article / 18 Sep 2019

The Facebook Libra blockchain: Are cryptocurrencies going mainstream and what are the main legal challenges from a Swedish perspective?

In June 2019 Facebook and several well-known companies announced that it planned to launch a blockchain cryptocurrency: Libra. The news of Libra spread immediately among cryptocurrency enthusiasts and even made first page news among some of the world’s major news outlets: Has Facebook brought the cryptocurrency market, known for its volatility and black market association, to the doorstep of the broad masses? Is a major disruption of payment services markets underway?

Background

The rise of cryptocurrencies and introduction of Libra

Since around 2010 cryptocurrencies, with Bitcoin among the most notable, has risen from being highly experimental currency solutions to a set of currencies tracked and traded on leading exchanges and trading services. However, despite the steep rise in use and interest in these cryptocurrencies, they have mostly been embraced by technology enthusiasts and activists and the use has mostly been for speculative trade and investment rather than merchant purchases (although one early purchase famously was for two pizzas). Cryptocurrencies have also, infamously, been known to be used for black market transactions and illegal activities. Due to the possible anonymity of the users, virtual currencies have generally been seen as vulnerable to money laundering and terrorist financing.(1)

Despite having reached public awareness during the last couple of years, the actual use of cryptocurrency has not spread among the broad masses. In fact, the use of for example Bitcoin decreased as a means of merchant payment between 2017 and 2018 and today most online merchants do not accept payment in cryptocurrencies at all.

However, with Libra, all this may change. When announcing(2) Libra, Facebook had teamed up with some of the world’s most prominent companies (including PayPal, eBay, Visa, MasterCard Spotify and Uber) forming the Libra Association, intended to form a broad foundation for the launch of Libra. In the white paper it is stated that the goal is to have the Libra Association members consist of “geographically distributed and diverse businesses, non-profit and multilateral organisations, and academic institutions” and to have approximately 100 members by the target launch, set in the first half of 2020. The ambition is clearly set high: to “deliver a giant leap forward toward a lower-cost, more accessible, and more connected global financial system. Arguably, the use of cryptocurrencies has reached a tipping point and with the introduction of Libra and the backing of some of the world’s largest companies it may potentially soon reach the broad masses.

Given this potential for mass use of the new cryptocurrency one could assume that, on the other hand, the potential for regulatory complications could be huge. Shortly after the first announcement of Libra and after getting attention and questions from several of the world’s major regulators, Facebook made a public clarification that the Libra currency, although initially set to launch in a first version in 2020, would not be launched until regulatory concerns have been met and Libra has the appropriate approvals.

So, will this regulatory burden stifle the ambitions of the Libra Association before it has actually launched? What would the main regulatory complications be? To provide some clarity on this, we will below highlight some of the potential regulatory concerns that Libra could be faced with on the Swedish market.

How will Libra work?

According to the Libra White Paper, Libra is a global cryptocurrency built on the foundation of a blockchain (the Libra Blockchain). Calibra will be a digital custodial wallet (a provider of financial services) that enables storage and usage of the Libra digital currency. It will be available on Facebook platforms — initially WhatsApp and Messenger — and as a standalone app on iOS and Android. Calibra, Inc. is a subsidiary of Facebook, Inc.

You can use Calibra to send money to anyone, anywhere in the world. Because the value of Libra is stable, you can also save your money in Calibra and use it to pay for everyday transactions, like buying a coffee, buying groceries, or taking public transportation.(3)

What are the main legal implications?

– Anti Money Laundering

In Sweden, the Anti Money Laundering Act (2017:630) (the Swedish AML-Act) applies e.g. to physical and legal persons running business that requires registration with the Swedish Financial Supervisory Authority (SFSA) under the Act (1996:1006) on Foreign Exchange and other Financial Business (the Foreign Exchange Act). Such registration is required e.g. for businesses that mainly provide so-called “other financial business”, which e.g. is to provide “means of payment(4)”. This means that already today, suppliers offering exchange services between virtual currencies and fiat currencies as well as from one virtual currency to another are required to be registered with the SFSA and are also consequently subject to the Swedish AML-Act.

From the 1 January 2020 the Swedish AML-legislation will be extended in scope as regards virtual currencies. From that date, when amendments to the fourth anti-money laundering directive (4AMLD) are implemented in Sweden, physical and legal persons that manage and trade with virtual currencies, will be explicitly referred to as subject to the Swedish AML-Act. Such entities are also still required to be registered as financial institutions under the Act (1996:1006) on Foreign Exchange and Other Financial Business. From the implementation of the 4AMLD, not only the mentioned exchange services regarding virtual currencies will be subject to the AML-legislation, but also those who provide custodial wallets for virtual currencies (such as Calibra). Furthermore, the registration requirement in the Foreign Exchange Act as regards virtual currency exchanges
and wallet providers will not be limited only to those who mainly provide such services, thus increasing the scope of applicability to all professional businesses that are virtual currency exchanges and custodial wallet providers. (5)

Being subject to the AML-Act requires such entities to e.g. make a risk assessment of their business and individual customers, perform appropriate risk based customer due diligence measures and to monitor for suspicious transactions. Furthermore, virtual currency exchangesand wallet providers need to comply with applicable EU-sanctions regulations. In addition, according to FATF, countries including Sweden should ensure that the mentioned entities are required to obtain and hold accurate originator and beneficiary information on virtual currency transfers.(6) Virtual currencies often have varying degrees of user anonymitybuilt in. Therefore, depending on how the blockchain ecosystem is set up for a particular virtual currency, the AML/CFT-obligations may be difficult to fulfil for the entities managing or trading the currency.

According to the European Commission’s Supranational AML/CFT-risk assessment for 2019, the use of new technologies (FinTech) that enable speedy and anonymous transactions with increasingly non-face-to-face business relationships, while bringing considerable benefits, may pose a higher risk if customer due diligence and transaction monitoring are not conducted efficiently across the delivery channel. The Commission further states that, while the 5th AntiMoney Laundering Directive provisions on virtual currency providers and custodian wallet providers are a first regulatory step, the increasing use of such instruments is posing higher risks and further regulatory steps may be needed.(7)

– Payment services legislation

In addition to the mentioned AML-obligations and the requirement to register under the Foreign Exchange Act a Virtual Currency Provider will need to assess if it is providing payment services under the Swedish Payment Services Act (2010:751) which requires a license or registration with the SFSA. Being subject to Payment Services legislation entails requirements on information to customers, capital requirements, requirements on processing of payments etc in addition to applicable AML-obligations.

– Personal data/GDPR

Further, outside of financial services regulations, a provider of virtual currency services will need to consider the privacy legislation in Sweden (and abroad). Sweden has recently implemented the General Data Protection Regulation (GDPR) with stricter rules than the previous Personal Data Act. Of specific importance will be adhering to the rules on, for example, security of personal data and sharing personal data.

However, some properties of blockchain technology seem fundamentally incompatible with the requirements under the GDPR. In July this year, the European Parliament published a study on the difficulties in ensuring GDPR compliance in blockchain solutions.(8) In the study, several key areas were identified where there exists apparent insurmountable incompatibilities. For example, since personal data is stored in the individual blocks of a blockchain, without the possibility of change or erasure of the data, the requirements under the GDPR to modify, correct or erase personal data can hardly be complied with while maintaining the intended function of the blockchain. Additionally, the GDPR is based on the assumption that there is a personal data controller towards which the individual can direct any inquiries, enforce their rights or bring any claims of incorrect processing. The blockchain technology, however, is based on decentralisation with potentially very large number of players falling under the data controller definition. This could make it very difficult, bordering the impossible, to identify the correct data controller or controllers and to ensure compliance with the GDPR.

For Libra, these fundamental requirements and potential incompatibilities with the GDPR will surely be a major regulatory hurdle to pass. However, the prominent backing of the members of the Libra association might be just the right brainpower to solve this possible Gordian knot – the future will tell!

Take away

The Libra project is a very ambitious project, with the potential to significantly and permanently disrupt the global financial and payment systems. However, many significant regulatory and compliance issues need to be overcome for the Libra currency to successfully reach the broad masses as intended – some of which issues may be in direct contradiction of the blockchain technology and function and may therefore be difficult to overcome under the present regulatory framework. We look forward to new developments in this very interesting undertaking by the Libra Association.

(1) Report from the Commission to the European Parliament and the Council on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities, COM (2019) 370 final, p. 6.
(2) Libra White Paper, libra.org/en-US/wp-content/uploads/sites/23/2019/06/LibraWhitePaper_en_US.pdf
(3) https://calibra.com/#
(4) According to FATF, In Sweden, the SFSA has considered Bitcoin and Etherum as means of payment since 2013, see Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, June 2019, p. 48
(5) Swedish Government bill 2018/19:150, Enhanced Measures for Anti-Money Laundering and Combatting the Financing of Terrorism, p. 36-38.
(6) Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers, June 2019, p. 71.
(7 )Report from the Commission to the European Parliament and the Council on the assessment of the risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities, COM (2019) 370 final, p. 3
(8) Study from the Panel for the Future of Science and Technology of the European Parliament on Blockchain and the General Data Protection Regulation – Can distributed ledgers be squared with European data protection law?