Lecture 10 Regulating DLT-based Finance PDF

Summary

This lecture discusses distributed ledger technology (DLT) and blockchain, focusing on its application in finance, including smart contracts, asset tokenization, and decentralized finance. It also explores the emerging regulatory framework for these technologies. The author, Diego Valiante, is from Bologna University.

Full Transcript

Lecture 10

Regulating DLT-based
finance

Diego Valiante, Ph.D.
Adj. Prof. Bologna University & Team Leader
European Commission
Disclaimer: The views expressed are personal and not necessarily those of the European
Commission.
 Agenda

What’s the Distributed Ledger Technology?
– The Bitcoin blockchain
– Some technical features and blockchain typologies
DLT-based finance
– Smart contracts
– Asset tokenisation
– Decentralised finance
The emerging regulatory framework
– A legal taxonomy and categorisation in EU law
– EU vs US approaches to crypto asset regulation

© Valiante Diego – 2
 What is Distributed-Ledger Technology
(DLT) or the blockchain?

© Valiante Diego – 3
 Centralised vs Distributed (trustless) system

© Valiante Diego – 4
Source: IMF.
 What is the blockchain? In a nutshell…

“A blockchain is essentially a distributed database of records, or
public ledger of all transactions or digital events that have been
executed and shared among participating parties. Each transaction
in the public ledger is verified by consensus of a majority of the
participants in the system. Once entered, information can never be
erased. The blockchain contains a certain and verifiable record of
every single transaction ever made.”
(M. Crosby et al., “Blockchain Technology: Beyond Bitcoin”, Applied
Innovation Review, n. 2, June 2016)

With Blockchain, we can imagine a world in which contracts are
embedded in digital code and stored in transparent, shared
databases, where they are protected from deletion, tempering and
revision. In this world, every agreement, every process, every task and
every payment would have a digital record and signature that could
be identified, validated, stored and shared. Intermediaries, like
lawyers, brokers and bankers, might no longer be necessary.”
(Harvard Business Review, ”The Truth about Blockchain”, January-
February 2017)

© Valiante Diego – 5
 The Bitcoin blockchain

© Valiante Diego – 6
 Key components of the Bitcoin blockchain

Satoshi Nakamoto’s blockchain (October 2008 White Paper) brings together
a number of technological developments in computer science that were
already well known in a unique combination of them.
1. Cryptography (communication in the presence of adversaries)
a. Hash function (digital fingerprint of any data; SHA256 & RIPEMD160)
b. Public/private key (asymmetric cryptography) plus digital signature
c. Timestamped append-only logs (blocks)
d. Block headers and merkle trees
e. BTC addresses
2. Consensus mechanism (who gets to amend the database)
a. Consensus through Proof of Work
b. Transaction validation
c. Network of nodes (around 10k nodes)
d. Native currency
3. Ledger (any record of economic activity or financial relationship)
a. Transaction inputs and outputs
b. Unspent transaction output (UTXO)

© Valiante Diego – 7
 Key components of the Bitcoin blockchain

Satoshi Nakamoto’s blockchain brings together a number of
technological developments in computer science that were
already well known in a unique combination of them.
1. Cryptography (communication in the presence of adversaries)
a. Hash function (digital ‘fingerprint’ of any data; e.g. SHA256)
b. Public/private key (asymmetric cryptography) plus digital signature
c. Timestamped append-only logs (blocks)
d. Block headers and merkle trees
e. BTC addresses
2. Consensus mechanism (who gets to amend the database)
a. Consensus through Proof of Work (PoW)
b. Transaction validation
c. Network of nodes (around 10k nodes)
d. Native currency
3. Ledger (any record of economic activity or financial relationship)
a. Transaction inputs and outputs
b. Unspent transaction output (UTXO)

© Valiante Diego – 8
 1. Preimage resistant: hard to determine x from
Hash(x) (1/104 probability)
2. Avalanche effect: change x a bit and Has(x) will
change significantly
3. Collision resistant: very low prob x and y were
Hash(x)=Hash(y)
4. Puzzle friendliness: knowing Hash(x) and part of x
does not allow you to find rest of x
5. Deterministic: given the same input, the output
will always remain the same.

Hashing is not encryption (it cannot be decrypted
or at least it requires an insanely high
computational power)
HSA256 creates alphanumerical hashes of 64
hexadecimal characters (numbers/letters with
fixed length)
It means you need to make 2256 attempts (more
than the numbers of atoms in the universe) to
retrieve the original message.
Even images can be hashed.

Check this HSA256 hash calculator out
https://www.lambdatest.com/free-online-
tools/sha256-hash-calculator
For the maths behind it
https://medium.com/swlh/the-mathematics-of-
bitcoin-74ebf6cefbb0

© Valiante Diego – 9
Source: From Turcanik and Javurek, Hash function generation by neural network, 2016.
 Key components of the Bitcoin blockchain

Satoshi Nakamoto’s blockchain brings together a number of
technological developments in computer science that were
already well known in a unique combination of them.
1. Cryptography (communication in the presence of adversaries)
a. Hash function (digital fingerprint of any data; e.g. SHA256)
b. Public/private key (asymmetric encryption) plus digital signature
c. Timestamped append-only logs (blocks)
d. Block headers and merkle trees
e. BTC addresses
2. Consensus mechanism (who gets to amend the database)
a. Consensus through Proof of Work (PoW)
b. Transaction validation
c. Network of nodes (around 10k nodes)
d. Native currency
3. Ledger (any record of economic activity or financial relationship)
a. Transaction inputs and outputs
b. Unspent transaction output (UTXO)

© Valiante Diego – 10
 Cryptography

The hashed information is then encrypted before being
propagated.
Cryptography ensures:
1. Confidentiality. Encryption encodes the message's content.
2. Authentication. Decryption verifies the origin of a message.
3. Integrity. Decryption proves the contents of a message have not
been changed since it was sent.
4. Nonrepudiation. Decryption prevents senders from denying they
sent the encrypted message.
Symmetric encryption requires a single key (also called cypher)
to decrypt the message.
Asymmetric encryption requires two different (but logically
linked) keys (cyphers), one to encrypt and another one to
decrypt (respectively private and public).
– They are created together with the wallet holding the crypto asset
Cryptography solved the ‘double spending’ problem (e.g. re-
use)!

© Valiante Diego – 11
 Public-private key encryption, digital signature and
network validation
Everybody trading on a blockchain needs a wallet. This wallet will
have an address (like the IBAN for bank accounts) and will create a
unique pair of private and public keys.
The (1) private key (a 256-bit hash generated with the wallet and it is
only known to the owner) cannot be derived from the public key
(which can thus be publicly distributed), but the (2) public key is
derived from the private key through elliptic curve multiplication
(ECM).
The (3) wallet address is 160 bits hash derived from the public key, it
usually consists of around 25 to 40 alphanumeric characters.
Asymmetric encryption to validate transaction
a. Each transaction is protected through a digital signature created by
encrypting the hash of the transaction via the private key (SHA256
hashing of the hash) of the one sending the asset.
b. The hash of the transaction hash is then decrypted it via the public key
(received from the sender) for validation by the network (after
propagation via the Gossip protocol) that the transaction hash is coming
from that specific wallet.

© Valiante Diego – 12
 Public-private key encryption, digital signature and
network validation (single transaction)

Hash of the hash done with the private key Public key decrypts the signature, so
created together with the wallet address revealing the transaction hash without
revealing the private key

© Valiante Diego – 13
 Key components of the Bitcoin blockchain

Satoshi Nakamoto’s blockchain brings together a number of
technological developments in computer science that were
already well known in a unique combination of them.
1. Cryptography (communication in the presence of adversaries)
a. Hash function (digital fingerprint of any data; e.g. SHA256)
b. Public/private key (asymmetric cryptography) plus digital signature
c. Timestamped append-only logs (blocks)
d. Block headers and merkle trees
e. BTC addresses
2. Consensus mechanism (who gets to amend the database)
a. Consensus through Proof of Work (PoW)
b. Transaction validation
c. Network of nodes (around 10k nodes)
d. Native currency
3. Ledger (any record of economic activity or financial relationship)
a. Transaction inputs and outputs
b. Unspent transaction output (UTXO)

© Valiante Diego – 14
 The chain of blocks (timestamped append-only logs)

Source: NIST.
Append-only is a property of computer data storage such that new data can be appended to
the storage, but where existing data is immutable (Wikipedia).
These blocks are linked to each-other (like a chain) in a proper linear, chronological order with
every block containing the hash of the previous block from its creation (03-01-2009). Since then,
812,806 blocks have been mined (October 2023).
By convention, the longest chain (since the so-called Genesis block) is considered to be the
current status of the blockchain.
The information in the block header contains a hash of: (1) the previous header, timestamp,
mining difficulty value, proof of work nonce and root hash for the Merkle tree (Ralph Merkle 1979)
containing the transactions for that block (see next slides).
You can see all the bitcoin blockchain here and live demonstration on how it works here. An
example of bitcoin block is here.

© Valiante Diego – 15
 (for info)
Merkle Tree

© Valiante Diego – 16
 Key components of the Bitcoin blockchain

Satoshi Nakamoto’s blockchain brings together a number of
technological developments in computer science that were
already well known in a unique combination of them.
1. Cryptography (communication in the presence of adversaries)
a. Hash function (digital fingerprint of any data; e.g. SHA256)
b. Public/private key (asymmetric cryptography) plus digital signature
c. Timestamped append-only logs (blocks)
d. Block headers and merkle trees
e. BTC addresses
2. Consensus mechanism (who gets to amend the database)
a. Consensus through Proof of Work (PoW) or Proof of Stake (PoS)
b. Transaction validation
c. Network of nodes (around 10k nodes)
d. Native currency
3. Ledger (any record of economic activity or financial relationship)
a. Transaction inputs and outputs
b. Unspent transaction output (UTXO)

© Valiante Diego – 17
 The Byzantine Generals problem

Source: https://bit.ly/3fndOCD
At least half of them needs to attack simultaneously to win
They don’t trust each other and communication can only happen
via messengers on a horseback with no way to verify authenticity
of the message (i.e. time to attack)
How can consensus be reached for block validation?
– Before Bitcoin, only solution if 2/3 of generals are loyal.

© Valiante Diego – 18
 The Proof of Work ‘solution’
1. The Generals agree the first plan received by all Generals will be
accepted as the plan.
2. A General solves the PoW problem and creates a block:
– By modifying a nonce (a 32-bit arbitrary random number, which goes
from 0 to roughly 4.3 billion), combined with the other information in
the block (including previous block’s hash), after trials and errors, the
successfully mined block will have a unique hash (of the information
above) with (currently) 19 zeros out of 64 characters
The 19 zeros represent the level of difficulty, which increases over
time.
More zeros more difficult to mine, i.e. to compute a hash function
of the new block with 19 zeros).
3. The newly generated block will be broadcasted to the network
and can be easily verified by the other Generals/miners (in the
same way a public key is used to verify a message hashed with
the corresponding private key; in this case verifying the content of
the header hash of the previous block with the info in the block).
4. The commitment required (e.g. investments) in creating that block
signals that the ‘General’ can be trusted.
© Valiante Diego – 19
 The Proof of Work ‘solution’
5. Each time a General solves a PoW problem, a block is generated
and the chain begins to grow. In time, any General working on a
different solution will switch over to the longest chain. This is the
one most Generals are contributing to and therefore has the
greatest chance of success
6. As the Generals know roughly how long a PoW solution takes to
solve, after a set amount of time they will know if enough of the
other Generals are also working on the same chain
7. Through this process, the Generals can arrive at a consensus of
when to attack, can estimate their chances of successfully doing
so, and can prevent multiple different ‘signals to attack’ being
sent simultaneously. (Proof of Work and how it solves the
Byzantine Generals Problem | The Radix Blog | Radix DLT)

Adam Back’s Hashcash in 1997 → a cryptographic hash-based
proof-of-work algorithm that requires a selectable amount of work
to compute, but the proof can be verified efficiently (Wikipedia).

© Valiante Diego – 20
 Proof of work – Incentive structure

The first miner to solve the computational issue will get a reward
of roughly 3.125 BTC (halved every 4 years due to limited
supply), plus fees of transactions in that block (typically less than
1 BTC).
– Recent halving (April 19th) has led to a major restructuring of
computing infrastructure or relocation in countries with low energy
costs
The probability that a miner mines a new block depends on the
ratio between the computational power he devotes to this task
(ever increasing) and the total instantaneous computational
power by all miners connected to the network.
In order to keep each block generation within 10 minutes on
average (to achieve 21 million BTC in 2140), difficulty is adjusted
over time to reflect the total computing power in the system in
order to generate that block in 10 minutes.
It is usually amended every 2016 blocks (more or less 2 weeks).
Currently, it is equivalent to 436 ExaHashes (quintilions hashes)
per second.
© Valiante Diego – 21
 This is how the chain is built…

© Valiante Diego – 22
 Outcome hash

© Valiante Diego – 23
 Other consensus mechanisms

© Valiante Diego – 24
 Proof of work (PoW) vs proof of stake (PoS)
As PoW is expensive and wastes too much energy, an alternative
consensus mechanism for processing transactions and creating
new blocks has emerged → the Proof of Stake (PoS).
– Proof-of-stake reduces the amount of computational work needed to
verify blocks and transactions, by simply using the machines of those
who pledge an amount of native tokens (coin owners), so there doesn't
need to be as much computational effort as in PoW to solve complex
mathematical problems.
The owners offer their coins as collateral—staking—for the chance
to validate blocks and then become validators. The ‘stake’ being
deposited acts as a mechanism to signal trust.
– For instance, Ethereum requires 32 ETH to be staked before a user can
become a validator. Validators are then rewarded based on assigned
duties.
Once the coin is staked, validators are selected randomly to
confirm transactions and validate block information. This system
randomizes who gets to collect fees rather than using a competitive
rewards-based mechanism like proof-of-work.
Blocks are validated by more than one validator, and when a
specific number of the validators verify that the block is accurate, it
is finalized and closed.

© Valiante Diego – 25
 The emerging Proof of Authority (PoA) consensus

Proof of Authority (PoA) is designed to optimize the PoS mechanism
and be used, ideally, in permissioned networks.
Instead of choosing block miners on the basis of their stakes
in cryptocurrency tokens, PoA selects a small group of authorities as
transaction validators by their identity or reputation in the network.
A PoA-based system also rewards authorities for certifying and
ordering transactions to incentivize honest behaviour in providing
service and moderating the network.
PoA does not require intensive computation to complete hard tasks
and only relies on a small number of validators to reach consensus.
These features help improve transaction processing and energy
efficiency compared with PoW and PoS-based systems.
However, PoA also forgoes decentralization by concentrating
mining power among a group of trusted authorities. As a result, this
model can introduce censorship into the public network where one
or more authorities may blacklist or deny all transactions from a
particular user.

© Valiante Diego – 26
 Key components of the Bitcoin blockchain

Satoshi Nakamoto’s blockchain brings together a number of
technological developments in computer science that were
already well known in a unique combination of them.
1. Cryptography (communication in the presence of adversaries)
a. Hash function (digital fingerprint of any data; e.g. SHA256)
b. Public/private key (asymmetric cryptography) plus digital signature
c. Timestamped append-only logs (blocks)
d. Block headers and merkle trees
e. BTC addresses
2. Consensus mechanism (who gets to amend the database)
a. Consensus through Proof of Work (PoW)
b. Transaction validation and confirmation
c. Network of nodes (around 10k nodes)
d. Native currency
3. Ledger (any record of economic activity or financial relationship)
a. Transaction inputs and outputs
b. Unspent transaction output (UTXO)

© Valiante Diego – 27
 Transaction validation, in a nutshell…

1. Transaction validation (see previous slide on public/private keys)
– A node starts a transaction by first creating and then digitally signing it with its
private key (created via cryptography). A transaction often represent transfer of
value between users on the blockchain network (including relevant rules, source
and destination addresses, and other validation information).
– A transaction is propagated (flooded) by using a flooding protocol, called Gossip
protocol (for inter-node communication), to peers that validate the transaction
based on preset criteria (ownership of the digital asset and for the sufficient
amount, via the public key, as shown in previous slides). Usually, more than one
node is required to verify the transaction. In May 2021, there were 9,815 Bitcoin
nodes around the world.
2. Transaction confirmation with block validation
– Once the transaction is validated, it is included in a block, which (once is mined by
the one who gets there first) is then propagated onto the network. At this point, the
transaction is considered confirmed.
– The newly-created block now becomes part of the ledger, and the next block links
itself cryptographically back to this block. This link is a hash pointer. At this stage,
the transaction gets its second confirmation and the block gets its first confirmation.
3. Final confirmation
– Transactions are then reconfirmed every time a new block is created. Usually, six
confirmations in a network are required to consider the transaction final (1 hour).

© Valiante Diego – 28
 Key components of the Bitcoin blockchain

Satoshi Nakamoto’s blockchain brings together a number of
technological developments in computer science that were
already well known in a unique combination of them.
1. Cryptography (communication in the presence of adversaries)
a. Hash function (digital fingerprint of any data; e.g. SHA256)
b. Public/private key (asymmetric cryptography) plus digital signature
c. Timestamped append-only logs (blocks)
d. Block headers and merkle trees
e. BTC addresses
2. Consensus mechanism (who gets to amend the database)
a. Consensus through Proof of Work (PoW)
b. Transaction validation
c. Network of nodes (around 10k nodes)
d. Native currency
3. Ledger (any record of economic activity or financial relationship)
a. Transaction inputs and outputs
b. Unspent transaction output (UTXO)

© Valiante Diego – 29
 (for info)
Different types of nodes

A full node is a complete copy of the bitcoin blockchain and can verify all
transactions since the beginning. This requires about 337.98GB of drive
space (May 2021). It can be, but it does not need to be a miner.
Pruned node prune transactions after validation and aging to run a full
node-like on any device (with reduced storage requirement of few GBs).
– Simplified Payment Verification nodes only store the Blockchain headers
Mining nodes are only responsible for creating blocks to add to the
blockchain, they are not responsible for the maintenance or validity of
future blocks (unlike full nodes). But they need to run a full node to identify
the criteria (consensus) for valid transactions and to connect the correct
block to the network.
Mining pools exist to pool hashrate from multiple sources/users and
redistribute revenues.
Wallets allow to store, view, send and receive transactions and create key
pairs.
Mempool is a pool of unconfirmed (yet validated) transactions

© Valiante Diego – 30
 Nodes interaction and ‘forks’

Blockchains might be subject to so called ‘forks’ when there is
no longer unanimous consensus among the network nodes on
the rules of the blockchain.
Only some may continue to mine with the new rules, which will
de facto create a second blockchain.
There are three types of forks:
1. Soft Fork: when the blockchain protocol is altered in a backwards-
compatible way
2. Hard Fork: when the blockchain protocol is altered in a non
backwards-compatible way
3. Temporary Fork: when two miners mine a new block at the same
time

© Valiante Diego – 31
© Valiante Diego – 32
 Key components of the Bitcoin blockchain

Satoshi Nakamoto’s blockchain brings together a number of
technological developments in computer science that were
already well known in a unique combination of them.
1. Cryptography (communication in the presence of adversaries)
a. Hash function (digital fingerprint of any data; e.g. SHA256)
b. Public/private key (asymmetric cryptography) plus digital signature
c. Timestamped append-only logs (blocks)
d. Block headers and merkle trees
e. BTC addresses
2. Consensus mechanism (who gets to amend the database)
a. Consensus through Proof of Work (PoW)
b. Transaction validation
c. Network of nodes (around 10k nodes)
d. Native currency
3. Ledger (any record of economic activity or financial relationship)
a. Transaction inputs and outputs
b. Unspent transaction output (UTXO)

© Valiante Diego – 33
 Unspent Transaction Output (UTXO)

You need to find previous unspent transaction outputs to be input for the new transaction
There are roughly 77 million unspent transactions. It does not mean 77mn BTC, since these
unspent transactions, are usually a fraction of a single BTC) → 18.7mn BTC out of 21mn BTC
(cap!)
Validation condition → Inputs ≥ Outputs
Ethereum uses, instead, a more traditional ‘balance-based’ approach

© Valiante Diego – 34
Infographic designed by fractalphia.com

© Valiante Diego – 35
 TO SUM UP: Key components of a blockchain

Satoshi Nakamoto’s blockchain brings together a number of
technological developments in computer science that were
already well known in a unique combination of them.
1. Cryptography (communication in the presence of adversaries)
a. Hash function (digital fingerprint of any data; SHA256 & RIPEMD160)
b. Public/private key (asymmetric cryptography) plus digital signature
c. Timestamped append-only logs (blocks)
d. Block headers and merkle trees
e. BTC addresses
2. Consensus mechanism (who gets to amend the database)
a. Consensus through Proof of Work (PoW) or other proofs (PoS or PoA)
b. Transaction validation
c. Network of nodes (around 10k nodes)
d. Native currency
3. Ledger (any record of economic activity or financial relationship)
a. Transaction inputs and outputs
b. Unspent transaction output (UTXO)

© Valiante Diego – 36
 Cryptocurrencies by market cap

Source: Coin.dance

© Valiante Diego – 37
 Cryptocurrencies by market cap

Source: Coin.dance

© Valiante Diego – 38
 Money flow into Bitcoin
To compare with the traditional financial system, Euronext’s daily
turnover (excl. auctions) is roughly EUR 6bn (in 2022) vs $627mn
from yesterday for Bitcoin exchanges.

www.blockchain.com

© Valiante Diego – 39
 Some references

Blockchain 101: Visual Demo for Alternative Finance.
Videos and demo blockchain M. Crosby et al., “Blockchain
available here Technology: Beyond Bitcoin”,
https://andersbrownworth.com/bl Applied Innovation Review, n. 2,
ockchain/ June 2016.
Bitcoin Blockchain Explorer Harvard Business Review, ”The
https://www.blockchain.com/ex Truth about Blockchain”,
plorer January-February 2017.
Satoshi Nakamoto, Bitcoin: A https://www.radixdlt.com/post/
Peer-to-Peer Electronic Cash what-is-proof-of-work
System, available at https://medium.com/@blairlmar
https://bitcoin.org/bitcoin.pdf shall/how-do-miners-validate-
Zheng et al. (2018), Blockchain transactions-c01b05f36231
challenges and opportunities: A E. Schuster, Cloud Crypto Land,
survey, International Journal of Modern Law Review, 2020.
Web and Grid Services,
October.
M. Rauchs et al. (2018),
Distributed Ledger Technology
Systems: A Conceptual
Framework, Cambridge Centre
© Valiante Diego – 40
 Benefits and risks of a ‘permissionless’
blockchain

© Valiante Diego – 41
 Key characteristics

1. Decentralisation & (consensus-based) governance
– Validation of transactions and block mining is trustless
– Governance has different degrees of flexibility (Bitcoin vs Ethereum)
2. Transparency
– Embedded traceability of transactions and ownership vs reliance on
third parties
3. Security
– Role of cryptography to limit tampering
4. Immutability of records
– Without relying on third parties (trustless)
5. Privacy
– Anonymity
6. Scarcity (store of value)
– Fixed supply at 21 mn BTC to be deployed by 2140
7. Transfer, lend and exchange value
– Cryptography solved the double spending problem!

© Valiante Diego – 42
 Potential benefits

Minimise information leakage
Reduce transaction time
Remove transaction costs of intermediaries
Reduce risk of fraud by introducing fraudulent transactions and
cybercrime
– To introduce a fraudulent transaction, an attacker would need not
only to generate a block by solving a mathematical puzzle, but it
also has to race mathematically against the good nodes to
generate all subsequent blocks in order for it to make the other
nodes in the network accept its transaction and block as the valid
one. This job becomes even more difficult since blocks in the
blockchain are linked cryptographically together.
– Intrinsic asset segregation (private key)
Observe transactions in real time
‘Tokenisation’ of assets provides flexibility and seamless access
to funding.

© Valiante Diego – 43
 Key technical/legal/economic challenges of BTC’s
blockchain
Scalability

Security Decentralisation

The Scalability Trilemma claims that blockchain systems can
only, at most, have two of the following three properties:
1. Decentralization (defined as the system being able to run in a
scenario where each participant only has access to O(c)
resources, i.e. a regular laptop or small VPS)
2. Scalability (defined as being able to process many transactions)
3. Security (defined as being secure against attackers with up to O(n)
resources)
© Valiante Diego – 44
 Key technical/legal/economic challenges of BTC’s
blockchain
1. Scalability. Each block (around 1.2 MB) can fit around 2,700-2800
transactions on average in peak periods. Considering that a block is mined
every 10-11 minutes, this implies that the blockchain can support around
4.5 transactions per second. Visa does around 1,736 transactions per
second on average (based on a calculation derived from the official
claim of over 150 million transactions per day). The key challenge of
scalability is finding a way to achieve all three at the base layer of a
blockchain - sharding is one such attempt at solving this challenge (see
ETH 2.0).
2. Waste. PoW consensus solution may lead to centralisation, as miners
compete on concentrating computational power. With 51% of mining
infrastructures, miners could control and modify the blockchain. Moreover,
BTC blockchain generates a lot of energy consumption (in May 2021 it was
estimated at 121 TWh per Year, like Pakistan; Source: Digiconomist.net)
3. Synchronisation. The transactions in one block are considered to have
happened at the same time (this creates a significant legal challenge
together with irreversibility, so called synchronisation problem, Schuster
2019).
– Only timestamp for the block creation (added by the node)
– No timestamp for the transaction (only when it is received by the block)
– Solana blockchain aims to solve this by creating a consensus clock and increase
the speed of block creation to 400ms (still no timestamp per transaction).
– Other option is a closed infrastructure with pre-selected nodes.

© Valiante Diego – 45
 Key technical/legal/economic challenges of BTC’s
blockchain
4. Infrastructure. Platforms and other intermediaries (such as digital wallet
providers) may have insufficient organisational requirements and lack
KYC and AML procedures.
5. Liability. Distributed consensus (especially for permissionless DLT) and self-
executing pieces of codes may lead to difficulty in establishing a clear
responsible (legal or natural) person and liability.
6. Mining. There is risk of mining
monopolization (51% attacks),
induced by large coordination of
miners in a single mining pool,
which continuously increases the
expected payoff of others if they
join said mining pools.
– Chinese pools control 65% of the
network hash rate
– Bitmain (Chinese company)
controls around 25% of mining
powers through ownership of 2
large mining pools. Source: BTC.com (last 12
month)

© Valiante Diego – 46
 Types of blockchains and key operators

© Valiante Diego – 47
 Types of Blockchains

Source: Zheng et al. 2016

© Valiante Diego – 48
 Key actors/gatekeepers

Digital wallet providers
– Hot (software) and cold (hardware) wallets
Trading platforms
– Centralised platforms (hold and control client’s assets [private
keys], often off chain) vs decentralized platforms (on chain
settlement directly between peers)
Exchanges
– To exchange cryptos or to convert in fiat currencies
Miners and nodes (distributed consensus)
– To ensure validation and to mine new blocks
Others
– Credit referencing agencies, auditing companies, media
influencers, etc

© Valiante Diego – 49
 Smart contracts, asset tokenisation and
decentralised finance

© Valiante Diego – 50
 Layer 2 solutions

Layer 2 (facultative)
(scalability, additional
functionalities like smart
contracts; e.g. lightning
network for BTC]

Layer 1 (mandatory)
(transaction execution,
consensus; e.g. Bitcoin
& Ethereum)

Layer 0 (facultative)
(security, framework,
interoperability; e.g. Polkadot)

© Valiante Diego – 51
 Smart contracts

© Valiante Diego – 52
 Smart contracts and tokens

A ‘contract’ is a promise or performance given in exchange for
promise or performance (Lessig)
Contracts can be ‘dressed’ in many ways, including computer
coding, as long as (in civil law) they have:
1. Object, (the specific obligations/rights in the contract)
2. Cause, (interest pursued by the parties with a contract)
3. Consent, and (binding agreement, also expressed by an action)
4. Form (where required by statutory law).
Under US (common) law that would be offer, consideration
[exchange for], consent. No specific form is statutorily required.
Signature with private key is a valid offer and acceptance in the
US.

© Valiante Diego – 53
 Smart contracts and tokens

‘Smart’ contracts, i.e. encoded computer codes representing a
contract executed directly on the chain, needs to code all
potential future contingencies (e.g. low probability events).
– They can include a ‘go to court’ code line, but you still need to
include all possible events that can lead to this option (e.g. from
oracles).
– With low specification costs (including verification costs of
information determining the triggering of code lines; e.g. vending
machine), smart contracts could be the best solution for their
autonomy, safety, speed and accuracy.
– With high specification costs (including verification costs) the
‘obscurity’ (e.g. ‘force majeure’ or ‘good faith’) of incomplete
contracts is a value.

© Valiante Diego – 54
 Some Smart Contracts Ecosystems

1. Ethereum → by far the largest
2. Binance Smart Chain
3. EOS
4. Bitcoin
5. NEO
6. Stellar
7. Tezos
8. Solana
9. Cardano
10. Polkadot

© Valiante Diego – 55
 Potential risks with smart contracts

Inability to foresee all future contingencies, which have to be
coded. Currently there is no clear way to create the ambiguity
needed for low probability future events that need to be
resolved by Courts.
Coding errors can lead to irreversible processes.
Liquidity is shallow for non-native tokens and risk of frauds are
high.

© Valiante Diego – 56
 Asset tokenisation

© Valiante Diego – 57
 What is a token?

Tokens are digital assets that are recorded on a distributed ledger
and can be transferred without an intermediary, and the
structuring of the issuance, the pricing of the offer, and the
distribution of these instruments do not [necessarily] involve the
participation of any regulated entity such as, for example, an
investment bank. (Gurrea-Martinez and Remolina Leon in Brummer
2019)

© Valiante Diego – 58
 What is a token? (2)

Tokens can be classified in different ways and can certainly be a
security/financial instrument, e.g. stocks (see next slides).
Three main groups of tokens:
1. Coins (crypto asset; e.g. utility token)
2. Securities tokens
3. Tokenised securities
Tokens are offered in an Initial Coin Offering and often through
the use of a smart contract code.

© Valiante Diego – 59
 An Initial Coin Offering (ICO)

Source: https://ico.readthedocs.io/en/latest/
© Valiante Diego – 60
 An Initial Coin Offering (ICO)

‘Initial coins’ were usually issued before being functional.
An ICO is typically sold as a utility instrument (no explicit rights to the
ownership or the future cash flows of a firm/project), which does not
warrant the same regulatory framework available for securities.
Consideration is expressed in a cryptocurrency value (and not
necessarily in fiat currency).
Proceeds are typically used to develop an idea (ICO rating
estimated it at 76% in 2018).
Development of the idea is centralised.
Promoters allocate to themselves part of the ‘newly minted’ coins.
Tokens are typically fungible and fully transferable.
Scarcity is created by monetary policies set ex ante (so called,
‘tokenomics’)

© Valiante Diego – 61
 ICOs (2016-2022)

8000 1400

7000 1200
6000
1000
5000
800
4000
600
3000
400
2000

1000 200

0 0
2016 2017 2018 2019 2020 2021 2022
Funds Raised ($mn) ICOs Published (rhs)
Source: ICO Bench

© Valiante Diego – 62
 Biggest ICOs (2016-2019)

© Valiante Diego – 63
 A ’boom and bust’ in 2018

40% of all ICO destroyed value on the first trading day (Momtaz
2020)
After the 2008 boom, Haffke and Fromberger (2020) found that:
1. After 30 days, only 30% of ICOs were above issuance price
2. After 180 days, 17.2% of ICOs were above issuance price
3. In July 2020, only 12% were above issuance price and 65% lost
between 80 and 100%.

© Valiante Diego – 64
 Security Tokens Offering or Tokenised securities

Security token (ST) vs Tokenised securities (TS)
– ST are token designed with features resembling a security (key
regulatory focus) → see next section
– TS are tokens representing a digital wrapper of existing securities
An STO clearly identifies the token as a security and therefore
treats it as a regulated instrument.
From dematerialisation (bookkeeping entries) to tokenisation
(smart contracts).

© Valiante Diego – 65
 Top Securities Tokens Offerings
The EIB completed the issuance of digital green bonds (through
ETH network.

© Valiante Diego – 66
 Asset tokenisation (real world assets)

Physical and dematerialised (financial and non-financial) assets’
representation on the blockchain.

© Valiante Diego – 67
 Decentralised finance (DeFi)

© Valiante Diego – 68
 Decentralised finance (DeFi) vs Traditional finance
(TradFi)

“Decentralised finance” (DeFi) is a general concept that refers
to a range of applications in the crypto-asset space that seek to
disintermediate the provision of financial services through
reliance on self-executing computer code (“smart contracts”)
[instead of financial intermediaries]. (Aquilina et al. 2023)
– Blockchains
– Smart contracts
– DeFi protocols (combination of smart contracts and conditions; it
creates the service, whether asset management pooling to invest
in other projects or staking tokens for a return, ‘farming’)
– Dapps (graphical interfaces for users to interact with protocols)
Transactions can also directly connect issuer to investor (e.g. the
token can be configured to issue dividends, share profits, voting
rights etc)

© Valiante Diego – 69
 Decentralised Finance (DeFi) market

Source: CoinGecko

© Valiante Diego – 70
 Additional references

Nick Szabo (1994), Smart Contracts https://bit.ly/3hYmAZm
1996, Smart Contracts: Building Blocks for Digital Markets
https://bit.ly/3fte57g
‘A next generation smart contract and decentralized application
platform’ Ethereum
What are smart contracts?, Cryptopedia
https://www.gemini.com/cryptopedia/crypto-smart-contracts-
explained

© Valiante Diego – 71
 A legal taxonomy of means of exchange
and negotiable instruments

© Valiante Diego – 72
 1. Means of exchange

© Valiante Diego – 73
 Money
Money is the most popular mean of exchange. It can be public (fiat) or private.

Economic PHYSICAL

Function CHARACTERISTICS

Mean of - Acceptable (easy
to exchange)
payment - Portable

Store of - Scarce

value - Durable

Unit of - Divisible

account - Fungible

© Valiante Diego – 74
 Key legal definitions to establish the legal nature of a
token (1)
1. ‘Legal tender’ (public), Commission Recommendation n.
2010/191/EU, has three characteristics:
a. Mandatory acceptance (The creditor of a payment obligation
cannot refuse euro banknotes and coins unless the parties have
agreed on other means of payment)
b. Acceptance at full face value (The monetary value of euro
banknotes and coins is equal to the amount indicated on the
banknotes and coins)
c. Power to discharge from payment obligations (A debtor can
discharge himself from a payment obligation by tendering euro
banknotes and coins to the creditor)
2. ‘E-money’ (private), as defined by art. 2.1 Dir. 2009/110/UE,
means electronically, including magnetically, stored monetary
value as represented by a claim on the issuer, which is issued on
receipt of funds for the purpose of making payment transactions
(as def. in article 4.5 PSD2) and which is accepted by a natural
or legal person other than the electronic money issuer.
© Valiante Diego – 75
 A taxonomy of ‘tokens’?
BASELINE

Money Security right Right in rem

FIAT MONEY
E-MONEY
(public money; incl.
(private money)
CDBCs?)

Mean of payment Mean of payment

‘Exchange’ purpose
Claim on issuer at par
(store of value)
Mandatory acceptance Accepted by more
Acceptance at full face than the issuer (but not
value mandatory)
Power to discharge Issued on receipt of
payment obligations fiat currency
Store of value
(‘pegging’ and claim on
issuer)
Commission
Recommendation n. Dir. 2009/110/UE
2010/191/EU
AMLDDiego
© Valiante 5 – 76
 Central Bank Digital Currencies (CDBCs)

© Valiante Diego – 77
 ‘New’ fiat money

Mark Carney on electronic currency (FT, 23 August 2019)
“In the longer term, Mr Carney said the solution was to create a
multipolar global economy rather than waiting for China’s
renminbi to challenge the dollar.
For this, he suggested more thought should be given to creating a
global electronic currency that could act as “synthetic
hegemonic currency... provided... perhaps through a network of
central bank digital currencies”.”

As of today, the attempt is to create CDBCs built on DLT (digital
RMB) or DLT-ready (e.g. digital euro). If built on DLT, it will be issued
on a permissioned blockchain.

© Valiante Diego – 78
 Macroeconomic rationales for CDBCs

Monetary policies. The risk is about the effectiveness of monetary
policies by central banks, as they will not be able to impact directly
on the monetary base, as issuers of the fiat currency. The additional
layer of intermediation over the key transmission channel of
monetary policy is what can really make monetary policies less
effective. As a result, there is a risk that conventional (e.g. official
interest rates policies) and unconventional (e.g. asset purchases,
like QE) monetary policies may have only a marginal impact on the
macroeconomic variable of reference (e.g. nominal and real
inflation rates and unemployment rate).
Financial stability
– Interconnectedness (contagion). The main concern would be if a
significant crash caused losses of wealth that were large enough to
affect consumer behaviour, or caused contagion through the financial
system. How holders of VCs consume out of their perceived wealth and
how much is built on leverage are crucial to determining the impact of
a crash.
– Illiquidity (run risk). If many investors want to withdraw their money from
the virtual currency on a particular day, the exchange might struggle
to meet the redemptions because they would struggle to sell off their
basket of assets (in case of stable coins).

© Valiante Diego – 79
 Microeconomic rationales for CDBCs

Consumer/Investor protection
– Risk of stolen private keys. The DAO funds and other examples of
private keys being stolen is growing fast.
Market integrity
– Money laundering risks. There is typically a high risk of money
laundering associated with the lack of customer identification, the
speculative pricing of VCs and the limited liquidity are some of the
reasons why regulated institutions have refrained from getting
involved in this asset class. The resellers that will ensure the
conversion of fiat currencies into VCs will be the gatekeepers, i.e.
the entities in charge of checking identity of the people transacting
in VCs and check the origin of that transaction. The permissioned
blockchain system may probably allow possibility to better trail the
money.

© Valiante Diego – 80
 The rise of virtual currencies

© Valiante Diego – 81
 ‘Virtual currency’ baseline

‘Virtual currency’, as defined by art. 3.18 Dir. 2018/843 (AMLD 5),
means a digital representation of value (UNIT OF ACCOUNT) that
is not issued or guaranteed by a central bank or a public
authority (no fiat), is not necessarily attached to a legally
established currency and does not possess a legal status of
currency or money, but is accepted by natural or legal persons
as a means of exchange (MEAN OF PAYMENT) and which can
be transferred, stored and traded electronically (STORE OF
VALUE).
Virtual currencies are a form of money and can include DLT-
based native tokens (e.g. bitcoin)or non-native tokens, such as
‘stablecoins’ (e.g. USDT Tether).

© Valiante Diego – 82
 A taxonomy of ‘tokens’?
BASELINE (for most tokens)
Crypto asset (‘crypto-asset’ means a digital representation of value or rights which may be transferred and
stored electronically, using distributed ledger technology or similar technology; art. 3.1.2 MiCAR)

Money Security right Right in rem

VIRTUAL CURRENCIES
FIAT MONEY E-MONEY
(private money; incl. native
(public money) (private money)
tokens or stablecoins)

Mean of payment Mean of payment Mean of payment

‘Exchange’ purpose
Claim on issuer at par
(store of value)
No mandatory
Mandatory acceptance Accepted by more
acceptance
Acceptance at full face than the issuer (but not
No claim on issuer (store
value mandatory)
of value?)
Power to discharge Issued on receipt of
Issued on receipt of fiat
payment obligations fiat currency
currency or crypto assets
Store of value
(‘pegging’ and claim on
issuer)
Commission art. 3.18 Dir. 2018/843
Recommendation n. Dir. 2009/110/UE (AMLD 5)
2010/191/EU art. 3.1.(6) &(7) MiCAR
AMLDDiego
© Valiante 5 – 83
 Stablecoins

© Valiante Diego – 84
 The rise of stablecoins ($110 bn market cap; 7% tot.)

Stablecoins are crypto assets that are (in theory) pegged to the
value of an underlying fiat currency (or a combination of).
A key function of a fiat currency is the ability to store value. They
exist to build a bridge with the non-crypto financial system.
In the non-crypto financial system, stabilisation can be mainly done
in two ways:
1. Face value of the banknote (legal tender)
2. Pegging to a currency or to other assets, often combined with a legal
claim on the issuer
Different types of ‘stabilisation’ for crypto tokens (FCA Guidance
2019):
1. Fiat-backed → tokens backed by fiat currency, either a basket or a 1:1
peg to a single currency (e.g. Tether, BUSD, etc)
2. Crypto-collateralised → tokens backed with a basket of cryptoassets
with the aim of spreading risk and reducing price volatility
3. Asset-backed → tokens backed with tangible or intangible assets with
economic value
4. Algorithmicly stabilised → tokens stabilised through algos that control
the supply of tokens to influence price. They either have no collateral
or are partially collateralized by the native token (e.g. sUSD or UST) or
they have a floating peg (RAI, FLOAT).

© Valiante Diego – 85
 The rise of the Stablecoins

© Valiante Diego – 86
© Valiante Diego – 87
 Tether and the USD peg

Source: www.kaiko.com

© Valiante Diego – 88
 Most algo-stablecoins have failed to keep the peg

© Valiante Diego – 89
© Valiante Diego – 90
 2. Negotiable instruments

© Valiante Diego – 91
 Key legal definitions to establish the legal nature of a
token (2)
3. ‘Transferable security’, as defined by art. 4.1(44) Dir. 2014/65/UE,
means those classes of securities which are negotiable on the
capital market, with the exception of instruments of payment.
[…] any other securities giving the right to acquire or sell any
such transferable securities or giving rise to a cash settlement
determined by reference to transferable securities, currencies,
interest rates or yields, commodities or other indices or measures;

© Valiante Diego – 92
 ‘Security’ definition (EU)

Transferable securities are not ‘instruments of payments’, but can be
held in custody (bearer instruments).
Non-transferable securities that are not included in annex I.C MiFID
2, as ‘financial instruments’, are left to national law.
The assessment of whether a crypto asset is a transferable security
can be broken down in two parts:
A. Three criteria (art. 4(1)(44), MiFID 2):
1. Standardisation (fungibility/homogeneity)
– All tokens of that class/issuer share similar rights and obligations
2. Transferability (assigned to another person; statutory or technical
restrictions)
3. Negotiability on capital markets (secondary markets, like RMs and
MTFs or even cryptoexchanges)
B. Plus, the law refers to a list of examples of such securities, which
include shares and bonds. To affirm, the typical rights of an
investment (profits, ownership and control).
The general approach is to look for similar rights to existing classes
of transferable securities or financial instruments.

© Valiante Diego – 93
 Key definitions when assessing the legal nature of
tokens (money or money-like) (3)
4. Other financial instruments
– (2) Money-market instruments (e.g. treasury bills, certificates of deposit and commercial paper);
– (3)Units in collective investment undertakings;
CONTRACTS
– (4)Options, futures, swaps, forward rate agreements and any other derivative contracts relating to
securities, currencies, interest rates or yields, emission allowances or other derivatives instruments,
financial indices or financial measures which may be settled physically or in cash;
– (5)Options, futures, swaps, forwards and any other derivative contracts relating to commodities
that must be settled in cash or may be settled in cash at the option of one of the parties other than
by reason of default or other termination event;
– (6)Options, futures, swaps, and any other derivative contract relating to commodities that can be
physically settled provided that they are traded on a regulated market, a MTF, or an OTF, except
for wholesale energy products traded on an OTF that must be physically settled;
– (7)Options, futures, swaps, forwards and any other derivative contracts relating to commodities,
that can be physically settled not otherwise mentioned in point 6 of this Section and not being for
commercial purposes, which have the characteristics of other derivative financial instruments;
– (8)Derivative instruments for the transfer of credit risk;
– (9)Financial contracts for differences;
– (10) Options, futures, swaps, forward rate agreements and any other derivative contracts relating
to climatic variables, freight rates or inflation rates or other official economic statistics that must be
settled in cash or may be settled in cash at the option of one of the parties other than by reason of
default or other termination event, as well as any other derivative contracts relating to assets,
rights, obligations, indices and measures not otherwise mentioned in this Section, which have the
characteristics of other derivative financial instruments, having regard to whether, inter alia, they
are traded on a regulated market, OTF, or an MTF;
– (11) Emission allowances consisting of any units recognised for compliance with the requirements of
Directive 2003/87/EC (Emissions Trading Scheme).
© Valiante Diego – 94
 A taxonomy of ‘tokens’?
BASELINE (for most tokens)
Crypto asset (‘crypto-asset’ means a digital representation of value or rights which may be transferred and
stored electronically, using distributed ledger technology or similar technology; art. 3.1.2 MiCAR)

Money Security right Right in rem

VIRTUAL CURRENCIES SECURITY/FINANCIAL
FIAT MONEY E-MONEY
(private money; incl. native INSTRUMENT/TOKENISED
(public money) (private money)
tokens or stablecoins) SECURITY

Investment (promise of
Mean of payment Mean of payment Mean of payment
financial return)
‘Exchange’ purpose
Claim on issuer at par
(store of value)
No mandatory Rights and obligation
Mandatory acceptance Accepted by more
acceptance (control or profits)
Acceptance at full face than the issuer (but not
No claim on issuer (store Standardised
value mandatory)
of value?) Tradeable on capital
Power to discharge Issued on receipt of
Issued on receipt of fiat markets
payment obligations fiat currency
currency or crypto assets Transferable
Store of value
(‘pegging’ and claim on
issuer)
Commission art. 3.18 Dir. 2018/843 Dir. 2014/65/UE (annex
Recommendation n. Dir. 2009/110/UE (AMLD 5) I.C)
2010/191/EU art. 3.1.(6) &(7) MiCAR National laws
© Valiante
AMLDDiego
5 – 95
 ‘Security’ definition (EU) – Open questions

Can profit expectation from exit through systematic secondary
market activity (not simply theoretical negotiability) suffice, if the
token also meets the three criteria?
– No, according to prevailing interpretation of what is a security in a
majority of EU Member States (ESMA survey 2018).
Can the way a token is represented (marketed), by creating an
expectation of profit or of the existence of any right or profit
sharing, ultimately lead to classify that token as a security?
Can ‘burning’ tokens (deflationary models) or redistribute them,
de facto create a financial right (participation to the
profits/revenues from burning)?

© Valiante Diego – 96
 A taxonomy of ‘tokens’?
BASELINE (for most tokens)
Crypto asset (‘crypto-asset’ means a digital representation of value or rights which may be transferred and
stored electronically, using distributed ledger technology or similar technology; art. 3.1.2 MiCAR)

Money Security right Right in rem

VIRTUAL CURRENCIES SECURITY/FINANCIAL
FIAT MONEY E-MONEY
(private money; incl. native INSTRUMENT/TOKENISED UTILITY TOKEN
(public money) (private money)
tokens or stablecoins) SECURITY

Investment (promise of
Mean of payment Mean of payment Mean of payment Mean of exchange
financial return)
‘Exchange’ purpose
Claim on issuer at par
(store of value)
No mandatory Rights and obligation
Mandatory acceptance Accepted by more Access to a good
acceptance (control or profits)
Acceptance at full face than the issuer (but not or service available
No claim on issuer (store Standardised
value mandatory) on DLT
of value?) Tradeable on capital
Power to discharge Issued on receipt of Accepted by the
Issued on receipt of fiat markets
payment obligations fiat currency issuer of the token
currency or crypto assets Transferable
Store of value
(‘pegging’ and claim on
issuer)
Commission art. 3.18 Dir. 2018/843 Dir. 2014/65/UE (annex
Recommendation n. Dir. 2009/110/UE (AMLD 5) I.C) Art. 3.1(9) MiCAR
2010/191/EU art. 3.1.(6) &(7) MiCAR National laws
© Valiante
AMLDDiego
5 – 97
 TO SUM UP → ‘Digital Financial Assets’ (DFAs)

Digital financial assets (DFAs) are digital representations (data in
binary form stored on a computer or on the internet) of values
that may or may not have the legal status of legal tender. They
can be used either as a mean of exchange accepted by
certain natural or legal persons (e.g. emoney) or can be used
for investment purposes (giving right to a financial return) and
can be traded, transferred and stored electronically (e.g.
dematerialized securities).
1. Non-DLT based
– E-money
– Dematerialised securities (bookkeeping entries)
– Other (digital fiat money, such as non-DLT CDBC? Digital euro?)

© Valiante Diego – 98
 TO SUM UP → ‘Digital Financial Assets’ (DFAs) (2)

2. DLT-based
1. Cryptocurrencies (native token, typically payment token)
1. Native token (Bitcoin, Ether, etc)
2. Fork native token (Bitcoin Cash, Ethereum Classic, etc)
2. Non-native tokens (on smart contracts platforms; often DeFi
(Decentralised Finance) for Dapps (Decentralised applications,
such as ERC20, BEP20, TRC20, etc)
Securities tokens (e.g some stablecoins or DeFi tokens) or
Tokenised securities
Other crypto assets (non-qualifying as ‘security’)
1. Asset-referenced tokens (e.g. some stablecoins) → see
section on MiCAR
2. E-money token (e.g. some other stablecoins) → see
section on MiCAR
3. Utility tokens
» Tokens that provide the right to use or to enjoy something (for
platform specific services, playing games, NFTs, etc)
3. Central Bank Digital Currency (CBDC; permissioned)

© Valiante Diego – 99
 Some examples of unregulated tokens (FCA 2019)
a. Filecoin (FIL) is a decentralized storage network that turns cloud storage
into an algorithmic market. Filecoins can be spent to get access to
unused storage capacity on computers worldwide. Providers of the
unused storage capacity in turn earn filecoins, which then can be sold for
cryptocurrencies or fiat money. (ESMA survey 2018)
b. Crypterium (CRPT) aims to build up a “cryptobank” with vertically
integrated services. It claims to be faster and less costly than existing
banking solutions and stresses its international scaling opportunities. The
crypto-asset sale ended in January 2019 and raised USD 51m from 68,125
crypto-asset purchasers. The crypto-assets may be used to pay for
transaction fees when using the services of the cryptobank. In addition,
they grant the right to receive a monthly share of the revenues derived
from the transactions. In addition, services not known yet might be
available to crypto-asset holders at a cheaper price or for free in the
future. Crypto-asset holders are also granted ‘priority treatment’ (although
the white paper does not specify what this priority treatment would entail).
(ESMA survey 2018)
c. A firm running an online casino issues tokens that allow players to play
their games and to vote on which games to adopt by the platform (with
no obligation for the platform to comply). No additional rights.
d. A car company issue a token that gives a one hour test drive. This token
can be sold in secondary market, but it does not give any additional
reward or right than just one hour test drive.

© Valiante Diego – 100
 Key definitions when assessing tokens

CBDC (legal Legal
tender?) tender/cash
Utility tokens E-money
(real assets) 4. Transferable
securities

Stablecoins and 3. Financial
other unclassified instruments (MiFID)
cryptoassets
2. Financial
products
Cryptocurrencies
(intangibles) Deposits and
Securitised
instruments
1. (Digital)
Financial
Assets (FAs)
© Valiante Diego – 101
 What then for token classification and
applicable law?

© Valiante Diego – 102
 What then?

Securities tokens or tokenised securities are captured under existing
frameworks (e.g. MiFID 2).
For all the rest, regulators and supervisors are leaning towards a case-by-
case assessment of crypto assets (DLT-based). More generally:
a. Stablecoins → no claim on issuer or agreed investment policy (not a security; US
SEC disagrees)
b. Native (decentralised) tokens → no identifiable issuer (e.g. Bitcoin, Ether) →
commodity in the US
c. Utility Tokens → ownership over a product or other physical asset or right to a
service, but no financial return
Speculative use is insufficient to define a security
d. Non-Fungible Token (NFT) → tokenised proof of title to a unique digital version of
(unique hash verifiable on DLT) a specific digital (e.g. image) or physical asset
(e.g. paintings) → lacks fungibility to be a security
More broadly, a utility token (right in rem) or other unregulated tokens
generally lack the financial rights that are parts of an investment (e.g.
control or profit over a project or company) or a mean of payment (e.g.
largely accepted by other entity than the issuer).
→ It’s a more formalistic approach
→ The US regulator tends to classify most crypto assets as a security (going towards
making it a presumption that reverses the burden of proof)

© Valiante Diego – 103
 Applicable legislation for securities tokens or tokenised
securities

Prospectus Regulation (OK)
– Publication of prospectus with info on issuer and securities
Transparency Directive (NO)
– Limited to admission to trading on Regulated Markets
Markets in Financial Instruments Directive and Regulation (OK)
– Key services are placing, dealing on own account, operating MTF/OTF
– Capital requirements, organisational requirements, trade and transaction
reporting?
– ”Responsible operator’ in a decentralised platform?
Market Abuse Directive and Regulation (OK)
AIFMD (for tokens qualifying as units of collective investment schemes)
Settlement Finality Directive, CSDR and FCD
– Is this a ‘system’ and who is the ‘system operator’ in a decentralised consensus-
based infrastructure? Is it different for permissioned DLT networks?
– Nature of securities account and book-entry methods are still defined nationally
and so they may not be able to capture DLT uses
– Safekeeping services need to be further defined
ESMA’s preliminary view is that “having control of private keys on behalf of
clients might be regarded as safekeeping services and that rules to ensure
the safekeeping and segregation of client assets should apply to the
providers of those services.”

© Valiante Diego – 104
 Financial instruments tokens – Applicable legislation
AMLD 5 (custodian wallet providers and fiat-virtual currency
exchanges are in scope) includes:
– Registering themselves with complete ownership structure
– KYC rules
identifying the customer and verifying the customer’s identity
identifying the beneficial owner and taking reasonable measures to
verify that person's identity
– Customer due diligence
conducting ongoing monitoring of the business relationship
including scrutiny of transactions undertaken throughout the course
of that relationship
– Each EU member country is obliged to
Maintain a “Register of Ultimate Beneficial Owners” (UBOs) that will
contain information of the beneficial owner. Registers of UBOs are
to be made publicly accessible, and inter-connected at pan-EU
level for exchange of information to strengthen their UBO
verification mechanisms.
Maintain a PEP List of prominent politically exposed public functions
to make easier for smaller compliance teams or SMBs, to identify
PEPs while screening risks.
Maintain centralised registries or electronic data retrieval systems to
identify entities holding or controlling payment accounts, bank
accounts, and safe-deposit boxes.
© Valiante Diego – 105
 The emerging regulatory framework for
DLT-based finance: EU vs US

© Valiante Diego – 106
 Key features of the new EU framework for
crypto assets, DLT infrastructure and
cybersecurity

© Valiante Diego – 107
 EU regulatory approach – Key principles
Keep calm and carry on!
The European Commission launched a consultation back in April
2017 on how to use FinTech to create a more competitive and
innovative European financial sector.
It established three principles:
1. Regulation should be technology-neutral, i.e. same service same
risk same rule (functional approach).
2. Regulation should be proportional, i.e. considering the complexity
and size of the business model.
3. Regulation should be integrity-enhancing (operational), i.e.
increasing transparency without creating unwarranted risks (e.g.
market abuse, cybersecurity issues)
…and four key objectives:
1. Fostering access to financial services for citizens and businesses
2. Bringing down operational costs and increasing efficiency
3. Making the Single Market more competitive
4. Balancing data sharing and transparency with data protection

© Valiante Diego – 108
 The limits of ‘tecnological neutrality’

1. ‘Decentralised’ infrastructures makes more difficult to identify
the responsible legal or natural person
– Organisational requirements on new gatekeepers, like fiat-virtual
exchanges or digital wallet providers
2. Cybersecurity to deal with infrastructural issues
3. Open access to data (open banking) to overcome
competition concerns

© Valiante Diego – 109
 Digital Finance Action Plan (DFAP) – September 2020

1. Regulation on Markets in Crypto-Assets (MiCAR), Reg. (EU)
2023/1114 (mainly stablecoins, utility tokens).
2. Regulation 2022/858 on a pilot regime for market infrastructures
based on distributed ledger technology (DLTR).
3. An EU regulatory framework on digital operational resilience
with a proposal for Regulation on digital operational resilience
for the financial sector and an omnibus Directive amending
several EU financial services legislations (DORA).
– Regulation (EU) 2022/2554 and Directive (EU) 2022/2556
– Entered into force in January 2023 and will apply from January
2025.

© Valiante Diego – 110
 MiCAR – Key definitions

Markets in Crypto-Assets Regulation (MiCAR) is mainly a
regulation for stablecoins and utility tokens.
Art. 3(1)(2) ‘crypto-asset’ means a digital representation of value
or rights which may be transferred and stored electronically,
using distributed ledger technology or similar technology;
– §1(4) ‘asset-referenced token’ means a type of crypto-asset that
purports to maintain a stable value by referring to the value of
several fiat currencies that are legal tender, one or several
commodities or one or several crypto-assets, or a combination of
such assets;
– §1(5) ‘electronic money token’ or ‘e-money token’ means a type of
crypto-asset the main purpose of which is to be used as a means of
exchange and that purports to maintain a stable value by referring
to the value of a fiat currency that is legal tender;
– §1(6) ‘utility token’ means a type of crypto-asset which is intended
to provide digital access to a good or service, available on DLT,
and is only accepted by the issuer of that token.
© Valiante Diego – 111
 MiCAR – Key definitions (2)

Key difference with existing definitions:
– No explicit claim on issuer (no rights?)
– No explicit investment policy (MMF or alike)
– Other crypto assets backing (undefined nature of investment or
utility or donation)
But the issuer exists…
– §1(6)‘issuer of crypto-assets’ means a legal person who offers to
the public any type of crypto-assets or seeks the admission of such
crypto-assets to a trading platform for crypto-assets;
– No issuance by natural persons allowed (made explicit condition in
following articles).

© Valiante Diego – 112
 MiCAR – Key definitions (3)

§1(8) ‘crypto-asset service provider’ (CASP) means any person
whose occupation or business is the provision of one or more
crypto-asset services to third parties on a professional basis;
§1(9) ‘crypto-asset service’ (CAS) means any of the services and
activities listed below relating to any crypto-asset:
– (a)the custody and administration of crypto-assets on behalf of third
parties;
– (b)the operation of a trading platform for crypto-assets;
– (c)the exchange of crypto-assets for fiat currency that is legal tender;
– (d)the exchange of crypto-assets for other crypto-assets;
– (e)the execution of orders for crypto-assets on behalf of third parties;
– (f)placing of crypto-assets;
– (g)the reception and transmission of orders for crypto-assets on behalf
of third parties
– (h)providing advice on crypto-assets;
Title V (art. 53-75) discusses the sets of requirements for CASPs (incl.
authorisation, prudential and organisational req., etc)

© Valiante Diego – 113
 MiCAR – SCOPE (art. 2)
Only crypto assets that are not classified as:
1. MiFID financial instrument
2. Electronic money
3. Deposit
4. Structured deposit
5. Securitisation
Exemption for targeted entities, like insurance companies and central banks.
Selected articles exemption for credit institutions (mainly organisational and
prudential) or MiFID investment firms providing ‘equivalent’ investment services
(see table)

MiCAR MiFID/R
Operation of a trading platform for cryptos Operation of an MTF/OTF
Exchange of crypto-assets for other cryptos or fiat Dealing on own account
Execution of crypto orders on behalf of 3rd parties Execution of orders on behalf
Placement with or without firm
Placing of crypto assets
commitment
Reception and transmission of crypto orders Reception and transmission of orders
Advice on crypto assets Investment advice

© Valiante Diego – 114
 MiCAR and Asset-referenced tokens (ARTs) (artt. 15-42)

Asset-referenced tokens issuance/issuer must be authorised by
the competent authority for offers or admission to trading on a
trading platform for crypto assets
– No authorisation if below €5 mn over past 12 months or addressed
to qualified investors (art. 15 MiCAR; procedure in art. 19 MiCAR)
Qualified investors are MiFID professionals and eligible
counterparties (art. 2(1)(e) Reg. 2017/1129 on Prospectus)
Authorisation shall include a white paper (including a summary)
to be approved by the competent authority and reviewed
when necessary.
– Content (art. 17), for which the issuer is liable, includes: description
of issuer’s governance arrangements, reserve assets composition,
rights on referenced assets or alternative arrangements with CASPs
(as explained in art. 35), a legal opinion that the ART is not a
financial instrument, electronic money or (structured) deposit.

© Valiante Diego – 115
 MiCAR and Asset-referenced tokens (ARTs) (artt. 15-42)

Key obligations for issuers of ARTs include:
– Having reserve assets (art. 32)
– Acting honestly, fairly and professionally in the best interest of ARTs
holders (art. 23)
– Disclosing rights granted to holders, including claim or redemption
rights (art. 35)3
– Complaint handling (art. 27), Conflicts of interest procedures (art.
28), own funds (art. 31), etc
Significant ARTs (art. 39), as classified by EBA, have additional
obligations (e.g. custody, remuneration policies, capital
surcharge, liquidity management, etc)
– More than 2 million customers, €1bn value or market capitalisation,
500,000 transactions/€100m transactions per day, €1bn in reserve
assets, and use in seven or more member states.
– SARTs issuers are directly supervised by EBA

© Valiante Diego – 116
 MiCAR and E-money tokens (EMTs) (artt. 43-52)

Mirrors requirements for ARTs, but
– Pegging an EU currency means offering to the EU public
– If provided by an e-money institution, it should be considered ‘e-
money’ as per Directive 2009/110
– A claim on the issuer should be provided (art. 44), but no interests
(art. 45).
– Redemption at par (not later than 30 days)
– Overall, similar obligation than for emoney
– Issuers of Significant EMTs (SEMTs) will be under EBA’s direct
supervision for some aspects (capital, remuneration, liquidity and so
on), while remaining ones will be supervised by national authorities.

© Valiante Diego – 117
 MiCAR – Utility tokens and other crypto assets (art.4-14)

No natural person’s issuance
No application of rules (except the one of being a legal entity)
for airdrops (for free tokens), NFTs, CAs created via mining, offers
below to €1 million, offers to less than 150 persons per Member
State, solely addressed to qualified investors (art. 4(2)).
If not functional yet, public offer no longer than 12 months.
No pre-approval for the white paper (art. 5(3))and no explicit
civil liability for the issuer, even though it remains responsible for
its content.
Right of withdrawal (14 days) only if not listed on a trading
platform for crypto assets and only for these tokens.

© Valiante Diego – 118
 What about trading platforms?

© Valiante Diego – 119
 Types of trading platforms under MiFID (ESMA Crypto
Assets Advice, 2019 pp. 24-28)
All subject to the classification of the token being traded as
‘financial instrument’
Centralised (off chain) vs decentralised exchanges (on chain)
are crypto assets service providers.
Platforms which would engage in trading of security tokens may
fall under three main broad categories as follows:
1. Platforms with a central order book and/or matching orders could
qualify as multilateral trading facilities;
2. Operators of platforms dealing on own account and executing
client orders against their proprietary capital, would not qualify as
multilateral trading facilities but rather as investment firms (e.g.
OTF); and
3. Platforms that are used to advertise buying and selling interests and
where there is no genuine trade execution or arranging taking
place may be considered as bulletin boards and fall outside of
MiFID II scope.

© Valiante Diego – 120
 Types of trading platforms under MiFID (ESMA Crypto
Assets Advice, 2019 pp. 24-28)

Examples of applicable requirements:
– Capital requirements
– Organisational requirements (e.g. business continuity
arrangements, conflicts of interest procedures, objective criteria for
order execution, circuit breakers)
– Investor protection rules (e.g. info to clients and act in their best
interest)
– Access to the platform rules
– Pre and post-trade transparency
– Transaction reporting and record-keeping
– Checks on members’ ability to trade, good repute and so on

© Valiante Diego – 121
 Source: CoinGEcko Cryptocurrency Report

© Valiante Diego – 122
 Source: CoinGEcko Cryptocurrency Report

© Valiante Diego – 123
 Source: CoinGEcko Cryptocurrency Report

© Valiante Diego – 124
 MiCAR – Crypto-Assets Service Providers (CASPs; art. 53
75)
MiCAR MiFID/R
1. Operation of a trading platform for cryptos Operation of an MTF/OTF
2. Exchange of crypto-assets for other cryptos or fiat Dealing on own account
3. Execution of crypto orders on behalf of 3rd parties Execution of orders on behalf
Placement with or without firm
4. Placing of crypto assets
commitment
5. Reception and transmission of crypto orders Reception and transmission of orders
6. Advice on crypto assets Investment advice

2 → centralised exchanges?
1 → decentralised exchanges?
Key requirements:
– Authorisation (it can be a natural person; passporting regime included), prudential
and organisational req, etc.
– Specific ones for specific services (e.g. custody, platform operation, advice, etc)
No third country regime.

© Valiante Diego – 125
 MiCAR – Other requirements

Own (mirroring existing) Market Abuse framework (art. 76-80)
Framework for competent authorities, ESMA and EBA (art. 81-91)
– Minimum investigative powers and precautionary measures for CAs
– Administrative measures and sanctions by CAs (art. 92-97)
– EBA’s supervisory responsibilities and powers for significant ARTs and
EMTs (art. 98-120)

© Valiante Diego – 126
 Open questions

How do you deal with designation at national level of some
crypto assets as transferable security, but not in all EU MS (risks of
conflict)?
Do decentralised exchanges fit the definition of trading
platforms for cryptos?
Is it the end for ‘meme coins’, created by natural persons?

© Valiante Diego – 127
 Other EU actions

© Valiante Diego – 128
 A DLT ‘Pilot’ regime

© Valiante Diego – 129
 Regulation for DLT market infrastructures (DLTR) – Pilot
Regime
1. DLT MTF or…
– Operated by investment firm or market operator under MiFID
– It may also settle transactions (including finality) and provide safekeeping service
in relation to the DLT securities on the DLT MTF (no CSD)
But no direct designation under Settlement Finality Directive (Dir. 98/26/EC),
as long as the DLT MTF defines “the moment from which transfer orders or
other pre-identified instructions may not be revoked by a member,
participant, issuer or client”
→ it would be suitable though!
– Can admit to trading and settle DLT securities not recorded in a DLT CSD (if
requested)
2. …a DLT securities settlement system (operated by CSD)
– Settle transaction in DLT transferable securities against payment (DvP)
Cap on size of admitted DLT securities (art. 3)
– Shares (< €200 mn market cap)
– Bonds (< €500 mn market cap)
– No sovereign bonds
Cap on size of DLT securities recorded in a given DLT CSD set at €2.5 billion,
determined daily (art. 3).
Regulation 596/2014 (MAR) applies.

© Valiante Diego – 130
 A Regulation on Cyber Resilience
(for info)

© Valiante Diego – 131
 Regulation on Digital Operational Resilience for the
financial sector (DORAR) (for info)
The regulation covers all regulated entities in the financial sector, which
make use of ICT risk management tools. They include:
– Credit institutions – Insurance intermediaries
– Payment institutions – Reinsurance intermediaries and
– Electronic money institutions ancillary insurance
– Investment firms intermediaries
– Crypto-asset service providers – Institutions for occupational
retirement pensions
– Central securities depositories
– Credit rating agencies
– Central counterparties
– Statutory auditors and audit
– Trading venues firms
– Trade repositories – Administrators of critical
– Managers of alternative benchmarks
investment funds and – Crowdfunding service providers
management companies
– Securitisation repositories
– Data reporting service providers
– ICT third-party service providers
– Insurance and reinsurance
undertakings
© Valiante Diego – 132
 DORAR key definitions and clusters of requirements (for
info)

“ To build, assure and review […] operational integrity from a
technological perspective” (art. 3(1))
“ICT risk” includes any “malfunction, capacity overrun, failure,
disruption, impairment, misuse, loss or other type of malicious or
non-malicious event - which, if materialised, may compromise
the security of the network and information systems”
ICT risk management requirements (art. 5-14)
ICT-related incident reporting (art. 15-20)
Digital operational resilience testing (art. 21-24)
ICT third-party risk (art. 25-39)
Information sharing (art.40)
Competent authorities (art. 41-49)

© Valiante Diego – 133
 The US approach: the ‘Howey Test’

© Valiante Diego – 134
 The definition of ‘security’

15 U.S. Code § 78c(a)(10) → 1933 Securities Exchange Act
(10) The term “security” means any note, stock, treasury stock, security
future, security-based swap, bond, debenture, certificate of interest or
participation in any profit-sharing agreement or in any oil, gas, or
other mineral royalty or lease, any