Jersey Blockchain Chapter (Mondaq)
- Legal and Enforcement Framework
- Blockchain Market
- Smart Contracts
- Data and Privacy
- Intellectual Property
- Trends and Predictions
- Tips and Traps
What general regulatory regimes and issues should blockchain developers consider when building the governance framework for the operation of blockchain/distributed ledger technology protocols?
As a matter of policy, Jersey has chosen not to regulate cryptocurrencies (the most obvious application of blockchain technology) within its existing regulatory framework.
Accordingly, the principal laws relating to digital assets are:
- the Financial Services (Jersey) Law 1998; and
- the Control of Borrowing (Jersey) Order 1958 (Jersey’s principal statute concerning the raising of capital).
How do the foregoing considerations differ for public and private blockchains?
Jersey’s regulator, the Jersey Financial Services Commission (JFSC), does not differentiate between private and public blockchains.
What general regulatory issues should users of a blockchain application consider when using a particular blockchain/distributed ledger protocol?
The most common application of blockchain technology in Jersey is to cryptocurrencies and any other digital assets.
Which administrative bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?
Jersey’s regulator is the JFSC, which has regulatory responsibility for overseeing the conduct of businesses and ensuring compliance with Jersey’s anti-money laundering legislation.
If an activity comes within the jurisdiction of the JFSC, its enforcement teams will investigate and, where appropriate, take action against businesses and individuals that do not comply with Jersey’s regulatory and legal requirements. The JFSC has statutory powers to impose a range of sanctions, including:
- restricting or preventing people from working in Jersey’s finance industry; revoking or placing condition on a business licence;
- issuing public statements;
- imposing civil financial penalties; and
- referring cases to the States of Jersey Police for consideration of criminal prosecution.
What is the regulators’ general approach to blockchain?
Jersey is certainly open to blockchain applications and to cryptocurrencies in general. The JFSC approved the world’s first regulated Bitcoin fund, GABI Plc, in 2015 and since then, a number of blockchain businesses have established themselves in Jersey. However, Jersey is fiercely protective of its reputation as a well-regulated financial services jurisdiction and the island is certainly not a ‘crypto free-for-all’. The application to establish a blockchain business in Jersey will be subject to a degree of scrutiny from the JFSC.
Are any industry or trade associations influential in the blockchain space?
The Digital Assets Working Group was established in 2017 during the height of the Individual Savings Account boom to assist the JFSC in understanding the emergence of blockchain and cryptocurrencies as an asset class. Representatives from the legal, accounting and corporate service provider sit on the committee, as well as representatives from blockchain businesses.
Which blockchain applications and protocols have become most embedded in your jurisdiction?
The principal blockchain applications which have become embedded in Jersey relate to digital assets and cryptocurrencies – specifically:
- utility tokens;
- defined platforms; and
What potential new applications/protocols are most actively being explored?
We are seeing some enquiries as to how decentralised organisations can be established in Jersey.
Which industries within your jurisdiction are making material investments within the blockchain space?
As a financial services hub, Jersey understands that many are trying to make use of blockchain technology in the financial services industry. Accordingly, all service providers (eg, lawyers, accountants, corporate service providers) are investing time and resources in being able to understand, advise on and facilitate newer blockchain applications.
Are any initiatives or governmental programmes in place to incentivise blockchain development in your jurisdiction?
Jersey has an independent organisation called Digital Jersey, which is government backed and facilitates the development of new technologies to help Jersey become a digital-friendly economy.
As part of Digital Jersey’s remit, it can facilitate discussions between blockchain developers on the one hand and the Jersey Financial Services Commission on the other. It also has some business licences which new companies can take advantage of.
How are cryptocurrencies and/or virtual currencies defined and regulated in your jurisdiction?
Virtual currencies: Jersey’s principal anti money laundering law, the Proceeds of Crime (Jersey) Law 1999 (POC(J)L), defines ‘virtual currency’ as:
- any currency which (whilst not itself being issued by, or legal tender in, any jurisdiction) –
- digitally represents value;
- is a unit of account;
- functions as a medium of exchange; and
- is capable of being digitally exchanged for money in any form.
For the avoidance of doubt, virtual currency does not include any instrument which represents or stores (whether digitally or otherwise) value that can be used only to acquire goods and services in or on the premises of, or under a commercial agreement with, the issuer of the instrument.
Any person that provides to third parties the business of a ‘virtual currency exchange’ (ie, the exchange of virtual currency for money or vice versa) must register with the Jersey Financial Services Commission (JFSC) under the POC(J)L and will be subject to Jersey’s anti-money laundering regime.
The Initial Coin Offering (ICO) Guidance Note published by the JFSC sets out various categories of tokens (of which a cryptocurrency is one such type) as follows.
Security token: This will typically have characteristics that are usually associated with an equity or debt security in the traditional capital markets sense, including one or more of the following such characteristics (whether contractual or implied):
- a right to participate in the profits/earnings of the ICO issuer or a related entity;
- a claim on the issuer or a related party’s assets;
- a general commitment from the ICO issuer to redeem tokens in the future;
- a right to participate in the operation or management of the ICO issuer or a related party; and
- the expectation of a return on the amount paid for the tokens.
A utility token (see below) will not be regarded a ‘security’ solely by reason of being traded on a secondary market (eg, via a cryptocurrency exchange).
Non-security token: A token which is deemed not to be a ‘security’ will typically be either:
- a utility token, which confers on the holder merely a usage right or the right to access a product or service. Such a token has no economic rights attached to it, there is no expectation of a return; or
- a cryptocurrency token, which is designed to behave like a currency, being a store of value and medium of exchange and referred to in some jurisdictions as a payment token.
See question 3.6 for more information on the regulatory treatment of ICOs.
Any person that provides to third parties the business of a ‘virtual currency exchange’ (ie, the exchange of virtual currency for money or vice versa) must register with the JFSC under the POC(J)L and will be subject to Jersey’s anti-money laundering regime.
The anti-money laundering requirements relating to an ICO/token issuance are stated below.
What consumer protection provisions apply to cryptocurrencies?
In relation to a token issued by a Jersey issuer, the JFSC’s ICO Guidance Note requires the Jersey issuer to have procedures and processes in place to:
- mitigate and manage the risk of retail investors investing inappropriately in the ICO; and
- ensure that retail investors understand the risks involved.
This is usually achieved by bolstering risk warnings in the white paper which purchasers must specifically acknowledge (usually by checking a box on the token portal) prior to purchase.
More generally, in the past, the JFSC has published announcements warning the general public about the risks of investing in cryptocurrencies.
How are cryptocurrencies treated from a tax perspective?
The Jersey tax authorities have not issued any formal statement in relation to the taxation of cryptocurrencies. However, Jersey has a zero rate of corporate income tax and a personal rate of income tax of 20%. There are no capital taxes in Jersey.
What regulatory requirements apply to a cryptocurrency trader/exchange?
An exchange which facilitates the exchange of fiat money for (non-security tokens) cryptocurrencies must register with the JFSC as a virtual currency exchange (see question above).
Any person or exchange that facilitates the exchange by third parties of fiat money for security tokens will need to obtain an ‘investment business’ licence from the JFSC under Jersey’s financial services legislation, the Financial Services (Jersey) Law 1998, and will be subject to the full regulatory regime.
How are initial coin offerings and securities token offerings defined and regulated in your jurisdiction?
The JFSC’s basic position regarding token launches is that it welcomes properly thought-out token launches with a good governance structure. Its two principal concerns are consumer protection and anti-money laundering/combating the financing of terrorism.
To address these issues, the JFSC imposes a set of conditions on a Jersey company that issues a utility token or security token, which are summarised below and can be found in the JFSC’s ICO Guidance Note. The conditions are imposed on the consent issued to the Jersey issuer (so-called ‘COBO consent’) under the (oddly named) Control of Borrowing (Jersey) Order 1958 – the island’s principal regulation controlling the raising of capital by Jersey entities.
The JFSC does not like tokens or Jersey companies which issue the tokens to be described as ‘regulated’. However, some language may be included in any marketing material (as set out in Appendix 1 of the ICO Guidance Note) to give potential token purchasers the comfort that a Jersey issuer has been scrutinised by the JFSC (and which might not be available in other jurisdictions.)
In addition to obtaining COBO consent from the JFSC, the other major item on the critical path is for the Jersey issuer to appoint a Jersey-regulated administrator to provide certain services. In essence, if things go wrong with the token issuance, the JFSC will go after the administrator.
The conditions imposed on a Jersey issuer by the JFSC are as follows:
- to appoint and maintain a Jersey resident director on the board of the Jersey issuer;
- to appoint a Jersey-regulated administrator to act as administrator to the Jersey issuer;
- not to change either the Jersey issuer’s administrator or the Jersey resident director without the JFSC’s prior approval;
- to prepare and file annual audited accounts with the Jersey Companies Registry irrespective of whether the Jersey issuer is a public or private company;
- to maintain and adopt systems, controls, policies and procedures for the customer take-on, profiling and transaction monitoring at enhanced levels, ensuring reporting of suspicions and money-laundering and financing of terrorism activities (this obligation effectively falls on the Jersey licensed administrator);
- to prepare and issue an information memorandum which complies with certain content requirements required of a prospectus issued by a company under the Jersey Companies Law;
- to include in any marketing material (including the information memorandum) clear consumer warnings highlighting that the token is unregulated; and
- if and to the extent that any crypto-to-fiat exchange (or vice versa) takes place in Jersey, to require the Jersey issuer to register as a virtual currency exchange pursuant to the POC(J)L (see question above), which imposes certain additional anti-money laundering obligations on the exchange.
Can a smart contract satisfy the legal requirements of a legal contract under the laws of your jurisdiction? What will be considered when making this determination?
There is no reason why a smart contract could not be enforceable as a legal contract under the laws of Jersey.
Are there any regulatory or governmental guidelines or policies within your jurisdiction which provide guidance on regulating/defining smart contracts?
There are no regulatory or governmental guidelines regarding the enforceability of smart contracts. However, the Electronic Communications (Jersey) Law 2000 helpfully provides that the offer and acceptance of a contract may be expressed by means of electronic communication. On the face of it, this would suggest that smart contacts are enforceable under Jersey law.
What parts of traditional contract might smart contracts be able to replace?
It is generally accepted that smart contracts are well suited to agreements between parties without any trusted intermediary or third-party validation, such as:
- peer-to-peer financial transactions such as trading in over-the-counter derivatives; and
- changes in public ownership records, because the time of change of ownership can be measured digitally (eg, when payment can occur directly from wallet to wallet).
What parts of traditional contracts might smart contracts be unable to replace?
Due to their self-executing nature, the outcome of a smart contract is very binary. Subjective terms relating to contractual performance (often referred to as ‘deliberate ambiguity’), such as ‘good faith’ or ‘reasonable efforts’, cannot be implemented in code and thus cannot be part of a smart contract.
In addition, the requirements under Jersey contract law relating to an ‘agreement between the parties’ – that is, that there has been a valid offer which has been validly accepted – should align with the technical nature of a smart contract.
What issues might present themselves in your jurisdiction with regard to judicial enforcement of smart contracts?
Stakeholders have identified some headline issues relating to the enforceability of smart contracts generally, which will also likely arise in Jersey. These are as follows:
- A contract performed under a smart contract cannot be reversed, modified or undone – therefore, attempting to void a smart contract as a matter of law will be difficult.
- Smart contracts cannot be modified because they are formed pursuant to computer code.
- One of the requirements under Jersey contract law is ‘cause’ – akin to the Anglo-Saxon concept of ‘consideration’. Where a smart contract automatically executes in the absence of identifiable ‘cause’, this may render it unenforceable as a matter of Jersey law.
What are some practical considerations that parties should consider when drafting a smart contract?
A smart contract is not a contract in the ordinary sense of the word, so it is perhaps confusing to talk about ‘drafting’ smart contracts as a lawyer would interpret that phrase. Instead, in a bilateral smart contract, both parties should be confident that the underlying computer code works as both parties intend.
How will the foregoing considerations differ when smart contracts are running on a private versus public blockchain?
On a private (or ‘permissioned’) blockchain, it is easier to unilaterally amend the smart contract.
What specific challenges or concerns does blockchain present from a data protection/privacy perspective?
Jersey has implemented data protection legislation to conform to European standards of the General Data Protection Regulation (GDPR) and has been assessed by the European Commission as providing adequate protection for personal data.
The GDPR and other data protection laws are constructed around the notion that centralised entities should control and process personal data, with statutory obligations relating to attributed to:
- ‘data controllers’ that determine the purposes for and means of processing the data; and
- ‘data processors’ that process the personal data on behalf of data controllers.
This approach is fundamentally at odds with blockchain’s decentralised nature and it is often difficult to reconcile current data protection laws with blockchain’s other principal characteristics – that is:
- the lack of centralised control and storage;
- the immutability of the blockchain; and
- the storage of data forever (at least in theory).
The following principal issues arise:
- It is often difficult (if not impossible) to identify within a blockchain application who the data controllers and data processors actually are for the purposes of compliance with data protection legislation.
- Stakeholders in the blockchain space may have a different attitude to anonymity and pseudonymity, which has an impact on how data protection and privacy laws can (or should) apply.
- Global participation in blockchain applications (eg, in the trading of cryptocurrencies) means that transactions are often conducted on a cross-border basis, which raises questions of:
- whether any restrictions might apply to the transfer of personal data to another jurisdiction; or
- whether that other jurisdiction has equivalent data protection or privacy legislation.
- It should also be considered whether, in a blockchain application, the use of personal data is for legitimate purposes (as required by the data protection laws of both Jersey and other jurisdictions).
- An individual's ‘right to be forgotten’ is difficult to reconcile with the blockchain's immutable nature – a data subject could find his or her personal data encased onto a blockchain forever.
What potential advantages can blockchain offer in the data protection/privacy context?
Given the pseudonymous nature of the blockchain, the advantages which it brings in terms of data protection/privacy are well publicised.
What specific challenges or concerns does blockchain present from a cybersecurity perspective?
Private keys: Blockchains rely on the use of private keys – long sequences of random numbers automatically generated by a wallet. Private keys are used to interact with the blockchain and, in contrast to user passwords, cannot be restored. If a user loses the private key, all data encrypted with it will most likely be impossible to recover. There have been several well-publicised examples of individuals losing their private key.
Hacking: Like all technology, blockchain applications are at risk of ‘hacking’ or being compromised. Hacking is carried out for a variety of reasons: financial, political or even just for fun. Blockchain hacking can take three main forms:
- 51% attacks: These are more common on smaller blockchains because it is hard for miners to gain significant control over bigger blockchains. During the decentralised transaction verification process (known as ‘mining’), if one or more hackers gain control over half of the mining process, the miners can create a second version of the blockchain (also known as a ‘fork’) where some transactions are not recorded. This allows the miners to create a different set of transactions on the fork and designate the fork as the true version of the blockchain, even though it is fraudulent. This also allows the hackers to double spend cryptocurrency. One sub-set of 51% attacks is the ‘sybil attack’, where hackers generate numerous fake network nodes and use them to obtain majority consensus.
- Exploiting ‘creation errors’: Security errors may not be eliminated when a blockchain application is created. In this instance, hackers can identify the error and seek to hack into the blockchain.
- Insufficient security/endpoint vulnerabilities: Hackers will attack the blockchain network’s endpoint, where users interact with the blockchain – typically via devices where users have not implemented sufficient security measures. Historically, ‘hot’ wallets on mobile phones have been considered especially vulnerable because of the ease with which such wallets can be created and their mass usage.
- Routing attacks: A blockchain network relies on the real-time movement of massive amounts of data. Hackers can use an account’s anonymity to intercept data as it is being transmitted to internet service providers. Participants are usually unaware of the threat because data transmission and operations proceed as usual.
Out-of-date software/vulnerability coverage: The fast pace of the blockchain space means that it is often difficult to keep blockchain software updated. One open-source blockchain platform released 182 upgrades in the space of five years! In the same vein, it is hard to keep track of security updates to enterprise blockchain software because there is a lack of coverage on relevant national databases.
What potential advantages can blockchain offer in the cybersecurity context?
Blockchain applications offer the following major advantages in the cybersecurity context:
- Secure data storage and processing: Blockchain records are immutable and any change recorded on the blockchain is transparent and non-removable. Therefore, data stored on a blockchain is protected better than traditional digital or paper-based records.
- Transfer of data in a secure manner: Blockchain facilitates fast and secure transactions of data and finances. Features such as smart contracts allow for the automatic execution of agreements between several parties.
- Traceability/transparency: All blockchain transactions are digitally signed and time stamped, so participants can trace transaction history and track accounts at a point in time.
- User confidentiality: The confidentiality of blockchain network participants is high due to the public key cryptography that authenticates users.
- No single point of failure: Permissionless blockchains are decentralised so the failure or compromise of a single node will not compromise the operation or security of the blockchain as a whole.
What type of IP protection can blockchain developers obtain?
It is fair to say that Jersey’s laws relating to, and the means of registering, IP rights are not as sophisticated as those of certain other jurisdictions. However, there is no reason why a Jersey court would not enforce a valid judgment of a court in other reputable jurisdiction relating to a person’s IP rights.
What potential advantages can blockchain offer in the IP context?
Many predict that blockchain technology will transform the way in which IP rights are recorded and traced. In a 2019 article entitled “How blockchain can impact the intellectual property life cycle”, EY Global identified the lifecycle of IP rights through the lens of blockchain as follows:
- Step 1: Creating or acquiring IP rights using tokens to represent IP rights assets.
- Step 2: Tracking the development of, and contributions to, the IP rights using a blockchain application.
- Step 3: Commercial exploitation of the IP rights (whether by licensing, sale or some other means). Transactions and movements of value are shared on the network and a layer of smart contracts alerts third parties with an interest in the IP rights and instantly calculates who on the network has a resulting financial obligation (eg, a licensee of the tokenised IP rights).
How do you think the regulatory landscape in your jurisdiction will evolve in the blockchain space over the next two years? Are any pending changes currently being considered?
Jersey is implementing the Financial Action Task Force’s Guidelines on Virtual Asset Service Providers into the domestic anti-money laundering legislation in 2023.
What regulatory changes would you like your jurisdiction to implement to further advance the blockchain industry?
It would undoubtedly be helpful if the enforceability of smart contacts were expressly recognised under Jersey law.
What is the largest impediment within your jurisdiction to the adoption of blockchain technology?
All stakeholders (advisers, service providers, government and the Jersey Financial Services Commission) are on a continued learning curve in this very fast-paced evolving landscape. It is inevitable that the law and regulation of any jurisdiction will lag behind the evolution of technology.
What are your top tips for effective use of blockchain technologies in your jurisdiction and what potential sticking points would you highlight?
Anyone looking to launch a blockchain project in Jersey, particularly in relation to cryptocurrencies, should engage with the Jersey Financial Services Commission (JFSC) at an early stage of the project so that all parties have a clear idea of whether JFSC approval for the project is required and, if so, the timeframes for such approval.
Originally published in conjunction with Mondaq.
Link to article