1 Introduction

The use of (digital) technology in financial services, dubbed as “FinTech” enhances efficient delivery of services by reducing transactions costs1 and creates an efficient fund raising mechanism by enabling startup companies to solicit funds from the consumer remotely through the use of smart contracts.2 FinTech is also considered inclusive because it enables the financial system to embrace the section of the society referred to as “the unbanked.”3 Blockchain and cryptocurrencies being among the latest financial digital technologies have been here for about a decade now. The enthusiasts of the technology have claimed that cryptocurrencies will bank the unbanked,4 i.e., those who have no access to credit card or debit card and hence are excluded from the financial system.5 The claim proved to be false because (a) credit card or debit card is a perquisite for acquiring cryptocurrencies from exchange platforms in many cases and (b), cryptocurrencies are expensive, and transactions in them are risky that the unbanked is not inclined to engage in.6

In December 2017, the Financial Times published an opinion titled ‘Bitcoin, Blockchain and the Fight Against Poverty’ highlighting Hernardo De Sotos’ initiative to use blockchain to register property rights.7 Even if blockchain actually enables property registration in a reliable manner, it is not clear how that benefits the poor. Blockchain technology is exceedingly technical and requires infrastructures such as reliable electricity,8 internet, and computers, things that the poor struggle with in the first place. There is no evidence so far that blockchain and cryptocurrencies would lift people out of poverty. Yet, these claims have their fair share in rallying the consumer behind the technology and preventing timely government regulation or enforcement of the existing legal rules.

1.1 A Prelude to the Regulatory Uncertainty Rhetoric

Outside consumer law, the EU decided to extend the Anti-Money Laundering and Countering Terrorism Financing (AML/CTF) Directive to cryptocurrency exchange platforms only in May 2018, when the Parliament and the Council approved the Fifth AML/CTF Directive,9 to be implemented at national level by 2020.10 By contrast, the US Financial Crimes Enforcement Network (FinCen) issued a guideline that extends the application of the Bank Secrecy Act to cryptocurrencies back in 2013.11 The FinCen’s decision was a timely response in attempting to regulate the technology, although the guideline did not result in definitive application of AML law to cryptocurrencies, due to some state courts’ refusal to follow the guideline.12 It took the EU Parliament about five years to take similar regulatory step, partly due to the length of EU law making process and partly due to the blind deference to the technology.

The unrealistic perception of the promises of blockchain technology has led consumers to invest massively in startup companies raising money from the public using questionable advertising practices and schemes. A report published in 2018 shows that 80% of the ICOs were fraud.13 While blockchain technology might have potential benefits in various sectors, the extent of its broader societal benefit is yet to be studied.14

Regulating the technology and the market responsibly requires divorcing propaganda from reality and adopting an approach that balances encouraging innovation with protecting the consumer from predatory sale of risky financial products. Contrary to their fundamental roles, EU regulators have been perpetuating the rhetoric of regulatory uncertainty by warning consumers to protect themselves from potential risks while they sit back in a neutral corner.15 In 2013, European Banking Authority (EBA) emphasized that consumers need to be aware that no specific legal protection exists and that they would suffer loses if a cryptocurrency exchange platform goes out of business.16 Five years later, there is no serious EU level effort to tackle the legal uncertainty.

1.2 The Central Research Questions and the Contribution

Mindful of the assertion that the existing legal rules do not protect consumers and given the lack of meaningful effort in addressing the regulatory uncertainty, this article raises the three key questions: Doesn’t the existing body of EU consumer law cover cryptocurrency exchange platforms and ICOs? What are the key challenges to the effective application of the current legal regime to blockchain based consumer financial services and what are the solutions? Lastly, to what extent could the functional approach be utilized to extend the existing legal rules to blockchain based financial services?

The functional approach to legal interpretation as a methodology in law and technology literature is often implicit in inquiries such as whether law could be future-proof or technology neutral17 or whether the old legal rules could be applied to disruptive technologies.18 The article expounds this approach based on literature and the jurisprudence of the European Court of Justice (ECJ) and applies it to the consumer protection in blockchain based financial services.19 The article also attempts to show the limit of the functional approach by giving a specific example.

The remaining part of the article has four main sections. Section 2, provides a working definition of cryptocurrencies and blockchain, overviews the nexus between blockchain based financial services and EU consumer policy and elaborates the concept of functional approach. Section 3, examines the lack of adequate consumer complaint mechanism, the use of standard contract terms by cryptocurrency exchange platforms, the challenges of access to justice for consumers dealing with exchange platforms and deposit insurance scheme as consumer protection apparatus. Section 4 examines the challenges presented by blockchain based financial assets in the securities market and the solutions that could be found in the current regulatory regime. This section also overviews the 2018 Virtual Financial Assets (VFA) Act of Malta and the Maltese regulatory approach. Finally, Section 5 summarizes the key legal challenges discussed and the proposed solutions.

2 EU Consumer Law and the BLOCKCHAIN based Financial Services

2.1 Blockchain and Cryptocurrency

Defining cryptocurrency is not an easy task due to the continuous evolution of the technology and the changing nature of its features, purposes, and functions.20 For the purpose of this article, cryptocurrency is defined as ‘a system of currency that uses cryptography to allow secure transfer and exchange of digital tokens in a distributed and decentralized manner.’21 The technology underlying cryptocurrencies – blockchain – is a distributed digital ledger (database),22 which contains the record of the history of all transactions on a chain of blocks, in the order in which the transactions occurred.’23

While cryptocurrencies are digital currencies or assets (also crypto-assets), blockchain is a distributed database where those assets are generated, stored, and transacted on. Once a transaction in cryptocurrency or blockchain based asset is initiated, it must be approved by the majority of nodes in the network through a ‘consensus mechanism’. In proof of work model adopted by bitcoin, consensus is established by the node being able to solve automatically generated mathematical puzzle.24 Solving the puzzle entitles the miner (transaction validator) to reward crypto-asset(s). In proof of stake model, generally, the node with higher stake (ownership) has the higher chance to validate transactions to and claim the reward.25

Cryptocurrencies created on permissionless blockchain lack oversight, planning and control by a central authority.26 In permissionless blockchain, transaction validators can join the network without a need for approval by a central authority,27 whereas in permission blockchain, joining the network requires approval by the entity running the network.28

Originally bitcoin was meant to be peer-to-peer decentralized electronic cash with no intermediary involved in facilitating transactions.29 Cryptocurrency exchange platforms emerged to accommodate the needs of users who are not able to transact directly on the blockchain or wish to trade on organized platforms. Exchange platforms buy and sell cryptocurrencies and, in most cases, provide custodial digital wallet services.30 Some platforms exchange cryptocurrencies only for other cryptocurrencies while others convert cryptocurrencies also to fiat currencies and vice-versa.31 ICOs are mechanisms for raising fund to create new cryptocurrencies or crypto-assets (see infra section 4).

This article uses the phrase ‘blockchain based financial services’ to refer to services related to cryptocurrency exchanges and ICOs and the term crypto-asset to refer to all cryptographic assets including cryptocurrencies and cryptographic tokens that are ill-suited to bear the name cryptocurrency as they are neither designed to be currencies, nor function as one in practice.32

2.2 Overview of EU Consumer Policy

Despite their unique technological background, blockchain based financial services do not bring issues new to EU consumer policy. On the one hand, the EU has legislative competence on cryptocurrency exchange platforms and ICOs. On the other hand, as this article shows, the existing body of consumer law is capable of handling many of the challenges posed by them.

Since the coming into force of the Treaty of Rome,33 the European consumers have been at the center of the internal market, being considered a passive beneficiary of the market integration.34 The Maastricht treaty35 introduced a separate title for consumer protection legislation by giving the EU the competence to legislate, among others, on matters affecting the economic interest of the consumer that the EU has used to harmonize consumer law over the years.36 Reflecting on Pre-Maastricht consumer law harmonization, Micklitz argued that:

The market distortion caused by the existence of different consumer protection ruIes in different Member States has been viewed as a sufficient basis for introducing harmonized Community rules in pursuit of a “level playing field” and a liberalized market.37

Consumer protection is considered vital to enhancing the internal market and consumer confidence in cross-border transactions. Many of the community level consumer protection legal instruments echo this rationale.38 Since cryptocurrency exchange platforms and ICOs engage in cross-border transactions, legal uncertainty regarding the rights of consumers has a detrimental effect on consumer confidence as well as the internal market.

The current regulatory dilemma pertaining to blockchain based financial services is not necessarily the result of lack of laws, rather it is due to lack of commitment or guidelines to enforce the existing legal rules. EU Regulatory authorities preferred for the most part to issue warnings to the consumer, with the assumption that once aware of the risks, the consumer would make a rational decision.39

In April 2018, the European Commission proposed a regulation applicable to crowdfunding,40 covering, among others, the activities of crowdfunding service providers (intermediaries), and project initiators. The commission’s draft has no provision dedicated to ICOs, though ICOs have become dominant form of crowd funding allowing companies to raise about $13.7 billion during the first half of 2018.41 The draft parliamentary report on the proposed regulation contains an amendment that added ICOs as one of the regulated transactions, containing a proposal to allow Member States to exempt ICOs raising up to 8 000 000, Euros from the prospectus regulation.42 Intriguingly, the proposed regulation states that:

This regulation is an opportunity to provide regulation for initial coin offerings. At present initial coin offerings are operating in an unregulated space and consumers are at risk from fraudulent activity taking place in this market.43

The premise that ICOs operate in unregulated spaces is justifiable only if the relevant securities laws do not apply to ICOs. As this article shows, such a premise is normatively wrong.

2.3 The Functional Approach to Regulating Disruptive Technologies

A new technology may enable conducting activities or transactions or create entities that are unanticipated by the existing regulatory rules. Moses identifies four problems that frequently emerge with the rise of a new technology.44 These are (a) the need for special laws to regulate new forms of conduct, specially tailored laws; that may even ban a particular technology or particular applications of that technology or mandate or encourage a new activity; (b) the uncertainty regarding the application of the law to new forms of conduct; (c) the over-inclusiveness and under-inclusiveness the existing legal rules when applied to new technologies and (d) the obsolescence of some or all of the existing legal rules, if based on a premise that no longer exists.45 But the immediate response to unforeseen legal challenges should not always be implementing new legal rules.

Twigg-Flesner explains that a regulatory uncertainty caused by disruptive technologies46 should not trigger the implementation of new legal rules until the disruptive technology has also disruptive effect on the law.47 He proposes minor reforms of existing legal rules through modification or clarification of wordings and key definitions as well as the extension of the scope of applicability of the existing legal rules to disruptive technologies before a far-reaching legal reform is implemented.48 In particular he refers to the ‘functional equivalence’ principle which requires ‘identifying the key features of developments governed by the existing rules and setting out how these would be transferred into the context of a new development.’49

Premature regulatory reform may deliver legal rules that are unsuitable or unworkable or detrimental to innovation.50 Nonetheless, unduly prolonged restraint could also have detrimental effect on consumer rights51 and on the smooth functioning of the market. Therefore, regulatory authorities, faced with a disruptive technology that challenges the existing legal rules should not merely point out the potential or actual regulatory uncertainty and sit idly. Neither should they swiftly implement a sweeping regulatory reform. They should rather attempt to explore solutions in the existing legal rules because the law should, at least in part, be assumed to be technology neutral.

According to Moses, technology neutrality is used in two sense.52 That is, to describe that law (a) should not unfairly discriminate between different technologies and (b) is able to continue to operate effectively as technology evolves.53 Moses emphasizes that a wording of a statute on its own is not sufficient to ensure technology neutrality or make the law future-proof, because it is impossible to predict the future enough to craft the law to address legal problems that emerge in the future.54 Nonetheless, administrative or enforcement agencies, courts and law reform bodies can play an important role in adapting legal rules to emerging technologies and achieve a certain degree of technology neutrality.55

Certainly, coping with the challenges of blockchain based financial services in the long run requires implementing regulatory reforms across sectors. Future reform may also need to (re)define certain features of the technology to keep it within the boundaries of the law.56 For example, decentralized pee-to-peer system of payment with no central clearing authority is incompatible with the existing EU payment services legislation. Any tailor-made law should require a cryptocurrency-based payment system to create centralization.57 Another factor that causes regulatory dilemma is the difficulty to fit cryptocurrencies within the known categories of regulated subject matters in the financial market. Some of the cryptocurrencies share the features of money from economic perspective.58 Some resemble securities.59 Others are mere digital assets.60 Nevertheless, the classificatory conundrum of crypto-assets is not as challenging as it appears to be, if they are judged from a functional perspective.

The functional approach to legal interpretation or enforcement requires examining the application of existing legal rules to new challenges, to address legal uncertainty in a timely fashion while resisting the temptation to implement new legal rules that are unsuitable, unworkable, or even unnecessary.61 At statutory level, the notion is most articulated by the U.S. Uniform Commercial Code Article 9,62 which requires judges to treat transactions based on their substance and the function they serve rather than their formality.63 This approach was designed to ensure that new legal devices securing performance of obligations do not remain outside of the umbrella of the law due to mere formality.64

In the jurisprudence of the ECJ, one of the interpretative tools of the Court is the so-called dynamic approach, encompassing functional, teleological, and consequential interpretations of legal rules.65 The judgment of the ECJ in Skatteverket v. David, a case involving bitcoin is the most illustrative of the functional interpretation pertinent to the topic at hand.66 The case involved the interpretation of the Directive on the common system of VAT.67 The claimant sought a preliminary decision from the Swedish Revenue Law Commission on ‘whether transactions to exchange traditional currencies for bitcoin or vice-versa, which he wished to perform through a company were subject to VAT.’68 The Revenue Law Commission opined that Hedqvist’s activities were exempt under the relevant provision of the Directive, which requires members to exempt transactions ‘including negotiation concerning currency, bank notes, and coins used as legal tender’ from VAT.69

The Swedish Tax Authority appealed the case to the Swedish Administrative Supreme Court,70 which then made a preliminary reference to ECJ.71 The ECJ upheld the decision of the Swedish Revenue Law Commission exempting the activity of exchanging bitcoin to and from fiat currencies from VAT arguing that bitcoin is not a tangible property,72 rather it is a means of payment accepted by the parties although it is not a legal tender.73

When the common VAT directive was implemented, developments on blockchain or bitcoin were not foreseen. Despite bitcoin not being legally recognized as a currency, the court evidently identified similarities between legal tender and bitcoin and treated them under the same legal provision. Thus, it is fair to conclude that the court adopted a functional approach to interpret the legal provision in question and to define bitcoin.

The key assumption of the functional approach is that although blockchain is a new technology, the tasks it enables are not always unfamiliar to the legal system.74 Although the approach may not offer a solution to all challenges presented by blockchain based financial services, it can play a significant role in clarifying regulatory uncertainties and may even render a large-scale regulatory reform unnecessary.75

Applied in the unchartered territory of blockchain, the functional approach too has also its confines. For instance, bitcoin enables a peer-to-peer payment with no accountable central authority. For such a system, currently there are no legal rules to protect the consumers in case of transaction irregularity.76 It is therefore erroneous to argue that the functional approach can extend payment services law to bitcoin based payments.

The fact that some of the blockchain based transactions enable thousands of consumers from across the globe to transfer fund to startup companies and that disclosure of information to the consumer is often made in technical and incomprehensible language might require specific rules. But whether these kinds of differences per se warrant major legal reform is debated by scholars of the law and technology discipline. With respect to electronic contracts for instance, Hillman & Rachlinski argue that even if the internet presents unique opportunities for businesses to exploit consumers, the phenomenon does not require creating new rules for online transactions in addition to those applicable to offline transactions.77 But by identifying several peculiarities of electronic contracts, Kim argues that those differences requires implementing peculiar legal rules for online contracts.78

But, when regulators are uncertain whether designing new legal rules for a disruptive technology is incumbent or not, and unsure what the underlying policy of the new rules should be, differences between the regulated subject matters and the emerging issues should only be a basis for further legal reform if they are substantial enough to render the existing legal rules ineffective. Thus, regulators should first consider whether the emerging legal transactions or entities are functionally equivalent to those that are currently regulated.

3 Cryptocurrency Exchange Platforms and Consumers

Cryptocurrency exchange platforms convert traditional currencies to and from cryptocurrencies or cryptocurrencies to cryptocurrencies and keep customer’s fund in a secured digital wallet.79 Although there are several cryptocurrency exchanges in the market today, this article focuses on Bitstamp which is licensed in the UK80 and Coinbase which is licensed in California with offices in the EU.81 The modus operandi of the two platforms illustrates how most exchange platforms that provide custodial wallet service function.

Generally, cryptocurrency exchange platforms face higher level of risks due to frequent hackings by cyber criminals that they face. Also, the higher price volatility of cryptocurrencies puts them in a unique position relative to banks (payment service providers), whereas the fact that they could maintain control over their customers’ fund placed in their custodian wallet makes them resemble banks. The question of whether consumers have rights with respect to exchange platforms similar to the rights they have vis-à-vis banks has not been examined in the existing literature. This article examines three key issues that impact the consumer with respect to exchange platforms. These are access to adequate complaint mechanism, protection in bankruptcy through deposit insurance scheme, and access to justice.

3.1 Consumer Complaint Mechanism

Timely and adequate responses to consumer complaints increase customer satisfaction and create long-term business relationships with consumers.82 Yet, creating the necessary infrastructure for handling complaints transcends building long-term relationship with clientele and enhancing profit.83 It is a legal requirement especially in the provision of financial services and at times, a pre-requisite for initiating a formal dispute settlement process (see infra section 3.1.2).

Despite the presumed self-interest that should encourage them to handle complaints effectively and the presence of legal rules compelling them to do so, cryptocurrency exchanges have an inadequate complaint mechanism, due to (a) decentralization and (b) the use of automated support system coupled with generally poor attitude towards handling customer services.

3.1.1 Decentralization: Consumer Perspective

In 2015, the European Central Bank stated that the existing payment services law does not apply to cryptocurrencies also indicating that it is too early to create tailor-made legislation.84 Four years later, there have not been any efforts to design tailor-made payment service laws for cryptocurrencies despite the fact that as of January 2018, online cryptocurrency exchanges and markets have estimated global daily volume of around $50 billion.85 Nevertheless, could a viable payment service law be designed for peer-to-peer system of payment with no central clearing authority? Antonopoulos argues that bitcoin’s complete decentralization ensures robustness, prevents criminals from breaching the system, and makes the network government intervention-proof.86 Even if this assertion is true, the question from consumers and regulators perspective is whether total decentralization is desirable.

The EU Payment Services Directive (PSD II)87 does not accommodate permissionless blockchain based payment system. Under the PSD II, to get an authorization to engage in payment service provision, a payment service institution must have prudent management, robust governance arrangement, clear organizational structure and well-defined, transparent and consistent lines of responsibility.88 Cryptocurrencies based on permissionless blockchain inherently reject a centrally managed organization because, transfer of fund can be effected directly between the sender and the receiver with no central processing authority.89 In this system, individuals with no legal obligation to clear transactions engage in transaction validation. Hence, consumers who are unable to complete a transaction due to the inaction of transaction validators has no central office to seek a remedy from.

In payment services provided by traditional currencies, the payment service provider is liable for any charges and interest resulting from the non-execution, defective, or late execution of the payment transaction.90 As for ‘on the blockchain’ transactions, no similar rule could be designed since there is no central office that is in charge of executing payments. Because the transaction validator could be anyone in the world, there is no way for a legislature or supervisory authority to design workable redress and penalty systems.91

Though cryptocurrency exchange platforms have created centralization, they are effective only in executing ‘off-chain’ transactions, meaning the transactions conducted without updating the public ledger on which the cryptocurrency is based.92 To benefit from central payment processing, users must to go through exchange platforms to conduct their transactions.93 In any event, final settlement of any cryptocurrency transaction must be registered on the relevant blockchain,94 which means that exchange platforms themselves ultimately encounter the potential delay or irregularity in settling their payment on the blockchain.

Decentralization is a challenge that the functional approach to legal interpretation cannot fix. Neither the current legal regime, nor future workable regulations can accommodate a payment service based on permissionless blockchain. Although the market is likely to react negatively to these categories of cryptocurrencies as evidenced by the recent plummeting value of bitcoin,95 if cryptocurrencies and blockchain are to be taken seriously, regulation must impose mandatory centralization for the sake of implementing functioning regulation and ensuring optimum level of consumer protection.

3.1.2 Automated Support System: Translated into Delayed Justice

In the EU, pursuing complaint mechanisms provided by trader is a pre-requisite for the initiation of a formal dispute resolution process in most fields. Under the PSD II, Member States are required to ensure that payment service providers implement effective complaint resolution mechanism.96 The Consumer is entitled to receive adequate response to a complaint within 15 days; if justified within maximum of 35 working days.97 In the General Data Protection Regulation (GDPR), the consumer is required to first seek a remedy from the data controller before filing a complaint with the data protection authority.98 Although these procedures are meant to give effective remedy to the consumer, they could also be exploited by the trader to the consumer’s detriment. A business could put ineffective complaint resolution procedure in place and prolong the time of response, which in turn prolongs the time to resort to the formal dispute resolution process.

The ineffectiveness of the complaint mechanism of Coinbase begins with an extensive use of automated bot, which gives standard responses that are not suited to the individual customer’s queries. When the queries become complex, the automated support bot apologizes for not being able to help and requests the consumer to rephrase the question or to ask more general questions.99 When the automated support system fails, the consumer can call on US landline that is costly for European consumers or send an email request to Coinbase by detailing the issue she wants resolved. Reponses to the latter generally take several weeks.100

From a legal point of view, the consumer is precluded from pursuing judicial remedy until she exhausts the complaint mechanism made available by the business. Using a series of tactics, Coinbase not only prolongs handling complaints but also the time for the consumer to initiate formal complaint with regulatory authorities.101

3.2 Imposed Dispute Settlement Clause

Ensuring access to justice for the consumer through a fair and efficient dispute resolution mechanism is one of the central aspects of EU consumer law.102 In general, the European consumer is protected in dispute settlement with the trader in two layers. First, in cross-border cases, the consumer has an option to bring the trader before the court of the trader’s or her jurisdiction, whichever is less costly for her.103 Second, although Alternative Dispute Resolution is considered a fast, cheap, and flexible dispute resolution system,104 the consumer cannot be subjected to pre-dispute arbitration agreement that excludes her option to litigate.105

EU consumer law’s hostility towards a pre-dispute arbitration clause is affirmed in the jurisprudence of the ECJ that nullifies an arbitration award even if the consumer took part in the proceedings without opposing the process106 or ignored it despite being duly notified.107 The Court’s rulings go to the extent of requiring national courts to assess whether an arbitration agreement is unfair under the Unfair Terms in Consumer Contracts Directive, ex officio during a proceeding for the annulment108 or enforcement of an arbitral award.109

Despite the criticism that EU law’s posture against the pre-dispute arbitration clause would be detrimental to net consumer gains,110 there is no controversy that the consumer cannot be compelled to accept pre-dispute arbitration clause or a dispute settlement mechanism that favors the trader. Yet, exchange platforms impose on the consumer, dispute settlement clauses on take-it-or-leave-it basis that threaten the two-layer protection EU law offers to the consumer.

According to Bitstamp standard user agreement, all consumer disputes must be resolved before the English court,111 contrary to the Regulation on Jurisdiction, Recognition, and Enforcement of Judgments in Civil and Commercial Matters which allows the consumer to bring proceedings against the trader before a court of the Member State in which either the trader or the consumer is domiciled.112

Comparably, Coinbase dispute resolution clause requires that any dispute exceeding £5,000 (or EUR 5,500) to be resolved by an arbitration under the Arbitration Rules of the London Court of International Arbitration (LCIA), with a sole arbitrator, unless decided otherwise by LCIA.113 The arbitration proceeding that is conducted in London, in English language, is final and parties have no right to appeal the award according to Coinbase’s user agreement.114

Under the Directive on Unfair Terms in Consumer Contracts, a contractual term which has not been individually negotiated is regarded as unfair if, contrary to the requirement of good faith, it causes a significant imbalance in the parties’ rights and obligations arising under the contract, to the detriment of the consumer.115 The Directive considers as an unfair contract term, a term excluding or hindering the consumer’s right to take legal action or exercise any other legal remedy, particularly by requiring the consumer to take disputes exclusively to arbitration not covered by legal provisions.116 It is settled in the jurisprudence of the ECJ that a pre-dispute arbitration clause that deprives the consumer of the choice to litigate is unfair within the meaning of the Directive.117

The non-negotiable dispute settlement clauses used by exchange platforms highlight a deeper issue that transcends dispute resolution. Following the implementation of the GDPR, Coinbase notified users of its new privacy policy, which gives Coinbase the right to process data for different purposes including for marketing and targeted advertising.118 The privacy policy also gives Coinbase the right to unilaterally modify the terms of privacy policy and notify consumers.119 Although at least the unilateral modification clause is contrary to the GDPR’s consent requirement and potentially against the Unfair Terms in Consumer Contracts Directive, failing to accept the privacy policy, a user is prevented from accessing her digital wallet and is advised to discontinue using Coinbase.120 It is immaterial that closing the consumer’s account may cost the consumer large sum of money due to the low value of cryptocurrencies at the relevant point in time relative to the Euro.

It is possible to take comfort in the likelihood that adhesion contracts would not survive court scrutiny. Yet, there is also a real possibility of a court ruling that, consumers that use cryptocurrencies, due to the presumed higher level of their financial literacy, do not need to be protected from businesses imposing standard contract clauses. Cryptocurrency exchange platforms are traders just like banks or online sellers of goods or provider of services. There is nothing in the underlying technology that justifies implementing different consumer protection standard with respect to them and other financial institutions.

3.3 Bankruptcy and Consumer Protection: Deposit Insurance

The bankruptcy of cryptocurrency exchange platforms is common,121 due to the lack of solid risk management policy and strong cyber security in the space, costing consumers dearly over the past several years.122 To provide safety net to consumers, the EU Deposit Guarantee Scheme Directive (DGSD) requires credit institutions to contribute to a fund that would be used to pay depositors if the credit institution in question is unable to meet its obligations toward its depositors.123

Although the primary goal of deposit insurance scheme is to ensure the stability of the banking system by preventing bank run,124 the scheme plays a substantial role in protecting the consumer.125 Under the DGSD, consumers are guaranteed a repayment up to 100,000 Euros, regardless of how many deposit accounts they have with the concerned credit institution.126

The deposit insurance scheme applies to a credit institution, defined as an entity that receives deposit or other repayable funds from the public and grants credit,127 with obligation to repay eligible depositors in legal tenders.128 To be required to comply with the DGSD, a cryptocurrency exchange platform should qualify as a credit institution. The determination of the precise perimeter for credit institutions is controversial even for traditional financial institutions due to lack of clear definition of funds in the Member States. The EBA has urged the commission to clarify the issue, but to no avail.129

In the sphere of cryptocurrencies, defining funds can only be much more contentious as exchange platforms use the absence of legal definition of cryptocurrencies to avoid complying with deposit insurance scheme. Coinbase states publicly that ‘Digital currency is not legal tender, is not backed by the government, and digital currency accounts and value balances on Coinbase are not subject to Federal Deposit Insurance Corporation…’130 By contrast, US residents with Coinbase USD Wallet benefit from the coverage by FDIC insurance, up to a maximum of $250,000.131 To EU consumers, this should be concerning because if Coinbase declares bankrupt, they would only have the option to resort to the collective bankruptcy proceeding to recover their funds as non-secured creditors, in lieu of claiming from the deposit insurance fund.

This is one of the legal dilemmas where the functional approach is a convenient tool. To subject exchange platforms to the DGSD, cryptocurrencies could be treated as a fund, making it irrelevant that exchange platforms do not grant credit. Certainly, cryptocurrencies that are convertible to fiat currencies excluding tokens that are mere digital assets or securities, for all intents and purposes should be treated as fund, for there is no other use attached to them than facilitating exchange of value. This approach has already been adopted by Malta which defined funds in its 2018 Virtual Financial Assets Act (VFA Act) as ‘banknotes and coins, scriptural money, electronic money and virtual financial assets.’132 On the flip side, a survey published by EBA shows that taking deposits or other repayable funds from the public and granting credit are considered cumulative criteria to define credit institutions in Member States.133 If this approach prevails, cryptocurrency exchanges would be ineligible as credit institutions, because they certainly do not grant credit.

Exchange platforms are riskier than banks due to their unpreparedness to manage security breaches and the resultant loss of funds as well as frequent insolvencies. From this stand point, it is sensible to subject exchange platforms and banks equally to deposit insurance scheme as consumers in both cases deal with comparable risks. In fact, exchange platforms are capable of complying with the scheme as evidenced by the coverage by FDIC insurance of Coinbase dollar deposits. Coinbase does not indicate if the EU consumer who keeps her fund in Euro is covered by the DGSD which is another layer of concern for the European consumer.

If deposit insurance guarantee scheme is not extended to exchange platforms, the ultimate loss is born by the consumer as illustrated by the recent bankruptcy of Bitgrail.134 Generally, loss of funds due to a security breach affecting an exchange platform is covered by the exchange platform, but Bitgrail blamed the hacking that caused the loss of $70 Million on a defect in its software developed by a third party developer, attributing the fault and liability to the software developer,135 and dragging the consumer through lengthy litigation. The situation would be the same if an exchange platform loses customers’ fund due to its irresponsible investment and risk management policy.

The anecdotal evidences highlighted so far and the risk examined strongly support the conclusion that cryptocurrencies, those that are meant to be alternative currency, should be treated as a fund and that exchange platforms be subject to the deposit insurance scheme to ensure the higher level of protection that EU consumers are promised in the Maastricht treaty.

3.4 Concluding Remarks on Cryptocurrencies Exchange Platforms and the Consumer

Cryptocurrency exchange platforms present three categories of challenges impacting the consumer that require different regulatory responses.

First they refuse to observe existing consumer protection laws. The lack of adequate consumer complaint procedure and the imposition of standard agreements on the consumers fall under this category. Exchange platforms simply want to operate in unregulated spaces and they need to be subjected to the existing law similar to traditional financial institutions.

The second category of challenges stem from a legitimate confusion as to whether the new kinds of intermediaries should be subjected to legal regimes created before the advent of blockchain. This category includes whether the definition of funds should cover cryptocurrencies and the DGSD should be extended to exchange platforms. This article argues that until the EU implements a legal reform, the DGSD can successfully be applied to exchange platforms, treating cryptocurrencies that are meant to be an alternative currency as a fund, in spite of the fact that exchange platform do not grant credit. The key factors that should be taken into consideration are that these platforms maintain control over users’ funds similarly to banks and are vulnerable to risks of insolvency that impact consumers. A mere guideline issued by the regulatory authorities suffice to achieve this objective.

The third regulatory challenge is rooted in the fetishism for decentralized system of currency or payment. Creating reliable payment system based on blockchain requires curbing decentralization, otherwise the consumer has no reasonable complaint mechanisms for irregularities in execution of payment. Simply put, it is unrealistic to think that a payment system with no central clearing authority can work and that consumers would embrace it.

4 Initial Coin Offering and EU Consumers

ICO is another blockchain based fund raising vehicle that operates under regulatory grey area, which has been exploited by startup companies over the past few years. Between 2014 and 2017, a total of $1.67 billion ICO funding was raised,136 while by the end of 2018, ICO issues are expected to raise about US$20 billion.137 The proceeding parts of the article defines ICOs and different types of digital tokens issued utilizing them, the regulatory challenge they present and the extent to which the functional approach could assist in applying securities law to certain types of tokens with the view to protect retail investors.

4.1 Defining Initial Coin Offering

In its simplest form, ICO is a scheme whereby an entity promoting a new cryptocurrency or crypto-asset raises money from the public.138 The investors provide money in traditional currencies or cryptocurrencies and get the crypto-asset issued in return. The investors make profit if the value of the new asset increases due to its wide use. In more complex ICOs, the investors can have different rights for financing the creation of the crypto asset.139 For example Astronaut ICO offers Astro, which is the token, to investors in return for funds to be invested in various cryptocurrencies and ICOs. Astronaut ICO’s main business model is trading cryptocurrencies140 and distributing dividends to token holder on quarterly basis.141

The recently emerging crypto-assets created using ICOs are different from the earlier ones like bitcoin because, they are issued as a token of participation in investments made in different technology ventures and give holders the right to profit sharing and the right to vote, with the exception of utility tokens (see infra section 4.2). They are also centralized because participation in transaction validation is subject to approval of the entity running the network.142

4.2 Different types of ICO based Crypto-Assets

Hacker and Thomale distinguish between three main types of ICO based tokens: pure currency token, utility token, and investment token, noting also that some tokens could take a hybrid form.143

An investment token is a token the holding of which is an evidence of a stake in the company and entitles the holders to the right to vote and profit sharing.144 It is distinguished from the utility token, that gives the user access to utilities such as digital goods/services provided by the relevant platform.145 For example, Basic Attention Token (BAT) provides a blockchain based platform for advertisements where consumers watch ads and earn the token, which they can then sell to advertisers who use the platform to purchase a space in the platform.146 The token has no use outside the platform and hence may not be regarded as a currency. Neither does it give the holder the right to take part in an investment scheme or profit sharing. A pure currency token, is created to be an alternative currency, (e.g. bitcoin). Some tokens could have a feature of currency and a utility token, a currency and investment token, a utility and investment token or a combination all of three.147

The qualification of a crypto-asset as one or the other determines the legal regime that applies to it. If a token qualifies as an investment token, meaning it gives the token holder the right to future cash flow, it should be treated as security, and securities law applies to it whereas if it is merely a utility token, ordinary consumer law governs the relationship between the parties involved. When a token is hybrid, the determination of the applicable law can be trickier, although in principle, the feature of the token that outweighs the most should be the decisive factor.148

4.3 Investment Tokens, Securities Law & Consumer Law

Although consumer law and securities law differ in their primary objectives, the former protects consumers while the latter aims to ensure the efficient functioning of the market,149 the role of securities regulation in supplementing consumer protection law is not negligible. The EU legal framework governing financial services is tailored to protect both professional and consumer investors.150 ICOs have been financed largely by retail investors, but with institutional investors moving to the domain lately,151 the need for consumer protection becomes self-evident.

Although both consumer law and securities law aim to lessen information asymmetry through disclosure requirements, securities law is more onerous as it determines the content and the form required for disclosure and it subjects it to the approval of a regulatory agency. In other words, securities law has higher standards of regulatory oversight, translating itself into higher level of consumer protection. Consequently, distinguishing between crypto-assets that qualify as security and those that do not is crucial for the retail investor as different standards of protection apply.

While traditional consumer law could protect the consumer investing in digital financial products, its effectiveness is limited due to the sophistication of the emerging crypto-assets and the lack of specific quality standard control or warranties that could serve as a basis of claim for non-conformity. Vanessa Mak argues ‘Unlike other products, which are often subject to product quality requirements, financial products can therefore be brought into circulation without a quality assessment.’152 Because securities law imposes more burdensome regulatory obligations than ordinary consumer law,153 bringing digital financial products under its umbrella ensures higher level of consumer protection.

With regard to ICOs, the consumer protection aspect of securities law is weakened in the EU due to the lack of clear guideline to enforce the existing legal rules. Consequently, some ICO based financial products have been offered largely in the EU excluding the U.S. and Chinese capital markets, due to a stronger regulation in the latter jurisdictions.154 With SEC classifying certain ICO based tokens as securities and subjecting them to securities law and China categorically banning ICOs,155 the EU supplied about half of funds raised in ICOs in 2017.156

4.4 Investment Tokens as Security in the U.S.

The SEC has reacted quickly in regulating ICOs with the result that the legal system offers a rich perspective on how to approach ICOs in the EU. In the U.S., crypto-assets that have the characteristics of investment token are treated as security, i.e., an investment contract, defined by SEC v. Howey Co., as (a) a contract, transaction, or scheme (b) whereby a person invests his money (c) in a common enterprise and (d) is led to expect profit solely based on from the efforts of the promoter or a third party.157 If one of these five requirements is not met by a given transaction or scheme, it fails to qualify as an investment contract.

Decentralized cryptocurrencies do not meet the requirements of (a) investment of money in a common enterprise and (b) expectation of profit solely based on the effort of promoters. They fail to meet the first criterion due to lack of commonality between cryptocurrency users, i.e., profit or loss sharing proportionate to their investment (horizontal commonality)158 or the lack of complete dependence of users on transaction validators to make profit (lack of vertical commonality).159 In short, because the interest of transaction validators whose profit derives from validating transactions on the one hand and the interest of users who generally make money from speculative trading on the other, do not necessarily converge, there is no vertical commonality in decentralized cryptocurrencies.160 Moreover, in decentralized cryptocurrencies, users are not considered to expect profit solely based on the effort of the promotor,161 i.e., to rely on the promoter’s expertise162 or entrepreneurial or managerial skill.163 Consequently, decentralized cryptocurrencies do not qualify as security.

The SEC has held on different occasions that investment tokens qualify as security, i.e., an investment contract.164 They fulfil the criteria of investment of money in common enterprise with the expectation of profit solely based on the efforts of the promoter.165 In the Decentralized Autonomous Organization (DAO) case, the SEC held that the promoters, namely Slock.it, co-founders, and DAO curators, by creating the platform for purchasing and trading DAO token, building websites, handling cyber security matters and by proposing business plans to the token holders to be voted on by the token holders, provided their managerial skill for the profitability of the enterprise,166 and classified DAO tokens as security.

On December 11 2017, the SEC issued a cease and desist order compelling Munchee Inc. to return funds raised from investors in return for tokens sold in violation of securities law.167 The SEC has also criminally charged persons involved in unregistered and fraudulent sale of crypto-assets.168 Therefore, the regulatory regime in the US is coping well with the technology with no specific reform being implemented so far. Through functional approach, the SEC is applying to crypto-assets, a judicial decision from 1946,169 under the Securities Act of 1933170 and the Securities Exchange Act of 1934,171 without the need for specific legal reform. The outcome is that U.S. consumers are adequately protected from the potential risks brought by fugazzi crypto-assets with no real use.

4.5 Investment Tokens in the EU

The European Securities and Market Authority (ESMA) has for long been a passive observer172 of the proliferation of ICOs. On the 13th of November 2017, it cautioned investors of five risks pertaining to investments on ICOs including their potential fraudulent and illicit nature, the risk that investors lose their money and the lack of adequate and comprehensible information provided to investors.173 In a supplementary statement, it announced that depending on how the ICO is structured, it may fall under the MiFiD II, the AIFMs Directive and be subjected to the Prospectus Directive.174

While ESMA does not have law making and direct enforcement powers in general,175 it has extensive role in regulating the financial market and enhancing consumer protection. Among others, it has the power to issue guidelines, recommendations, and warnings, it can even temporarily ban or restrict certain financial activities that threaten the orderly functioning or stability of the whole or part of the financial market in the EU.176

In the sphere of ICOs, despite the fact that risky digital financial products are marketed and sold in breach of the existing securities law, ESMA has done little to nothing to ensure legal certainty and consumer protection. It may ultimately issue a guideline in the future but for a regulatory agency that has its own financial innovation wing, it would be too little too late, in the light of other regulators such as the SEC timely reacting to the phenomena through series of enforcement actions.

EU securities law is complex, comprising different regulations and directives governing different aspects of the capital market.177 These legal instruments have different roles in regulating blockchain based financial products. It is beyond the scope of this article to discuss the regulatory scope of each legal instrument. In the following sub-sections, the article briefly analyses the key features of EU Prospectus Regulation and the MiFiD II to show under what conditions crypto-assets could qualify as security using the functional approach.

4.5.1 Tokens as Security in the EU’s Prospectus Law

Hacker and Thomale provided a good analysis of ICO based crypto-assets under European financial law.178 After establishing that the criteria for defining securities under the prospectus law are transferability, negotiability, and standardization, they argue that investment tokens may fulfil all three criteria, if their transferability is not technically limited and they are traded on capital market.179 They argue that since the purpose of financial law, in particular prospectus law, is to warn investors of financial risks, investment tokens present risks intended to be regulated due to comparable risks born by investing in traditionally regulated securities and crypto-assets.180 The approach adopted by Hacker and Thomale illustrates that ICO based tokens are not unfamiliar to the law applied with functional approach.

4.5.2 ICO based Crypto-Assets under the Market in Financial Instruments Directive

The EU prospectus law determines information disclosure with regard to securities that are offered to the public,181 but it does not covers every financial instrument as defined by MiFiD II.182 For example, a unit in collective investment undertaking issued by open-ended Alterative Investments Funds (AIF) is not covered by the Prospectus Regulation.183 On the one hand, securities issued by open-ended AIFs, excluded from the Prospectus Regulation are subject to the rules of MiFiD II184 that should govern the rights and duties of the investors vis-à-vis Alternative Investment Fund Managers (AIFMs). On the other hand, units in collective investment undertaking in closed-ended AIFs are subject to the Prospectus Regulation.185 Moreover, whether or not a given financial instrument qualifies as a regulated security under the Prospectus Regulation, MiFiD II and the AIFM Directive could still regulate many aspects of it. Thus, the duties imposed on AIFMs and investments firms, including the duty to act honestly, professionally and in the interest of the investor, are still applicable to investment service providers who provide their service in relation to crypto-tokens186

Again, the level of consumer protection under MiFiD similarly to under the Prospectus Regulation is higher than ordinary consumer law as MiFiD II compliance is overseen by a public authority.187 Furthermore, courts in different Member States tend to interpret the duty of care more broadly placing the responsibility more on investment firms and they even hold banks liable where the consumer has been sufficiently warned but insisted on entering into a transaction that turns out to be bad.188 Therefore, the classification of a crypto-asset as a financial instrument not necessarily falling under the Prospectus Regulation, is still crucial as higher threshold of consumer protection applies.

To sum up, ICO based crypto-assets may qualify (a) as security subject to the Prospectus Regulation or (b) as financial instrument covered by MiFiD II and the AIFMs Directive, for example a unit in collective investment undertaking issued by an Alternative Investment Fund. The entities behind the ICOs (c) must observe the prospectus regulation to determine whether it is applicable in the particular case and in any event whether it should observe the MiFiD II and the AIFMs Directive to determine their obligations towards investors/consumers in crypto-assets.

4.6 European Consumers and ICOs in the Current Regulatory Landscape

The Prospectus Regulation requires that an offer of a security to the public be accompanied by a prospectus that should be approved and registered by the relevant supervisory authority before it is published.189 The approval of the prospectus by the supervisory authority ensures that the offeror of the security provides accurate material information to the public to make an informed decision.190 Inaccurate, misleading, or false information in the prospectus potentially entails administrative, civil and criminal liabilities.191

With the current state of affairs, no EU regulatory authority seems to expect the investment token sales to comply with these standards. Certainly, no enforcement actions are being actively pursued. Retail investors do not have the benefit of the oversight and control of the securities market authority to ensure the materiality and accuracy of information provided to them. The great majority of ICOs offer their ‘product’ to the public using a whitepaper, which they label as ‘not a prospectus.’192 They also make a disclaimer that the instruments they sell are not securities. EOS ICO, promoters sold their token (EOS) clearly stating that the token gives investors no right at all, admitting openly the highest level of risk imaginable.193 Yet, the promoters were able to reportedly raise about $ 4 billion.194 The EOS whitepaper provides no address of an entity responsible for offering the product195 which clearly indicates that it lacks one of the essential elements of the prospectus.196 Yet these barely identifiable or an invisible entity raised billions of dollars form gullible consumers.

Literature tends to over-emphasize the peculiarity of crypto-assets in relation to securities law and allude to creating a safe harbor rule and specific disclosure rules for ICOs.197 Though the suggestion may have a merit, it does not require major legal reform. For instance, under the Article 13 of the Prospectus regulation, the commission is authorized to provide a guideline on ‘specific information’s to be included in the prospectus for different types of securities.198 The tool for adapting the existing securities law to new types of securities is already available.

Further, the technical background and some of the unique facets that crypto-assets possess make them capable of posing an elevated level of risk relative to securities issued by traditional issuers. This means that for instance, the prospectus regulation’s provision which states that ‘the risk factors featured in a prospectus shall be limited to risks which are specific to the issuer and/or to the securities and which are material for taking an informed investment decision, as corroborated by the content of the registration document and the securities note,’199 allows token issuers to adapt the existing rules to their product.

In the presence of such an adaptable and possibly the most comprehensive capital markets regulatory regime in the world, ESMA’s ambivalence regarding the applicability of the existing legal rules to ICOs and its failure to ensure legal certainty by issuing clear guidelines in a timely fashion is bewildering.

4.7 National Regulation: The Lesson from the Maltese Virtual Financial Assets Act

The use of blockchain in financial services is likely to evolve and continue to create anomalies for regulation. So far, national level regulatory efforts in the EU have been reactionary and ad hoc lacking consistent policy pattern.200 Malta has taken concrete steps in attempting to regulate ICOs and cryptocurrency exchange platform with the enactment of the VFA Act in 2018.201 The scope of the VFA Act demonstrates that the regulatory policy adopted is apt, albeit questions linger as to the real impact of the Act in reducing the potential risks to consumer rights.

The VFA Act requires that an initial offering of virtual financial asset be made only if the whitepaper of the relevant offer, drawn up according to specified form and content is registered with the Financial Services Authority.202 The act does not cover crypto-assets that qualify as financial instrument that should be regulated by the applicable law in lieu of the VFA Act.203 Moreover, utility tokens are excluded from its ambit.204

The exclusion of utility tokens from the scope of application of the VFA Act is justifiable. Subjecting the issuance of crypto-assets that have utility solely in the platforms that issued them for purchase of goods and services or execution of various applications to legal rules akin to securities law is not compatible with the regulation of financial markets whose objective is ensuring the integrity of the financial market and protection of investors. Though ordinary consumer law may be revisited to protect the consumer purchasing these sophisticated digital products, to subject them to a legal regime that is similar to securities law would be ill-suited.205

Similarly, the removal of crypto-assets that qualify as financial instruments from the ambit of the VFA Act is consistent with the functional approach. The Maltese Financial Services Authority has issued a detailed guideline on the qualification of tokens as financial instrument (financial instrument test).206 In a nutshell, if the crypto-asset in question meets one of the thirteen tests of financial instrument developed by the authority, the VFA Act becomes inapplicable to it.207 Thus, in Malta, there is a clear recognition that the existing securities law is capable of regulating crypto-assets that are used as an investment token, without the necessity for regulatory reform with caveat that the financial instruments test is a comprehensive guideline which is of significant aid to investors and companies alike.

The application of the Maltese VFA Act is triggered when a crypto-asset that is meant to be a medium of exchange, unit of account and store of value is created.208 But the situation in which such crypto-assets could successfully be issued and be dominant today is rare considering that the actual use of cryptocurrencies that are meant to be alternative currency is diminishing over time.209 The success of bitcoin, litcoin, ripple, and ether is attributed to massive campaigns and advertising with unrealistic promises to the general public coupled with the expectation that governments would have little or no control over the system. Today, the idea of private, decentralized, trustless, and anonymous utopian currency has proven to be unworkable to a large degree due to the crudeness of the underlying technologies and ideology behind it as well as emerging government regulations and enforcement actions. Hence, the scope of consumer protection the Maltese VFA Act offers, put mildly, is limited.

In the financial market, the biggest problem the retail investor faces today is lack of comprehensible information regarding the products they invest in and the lack of respect for the existing regulatory regimes largely with respect to investment tokens. Currency tokens are sensational but are not the dominant reasons for myriad of ICO based is sufficient fund raisings. Although the VFA Act of Malta is innovative and the first comprehensive ICO regulation, the real contribution in Malta is made by the Financial Services Authority in clarifying the applicability of the existing legal rules to investment tokens. In the long-run, the Act itself is likely to have minimal effect on the regulation ICOs due to its limited scope.

5 Conclusion

After demonstrating the lack of meaningful effort in attempting to clarify the regulatory uncertainty surrounding blockchain based financial services in the EU and in view of the claim that the existing legal regime does not protect consumers from potential risks in the space, this article raised three key questions. First, whether it is a valid assertion that the existing consumer protection law does not cover cryptocurrency exchange platforms and ICOs, as suggested by EU regulators on various occasions. Second, what are the key challenges that diminish the effective application of the existing legal rules to blockchain based consumer financial services and what are the solutions? And third, to what extent could the functional approach be used in clarifying the regulatory uncertainty?

The article showed that cryptocurrency exchange platforms and ICOs operate, in large part, in a regulatory grey area and do not observe the existing consumer law. In some instances, they willfully disregard various consumer protection standards, while in other instances the uncertainty surrounding the applicability of current legal regimes to crypto-assets creates a conducive ground for exchange platforms to operate outside of the regulated spaces. For example, due to the lack of legal definition of cryptocurrencies, a deposit guarantee scheme, that provides safety net for the consumer in case a credit institution could not meet its obligation, is considered inapplicable to cryptocurrency exchange platforms. In the securities market, due to the same classificatory problem, many legal standards applicable to the issuance and offer for sale of securities are considered, with respect to crypto-assets, either inapplicable or taken lightly both by regulators and private actors. Some of the potential risks to consumer rights emanate from the decentralized nature of cryptocurrencies.

The article proposes two complementary solutions. The first one is the functional approach to legal interpretation, an approach based on the premises that (a) disruptive technologies should not trigger a knee jerk regulatory reaction that may lead to the implementation of unmeasured, unsuitable or unworkable regulatory solution210 (b) until regulators determine the most suitable tailor-made regulatory framework, if needed, the applicability of the existing legal rules to the technology should be explored211 and (c) although blockchain is a novel disruptive innovation, the old legal rules are not necessarily obsolete with respect to the transactions, activities, or assets based on it.212 Utilizing this approach, different legal challenges cryptocurrency exchange platforms present can be addressed by merely applying the existing regulatory regimes. Examples include consumer bankruptcy related protection, consumer complaint and dispute resolution mechanisms. Similarly, there is no technical difficulty in subjecting offer for sale of digital financial assets to the prospectus regulation and MiFiD II and other legal regimes pertinent to the securities market as long as those tokens are determined to be functionally equivalent to security or financial instrument in general.

The second proposal, which is rather obvious, is regarding the sector specific regulatory reforms. The surge of blockchain based financial services cannot be fully addressed in the long run without legal reform. The reform could be minor amendments extending the application of the existing legal rules to blockchain based financial services. It could also be the adoption of tailor-made comprehensive regulation. In either case, a legal rule may need to tame blockchain technology itself to keep it within the confines of the law. In this regard, regulators must consider whether unfettered decentralization is feasible for the financial system. Consumers who conduct transactions using decentralized cryptocurrencies may find themselves unable to get remedy for irregularities in transaction execution. This may be because transactions conducted over permissionless blockchain are cleared by persons in the network with no legal obligation to validate such transactions and with no accountability of any sort.

Permissionless blokchain based transaction may work in sectors that have little impact on the financial market and the consumers. But in a sector where regulation has multiple public interest based objectives including consumer protection, the notion of decentralization should be rethought.

Finally, the article urges EU regulatory authorities to refrain from engaging in rhetoric and to take concrete steps including the issuance of clear guidelines for the enforcement of the existing legal rules with respect to blockchain based financial market instead. To that effect, the functional approach provides a convenient tool. National level regulatory measures such as the one in Malta provide a good insight into why the existing legal rules are adaptable to blockchain based financial services. Nevertheless, the potential of individual member state regulation in fragmenting the EU financial market and of creating different consumer protection standards across Member States should not be underestimated.