Jump to Content Jump to Main Navigation
Signed in as:
Oxford Law Citator
Sign up for alerts

9 Cryptocurrencies and Banking Law: Are There Lessons to Learn?

Christopher Hare

From: Cryptocurrencies in Public and Private Law

Edited By: David Fox, Sarah Green

Content type:
Book content
Product:
Financial Law [FBL]
Published in print:
14 March 2019
ISBN:
9780198826385

From: Oxford Legal Research Library (http://olrl.ouplaw.com). (c) Oxford University Press, 2023. All Rights Reserved. Subscriber: null; date: 06 June 2023

Subject(s):
Banker-customer relationship — Electronic money — Currency

(p. 229) Cryptocurrencies and Banking Law: Are There Lessons to Learn?

I.  Introduction

9.01  From its humble origins in an academic paper,1 Bitcoin and its fellow cryptocurrencies have been subjected to an intense and unrelenting scrutiny that has sharply divided opinion. On the one hand, cryptocurrencies (or at least the distributed ledger technology underlying them) have been heralded as representing a new techno-legal dawn2 for contractual dealings in general, trade finance transactions, land registration, maritime trade, central securities depositaries and intermediated securities,3 and complex financial transactions, such as derivatives, bond issues,4 and syndicated loans. On the other hand, media depictions of (p. 230) cryptocurrencies have focused upon the cloak that their anonymity provides for serious criminal activity (as exemplified by the infamous Silk Road drug exchange where Bitcoin was the preferred payment method),5 their avoidance of securities regulations,6 the fact that Bitcoin has been the currency of choice for hackers and blackmailers alike,7 and the easy path to riches that results from speculating upon their volatility (as evidenced by the fact that Bitcoin increased in value by almost 2,000% during 2017, but has since lost more than 50% of that value during 2018).8

9.02  Between these extreme depictions of cryptocurrencies, there has been a relatively consistent (and more muted) stream of objections from central bankers around the world. Some central banks have taken direct action, such as the Indian and Pakistani central banks prohibiting banks and regulated entities entirely from engaging with companies dealing in cryptocurrencies9 and the Chinese central bank calling a halt to initial coin offerings10 and closing domestic cryptocurrency trading platforms. Other central bankers11 have described cryptocurrencies as being at best a ‘will-o’-the-wisp’ or a ‘classic Keynesian beauty contest’12 and at worst a Ponzi or pyramid selling scheme.13 Closer to home, the position has been more equivocal. Despite initially embracing the promise of cryptocurrencies by developing its own cryptocurrency with central bank oversight (RSCoin),14 the Governor of the Bank of England has more recently expressed the view that Bitcoin has ‘pretty much failed thus far on … the traditional aspect of money’,15 (p. 231) since cryptocurrencies lacking centralized control and oversight are yet to operate successfully as either a store of value or as a medium of exchange. Whilst one could readily dismiss views of the Bank of England (and other central bank responses) as being based upon a desire to protect the vested interests in the current financial status quo, the ambivalence in the Bank of England’s position is the inspiration for this chapter, since it raises the issue of the relationship between traditional banking, on the one hand, and cryptocurrencies, on the other. Whilst the starting assumption might be that (at least in terms of their structure, rationale and practical operation) these are irreconcilable opposites, this chapter seeks to investigate whether this also holds true for the legal context or whether these technological parvenus may yet learn lessons from our legal past.

9.03  In this regard, whilst it is certainly true that cryptocurrencies’ raison d'être is the abandonment of the banking system’s institutional framework and oversight mechanisms,16 it does not necessarily follow that traditional banking law principles, which have been developed over the last century in the context of interactions between banks and their customers, can provide no assistance in resolving some of the legal issues surrounding the use of cryptocurrencies. Indeed, even in the disaggregated and decentralized world of cryptocurrencies, there is a functional equivalence with traditional retail banking—the storing of cryptocurrency private keys in digital wallets effectively performs the same basic function as a traditional bank account in providing a way of storing economic (and arguably monetary) value with another, a mechanism for making payment by transferring that value, and a means to unlock further value through lending and security structures (as would occur with an overdraft or charge-back arrangement). Accordingly, the following sections consider each of the three functions (storing value, making payments, and lending) carried out by traditional banking entities through their account services, as well as the extent to which cryptocurrencies (and those entities providing ancillary ‘storage’ and exchange services) achieve the same ends.

II.  The Cryptocurrency as a Store of Value

9.04  In considering the extent to which cryptocurrencies operate as stores of value, it is necessary to distinguish between two quite distinct issues: firstly, there is the issue (p. 232) of whether a cryptocurrency itself stores monetary value by replicating the functions associated with ‘money’, so that it attracts that designation;17 and, secondly, irrespective of whether cryptocurrencies ought to be treated as ‘money’ or not, how the economic value in cryptocurrencies is stored in digital wallets. The first issue has already received some attention judicially and academically.18 Whilst it is clear that the digital form of cryptocurrencies precludes it from falling within the traditional conception of money, in the sense of physical coins and banknotes,19 there are clearly other forms of generally accepted non-physical money, whether money in a bank account20 or ‘electronic money’ (which is defined as ‘electronically (including magnetically) stored monetary value’ on a device that is issued in return for funds by an ‘electronic money issuer’, such as a bank or credit-card issuer, and that not only gives rise to claim for the return of those funds from the issuer, but can also be used as a means of payment with persons other than the issuer).21 Accordingly, it is not just the intangibility of cryptocurrencies that makes them hard to classify as ‘money’, but rather, as indicated in Skatteverket v Hedqvist,22 the fact that bank money and electronic money are expressed in the currency of a particular jurisdiction, whereas cryptocurrencies ‘are not expressed in traditional accounting units, such as in Euro, but in virtual accounting units, such as the “bitcoin” ’.23 Whilst courts may be prepared to interpret the concept of ‘money’ in a purposive manner for particular statutes designed to prevent money laundering,24 to prohibit drug trafficking,25 or to regulate tax26 or securities,27 it remains unclear whether cryptocurrencies should be treated at a high conceptual level as involving money,28 intangible property,29 or the provision of a (p. 233) service.30 Whilst this apparent incoherence may prove intellectually unsatisfying, or may result in a lack predictability from a practical perspective, it may ultimately be better to accept the chameleon-like quality of cryptocurrencies, so that they can be accommodated more readily into existing legal and regulatory frameworks as and when appropriate.

9.05  This chapter is, however, less concerned with this first issue relating to the legal characterization of cryptocurrencies and is more focused on the second issue regarding how their economic value is stored by their ‘owner’, as well as the legal framework that might be applied to such storage. The need for some form of storage mechanism is evident from the way other forms of economic value operate, whether that be the tokenization associated with coins and banknotes, the establishment and operation of an account for bank money, or the use of pre-loaded cards or mobile phones for electronic money. For cryptocurrencies, the equivalent storage facility is the digital wallet with a unique identifier number (or ‘public key’), which is essentially a software program recording the amount of a particular cryptocurrency ‘held’ within the wallet and facilitating its receipt and transfer.31 It is important to stress, however, that digital wallets do not store the cryptocurrency itself, which is the product of the relevant network and is recorded on that network’s blockchain, but rather one or more private keys. This is essentially a secret code or mathematical proof that establishes the wallet-holder’s ‘ownership’ of a certain amount of the relevant cryptocurrency and allows them to ‘sign’ transactions for its transfer.32 Unlike the relevant cryptocurrency network, in respect of which the information is distributed and shared amongst the network nodes, the content of the digital wallet is secret and controlled solely by its holder. Accordingly, it will be encrypted with a password to prevent unauthorized third-party access. Although there are different types of digital wallet, they must conform to the protocol for the particular cryptocurrency if they are to be effective.

9.06  In terms of selecting between the different species of digital wallet available, the wallet-holder’s choice will be driven by the desired balance between convenience, control, and security. In that regard, there are two key types of digital wallet. The first main type is effectively stored upon, and accessible through, a particular piece of equipment: a ‘desktop wallet’ stores the private keys on a computer’s hard-drive, a ‘mobile wallet’ on a mobile phone, and a ‘hardware wallet’ on a specialist external device designed specifically for the storage of private keys.33 Accordingly, (p. 234) the principal advantage of such wallets is that the wallet-holder retains a high level of control over his or her private keys by storing them on a physical device that they own and possess. As between the different methods of storage, a ‘hardware wallet’ provides a high level of security, as its off-line features make it less susceptible to malware that might compromise the device when compared to desktop and mobile equivalents, although it is obviously less convenient than other available options. These wallets may either be ‘full node’ wallets (hosting a full copy of the relevant blockchain) or ‘light’ wallets that require connection to some external source or node to read the blockchain (as is usually the case with mobile wallets). The downside of such device-based wallets, however, is that, if the particular device is lost, suffers a hardware failure, is hacked, or becomes infected with a virus, then there is a real risk that the private keys might be lost forever unless appropriate back-up systems are in place. Less sophisticated variations on this theme (which have similar risks) are the ‘paper wallet’ (which embodies the private keys in physical materials, much like a bank note) and the ‘brain wallet’ (which generates the digital wallet from a passphrase committed to memory). The second principal type of digital wallet (and the most popular amongst casual and amateur users) is the web-based or ‘hosted’ digital wallet, which allows cryptocurrency to be sent, received, and stored through a person’s web browser. The principal advantage of such digital wallets is convenience, since it is not tied to a particular piece of hardware (and so less susceptible to physical loss) and is often linked to a cryptocurrency exchange that allows the wallet to be used to trade cryptocurrencies and exchange them for traditional (or fiat) currencies and vice versa (as occurs in the case of ‘Coinbase’).34 The downside with such web-based wallets, however, is that the third party (by providing the digital-wallet account and managing its security features) effectively controls the wallet-holder’s private keys so as to enable easier access to the relevant trading platform. There is also a higher likelihood (given the concentration of digital wallets in the hands of the exchange’s operator) that web-based wallets may become a particularly attractive target for cyberattacks,35 and holders of web-based digital wallets remain exposed to the cryptocurrency exchange’s insolvency,36 as occurred with the largest such exchange, Mt Gox KK, in February 2014.37 Indeed, given the security features afforded to the cryptocurrency network by the mining process, it is undoubtedly (p. 235) the case that it is the points of user interface with a particular cryptocurrency (such as the digital wallets and the trading exchanges) that represents the weak link in the chain of security.

9.07  Having set out the range and key features of digital wallets, the question posed in this section is whether banking law principles, especially those developed around the bank-customer contract, can provide assistance in resolving some of the legal issues that arise out of the use of digital wallets. The need for such an analysis has been highlighted by United States v Ulbricht,38 in which the United States Court of Appeal for the Second Circuit used banking concepts to explain the nature of a Bitcoin digital wallet, namely that the wallet is associated with a Bitcoin address, ‘which is “analogous to the account number for a bank account, while the ‘wallet’ is analogous to a bank safe where the money in the account is physically stored” ’. While that description may not be entirely accurate, it does squarely raise the question of whether banking law principles might provide an appropriate analytical framework for the issues surrounding cryptocurrency wallets.

9.08  That said, where the situation involves the first type of digital wallet considered above (in that the private keys are stored upon a particular piece of equipment under the sole control of the wallet-holder), the principles developed around the bank-customer contract are unlikely to have any role, since by definition those principles would only be relevant in circumstances where a cryptocurrency’s private keys are controlled by a third party who is susceptible to being instructed by their ‘owner’ as to how to deal with those keys. Accordingly, this first type of digital wallet can more appropriately be analogized to a real wallet—if the device storing the private keys is lost, then so too are its contents. Similarly, if the relevant hardware is deliberately damaged or destroyed by a third party or its value lessened by the hacking of the private keys, then the tangibility associated with this first category of digital wallet may entitle the wallet holder to invoke the tort of conversion by way of protection.39 Indeed, in the latter scenario where a person’s private keys are extracted from their hardware-based digital wallet (assuming the perpetrators can be discovered) the equitable wrong of breach of confidence may also provide the basis for a potential claim.40 In contrast, where the hardware device storing the cryptocurrency’s private keys is physically damaged by a third party’s negligent act, the tort of negligence would provide the appropriate route to recovery for the storage-device’s owner.41 Alternatively, if the loss of the (p. 236) private keys is attributable to some defect or missing security feature in the digital-wallet software provided by its supplier, there may be a claim by the wallet-holder (at least when he or she is a consumer)42 for breach of the contract supplying the digital content43 on the basis that it was neither of satisfactory quality44 nor fit for the particular intended purpose.45 In contrast, where the digital wallet is of the second type considered above, there would appear to be some similarity between a digital wallet hosted by a third party, which confers control over the private keys associated with the cryptocurrency, and a current account that involves the transfer of title and control of a customer’s funds to his or her bank. In such circumstances, there may be some scope for judicial borrowing from the principles governing the bank-customer contract, although obviously it is clear that neither the wallet-provider nor the wallet-holder would necessarily satisfy the common law definitions of either a ‘bank’46 or a ‘customer’,47 which would ordinarily be pre-requisites to the creation of a bank-customer contract. With that caveat in mind, the various aspects of the traditional bank-customer relationship will be considered in turn.

9.09  An initial question that arises in that regard concerns the extent to which the legal nature of the relationship between wallet-provider and wallet-holder can be analogized to that between banks and their customers. In relation to the latter, the characterization of the bank-customer contract as involving either a bailment48 or trust49 of the deposited funds was quickly rejected by the courts, as was the view that the bank account relationship was fiduciary in nature as a result of the bank acting as either the trustee or agent for its customer.50 In contrast, whilst the possibility of the digital wallet creating a bailment relationship between the wallet-provider and wallet-holder can probably be discounted,51 owing to the intangible nature of both the wallet itself and the private keys associated with it, the existence of a trust may be less readily dismissed. Clearly, from a remedial perspective, (p. 237) a trust analysis of the digital-wallet relationship would be particularly attractive for the wallet-holder, especially as it would afford the wallet-holder priority in the event of the wallet-provider’s insolvency and would open the door to making third parties who had hacked the private keys liable as either a knowing recipient or dishonest assistor. Such a characterization would only be possible, however, if the courts were willing to treat private keys (as well as other types of password or passcode) as a species of property on the basis that they satisfy Lord Wilberforce’s criteria in National Provincial Bank Ltd v Hastings Car Mart Ltd52 as to what constitutes property.53 On that assumption, the holding of private keys in a hosted digital wallet might be analogized to the holding of rights in dematerialized securities by registering them in the books of an intermediary, which structure operates through a series of trusts and sub-trusts.54 Indeed, such an analogy would consequently provide a useful framework for analysing how wallet-providers might pool the digital wallets of multiple wallet-holders, as well as for dealing with any possible right of reuse on the wallet-holder’s part.55 That said, private keys in a hosted wallet might in fact be too ephemeral and unstable to satisfy the criteria in Hastings Car Mart. Furthermore, private keys may not satisfy the third criterion in that case of being capable in their nature of assumption by third parties: whilst digital wallets may be hacked (so that the private keys are capable of being assumed by a third party in an involuntary manner), and whilst a wallet-holder is free to disclose such information voluntarily to a third party, this criterion arguably refers to whether private keys (as opposed to the underlying cryptocurrency) would be transferred in the ordinary course of business.56 Although private keys (p. 238) are necessary to authenticate a cryptocurrency transfer for the network, they are not themselves transferred as part of that transaction. Indeed, the conclusion that private keys are not property would be consistent both with the long-held reluctance to reify information (other than intellectual property rights),57 which is already adequately protected through the distinct equitable wrong of breach of confidence, and with the resistance to allowing trust concepts to operate too readily in commercial contexts.

9.10  Accordingly, the better view is that (like a bank account) a digital wallet is not a proprietary institution, but rather a contractual one that arises (as in the case of an account)58 upon the agreement to create the wallet, with the consideration, on the one side, being the provision of the digital wallet and, on the other side, being the promise to use the wallet in accordance with the website’s terms and to comply with any particular provisions specifically governing the use of the digital wallet. Unfortunately, simply recognizing the contractual nature of the digital wallet (or, for that matter, the bank account) only takes the analysis so far. With respect to a bank account at least, the orthodoxy has long been that its opening creates a simple debtor-creditor relationship between the bank and its customer,59 their respective positions depending upon whether the account is in credit or overdrawn. It is not immediately apparent, however, that the same legal characterization could be applied to a digital wallet, despite its functional equivalence with a traditional bank account. The key difference lies in the fact that a bank is entitled to use the funds standing to the credit of a customer’s bank account for its own commercial purposes,60 whether that involves repaying other depositors or earning interest by lending those funds to borrowers. In contrast, a wallet-provider is not generally entitled to use the private keys for its own ends, but effectively holds them to the wallet-holder’s order. Moreover, whilst there is a superficial similarity between a bank account and digital wallet in that both purport to record the funds available to the account- or wallet-holder respectively, there is the fundamental difference in what those records represent: in the case of a bank account, the ledger entries reflect the funds deposited with the bank and accordingly the chose in action representing the obligation to repay the equivalent funds, whereas a digital wallet simply reflects the amount of cryptocurrency linked to the private keys and does not purport to represent any obligation to repay that amount. This is because, as explained above, the digital wallet does not ‘contain’ any cryptocurrency directly, but simply the means of accessing and transferring it. To draw a more concrete (p. 239) analogy: the fact that one person leaves the keys to his safe with another may give rise to obligations involving the custody of the safe’s contents, but this act does not create in legal terms a debt owed by the latter to the former. Accordingly, unlike a bank account, a simple obligation to repay a sum of money (whether expressed in a fiat currency or its cryptocurrency equivalent) does not accurately reflect in legal terms the functions or practical operation of digital wallets. Accordingly, some other contractual characterization is required.

9.11  In that regard, it is submitted that the digital wallet involves (at least at its inception) a contract for the provision of digital content to the wallet-holder61 and subsequently involves a contract for the provision of safe-keeping services in relation to the wallet-holder's private keys, which may in turn be analogized to the custodian services traditionally offered by banks.62 That said, even in respect of bank accounts, the courts have recognized that a bank may provide accessory services involving other forms of contractual relationship, such as acting as financial adviser63 or paying agent.64 Similarly, the wallet-provider may act as an agent (assuming the host also operates a cryptocurrency exchange) if it receives instructions from the wallet-holder to engage in a currency exchange transaction or (assuming the digital wallet or the host also operates as a node for the cryptocurrency network) if it receives instructions to affect a transfer or payment with the cryptocurrency. Accordingly, the basic contract for safe-custody services may be overlain with an agency relationship in certain circumstances.

9.12  Given the similarity (albeit not the identity) between digital wallets and traditional bank accounts in terms of their essentially contractual nature, the next issue concerns whether there is likely to be any similarity in the contents of the two contracts. Whilst current accounts are increasingly governed by detailed standard-form terms and conditions that are signed at the time of the account’s opening, this has not always been the case; at one time, the relationship between (p. 240) a bank and its customers was principally governed by a series of terms implied by law into the bank-customer contract.65 Obviously, to the extent that the operation of the digital wallet is governed by express terms and conditions, those terms will govern the relationship between the wallet-provider and holder, but, given that digital-wallet contracts are still at a relatively embryonic stage of development,66 the precise content of the relationship between wallet-provider and holder may well be dependent upon a process of contractual implication for the foreseeable future. Applying the approach traditionally adopted for bank accounts in that regard, there are four contractually implied duties that might be applicable to the present context: the duty to act in accordance with one’s mandate, the duty to keep information secret, the duty to act with reasonable skill and care, and the fiduciary duties (or disabilities) relating to unauthorized conflicts of interest and profit-making.

A.  The duty to act within mandate

9.13  To the extent that the wallet-provider is instructed to perform a particular task, whether exchanging cryptocurrencies and fiat currencies or acting as a node to broadcast a payment or transfer to the wider network, it is likely to act as an agent with an obligation to act within the scope of its mandate.67 Although there may be issues relating to the interpretation of the instructions issued,68 in general claims for breach of mandate are relatively straightforward, since liability is strict and not dependent upon whether reasonable care has been taken or not.69 At least as regards bank accounts, the difficulty has always lain in identifying those circumstances when the bank is not obliged to follow its customer’s otherwise valid instruction,70 and there is no reason why this would be any less challenging in relation to digital wallets. Indeed, the difficulty is likely to be magnified given the legal and conceptual uncertainty surrounding digital wallets. Accordingly, an issue arises as to whether the circumstances identified by the law as terminating a bank’s mandate might be helpful in identifying when the wallet-provider’s mandate might similarly end.

9.14  In that regard, there will clearly be some situations involving termination of a bank’s mandate that are likely to prove inapposite to the context of digital wallets: whilst a bank is entitled to ignore its customer’s instructions when their account (p. 241) is overdrawn,71 the concept of an overdrawn digital-wallet is as yet unknown and may ultimately prove a conceptual impossibility. With respect to other situations in which a bank’s mandate would be terminated, their potential transposition to the context of digital wallets will turn upon the extent to which a court is prepared to characterize a private key and/or the underlying cryptocurrency as functionally equivalent to either ‘money’ or ‘property’ for the purposes of particular legislative provisions. Two relevant situations exemplify this issue. Firstly, whilst a bank’s mandate to honour its customer’s instructions is clearly terminated in respect of funds that are subject to a third-party debt order served upon the bank,72 whether the same would apply to a digital wallet containing a cryptocurrency's private keys would depend upon whether the wallet-provider owed a ‘debt due or accruing due’73 to the wallet-holder, which would in turn require the contents of the wallet to be classified as ‘money’.74 Not only is this latter point unresolved, but, as considered above, describing the relationship between a wallet-provider and -holder as involving the creation of a ‘debt’ does not accurately encapsulate the nature and functions of a digital wallet. Secondly, whilst a bank (by virtue of being in a regulated sector)75 is under a directly imposed obligation (backed by the threat of criminal liability) to report any known or suspected money-laundering offences committed by its customers76 and, following such a report, is relieved of its obligations to obey its customer’s instructions until it receives clearance for any transactions from the relevant authorities, a digital-wallet-provider’s responsibilities in this regard are less clear. Ultimately, the issue would turn upon whether cryptocurrencies or the associated private keys could be designated as ‘criminal property’ under the Proceeds of Crime Act 2002.77 Whilst the notion of ‘property’ under that enactment is expansively defined,78 it is uncertain whether private keys (or any other type of password or passcode for that matter) would qualify. To the extent that they do qualify, a wallet-provider could be made criminally liable for acquiring, using or possessing ‘criminal property’79 (assuming of (p. 242) course that the private key is obtained as a result of criminal activity) unless it has made an authorized disclosure about the property to the relevant authorities.80 Alternatively, if the underlying cryptocurrency qualified as ‘criminal property’, a wallet-provider could be made liable for concealing, disguising, converting, transferring,81 or becoming involved in a transaction to acquire, retain, use, or control82 such property by storing the private keys and/or allowing them to be used to affect a transaction with the relevant cryptocurrency, unless the wallet-provider has made the requisite authorized disclosure.83

9.15  Yet other situations, in which a bank’s mandate will terminate, are likely to be readily transposable, as they are not dependent upon concepts of ‘property’ or ‘money’ (albeit that these situations may give rise to other difficulties). Firstly, when a bank has received notice of the fact that a freezing injunction has been made against its customer, its mandate is terminated, as a failure to abide by the order will amount to a contempt of court.84 Similarly, as the standard-form freezing injunction is worded so as to prevent dealings with ‘assets’ (rather than ‘property’), and such relief operates in personam (rather than in rem85) against the defendant to the freezing injunction and any third parties with notice,86 there would appear to be no reason why a freezing injunction would not similarly be effective in preventing the wallet-provider from allowing the private keys to be used to transfer an amount of cryptocurrency. That said, at least where the freezing injunction is territorially circumscribed, there may be difficult questions regarding the situs of the private keys and the underlying cryptocurrency for the purpose of determining whether the terms of the freezing injunction have been breached or not.87 Secondly, just as with a bank account, the wallet-provider’s mandate to deal with the private keys will be terminated automatically by the wallet-holder’s death88 or lack of capacity (whether under the Mental Capacity Act 200589 or at common law90). Whether the ability to deal with the private keys (and accordingly (p. 243) the underlying cryptocurrency) devolves upon the wallet-holder’s executor, administrator, or deputy may well depend, however, upon the application of property or monetary law concepts.91 Thirdly, just as a bank’s mandate to deal with an account is affected, so the ability of a wallet-holder to use or give instructions in respect of the private keys and underlying cryptocurrency is likely to be affected by the commencement of an insolvency proceeding: in the case of an individual, the moment of termination probably occurs when notice is received of the petition for their adjudication,92 and, in the case of a company, upon the passing of the relevant resolution (when the winding-up is voluntary93) and the making of the court order (when it is compulsory94). That said, as in cases of death or mental incapacity, the basis upon which the trustee in bankruptcy or liquidator would seek to assert a claim to the private keys may not be straightforward, although a liquidator or administrator may seek an order requiring any person (such as a wallet-provider) to hand over ‘any property, books, papers or records’ of the wallet-holder.95 Finally, a bank’s mandate is likely to terminate under the Proceeds of Crime Act 2002, when the customer is shown to have lead a ‘criminal lifestyle’, and a court makes a confiscation order on the basis that the customer has ‘benefitted’ from his general criminal conduct. Accordingly, as the legislation seeks to avoid as far as possible such restrictive terms as ‘property’ or ‘money’ in favour of a more nebulous concept of ‘benefit’, it would certainly seem arguable that private keys might be the subject of a confiscation order, which would adversely affect the wallet-holder’s and -provider’s ability to deal with them.

B.  The duty of secrecy

9.16  Putting aside issues of the wallet-provider’s mandate to deal with the private keys, the second core implied contractual duty that arises in the context of the bank-customer relationship involves the bank keeping its customer’s information secret.96 A bank’s duty of secrecy is extremely broad, covering all information that (p. 244) comes into the bank’s hands in its role as a banker.97 Accordingly, even information that would not otherwise be considered confidential in the strict sense (such as a customer’s account number, which is disclosed to third parties for the purposes of allowing payment to be made) would nevertheless be covered by the duty of secrecy. With respect to cryptocurrencies, it is clear that the private keys in a hosted98 digital wallet are highly confidential, since their disclosure would effectively allow a third party to utilize or transfer the cryptocurrency to which they relate. Accordingly, the confidentiality of private keys obviously requires some form of legal protection. The issue is whether that protection can be adequately provided by the general equitable wrong of breach of confidence99 or whether the wallet-holder requires the additional protection afforded by a broader contractual duty of secrecy similar to that owed by banks. It is submitted that the analogy with bank accounts is apt in this context and that the need for a broad obligation of secrecy is almost more compelling in the context of cryptocurrencies than might nowadays be the case for retail bank accounts: this is because the operation of the cryptocurrency network is often based upon a wallet-holder’s public keys being disclosed, but not that person’s identity or any other details about them. Accordingly, the intended anonymity associated with cryptocurrencies arguably necessitates that any of the wallet-holder’s identifying features be kept secret, not just the private keys themselves. Only an obligation akin to the bank’s duty of secrecy (rather than the wrong of breach of confidence) can achieve this aim. Indeed, developing notions of privacy100 and recent developments in data protection101 may bolster this view. The development of secrecy and confidentiality within the bank-customer relationship is, therefore, likely to provide a useful (p. 245) guide to the protection of a wallet-holder’s information. Some support for this view may be derived from the recent Singapore High Court decision in B2C2 Ltd v Quoine Pte Ltd.102

9.17  The analogy with bank accounts not only relates to the initial scope of protection conferred by the duty of secrecy103 but also potentially includes the circumstances in which that duty no longer applies.104 In that regard, it would hardly be controversial to suggest that the wallet-provider should (as in the case of a bank account relationship) no longer be required to keep the wallet-holder’s details secret when the latter has expressly consented to their disclosure105 or when it would be in the public interest for such disclosure to be made, even though this could not be compelled.106 Equally, there should be no objection to such disclosure when it is in the wallet-provider’s interests to do so,107 provided that this exception is narrowly construed to cover only those situations in which disclosure is absolutely essential (such as when the wallet-provider is being sued by the wallet-holder),108 rather than also covering those circumstances when it might be considered merely desirable by the wallet-provider to disclose personal information (such as when the wallet-holder’s information is disclosed for marketing purposes to related companies in a group).109 Most significantly, of the various exceptions to the bank’s duty of secrecy, a wallet-provider should be entitled to disclose private keys or other information when ordered to do so by legislation or a court. Amongst the burgeoning legislation compelling disclosure, a wallet-holder is most likely to be affected by legislation requiring the disclosure of money-laundering or drug-trafficking activity,110 compelling the disclosure of criminal activity to the police or other investigatory authorities111 or enabling a liquidator112 or the revenue authorities113 to seek judicial orders for the disclosure of a wallet-holder’s pre-liquidation or taxable activity. Indeed, an important example of the last type of disclosure order is provided by United States v Coinbase Inc,114 in which the United States (p. 246) Inland Revenue served a summons on Coinbase, a cryptocurrency exchange and wallet-provider, seeking information regarding over 10,000 of the latter’s customers over a period of several years. When Coinbase refused to comply with the summons, the court ordered disclosure on the basis that it would serve the legitimate purpose of identifying wallet-holders who may not have paid federal taxes on their profits from cryptocurrency dealings. Given the wealth that is nowadays tied-up in cryptocurrencies and the perception (as considered above) that they are primarily used for nefarious ends, such applications for judicial disclosure are unlikely to diminish, thereby increasingly threatening the anonymity associated with cryptocurrencies and ultimately their potential utility.

C.  The duty to act with reasonable skill and care

9.18  The third potential duty that arises from drawing an analogy between digital wallets and bank accounts concerns the contractual duty on a bank to exercise reasonable skill and care in operating its customer’s account.115 To the extent that such a contractual duty is also imposed on wallet-providers, many breaches of that duty will likely also involve a breach of the wallet-provider’s duty of secrecy, since the most likely result of a wallet-provider’s negligence is the disclosure of the wallet-holder’s private keys to a third party. In cases of such an overlap, a well-advised wallet-holder ought to rely upon any breach of the duty of secrecy given that this involves strict liability, in contrast to the fault-based liability of a contractual duty of care. Nevertheless, there may be situations in which there is a standalone breach of the duty of care, such as when the only records of the wallet-holder’s private keys are lost or destroyed by the wallet-provider or when an employee or agent of the wallet-provider uses the private keys for their own ends. Such scenarios do then give rise to the question of whether a contractual duty to exercise reasonable care should be imposed by analogy with the bank-customer relationship, when the same result could be achieved directly by the implication of a term under the Supply of Goods and Services Act 1982116 or the Consumer Rights Act 2015.117

9.19  It is submitted, however, that the analogy with bank accounts (and wider banking principles) remains useful as it highlights three features of the bank’s duty of care that would probably be equally desirable to emphasize in the context of the contractual relationship created by a digital wallet. The first feature is that (like banks), wallet-providers ought not to be under any wider implied obligation than that of providing and operating the digital wallet with due care and in particular (p. 247) ought not to owe any wider duty to advise118 (especially given the speculative and volatile nature of cryptocurrencies119) on the merits of opening a digital wallet, purchasing any cryptocurrency, or engaging in any particular transaction with that cryptocurrency.120 The second feature is that a bank’s duty to exercise reasonable care extends to ignoring an apparently valid instruction from its customer when the bank has clear knowledge that the proposed transaction is in reality an attempt to defraud that customer or otherwise involves an illegal transaction.121 Given that the risk of such fraud or illegality may well be higher for digital wallets than in relation to an ordinary bank account given the anonymity surrounding the former, it seems appropriate that a wallet-provider should be under a duty not to facilitate a fraud on the wallet-holder when it has cogent evidence available to demonstrate that this is what is in fact occurring. Indeed, any other conclusion would allow the wallet-provider to do nothing when it is best placed to avoid the potential loss to the wallet-holder. The third feature is that, in the event that the wallet-provider is required to make a disclosure relating to suspected money laundering, there may come a point in time when the wallet-provider is required to provide information to the wallet-holder regarding the disclosure that has been made.122

D.  Fiduciary duties

9.20  The fourth potential duty that would result from drawing an analogy between bank accounts and digital wallets relates to the issue of whether or not fiduciary duties should be owed by banks and wallet-providers to customers and wallet-holders respectively. Certainly, the orthodoxy with respect to banks has long been clearly established: a bank is not a fiduciary of its customer with respect to ordinary banking123 or lending transactions,124 albeit that there may be circumstances involving relationships of vulnerability and ascendency,125 the provision (p. 248) of financial advice,126 the custody of securities,127 or discretionary portfolio management128 when such a fiduciary relationship may arise. In light of the fact that the wallet-provider is effectively providing a type of custody service to the wallet-holder, it is certainly arguable that the relationship arising from the digital wallet might be treated as fiduciary in nature, but, given the usually commercial and arm’s-length nature of the dealings between a wallet-provider and wallet-holder and the likelihood of contractual exclusion, a court is only likely to reach such a conclusion cautiously. Accordingly, in general there should not be any greater willingness to impose fiduciary duties in the digital-wallet context than in the context of ordinary retail banking.

III.  The Cryptocurrency as Payment

9.21  Besides acting as a depositary for funds, the second key function performed by a bank involves the transfer of those funds, usually by way of payment. Accordingly, the second broad area of enquiry concerns the extent to which the established principles relating to bank payments and payment systems may be useful in analysing the transfer and use of cryptocurrencies as payment. Whilst the discussion still considers the role of the digital wallet and its provider in that process, the analysis is necessarily broader than in the previous section, given that the transfer or payment process does not simply involve the private keys held in the digital wallet; it also concerns how the underlying cryptocurrency itself operates within the network. In that regard, it may once again be wondered how the lessons learned from bank payments can be mapped onto a decentralized network that does not purport to depend upon intermediaries in the same way as traditional banking. The answer lies in the fact that just as traditional bank payments rely upon a notion of authority or agency or mandate to establish their effectiveness, so too does the holder of cryptocurrency rely on the acts of others (whether the host of the digital wallet or the nodes of the cryptocurrency network broadcasting the transaction and then adding and confirming it on the blockchain) to carry out the transfer or payment in question. Accordingly, cryptocurrencies still depend upon a form of authorization given by the wallet-holder initiating the relevant transaction; albeit that the authority in question takes a more diffuse form than in traditional bank payments, since the instruction is given to both the wallet-provider and network more widely, rather than just directly to a single bank. Once this premise is accepted, the wallet-holder’s mandate becomes susceptible (p. 249) to a similar analysis to that applied in the context of a bank customer’s mandate and accordingly gives rise to the following issues:129 namely, whether it is possible for the wallet-holder to countermand a transaction once initiated; whether a wallet-holder’s instructions may be terminated through external factors; how one allocates responsibility between the wallet-provider, the wallet-holder, and/or the network nodes for any unauthorized or misdirected transfers; and how one determines when the transfer is effective to discharge any underlying liability in respect of which the transfer of cryptocurrency is made.

9.22  With respect to issues of countermand, the aim of every cryptocurrency network is that the transaction be completed as quickly as possible, since the shorter the delay, the less the risk of a successful countermand. Unfortunately, with the number of network nodes declining,130 there can be delays in broadcasting a particular transaction to the network and, thereafter, there can be further delays in the confirmation of the transaction by the network.131 Accordingly, there may be a window between initiation and confirmation when countermand is technically possible. Certainly, the position with cheques was that customers were free to cancel their payment instructions if they informed their bank before the cheques were cleared.132 Increasingly, however, the requirements of commercial certainty and business efficiency have tended to eclipse the desirability of a payor being allowed to change his or her mind about a particular payment. Accordingly, with respect to credit and debit card payments, the contractual network rules established by Visa and MasterCard generally preclude a cardholder from simply revoking a payment instruction,133 although there are charge-back134 and statutory mechanisms135 for recouping payments when goods or services have been returned by the cardholder, have never been supplied, or have proved to be defective. The same position has been adopted with respect to electronic funds transfers: in Delbrueck & Co v Manufacturers Hanover Trust,136 the Court of Appeal for the Second (p. 250) Circuit considered that a CHIPS transfer was irrevocable because of the nature of the system and the fact that the CHIPS participants expected the system to operate in that way and, in Tayeb v HSBC Bank plc,137 Colman J considered that, as the CHAPS rules effectively precluded countermand, any instruction issued by the payor was effectively irrevocable. This trend in payments has been confirmed with the advent of the ‘Faster Payments System’,138 which completes the transfer of small electronic payments almost instantaneously, and the Payments Services Regulations 2017 (PSR 2017),139 which provides that a payment instruction can no longer be revoked once received by the transferor’s bank, thereby removing the practical option of revoking a payment unless the revocation occurs almost immediately. On this basis, to the extent at least that a cryptocurrency is being used as a means of effecting payment for goods or services, there appears to be no reason why legally the transfer or payment would not be treated as irrevocable once it is broadcast to the network by analogy with Tayeb and the PSR 2017, even if in practical terms there is a window (as described above) in which countermand would otherwise be possible.

9.23  More problematic than the issue of countermand by the cryptocurrency holder is the risk that some external factor might—as described previously—operate to terminate the authority of the digital wallet-holder and the network to initiate, broadcast, and confirm the transaction in question. Of particular concern in this regard is the impact that the anti-money laundering and anti-terrorist financing legislation under the Terrorism Act 2000 and the Proceeds of Crime Act 2002 might have upon that authorization process, particularly when an ‘authorized disclosure’ has been made.140 With respect to other traditional payment mechanisms, the courts have been clear that, when such a disclosure has been made, the bank is ‘obliged not to carry out any transaction in relation to that account’,141 since the transaction is temporarily illegal to perform, with the result that the obligation on the bank to abide by its customer’s instructions is suspended until the illegality is removed (by virtue of the relevant authorities giving the transaction clearance).142 Accordingly, even in those payment systems that are considered irrevocable by the customer (as considered above), it is possible for the payment transaction to be suspended statutorily. Indeed, Colman J made clear in Tayeb that (by analogy with documentary credits) the irrevocable nature of a payment instruction could not trump any fraud or illegality affecting it.143 With respect to cryptocurrencies, (p. 251) it would be unproblematic to apply the same reasoning at the pre-confirmation stage of the transaction, but it is unclear how that same reasoning could be squared with the process of confirming a transaction by adding it to the blockchain, since the underlying premise of the network is that the transaction is not only irrevocable but also irreversible at that stage. It is highly unlikely, however, that the English courts would allow the internal workings of a cryptocurrency network to set at naught international attempts to combat money-laundering and terrorist financing (indeed, money laundering legislation has been successfully applied to Bitcoin in the United States),144 but such a judicial approach may ultimately be at the expense of the cryptocurrency network’s integrity.

9.24  Besides the issue of whether it might be possible for an instruction relating to a cryptocurrency transaction to be reversed, the law relating to bank payments may also assist with the allocation of legal responsibility for any unauthorized or fraudulent payment instructions. With respect to the issue of liability for unauthorized instructions, a useful analogy might be drawn with those payment systems that previously employed the ‘tested telex’ system and now depend upon SWIFT for their transmission. In Standard Bank London Ltd v The Bank of Tokyo Ltd,145 which involved a bank arguing that a tested telex sent to the beneficiary of a letter of credit was unauthorized, Waller J was prepared to accept that the security features of the tested telex system effectively negated any argument that the letter of credit was unauthorized. A similar argument has since been accepted by the Singaporean courts in relation to a letter of credit issued by SWIFT.146 By this reasoning (and as a corollary of the fact that countermand is likely to be largely impossible) it ought not to be possible for a wallet-holder to argue that a particular transaction was not properly authorized and accordingly seek to unwind it on that basis. Whilst such a transaction ought not to be invalid, there may still be an issue of whether the wallet-holder might be entitled to compensation from the wallet-provider or the network nodes in respect of an unauthorized or fraudulent transaction or whether the wallet-holder must ultimately bear that loss. Certainly, at common law, a bank bore all the losses associated with the operation of a payment system, even if the relevant unauthorized or fraudulent transaction was initiated by one of the customer’s own employees;147 under the PSR 2017, however, the customer bears responsibility for any losses if these are the result of his or her negligence in keeping any security features safe,148 the result of his or her gross negligence or fraud,149 or the result of using incorrect (p. 252) transfer details150 (such as an incorrect public key for the intended transferee in the case of cryptocurrency). Neither of these analytical frameworks draws the line in the right place for cryptocurrencies, however, since they operate from the default position that the bank should bear the losses for unauthorized or fraudulent transactions, unless there is some countervailing reason to make the customer liable. With respect to cryptocurrencies, the wallet-holder should bear all the losses associated with such transactions, unless he or she can establish a freestanding civil claim that is attributable to the wallet-provider or one or more operators of the network nodes. In other words, there should be no default assumption that someone else, other than the wallet-holder himself, will bear the losses attributable to unauthorized or fraudulent transactions.

9.25  Finally, there arises the question of when a transfer of cryptocurrency discharges any debt in respect of which it is transferred. There are two sub-issues. Firstly, as with other payment systems, it is necessary to enquire as to whether payment by cryptocurrency would constitute absolute or conditional payment. Given that most modern payment systems result in the absolute discharge of the underlying debt, as in the case of credit cards,151 it is submitted that this is the more appropriate analogy for cryptocurrencies, rather than linking them to cheques. Secondly, it is necessary to determine when a transfer of cryptocurrency is effective to discharge any underlying debt. In the context of electronic funds transfers, the issue arose in The Laconia,152 in which a payee’s bank received a telex message requiring it to credit its customer’s account with an amount due under a charterparty. This telex was received at the payee’s bank after the date appointed in the charterparty, but shortly before the bank was given an instruction by its customer to refuse late payment. Although the payee’s bank had started taking the steps necessary to credit the payee’s account, the payee instructed the bank to return the funds. Whilst the House of Lords stressed that the steps taken by the payee bank were purely provisional and procedural (and accordingly subject to reversal), their Lordships also indicated that the payee bank lacked authority to accept the payment for the payee, since the bank’s authority had been withdrawn when the payment was late (although there may be exceptions where the payee bank has ostensible authority or has retained the funds for an unreasonable length of time153). Accordingly, the discharge of the underlying debt by payment depended upon the continuing authority of the payee’s bank to receive that payment. In addition to the payee bank needing such authority, the House of Lords in The Chikuma154 confirmed that (p. 253) payment would only be complete, as between the payer and payee, once the payee had unconditional use of the funds and could draw on them without restriction in the same way as cash. On this basis, a transfer of cryptocurrency ought only to be effective to discharge an underlying debt if the recipient’s digital wallet-provider has authority to receive the transfer of cryptocurrency and the wallet-holder is able to access his or her cryptocurrency unhindered, once its receipt is recorded in their digital wallet.

IV.  The Cryptocurrency as a Basis for Lending

9.26  The third and final function that is performed by banks, in addition to their roles as depository and paymaster, is the lending of funds to customers and third parties. In contrast to the previous sections, the principles relating to bank lending (whether through loans or overdrafts) may not at present provide a particularly useful analogy or helpful analytical framework for cryptocurrency-based financing: firstly, as considered above, the notion of an overdrawn digital wallet is as yet largely unknown; and, secondly, it seems unlikely that a bank in today’s climate would either designate a loan or overdraft facility in cryptocurrency or accept such a payment in relation to an existing loan or facility, simply because cryptocurrencies are viewed as being too volatile to be a reliable measure of value. If such loans or overdrafts were one day advanced, then there is no reason why the legal principles relating to ordinary bank lending would not be equally applicable to cryptocurrency-based loans, although some thought would need to be given to the drafting of any ‘market flex’ or ‘material adverse change’ clauses in light of cryptocurrencies’ volatility. That said, there is a developing market in ‘cryptocurrency loans’ that involve the holder of cryptocurrency ‘lending’ their holding (in return for a fee payable in fiat currency) to a third party who may then use that cryptocurrency for their own commercial ends.155 Traditional banking lending principles are unlikely, however, to provide much assistance in resolving the issues arising out of such asset-lending arrangements, which is more akin to a repurchase agreement or a title-transfer security arrangement. In that regard, the principles developed in the context of bank security-taking may provide more assistance in respect of how private keys or the underlying cryptocurrency could operate as collateral for the purpose of secured lending in a fiat currency, although this would once again depend upon the issue of whether cryptocurrencies qualified as ‘money’ or ‘property’, as touched upon above. If this issue were overcome, it may be that a security arrangement taking effect by way of outright transfer of private keys may ultimately prove to be the (p. 254) most effective way of structuring the transaction,156 rather than the taking of a charge.157

V.  Conclusion

9.27  Ultimately, therefore, it seems clear from the above survey that cryptocurrencies, whilst on practical level at odds with traditional banking, do have a good deal to learn from traditional banking law principles. That said, it is clear that the transposition of the principles from one context to the other does on occasion require some adjustment, particularly when it comes to the application of money-laundering legislation. Such adjustment is unsurprising given that much of the legislative material pre-dates the advent of cryptocurrencies. Now that they are firmly on the regulators’ radar, however, it should be possible in future to ensure that legislation is drafted to take account of cryptocurrencies specifically in order to achieve their proper regulation.

Footnotes:

Christopher Hare, Tutorial Fellow, Somerville College, Oxford and Travers Smith Associate Professor of Corporate and Commercial Law, University of Oxford, UK.

1  Satoshi Nakamoto, ‘Bitcoin: A Peer-to-Peer Electronic Cash System’ (October 2008) (Bitcoin) <https://Bitcoin.org/en/Bitcoin-paper> accessed 27 August 2018. See further Kleiman v Wright, US Dist Lexis 216417 (2018).

2  See Law and Financial Markets Project, Blockchain Financial Assets and Beyond: Legal and Regulatory Perspectives, London School of Economics, 26 May 2017 <www.lse.ac.uk>.

3  Eva Micheler, ‘Custody Chains and Asset Values: Why Crypto-Securities Are Worth Contemplating’ (2015) 74 CLJ 505, 509, 532–3.

4  Consider Richard Cohen and others, ‘Automation and Blockchain in Securities Issuances’ (2018) 33 BJIB&FL 144.

5  Matthews v The Queen [2014] VSCA 291, [35]; Attorney-General v Davis [2018] IESC 27, [4]–[5]. See also R v Ciftdal [2018] EWCA Crim 2505.

6  Consider Dearborn v Saskatchewan (Financial and Consumer Affairs Authority) [2017] SKCA 63; Coffey v Ripple Labs Inc, US Dist Lexis 135585 (2018). In the United States, cryptocurrencies are treated as a commodity for regulatory purposes: see Re Coinflip Inc, Commodity and Futures Trading Commission, CFTC Docket no 15-29 of 2015 (17 September 2015).

7  Consider PML v Person(s) Unknown (responsible for demanding money on 27 February 2018) [2018] EWHC 838 (QB); R v Read [2018] EWCA Crim 2186. See also United States v Brown, 857 F.3d 334 (6th Cir, 2017).

8  Commodity Futures Trading Commission v McDonnell, 287 F. Supp 3d 213 (EDNY, 2018).

9  State Bank of Pakistan, Prohibition of Dealing in Virtual Currencies/Tokens, BPRD Circular no 3 of 2018 (6 April 2018). See also Finextra, India’s Central Bank Issues Cryptocurrency Ban (6 April 2018).

10  For a judicial description of an ‘initial coin offering’, see Matter Technology Ltd v Mrakas [2018] NSWSC 507, [35].

11  Yves Mersch, ‘Virtual or Virtueless? The Evolution of Money in the Digital Age’, Official Monetary and Financial Institutions Forum, London, 8 February 2018.

12  Consider John M Keynes, The General Theory of Employment, Interest and Money (Macmillan, 1936).

13  Jake Rudnitsky and Anna Baraulina, Russia’s Central Bank Is also Sceptical of Cryptocurrency (Bloomberg, 14 September 2017) <www.bloomberg.com/news/articles/2017-09-14>.

14  George Danezis and Sarah Meiklejohn, ‘Centrally Banked Cryptocurrencies’, Network and Distributed System Security Symposium, San Diego, 21–24 February 2016 <www.discovery.ucl.ac.uk>. See also Yves Mersch, ‘Digital Base Money: an Assessment from the ECB's Perspective’, European Central Bank, 16 January 2017.

15  The Telegraph, ‘Bitcoin a “Failed” Currency, says Mark Carney’, 19 February 2018, reporting Mark Carney’s comments made following his speech, ‘Reflections on Leadership in a Disruptive Age’, Regent’s University, London, 19 February 2018 <www.telegraph.co.uk/technology/2018/02/19/bitcoin-failed-currency-says-mark-carney>.

16  For example, unlike other funds deposited in a bank account, a person’s cryptocurrency is probably not protected by the Financial Services Compensation Scheme in the UK (see Financial Services and Markets Act 2000, Part 15 (as amended)) nor is the relationship between a wallet-provider and wallet-holder likely to fall within the remit of the Financial Ombudsman Scheme (see Financial Services and Markets Act 2000, Part 16 (as amended)).

17  Wisconsin Central Ltd v United States, 138 S Ct 2067 (2018), 2076.

18  For the characterization of cryptocurrencies as ‘money’ for a range of legal purposes, see further Chapters 2 and 3 above.

19  See generally Currency and Bank Notes Act 1954, s 1; Coinage Act 1971, ss 3, 9–10.

20  Funds deposited in a bank account take the form of a chose in action that can be enforced by the depositor against the bank up to the amount of the deposit (or overdraft limit): see R v Preddy [1996] AC 815, 834.

21  Electronic Money Regulations 2011, SI 2011/99, reg 2(1).

22  C-264/14 Skatteverket v Hedqvist [2016] STC 372.

23  ibid [12].

24  United States v Ulbricht (Case 1:14-cr-00068-KBF, SDNY, 9 July 2014), 5, 47–50, aff’d 858 F.3d 71 (2nd Cir, 2018).

25  See generally United States v Ulbricht (Case 1:14-cr-00068-KBF, SDNY, 9 July 2014), aff’d 858 F.3d 71 (2nd Cir, 2018); United States v Faiella (Case 1:14-cr-00243-JSR, SDNY, 8 August 2014), 2–3.

26  Coinstar Ltd v The Commissioners for Her Majesty’s Revenue and Customs [2016] UKFTT 0610 (TC), [64], aff’d [2017] UKUT 256 (TCC), [73]. Consider also Navee Ltd v The Commissioners for Her Majesty’s Revenue and Customs [2017] UKFTT 0602 (TC).

27  Rensel v Centra Tech Inc, US Dist Lexis 106642 (DC Fla., 2018).

28  Securities and Exchange Commission v Shavers (Case 4:13-cv-00416-RC-ALM, 6 August 2013), 1–3; United States v Ulbricht (Case 1:14-cr-00068-KBF, SDNY, 9 July 2014), 5, 47–50, aff’d 858 F.3d 71 (2nd Cir, 2018); United States v Faiella (Case 1:14-cr-00243-JSR, SDNY, 8 August 2014), 2–3; cf. C-264/14 Skatteverket v Hedqvist [2016] STC 372, [42]–[56].

29  Armstrong DLW GmbH v Winnington Networks Ltd [2013] Ch 156, [42]–[61].

30  C-264/14 Skatteverket v Hedqvist [2016] STC 372, [22]–[31]. See also Wilton Park Ltd v Commissioners for Her Majesty’s Revenue and Customs [2015] UKUT 343 (TCC), [42]–[50].

31  United States v Ulbricht, 858 F.3d 71 (2nd Cir, 2018), 85.

32  C-264/14 Skatteverket v Hedqvist [2016] STC 372, [11].

33  There is also a distinction between a ‘hot’ wallet, which stores the private keys on a network-connected machine, and a ‘cold’ wallet, which stores the keys offline: see United States v Ulbricht, 858 F.3d 71 (2nd Cir, 2018), 116–17.

34  Consider Leidel v Sallah, US App Lexis 10464 (2018).

35  Notable examples include the hacking of the Bitcoin bank, Flexcoin, in April 2014; the Hong Kong-based Bitfinex exchange in August 2016; the South Korean exchange, Bithumb, in July 2017; the mining marketplace, NiceHash; the South Korean Youbit exchange in December 2017; and the South Korean exchange, Coinrail, in June 2018.

36  The investor risk might be lessened if cryptocurrency exchanges qualified as a designated ‘system’ under EC Directive 98/26 of the European Parliament and of the Council of 19 May 1998 on Settlement Finality in Payment and Securities Settlement Systems, OJ L 166/45, art 2(a).

37  Greene v Mizuho Bank Ltd, US Dist Lexis 95536 (DC Ill, 2018). See also Peter Susman, ‘Virtual Money in the Virtual Bank: Legal Remedies for Loss’ (2016) 31 BJIBFL 150.

38  United States v Ulbricht, 858 F.3d 71 (2nd Cir, 2018), 85. See also Symphony FS Ltd v Thompson, US Dist Lexis 214641 (2018).

39  Consider OBG Ltd v Allan [2008] AC 1, [97]–[106], [225]–[238], [321]. See also Lucy Chambers, ‘Misappropriation of Cryptocurrency: Propelling English Private Law into the Digital Age?’ (2016) 31 BJIB&FL 263.

40  Consider Ashton Investments Ltd v OJSC Russian Aluminium (Rusal) [2006] EWHC 2545 (Comm).

41  See generally Leigh and Sillavan Ltd v Aliakmon Shipping Co Ltd [1986] AC 785.

42  Consumer Rights Act 2015, s 33(1). Where the wallet-holder is a non-consumer, an equivalent claim under the Sale of Goods Act 1979 would traditionally require there to be an element of tangibility associated with the software supplied: see n 61 below.

43  For these purposes ‘digital content’ is defined as ‘data which are produced and supplied in digital form’: see Consumer Rights Act 2015, s 2(9).

44  Consumer Rights Act 2015, s 34(1).

45  ibid s 35(1). Consider Susman (n 37 above).

46  United Dominions Trust Ltd v Kirkwood [1966] 2 QB 431, 447, 457–58, 465.

47  Commissioners of Taxation v English, Scottish and Australian Bank [1920] AC 683, 687–88.

48  Akbar Khan v Attar Singh [1936] 2 All ER 545, 548.

49  Foley v Hill (1848) 2 HLC 28, 36–7; Foskett v McKeown [2001] 1 AC 102, 127–28; Azam v Iqbal [2007] EWHC 2025 (Admin), [15]–[17], [27]–[29].

50  Foley v Hill (1848) 2 HLC 28, 36; Governor & Company of the Bank of Scotland v A Ltd [2001] 1 WLR 751, [25]; Wright v HSBC plc [2006] EWHC 930 (QB), [42], [47], [61], [63].

51  That said, the distinction between tangible and intangible property or between choses in action and choses in possession may not be as watertight as traditionally assumed: see Joanna Perkins and Jennifer Enwezor, ‘The Legal Aspect of Virtual Currencies’ (2016) 31 BJIB&FL 569, 570. See also Attorney-General of Hong Kong v Nai-Keung [1987] 1 WLR 1339, 1342.

52  National Provincial Bank Ltd v Hastings Car Mart Ltd [1965] AC 1175, 1247–48: ‘Before a right or an interest can be admitted into the category of property, or of a right affecting property, it must be definable, identifiable by third parties, capable in its nature of assumption by third parties and have some degree of permanence or stability’. The possibility of applying a trust analysis to the digital-wallet relationship is not made any easier by conceptualizing the trust as a ‘persistent right’ (see Robert Stevens and Ben McFarlane, ‘The Nature of Equitable Property’ (2010) 4 Journal of Equity 1), since this conception has not been adopted by the courts (see Shell UK v Total UK [2010] 3 All ER 793; Akers v Samba [2017] UKSC 6) and does not do away with the need for the private key to be classified first as a species of ‘property’ before any possible trust arises.

53  Even if the wallet-holder’s private keys do not qualify as property, the Hastings Car Mart criteria might be used to explain why the cryptocurrency itself might constitute property in the same way as a ‘carbon credit’ (see Armstrong DLW GmbH v Winnington Networks Ltd [2013] Ch 156, [42]–[61]); a waste management licence (see Re Celtic Extraction Ltd [2001] Ch 475, [29]–[34]); a milk quota (see Swift v Dairywise Farms Ltd [2000] 1 WLR 1177, 1183–84); or an export quota (see Attorney-General of Hong Kong v Nai-Keung [1987] 1 WLR 1339, 1342). See further ch 6 above.

54  See eg Secure Capital SA v Credit Suisse AG [2015] EWHC 388 (Comm), [58]–[60], aff’d [2017] EWCA Civ 1486.

55  Although digital wallets would not currently fall within the Financial Conduct Authority’s Client Asset Sourcebook (see Financial Conduct Authority Handbook, CASS 6), the advantage of such regulatory oversight is that a statutory trust would arise in the event of the wallet-provider’s insolvency: see Re Lehman Brothers International (Europe) [2012] UKSC 6.

56  For example, in Armstrong DLW GmbH v Winnington Networks Ltd [2013] Ch 156, [50], a carbon credit was considered to be property as it was transferable in the ordinary course of business and there existed a liquid market facilitating such transfer.

57  Phipps v Boardman [1967] 2 AC 46, 89–90, 103, 127–128 (contra 107, 115); Phillips v News Group Newspapers Ltd [2013] 1 AC 1, [20].

58  Ladbroke & Co v Todd (1914) 30 TLR 433; Woods v Martins Bank Ltd [1959] 1 QB 55, 63.

59  Foley v Hill (1848) 2 HLC 28, 36–37; Joachimson v Swiss Bank Corporation [1921] 3 KB 110, 127.

60  Foley v Hill (1848) 2 HLC 28, 36; Commissioners of the State Savings Bank of Victoria v Permewan, Wright & Co Ltd (1914) 19 CLR 457, 471.

61  For the notion of a contract for the provision of ‘digital content’: see Consumer Rights Act 2015, s 33. As this concept is limited to business-to-consumer supply contracts, equivalent contracts between different parties might qualify as a sale of goods if there is an element of tangibility in the supply (see St Albans District Council v International Computers Ltd [1996] 4 All ER 481, 493; Gammasonics Institute for Medical Research Pty Ltd v Comrad Medical Systems Pty Ltd [2010] NSWSC 267, [1]–[3], [5]–[6], [12]–[15], [24], [47]; Your Response Ltd v Datateam Business Media Ltd [2014] EWCA Civ 281, [18]–[20], [42]) or alternatively a contract for the provision of a service or a sui generis type of contract.

62  For the equivalent services traditionally provided by banks in relation to safe custody of tangibles and documentary intangibles, such as safety-deposit boxes, see Peter Ellinger, Eva Lomnicka, and Christopher Hare, Ellinger’s Modern Banking Law (5th edn, OUP, 2011) 742–49. In relation to global custodian services provided by banks in relation to securities, see generally Madeleine Yates and Gerald Montagu, The Law of Global Custody (4th edn, Bloomsbury Publishing, 2013).

63  See eg JP Morgan Chase Bank v Springwell Navigation Corporation [2008] EWHC 1186 (Comm), aff’d [2010] EWCA Civ 1221.

64  Westminster Bank Ltd v Hilton (1926) 136 LT 315, 317; Coutts & Co v Stock [2000] 1 WLR 906, 909; Hollicourt (Contracts) Ltd v Bank of Ireland [2001] 2 WLR 290, 296, 300.

65  Joachimson v Swiss Bank Corporation [1921] 3 KB 110, 126–29.

66  For more sophisticated examples of standard terms and conditions, see Free Wallet, ‘Homepage’ (Free Wallet) www.freewallet.org and Bitcoin Wallet, ‘Homepage’ (Bitcoin Wallet) <www.bitcoinwallet.com> accessed 27 August 2018.

67  London Joint Stock Bank v Macmillan [1918] AC 777, 814.

68  Difficulties may arise when the principal’s instructions are ambiguous: see Ireland v Livingstone (1872) LR 5 HL 395; Westminster Bank v Hilton (1926) 43 TLR 124.

69  Midland Bank Ltd v Seymour [1955] 2 Lloyd’s Rep 147, 168.

70  Ellinger, Lomnicka, and Hare (n 62 above) 224–26, 454–88.

71  Sierra Leone Telecommunications Co Ltd v Barclays Bank plc [1998] 2 All ER 821, 827.

72  A third-party debt order is a proprietary remedy which operates to discharge the debt and release the debtor from his obligation to pay in respect of that debt: see Société Eram Shipping Co Ltd v Compagnie Internationale de Navigation [2004] 1 AC 260, [24], [62], [88]; Taurus Petroleum Ltd v State Oil Marketing Co of the Ministry of Oil, Iraq [2017] UKSC 64, [29].

73  Civil Procedure Rules, r 72.2(1)(a).

74  For the meaning of ‘debt’ for the purposes of Civil Procedure Rules, Part 72, consider Taurus Petroleum Ltd v State Oil Marketing Co of the Ministry of Oil, Iraq [2017] UKSC 64, [87]. See further Civil Procedure Rules, Practice Direction 72, [2].

75  Proceeds of Crime Act 2002, Sch 9, para 1(1)(a).

76  ibid, s 330.

77  ibid, s 340(3). For these purposes, ‘criminal property’ is property that represents ‘a person’s benefit from criminal conduct’, which means that the property has been obtained ‘as a result of or in connection’ with the conduct in question: ibid, s 330(5).

78  ibid, s 340(9). In this regard, the notion of ‘property’ is defined in a non-comprehensive manner as including money, ‘all forms of property, real or personal, heritable or moveable’ and ‘things in action and other intangible or incorporeal property’.

79  ibid, s 329(1).

80  ibid, ss 329(2)(a), 338(2)–(3).

81  ibid, s 327(1).

82  ibid, s 328(1).

83  ibid, s 338(2)–(3).

84  Civil Procedure Rules, Practice Direction 25A.

85  Customs & Excise Commissioners v Barclays Bank plc [2007] 1 AC 181, [10]; Fourie v Le Roux [2007] 1 All ER 1087, [2].

86  Cretanor Maritime Co Ltd v Irish Marine Management Ltd [1978] 1 WLR 966, 976–77; Mercedes-Benz v Leiduck [1996] AC 284, 300.

87  It has been suggested that trying to reify cryptocurrencies for the purposes of allocating it a particular location ‘is not marginally more useful than thinking of Santa Claus as a denizen of the North Pole’: see Microsoft Corporation v United States, 855 F.3d 53 (2017), 62.

88  Campanari v Woodburn (1854) 15 CB 400. There is, however, a distinction between the general impact of death upon an agency relationship and the impact of death upon the specific mandate to honour cheques: see Bills of Exchange Act 1882, s 75(2).

89  In circumstances where the digital-wallet-holder lacks capacity to manage his or her property or affairs, a court may appoint one or more deputies to take over that decision-making process: see Mental Capacity Act 2005, ss 2(1), 16(2), 18(1).

90  Yonge v Toynbee [1910] 1 KB 215, 235; cf Drew v Nunn (1879) 4 QBD 661, 668–70.

91  Administration of Estates Act 1925, ss 25, 52.

92  Pettit v Novakovic [2007] BPIR 1643, [7].

93  Re London and Mediterranean Bank (1870) LR 5 Ch App 567, 569.

94  National Westminster Bank Ltd v Halesowen Presswork Assemblies Ltd [1972] AC 785. That the mandate does not terminate upon the issuing of the petition is clear from Hollicourt (Contracts) Ltd v Bank of Ireland [2001] 2 WLR 290, [33].

95  Insolvency Act 1986, s 234(2). For these purposes, ‘records’ include computer records and other non-documentary records: ibid, s 436. A similar power is conferred on a trustee in bankruptcy: ibid, s 365.

96  Tournier v National Provincial and Union Bank of England [1924] 1 KB 461, 472–73, 479–81, 485–86. This chapter uses the terminology of ‘secrecy’, rather than ‘confidentiality’, to refer to the bank’s core obligation, arising out of the account contract, not to disclose its customer’s information. There are three reasons for this. Firstly, the language of ‘bank secrecy’ reflects the statutory terminology adopted in some jurisdictions: see Banking Act, para 47 (Switzerland); Criminal Code, s 156 (Argentina); Banking and Financial Institutions Act 1989, s 97 (Malaysia). That said, Singapore has recently abandoned the language of ‘secrecy’ in favour of ‘privacy’: see Banking Act (Cap 19, 2008 Rev Ed Sing), s 47 (Singapore). Secondly, referring to ‘bank secrecy’ emphasizes that the bank’s duty of non-disclosure (at least as traditionally conceived in the UK) extends to information that is not actually confidential at all. Thirdly, and related to the previous point, the language of ‘bank secrecy’ helpfully distinguishes the duty owed by banks specifically from the more general form of equitable liability for breach of confidence, which arises in any situation involving the disclosure of confidential information: see Coco v AN Clark (Engineers) Ltd [1968] FSR 415, 419–21; Attorney-General v Observer Ltd [1990] 1 AC 109, 281.

97  Tournier v National Provincial and Union Bank of England [1924] 1 KB 461, 473–74, 485. See also Lipkin Gorman v Karpnale Ltd [1989] 1 WLR 1340, 1357; Barclays Bank plc v Taylor [1989] 1 WLR 1066, 1070.

98  With respect to equipment-based wallets, it is clear that issues of confidentiality and secrecy are no less important, so that if there is a disclosure of the private keys this may (although this will not necessarily always be the case) indicate some defect in the equipment provided and accordingly provide the basis for a contractual claim against the supplier of the equipment: see Sale of Goods Act 1979, s 13–15; Consumer Rights Act 2015, ss 9–11.

99  See generally Attorney-General v Observer Ltd [1990] 1 AC 109, 281; Douglas v Hello! Ltd (no 3) [2008] 1 AC 1, [255], [272]–[278]; Campbell v Mirror Group Newspapers Ltd [2004] 2 AC 457, [14], [21], [51], [96], [134]; Vestergaard Frandsen A/S v Bestnet Europe Ltd [2013] 1 WLR 1556, [23]–[28].

100  Consider, for example, the protection to privacy rights afforded in PJS v News Group Newspapers Ltd [2016] UKSC 26.

101  See generally EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of such Data and Repealing Directive 95/46/EC, OJ L 119/1.

102  B2C2 Ltd v Quoine Pte Ltd [2018] SGHC 4.

103  Barclays Bank plc v Taylor [1989] 1 WLR 1066, 1070.

104  Tournier v National Provincial and Union Bank of England [1924] 1 KB 461, 473; cf Attorney-General v Observer Ltd [1990] 1 AC 109, 281–82.

105  In the banking context, it is clear that a customer’s implied consent is nowadays insufficient to relieve a bank of its duty of secrecy: see Turner v Royal Bank of Scotland plc [1999] 2 All ER (Comm) 664, 671.

106  Price Waterhouse v BCCI Holdings (Luxembourg) SA [1992] BCLC 583; Pharaon v Bank of Credit and Commerce International SA [1998] 4 All ER 455.

107  Tournier v National Provincial and Union Bank of England [1924] 1 KB 461, 473.

108  Ellinger, Lomnicka, and Hare (n 62 above) 190.

109  Consider the overly broad (and arguably illegitimate) approach to this limitation in Sunderland v Barclays Bank Ltd (1938) 5 LDAB 163.

110  See eg Terrorism Act 2000, s 21B; Proceeds of Crime Act 2002, s 337.

111  See eg Police and Criminal Evidence Act 1984, s 9.

112  See eg Insolvency Act 1986, s 236.

113  See eg Taxes Management Act 1970, ss 13, 17, 24; Income Tax Act 2007, s 771.

114  United States v Coinbase Inc, US Dist 196306, (ND Ca, 2017).

115  Selangor United Rubber Estates Ltd v Craddock (no 3) [1968] 1 WLR 1555, 1608; Karak Rubber Co Ltd v Burden (no 2) [1972] 1 WLR 602, 622–31.

116  Supply of Goods and Services Act 1982, s 13.

117  Consumer Rights Act 2015, s 49(1).

118  JP Morgan Chase Bank v Springwell Navigation Corporation [2008] EWHC 1186 (Comm), [3], [94], [101–[105], [141]–[171], [236], [263]–[264], [373]–[374], [429]–[434], [445]–[459], [474]–[490], [603]–[608], aff’d [2010] EWCA Civ 1221.

119  Stafford v Conti Commodity Services [1981] 1 All ER 691, 696–97; Valse Holdings SA v Merrill Lynch International Bank Ltd [2004] EWHC 2471 (Comm), [22], [69], [71].

120  Williams & Glyn’s Bank Ltd v Barnes [1981] Com LR 205, 207; Schioler v Westminster Bank Ltd [1970] 2 QB 719; National Commercial Bank (Jamaica) Ltd v Hew [2003] UKPC 51, [22].

121  Barclays Bank plc v Quincecare [1992] 4 All ER 363, 376–77; Lipkin Gorman v Karpnale Ltd [1989] 1 WLR 1340, 1378; Verjee v CIBC Bank and Trust Company (Channel Islands) Ltd [2001] Lloyd’s Rep Bank 279.

122  Shah v HSBC Private Bank (UK) Ltd [2010] EWCA Civ 31, [37]–[39].

123  Governor & Company of the Bank of Scotland v A Ltd [2001] 1 WLR 751, [25]; Murphy v HSBC Bank plc [2004] EWHC 467 (Ch), [101]; Tamimi v Khodari [2009] EWCA Civ 1042, [42]; Kotonou v National Westminster Bank plc [2010] EWHC 1659 (Ch), [136].

124  Popek v National Westminster Bank plc [2002] EWCA Civ 42, [33]; Tamimi v Khodari [2009] EWCA Civ 1042, [42].

125  Lloyds Bank Ltd v Bundy [1975] QB 326.

126  Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (no 4) (2007) 241 ALR 705, [325]–[330].

127  JP Morgan Chase Bank v Springwell Navigation Corporation [2008] EWHC 1186 (Comm), [573], aff’d [2010] EWCA Civ 1221.

128  Diamantides v JP Morgan Chase Bank [2005] EWCA Civ 1612, [42].

129  It is submitted that the analysis does not alter according to whether a cryptocurrency is viewed as being equivalent to money (and so capable of constituting payment in the usual manner) or whether it is viewed as an intangible asset held in an electronic system in a similar manner to intermediated securities, albeit that these demonstrate a degree of centralization absent in cryptocurrency networks.

130  Unlike the mining process, there are few rewards for operating a network node used to broadcast transactions, and the costs associated with the process can be high.

131  Whilst the average confirmation time for one block in the Bitcoin network is ten minutes, Poisson processes result in some blocks taking far longer to confirm, heightening the risk of countermand.

132  Bills of Exchange Act 1882, s 75(1).

133  For statutory confirmation of this position, see Payment Services Regulations 2017, SI 2017/752, reg 67(3).

134  Office of Fair Trading v Lloyds TSB Bank plc [2008] 1 Lloyd’s Rep 30, [36]–[37]; Lancore Services Ltd v Barclays Bank plc [2009] EWCA Civ 752, [16]; The Governor and Company of The Bank of Scotland v Alfred Truman [2005] EWHC 583 (QB), [2], [5]–[11], [125]; NSB Ltd v Worldpay Ltd [2012] EWHC 927 (Comm), [3]–[4].

135  Consumer Credit Act 1974, s 75(1).

136  Delbrueck & Co v Manufacturers Hanover Trust, 609 F.2d 1047 (2nd Cir, 1979), 1051.

137  Tayeb v HSBC Bank plc [2004] 4 All ER 1024, [57], [60].

138  See Faster Payments, ‘Homepage’ (Faster Payments) <www.fasterpayments.org.uk> accessed 27 August 2018.

139  Payment Services Regulations 2017, SI 2017/752, reg 67(3).

140  Proceeds of Crime Act 2002, ss 338–39.

141  Squirrel Ltd v National Westminster Bank plc [2005] 2 All ER 784, [7], [19]–[21].

142  K v National Westminster Bank plc [2006] 2 All ER (Comm) 655, [10]–[12]. See also Shah v HSBC Private Bank (UK) Ltd [2010] EWCA Civ 31, [20]–[33].

143  Tayeb v HSBC Bank plc [2004] 4 All ER 1024, [60]–[61].

144  United States v Ulbricht (Case 1:14-cr-00068-KBF, SDNY, 9 July 2014), 5, 47–50, aff’d 858 F.3d 71 (2nd Cir, 2018).

145  Standard Bank London Ltd v The Bank of Tokyo Ltd [1995] 2 Lloyds Rep 169.

146  Industrial and Commercial Bank Ltd v Banco Ambrosiano Veneto SpA [2003] 1 SLR 221.

147  Tai Hing Cotton Mill Ltd v Liu Chong Hing Bank [1986] AC 80.

148  Payment Services Regulations 2017, SI 2017/752, reg 72(3).

149  ibid, reg 77(3).

150  Tidal Energy Ltd v Royal Bank of Scotland plc [2015] 2 All ER 15.

151  Re Charge Card Services Ltd [1989] ch 497.

152  Mardorf Peach & Co Ltd. v Attica Sea Carriers Corporation of Liberia, The Laconia [1977] AC 850.

153  TSB Bank of Scotland plc v Welwyn Hatfield District Council [1993] Bank LR 267.

154  A/S Awilco of Oslo v Fulvia SpA di Navigazione of Cagliari, The Chikuma [1981] 1 WLR 314.

155  See eg coincheck.com/lending.

156  David Quest, ‘Taking Security Over Bitcoins and Other Virtual Currency’ (2015) 30 BJIB&FL 401, 403.

157  In particular, private keys and the associated cryptocurrency are unlikely to qualify as ‘financial collateral’ within the Financial Collateral Arrangements (no 2) Regulations, SI 2003/3226, reg 3(1).