View the publication here.

With the growing popularity of decentralised ledger technology (“DLT”) and cryptocurrencies, concerns have been raised over the regulation of the industry due to possible nefarious activities stemming from cryptocurrencies, such as money-laundering, terrorism financing and tax evasion.

This article examines the current and proposed legislative framework in Switzerland, the European Union (the “EU”) and Malta and how each jurisdiction is addressing such issues.


Prior to examining the regulatory legislative frameworks of each jurisdiction, the following definitions must be taken into account:

What is DLT?

DLT is a digital platform that records and verifies the entire history of transactions between users across a network. A DLT is also defined as a decentralised, “distributed, shared, encrypted database that serves as an irreversible and incorruptible repository of information.[1] The most commonly-known DLT is blockchain, which is the technology that creates bitcoin, a cryptocurrency.

This definition is similar to the definition of DLT in the proposed Maltese Virtual Financial Assets Act (the “VFA Act”) (see below).

What is a Cryptocurrency?

A cryptocurrency is a virtual currency (a form of electronic cash) that uses cryptography for security purposes. Cryptocurrencies are not considered a form of legal tender as they are not issued by any central authority or central bank. Its defining characteristic is its encryption, whereby the identity of the parties and details of the transaction remain anonymous. The anonymity of the cryptocurrency transaction has raised concerns that such technology may facilitate tax evasion, as well as money laundering and terrorism financing activities. Additionally, a claim cannot be initiated against the cryptocurrencies issuer.[2]

Examples of cryptocurrencies are payment tokens which are intended to be used, now or in the future, as a means of payment for acquiring goods or services or as a means of money or value transfer (“Payment Tokens”).

What is an Initial Coin Offering (“ICO”)?

An initial coin offering is a method of fundraising, involving the issuance of digital assets, called tokens, in exchange for cryptocurrencies (“ICO”). ICOs have grown in popularity recently as a means of crowdfunding.

In spite of the name, ICOs should not be confused with initial public offerings for publicly traded securities (i.e., stocks and bonds). One of the divergences is that unlike initial public offerings of securities on an exchange, ICOs remain largely unregulated. However, the rise in popularity has led the United States’ Security and Exchange Commission to consider requirements for registering ICOs, among other jurisdictions.[3]


Cryptocurrencies laws in Switzerland

The first official report issued by the Swiss Federal Council (the “Federal Council”) on cryptocurrencies was published on 25 May 2014, which stated that “as virtual currencies like bitcoin are of only marginal economic significance” and that this “will not change in the foreseeable future”, the Federal Council decided not to propose new statutory provisions.[4].

Furthermore, the Federal Council determined that cryptocurrency contracts are enforceable in principle, signifying that penalties may be imposed for criminal offences relating thereto and that certain business models may be subject to financial market supervision, most notably provisions under the Anti-Money Laundering Act (“AMLA”).[5]

However, the Federal Council’s position appears to have changed recently. During the G20 meeting of finance ministers and central bank governors in Argentina in March 2018, Federal Councillor and Finance Minister Ueli Maurer explained that Switzerland has seen the enormous potential of the block chain technology and financial services[6] Switzerland must enact new legislation and amend its current framework in order to become attractive for cryptocurrency companies in Europe. Moreover, the cryptocurrency boom has shown that the current legislation is insufficient.

Legal framework in Switzerland

Regulatory framework in Switzerland

At present, there are no specific Swiss provisions regulating ICOs and cryptocurrencies in general. Indeed, ICOs and Tokens take multiple forms which require analysis on a case-by-case basis.[7] In order to proceed with such analysis, the Swiss Financial Market Supervisory Authority (“FINMA”) has defined different types of tokens, but specifies that they are not mutually exclusive:

  • Payment Tokens (ie, tokens which are intented to be used, now or in the future, as a means of payment for acquiring goods or services or as a means of money or value transfer).
  • Utility tokens are digital tokens of cryptocurrency which are intended to provide access digitally to an application or service by means of a DLT-based infrastructure (“Utility Tokens”).[8]
  • Asset tokens are defined as assets, such as a debt or an equity claim against the issuer (“Asset Tokens”). Asset Tokens may promise the holder of the Asset Token property rights, such as rights to future company earnings or future capital flows. In terms of their economic function, Asset Tokens are analogous to equities, bonds or derivatives. Tokens which enable physical assets to be traded on the DLT exchange also fall into this category.[9]

AML Legislation

According to the Swiss AMLA, all anti-money laundering obligations, such as the requirement to identify the beneficial owner and the nature and purpose of the relationship, record keeping obligations and the duty to report are imposed on “financial intermediaries” (i.e, persons who, on a professional basis, accept or hold deposits of assets belonging to others or who assist in the investment or transfer of such assets)[10]. Hence, professional trading of cryptocurrencies falls under the scope of the Swiss AMLA[11].

Furthermore, in its Guidelines for enquiries regarding the regulatory framework for ICO of 16 February 2018 (“FINMA Guidelines for ICOs”), FINMA has confirmed that the issuance of Payment Tokens falls under the definition of a “payment” and is therefore subject to Swiss regulation if the Payment Tokens are transferred electronically using DLT.

Contrary to Payment Tokens, if Utility Tokens are issued for the purpose of providing access rights for a non-financial application of DLT technology, such access cannot be considered financial intermediation and therefore anti-money laundering legislation does not apply[12].

Application of Securities Regulation

In Switzerland, securities trading is generally subject to FINMA authorisation. For each case, FINMA must verify whether a token falls under the legal definition of “securities”. Securities are defined in the Swiss Financial Market Act (“FMIA”) as “standardised certificated and uncertificated securities, derivatives and intermediated securities, which are suitable for mass trading[13] and “encompass [those] which are publicly offered for sale in the same structure and denomination or are placed with more than 20 clients, insofar as they have not been created especially for individual counterparties[14].

At present, FINMA does not recognise Payment Tokens as securities. Regarding Utility Tokens, recognition as a security should depend on their function, as Utility Tokens that have a sole purpose of conferring digital access rights should not be subject to AMLA.

Conversely, Utility Tokens used for investments will be treated as Securities.

Finally, Asset Tokens are generally treated as Securities[15].

Application of Swiss Banking laws and regulations

According to the Swiss Banking Act (“BA”) and Swiss Banking Ordinance (“BO”), a banking authorisation issued by FINMA is required for entities active in the financial sector who solicit and accept deposits from the public in a professional capacity[16].

Issuing Tokens are not generally associated with payments to the ICO issuer. Consequently, such tokens should not fall within the definition of a deposit[17].

However, for ICOs which are made up of debt securities (e.g., convertible loans), payments may be treated as a deposit and may therefore require the issuer to obtain authorisation from FINMA[18].

Application of collective investment schemes legislation

According to FINMA, the provisions of the Collective Investment Schemes Act (“CISA”) apply in the context of an ICO only if the funds are managed by third parties. If not, the ICO will not fall under the scope of the CISA, no matter what type of token is in question[19].

Future changes to Swiss regulatory framework

On 15 June 2018, the Swiss Federal Chamber adopted the Financial Services Act (“FinSA”) and the Financial Institution Act (“FinIA”), which amend the BA to add a new type of authorisation specifically for companies whose business model relates to fintech (e.g., DLT). The new requirement for authorisation, also called a “FinTech authorisation”, will allow such companies to accept deposits of up to CHF 100 million if the payments are made outside of the bank’s principal activities (i.e, deposits, credits, etc.)[20].

Moreover, the State Secretariat for International Financial Matters has established a working group for blockchain and ICOs. The purpose of this working group is to analyse the current legal framework for the financial sector as it applies to the applications of DLT technology, with a particular focus on ICOs.[21]



In comparison to the legislative framework in Malta (see below), EU’s laws, regulations and directives (“EU Law”) are yet to be adapted to the emergence of DLT and virtual currency technology. At present, certain areas of the law do not apply to cryptocurrencies, such as taxation (e.g. exit taxes for asset transfers) while other aspects of the EU Law framework - such as property law in the context of asset freezing and confiscation for crimes – are considered to apply to cryptocurrencies.[22]

One area of EU Law that attempts to address the implications of cryptocurrencies are directives for anti-money laundering, similar to the case in Switzerland.

Anti-money Laundering Directive 4 (the “Fourth Directive”)

The Fourth Directive was enacted with the purpose of sanctioning activities involving both money-laundering as well as terrorism financing.

Although the Fourth Directive does not include cryptocurrencies in the definition of “property,” the definition has been deemed wide enough to encompass cryptocurrencies.[23] However, the Fourth Directive does not make specific reference to any entities which operate in the cryptocurrency industry (e.g., exchanges, issuers of cryptocurrencies) as obliged entities.[24]

Under EU Law, many shortfalls exist in terms of regulating money laundering and terrorism financing in the cryptocurrency sector.

Fund transfer regulation (“FTR”)

With the purpose of combating money laundering and terrorism financing, FTR imposes rules on identification of the payer and payee for the transfer of “funds,” where funds are defined as banknotes, coins, scriptural money and electronic money.

The issue is that cryptocurrencies do not fall within the scope of the definition of “funds” and therefore cryptocurrency transactions are not caught within the definition for the purpose of the FTR.[25] Furthermore, cryptocurrency intermediaries do not fall within the definition of payment service providers under the FTR.[26]

Cash control regulation

Enacted in 2005 to monitor the significant movement of cash (i.e., movements of EUR 10,000 or greater) into and out of the EU, the Cash Control Regulation sought to address illicit payment transactions.

Theoretically, cryptocurrencies fall under the definition of “cash” pursuant to the Cash Control Regulation, as they may be considered “coins” (according to the Fifth Directive definition of virtual currencies).[27] However, as noted in the Study requested by the Tax3 Committee of the European Parliament, the Cash Control Regulation does not appear to be adapted to regulate cryptocurrency transactions as the regulation was drafted with the idea of physical movement of cash in mind.[28]

Anti-Money Laundering Directive 5 (“Fifth Directive”) – End of anonymity?

After the Commission’s opinions and following a discussion in Parliament during 2016 and 2017, Parliament and the European Council reached an agreement on 13 December 2017 in regards to the Fifth Directive. Coming into force on 10 January 2020, considerations have been made concerning operators in the virtual currency industry.

The Fifth Directive defines virtual currencies as a digital representation of value accepted as a means of exchange that can be stored, transferred and traded electronically, “that [are] not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency.” The Fifth Directive also defines wallet providers as entities which safeguard private cryptographic keys on behalf of customers, to hold, store and transfer virtual currencies.

Under the Fifth Directive, “providers of exchange services between virtual and fiat currencies” as well as custodian wallet providers will be required to register as beneficial owners at the central register, accessible by competent authorities and financial intelligence units.[29] Requirements to register would reduce anonymity due to customer due diligence requirements.

Other amendments to limit anti-money laundering include the amendments to Directive 2011/16/EU which enables tax authorities the right to access the beneficial ownership register as of 1 January 2018. With access granted, concerns surrounding tax evasion may therefore be addressed.


As part of its strategy to position itself as a leading financial services jurisdiction, Malta has proposed three new laws in order to create an attractive, yet regulated, environment for virtual assets (including cryptocurrency) and innovative technology. One should note that as of October 2018, the bills are not enacted law within Malta, but merely proposed legislation which may be subject to modifications.

The three bills are as follows:

  • Virtual Financial Assets Act (the “VFA Act”)[30]: Believed to be the most anticipated and detailed of the three bills, the VFA Act has the purpose of regulating various matters relating to virtual financial assets (g., ICOs) as defined in the VFA Act, and the service providers who operate within the VFA industry (“VFA Agents”). As the financial regulator, the Malta Financial Services Authority (the “MFSA”) remains the authority responsible for all matters falling under the VFA Act.
  • Malta Digital Innovation Authority Act::[31]: Establishing the Malta Digital Innovation Authority (the “MDIA”), the act sets forth the rules for the regulator charged with overseeing both the DLT and innovative technology arrangements (as defined below) as well as the service providers of the technology. Unlike the other two bills, the Malta Digital Innovative Authority Act came into force on 15 July 2018.
  • Innovative Technology Arrangements and Services Act:[32] Less detailed in comparison to the other two acts, the Innovative Technology Arrangements Act sets forth the rules regulating the certification and recognition of DLT and innovative technology arrangements (as defined below) as well as the service providers within the industry.

(collectively the “Bills”)

  • Proposed rules under the Bills

Regulating ICOs of VFAs

In spite of being largely unregulated in different industries, the proposed VFA Act introduces rules in regards to “initial virtual financial asset offerings” on DLT exchanges (“Initial VFA Offering”) where Initial VFA Offerings are defined as “a method of raising funds whereby an issuer is issuing virtual financial assets and is offering them in exchange for funds.”[33] The following definitions illustrate how the Initial VFA Offerings encompass ICOs:

VFAs are defined as “any form of digital medium recordation that is used as digital medium of exchange”, such as a coin and a cryptocurrency.[34] A DLT exchange is defined as a trading platform or facility on which DLT assets are transacted, where DLT assets encompass virtual Tokens, VFAs, electronic money and financial instruments.

With the above definitions, it is apparent that the bill for the VFA Act attempts to regulate ICOs. The broad definitions also indicate that the Maltese legal framework aims to accommodate future technological developments in the cryptocurrency and virtual currency industry.

From the wording of the draft VFA Act, it is apparent that an “Issuer” for an Initial VFA Offering is a legal entity formed in Malta who issues or proposes to issue VFAs within or outside of Malta (the “Issuer”).

The requirements for issuing DLT Assets on DTL exchange are (1) the publication of a whitepaper and (2) the registration of the whitepaper with the MFSA. Whitepapers for Initial VFA Offerings are similar to prospectuses or offering memorandums in the sense that they must disclose material information to investors on DLT Assets in brief, non-technical language and liability is imposed for any misrepresentations. The VFA Act also lists the contents to be included in the whitepaper (e.g., information on the Issuer, milestones of the project financing). Like other regulators in relation to securities offerings, the MFSA shall approve the contents of the whitepaper prior to the Issuer offering the DLT Assets for sale. Other requirements include restrictions on advertising (i.e., no misleading statements).[35]

The whitepaper must be registered with the MFSA and will be valid for six months during which the ICO may be offered to the public.[36]

VFA Services

The VFA Act also regulates a number of financial services, such as portfolio management, investment advice and custodian services where the assets pertaining to such services are VFAs. Providers of the such services as listed in the VFA Act shall be required to obtain a licence from the MFSA and licences can only be obtained through an application filed (along with supporting documentation) by a VFA Agent registered pursuant to the Act. Once granted a licence, licensees must adhere to the obligations stated in the Act.

VFA Agents

Issuers must be required to appoint a VFA Agent at all times pursuant to the requirements under Article 7 of the VFA Act.

Furthermore, any person seeking to provide VFA Services (as stated above) must apply for a licence through a VFA Agent.

A VFA Agent shall be registered with the MFSA. Under the VFA Act such role may be performed by advocates (lawyers), accountants or auditors or firms providing legal, accounting, audit or corporate services. The role of the VFA Agent includes, inter alia, to advise the Issuer on their responsibilities under the VFA Act, ensure that the Issuer has satisfied all requirements under the VFA Act, and liaise with the MFSA on behalf of the Issuer.

All VFA Agents shall be listed in a public register to be created by the MFSA.


Aiming to ensure investor protection, the MDIA oversees “innovative technology arrangements” (as defined below) “with the purpose to support and develop Malta as a centre of excellence for innovative technology arrangements.” The MDIA Act establishes the powers for the MDIA and defines its autonomy in relation to other authorities and powers.

Innovative Technology Arrangements

The Innovative Technology Services Act provides a broad definition for innovative technology arrangements to include DLTs, smart contracts or “any other innovative technology arrangement” deemed to fall under the definition pursuant to a ruling by either the Minister for Digital Economy (i.e., the regulator in charge of, inter alia, elaborating provisions under the Innovative Technology Services Act) or the MDIA (“Innovative Technology Arrangements”).[37] Defining Innovative Technology Arrangements broadly was likely designed to accommodate the emergence of new technologies in the future. In furtherance of its regulation of the DLT industry, service providers of Innovative Technology Arrangements shall also be required to adhere to the provisions of the Innovative Technology Arrangement and Services Act in relation to the registration and the certification of Innovative Technology Arrangements.

The Innovative Technology Arrangement and Services Act implies that applicants have discretion, but not the obligation, to apply for recognition and certification of Innovative Technology Arrangements from the Malta Digital Innovation Authority.

Innovative Technology Services

Services relating to Innovative Technology Arrangements have been defined as (i) “review services” by system auditors (where system auditors are defined as persons who review and audit Innovative Technology Arrangements) and (ii) “technical administration” services performed by a technical administrator who performs specific functions for the certification of the Innovative Technology Arrangements.[38]

Innovative Technology Arrangement services involve the auditing the technology by a systems auditors and the certification of the Innovative Technology Arrangements by technical administrators (as defined by the Innovative Technology Arrangements and Services Act).

Appointment of resident agent

Any applicant who is a non-resident seeking to have their technology recognised by the MDIA is required to appoint a resident agent through whom they apply for registration. The Innovative Technology Arrangements and Services Act establishes both the criteria for being a resident agent (i.e., habitual resident in Malta who is capable of carrying out its duties according to the MDIA) as well as the functions of a resident agent.


The cryptocurrencies industry lacks adequate regulation. However, it can be seen from the steps taken at the national levels in Switzerland and Malta, as well as at the level of the EU, that a regulatory framework is in the process of development, albeit at different speeds.

In Switzerland, many steps must be taken to simplify both the understanding and proceedings, especially FINMA rules.

In terms of EU Law, the Fifth Directive, which comes into force in 2020, should address certain issues with cryptocurrencies that the current framework for AML does not adequately regulate.

Malta has undoubtedly been the most proactive of jurisdictions in terms of developing regulatory framework for FinTech with the proposal of, the three bills.  In exception to the Malta Digital Innovative, the Bills shall become effective as of 1 November 2018 but may be subject to further amendments. Starting on 1 November 2018, the MFSA shall begin accepting applications for licences (e.g., applications for a licence to provide VFA services) and shall issue rules to compliment the newly-enacted laws.

In our view, local and EU authorities face an enormous challenge, and will face in the future, to adapt legislation to FinTech where technology evolves at a rapid pace in comparison to enacting legislation, which is far slower.

Footnotes :


[2] FINMA Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs) dated 16 February 2018, p. 3/11.





[7] Op-cit. p. 2/11.

[8] FINMA Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs) dated 16 February 2018, p.3/11.

[9] Op.cit. p. 3/11.

[10] Art. 2 §1 and 2 AMLA.

[11] Regulation of cryptocurrencies: Switzerland, Library of congress, June 2018:

[12] FINMA Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs) dated 16 February 2018, p. 6/11.

[13] Art. 2 §b FMIA.

[14] Art. 2 of the Financial Market Infrastructure Ordinance (« FMIO »).

[15] FINMA Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs) dated 16 February 2018, p.5/11.

[16] Art. 2 §1a OB.

[17] FINMA Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs) dated 16 February 2018, p.6/11.

[18] FINMA Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs) dated 16 February 2018, p.6/11.

[19] FINMA Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs) dated 16 February 2018, p.6/11.

[20] Explanatory report of the Federal Finance Department, dated 21 June 2018, on the FinTech Authorisation.



















Lucile Hostettler
Lucile Hostettler