On 9 January 2019, the European Securities and Markets Authority (ESMA) published advice on ICOs and cryptoassets to the European Commission and other EU institutions. This development is very much part of the international trend in favour of regulating cryptoassets. The advice identifies gaps and issues with current EU regulation (or rather, the absence of it). For those cryptoassets which are caught by financial regulation, ESMA describes the current regime as inadequate as it was not designed for such an asset class. In addition, for cryptoassets falling outside regulation, ESMA notes that investors are without sufficient protection and are exposed to risk (i.e. fraud, cyber-attacks, money laundering, and market manipulation). Consequently, ESMA considers that at a minimum AML regulation should be extended to cryptoassets and ICOs, as well as requiring appropriate disclosures to investors. Crucially, compared to the present – state by state – patchwork approach, ESMA makes clear that it favours an EU-wide policy.

What are Cryptoassets?

Cryptoassets are one application of blockchain / distributed ledger technology (DLT). Bitcoin was the first digital asset to use DLT. (If you want to learn more about DLT / blockchain, read our guide Unhashing Blockchain. The UK’s “Cryptoassets Taskforce” report defines cryptoassets as “a cryptographically secured digital representation of value or contractual rights that uses some type of DLT and can be transferred, stored or traded electronically.” Good examples besides the eponymous Bitcoin, include cryptocurrencies such as Litecoin, and tokens issued through an Initial Coin Offering (ICO). The question of whether different types of token fall within the financial services regulatory perimeter is at the heart of the UK’s report and the Taskforce’s recommendations.

At the same time, the EU’s banking and payments supervisory authority, the European Banking Authority  (EBA), has published its own report on cryptoassets with advice to the Commission. This is generally consistent with ESMA’s work. However, given that cryptoassets generally fall outside the scope of financial regulation, the EBA wants the Commission to carry out a comprehensive cost/benefit analysis to see what, if any, action is justified at the EU level, before taking any further steps. In any event,  the EBA recommends that banks adopt FATF’s latest AML recommendations and any future standards when handling cryptoassets. In addition, the EBA will continue to monitor financial institutions’ cryptoasset activities, including practices on consumer-facing disclosure.

Perhaps in part due to recognition that regulatory sandboxes and innovation hubs are an important incubator of DLT, the technology behind cryptoassets, the Securities and Markets Stakeholder Group to the European Securities and Market Authority has recently called for more co-ordination between regulators. This would see regulators keeping ESMA informed about the operating conditions of their sandbox or hub, as well as steps taken to protect investors and outcomes. As a measure this appears fairly innocuous, but coupled with possible ESMA’s Guidelines on cryptoassets it could be more significant in terms of moving towards more harmonised EU regulation in this area.

These latest EU initiatives follow-on from the publication of the UK’s “Cryptoassets Taskforce” report and recommendations on the regulation of cryptoassets in October 2018. The Taskforce which comprises HM Treasury, the Bank of England and the Financial Conduct Authority (FCA) was established in the Spring of 2018 against a backdrop of increasing involvement by mainstream market firms with cryptoassets and a developing related derivatives market. There is much common ground between the Taskforce and EU authorities.

The Taskforce noted the potential benefits of cryptoassets, but placed considerable emphasis on the risks posed. In this respect, although the UK Government has reiterated its ambition for the UK to be among the world’s most innovative economies, the report points to evidence of consumer harm and risks to market integrity.  On the positive side for the UK’s DLT and cryptoassets sector, the Taskforce indicated that more regulatory certainty on cryptoassets will be provided over the coming months, which is to be welcomed.

Key Messages from UK Taskforce

  • UK regulatory approach is “well suited to support” developing DLT in financial services
  • UK regulators to continue taking a technologically neutral approach to regulation
  • Use of cryptoassets for financial crime will not be tolerated; the sector is to be brought within AML regulation with gold plating of 5MLD requirements
  • FCA to provide guidance on regulatory perimeter and the status of “security” tokens
  • Consultation on whether to extend the regulatory perimeter to cryptoassets and ICOs where there have equivalent characteristics to specified investments
  • UK initiatives to take consistent international action

All these recent reports confirm that the risks posed and (to a lesser extent) the opportunities presented by cryptoassets are fast rising up the political and regulatory agenda. There is growing pressure on government and regulators to act.

The adage that technology has made the world smaller is truer than ever in the context of DLT and cryptoassets. As do ESMA and the EBA in respect to the EU, the Taskforce argues for a consistent international approach to ensure global “regulatory coherence” and avoid arbitrage in markets. The UK will lobby for higher standards and increased regulation through international bodies such as FATF, the G-20 and Central Bank Governors, IOSCO and the Financial Stability Board. The FCA and other regulators will also be able to work through the newly established Global Financial Innovation Network (GFIN), which acts as a forum for joint work and discussions on technologies such as DLT and cryptoassets.


Sue McLean is a partner and co-chair of the EMEA Financial Services Industry Group and co-chair of the UK FinTech practice. She specialises in technology and had been advising on technology projects for over 20 years. She also advises clients (both customers and vendors) on a wide range of technology matters, including outsourcing, cloud, digital transformation, technology procurement, development and licensing, m/e-commerce, AI, blockchain and data privacy.


Mark Simpson is a partner in the Financial Services & Regulatory Group in the London office where he practices in the areas of financial regulation, financial crime, and regulatory investigations. He is a member of the Firm's EMEA Financial Services & Insurance Steering Committee, as well as its Global Funds and FinTech Groups.