach of law

Other information      

governance structure of the ITA. limitations on the operational boundaries of the system. features that distinguish the ITA from other ITA projects of a similar nature. expected end-of-life date or event for the ITA (if any) risks that may cause the ITA to reach its end-of-life prematurely how forking circumstances can occur and how they would be addressed.

Data localization The Auditee implements a Forensic Node hosted in Malta that is available 24/7 logging all transactions being relevant to the ITA and which could be made accessible to the Authority if requested. Forensic Node receives all of the data recorded within the distributed ledger as other nodes, physically located in Malta.

76

Appendix 3B Maltese Systems Audit Requirements List of Key Principles     

Security Processing Integrity (completeness, validity, accuracy, timeliness, authorisation of system processing) Availability (accessibility of information used by the Auditee’s systems) Confidentiality Protection of Personal Data List of Control Objectives

and

Functionality and Compliance with Regulatory Requirements - Functionality in line with WP - Implementation measures in line with WP - Forensic Node System Operations - Vulnerabilities and countermeasures - Incident Management - Security Assessment - Secure Code Review Organization and Management - Responsibilities for the development, implementation, operation, maintenance, and monitoring of the system; - system controls and other risk mitigation strategies - the competence testing of personnel - workforce conduct standards - information security structures - governance structures and management procedures - internal control systems - independence of the BoD Communications - operation and boundaries of the system, commitments, responsibilities, reporting, system changes communicated to authorized internal and external users Risk Management and Design and Implementation of Controls - identify and assess threats and potential adverse changes, determine mitigation measures; - Implement risk mitigation strategy and employ controls to adjust when necessary - auditability of transactions, identification and inter-linking by design Monitoring of Controls - Restricted physical access to facilities housing the system - Information processing is restricted to authorized internal and external users Monitoring of Commitments to Principles - Monitoring throughout system development lifecycle - Adjustment of management processes and system components whenever 77

necessary Availability - Monitoring of processing capacity and usage to manage capacity demand - Environmental protections, software, data backup processes, and recovery infrastructure - Recovery plan procedures Processing Integrity - Error Handling - System inputs and outputs monitored and recorded - Data processed and stored completely, accurately and timely - Modification of data monitoring - Immutability of consensus-based data Confidentiality - Protected confidential data - Protected confidential data processing throughout system development lifecycle - Restricted access is ensured - Monitoring of third party confidentiality commitments - Communication of changes Use, Retention, and Disposal of Personal Data - Processing of personal data consistent with objectives - Correction of personal data on the initiative of the data subject - Record-keeping - Updates

78

Appendix 4 Maltese VFA exchange listing assessment requirements Product 

The protocol and the underlying infrastructure, including inter alia whether it is: (i) a separate Blockchain with a new architecture system and network or it leverages an existing Blockchain for synergies and network effects (Technology) (ii) scalable (Scalability) (iii) new and/or innovative or (iv) the virtual financial asset has an innovative use case or application (Open financial system, Scalability)



Developments in markets in which the issuer operates (Scalability)



The availability of a reliable multi-signature hardware wallet solution for the asset (Security)



The relevant consensus protocol (Technology, Security)



The Systems Auditor’s report on the Issuer’s Innovative Technology Arrangement, including any reservations that may have been expressed therein (Security, Compliance, Governance, Technology, Scalability)



Whether the virtual financial asset has any inbuilt mechanism which caters for settlement failure, such as resolution mechanisms (Technology, Security)

Legal and Compliance 

The issuer’s AML/CFT and cybersecurity systems and controls (Compliance)



The determination in accordance with the Financial Instrument Test and the endorsement thereof (Compliance)



Whether the virtual financial asset has any in-built anonymization functions (Compliance)



Whether the virtual financial asset has used or was used with any smurfing technology, mixers or has been traded or traded on any Dark-net marketplace/s (Compliance)

Market 

The geographic distribution of the virtual financial asset and the relevant trading pairs, if any (Liquidity)



Whether the virtual financial asset is or has been traded on any sidechains (Liquidity) 79



Other DLT exchanges on which the virtual financial asset is traded, if any (Liquidity)



Social media information, including inter alia official website, Telegram, twitter account and Facebook page (Liquidity, Consumer Demand)

Governance 

The technological experience, track record and reputation of the issuer and its development team (Governance)



The completeness and reliability of information included in the project website and/or whitepaper, including inter alia whether an ethical or professional code of conduct exists (Governance)

80