Small real world blockchain startup vs regulations: our story

We’ll provide an insight into the legal challenges for small startups trying to provide real world, decentralized financial services, in the EU and to some extent in the US.

We do this by telling our own story: how we had to rescope our startup capi.finance to a software development company. The goal of capi.finance was to enable creators to easily create and sell basic shares, entitling the investors to a percentage of the project’s income, all regulated by smart contracts. Aside of KYC infrastructure to link addresses to people, the app was completely decentralized.

We’ll use a journaling format, that is, simply telling what happened. This should help visualizing our journey, and allow the reader to form their own conclusions (we’ll provide our own at the end).

At the beginning of 2022, we were working on our app’s MVP. We had received a grant and would be presenting the MVP to the granter in June. We were looking for lawyers to clarify our legal situation. We expected that, since we’d be dealing with real world assets, our path would be difficult, and were prepared with ambition, patience, and what seemed reasonable funding.

Lawyers

We talked to lawyers specialized on blockchain, who after studying our business model, offered a typical “crypto package”: a company would be registered in the Cayman Islands or similar and a token launched. The total costs for these services was around [redacted]. This was within budget and seemed straight forward. We felt that there was more to this, however, so we continued researching.

We talked to more lawyers from around the world and found better understanding of our business model, and got first estimations of a minimum of $200k.

We were forwarded to lawyers in Germany. This is were we’re located, which is not so relevant (the relevant location is mainly that of investors), but was still recommended as a start. We contacted about 10 lawyers including some from Liechtenstein and Switzerland.

One of the first replies was very direct:

Ich möchte da nur ehrlich sein, dass dies eher kein Thema für ein „Bootstrapped“-Startup ist. Ohne solide Finanzierung ist es nicht darstellbar, weil alleine die Sicherheiten für die Aufsichtsbehörden wohl mittlere 6stellige Summen benötigen, je nach Konstruktion des Geschäftsmodells.

This is German and it’s basically saying that our mission is not for “bootstrapped” startups, since we’ll need a mid-6-digits sum (Euros, or Dollars, which we’ll treat interchangeably given the roughly 1:1 average exchange rate) merely as backing for financial regulators. And this was only to make our service available in Germany.

The Liechtenstein lawyer sent us a detailed quote (where he described our business model as “simple in practice but extremely delicate legally”) for about one million CHF (which is around a million Dollars or Euros)!!. Creators would register their companies in Liechtenstein. Some details remained unclear, like in which European countries they’d be able to raise funds, and whether this was included in the estimation, but we didn’t feel like asking further.

To summarize the rest, there was generally unwillingness to give estimations, and an unspoken consensus that this kind of business is inadequate for us.

We contacted lawyers in the US too, which quickly disappeared when hearing “securities’’, a US law professor, who said something along the lines that this was “what they teach at university”, who forwarded us to another lawyer, who didn’t reply either. There were some calls with DAO organizations in exotic islands, which didn’t solve anything either in terms of offering shares to investors.

Self research

The lawyer expedition lasted 3–4 months. Not wanting to give up, we started learning law ourselves, studying in detail the BaFin’s (Germany’s financial regulator) online documentation, regulatory documents that gave us an idea of how, despite ongoing harmonization efforts in the EU, the securities laws in all the member states are still different (such that per-country consultations are required), and the relevant German laws (scattered across many different books, including but not limited to the laws of shares prospectus, laws of investments, laws of protection for small investors, laws of payments, laws of capital and laws of credit). We also went through relevant US regulations, including the requirements to become a broker-dealer and crowdfunding portal, the dreaded Howey Test, regulation CF, reg D 504, reg D 506 b, reg D 506 c, reg A+ and reg S.

The financial intemediate requirements for Germany and the US, aside of the high costs and ridiculously complex bureaucracy, require to absolve exams in broker competence (in the US it’s slightly different for us as a foreign company — investigating this would also have required a lawyer). We read about 70% of a dense ~300 pages preparation book for the exam in Germany, most of which was completely irrelevant to us, including ETF, hedge and retirement funds management, intermediation and competition laws, regulations to provide financial advice, derivatives, savings accounts, etc., all with a plethora of detail, subcategories, special cases, thresholds, formulas, jargon and legal paragraphs that had to be remembered.

Crowdfunding portals in the US have less requirements than broker-dealers, but still have centralized vetting and controlling responsibilities, and as with everything else, additional (and tendentially prohibitive) obstacles for foreign companies.

At the end, it was clear: our startup would not be allowed to happen. We also considered venture capital, but asking for a million (Euros or Dollars) “minimum” for legal costs and without users, was clearly deemed to fail. It was a deadlock: we were not able to release anything until we paid the legal costs, but to pay for the legal costs, investors wanted to see, or at least realistically estimate, adoption.

And, anyway, even if we magically acquired the funds, we would have had to rebuild our service to be effectively centralized, which we reject as it goes against our mission of providing a decentralized service.

Changing to software service

With no other options, we decided to become a software company and transform our app into a white label app. The while label app would be limited to direct offerings, moving the entry barriers from us to the creators. We were not allowed to take a rest from bureaucracy yet, though, and were advised to ask the BaFin for confirmation that this service would be exempted. This process, for which we were advised to also hire a lawyer, took about 2 months. We got a conditional confirmation, stating that we’d have to submit a request for approval for each client.

After this, we decided to ask directly the BaFin about capi.finance (which was easy to explain as a delta to the software service) and after another month, the reply recommended to hire a lawyer, with a reminder that acting as a broker without authorization makes us prosecutable with — according to the cited paragraph — up to 5 years in jail or a fine.

Exploratively, we subscribed to notifications sent by the BaFin when taking legal action against companies, and since then receive most weekdays between 2 and 5 notifications, frequently against crypto companies.

Our app

We presented our MVP to our granter to successfully conclude our agreement in June 2022. After that, we had to mostly suspend development, as we hadn’t a clear orientation of what would be allowed, and were blocked from getting user feedback. We even had to revert some features we spent months working on, to not add even more legal complications to the MVP.

After the last clarifications it was already November, and instead of iterating on the MVP, we were working on a rebranding and restructuring for per-client deployments.

How are others doing?

We don’t have to search for long to see similar cases, for example, NeoFund had to close due to uncertainty with regulators. We strongly recommend reading their story. Quick excerpt:

Yet, we are closing the Neufund business.

Why? Because today, more than two years after Greyp fundraised, we still are unsure whether regulation allows us to repeat the Greyp fundraising model with other similar companies. Despite engaging with regulators for years, we didn’t manage to get out of the limbo of legal uncertainty.

Who’s getting things done? Let’s see. Some announced recently — just this month (in the US) — the “first SEC-registered security token in history”. If we look at the details of these companies, we see that they’re registered broker-dealers (which, worth stressing, is a centralized financial intermediate), and that the teams consist primarily of ex-bankers, ex-hedge fund managers and so on. Often not even with a single developer in sight or anything remotely reminiscent of the DeFi space.

Some might think that intermediates are necessary, because with real world assets, which can’t be directly managed on a blockchain, trust is inevitably required, but this is, in our opinion, not generally correct. We will thematize this in future posts.

Conclusion

Providing any financial service connected to the real world is still reserved to the “elites”. When building on decentralized technology, regulators require to effectively centralize it, with broker-dealer regulations and exorbitant entry costs, imposing prohibitive barriers to builders.

The regulations exist, at least ostensibly, to enable trust, which makes them vestigial and an extreme hindrance for a space that is built to be trustless. Granted, real world assets, by virtue of being ultimately physical, can’t be directly managed on a blockchain, but this requires entirely different, optimized solutions, and not the existing medieval intermediation regulations.

These regulations force builders to act either anonymously or limiting themselves to utility tokens (which can’t be legally used for investing), fostering nonsense and scams, which is then used to accuse the blockchain space of not being useful.

Some agglomerate in regulatory grey areas, under constant worry of being identified as security dealers, which is obviously a precarious foundation for a business and expectedly discourages potential participants, reducing the space’s immense potential to fringe and poorly understood.

We urgently need better regulations. Until then, decentralized technology will not be able to be the innovative and inclusive space it’s meant to be.