In April 2017, the FCA published a Discussion Paper (“DP”) on DLT which sought views on the regulatory implications of DLT developments in financial markets and considered the potential risks and benefits of DLT applications. The FCA received 47 responses to the DP from a range of market participants and on 15 December 2017 the FCA published its Feedback Statement.

No need to change rules

In its Feedback Statement, the FCA points out that DP respondents were positive about the FCA’s ‘technology-neutral’ approach to regulation and its open and proactive approach to new technology. Feedback also suggested that the FCA’s existing rules are sufficiently flexible to allow for the use of DLT and there are no substantial barriers to adopting DLT under existing rules.

Accordingly, the FCA concludes that there is no need to recommend or implement any changes to FCA rules with respect to the use of DLT at this stage. However, the FCA will keep the position under review. In the meantime, the FCA will continue to:

  • maintain a proactive and supportive approach to technological innovation;
  • monitor DLT-related market developments;
  • engage with DLT use cases and industry stakeholders; and
  • work closely with regulatory bodies at both the domestic and international level.

With respect to Initial Coin Offerings specifically, the FCA confirmed that it will gather further evidence on the ICO market to determine whether further regulatory steps are required. In the meantime, the FCA reiterated its view that the risks to consumers and the legal and regulatory position of each ICO proposition should be assessed on a case by case basis.

A role for self-regulation?

The Feedback Statement is an interesting read and, on the positive side, the FCA has been praised for its approach to permissionless networks (it says it’s open to both permissioned and permissionless networks, provided that the operational risks are properly identified and mitigated) and its generally pragmatic stance to the use of DLT.

However, those looking for more specific guidance on the regulatory frameworks applicable to DLT or ICOs will be disappointed. In a move that isn’t surprising to anyone familiar with the FCA’s typical principles-based and technology neutral approach, the FCA confirmed that it expects organisations to assess their use of DLT on a case by case basis.

Therefore, although the report may be a useful restatement of the FCA’s views, it doesn’t really represent a change to the approach that the UK DLT sector has been taking to date. And it doesn’t provide the certainty that some companies using DLT, or seeking to carry out an ICO/token raise in the UK, have been looking for.

Perhaps then, while the FCA continues its ‘wait and see’ approach, actors in the DLT sector will start to take an active lead in creating self-regulation to help create an environment for sustainable DLT projects and token sales here in the UK.

There’s certainly increasing demand for best practices, codes of conduct and self-regulatory frameworks to be developed. And there are signs that the sector is responding.

For example, a couple of new industry organisations have recently launched – (1) the British Blockchain Association focused on “making Britain one of the leading nations in blockchain arena by benchmarking exemplary standards” and (2) CryptoUK focused on representing the interests of the UK cryptocurrency sector, which has produced a code-of-conduct.
There is also a role for lawyers to play here, in helping the sector navigate existing rules and help create best practices. While the regulator is playing catch-up, the sector may start to influence the direction of any future regulation.

Feedback Statement Highlights

Operational Risks

  • Almost all DP respondents highlighted the operational benefits of a DLT network, such as increased resilience and transparency leading to low transaction fees, enhanced availability, standardisation and interoperability. That being said, respondents suggested that applying DLT in financial services at a large scale might trigger some new or increased operational risks (e.g. coding errors, stability risks with newly developed technology, as well as scaling, latency, data privacy and security concerns).
  • The FCA makes clear that it expects firms to mitigate operational risks by implementing and maintaining good operational risk management, and to undertake appropriate due diligence before deciding to use particular solutions. With respect to security, firms will be responsible for implementing appropriate systems and controls, particularly where technology and security are core to the delivery of a regulated service. The specific operational risks will in part depend on the nature of the particular DLT solution. The use of DLT might affect how individual responsibility and accountability is allocated. Firms must allocate responsibilities appropriately.


  • While some respondents were concerned that permissionless DLT networks could be incompatible with the FCA’s outsourcing rules, the FCA does not share this view. Firms will need to review each case to determine whether use of a DLT network amounts to ‘outsourcing’. The FCA does not consider that using a permissionless network will always amount to outsourcing. Provided that appropriate risk management is in place, the FCA does not consider that permissionless networks are inherently incompatible with the FCA regulatory regime.

Digital Currencies

  • Digital currencies are not currently regulated by the FCA (or the Bank of England) and the FCA does not at this point see clear evidence of financial stability or systemic risks but it’s closely monitoring developments.
  • With respect to ICOs, the FCA intends to gather further evidence on market developments and to conduct a deeper examination to determine whether there is need for regulatory action. It will also continue to collaborate with industry and other national and international regulators and global standard setters. In the meantime, the FCA It reiterated that tokens and ICO activities could be regulated activities and their regulatory status needs to be determined on a case by case basis and provided some helpful regulatory analysis. It also referred to its existing alerts on ICOs and CFDs.

Smart contracts

  • DP respondents highlighted a wide range of uses of DLT, particularly within the capital markets sector, but they believed that clarity was needed on legal issues, such as the legal status of digital assets and the enforceability of smart contracts, before such solutions could be used at scale. However, there was general confidence that suitable standards and templates will be developed. The FCA agrees that DLT can benefit securities markets through more efficient post-trade processes and enhanced reporting and data management capabilities, but some challenges need to be addressed. The FCA does not intend to propose any DLT-driven rules at this point.

Regulatory Reporting

  • The FCA acknowledges the potential benefits of adopting DLT as a RegTech solution. However, it points out that this would require a combination of multiple DLT systems and legacy systems to operate with one another and legal issues such as the legal status of digital assets and the enforceability of contracts would need to be clarified. At this point, the FCA doesn’t intend to propose DLT-driven rule changes, but will continue to monitor market developments closely and will continue to prioritise RegTech initiatives as part of its FCA Innovate initiative. The FCA also pointed to its involvement in the BARAC – Blockchain Technology For Algorithmic Regulation and Compliance project (an initiative which Baker McKenzie is also supporting), a proof of concept to thoroughly investigate legal and regulatory implications of the use of DLT for automation of regulation and compliance.

Financial Crime

  • The FCA reported that DP respondents identified that although DLT could facilitate the secure sharing of data, the Money Laundering Regulations don’t incentivise firms to share KYC information or foster enhanced levels of cooperation. In its report, the FCA stated that it does not believe that using DLT automatically introduces or increases financial crime risks, but observed the practice of denying banking services to firms who use DLT and reiterated previous guidance that the deployment of DLT shouldn’t result in a wholesale denial of access to traditional banking services. The FCA also welcomed the use of DLT in detecting and preventing suspicious activity and stressed that changes to the MLR regime are “worth exploring”.


  • While some respondents perceived a tension between the core features of DLT and GDPR, others were of the view that DLT provided a more efficient way of compliance with the GDPR. In response, the FCA pointed to the Information Commissioner’s guidance on GDPR compliance and confirmed that at this stage they have not identified any substantial incompatibilities between the FCA rules and the GDPR’s requirements. Accordingly, they did not see a material need for further FCA guidance at this time.

Sue McLean is a partner and co-chair of the EMEA Financial Services Industry Group and co-chair of the UK FinTech practice. She specialises in technology and had been advising on technology projects for over 20 years. She also advises clients (both customers and vendors) on a wide range of technology matters, including outsourcing, cloud, digital transformation, technology procurement, development and licensing, m/e-commerce, AI, blockchain and data privacy.