The launch of a digital asset, Bitcoin, which was conceptualised as similar to a currency or money, led to abuse, to fraud, to bubbles, and to confusion in the reactions by States, but it introduced the Bitcoin protocol for DLT – distributed ledger technology or blockchain – with its many security features. A few years later a variant emerged, called Ethereum, which added an important dimension called smart contracts, releasing tremendous innovative and creative potential in relation to digital assets and their design. At that point, the concept of a digital asset had gone far beyond that of a currency and into other typologies, with an open ended opportunity for developers to craft new asset classes – digital or virtual – into anything one wished for.
The launch of a cryptocurrency based on blockchain resulted in hundreds of issues of “coins” in what were called initial coin offerings (ICOs). This multiplied the risks to the public as there was little discipline in the manner of offer, or follow up, but it fuelled much greater focus on innovation and design through the technology which was created and lived in the blockchain or DLT ecosystem. It was different from anything else we had seen before and went way beyond ledgers, such as databases or excel sheets, which were passive records. It even went beyond mere digital representations of rights which by then existed in almost every legal system. These were now a combination of transactional platforms plus instruments in digital form which were created and existed on a decentralised and distributed system which was secure and had the capacity to be self sufficient (autonomous) and automated. They could be somewhat intelligent; even more so when combined with artificial intelligence. This meant that these digital assets could not only represent anything of value amenable to such dynamic (such as securities which have existed in digital form through book entry systems for decades) but could be the things of value in themselves.
So over the last 10 years, we have seen digital assets being launched in the form of currencies; then we saw stable coins emerging to reduce the risk of fraud and volatility – basically operating as means of payment – and provide a solution to the need for payment instruments within blockchain systems and other DLT arrangements. Now the next wave is emerging in the form of “securities” through what are called security token offerings (STOs).
At the same time we see the very slow emergence of regulation. When these digital assets represent – or are assets – which are regulated by current law, then current regulatory laws would clearly apply to them. These are the existing laws on securities or investment instruments, or laws on e-money. Regulators could carry out their investor protection roles in the public interest and the digital form of the assets is no impediment at all – as long as they can find someone to regulate as current laws look to natural person or legal organisations, not autonomous distributed ledgers, as actors. Furthermore, these digital or virtual assets or tokens were freely designable assets which could be designed and developed in different ways and as different things. As such, they could therefore fall outside the classification of what we know and would – or could potentially – therefore not classify under current regulatory law. They could even be designed not to. They created a lot of confusion in the minds of many!
So to ensure legal certainty, without leaving a massive loophole open, the Maltese legislator came out with a new classification to regulate these assets when they were not clearly caught by current regulatory law but were still, in substance, things which provoked the need for investor and consumer protection. Switzerland did something similar through regulatory guidelines. Now others are starting to move in similar directions though the FATF recently recommended that States should ensure mandatory rules and not regulatory guidelines allowing for self regulation. The US appears to have taken a holding position and treated most digital assets as securities and created a serious situation, blocking any form of innovation in this sector.
At a much slower pace, we see some initiatives on the private law level, particularly in the USA and, more specifically, in the contracts and corporate law areas with connections to the capital markets.
Finally we see strong moves towards regulation and compliance by players in the industry seeking security from unexpected breaches of the mandatory laws on banking and securities, as well as higher standards of compliance and resulting credibility. Generally there is more openness to applying the appropriate legal principles and rules of transparency and compliance. This is also evident in the market movement from ICOs to STOs which everyone knows is a regulated area governed by existing laws, and which, although more onerous, creates greater certainty.
2. Some preliminary comments on securities
An evident feature of this industry is the divide between the start-up sector of tech developers, and maybe even their advisors and other related parties who jumped into this sector, and the traditional regulated industries commanded by lawyers, accountants and other professionals who have been working in the dematerialised securities sector for at least 30 years. The former are normally unaware of – or feel they are free to disregard – regulation and the basics of what securities are and how they operate within a detailed regulatory environment.
This mentality is slowly changing but is still prevalent in start-ups and small operators who see lawyers knowledgeable in the field and existing systems involving intermediaries like custodians, for example, as an unnecessary expense and the cause of frustration and severe limitation on innovation.
So the first problem is establishing common ground on what the terms “securities” or “financial instruments” mean; and when that is established, addressing the resulting conceptual approach. What is emerging in the tech sector, as a result, is an approach very oriented to outcomes which can be designed. This typically meshes features of different traditional securities together, apart from seeking to make them payment instruments at the same time. To anyone with securities regulation expertise, especially lawyers, the contradictions spring out quite obviously, especially when addressing the issue from a private law perspective. From the regulatory perspective, these are usually all grouped into broad categories based on the investor protection agenda, so this may be less relevant.
In the private law context these investment instruments are often regulated by special laws like a Companies Act which imposes specific rules on registers, formalities and limitations on what can or cannot be done, as we often see with equities involving capital, which need to be protected from reduction without the appropriate formalities. With debt instruments we again find registers and recordation duties and under general rules none of these instruments can be held by the issuer itself, though some laws have rules under which this is possible for temporary purposes. Derivatives are regulated by general laws on obligations and may need the support of netting legislation to operate effectively and reduce risk while units in collective investment schemes are often valued daily, based on NAV, and involve an authorised manager and custodian in the issue, transfer and cancellation processes, connected as they are to daily valuations of underlying assets.
From a high level review of the DLT digital asset sector, it seems that there are concepts, such as “promises to issue tokens” (following the SAFE or ‘simple agreement for future equity’ model), “burning” or “airdrops”, or the ability to issue or generate tokens based on proof of work (computational, probably providing the time and energy which keeps the blockchain going) many of which contradict laws on investment instruments (unless very carefully addressed under specific legal systems which cater for such possibilities). Clearly, if current shares in companies reflect capital, they cannot be issued without a corresponding payment of capital to the company; otherwise, false wealth will immediately emerge and such actions will dilute the value of every other shareholder. Set-off and netting seems to be a difficult issue to contextualise, though current capital market instruments have the same issues. Current law has dealt with book entry systems, which are used at the moment, as well as their implications. Book entries exist and are managed to well known systems and are nothing other than ledgers.
So the gap in knowledge between the tech industry and the legal context can pose serious challenges unless proper legal advice is obtained at design and development stage. One can see why a designer of a digital asset or token may see law as an obstacle and a bar to innovation and we certainly need to keep studying the challenge to see how best to deal with it in the long-term.
Admittedly, one can see that current systems are built on centralised systems and intermediaries which are critical to the book entry system and the legal regime which developed around it. This builds the system and rules around intermediaries holding securities as nominees, trustees and custodians, each setting up and maintaining their own registers and ledgers. Sometimes the law itself imposes centralised operators, such as central securities depositories, to protect the integrity of the system. These assumptions are now clearly being challenged with disintermediation being the hot topic of great importance to the way things will be done in the future. It is very clear that this new technology will provide solutions which will overhaul the current system. So there are impelling arguments as to why it needs to be given a chance to develop.
More issues arise with reference to transfers, pledges and custody, but this paper only seeks to open contextual discussion and such detail goes beyond the scope.
Lastly, there is a difference between investment instruments, which is a wide concept including different types of products like shares, bonds, derivatives and units in collective investment schemes, and securities, which is a more limited term often referring to shares or bonds created under company law. Legal systems differ on these terms but, in all systems, we see regulation catching the wider group due to its features provoking a need for investor protection contrasted to private law, which looks at a product or asset type and has specific rules for that product only, often based on historical and economic perspectives.
3. Some points on registers and ledgers
Ledgers and registers do basically the same thing: they record things and transactions. DLT registers can be open, decentralised and distributed (permission-less and public), or closed (permissioned and private) with hybrids in between.
Traditional (non-DLT) registers can also be public or private but commonly public registers are State run as that is what gives them credibility and trust in relation to their functions and content. This is so because of independence of the State from the private ownership of assets by citizens and because of the process of State verification which is typical of most State registers, although there may be different levels of reliance on private actors, like public notaries, to support the process. This is something DLT seeks to replicate without State or notarial intermediation. Of course, DLT cannot bridge the digital record and the physical reality and so there is often the need for this gap to be made up through human players, often called “oracles”, which could also be digital data sources.
One needs to consider what these registers do. Some examples are useful to highlight how we use these registers, why we rely on them for important economic matters and what it would take to replicate – or at least to justify a comparative analysis of – such systems through digital alternatives.
Ships: With ship registers, we see the registration of a ship based on ownership of the registrant who must provide evidence of ownership, although entry in the register is not absolute proof but only prima facie. If anyone produces evidence of a forged title, then that will prevail and it is usually combined with evidence of possession and some inconsistency in historical documents.
Having said that, the ships’ register is mostly relied upon by the public and that happens because registration of a ship is always based on the submission of an original builders’ certificate or an original bill of sale to the State run registry – The Registry of Ships. This allows for root of title verification and this ensures that the title can be traced through the various registrations, including when several States’ registries are involved.
This then enables other interests to be registered in the same register on the same assumptions of ownership. These are typically security interests (mortgages) on the registered ships which, under English law, is a form of equitable transfer by way of security (it gives powers of sale) and under civil law is a hypothec, historically a fiduciary transfer of possession to a creditor which in time changed to a non-possessory registered real interest giving the creditor priority and some executive rights. It is the register which provides evidence of the status of creditors, their priority based in public and incontestable date stamping and enables their rights and powers. On the basis of the register, it is then possible to transfer the registered title to the ship, and the mortgage or hypothec, and register the transferee. It is on that basis that value can be paid with security. I must however admit that these registry systems do not avoid the problem of double spend (which is one of the security features of blockchain) as a registered owner can meet Buyer A in the morning and be paid, possibly by a third party financier who intended receiving a mortgage on the ship, and Buyer B in the afternoon and be paid, possibly by another hopeful mortgagee, issuing two bills of sale. The first to register will have the better title! Of course, the better advice is to pay simultaneously with registration as everyone knows of this problem which affects all title registers. Blockchain has resolved this through simultaneous transfer against payment mechanisms.
Aircraft and engines: broadly the same thing happens with aircraft and engines though industry practices have varied the function in this case. With aircraft we find many registers being operator – not owner – registers. In this case, the State function is the verification of the temporary title, like a lease, of an operator who must be authorised to operate the aircraft owned by the owner-lessor. Mortgages can be registered but, as these are owner derived, they are based on a verification of the owner’s title.
With regard to security interests (mortgages and leases) public national registers are currently giving way to an international register operated under the Cape Town Convention and Aircraft Protocol which broadly follows national laws in principle. This is an electronic register based in Ireland and is run privately under commission/contract.
Land and buildings: here again we have had public registers for a long time in both civil law and common law systems, given the importance of land and buildings to the economic functioning of States. There are two main types: one is based on people and registrations recording their transactions relating to land and buildings, which then allows third parties to establish their title and track it through inheritances and transfers. The second is based in the land site itself and then records the transactions and events in one place. So the focus is again on ownership and security interests, but here we also extend to ancillary rights like servitudes and other dismemberments of title which are recordable as they affect third parties. In case of the land registry systems, the State verifies physical features through architectural plans and also guarantees titles in the register relating to such land in particular by making entries non-contestable on registration or after some time.
The shift to land registers with property-centric centralisation of all relevant information finds parallels with share registers with security interests being registered in the share register itself, making information available to the public. Easily and securely accessible information in one place reduces risk to third parties.
Identity: registers of birth and death are also public and track civil status of individuals as that underpins many acts including succession rights, marriage and matrimonial rights – now extending to other civil law arrangements akin to marriage – and so on. The State again verifies such matters and now even run passport and identity card systems which are regularly updated and cross verified between themselves as well as electoral registers which are regularly updated.
Shares, bonds and other financial instruments: laws of many countries cater for commercial registers of traders and legal organisations used in trade, in particular limited liability companies. The register is the basic evidence of existence of the legal entity (and its owners) which is thereby given legal personality as a result of registration. Any relevant aspects of the operation of companies are then recorded through entries in the register, in particular the issue of shares, the details of which in terms of subscription may or may not appear in the public register as some aspects are required to be maintained in a private register held by the company issuing the shares.
Transfers and pledges of shares are then recorded in the share register held by the company and may or may not be replicated in the public register. As the issuer is concerned to know who its shareholders are, that is the primary focus of this register which again focuses on ownership and consequent rights to vote, to receive dividends and liquidation proceeds. It is the basis of transfers and pledges – relying on who appears on the register. The company respects and implements such rights based on its articles and memorandum of association which commonly allow for variability in rights. This creates classes of shares. The law often allows for nominees and trustees, especially in listed companies, but for certainty the law then allows the company the right to deal with and recognise only the entrant in the register and no one else. The register can be digital and power to maintain the register can be delegated as we often see when a company dematerialises its shares and lists them on a stock exchange. Often a central securities depositary is the registered shareholder for the shares which are then reflected in the ledger of the ‘Issuer-CSD’ at its own level. Multiple nominees and intermediaries can have their own registers to show who actually owns shares in a company. Dematerialisation has required this system involving immobilisation of the shares at the top register level so that all derivative rights are then traded in the digital records at multi-level intermediaries.
The same basically happens with bonds where the debt is acknowledged towards one intermediary and all bond holders then enjoy rights through him or their custodians, brokers or other intermediaries.
Most public registers provide a basis for third party verification which then enables informed decisions to be taken by counter parties, where identity is also verified. We now have new ledgers for ultimate beneficial owners, again maintained by States, so that persons bound by prevention of money laundering law can use that information to verify the information they have been provided for their own purposes. With all these registers being interlinked and having tech capacity to intelligently cross verify, it is easy to see the potential enhancement on many fronts.
It is well known that with shares created on a blockchain, we will see disintermediation on a large scale as intermediaries that presently serve a purpose in the dematerialised system context will not be required, although the current system may still be used in view of its benefits.
With blockchain we move from fungibility, which is important for the system to work, to potential non-fungibility where assets are owned by wallet holders/nodes on the system who can deal directly with other users/nodes on the system itself and with reference to a specific share or bond, although there may be several millions like them owned by others. There is no need for intermediaries. So the distributed ledgers will be proof of ownership and authority to transfer and, through private and public keys, a transfer can easily take place.
It must be appreciated that there are subtle differences in the effects of registers and this will not be any different in case of shares. A register entry can prove that a share exists or it can prove who owns it, but it can also imply only an obligation on the part of one person to another (such as we see in intermediary ledgers of share custodians or nominees) which neither proves that a share or bond exists nor who is the owner. So, when considering a ledger or register, it is important to clearly understand what its purpose is, what it is implying in terms of assets, ownership and obligations. Without this understanding, it is very easy to misinterpret what you are seeing in a ledger.
A point to note in the company context is the existence of several different ledgers, operating at different levels and for different purposes, all joined together by one central entity: the legal entity usually being a limited liability company. Each ledger operates in different domains – some State/public while others private and internal. Different rules and legal effects arise at each level. Blockchain can deal with this but developers are not always showing awareness of the levels and intricate relationships which are being regulated through the ledger and register entries.
It must be admitted that the area of share ownership and custody, especially in a dematerialised world of capital markets, is one of the most complex areas of law, especially when we go into the cross-border domain. It is hardly reasonable to expect that a software developer would be able to reflect the subtleties of the law in this area without support from specialist lawyers in the field. The point of this paper is to make people aware that this complexity exists and show where it can arise and, this, at a very high level only.
Private and Public Keys
Blockchain can provide the basis for verification of identity on issue of shares; though once shares are created on the ledger, the ownership and control becomes dependent on private key control which is a problem for existing AML and company law provisions. This is because a company and its advisors must know who the holders of shares are to be able to register them, and must also know when shares are transferred and who the transferees are to be able to register transfers after establishing eligibility to be a shareholder and after formalities and processes required by law are carried out, including identification for AML purposes, preemption rights and pledges respected and so on. In publicly listed companies, these issues may not arise.
The nature and possession of – or rather the freedom to share and entrust or even lose – private keys poses a major issue we need to address when dealing with tokenised shares. In the current system, where bearer shares are mostly prohibited, you cannot lose a share as the share is always recorded in the register and held by the shareholder or by an intermediary – though we can have a “loss” of shares when an intermediary with powers to give good title sells shares he should not, or sells more than he is authorised to. This would be a result of human error and the fact that records are kept at various levels of the intermediary chain, with no one in the chain (including, quite incredibly, the issuer itself) able to see the full picture and a record of who ultimately owns its securities. Similar issues currently also arise in the context of corporate actions and proxy-voting. A public ledger viewable by all, that can only be changed with majority consensus, provides a clear solution to these issues.
To maintain the above registers and retain ability to carry out statutory functions, apart from establishing and maintaining legal relationships/privity between the company and registered security holders, it is assumed that the company must be the issuer of the shares in tokenised form and that it must directly operate the relevant distributed ledger itself, directly or through its agents.
Date stamping is a critical duty of the company maintaining the register. As with assignments, the rule, in case of disputes between more than one transferee, is often based on the fact that the first to register is entitled to the securities. However, we have seen cases of fraud, even on this point, which can affect validity of holding and transfers.
Several of the above issues will affect the capital markets context. In particular, if shares are to be placed into a Central Securities Depository (CSD) one must assume that the private keys are being transferred to the CSD; but private keys given to third parties create problems in that everyone who has keys can control the shares. While the blockchain system may work very well with money as everyone is accustomed to the fact that letting go of money means you lose it (money is fungible and so transfer of possession means transfer of ownership), this is not the case with investment instruments or securities, where people rely on entries in ledgers of the company or of intermediaries.
Private ledgers do not prove ownership as would entries in public registers, although they would constitute prima facie evidence against the holder of the ledger, and probably even third parties. How that rule pans out in relation to the discussion in this paper needs to be discussed. There is ample law relating to registers and one needs to appreciate the need to apply principles to contexts to extract the most appropriate legal outcomes.
So new challenges come with new types of shares and tokenised shares/securities are clearly no exception, even from the register/ledger angle.
4. The tokenised digital asset
Many of the issues we are facing with ‘virtual financial assets’, as these are referred to under Maltese law, arise from the nature of these assets and their legal classification, which is most often connected to their features. There are specific features which would instead have them classified as securities or financial instruments – as opposed to utility tokens – in the form of virtual financial instruments which is a class of tokens regulated by current regulatory laws.
Then there are generic features applicable to all digital tokens which go to their technology design and here is where we find challenges to the application of current law. As a result, while it is possible to design them as representations of shares or bonds, these tokens are more likely to be a new asset type which does not rely on a third party providing a warranty of existence or of qualities/ features in what is represented by a book entry made or maintained by him.
When a token is issued or generated on a DLT platform or arrangement, it is likely to be a self standing asset – a thing in its own right – with rights and powers coded into its very design, without being a form of obligation by the register holder or the issuer.
This happens because the DLT platform is not a legal entity and the token is not necessarily issued by itself as its own legal act. It is issued as a result of code which caters for its creation, by issue or generation, and simultaneous recordation, permitting future transactions, for various purposes. These include the transfer of value, if so designed, with such transactions for now being made possible only on the platform and only between participants or users on the platform. Interoperability between multiple blockchains currently poses a problem and exchanges provide a solution within that parameter.
A blockchain doesn’t “hold” assets registered in its ledger and it cannot be expected to consign the registered tokenised security on demand, as would a normal custodian who is a fiduciary as a result of being entrusted to safeguard the asset entered in its books. This is especially so when the tokens are held in wallets of users and might not even be known to the technology itself. This, of course, assumes that tokenised securities can be placed in wallets to give the owner of the securities some control over the tokenised securities and, at the same time, remain on the company register of shares or debentures to sustain the legal status or entitlements of the holder of the securities. We appear to have a conflict in custody on the one hand or a possible gap in legal relationships on the other.
Being rights or assets in their own right means we do not have a third party who acknowledges the right and against whom they can be enforced. Transfers usually need this dynamic and often may even need consent. DLT does not work that way and assets operate more closely to tangible things which can be transferred by mere handing over possession of the private key referring to the asset or the wallet in which it is held – similar to bearer shares which are now prohibited in most countries. This poses serious problems with shares in private companies or bonds issued by debtors where notice of transfers is required for assignments to operate.
Apart from the identification obligations which the issuers and third parties need to observe for prevention of money laundering purposes, which compliance obligation can be handled by intermediary nominees or custodians as under current law, the technology does away with the need of intermediaries as it allows peer-to-peer transactions by simultaneous recordation of cash against delivery for the exchange of the tokens. This is similar to the case with fungible securities held through a central securities depository but, in that case, one always has recourse to the intermediary if a problem arises. There is no recourse against a DLT platform which is decentralised as no one operates it per se. It runs on its own, based on its incentivisation and consensus coding in the software. When the software is owned or operated by a legal entity then there may be recourse; but even then, there are some possible limitations. If the DLT platform is centralised, then recourse should be more easily achievable as the owner and operator and his actions are clearly identifiable, though even there may be issues depending on the extent of autonomy and automation of the platform.
This brings us to another point of concern which is noticeable on the market. Often one finds that the issuer is a different company from the owner of the software and this can go even further, when the tokens are issued with reference to yet another legal entity. So the issuer is, for example, in Cayman or the British Virgin Islands. The tokens refer to an English company which has been set up for a business and the DLT software is designed and owned by a German development company, until it is then vested or placed within a Swiss foundation. The tokens are then issued on the DLT, which is part of Ethereum platform, and refer to the shares in the English company and give a profit sharing right, apart from voting and rights to liquidation proceeds, in the English company. This confuses the whole issue of how current laws apply due to the interruption of relationships between issuers, shareholders, companies, operators of the software and so on.
This also creates the potential of three separate ledgers or registers which may not necessarily be or remain identical. This could be very dangerous and opens up serious risks of fraud. The issues affected could be far more serious as this could result in the shares in the English company being duplicated. Difficulties arise with votes, transfers and transmissions and so on, not to mention in case of mergers and acquisitions. These situations need carefully planned legal instruments to avoid duplication and to create prevalence of one register over the others, such that only one is used and the others disabled. This would likely be the DLT ledger as it is the most sophisticated and the one which brings about greater transactional facilitation, but then that means that it needs to be owned by the English company and the tokens issued as shares by the same company, otherwise we will find tension with company law principles, obligations and formalities.
Let’s assume we have one entity doing all these things so we address many of the above issues . What this means is that we have a company which uses DLT to issue and record its shares. Assuming we have a parallel non-digital process to collect the capital payment which is necessary for the issue of any fully or partly paid up shares – unless of course shares are paid for with digital currencies or tokens, which again has serious accounting repercussions.
We will have digital tokenised shares on a DLT platform. That will solve the problem of duplication issues or inconsistent registers for numbers of shares and titles of owners. It will also secure the date stamp as DLT does this very securely, not being subject to retrospective manipulation.
This is likely to create a new form of company, different from existing ones, due to the new rules needed for the issue and recordation of its shares, their subsequent transfers and transmission and probably their subsequent listing. We will need rules on pledges, splits and related processes. We will probably need new rules in reduction and increase of capital and probably on liquidations, at least in so far as the cancellation of the shares on distribution of residual assets. These rules will most likely enhance current practices and bring about more efficiencies but, at this stage, we need to consider impacts on current law.
5. Mergers and Acquisitions
This brings us to one point underpinning this discussion paper. With all these changes we are likely to produce a company version B, with existing companies being version A. What is that going to mean for mergers and acquisitions?
It could effectively imply that shares in company A would be incompatible with company B. That would mean that company B cannot become part of company A as its shares would not be in a form which could be registered in the share register of company A and vice versa. The reason for this is the nature of the shares created and existing on the distributed ledger and governed by the innovative technology. This gives rise to a series of issues which need to be studied for the development of corporate law in the future but certainty for handling such matters at present.
 See FATF “Virtual Assets and Virtual Asses Service Providers”, June 21, 2019, Guidance for a Risk-Based Approach.
 https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2697718; Securities, Intermediation and the Blockchain – An Inevitable Choice between Liquidity and Legal Certainty? Philipp Paech, London School of Economics – Law Department, Date Written: December 22, 2015
 This is being addressed on the AML level through the register of beneficial owners in the EU and elsewhere. This, however, does not apply to listed companies, at least in Malta, as the challenge is too big. Technology will solve this issue in due course as volumes do not pose the same challenges to tech systems as they do to human handlers.
 https://gabrielshapiro.wordpress.com/2018/10/28/2/; This is an excellent article on the issues which arise when tokenising shares, including solutions to some of these problems.
 This is what is currently being proposed in Malta through the idea of granting legal personality to innovative technology arrangements. See Ganado, Max, (2019). Chapter 11 – Maltese Technology Foundations. In: Patrick L. Young and Joseph A. Debono, ed., DLT Malta – Thoughts from the Blockchain Island, (2019) Valletta: DV Books, pp. 181-229