Data Protection as a Corporate Governance Issue



Today we held a round table and seminar at our King & Wood Mallesons office dedicated to data protection during which we discussed the implications of the GDPR from a practical point of view both from the legal side and the technical side.  Aside from the obvious duty to be compliant, my view is that an appropriate data protection structure and responsibility line is not just an IT issue or a legal issue but a it is a corporate governance issue, as it entails serious risk management considerations both from a financial perspective as well as a reputational perspective and therefore each company needs to deploy sufficient investments to ensure adequate compliance.

Boards need to make an essential philosophical switch in accepting that this is a key enterprise risk which needs to be addressed at a board level with adequate resources.

Lack of a proper action can entail heavy sanctions for the company in accordance with the GDPR, with ensuing board responsibilities towards the company (for example in Italy under Art. 2392 of the Italian Civil Code for lack of appropriate action to protect the company).

Stefania Lucchetti as speaker at Forbes Live event on Fintech

On 1st March 2018 Stefania Lucchetti was a speaker at a Forbes Italia ForbesLive event during the Quant International Workshop (quantitative & asset management) in Venice, Italy. The focus of Stefania’s panel was on the future of financial services in the age of Fintech. The topics addressed during the presentation included the legal issues related to blockchain, Artificial Intelligence, digital payments, ICOs and cryptocurrencies.

Stefania Lucchetti introduced her speech by explaining that artificial intelligence, blockchain, cryptocurrencies, ICOs, and big data are referred to as disruptive because they change not just how a product or service is delivered, but the essence of what a product or service is – so much that new regulations need to be created to address them.

Press coverage at:

Venezia forbes 1

foto Stefania forbes italia

Forbes event

Due Diligence: Welcome AI, but Keep the Human Element

The legal market is welcoming (and fearing) the introduction of Artificial Intelligence (AI) in due diligence processes.

AI will liberate junior lawyers from the often tedious (and necessarily error prone) work of cataloguing contract information, and at the same time will take work away from law firms and lawyers.

We are of the idea however that while the cataloguing work (summarizing data about contracts and financial transactions) can well be left to AI, the interpretation of such data needs a human element.

What is the purpose of a due diligence? Prior to entering into a long term relationship, such as an equity or commercial joint venture relationship, it is important for a company to determine that the potential business partner shares its ethical standards and is prepared to follow business practices consistent with its company’s.

The due diligence is not only intended to catalogue data, it has a specific objective: and that is to evaluate potential risk areas and to screen a potential contractual partner, its business relationships and practices, its government relationships as well as its reputation.

At the heart of the due diligence is the attempt to gain a thorough understanding of the structure, background, characteristics, practices and also motivations of the contractual partner.

A company seeking a long term contractual relationship must emerge from the due diligence process satisfied that it wants to do business with the partner on an intensive and long-term basis.

The following key areas are (among others) always of concern in joint ventures and should be a specific focus of due diligence:

  • corporate governance and controllership, including keeping accurate books and records;
  • business contracts and business practices;
  • potential for improper payments, or corrupt business practices;
  • regulatory compliance, including historic compliance with core licensing needs;
  • employment matters;
  • existing or potential litigation;
  • tax compliance; and
  • environmental matters, such as a history of land contamination or pollution.

While a software can catalogue all relevant information for quick and easy access, interpretation can and must be left to an experienced professional.

The phase of desktop review and analysis is essential to depict a preliminary profile of the partner, identify the main areas of risk and potential concern, and define the need and the subsequent perimeter of in-depth examinations.

However, also this apparently more objective and depersonalized phase of work, needs a human element to be planned and executed in the most effective way. Even very accurate and comprehensive corporate information does not tell us how our partner is perceived, its track record, the origins of its business, its network of contacts, its political exposure etc. To this regard, a key component of the desktop phase is represented by a critical analysis of the information that comes from outside what can be considered the perimeter of a standard due diligence process, i.e. from outside the target company. For example, it is important to:

  • Reconstruct the target’s public and media profile, if any, and ascertain if any red flags have been reported, if there have been allegations of wrongdoing or non-transparent behavior, and if the target has never responded to these reports or released any denial. This analysis must include social media open to public, electronic media, national and local press outlets.
  • Look at the target’s track record and try to answer questions such as: what is the origin of the business? Did the company develop in a regular and constant way or was there a sudden growth? Does the company have a long-lasting and deeply rooted presence in a local territory? Are there any previous issues, such as a bankruptcy or frequent and inexplicable changes in the business scope or in the geographic area of activity?
  • Identify and reconstruct the profile of the key individuals involved in the ownership and managerial structure of the target company: their corporate profile beyond the target company, their professional background and career, their media profile, etc. can help a lot in placing the target company in a broader and clearer context and in understanding its modus operandi.
  • Enlarge the scope to map the target’s network of business partners and influential contacts and identify potential areas of risk and concern by answering to questions such as: Is there a strong and potentially risky relationship with the public sector or the political establishment? What is the reputation of our partner’s partners?

Then? Once this critical and analytical phase of desktop study has been performed?  A human needs to go on the ground and meet people. Only human sources can provide insight and add value to assess the actual reputation, integrity and market standing of the target.

AI and standardized procedures provide a very valuable support, especially because they help perform the most mundane and time-consuming part of the due diligence process, which is gathering, processing and indexing the information. But when it comes to analyzing, combining,  cross-checking, understanding and supplementing this information, AI cannot substitute the awareness and the experience of professional figures who know where to look, what to look for, who to look at and how to look beyond.

156-KWM-MILANO Stefania Lucchetti and Francesca Castelli Francesca Castelli

© 2017. For further information Contact the Authors

Articles may be shared and/or reproduced only in their entirety and with full credit/citation.  This post is for information only and is it is not to be considered legal advice.

AI and Legal Personality – on algorithm produced art

A great piece on Scientific American (see Is Art Created by AI Really Art) on the philosophical implications as well as the economic ones of AI  produced art jokingly raises a provocative question at the end of the article “When an AI-composed song wins the Grammy, who gets the trophy”? This is actually a complex legal issue which over time will need to be addressed. As I already wrote in previous posts, the issue of legal personality for AI, in particular that with deep learning functions, will need to be considered.  This will of course impact primarily (and more urgently) liability issues but at some point more creative expressions will need to be considered as well.

© 2018. For further information Contact the Author

Articles may be shared and/or reproduced only in their entirety and with full credit/citation.  Opinions in this post are personal to the author.


Possibilità per l’equity crowdfunding in Italia

English Version

L’equity based crowdfunding è generalmente inteso come un sistema che consente la raccolta di capitale finanziario, di solito attraverso Internet, offrendo in cambio partecipazioni nella società finanziata, generalmente una startup o una piccola media impresa.

In Italia, fin dal 2012, esiste una normativa organica ad hoc (D.L. n. 179 del 18 ottobre 2012, c.d. “Decreto Crescita 2”) per la regolamentazione del fenomeno dell’equity crowdfunding. La normativa, inizialmente, consentiva il ricorso al finanziamento tramite crowdfunding solo alle imprese con la qualifica di start up innovative. Successivi interventi normativi hanno consentito l’accesso al crowdfunding anche alle imprese sociali ma, soprattutto, a tutte le PMI (non solo a quelle innovative). Hanno introdotto anche la possibilità per gli organismi di investimento collettivo del risparmio (OICR) e per le società che investono prevalentemente in start-up/PMI innovative di collocare online i propri capitali tramite i portali di equity crowdfunding.

La normativa, pur presentando alcuni elementi di rigidità, è stata oggetto di notevole evoluzione per adattarsi alle richieste del relativo mercato.

È interessante notare che la raccolta di capitale finanziario attraverso internet ha moltissime analogie con gli Initial Coin Offerings (ICO). Gli ICO hanno avuto negli scorsi mesi, a livello globale, un successo mediatico clamoroso pur incontrando diverse sfortune dal punto di vista regolamentare. Infatti in alcune giurisdizioni questa forma di raccolta di capitali è stata addirittura vietata (per esempio in Cina e Corea del Sud).

L’Initial Coin Offering (ICO) è una forma di raccolta fondi tramite la quale un soggetto colloca sul mercato una sua criptovaluta futura (coin o token) in cambio di una criptovaluta già circolante (come il Bitcoin) per finanziare il proprio progetto, proposto al pubblico solitamente in un white paper. Chi acquista la criptovaluta confida che il business sottostante abbia successo e che la moneta si apprezzi al fine di conseguire un profitto al momento della vendita di tale moneta sul mercato. Gli ICO nel tempo si sono divisi anche a seconda del fatto che il finanziamento porti in cambio un equity token (con partecipazione alla società emittente) o un utility token (moneta con funzioni secondarie che solitamente consente di ottenere dei vantaggi sulla stessa piattaforma finanziata).

Considerato l’analogo obiettivo di ICO e equity crowfunding – entrambi sistemi di raccolta di capitale di rischio per start up e piccole imprese al di fuori dei mercati regolamentati – e data la totale mancanza in Italia, alla data attuale, di una disciplina volta a regolare le ICO, ci siamo chiesti se la legge italiana sul crowfunding, qui di seguito brevemente descritta, potrebbe essere uno strumento potenzialmente utile per fornire un quadro normativo entro il quale ricondurre gli ICO.

Normativa italiana sul crowdfunding

Portali di equity crowdfunding

Il “portale” è la piattaforma online che ha come finalità esclusiva la facilitazione della raccolta di capitali di rischio da parte degli offerenti. Il portale si concretizza in un sito web che assolve al ruolo di mediatore tra la società emittente e il finanziatore. L’offerta al pubblico degli strumenti finanziari può essere effettuata esclusivamente attraverso uno o più portali registrati e regolamentati.

Il gestore del portale assicura che, per ciascuna campagna di raccolta, l’importo necessario al perfezionamento degli ordini sia disponibile nel conto vincolato destinato all’offerente acceso presso le banche e le imprese di investimento a cui sono trasmessi gli ordini.

Secondary trading

La sottoscrizione e la successiva alienazione di quote rappresentative del capitale della società emittente può essere effettuata per il tramite di intermediari abilitati alla prestazione di servizi di investimento che effettuano la sottoscrizione delle quote in nome proprio e per conto dei sottoscrittori o degli acquirenti che abbiano aderito all’offerta tramite portale.

Disciplina societaria

Le operazioni di crowdfunding vengono effettuate mediante pubblicazione di specifiche offerte sul sito del portale, la “vetrina online” attraverso la quale l’emittente offre agli investitori “strumenti di capitale di rischio”, i.e. azioni o quote fornite di diritti particolari.

Il finanziamento avviene a fronte dell’assegnazione agli investitori di quote o azioni fornite di diritti particolari che rendano “desiderabile” l’investimento. La prassi è quella di approvare un aumento di capitale con l’esclusione del diritto di opzione per i soci esistenti.

Cross border crowdfunding

La normativa italiana sul crowdfunding si applica solo alle società residenti in Italia o in uno degli Stati membri dell’Unione europea o in Stati aderenti all’Accordo sullo spazio economico europeo, purché abbiano una sede produttiva o una filiale in Italia.

La Commissione Europea ha intenzione di presentare, entro i primi mesi del 2018, una proposta per regolamentare il crowdfunding. A tal fine è stata aperta una consultazione pubblica che verte principalmente su due temi:

  1. il cross-border crowdfunding, che consiste nello svolgimento di attività di crowdfunding al di fuori dei confini della propria nazione di appartenenza, senza chiedere una specifica autorizzazione in ciascun paese europeo; e
  2. la realizzazione di un efficace quadro comune in materia di gestione del rischio per gli investimenti nelle campagne di crowdfunding.

La normativa italiana sull’equity crowdfunding, in ogni caso, non limita l’accesso ai portali italiani a società straniere. Il requisito del possesso di un codice fiscale italiano, precedentemente previsto per la registrazione su un portale di equity crowdfunding, a seguito di un recentissimo intervento normativo è venuto meno per i soggetti non residenti in Italia, rendendo quindi più agevole l’accesso a tali operatori al mercato italiano.


La normativa italiana sul crowdfunding potrebbe essere una piattaforma utile per creare delle forme di ICO regolamentate. Il vero nodo della questione è quello della gestione delle criptovalute, inclusa la possibilità di creare conti vincolati nei quali vengono tracciati gli scambi di criptovaluta collegandosi alla piattaforma blockchain. Questo avrebbe il beneficio aggiuntivo di facilitare il dialogo tra le banche e le piattaforme blockchain aiutando la realtà italiana ad un passaggio accelerato nell’offerta Fintech. Le problematiche fiscali e regolatorie legate allo scambio di criptovalute devono chiaramente essere valutate.

cropped-foto-stefania-sito-web-3.jpg Stefania Lucchetti  foto pietroPietro Boccaccini and foto Alessandro Alessandro Morleo

© 2018. Per ulteriori informazioni, Contatta gli Autori

Gli articoli possono essere condivisi e/o riprodotti solo nella loro interezza e con adeguata citazione.  Questa pubblicazione è a mero scopo informativo e non deve essere considerata un parere legale.


Possibilities for equity crowdfunding in Italy

You may also read this publication on the King & Wood Mallesons website

Equity based crowdfunding, generally speaking, is a system that enables investors to fund a company, generally a start-up or a small to medium sized enterprise, in return for equity, usually through the internet.

A comprehensive piece of legislation was approved in Italy in 2012 (D.L. no. 179 of 18 October 2012, so-called “Decreto Crescita 2”) aimed at regulating the equity crowdfunding phenomenon. This law, at first, allowed access to crowdfunding only to companies qualified as innovative start-ups. Subsequent regulatory interventions allowed crowdfunding access also to social enterprises but, above all, to all SMEs (not just the innovative SMEs). They also introduced the possibility to undertake collective investment (i.e. Italian OICR), and for companies investing mainly in innovative start-ups/SMEs to place their capital online through the equity crowdfunding portals.

Although this legislation still presents some elements of rigidity, it has evolved significantly in order to adapt to market requests.

It’s interesting to note that the collection of financial capital through the internet presents many similarities with Initial Coin Offerings (ICO). ICOs have had resounding worldwide media success in the last few months, even though they encountered some regulatory misfortunes. In fact, in some jurisdictions this kind of capital raising has been prohibited (for example in China and South Korea).

An Initial Coin Offering (ICO) is a type of crowdfunding through which an entity places on the market a future cryptocurrency (coin or token) in return for a cryptocurrency already existing (such as Bitcoin) to finance its project, usually described to the public in a white paper. Those who adhere to the ICO and purchase a cryptocurrency bank on the hope that the underlying business will be successful and that the cryptocurrency will appreciate, in order to obtain a profit when the currency is later sold on the market. In ICOs the funding could also be exchanged for an equity token (holding an interest in the issuing company) or a utility token (currency with secondary functions that usually allows benefits to be obtained on the platform financed).

Given the analogous purpose of ICO and equity crowdfunding – both being systems for collecting risk capital for start-ups and small businesses outside regulated markets – and given the total lack in Italy, as of today, of specific regulation dedicated to ICOs, we considered whether the Italian crowdfunding law, briefly described below, could be a potentially useful tool to provide a regulatory framework also for ICOs.

Italian crowdfunding legislation

Equity crowdfunding portals

The “portal” is the online platform which has as its exclusive purpose the facilitation of the collection of risk capital by the investors. The portal is a website with the role of a mediator between the issuing company and the investor. The offer of the financial instruments to the public can be carried out exclusively through one or more registered and regulated portals.

The portal’s manager ensures that, for each raising campaign, the amount necessary for completing the order is available in the account dedicated to the investor opened in the banks and in the investment firms to which the orders are communicated.

Secondary trading

The subscription and the subsequent disposal of shares representing the capital of the issuing company may be carried out through intermediaries authorized to provide investment services purchasing the shares in their own name and on behalf of investors or buyers who adhered to the raising campaign through the portal.

Corporate characteristics

Crowdfunding campaigns are carried out publishing specific offers on website portals, the “online shop window”, through which the issuing company offers a “risk capital instrument” to investors, i.e. quotas or shares having specific rights.

The investment takes place against the investor’s assignment of quotas or shares with special rights that make the investment “desirable”. The practice is to approve a capital increase excluding the option right for existing shareholders.

Cross border crowdfunding

Italian law regulating crowdfunding applies exclusively to companies with registered office in Italy or in a European Union country or in a country party to the Agreement on the European Economic Area, as long as they have a production site or a branch in Italy.

The European Commission has expressed its intention to submit a proposal concerning EU framework on crowd and peer to peer finance during the first months of 2018. To this end, a public consultation was launched focusing mainly on two themes:

  1. cross-border crowdfunding, which consists of carrying out crowdfunding activities outside the country’s borders, without requesting specific authorization in each European country; and
  2. implementation of an effective common risk management framework to mitigate the risks relating to investments in crowdfunding campaigns.

The Italian legislation on equity crowdfunding, in any event, does not prevent foreign companies from accessing the Italian portals. The condition of having an Italian fiscal code, previously required for the registration on an equity crowdfunding portal, further to a very recent regulatory intervention, is no longer required for foreign residents, therefore making easier for these operators the access the Italian market.


Italian crowdfunding legislation could be a useful platform and starting point to think about ICO regulation. The key issue is the regulation and management of cryptocurrencies, including the possibility of creating restricted accounts in which the transfers of cryptocurrencies are tracked via the blockchain platform. This would have the added benefit of facilitating the dialogue between the banking industry and blockchain technology helping Italian operators accelerate their Fintech presence. Tax and regulatory issues related to cryptocurrencies of course need to be assessed.

cropped-foto-stefania-sito-web-3.jpgStefania Lucchetti , foto pietroPietro Boccaccini and foto AlessandroAlessandro Morleo

© 2018. For further information Contact the Authors

Articles may be shared and/or reproduced only in their entirety and with full credit/citation.  This post is for information only and is it is not to be considered legal advice.

Versione in lingua italiana

And the Regulators Arrived: from SEC’s Ruling to the PBOC’s Ban of Initial Coin Offerings

Over the past months, the cryptocurrency market has remained in the spotlight not only for the fluctuations in the major coins’ interest rates (Bitcoin, Ethereum), but also for the emergence and consolidation of a new way of raising capital in the digital token world: Initial Coin Offerings (ICOs).

The reason leading to the launch of an ICO is simple: the need to raise initial or additional funds to start or continue the development of a blockchain-based technology. This funding method consists in issuing a certain amount of digital tokens in what seems increasingly to be a sort of Initial Public Offering: tokens are sold in an auction to investors in exchange for ethers or bitcoins or other cryptocurrencies, or rarely for fiat money as dollars or pounds.

The first example dates back in 2013, with the pioneering Mastercoin’s ICO collected over $7 million, followed by the more famous Ethereum’s in 2014. A significant surge has been observed during this year. In 2017, there has been over 90 ICOs with an overall funds collection of $1.25 billion. For the first time ever, in June the amount of funds raised through ICOs overtook the total early stage Venture Capital funding for companies of the same type. And so also in July.

Regulatory Vacuum

Launching an ICO is a very convenient method to raise funds since it does not require any kind of disclosure obligations or regulatory compliance, and it allows to avoid most of the costs linked to more traditional funding methods such as venture capital. Up to July of this year, promoters of ICOs have been able to operate in the absence of clear and strict regulatory provisions regarding investor protection or market fairness and integrity: for instance, there are no rules establishing which type of investors can put money into an ICO, and thus so fare anyone has been able to participate.

It is also often not very clear what investors gain from participating in an ICO as the investment in most cases does not lead to the acquisition of shares in a company. In the majority of cases, these tokens are directly connected to the project, and are considered necessary to facilitate access to the network and the use of services it promises to offer once fully implemented. Their use can range from buying storage space on a new hosting and e-mail management platform based on blockchain, to ordering products on the company online store.

Although the apparently modest or absent level of usage outside the closed environment of the issuing company, digital tokens often turn into new currencies, which are then traded for cryptocurrencies or fiat money in online platforms, thus giving rise to a secondary market in the full sense of the term. The more the underlying project receives support from investors and market operators, the more its tokens’ exchange rate rises, starting a spiral of tensions and financial speculation mechanisms that often end up not reflecting the effective market fundamentals.

The SEC’s Ruling in The DAO’s Case

The SEC’s Ruling

On July 25th, the U.S. Securities and Exchange Commission (SEC) decided to step in, and released a Report and an Investor Bulletin on The DAO’s ICO, after investigating whether the offering promoted by the organization had violated federal securities laws.

The DAO was a “decentralized autonomous organization”, a virtual entity without a common legal status, run and managed under rules encoded in computer programmes – called smart contracts –  hosted on a blockchain (often, the Ethereum’s one). It operated as a decentralized venture fund, promoting an ICO that resulted in one of the largest in the industry. Started in April 2016, The DAO’s ICO raised approximately $150 million ethers, the cryptocurrency running on Ethereum’s blockchain. More than 11.000 people decided it was worth investing their money in this project.

But on June 17, some hackers exploited a code problem and drained funds from the platform, for a total of 3.6 million ethers (approximately $70 million at the time).

The investigation pursued by the SEC’s Enforcement Division started straight after these events, with the aim of verifying if The DAO, when launching its funding campaing, was subject to the Commission’s jurisdiction amd then must comply with its provisions. The assessment of whether there was such an infringement ended with the conclusion that The DAO tokens were indeed securities, and therefore their sale was subject to federal securities laws. Specifically, the report reads that “Based on the investigation, and under the facts presented, the Commission has determined that DAO Tokens are securities under the Securities Act of 1933 (“Securities Act”) and the Securities Exchange Act of 1934 (“Exchange Act”)”.

Digital Tokens as Securities

The applicability of U.S. federal securities laws does not depend on the corporate form or the organization type of the issuing entity, but is based on “the particular facts and circumstances, without regard to the form of the organization or technology used to effectuate a particular offer or sale”. And in the case of The DAO, in fact, were the “particular facts and circumstances” that gave the Commission the legal certainty that The DAO Tokens presented specific features of securities, and more specifically investment contracts.

The Howey Test

The principle at the basis of this classification of The DAO Tokens as securities derives from a definition established in 1946 in the case SEC v. W.J. Howey Co. Under the Howey Test, whether an investment instrument is a security requires a substance-over-form analysis. Obiouvsly, a stock or bond is a security, but the definition of “investment contract” can be ambiguous, lending itself to different interpetations. The Commission, building on the Supreme Court’s case-law and interpretation, clearly restates that, in deciding whether something is a security, “form should be disregarded for substance, and the emphasis should be on economic realities underlying a transaction, and not on the name appended thereto”. Even if The DAO defined its ICO as a “crowdfunding campaign”, it did not possess the afore-mentioned requisites for being exempted according to the regulations in force.

Scope of the SEC’s Ruling

The SEC has deemed it appropriate to report exclusively on the legal status of The DAO Tokens. This means that in the future not all ICOs will be immediately brought under its jurisdiction and within the federal legal framework. It will be “the facts and circumstances, including the economic realities of the transaction” to determine whether an ICO involve the offer and sale of a security. Where it is established that these conditions are fulfilled, that ICO must be conducted pursuant to US federal securities laws, with the possibile consequence entrepreneurs looking to raise funds through this avenue that compliance costs associated with the ICO may outweigh the benefits of raising money through this funding method.

The Chinese Ban and Other Positions in Europe and Asia

Shortly after, another authority decided to give new emphasis to the issue. On September 4th, The People’s Bank of China (PBOC), the Chinese central bank, declared ICOs illegal, simultaneously banning any similar funding initiative. The decision came after a long investigation. According to PBOC’s statement, Inital Coing Offerings are a serious disturbance in the economy of the country and in its financial market integrity, and therefore must be considered illegal. Consequently, online platforms trading digital tokens are required to stop conversions between coins and fiat currencies, while banks are prohibited from offering financial services related to ICOs. Companies that received money through an ICO will be required to reimburse the funds (this is approximately $766 million). China, with this statement, has become the first country to ban ICOs.

After the PBOC’s move, several other governmental and financial authorities defined their position on Bitcoin and Initial Coin Offerings. Central banks of Indonesia and Ukraine has highlighted that bitcoins will no longer be considered and accepted as a means of payment. The Deputy Chairman of Ukraine’s central bank said at the Ukrainian Financial Forum that global regulators are not taking action moved by fears regarding cryptocurrencies’ growing volume, regulators are instead concerned only with the fact that people can lose money investing in cryptocurrencies. The conclusion of the Ukrainian official was that Bitcoin cannot even be considered a currency, due to the fact that it is not issued by any government body; thus it can’t be used and legally recognized as a means of payment.

Similar observations were made by the Bank of Indonesia: the Indonesian authority stated that Bitcoin transactions are not legally allowed under the Service Provider of Payment System legislation.

The Singapore Monetary Authority and the Hong Kong Securities and Futures Commission took a more open position, stating that under certain conditions ICOs may fall under securities laws but not taking any excessively strong position.

Long-Term Scenarios

After the entry into the field of global regulators as new, active players in the ICO space, it is difficult to predict what could be the likely future scenarios in ICOs and the cryptocurrencies’ market.

The SEC did not await to draw up a complete regulation before addressing the matter. Its decision to circulate some preliminary statements on ICOs in relation The DAO’s case can be interpreted as an early signal given to the market: the SEC’s intention is in all likelihood that of developing a comprehensive legal framework on the issue. A path, however, that might be gradual and targeted to specific occurrences.

The actions taken by the PRC’s central bank on the contrary take a much firmer standpoint on the matter.

An explanation to this strong and drastic decision is offered by Stefano Tresca in an article published on Tresca is an entrepreneur, founding member of Canary Wharf’s Level39, Europe’s biggest Fintech accelerator. First of all, Tresca draws a clear distinction between Bitcoin and Ethereum: while bitcoins can be mined in a limited amount, at the opposite ethers – the cryptocurrency of the Ethereum ecosystem – can be issued with no maximum limit. An explanatory comparison could be made between gold and fiat currencies: gold is a finite resource, and owes its value from this feature, while central banks can issued much more dollars or pounds than they can guarantee.

According to Tresca, once this fact has been assimilated, we should answer these two questions: where do the most important miners live? And where is the largest amount of bitcoins in the world located? In both cases, the PRC. By banning ICOs, the PRC – as we’ve just said a fundamental country in Bitcoin geopolitics – obtains two results at the same time: avoid chaos and further instability in its financial market – which has been growing fast already for some years – and prevent the issuing of several new Ethereum-based digital tokens from companies launching ICOs, thereby favouring Bitcoin, the other cryptocurrency where the country is the worldwide market leader. In the short-term, the PRC’s ban has resulted in a sharp fall in Bitcoin’s exchange rate: despite new ICOs lead to the issuance of new Ethereum-based tokens, in fact, these tokens can be bought using bitcoins, pushing up its demand and the already high exchange rate. But in the long-term, the PRC’s ban – together with the SEC’s decision to regulate ICOs in the next future – may generate a positive effect.

The future is uncertain but what is certain is that cryptocurrencies and raising capital through Initial Coin Offerings is increasingly becoming an important way of financing for companies. This means that regulators worldwide will need to find a way to thread this into their rules, and in the long term this might provide a boost for entrepreneurship.

Each country should therefore consider how it can accept, perhaps regulate this space in order to allow it to thrive in safety for market operators and investors, carving out a place for itself on the market.


foto giacomo b




Stefania Lucchetti and Giacomo Bocale

© 2017. For further information Contact the Authors

Articles may be shared and/or reproduced only in their entirety and with full credit/citation.  This post is for information only and is it is not to be considered legal advice.




Token Sales and ICOs: why and when you need legal advice

Digital token sales are creating a gold rush on the web, with a token sale advertised every day in digital circles and social media and the movement – in some cases – of huge sums of money.

Token sales still move in international waters from a legal and regulatory point of view, however international regulators are increasingly paying attention to the issue and considering how to regulate certain specific risks associated with digital tokens, such as money laundering risks.

What is a token sale?

A digital token (“token”) is an intangible asset, cryptographically -secured (typically based on blockchain technology). It usually has a monetary value (based on a virtual currency exchange or cryptocurrency) and may entitle the token holder to certain rights (and potentially obligations and liabilities). Such rights and obligations may be set out in "normal" paper documents (such as an offering document or whitepaper) or may be included in a smart contract.

Tokens may be offered to raise funds for a project, in which case the token sale is labelled as "crowdfunding", or may give access to permanent rights and obligations, or even shares (or less regulated "units") of a company, in which case the offering may be labelled  "ICO (Initial Coin Offering)".

Once purchased, the token may or may not be able to be traded or – sometimes with limitations – exchanged back for money.

As token sales gain momentum, aside from obvious financial considerations (extreme volatility) and common sense assessment (whoever trades on the web needs to be able to recognize bogus offers such as Ponzi schemes), participants also need to be aware of a number of legal issues that need to be considered when participating in a sale – including when they need to seek legal advice.

I set out below a few important points to be considered, keeping in mind that the legal and regulatory landscape regarding cryptocurrencies and token sales is rapidly evolving, and the practice is evolving as well.  Recent token sales for examples have restricted participation from certain jurisdictions which raise legal/regulatory issues, eg the US and Singapore.

Do your due diligence

What is the underlying project for which the token is sold? What value does it propose to bring, who are or would be its customers? Is it technically sound, has it been economically analysed, does it have a specific timeline and how is the issuer accountable for the timeline?

Is there an actual organisation behind the project? What kind of organisation is it – a company, fund, trust, a DAO? Who is the team behind  the project? Do the individuals have a track record of successful projects? Is it a dedicated team or a “borrowed” team? Is the project seeking its first funds or does it have some institutional “real-life” investors?

Is the project legal?  Is it based in a specific country (and is it legal in that country) or is it completely virtual? Even in case it is completely virtual, where do the key participants to the project reside?

Is the project legal in your country? Is your participation in the project subject to approval, registration or a license?

And finally, what does the token do? What kind of rights does the token gives access to? What kind of activities does it enable? Is it genuinely attached to a project or does it look like a Ponzi scheme?

Assess the documentation

The token sale will be described and offered through a document (whether an offer document, a white paper, or a descriptive section of the website). Representations and warranties will be asked of the buyer eg as to his/her capacity to participate to the sale.

Some information included in the documents needs to be assessed carefully, in particular:

  • Whether and how you will be able to sell back the tokens
  • The existence of a lock-up period and what parameters it is tied to
  • Whether and how you will be able to trade the tokens to another investor (“secondary market”), always keeping in mind that this may attract other regulatory and legal issues
  • The issuer’s policies about data protection
  • The issuer’s cybersecurity policy
  • Termination events, or what happens if the project is interrupted.

Note that the more reputable issuers conduct anti-money laundering (AML) and know your customer (KYC) checks. It is always a good sign when AML/KYC procedures are set out as it means that the issuer is concerned about regulation.

Be aware of applicable (and evolving) regulations

The legal and regulatory landscape regarding token sales is uncertain and currently evolving. A key concern up to now has been money laundering and terrorist financing risks when transactions are anonymous (less so when the issuer carries out know your client procedures, see above) and the large quantity of funds raised and moved internationally and in a short time.

Other regulations also apply. A number of regulations will apply to the issuer based on where the issuer’s organization is incorporated and certain regulations will apply in jurisdictions where the project is based or where the buyer is based, such as consumer protection and data protection laws.

Most jurisdictions do not (at this stage) regulate virtual currencies per se however a number of international securities authorities are studying how to regulate activities involving digital tokens which do not function exclusively as virtual currencies, such as when they represent ownership or a security interest in an issuer’s assets or property, or represent a debt owed by an issuer so that they may be considered a debenture under certain jurisdictions’ laws.

The Monetary Authority of Singapore (MAS) for example clarified just on 1 August that the offer or issue of digital tokens in Singapore will be regulated by MAS if the digital tokens constitute products regulated under the Securities and Futures Act (SFA).

A lack of compliance by the issuer with applicable regulations may be unsafe for the buyer as well as while liability for compliance may fall on the issuer, lack of compliance may have consequences at best on the value of the token and at worse on the legality of the project.

Token sale may be suspended if the sale should have been approved or registered, any token you have bought may become worthless. If the issuer is investigated, the project may be interrupted. The buyer may be subject to additional obligations that were not set out in the initial documents.

A final note about tax, as tax advice should be obtained when trading tokens as some jurisdictions have stringent capital controls that may apply to cryptocurrencies and tax may be attracted in respect of any capital gains arising from the tokens.

cropped-foto-stefania-sito-web-3.jpg© Stefania Lucchetti 2017. For further information Contact the Author

Articles may be shared and/or reproduced only in their entirety and with full credit/citation.  This post is for information only and is it is not to be considered legal advice.


Why Artificial Intelligence Needs to be on Your Board’s Corporate Governance Agenda

Artificial Intelligence means many things at many levels. The most advanced form of Artificial Intelligence – or AGI (Artificial General Intelligence) – may not come to happen for a few years (or decades). However entrepreneurs, investors and board members need to be aware of what it is, what it could be, which changes it could bring about and what it could mean for their business.

At a more daily level, Artificial Intelligence is already part of our lives, and more specifically, of business.  Artificial Intelligence at its most basic level – or Artificial Narrow Intelligence as it is called (ANI) – is software which can process huge amounts of data (“big data”) based on a set of rules or instructions (“algorithms”) and turn it into meaningful information and problem solutions.

Artificial Intelligence is everywhere, most notably in smartphones and on a daily basis we interact with algorithmic based services such as Spotify, Amazon, Facebook, Netflix.

Some AI driven organizations like Facebook, Google (Alphabet), Amazon, IBM and Microsoft are investing greatly on AI development.  Algorithms drive their business.  However all other “traditional” industries are also being greatly impacted by AI: the automotive industry is facing a revolution with AI powered self driving cars (see my previous post Why Artificial Intelligence Will Need a Legal Personality), the retail supply chain is becoming increasingly efficient thanks to data and AI.

Not everyone is eager for AI to develop and although there are scientists (like Ray Kurzweil) eager to push the development of AI to the next level, some influential personalities in the field (notably Stephen Hawking and Elon Musk) have raised warnings about the need to thread carefully in the rush to develop and deploy AI.  Whatever your personal position on the matter, it is however undoubtedly true that all companies will adopt or continue to adopt increasingly sophisticated AI technologies at some level in the coming months or years to stay abreast of the market, be it to implement Industry 4.0 production and logistics solution or to meet their customers’ needs.

This is why boards of any industry cannot at this stage ignore the impact of Artificial Intelligence and what it means for their business, for their competitors’ business, what kind of opportunities it may bring and what kind of challenges and risks, and need to include a discussion about it in their corporate governance agenda.

What should a board be talking about when discussing Artificial Intelligence?

First of all, cybersecurity – which I have already discussed in a previous post (see Cybersecurity and board responsibilities). I will reiterate that data is one of the most valuable assets a company has – be it its customers’ data, its know how and IP, its historical records, data about its business operations and any kind of data that flows through the company’s servers.

Secondly, implementation of AI technology to the company’s core business – what kind of technology to purchase and what to use it for. This involves all industries (including the very traditional legal industry which is now being targeted with increasing demands to purchase expensive AI due diligence and disclosure technology).

Purchasing an AI based technology often involves processing and sharing data with the technology provider, and this again goes back to the point about cybersecurity and solid data infrastructure.

Finally, the need to update its language skills to understand the language of AI. I have discussed in a previous post (Self Aware Contracts) the language gap between traditional industries powered by natural language and the new developments brought about by AI powered enhancements which create the need for communication which was carried out in traditional language (eg, contracts) to be “translated” into machine language.

This means that developing those language skills, much like learning a second language, or bringing to the board table someone who has those language skills can and should be an important corporate governance priority for a company’s board of directors.



© Stefania Lucchetti 2017. For further information Contact the Author

Articles may be shared and/or reproduced only in their entirety and with full credit/citation. 

Self Aware Contracts enabled by Ledger Technology (or Smart Contracts on Blockchain)

On 17 July Estonian legal tech Agrello went public with a cryptocurrency-based crowdfunding campaign structured as a token sale. Leaving aside the issues raised by token sales which will the the subject of a separate post, it is interesting to explore the value proposition of Agrello’s business, which is a legal tech aiming to change the market of commercial contracts.

Agrello was founded by a team of Estonian lawyers, academics, and information technology experts, with the vision of creating digital contracts that will change the way contractual parties interact with each other and interface with legal authorities.

Agrello-framework proposes what it defines as “blockchain-driven self aware agents-assisted contracts for a decentralized peer to peer economy”.

In plain words, smart contracts.

Agrello’s proposition is that while the traditional understanding of conventional contracts is an exchange of commitments by identified parties that are enforceable by law, formalized by a written document as evidence, when the commitments formalized under the contract are performed, the status of such commitments changes overtime and the agreement needs to be constantly updated to keep track of the evolving relationship between the parties, in particular whether the parties have or not complied with their obligations under the contract.

A blockchain based system would instead allow for an intelligent contract, which can keep track of the parties’ commitments and evolve over time. The blockchain is a ledger based technology which enables a trustworthy collaborative process because no single entity is in control and information is recorded through a programming language in an irreversible manner and confirmed once it is recorded in a number of different locations.

The parties would record their interactions as they progress all through the phases of negotiation and conclusion of the contract, performance and eventually termination of the contract – for example in the case of a tenancy agreement or a services agreement.

The idea is enticing and a few law firms have already signed up for the beta version of the technology.  The project is ambitious not only because it is new both from a technology and cultural point of view, but especially because it aims to bridge a large and perilous language gap: that between the traditional legal industry and the cutting edge blockchain technology.

Also the technology would certainly be beneficial from certain points of view but it also will need to address a number of difficult issues.


  • proof of action, in that the ledger can keep proof of payments made, actions taken, however only if they are digitally recordable
  • in traditional contracts, lawyers need to review the contract to check if an obligation was not performed, eg a deadline was missed. With a smart contract, the contracting parties and the lawyers no longer need to read and interpret the contract as the software agent transforms the contract obligations into logical machine readable obligations
  • permanent archive accessible by the parties without the need to refer to physical archives or an individual’s memory
  • information about payments can be cross referenced directly into other relevant ledgers, such as the company’s financial records
  • no need for intermediaries in the management of the contract (provided that the contracting parties can use the technology)


  • monitoring of communications and keeping a ledger of interactions might make the relationship more crystallized and create further problems in contexts where a fluid relationship
  • the creation of smart contracts involves the use of a programming language (at this time the language used for programming contracts is Solidity) which legal professionals do not understand. And at the same time programmers do not understand legal language. It will therefore be very difficult to translate legal concepts into a programming language, also it will be difficult to litigate the contracts in front of a court, or even an arbitrator, as the programming language used does not allow for articulate language or nuances of expression.
  • the program risks becoming the judge of the contract and not only the keeper of the contract
  • the absence of nuances creates a crystallized relationship with no scope for human intervention in facilitating a soft resolution of problems

Other benefits and issues for sure will arise with adoption of the technology. Certainly, blockchain ledgers applied to contracts have the potential to lower costs and time spent on creation, update and archive of relevant information.  Automation also has a huge benefit in facilitating legal interactions and transparency, as information would be more easily available to interested agents eg tax authorities.   The risks are those generally explored of the limits of artificial intelligence, and the boundaries over which interactions facilitated exclusively by artificial intelligence can replace human judgment and human negotiation. The UK experiment of establishing online courts will run concurrently with smart contracts technology in verifying the limits of artificial intelligence applied to a legal context.

cropped-foto-stefania-sito-web-3.jpg© Stefania Lucchetti 2017. For further information Contact the Author

Articles may be shared and/or reproduced only in their entirety and with full credit/citation.