Garrigues Digital_

Legal innovation in Industry 4.0




Cryptoassets and the financial sector: a market revolution and regulatory challenges

José Ramón Morales and Francesc Cholvi, partner and senior associate at Garrigues Corporate Law Department.

A revolution is changing the face of the financial sector, triggered by the meteoric rise of highly innovative and disruptive cryptoassets and decentralized finance (DeFi). This revolution promises fascinating opportunities, enhanced efficiency and greater market competition. But it also forces regulators and supervisors to look closely at the risks and to rethink the objectives and mechanisms needed in their work to protect users, ensure financial system stability and prevent money laundering in this new environment. Cryptoasset regulation is very new in Spain, and figuring out how the different types of cryptoassets should be classified for legal purposes is a complex issue, with a great deal of confusion about how such assets fit into the existing legislative framework. The uniform European Union legislation regulating cryptoasset markets — the publication of which is imminent — will help clarify the rules, although there will always be an element of legal uncertainty given the constant innovation in this area.

Terms such as bitcoin, ethereum, altcoins, stablecoin, NFT, DeFi protocols and crypto winter now appear regularly in the financial press. The news reports that made these terms commonplace over recent years range from articles heralding an exciting transformational power over financial and payment systems (linked to expectations that the crypto world and DeFi will eliminate a large part of those systems’ inefficiencies and, in general, help mobilize value), to those that point out the risks involved and call for caution in view of the volatility of cryptoasset investments, and even some that decry speculative bubbles or warn about fraud enticing investors with trumped-up cryptoasset gains.

Back in October 2008, the Bitcoin White Paper first defined, in systematic terms, the operating protocols of a permissionless public network (peer-to-peer or P2P) in which these cryptocurrency transactions could be recorded in a ledger, with all the nodes in the network keeping a copy. The process would be immune to tampering through mining (adding new blocks to the blockchain) using the underlying consensus algorithm proof-of-work. Since the paper was published, numerous other networks for cryptocurrency transactions have been developed, all of which share these key features:

  1. Purely electronic asset: the currencies can be transferred, stored and/or traded electronically.
  2. Decentralized: currencies are neither issued nor guaranteed by a central bank or public authority, and no financial intermediaries are needed to verify the transactions.
  3. Medium of exchange: they are fungible assets and, as such, are suitable for use as a medium of exchange in legal transactions.

Bitcoin was conceived as an alternative to the electronic payments model that has dominated since payment cards became commonplace in the 1970s and to local and international payment systems, all of which rely on trusted intermediaries and centralized operators to verify transactions.

Bitcoin, and the way cryptocurrency and the other cryptoassets traded on distributed ledger networks (and particularly on blockchain networks) work, herald the possibility of performing large-scale secure electronic transactions of value between trustless parties, without the need for centralized intermediaries. This means we can make the leap from the “Internet of Information” to what has now been called the “Internet of Value”. Trust can be generated and double-spending can be avoided without centralized intermediaries by recording transactions within chain-linked blocks, in distributed ledgers of which all the nodes of the network retain an updated copy. The transactions are validated by the network nodes themselves, using cryptographic proof and applying consensus algorithm protocols depending on the network in question (chiefly, proof of work and proof of stake).

In general, cryptocurrencies are not considered fiat money (i.e., obligatory tender in a given jurisdiction that payees are obliged to accept as a payment means), except in certain specific jurisdictions like El Salvador, which adopted bitcoin as legal tender in 2021. Yet the enormous possibilities blockchain technologies offer for transmitting value electronically between untrusted parties has undeniably pushed blockchain-traded cryptoassets to the limelight.

By integrating cryptocurrencies in smart contracts that can be executed on decentralized platforms, such as ethereum, programmable digital money can be generated through software and payments can be executed automatically, without any additional involvement of the parties, if the conditions predetermined by the buyer and seller and coded into the smart contract are met.

This has paved the way for new cryptoassets (including stablecoins, i.e. cryptocurrencies where the price is designed to be pegged to a reference asset), new solutions for running payment and investment instruments and processes, new ways of operating primary and secondary markets for certain instruments, and new desintermediated ways of conducting financial transactions, called decentralized finance (DeFi).

The potential advantages of blockchain technologies, and of blockchain-based digital money, have also piqued the interest of central banks, financial authorities and private banks, which have unveiled numerous projects and initiatives toward a future roll-out of central bank digital currency (CBDC) and digital currency created by private financial institutions and banks (account-, token- or hybrid-based models). This factor will undeniably contribute to propelling the adoption of digital currencies, in environments fully backed by financial authorities and highly regulated entities, which can facilitate payment processes (particularly in cross-border environments) and clearing and settlement processes.

The difficulties in figuring out where decentralized crypto and DeFi fall in traditional regulatory categories, the risks investors and users face in connection with issuer or market circumstances (like when the LUNA token, pegged to Terra’s UST stablecoin, plummeted to zero value in under 48 hours last May) or circumstances affecting service providers (such as the recent collapse of major operators like Celsius and FTX, and the enormous difficulties of the cryptoassets they manage), and the hacks that underscore the importance of safeguarding the resilience and security of systems from those who move large amounts of digital assets on account of third parties, all show that we must have a legal framework that encourages financial innovation to continue while still protecting users and financial system stability and warding off criminal activity.

Cryptoassets under the law

Despite the proliferation of cryptoassets, regulations on them are in early stages in Spain, to the point that the legal characterization of the different cryptoassets is still very complex and entails a high degree of legal uncertainty.

At European Union level, as part of the Digital Finance Package, we will soon see the definitive text of an EU regulation governing cryptoasset markets. The proposed Markets in Crypto-Assets (MiCA) Regulation has now passed through the EU institutions but is pending official publication, expected for late 2022. The bulk of its provisions will apply 18 months after the regulation comes into force.

Definition under current Spanish legislation

Spanish National Securities Market Commission (CNMV) Circular 1/2022, of January 10, 2022(in force since February 17, 2022) focuses on regulating only certain aspects related with advertising of cryptoassets being offered as investments, but it does define cryptoassets as follows (Rule 2.e): “digital representation of value, a right, or an asset that can be transferred or stored electronically, using distributed ledger technologies or other similar technology”.

At present, this is the only definition established in Spanish law regarding cryptoassets as a whole. However, Law 10/2010, of April 28, 2010, on anti-money laundering and counter-terrorist financing, recently amended by Royal Decree-Law 7/2021, of April 27, 2021, on the transposition of EU directives on competition, anti-money laundering, credit institutions, telecommunications, tax measures, environmental damage prevention and remediation, posting of workers in the framework of the transnational provision of services and consumer protection, includes a definition for a specific type of cryptoasset, namely virtual currencies.

The Bank of Spain defines virtual currencies as “payment instruments running on one of the most innovative technologies of the moment to allow purchases, sales and other financial transactions”. Article 1.5 of Law 10/2010 defines them as “that digital representation of value, not issued or guaranteed by a central bank or public authority, not necessarily associated with a legally established currency and that does not possess legal status as currency or money but that is accepted as a means of exchange and that can be transferred, stored and traded electronically”.

Regulatory classification and applicable rules under current Spanish law

Current Spanish law does not establish a regulatory classification for cryptoassets. Neither are there rules governing such important questions as what features a cryptoasset must have to be considered a financial instrument within the meaning of the Revised Securities Market Law approved by Legislative Royal Decree 4/2015 of October 23, 2015 (TRLMV), which is key for determining whether a prior administrative permit or authorization is needed before services in connection with a given cryptoasset can be rendered.

Nevertheless, to be able to look at cryptoasset rules from a financial and regulatory standpoint, below we provide a classification and description of certain cryptoassets based on their economic function:

  • Payment tokens: serve as means of payment (i.e. cryptocurrencies that have their own value and that do not represent any ownership or right to claim other items).
    Based on the various communications issued by the CNMV and by the Bank of Spain, as well as the terms of the Circular and of Law 10/2010, advertising activity in respect of this type of cryptoasset would be subject to the rules contained in the Circular. In addition, providers engaged in exchange services between virtual and fiat currencies and/or custodial wallet providers (as defined in Law 10/2010) are subject to compliance with Law 10/2010 and must be registered in the recently created Bank of Spain register for providers engaged in exchange services between virtual and fiat currencies and custodial wallet providers.
  • Security tokens: these work in the same way as financial instruments (i.e., initial coin offerings (ICOs) and other cryptoassets that represent negotiable financial instruments such as shares, bonds or rights over investment contracts).
    Based on the various communications issued by the CNMV and the Bank of Spain, these assets could be considered financial instruments subject to the TRLMV. Consequently, public offerings of security tokens, as well as the provision of services related thereto, must be carried out in compliance with the legal rules and obligations established in the TRLMV, Law 10/2010 and the related implementing/supplementing regulations. This category would not be subject to the Circular, on grounds of the exclusion laid out in Rule 3.2.a).
  • Utility tokens: digital assets that give the token holder access to (ownership or right to claim) services or products provided by the token issuer.

Without prejudice to the above, the CNMV and the Bank of Spain have repeatedly advised (particularly in their last joint statement on the matter, of February 9, 2021) that cryptoassets pose a high degree of risk due, among other factors, to their extreme volatility, complexity and lack of transparency. These two institutions consider cryptoasset investments to be a high-risk wager and emphasize that the European Union still lacks a regulatory framework for cryptoassets that provides guarantees and safeguards similar to those applicable to financial products.

Concept of cryptoassets and classification in the proposed MiCA Regulation

Given that the proposed MiCA regulation will soon be published and directly applicable in the internal law of Member States, how it defines and classifies cryptoassets is a key factor with a foreseeable impact on the market. In addition to rules on issuances, public offers and admission to trading of cryptoassets on trading platforms, the MiCA also establishes the legal regime applicable to issuers of certain categories of cryptoassets and the mechanisms to protect their holders, and regulates cryptoasset service providers and protections for their clients.

In its article 3.1(2), the MiCA proposal as currently drafted defines cryptoasset as “a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology”, that is, practically identical to how it is defined in the aforementioned CNMV Circular 1/2022, of January 10, 2022.

The scope of application of the proposed regulation expressly excludes, inter alia, two relevant categories of cryptoassets:

  • Cryptoassets that are classified as financial instruments and that would therefore be subject to Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (“MiFID”). It does this to clarify that the assets that are now known as security tokens must continue to be subject to the rules on financial instruments, irrespective of whether they take the shape of cryptotokens.
  • Those cryptoassets that are unique and not fungible with other cryptoassets. This exclusion, which attempts to leave NFTs outside the scope of MiCA due to their special characteristics, must be assessed carefully: according to the “whereas” 6c) of the proposed regulation, the fractional parts of a unique and non-fungible cryptoasset should not be considered unique and not fungible, and the issuance of cryptoassets as non-fungible tokens in a large series or collection should be considered as an indicator of their fungibility.

The proposed regulation identifies the following specific categories of cryptoassets:

  • Asset-referenced tokens, which are a type of cryptoasset (other than electronic money tokens) that aims at maintaining a stable value by referencing to any other value or right, or combination thereof, including one or several official currencies.
  • Electronic money (or e-money) tokens: a type of cryptoasset that aims at stabilizing their value by referencing only one official currency.
  • Utility tokens: a type of cryptoasset that is only intended to provide access to a good or a service supplied by the issuer of that token.

However, bearing in mind that the proposed MiCA Regulation contains a general definition of cryptoassets, we could very well see the emergence of new types of cryptoassets that do not fall into any of these specific categories of tokens but that are nonetheless subject to the new rules because they meet the general definition and are not expressly excluded from MiCA's scope.

Cryptoassets in the Spanish Bill for a Securities Markets and Investment Services Law

As part of the reforms intended to clarify how to deal with cryptoassets that are classed as financial instruments, and to give the CNMV oversight in respect of MiCA-regulated cryptoassets that are not financial instruments, Spain has initiated the parliamentary procedure for the passing of the Bill for a Securities Markets and Investment Services Law.

Among other aspects, and insofar as relates to how cryptoassets fit within the system, this bill:

  • Includes references to cryptoassets when defining the financial instruments subject to the bill, in order to clarify the legal treatment applicable to cryptoassets that can be classed as financial instruments. To this end, the bill amends the definition of a “financial instrument” in order to make it clear, beyond any legal doubt, that such instruments can be issued using distributed ledger technology.
  • Introduces rules to ensure the legal certainty of the representation of value through distributed ledger technology, allowing the provisions of the Regulation of the European Parliament and of the Council on a pilot regime for market infrastructures based on distributed ledger technology to be applied in Spain.
  • Makes the adjustments necessary so that, once MiCA comes into force, it can be applied in Spain. In particular, it designates the CNMV as the competent authority entrusted with supervision of the issuance, offering and admission to trading of certain cryptoassets that are not financial instruments. And, to enable the CNMV to exercise the powers ascribed to it by MiCA, the bill establishes an infringements and penalties regime in accordance with that regulation. It is clearly stipulated, however, that the Bank of Spain will exercise supervisory, inspection and penalization functions in respect of the obligations envisaged in the MiCA Regulation as relates to issuers of e-money tokens and asset-linked tokens.

According to the bill itself, the aim of these new rules is to make it possible to apply the European legislation on cryptoassets in Spain as soon as it is approved, since the CNMV would be immediately given the supervisory powers needed to ensure protection of investors and financial stability in this area.

*         *          *         *


Once the various items of legislation currently being prepared have been approved, our legal system will have taken a significant step forward in terms of adding legal certainty to cryptoassets, their markets and operators. This should make it easier to enjoy the advantages they offer, with the safety net of efficient mechanisms protecting the interests of investors and users and the stability of the financial system as a whole.