“Initial Coin Offerings” (ICOs) are also increasingly frequently being conducted in the Austrian financial market. Depending on their design ICOs may constitute a financial service requiring a licence, or may fall within the scope of another law regarding investor protection. The FMA is generally open to new developments, and neutral in terms of the underlying technology. We are therefore duty-bound to advise providers of ICOs, in which areas there are potentially linkages to laws for which the FMA is competent for their enforcement.
What are crypto assets, virtual currencies, coins and tokens?
In connection with ICOs in practice a range of different terms (crypto assets, coins, tokens, virtual currencies etc.) is used. Recently the term “crypto asset” has been adopted as an umbrella term for the terms mentioned. There is currently only a legal definition for the term “virtual currency” (see Article 3 (18) of Directive (EU) 2018/843). Irrespective of the legal definition the term “virtual currency” is currently being viewed critically. In order to cover all the different terms, the term “crypto assets” will hereafter be used as an umbrella term. The terms coin or token are frequently used synonymously despite technical differences, and are also used as such in this article.
What is an ICO?
An ICO, as a rule, is a form of corporate or project financing based on the blockchain technology. During an ICO capital is usually collected in the form of specific crypto assets (Bitcoin, ETH or similar coins or tokens). In return the capital providers receive a coin or token from the issuer who is connected to the company or project of the organiser of the ICO. The coin or token may also take the form of a shareholding in a company, frequently that of a start-up, or a claim to a promise in relation to profits to be realised in the future.
Due to the different designs of ICOs in technical, functional and economic terms, it is not possible to provide a one-size-fits-all supervisory law classification of them. An assessment under supervisory law must always be based on the specific design of the ICO on a case-by-case basis. We would advise that all of the FMA’s interpretations are made subject to further developments, both on a European level as well as due to any changes in the national legal framework, such as in the form of a legal definition.
Regarding the allocation of security, utility and payment tokens see further below.
Currently specific rules under supervisory law governing the conducting of ICOs neither exist at Austrian nor at European level. Depending on the specific design of the ICO, there may however be some linkages to existing supervisory law. In addition to the specific design regarding the taking and usage of the capital of the ICO, the legal position of the holder of the coin or token among other issues is of particular relevance.
Austrian Banking Act (BWG; Bankwesengesetz)
Where capital is not collected in the form of crypto assets, but are instead collected in the form of a currency that is legal tender and the ICO foresees the repayment of such funds, then the activity requiring a licence of deposit-taking business as defined in Article 1 para. 1 no. 1 (receiving of funds from other parties for the purpose of management) or no. 2 (receiving of funds from other parties as deposits) of the Austrian Banking Act (BWG; Bankwesengesetz).
Issuing and administering means of payment
Regardless of the form in which capital is raised (whether using crypto assets or currencies that are legal tender), if the ICO stipulates that the generated Coin is intended to be deployed as a payment instrument, then depending on the specific design of the ICO, the activity requiring a licence of issuance and administration of payment instruments in accordance with Article 1 para. 1 no. 6 BWG may be fulfilled.
Third-party securities underwriting
Article 1 para. 1 no. 11 BWG contains a separate activity requiring a licence, for the participation in underwriting of third-party issues in certain instruments (e.g. transferable securities) The realisation of an issuance of a bond in the form via the blockchain (as a “tokenised” bond) for a company, i.e. the realisation of an issuance, taking over of securities/instruments as well as their placement and the associated services therewith would constitute this activity.
Safekeeping and administration of securities on a commercial basis for other parties requires a licence in accordance with Article 1 para. 1 no. 5 BWG as custody business, regardless of the technical manner, e.g. using blockchain and smart contracts, provided that a custody agreement exists. An agreement is concluded about the tokenisation of a transferable security and smart contracts made available for saving data and managing all of the rights and obligations associated with the bonds.
Securities Supervision Act 2018 (WAG 2018; Wertpapieraufsichtsgesetz 2018)
Coins or tokens may constitute financial instruments as defined in the Securities Supervision Act 2018 (WAG 2018) in particular transferable securities. There is a strong indication for such a classification, if the rights associated with the coin or token are comparable to well-known categories of securities. In particular the granting of voting rights, shares in profits, tradability, the promise of interest payments or the repayment of the capital received at the end of a specific term therefore speak for the existence of a security (Also see the section on “security tokens”). The classification under supervisory law is conducted on a case-by-case basis and depending on the specific design.
Depending on the design of the coin or token, it may also not be possible to exclude a classification as defined in WAG 2018, even where the instrument is not a transferable security.
In such instances, depending on the advanced design of the ICO an investment service requiring a licence under the WAG 2018 may exist.
Regulation (EU) 2017/1129 / Capital Market Act 2019 (KMG 2019; Kapitalmarktgesetz 2019)
The public offering or the authorisation of access to a regulated market for securities in Austria is generally subject to Regulation (EU) 2017/1129. The public offering of investments in Austria is generally subject to the obligation to publish a prospectus in accordance with the Capital Market Act 2019 (KMG 2019; Kapitalmarktgesetz 2019). If as described above a transferable security as defined in the WAG 2018/Regulation (EU) 2017/1129 should exist (see also the section on “security tokens”), then accordingly a securities prospectus as defined in Regulation (EU) 2017/1129 must be drawn up and published. If it is not a transferable security as defined in the Regulation (EU) 2017/1129 / WAG 2018, coins or tokens may still require a prospectus as an investment (investment prospectus). This applies for example in the case that a coin/token grants proprietary rights to the respective holder, such as rights to a claim, membership rights or conditional rights (e.g. ownership rights, claims to dividends or repayment) against the ICO organiser, and the investors collectively or together with the issuer form a risk-sharing group, but where a transfer is not possible or is only possible with some difficult.
E-Money Act 2010 (E-Geldgesetz 2010) and the Payment Services Act 2018 (ZaDiG 2018; Zahlungsdienstegesetz 2018)
When conducting an ICO in addition to the requirements set out in the Austrian Banking Act (BWG; Bankwesengesetz) the financial market supervision rules of the E-Money Act 2010 (E-GeldG 2010; E-Geldgesetz 2010) as well as the Payment Services Act 2018 (ZaDiG 2018; Zahlungsdienstegesetz 2018) may also be fulfilled.
What is electronic money?
Electronic money is defined in Article 1 para. 1 E-GeldG 2010 as all electronically stored, including magnetically stored, monetary value in the form of a claim on the electronic money issuer, issued on receipt of funds for the purpose of making payment transactions as defined in Article 4 no. 5 of the Payment Services Act 2018 (ZaDiG 2018; Zahlungsdienstegesetz 2018), and which is accepted by a natural or legal person other than the electronic money issuer.
Which coins or tokens are covered by the E-Money Act 2010?
From the outset in functional terms payment tokens as electronic money come into consideration, which with payment transactions are intended to be conducted and which should be accepted by third party acceptors as means of payment.
In contrast to other crypto assets (such as Bitcoin) in the case of ICOs there is generally a “central issuing body”, thereby satisfying the requirement of an issuer. In order to correspond to the requirements of Article 1 para. 1 E-GeldG 2010, the issuance (of the “token”) must furthermore take place against the payment of an amount of money. For this purpose legal means of payment come into consideration, whether in the form of cash or a scriptural currency. Payments are made in domestic currencies as well as in foreign currencies, and also those from third countries. Moreover, a proprietary right must exist against the electronic money issuer.
Whether an ICO is captured by the obligation for approval set out in the E-GeldG 2010 depends primarily upon its specific design (case-by-case review) and whether in this context it results in a payment of “money” (legal means of payment).
Provision of Payment Services
The provision of payment services on a commercial basis generally also requires a corresponding licence to be held. In the case of an ICO the requirements for the issuance of payment instruments or the acquiring of payment transaction might be fulfilled (Article 1 para. 2 no. 5 ZaDiG 2018).
What is a payment instrument?
A payment instrument is any personalised device and/or personalised set of procedures agreed between the payment service user and the payment service provider and used in order to initiate a payment order (Article 4 no. 14 ZaDiG 2018).
Typical payment instruments include online banking with a PIN or the use of a debit card with a PIN.
Which coins or tokens are covered by the Payment Services Act 2018?
In principle any instrument can be considered as a payment instrument that is used to make a payment order, and therefore the term is to be understood in very broad terms. Ultimately in the case of an ICO it depends whether the issued token is personalised, or whether it is designed in such a way the it may be used by every holder and therefore is transferable (reviewed on a case-by-case basis).
Moreover the application of the ZaDiG 2018, as also already is the case in the E-GeldG 2010, generally excludes when money (legal instruments of payment) is not transferred.
Alternative Investment Fund Managers Act (AIFMG)
Furthermore, an ICO may also fall within the scope of application of the Alternative Investment Fund Managers Act (AIFMG; Alternative Investmentfonds Manager-Gesetz). Where capital is collected from a majority of the investors, in order to invest it in accordance with a defined investment strategy for the benefit of the holder of the token/coin, then an alternative investment fund (AIF) exists, and the administrator of this AIF (as a rule the issuer in the case of an ICO) is in this case to observe the rules set out in the AIFMG.
Further information about alternative investment funds (AIFs) can be found here:
Currently there is no legally recognised classification of tokens, neither in Austria nor on a European or international level. The literature differentiates between three different types:
- Security / Investment Tokens (hereafter referred to as “Security Tokens”)
- Payment / Currency Tokens (hereafter referred to as “Payment Tokens”)
- Utility Tokens
This classification does not allow final conclusions to be made with regard to the assessment under supervisory law, but is far more intended to make it easier to gain an overview about the types of token to be found on the market. This classification is neither conclusive, since there are both hybrid forms as well as further types of tokens (which are not covered here in closer detail), nor do such classifications address future technical developments. The classification under supervisory law must in any case always be conducted on a case-by-case basis, for which reason, prior to the implementation of a proposed business model it is recommended to send an enquiry to the FinTech Point of Contact to clarify any supervisory laws that must be observed.
As is apparent from the figure above, in practice hybrid forms and overlaps frequently occur, for which reason an assessment under supervisory law may only occur on a case-by-case basis.
We would advise that all of the FMA’s interpretations are made subject to further developments, both on a European level as well as due to any changes in the national legal framework, such as in the form of a legal definition.
Security tokens embody claims for a pay-out (“future cashflow”) towards the issuer, which may be designed in accordance with corporate law or under contract law. Furthermore rights under company law, such as voting rights at a general meeting may also be associated with Security Tokens. Such tokens therefore usually embody claims to the payment of capital, whether in the form of participation in the profits of the company or in the form of interest payments and repayment. In this instance it is not compulsory for such claims to exist in a legal tender currency.
The design of such security tokens is therefore similar to that of “classical securities” in particular bonds or shares. Security tokens are therefore frequently considered as transferable securities as defined in Regulation (EU) 2017/1129 as well as the Securities Supervision Act 2018 (WAG 2018; Wertpapieraufsichtsgesetz 2018).
When does a transferable security as defined in Regulation (EU) 2017/1129 / WAG 2018 exist?
For a transferable security as defined in Regulation (EU) 2017/1129 as well as the Securities Supervision Act 2018 (WAG 2018; Wertpapieraufsichtsgesetz 2018) to exist generally the following criteria must simultaneously occur:
- “Embodiment” of the right: The right is dependent on the possession of the transferable security. A classical securitisation in the form of a (global) certificate is not necessary according to the prevailing opinion for the definition of a transferable security under European law (Kalss/Oppitz/Zollner, Kapitalmarktrecht² Article 11 No. 15; Zivny, KMG² Article 1 MN 69).
- Tradability on the Capital Market: The transferable securities are designed identically in large quantities and are substitutable between one another (standardisation). Transferable securities may be transferred and traded without any restriction (transferability). It must be at least generally possible for the transferable securities to be traded on a capital market, although a specific listing or specific inclusion in trading is not necessary (tradability on a capital market in a narrower context).
- Comparability with shares, bonds or similar transferable securities (see the definition in WAG 2018 (in German)): The European legislator has standardised three types of transferable securities. The list includes shares, bonds and other similarly designed forms. A general comparability of these standardised types is required.
- No exception: In turn, certain instruments are not covered by the term transferable security, e.g. certain payment instruments, bills of exchange, savings account books or money-market instruments.
Security tokens are usually qualified as being transferable securities as defined in the KMG/WAG 2018, since the aforementioned criteria are fulfilled:
- “Embodiment”: The proprietary right usually depends on “possession” of the token. Usually, in the event of a transfer the various functions (legitimation function, evidential function, presentation function, and transport function) are transferred to the new holders. The documentation through the Blockchain/Distributed Ledger Technology may be considered to be sufficient (Dobrowolski, GesRZ 2018, 147 (156); Zickgraf, AG 293 (302); Hacker/Thomale, Crypto-Securities Regulation [retrieved on 18.9.2018]).
- Tradability on the Capital Market: Tokens are usually standardised and are transferable without any restrictions. A “listing” or an “inclusion” in a trading platform for crypto assets is therefore generally possible without any further action.
- An “exception from the term securities” does not usually exist, as there is usually no payment function, but instead claims against the issuer are paramount.
- “Comparability with classes of transferable securities that may be traded on the capital market”: This criterion therefore depends on the legal claims against the issuer and is also generally satisfied regarding claims to “future cashflows”.
The following examples should demonstrate the allocation of Security Tokens as transferable securities:
- A Token authorises the holder to participate in the profits of the issuer: five per cent of the profit stated on the balance sheet is distributed to all token holders (split pro rata by units held) (“similar to shares”).
- A token authorises the holder to receive three per cent interest per year, with a repayment of the capital intended to take place after ten years (“similar to bonds”).
When is a Security Token considered an Investment as defined in the Capital Market Act 2019 (KMG 2019; Kapitalmarktgesetz 2019)?
If the security token is not a transferable security as defined in WAG 2018 / Regulation (EU) 2017/1129, then it may also be an investment as defined in the KMG 2019, in particular in the case that a token/coin is not transferable or its transfer is restricted, but claims to capital or returns are embodied and a risk-sharing group exists. In the case of a public offering, then in this instance an investment prospectus would be necessary.
Rules for Security Tokens under Financial Market Supervision Law
If a token is classified as a transferable security, there are – depending on the precise business model – a wide range of rules that apply under financial market supervisory law. The most important obligations should be summarised here to create an overview:
- The public offering of transferable securities requires the publication of a securities prospectus that has been approved by the authorities and is subject to Regulation (EU) 2017/1129, provided that no exemption exists from the obligation to publish a prospectus.
For trading venues which “list” or include such tokens
- Depending on the type of trading conducted it is usually to be assumed that the operator of the trading venue is subject to the obligation to hold a licence, as a stock exchange or as a multilateral trading facilities (MTFs)/organised trading facilities (OTF). The Stock Exchange Act 2018 (BörseG 2018; Börsegesetz 2018) as well as the Securities Supervision Act 2018 (WAG 2018; Wertpapieraufsichtsgesetz 2018). In the case of listing or inclusion on a trading venue, for example a regulated market or an MTF/OTF the rules for preventing insider information as well as market manipulation as well as very transparency requirements apply. For the sake of completeness, we would advise that against the background of the infrastructure requirements and frameworks (e.g. in conjunction with Regulation (EU) 909/2014) such a listing or an inclusion for trading on the aforementioned platforms is subject to legal and practical impediments (see below for further information). The latter issue should also be taken into account when planning such a trading platform on which the aforementioned instruments are intended to be traded.
For the provision of investment services
- Irrespective from the operation of an MTF/OTF that has already been addressed, the provision of investment advice on a commercial basis, the receiving and transmitting of orders and well as portfolio management in relation to tokens that are classified as transferable securities, also requires a licence under WAG 2018.
For the commercial custody of tokens for third parties
- When safekeeping and administration occurs as per the definition contained in the Securities Depot Act (DepotG; Depotgesetz), then an obligation to hold a licence in accordance with the Austrian Banking Act (BWG; Bankwesengesetz) exists, since it is considered to be a banking transaction.
- In addition the following rules may also apply.
- A wide range of standards need to be observed in conjunction with securities transactions – such as, depending on the precise procedure or business model: Securities Depot Act (DepotG; Depotgesetz) in German only, EMIR, SFTR, Benchmarks Regulation, Prohibition of Short Selling, CSDR, the Nationalbank Act (NationalbankG; Nationalbankgesetz 1984) or the Settlement Finality Act (FinalitätsG; Finalitätsgesetz) – in German only.
Other (licensing) requirements may also exist.
- Depending on the design furthermore the Austrian Banking Act (BWG; Bankwesengesetz), the Alternative Investment Fund Managers Act (AIFMG; Alternative Investmentfonds Manager-Gesetz) or other laws, such as the Payment Services Act 2018 (ZaDiG 2018; Zahlungsdienstegesetz 2018) or the E-Money Act 2010 (E-Geldgesetz 2010) as well as provisions in relation to the prevention of money laundering may also apply. In the case of listing or inclusion on a trading venue, for example a regulated market or an MTF/OTF the rules for preventing insider information as well as market manipulation apply.
A payment token is a type of token, the primary purpose of which is a payment function. Payment tokens therefore represent a specific value, with which goods or services may also be acquired from persons other than the issuer. Payment tokens generally are not intended for any other usage.
With regard to the treatment of payment tokens under financial supervisory law the specific circumstances for the case in hand are of essential significance. Depending on the specific design of the ICO or the coin/token various circumstances may exist that require a licence. The most important activities requiring a licence should be summarised here to create an overview.
By issuing a payment token the activities requiring a licence of issuance and administration of payment instruments pursuant in accordance with Article 1 para. 1 no. 6 BWG and the issuance of e-money as defined in the E-Money Act 2010 (E-Geldgesetz 2010) may be met. In this case it depends whether the token may be used for payment with third party acceptors, and whether it may be purchased or exchanged (or paid out) against money. In the case of the issuance of payment instruments in accordance with Article 1 para. 2 no. 5 ZaDiG 2018 on the other hand it depends on the personalisation (see above).
The common factor with all three activities is that there is not licencing requirement in the case that a “limited network” exists (for detailed information about the “limited network” concept as well as examples, see FMA Focus on Alternative Currencies):
Small and specific systems are not intend to fall under the strict supervisory laws. However, once the system enables a broad range of applications, then it should be regulated. Open networks therefore generally do not tend to be exempted from the obligation to hold a licence, since there are conceived as a general rule for a constantly growing network of service providers. Coins/tokens, that are intended to be widely accepted, therefore do not fall within the definition of a limited network.
Whether a limited network exists, is determined on the basis of the following criteria:
- the geographical range of the system
- the number of accepting entities
- the variety of types of products and services
- restrictions on validity and restrictions on contributions involved may also play a role.
Criteria for the obligation to hold a licence for payment tokens
Generally the following questions serve as criteria for the FMA for making a judgement in accordance with supervisory law, whether or not an obligation to hold a licence may exist:
- Who is the issuer of / generates the payment token?
- Is the payment token used for paying for goods or services at third parties?
- How large the network within which the payment token fulfils a payment function?
- Are pay-outs made in legal tender currency?
Payment tokens that are not only intended to be used within a limited network, may therefore depending on their design trigger an obligation to hold a licence in accordance with the BWG, ZaDiG 2018 or E-GeldG 2010.
Utility tokens primarily service to provide the holder with a benefit with regard to a specific product or a service. Frequently they permit access to a digital platform operated by the issuer, which may be used in a specific fashion by the holder of the utility token. Utility tokens occur in many different forms and often also fulfil the function of payment tokens or security tokens (hybrid design) thereby making the definition complex and its allocation under supervisory law difficult. The right may be secured with a utility token in particular to jointly design a product or a service, to use a product or a service or to redeem the token in return for a product or a service. Frequently utility tokens are sometimes associated with an intrinsic payment function towards the issuer or other users of the platform operated by the issuer.
- Example of jointly designing of a product: A social media platform intends to provide different functions. Holders of the token may help to determine which functions the network should offer.
- Example for using a product or a service: A token grants access to a database, as long as it is held for.
- Example for discharging a token for a product or a service: A web designer issues a token for website design purposes. The token may be redeemed with the web designer issuing the token to have a website designed.
If the token can only be used for designing a product or a service and is not associated with any other claims or if the token only grants access to a product or a service, without simultaneously serving a purpose for payment, then there is usually not any linkage under supervisory law. However a requirement to hold a licence may still exist on a case-by-case basis.
If on the other hand the token may be redeemed with the issuer or other users of the platform for using a product or a service, then it fulfils a payment function and is therefore comparable to a payment token. For its classification in accordance with supervisory law, then the same criteria and exceptions are relevant in this case as for payment tokens. The exception that exists for a “limited network” often applies (see the explanations about payment tokens).
Furthermore, utility tokens may also have an investment component, in particular where claims exist to the payment of capital, interest or similar, or where the investment function is the primary focus. In this case a transferable security or an investment may exist (see the explanations about security tokens). When a utility token may be considered as a transferable security from this point of view on a case-by-case basis is currently the subject of European and internal supervisory law discussions and cannot be generally answered.
Due to the wide range of different options in relation to design as well as the frequent existence of hybrid forms, it is particularly necessary in the case of utility tokens to check on a case-by-case basis, whether there is a linkage to financial or capital market law.
The aforementioned legal bases may be relevant with regard to ICOs in the case that in designing and conducting an ICO a lawyer or chartered accountant is involved, for whom the due diligence obligations in the listed legal acts are applicable with regard to the prevention of money laundering. These provisions include both the identification of the customers as well as, in the case of legal entities, the determination and identification of the legal entity’s beneficial owner(s). Furthermore, other significant issues include a risked-based checking of the provenance of funds, as well as the reporting obligations in the event of the suspicion of money laundering.
Custodian wallets or platforms for virtual currencies are often also associated with the business model of ICOs. On 19.06.2018 the Directive amending the 4th Anti-Money Laundering Directive (the “5th AMLD”) was published in the Official Journal of the European Union, which must be transposed into national law by 10.01.2020. The 5th Anti Money Laundering Directive contains definitions for the terms “virtual currencies”, “providers engaged in exchange services between virtual currencies and fiat currencies” and “custodian wallet providers”. The scope of application of “anti-money laundering / combating the financing of terrorism” (AML/CFT) rules is extended to include “wallet providers” and platforms for exchanging virtual currencies, and such providers are required as (new) obliged entities to meet the due diligence obligations for the prevention of money laundering and terrorist financing. Furthermore the mandatory registration of such service providers is stipulated.
Questions arise regarding competence in particular with regard to ICOs, which usually are offered in a large number of countries over the Internet. Generally speaking, it can be assumed that the Austrian Financial Market Authority is competent for offerings in Austria. Not every “broadcasting” of an offering should also be considered to be an offering in Austria, it is of greater relevance that the Austrian market is the target addressee, i.e. the offering is targeted towards investors in Austria (“target market concept”). For assessing whether such a “targeted addressing” exists it is necessary to focus on the overall view of several elements, e.g. whether there are adverts in Austria media, whether there are contact persons or even a distribution network in Austria, which law the contract is subject to, which language is used or whether there is generally a special relationship towards Austria. According to case law rulings appropriate technical provisions that are not offered in other countries, as well as clear disclaimers that reflect the reality are reasonable in any case for being able to reject an offering in Austria.
A token is frequently offered, which is subsequently changed, for example due to the further development of the business model. In addition to issues under civil law, this may also refer to the classification of the tokens under supervisory law and thereby necessitate a new classification. Furthermore, ICOs often occur in different phases, which are subject to different legal consequences. An offering is often made to institutional or wholesale investors (Presale or Private Sale) prior to the actual ICO. In the case of an exception as defined in Article 1 of Regulation (EU) 2017/1129 or Article 3 KMG 2019 (such are where the denomination per unit of over EUR 100,000) then such offers are exempted from the obligation to produce a prospectus. The actual ICO is in turn subject (provided that the property as a security or an investment is satisfied) generally to the obligation to produce a prospectus, since usually no exception exists from this. Following the end of the public offering in terms of prospectus law changes to the business model are insignificant, although they may have consequences under civil or penal law. Provided that the public offering is still open, then the obligation to publish a supplement (Article 23 of Regulation (EU) 2017/1129 for securities and Article 6 KMG 2019 for investments) must be observed. Furthermore it is also worth noting that a public offering and therefore in turn the obligation to publish a prospectus may be triggered as a result of an offer amending contractual conditions. In relation to the obligations to hold a licence, such obligations shall always apply for as long as the activity requiring a licence is performed. If for example a utility token without an investment function becomes a security token as a result of an amendment to the business model, this leads to the obligation to hold a licence, if services are provided that are listed in the section on “Security Tokens”.
You’d like to operate a FinTech or use new technologies? Explain your business model to us in detail and receive information about issues in relation to supervisory law! Use the FinTech Point of Contact to do so.