The bill to amend the Criminal Code currently being processed (Sejm print no. 3451) is generating lots of controversies. For persons involved in FinTech, the draft of the proposed new Art. 279a of the Criminal Code is particularly interesting. It is another attempt to define new forms of commission of offences on financial markets for purposes of the criminal law. This attempt once again demonstrates what a difficult task faces lawmakers.
The problem is not new. Progress in digitalisation is accompanied by dynamic growth in various types of digital assets. The law does not keep pace with this development, and consequently is unable to ensure adequate protection to participants in digital economic exchange. This makes it necessary to adapt the existing regulations to suit the realities of the new economy.
Failure to adapt the regulations generates many doubts in interpretation, as demonstrated by recent judicial decisions. An example is a ruling by the Supreme Court of Poland, also cited in the justification for the bill to amend the Criminal Code, in which a panel of judges held that an operation conducted with a stolen proximity card without using a PIN may be treated as theft with breaking and entering.
Three methods of payment
Commercial exchange is carried out today on three different planes. The first of them is physical reality, where the carriers of value include physical money in the form of banknotes and coins. The second plane is digital reality, where the carrier of value is primarily noncash bank money (i.e. money recorded in a bank account). In recent years a third area of commercial exchange, also digital, has arisen, where the carriers of value include, for example, various types of tokens and cryptocurrencies. In simple terms, we may say that today we are dealing with three types of assets functioning in parallel: cash, noncash bank money, and crypto assets. In practice, trade also occurs using other types of digital assets (e.g. assets in virtual games which are not crypto assets), but for the purpose of this article I will restrict myself to the three categories mentioned above.
The difference between cash money and other types of assets seems obvious. The carrier of value in this case has a material dimension. In the case of the other assets, the carrier of value has only digital form. It is a digital record to which we ascribe a certain meaning. It is harder to grasp the difference between noncash bank money and crypto assets. In both instances it is a carrier of value in digital form. The difference boils down to the manner of administration of the infrastructure used to record the digital values. In the case of noncash bank money, the digital infrastructure is generally centralised, maintained by entities which we treat within the legal system as trusted third parties. Banks are an example of such entities. The money in our bank accounts is only a record in a database controlled by the bank. By contrast, the infrastructure for crypto assets is characterised by a high degree of decentralisation. An excellent example in this context is crypto assets recorded on a public blockchain (e.g. Bitcoin or tokens recorded in the Ethereum blockchain). They have digital form, but the database used to record them is decentralised, i.e. maintained by nodes that are dispersed (often all over the world). Trust in the reliability of the records is not based in this case on the special status of the entity maintaining the database (as in the case of bank money), but on specific mechanisms (including cryptographic mechanisms) for managing the database. Thus, in simple terms, the difference between noncash bank money and crypto assets may be reduced to the difference in the mechanisms for creating trust in the database where the digital assets are recorded.
This distinction may seem academic and abstract, but in practice it is vital to a proper understanding of the essence of the digitalisation of assets now occurring. Without correct systemisation of the types of digital assets, any attempt to adapt the provisions of criminal law to the realities of commercial exchange is condemned to failure.
What assets are referred to in the bill to amend the Criminal Code?
Bearing in mind the foregoing distinctions, let’s examine more closely the proposed new Art. 279a of the Criminal Code now under consideration.
Under §1 of the provision, “Anyone who makes a payment transaction using electronic money without the consent of the person authorised to dispose of the money shall be subject to imprisonment from one to ten years.”
The drafters’ intention is expressed in the justification: “The proposed legislative initiative is intended to provide criminal-law protection of customers of internet banking and persons using mobile banking, and also constitutes an attempt at comprehensive regulation of the issue of payment using electronic money.”
So which types of assets, of those broken down above, do the drafters seek to cover? Certainly not cash. In this respect the relevant provisions already exist and there is no need to introduce significant systemic changes. It appears that the intention is to adapt the criminal law to noncash bank money. This is indicated by the reference to internet banking and mobile banking. The justification even includes an attempt to define electronic banking, as “a platform enabling the user (bank customer) to use services offered by the bank.”
Does the proposal refer to crypto assets? This is not obvious. While the drafters have the ambition to comprehensively regulate “the issue of payment using electronic money,” the justification makes no direct reference to decentralised technologies. The possible conscious avoidance of this plane of trade in drafting the provision in question should be regarded as a serious weakness of the proposed new regulation.
Electronic money is not the same as noncash bank money
The aim of equalising liability for offences of a similar nature but with a different object appears laudable. The injury caused by the theft of cash and digital money is generally comparable, and there is no reason for perpetrators to be treated more leniently by the system just because the object of their offence is digital assets. This argument applies with equal force to the plane of trade where the object is noncash bank money, and where the object is crypto assets. For this reason, the proposed regulations should ultimately, insofar as possible, cover crypto assets as well. This task is now easier, as for nearly a year Polish law has contained a legal definition of virtual currency. Under Art. 2(2)(26) of the Act on Combating Money Laundering and Financing of Terrorism, “virtual currency” is defined as:
“a digital representation of value which is not:
a) a legal means of payment issued by the National Bank of Poland, foreign central banks or other public administrative authorities,
b) an international settlement unit established by an international organisation and accepted by specific countries belonging to or cooperating with such organisation,
c) electronic money within the meaning of the Payment Services Act of 19 August 2011,
d) a financial instrument within the meaning of the Act on Trading in Financial Instruments of 29 July 2005, or
e) a promissory note or cheque,
and is exchangeable in economic turnover for legal means of payment and accepted as a medium of exchange, and may also be electronically stored or transferred or may be the subject of electronic trade.”
Unlike crypto assets, there is no doubt that the drafters’ intention is to extend the new provision to noncash bank money. But will this aim be achieved if this provision reads as proposed in the first draft? I fear that unfortunately it will not.
When there’s a definition, it’s better not to rely on intuition
The drafters of the proposal decided to employ the notion of “electronic money.” This is a term that has a legal definition. Under Art. 2(21a) of the Payment Services Act of 19 August 2011, electronic money is “a monetary value stored electronically, including magnetically, issued with the obligation to redeem it, with the purpose of making payment transactions, accepted by entities other than only the issuer of the electronic money.”
Electronic money is issued in exchange for traditional money (which may take the form of either cash or noncash bank money). It is thus not equated with noncash bank money. This difference was expressly stated for example in the Polish Financial Supervision Authority’s position on prepaid cards from July 2015. A debate has continued for a long time over the usefulness of retaining a definition of electronic money in the Polish legal system. This concept has its source in payment solutions popular several years ago, involving the use of instruments charged with a certain number of units in exchange for accepted means of payment. These units were the electronic equivalent of money. In today’s payment solutions, the differences between electronic money (as defined above) and noncash bank money are often blurred. Nonetheless, electronic money still has a legal definition and is only one type of digital money. Thus, most importantly in light of the proposed new provision, it is not identical to money recorded in bank accounts. Use of the term “electronic money” in the proposal gives this provision a very narrow meaning and does not, at the least, refer to bank money, which according to the justification for the proposal was the aim of the drafters.
Thus there is much to indicate that the term “electronic money” was used in this proposal without an adequate understanding of its meaning. Personally, I get the impression that it was used more in its intuitive, vernacular meaning than with the meaning ascribed to it in the law.
The proposed regulation strives to address an urgent social and economic need to protect users of electronic assets. But contrary to the drafters’ intentions, the proposal as currently worded would have very limited application, and unfortunately could sow further chaos in the application of the Criminal Code to new forms of commission of offences in the world of digital assets. Work should therefore continue on this proposal, but it requires much deeper reflection on the types of digital assets which we want to be protected by the criminal law.