Gibraltar: Gibraltar Token Regulation Proposals Published By Government Of Gibraltar

Last Updated: 31 May 2018
Article by Joey Garcia and Karan Aswani

Introduction & Background

Following the proliferation of initial coin offerings (ICOs) last year, in which funds raised through the sale of digital tokens surpassed venture capital funding, we have seen different approaches, interpretations and developments evolve rapidly in the space. The Government of Gibraltar (GoG) has taken the bold move of being the first authority to publish proposals for specifically regulating certain activity in this new area of crowd financing.

Recent proposals in France are also aiming to provide legal certainty but in the form of an optional authorisation scheme where certain initiatives would aim to operate within an approval system and be required to provide certain guarantees, while those that choose not to comply would not be restricted from operating. Other regulators are approaching the ICO space quite differently. The Luxembourg regulator (the CSSF) has recently issued a warning against investments in the space, raising the issue of the absence of consumer protection, and lack of verifiable information. Some regulators such as FINMA in Switzerland have issued guidance assisting to classify tokens in separate categories, to which certain requirements would apply, while others such as the MAS in Singapore have offered some guidance around the interpretation issues that are relevant in categorising tokens within the existing financial services regulatory scope.

It is probably fair to comment that the growing concerns about the vast sums of money being raised through ICOs, without appropriate regulatory oversight or regulatory standards, have been well documented and discussed across international communities. Mark Carney, Governor of the Bank of England and Chairman of the G20's Financial Stability Board, for example, referred to the "anarchy of crypto-asset markets" in his speech to the inaugural Scottish Economics Conference on 2 March 2018. It therefore comes as no surprise that 2018 is likely to be the year of cryptoregulation, with many regulatory authorities placing crypto-related activities high up on their regulatory agenda and stepping up their efforts in this space.

However, how is this going to occur on an international basis? Developments around the world and interpretation issues around concepts relating to SAFT arrangements, the relevance of functionality (on a jurisdictional test basis) and its implications, the focus on the way that a particular sale takes place, or how it takes place, the disclosure requirements, material information standards that are specific to Blockchain tokens, the general application of associated law, and interpretations around arrangements that may or may not trigger existing regulatory requirements, are all points that are evolving and fast moving.

As such, it is very positive to see Gibraltar again strive to be at the forefront of regulatory developments in this space (following on from the introduction of the DLT regulations back in January this year). In the past week, the GoG has released proposals on how it intends to regulate activities relating to the issue of tokens. In addition to the proposed regulatory framework that the GoG has put forward, it is interesting to note that the proposal document identifies a number of different token utilities/functionalities, openly acknowledging that "most often, tokens do not qualify as securities under Gibraltar or EU legislation". The point of course is that even tokens that do not qualify under these regimes, but which are issued from Gibraltar, will be subject to regulatory requirements that are built out in a suitable, appropriate and relevant manner. That is, that they do not aim to directly replicate securities law or prospectus directive requirements, written an age before the concept of a token sale even existed, on a simple replication basis, or to bring token sales into those frameworks automatically. It must be possible for those rules, practices and standards to be able to evolve and develop, and to be specifically relevant to this industry.

The Proposals for Token Regulation

At an overview level, the proposals focus on introducing regulations to cover the following activities conducted in or from Gibraltar:

  1. the promotion, sale and distribution of tokens;
  2. operating secondary market platforms trading in tokens; and
  3. providing investment and ancillary services relating to tokens.

The underlying objectives of these proposals are centred on core issues that financial services authorities will no doubt have at the forefront of their minds - protecting the interests of consumers/investors and protecting the integrity and reputation of the jurisdiction. Encouragingly, the proposals also highlight supporting "the safe use of tokens as a means of crowd financing" as one of the main objectives behind the introduction of a regulatory framework. It is therefore extremely positive that the GoG recognises the important role that these innovative methods of fundraising have to play in supporting new ventures in this developing sector

Token Sale Compliance with Regulatory Standards

So what will be the key factors for a token sale conducted from Gibraltar to adhere to the regulatory standards expected by the GoG and the Gibraltar Financial Services Commission (GFSC)? Those with experience of listing rules on regulated capital markets will be familiar with the key requirements being flagged:

  1. adequate and accurate disclosure of information; and
  2. adherence with AML/CFT provisions.

These are issues that have long been discussed as needing to be addressed in the context of token offerings and therefore it was only a matter of time before such requirements were codified into practice. The modus operandi of conducting token sales started shifting several months ago and best practices already dictate compliance with such requirements in order to be able to forge relationships with regulated financial service providers, so this should not come as a surprise to prospective token issuers.

Disclosure Rules

The proposal document highlights that disclosure rules setting out the form and nature of disclosures will be published by the GFSC and there will no doubt be many people curious to see what disclosure obligations may be involved. It will be especially interesting to learn how such disclosure requirements may compare, or be equivalent to, the disclosure regime applicable to listing equities or debt securities on regulated capital markets. This is something that will certainly require careful consideration as it would be unrealistic to hold a start-up venture with little to no operating history to the same level of disclosure as established issuers of securities on matured capital markets. Similarly, disclosure requirements will need to make sense and be specialised for the space in order to cover information that will actually provide useful and relevant disclosure to potential participants, as well as cover the key issues that may be relevant to an offering relating purely to a digital asset.

The crypto industry often refers to the concept of "self-regulation", and best practice frameworks for token offerings have already started emerging over the past few months. Examples of this include efforts by regional blockchain associations such as the Fintech Association of Hong Kong's document on Best Practices for Token Sales, and private initiatives that include The Brooklyn Project by ConsenSys and the Messari Project by Ryan Selkis. It would therefore be prudent to at least consider such self-regulatory frameworks in establishing applicable disclosure rules for token offerings under the proposed regulations. However, the key difference of course is that the concept of self-regulation, while being attractive in the sense that it may be said to decentralise certain standards and requirements, it is also in many senses 'voluntary' and does not raise the standards through any legally enforceable framework such as the one being proposed in Gibraltar.

Compliance with AML/CFT Provisions

Following the announcement of the token regulation proposals, an amendment to the Proceeds of Crime Act 2015 was enacted to extend AML/CFT requirements on "undertakings that receive, whether on their own account or on behalf of another person, proceeds in any form from the sale of tokenised digital assets..."

The message is clear from the GoG that, even before the token regulations are brought into force, there will be statutory requirements on all token issuers to carry out due diligence on token purchasers and mitigate AML/CFT risks. Some argue that the application of these rules is not relevant or appropriate but the reality is that there will need to be an on-going interaction with the existing financial services industry and framework for any successful business in the space. A simple example of this is any form of interaction with the banking industry. In our mind, the application of these rules is entirely relevant and appropriate and is in fact already followed by most groups in the space in any event.

The days of pseudonymous token sale raises were short-lived and it had been widely touted that compliance with AML/CFT regulations would be a key issue that would require identification and verification of token purchasers. It is now generally accepted that issuers should perform KYC on token purchasers and guard against receiving funds that may be derived from illegitimate sources. Both traditional KYC providers as well as crypto specific KYC solutions (e.g. Coinfirm) are emerging in the token offering industry and becoming increasingly relevant in this sector.

From a Gibraltar standpoint, due diligence on token purchasers (prior to the recent legislative amendments) has been driven largely by local banking requirements, which make the implementation of suitable KYC procedures a pre-requisite to opening an account and depositing the fiat conversion of any token sale proceeds. Coupled with this, there are legitimate concerns as to whether directors and officers of entities involved in conducting token sales are properly performing their duties if they fail to adopt appropriate measures to safeguard against the receipt of criminal proceeds. These factors have led many projects to take a more a conservative approach with regards to AML/CFT, which is sensible given the emphasis placed on such areas in today's global financial ecosystem.

Focus on Service Providers

What is particularly interesting is that the proposals make it clear that the GoG will not seek to regulate promoters and issuers of tokens, nor will they regulate the underlying technology or the tokens themselves. Instead, the primary focus of the regulations will be on:

  1. authorised sponsors of public token offerings;
  2. secondary token market operators (i.e. crypto-exchanges); and
  3. token investment and ancillary service providers.

It therefore appears that the onus of ensuring compliance with appropriate standards will be on the service providers and token trading platform operators and we explore the role and function of each of these in further detail below.

Authorised Sponsors

Sponsors will be the principal "gatekeepers" responsible for ensuring that token issuers are adhering to regulatory standards and industry best practice. Every Gibraltar-based token issuer will be required to appoint an authorised sponsor as a pre-condition to launch.

Sponsors shall be subject to an authorisation and supervision process by the GFSC and must possess suitable knowledge and experience of the industry to be admitted into the sponsorship regime. A critical component for sponsors to be authorised is to have local presence in Gibraltar, with "mind and management" based in the jurisdiction. The onus will also be on sponsors to produce their own codes of conduct, setting out what they consider to be best practices relating to token sales, and these codes will form part of a prospective sponsor's application for authorisation.

The introduction of a sponsor regime is comparable to what currently exists today in the UK in relation to regulated public market listings, where Sponsors and Nominated Advisors effectively act as listing agents that guide prospective issuers through the flotation process. It appears this same model is being adapted for token sponsors to handhold prospective issuers through a compliant token sale process. In applying the listing agent model to token sales, it raises a number of important questions that will need to be carefully thought out.

For example, since sponsors will invariably have a vested interest in the success of token sales they advise on, whose best interests will be at the forefront of a sponsor's actions? Will it be the token issuers who pay them? The token purchasers so they are not misled into

Secondary Market Operators

The second "gatekeeper" under the proposals will be crypto-exchanges. Most operators of crypto-exchanges are likely to be regarded as using DLT in some way to store / transfer value belonging to others and will consequently be caught by Gibraltar's existing DLT regulations. Accordingly, it will be interesting to see the inter-relationship between the different regulatory frameworks insofar as they apply to crypto-exchanges. The proposal document provides little information in this regard, other than stating that it intends to regulate secondary market platforms to the extent not already covered by other regulations.

Although the proposals refer to the introduction of further transaction reporting and disclosure requirements as well as extending the application of regulations to cover trading of derivative token products, they do not elaborate on specific regulatory obligations that may be imposed. They do however mention modelling the proposed regulations on market platform provisions under MiFID II and MiFIR, so far as is appropriate, proportionate and relevant. This of course will be another key factor as the requirements within MiFID II and MiFIR set out extensive obligations relating to an extensive set of requirements. Additionally, there are no references to the Market Abuse Directive or regulations which relate specifically to insider trading and market manipulation, which are hot topics in the crypto-exchange space.

Regardless of the above, trends have already started emerging in token offerings where issuers, concerned about the regulatory implications of conducting public sales, are instead fundraising exclusively through private sale arrangements and limiting participation to accredited/professional investors. Such issuers then rely on exchanges, who list the tokens, to open up the token market to prospective retail purchasers. This shift, together with recent security breaches that have resulted in the theft of consumer assets, has led to increased regulatory risk for cryptoexchanges who are falling subject to greater scrutiny than ever before. 

We have already seen regulators take a much firmer stance towards crypto-exchanges, with the Chinese imposing outright bans, the Japanese FSA announcing that it will investigate a number of unlicensed token exchanges and the SEC starting enforcement action and effectively stating that crypto-exchanges must either operate as licensed securities exchanges or regulated ATS. While we welcome the position that is being taken, it will be interesting to see if there are any differentiators between the treatment of exchanges relating to pure tokens, and those that relate to exchange transactions involving pure fiat currencies (which are already treated differently to existing securities or derivatives exchanges).

The starting point for crypto-exchanges with regard to token listings usually centres on the security versus utility argument. This is naturally a key aspect for exchanges as it presents the greatest regulatory risk if it is deemed that the exchange is unlawfully offering its users a security trading platform. Exchanges will therefore need to carefully vet individual token offerings and ensure their platforms are not being used as a conduit for securities trading. Given the disparity in securities legislation from jurisdiction to jurisdiction, it will be interesting to see how regulations will tackle this issue in the context of secondary market token trading. With the onus being put on exchanges to decide which tokens may or may not be listed on their platforms, clear guidance will be required to give exchanges regulatory comfort in offering their services to the international community from Gibraltar

Investment and Ancillary Service Providers

The final "gatekeepers" will be providers of investment and ancillary services relating to tokens and in particular those offering;

  1. generic advice (setting out fairly and in a neutral manner the facts relating to token investments and services);
  2. product-related advice (setting out in a selective and judgemental manner the advantages and disadvantages of a particular token investment and service); and
  3. personal recommendations (based on the particular needs and circumstances of the individual investor).

This limb of the proposed regulations will be proportionately modelled on provisions that currently exist under MiFID 2, with the aim of ensuring that such services are provided fairly, transparently and professionally. There are of course multiple issues that would need to be considered here which are well beyond the scope of this article.

In the past 12-18 months, a plethora of token advisors and so-called crypto-experts have emerged and therefore it is refreshing to see the GoG aim to hold such service providers to account through an appropriate licensing regime. Nevertheless, little guidance is given on the specific types of advisors involved in a token sale process that will be caught by the proposals (e.g. introducers, marketing professionals, technical developers and smart contract auditors, economic, legal and tax advisors, cybersecurity firms, escrow agents etc.). This will require careful thought and different standards may need to be developed depending the nature of activity being offered by any given provider. Further, to what extent will providers to Gibraltar-based token issuers be caught by the regulations if such providers are based abroad, or the majority of their services are outsourced to teams based in other countries? There is also a reference to MiFID 2 but no reference yet to a suitability regime equivalent to the MiFID universe.


The GoG and GFSC must be commended on pursuing a clear and proportionate path towards token regulation and it will no doubt be welcomed by enthusiasts of the industry who have long been seeking regulatory clarity and certainty in respect of businesses activities in the crypto/DLT space. However, this does not come without its challenges and many questions remain to be answered. It will therefore be crucial that all stakeholders contribute towards the development of a robust framework that will achieve the underlying objectives of the proposals whilst simultaneously continuing to support innovation and disruption!

Originally published on 21-03-2018

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
Related Articles
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions