The Fintech Association of Hong Kong launched an updated Best Practices for Token Sales on 31 October 2018 (the “Best Practices”), to connect directly with the Code of Conduct produced by the Global Digital Finance industrial body.  The Best Practices is not law, and is not legal or commercial advice.  It is community-sourced suggested general practices for the crypto space, which is evolving at such a pace and in such varieties that often precludes prescriptive regulations from remaining comprehensive and relevant.

The Best Practices set out eight overarching principles, namely (1) legally compliant; (2) strong business model; (3) secure; (4) transparent; (5) project-focused; (6) fair; (7) long term-oriented; and (8) strong governance.  This article will focus on some legal aspects highlighted in the Best Practices.

Jurisdiction

A token sale can easily trigger the laws of multiple jurisdictions because of its virtual nature, as opposed to the exclusive listing on one particular exchange of a single jurisdiction in the cases of traditional securities.  In addition to the domicile of the issuer and exchange and business locations, the issuer should consider in which jurisdictions the token is to be marketed and sold. 

Marketing can occur in person, online, over the phone, or even passively.  Marketing activities may be subject to regulations of any jurisdiction in which such activities occur, regardless of whether any purchases were ultimately made from that jurisdiction.

“Sales in many jurisdictions mean laws in many jurisdictions.”  Token sale laws and regulations will be triggered in each jurisdiction from which the issuer will accept purchasers for the sale.  The issuer must comply with the know-your-customer (“KYC”) and anti-money laundering and counter-terrorist financing (“AML/CTF”) of the relevant jurisdictions.

If an issuer chooses not to sell in a particular jurisdiction, it should consider adopting geo-blocking on your website, appropriate KYC checks, contractual restrictions, self-declarations and/or other steps.  Alternatively, the issuer may consider “whitelisting” each target jurisdiction.

Legal Compliance in Hong Kong

Because every token sale is unique, the regulations applicable to each may be different.  For example, the regulations applicable to a security token will be vastly different from those which apply to a token that represents loyalty points.  Each token sale should be considered on a case-by-case basis with the assistance of counsel.

In considering whether the token is regulated, some questions an issuer should ask include:

• What does the token represent?  If it represents ownership in a company, then the token sale may be considered a share offering.
• Who are the purchasers?  More stringent regulations apply if the purchasers are members of public, rather than professional investors.
• How is the token marketed?  Different restrictions apply to marketing of different regulated produces, e.g. shares, collective investment scheme, structured product, etc.

Even for unregulated token sales, the laws of Hong Kong still protects purchasers in cases of fraud, unconscionable dealing, Ponzi schemes, theft, and other improper conducts.  An issuer should ensure compliance beyond just financial services regulation, and obtain a legal opinion for back up when in doubt.

AML / KYC

Tokens are vulnerable to misuse due to their anonymous / pseudonymous nature.  To avoid the significant penalties for financial crimes (including criminal liability, fine, and imprisonment), a token issuer should educate itself of the applicable financial crime laws, and implement appropriate KYC procedures to mitigate risks of money laundering and terrorist financing. 

Further, KYC controls strengthens the reputation of the token sale, and allows the issuer to screen out purchasers who are not eligible to particulate in the sale or for other legal and regulatory reasons.

In Hong Kong, the issuer is prohibited from dealing with property (including tokens) where the issue either knows or has reasonable grounds to believe that the property in whole or in part, directly or indirectly, represents proceeds of drug trafficking, an indictable criminal offence, or terrorism; and the issuer’s services might assist the proliferation of a weapon of mass destruction. 

Any relevant knowledge or suspicion must also be reported to the Joint Financial Intelligence Unit before dealing with that person and “tipping off” must be avoided.

As a reference, Schedule 1 of the Best Practice includes a sample KYC procedure, which should be adapted to fit the specific project and token sale.

Next Steps

The Best Practices can be accessed here.  Prospective token sellers are reminded to read the Best Practices in conjunction with the Securities and Futures Commission’s “Statement on Initial Coin Offerings” dated 5 September 2017 and the “Notice on Potential Regulations Applicable to, and Risks of, Crowd-funding Activities” dated 7 May 2014.

Please be reminded that professional advice must be obtained before a token sale. 

For any enquiries related to this article, please contact Chris Lambert or Charles Mok.