In this article we will analyze the regulatory framework surrounding cryptocurrency projects in Bulgaria as it currently stands, while taking a look at possible future developments.
There are 3 main issues surrounding every crypto project which are due to the inherent features of blockchain technology. These are:
1. conducting an ICO
2. the subsequent transfer of crypto assets; and
3. the built-in transparency of the information which is saved indefinitely on the chain and is available to all participants.
The first two raise concerns about the applicability of financial markets regulations and anti-money laundering (AML) rules. The third one gives rise to questions about personal data protection (PDP).
We will not dive into the issues surrounding the taxing of crypto assets, as these have already been discussed in one of our previous article.
2. Financial regulations
In the aforementioned article the question concerning financial regulations was also discussed. In the current article we will revisit some of the main points and update them with the information contained in the Strategy by the Bulgarian Financial Supervision Commission (FSC) for the monitoring of financial technologies in the non-banking sector for the period 2018 – 2020.
In short: currently ICOs are not subject to Bulgarian financial regulations so long as they do not cover the criteria for financial instruments. For example, if one wishes to conduct trade in financial instruments which have as their base asset a token, a financial intermediary will be required.
This, however, is the exception. In its Strategy the FSC clearly demonstrates the current state of the financial regulatory framework. It outlines that there is a lack of existing rules and policies for FinTech and a problem regarding the classification of crypto assets as financial instruments under the current Markets and Financial Instruments Acts.
3. AML rules.
Money laundering is the process through which funds obtained via criminal activity are taken out of the gray economy in a way that renders their illegal origins obscured or hidden.
The Measures against Money Laundering Act (MAMLA) outlines in its Art. 4 the persons which are obliged to apply AML rules. Consequently, if your organization is not listed there, you are not obliged to adopt AML rules.
European authorities gradually understood the danger of money laundering through crypto currencies, hence why the current regulatory framework is expected to be modified by the Fifth Anti-Money Laundering Directive (AMLD5), such that some actors in crypto industry are included. Here we find the substantial change for the crypto economy as the crypto exchanges (providers engaged in exchange services between virtual currencies and fiat currencies) and the custodian wallet providers are included.
What is more, the Directive gives a definition for crypto currencies. It defines them as virtual currencies whose main traits are that they have a digital representation of value, are not issued or guaranteed by a central bank or public authority, are not necessarily attached to a legally established currency and do not possess a legal status of currency or money, but are accepted by natural or legal persons as a means of exchange and can be transferred, stored and traded electronically. This definition is meant to serve for AML purposes, but given the lack of a definition in other laws; it is highly likely that it will be used for the regulation of other sectors until a definition is included in the special laws.
Both the crypto exchanges and the custodian wallet providers will be subject to a registration regime.
The deadline to transpose AMLD5 is the 10th January 2020. Currently the Buglarian legislature has not modified the MAMLA.
4. Personal data protection (PDP)
Blockchain technology and the rules concerning PDP have a peculiar relationship. Quite often the aims which they pursue are diametrically opposed. The three biggest upsides to blockchain: the transparency of the information, its distribution throughout the network and its immutability, can be its biggest weaknesses in terms of PDP rules.
Before we delve into the substance of the issue, we should clarify whether or not the information stored on the blockchain can even be classified as personal data and, consequently, can fall into the scope of PDP regulation. The main question we have to answer: Is these data anonymized or pseudonymised? In the first case the applicability of the GDPR is excluded. In the second case, however, the GDPR clearly states in its Consideration 26 that pseudonymised data is personal data.
Quite surprisingly, there has not been a clear answer to this question. There is still no case law but it is likely that regulators will at first take different approaches. Opinions vary. Some say that personal data on a blockchain is anonymized and thus the GDPR does not apply. Other, however, think that, for example, associating a physical entity to his or her private key makes that entity identifiable, hence the data is personal.
For the purposes of proposing a solution we will presume that regulators will take the second route, since in the first instance there will be no need to search for any solutions at all.
There are two possible solutions. The first one includes the application of technical processes, which will make the uploading of personal data impossible, or, alternatively, will store the data off-chain. The second one aims, as far as possible, to make the data anonymous for the other participants in the system. In the public key example, this may include additional technical measures, which make the key invisible for the other participants. This approach will have to be balanced with AMLD5’s aim to eliminate anonymous transactions with virtual currencies.
Whatever one chooses, both approaches will likely lead to additional expenditures for crypto projects.
If you too wish to make your crypto project compliant with regulatory requirements, do not hesitate to contact us – Your online legal consultant!
1Legal.Net Blog © 2019
Materials published on this blog are copyrighted. No part of them can be copied or used without the express permission of the author.