On 12 September 2017, FCA published a consumer warning on initial coin offerings (ICOs), stating that they are 'very high-risk, speculative investments', and that 'there is a good chance of losing your whole stake' as a purchaser.

An ICO is a means by which virtual coins or tokens are sold to purchasers via distributed ledger or blockchain technology, as a means to raise funds for new ventures.

Earlier in September, the People's Bank of China had denounced ICOs as 'illegal fundraising' and issued a ban that caused the value of cryptocurrencies such as Bitcoin to plummet. The following day, Canadian regulators accepted a firm offering ICOs into its regulatory sandbox as part of its broad goal of supporting innovative fintech projects. The European Securities and Markets Authority has been the latest to denounce ICOs, echoing the FCA's warning to consumers that ICOs are 'very risky and highly speculative investments.'

On a global level, therefore, this has clearly become a discordant issue for regulators.

The FCA publication followed a US Securities and Exchange Commission (SEC) investigation into the DAO, a virtual organisation created by Slock.it. Within the Ethereum blockchain, the DAO publicly issued virtual DAO coins in return for Ether (the cryptocurrency of the Ethereum blockchain), and the greater the 'investment', the greater the voting rights an investor would obtain in how the funds would be spent. 

By applying the conditions from SEC vs Howey, the US Supreme Court test for determining whether transactions qualify as investment contracts (and by extension, securities), the investigation found that the tokens emergent from the DAO's ICO are securities and thus could fall within the US regulatory perimeter.

The SEC made the classification by fulfilling the following criteria from the Howey test:

  1. Investment of money – tokens are bought with cryptocurrency (in this case, Ether).
  2. Reasonable expectation of profits – investors buy into a common enterprise, with the expectation that the purchase of tokens would yield returns in the form of cryptocurrency from the DAO's ventures.
  3. Derived from the managerial efforts of others – DAO investors relied on the managerial and entrepreneurial efforts of Slock.it to implement digital infrastructure and manage the DAO, putting forth project proposals to generate profit for its investors.
  4. Investor voting rights were limited – given that Slock.it was able to control required voting thresholds for its projects, and given the anonymity of token holders, investors could not easily come together like shareholders and exert influence.

Within the US regulatory sphere, the classification of ICO tokens as securities demands the registration of offers and sales of securities, and registration as a national securities exchange. Surprisingly, however, the SEC did not pursue any enforcement action against the DAO.

What would a similar classification mean in the UK regulatory regime?

In its consumer warning, FCA stated that the question of whether an ICO would be regulated must be considered on a case-by-case basis. As with the US regulatory regime, the consequences of operating within the UK regulatory perimeter are considerable. Applications for authorisation are costly and time-consuming, and carrying on regulated activities without authorisation is a criminal offence.

Under the general prohibition in the Financial Services and Markets Act 2000 (FSMA), no firm may carry on a regulated activity in the UK unless it is authorised by FCA or exempted under FSMA. To carry on regulated activities, the firm must be performing specified activities relating to specified investments, as defined in the FSMA (Regulated Activities) Order 2001 (RAO).

Do tokens bought through an ICO represent specified investments?

It is unlikely that the tokens would be construed as shares, as that would require the firm offering the ICO to incorporate and have legal status. There is no parallel in the UK to the US concept of investment contracts being securities, and therefore of tokens aligned with the contracts also being securities. Nor would the tokens be likely to constitute instruments creating or acknowledging indebtedness. Depending on the structure of an ICO, it may possibly be construed as a debenture, but this would involve strict conferring of profit-sharing rights so as to render the appearance of tokens more as loans than investments in (digital) currency. 

The tokens bought through an ICO may however represent units in a collective investment scheme (CIS), the establishment, operation or winding up of which is included as a specified investment under the RAO. A collective investment scheme is defined in section 235 FSMA and its wide scope is such that it is possible for an ICO to meet the various limbs of the definition: 

  • Does selling the tokens constitute 'arrangements with respect to property of any description, including money', where the purpose of the investment would be 'to participate in or receive profits or income arising from' a firm's cryptocurrency ventures? It is likely that ICO tokens would satisfy this element of a unit in a CIS, in a similar vein to the SEC's conclusions regarding 'reasonable expectation of profit'
  • Do the investors have no day-to-day control over the management of the property, whether or not they have the right to be consulted or give directions? Even if a token was structured so as to confer a right to vote on any future ventures, the management of the cryptocurrency fund itself would never fall to an individual investor. Again, this aligns with the US element of 'derived from the managerial efforts of others', and so this condition would be satisfied
  • Finally, do the ICO arrangements represent the pooling of multiple investments? Again, they would, as its profits are pooled, and the investments are managed wholly by or on behalf of the firm operating the scheme. 

On this analysis, the DAO ICO would meet the conditions of being a CIS. It must be noted, however, that not all ICOs will be structured like that of the DAO. Although the DAO ICO may align with the FSMA definition of a CIS changes to the structure that mean it does not meet the definition in section 235 FSMA could take an ICO outside the regulatory perimeter.

If an ICO does meet the definition of a CIS the person responsible for it will be carrying on the regulated activity of establishing, operating and winding up a CIS and would need to be authorised with the correct permissions to carry on the activity. If that person were outside the UK, it would not be caught by FSMA for this regulated activity, but its marketing would be restricted as would the activities of any person in the UK seeking to arrange investment into the ICO or advise on such an investment. We discuss this below.

Are there any other specified activities involved?

The sale of tokens to investors and subsequent management of the fund may satisfy a number of 'investment activities' as specified in the RAO.

By engineering the sale of what could be construed as units in a CIS, any firm performing an ICO may be undertaking arranging activities within the scope of the RAO. The fundraising element therefore likely involves specified activities. Once the ICO's fundraising purpose is fulfilled, a firm may be involved in safeguarding and administering the fund before any ventures begin. Thereafter, the firm would be exercising discretionary management of the assets in electing its cryptocurrency ventures, likely constituting managing activities.

A potential issue arises over whether these activities are carried on in the UK. Whether or not an ICO and subsequent management of funds represent regulated activities would depend on whether investment decisions are made in the UK, and whether funds were safeguarded and administered in the UK.

For the SEC, the involvement of US investors was critical to the need for SEC registration, and similar concerns exist within the UK regulatory sphere. As FCA states, the need for authorisation may hinge on how an ICO is structured. 

Even if all regulated activities are carried out outside the UK, if the ICO interests are characterised as units in a CIS and marketed to individuals in the UK, FSMA restrictions on both marketing and certain activities would apply, so UK law cannot be circumvented simply by doing everything offshore.


For would-be investors, a firm's failure to gain authorisation threatens a key statutory objective of FCA: consumer protection. Investors dealing with unauthorised firms will not by covered by Financial Ombudsman Service or the Financial Services Compensation Scheme if things go wrong, adding further weight to FCA's claim that investors should be prepared to lose their entire stake.

Other FCA warnings regarding ICOs touched on the volatility of coins/tokens, and the risks inherent in investing in an unregulated space in the early stages of its development. The regulator added:

"Businesses involved in an ICO should carefully consider if their activities could mean they are arranging, dealing or advising on regulated financial investments. Each promoter needs to consider whether their activities amount to regulated activities under the relevant law. In addition, digital currency exchanges that facilitate the exchange of certain tokens should consider if they need to be authorised by FCA to be able to deliver their services."

It may be the case that in the volatile, unregulated space of ICOs, FCA may simply create a new regulated activity of issuing coins, as it did with peer-to-peer lending, so as to bring it within the regulatory perimeter. For now, however, FCA is alive to the risks posed and emphasises that, depending on how they are structured, firms involved may be carrying on regulated activities without authorisation or exemption.

For further advice on ICOs and their regulatory status, please contact Andrew Barber.

This article is for general information only and reflects the position at the date of publication. It does not constitute legal advice.