My biggest takeaway from reading the Liechtenstein Blockchain (they named it “TT” for “trustworthy technology” – to ensure that the law is technology-neutral) Act draft version is that many of its provisions make a lot of sense.

I really liked how a token is defined as a representation of any possible legal rights that it “contains” or conveys. The law even compares tokens to “containers” (meaning that a container can hold a lot of different things at different times, or even be empty at a given moment). The law does not try to define or categorize tokens into categories or security versus non-security, and simply clarifies that the token can represent a variety of rights (e.g. to a physical asset, to reception of a good or service, to serve as a means of exchange, etc.) and therefore the laws regulating those types of underlying transactions or assets or legal rights will continue to govern, as the case may be.

Who is this law for?

It governs the activities of TT (e.g. Blockchain) service providers, defines categories of these providers, and requires many of them to register and fulfil certain obligations. Specifically, TT service providers must have:

• Clear organizational structure, proper governance and reputable management
• Implement written internal control mechanisms (e.g. policies and procedures), especially with respect to customer protection, security and business continuity.
• A minimum capital of CHF 100,000
• Data retention policy of a minimum of 10 years
• Proper outsourcing framework

Which services are subject tomandatory registration?

The following TT Service Providers must apply in advance in writing to the FMA to be entered into a special register of authorized/registered service providers (if they provide services in Liechtenstein):

• Token Issuers;
• Protectors;
• Depositaries;
• Exchange Officer Operators;
• Physical Validators (e.g. custodians of underlying assets);
• Identity Service Providers.

Other service providers may voluntarily decide to get registered, for example, if they are Token Generators, Verifying Authorities or Price Service Providers.

The FMA must decide within three weeks and then, if the registration requirements are met, enter the applicant into the TT Service Provider Register. Obviously, if the applications incomplete, the process could take a few more iterations.

What’s the difference between all these service providers and can these roles be combined?

Frankly, this is my biggest hesitation about this draft, simply because I was trying to fit business models that I know of into the categories mentioned, and I personally concluded that everybody does a little bit of every role. I’m sure the lawmakers were trying to remain flexible and accommodate a variety of unique business models, but hopefully, some simplifications will eventually be possible here.

Let’s look at some of the roles that are likely to have overlaps:

Exchange Office Operator

TT Exchange Offices conduct exchange between legal tender (fiat currencies) and blockchain systems, as well as between other assets or rights that are represented by tokens. The Exchange Office Operators specifically must have internal control mechanisms in place to ensure the availability of the current market prices of the traded tokens and the disclosure of the purchase and sale prices of the traded tokens.

Depositary

The Depositary service keeps Private Keys on behalf of clients, and in most cases will generate the Private Key directly for the customer. Typical examples of Depositaries listed are:

• Wallet providers that store the Private Key centrally on a server
• Offline storage providers
• Crypto-exchanges

The law will oblige the Depositaries to have internal control mechanisms in place to ensure appropriate security measures protecting customers, separate safekeeping of customer’s PrivateKeys from the company own assets and business continuity management.

Protectors

Protectors are holding tokens in trust for customers in one’s own name (with some internal sub-accounts ledgers). Those could be crypto-exchanges, custodian banks, etc. The Protector assigns tokens of all its customers to one or more Public Keys address, which the Protector fully controls.  The Protectors are required to be licensed according to the Trustee Act or the Banking Act.

Price Service Provider

Price Service Providers must have internal control mechanisms in place to ensure the transparency of the published prices; prevention of conflicts of interest in relation to pricing; and the disclosure of information to affected users regarding transactions concerning related parties.

Let’s now look at Token Issuance and Token Issuers obligations:

Token Issuers must have internal control framework ensuring the following:

• Disclosure of basic information about the project at any time during, and for at least ten years after, the token issuance (e.g. a detailed White Paper)
• Execution of the token issuances in accordance with the law and announced terms
• Prevention of multiple token issuances and double-spending
• Public announcement and disclosures about the issuance that has already taken place in the case of a subsequent issuance of related rights
• Business continuity arrangements.

Exemptions – or which projects do not need to be registered?

• Closed-loop (e.g. intra-corporate projects)
• If all buyers agreed to participate and agreed that this will be the status of the project
• If the offer is for less than 150 users
• If the selling price of the total issuance does not exceed 1 million CHF over a period of 12 months
• If there was a pre-existing obligation to publish another set of qualified information about the public token offer under other laws.

By the way, we have worked out a FREE Regulatory Inquiry Template for you, if ever you or your business needs to reach out to the FMA or another regulatory authority.