The legal challenges you need to consider before launching a blockchain start-up
14 July 2022
Even though the blockchain and DLT space have grown by leaps and bounds over the past few years, the industry is still very young and there are plenty of things that still need to be figured out. Naturally, this creates a lot of opportunities, but also challenges, especially for a young company. Apart from the technical challenges that stem from dealing with a novel and complex technology like blockchain, companies also need to navigate the murky waters of a loosely defined regulatory regime.
The majority of legal hurdles come as a result of the inability of current financial rules and regulations to cover the various aspects of the blockchain sector, as well as from the lack of a unified approach when it comes to blockchain and crypto regulation. However, this does not mean that there isn’t a general idea behind the various regulatory measures and guidelines proposed or introduced by watchdogs across the world. The main focus is to prevent bad actors from exploiting the technology for their benefit at the expense of investors. The stability of financial markets is also a concern, although, for the most part, regulators still consider blockchain and more specifically crypto, as posing a low risk to the global economy.
The first thing that a blockchain start-up needs to consider is the specific rules and regulations present in its jurisdiction of choice. The rapid evolution of blockchain technology has caught regulators across the world off guard, leaving them scrambling to devise new or adapt existing, rules and regulations for the sector. This has led to a lot of makeshift measures, regulatory patchwork, and a somewhat scattershot approach to regulating the space. Because of this, a blockchain start-up needs to be keenly aware of the authorization and operation conditions it has to meet to conduct business in a given territory, especially if that business involves crypto-related activities, for example, cryptocurrency trading.
In their efforts to ensure maximum customer and market protection, certain regions have put in place stricter rules for crypto exchanges and other crypto-related businesses.
For example, Japan requires crypto exchanges to be registered with the country’s financial regulator, the Financial Services Agency. Crypto exchange operators are required to comply with a set of requirements in order to keep their registration with the FSA and the right to operate in the country. In addition, there is the Japan Virtual and Crypto Assets Exchange Association (JVCEA), which is a self-regulatory organization looking to establish industry standards for authorized crypto exchanges in Japan. Last year, the country also introduced a complex regulation that, among other things, introduced new rules for crypto-asset providers.
Similarly, there have been efforts to come up with robust regulations for the sector in the European Union, with the most comprehensive of which being a regulatory framework for crypto assets proposed last year by the European Commission. The framework, called Markets in Crypto Assets Regulation (MiCA), introduces formal definitions for three types of crypto assets, as well as rules for issuers of such assets and other crypto-related businesses.
In the US, the regulatory landscape is more complicated and fragmented, due to the ability of individual states to produce their own rules and regulations on top of the requirements and guidelines that exist on a federal level. This means that state laws are another thing that blockchain businesses need to consider carefully, especially since some states have taken a friendlier stance towards the technology than others.
This can also happen on a global level, as the regulatory sentiment can vary from one jurisdiction to another. In general, regulators are still hesitant to fully embrace blockchain technology and especially crypto, but some countries have implemented friendlier rules for the sector. An example of this is Switzerland, which is famous for its blockchain-friendly regulatory regime.
The fragmented nature of the global regulatory landscape also means that providers of cross-border services will need to take into account the rules and regulations of every jurisdiction they want to operate in. Fortunately, there are already attempts for creating frameworks designed to work on a subtranational, if not global, level. The aforementioned MiCA, for example, seeks to harmonize the crypto-asset regulations across the EU. It is expected to replace any crypto-asset rules and regulations that exist in individual EU member states.
Anti-money laundering (AML) and Know-Your-Customer (KYC) requirements
Blockchain start-ups will likely have to deal with AML and KYC compliance rules, especially if their business involves any crypto-related activities. These rules are meant as a measure against money laundering and terrorism funding and affect not only cryptocurrency transactions but traditional financial operations, as well. AML and KYC compliance is a must for any money-service business that seeks to gain the right to operate in a given jurisdiction.
In general, KYC procedures involve collecting customer data, verifying it against available public sources, making sure that the customer is not in any blacklists, monitoring transaction history and user behavior. What makes things complicated is the lack of standardization on a global scale, which leads to jurisdictions having distinct approaches to implementing and enforcing AML and KYC rules.
FATF Travel rule
We cannot talk about AML and KYC without mentioning the ‘FATF Travel rule’. The Financial Action Task Force is a global watchdog responsible for devising standards for combating illicit financial activities such as money laundering and terrorist funding. The regulator issues recommendations that are not legally binding, but are nevertheless expected to be implemented by FATF’s 200+ member jurisdictions. A failure to implement the recommendations can result in punitive action.
In 2019, FATF amended its Recommendation 16 to include new guidelines for what the regulator refers to as “virtual asset service providers” (VASPs). According to these guidelines, countries need to ensure that VASPs obtain and exchange information about the sending and receiving counterparties in a cryptocurrency transaction.
Another challenge that blockchain start-ups need to take into account stems from the privacy laws and regulatory frameworks that exist in the different jurisdictions across the world – for example, the General Data Protection Regulation (GDPR) in the EU. Of particular importance is assessing whether there is friction between privacy laws and other legal requirements like AML and KYC.
Blockchain networks with sufficient levels of decentralization are quite resistant to hacks and other types of cyberattacks, as their decentralized nature ensures that there is no single point of failure that can be exploited. However, things are quite different when it comes to blockchain- and crypto-driven businesses. Because they are separate entities, such businesses can be targeted much more easily by hackers. That’s why blockchain businesses, crypto businesses, in particular, need to make sure to implement adequate security measures and procedures, as per the requirements in their respective jurisdictions.
There are plenty of examples of cyber-attacks and other security breaches prompting regulators to take more decisive action towards the crypto space. One such example is the high-profile hack of Japanese crypto exchange Coincheck in early 2018, which forced the local authorities to step up their regulatory efforts and impose more stringent rules for crypto exchanges seeking to operate in the country.
Another potential pitfall that blockchain start-ups have to consider when it comes to security is that blockchain systems are not always impervious to cyber attacks. While it is true that large public blockchains like Bitcoin and Ethereum are practically unhackable, smaller networks with fewer validation nodes are more vulnerable to malicious tactics like the infamous ‘51% attacks’ that could result in bad actors gaining control over more than half of a network’s computing/voting power. This is worth keeping in mind if you’re trying to build a new blockchain network from scratch.
One of the biggest strengths of blockchain technology is that it is largely open-source. This has been crucial for fostering innovation in the blockchain space, as developers have been able to build on top the work of their peers to fuel the next iterations of the technology. However, the open-source licenses that make this way of working possible often come with specific restrictions. So blockchain start-ups need to be keenly aware of what rights they gain under a given license and what restrictions they need to take into account.
Start-ups also need to consider patenting components that are critical for the success of their applications. Those can include payment processing systems, encryption methods, etc.
A helpful hand
With rules and regulations varying, sometimes quite wildly, from one destination to another, dealing with the various legal issues that can occur as a result of the widespread regulatory uncertainty can be quite challenging, especially for a start-up. That’s why enlisting the services of an experienced legal advisor can be a life saver. At LimeLegal, we have vast experience in helping start-ups deal with the legal implications blockchain technology has in various jurisdictions, namely the UK, Ireland, the US, Germany, Switzerland, Bulgaria, Malta, Lichtenstein, Estonia, Lithuania, and Gibraltar. We have a comprehensive suite of legal services including advising on token offerings such as initial coin offerings (ICOs) and security token offerings (STOs), fintech and blockchain company registration, consultancy on taxation, and blockchain regulation in the EU, and others. In case you are on the lookout for a capable blockchain legal advisor, do not hesitate to get in touch.
Generally speaking, the blockchain and crypto space has never had a good relationship with regulators. From the early years, when the fledgling industry was largely ignored, to more recent times, governments and regulators around the world have time and again demonstrated their inability to handle the sector.
Security tokens are a crypto asset type that represents an ownership stake in an asset or a business. A security token essentially serves a similar role to traditional securities such as shares so it warrants the same regulatory scrutiny as those types of financial instruments.
Regulation of the blockchain and crypto space has been notoriously hard to work out, especially after cryptocurrencies like Bitcoin and Ether rose to prominence and kicked off a larger crypto boom in the latter part of the previous decade.