The Regulation of Cryptocurrencies and Initial Coin Offerings (ICOs) Under Traditional Securities Law

On July 25, 2017, the Securities and Exchange Commission (SEC) issued a long-awaited (by securities lawyers like myself, at least) ruling on initial coin (token) offerings, specifically a token offering launched in May 2016 by an organization called The DAO (decentralized autonomous organization). The SEC’s decision regarding the DAO is not surprising from a traditional securities law perspective, although their analysis and supporting statements carry significant insights into where this innovation vs. regulation battle is headed.

About Initial Coin Offerings (ICOs)

 An ICO, or an Initial Coin (or Token) Offering, refers to a method of raising capital that is like an Initial Public Offering (IPO) of stock without outrageous investment banker commissions and seven figure legal bills. You can think of ICOs as the IPOs of the cryptocurrency sphere.

A typical ICO involves a decentralized company/organization proposing a project to supporters who acquire an amount of the company’s proprietary digital currency (typically called coins or tokens). The tokens are issued on an indelible distributed ledger known as the blockchain, or blockchain technology, often on the Ethereum blockchain platform.

Blockchain technology was introduced to the world by the mysterious individual or group of individuals under the pseudonym, Satoshi Nakomoto. A blockchain is a public, cryptographically-protected, distributed ledger spread across a network of thousands of computers. This “database” contains records of every transaction that ever occurs on it and it’s constantly reconciling itself. This makes it virtually impossible to corrupt transactions — if someone tried to change the record of a particular transaction, the entire system would be out of balance and recognize the inconsistency. Blockchain is considered immutable, transparent, and disruptive. It’s expected to radically transform many social and economic structures by removing the need for trusted middlemen and flattening organizations.

forming a hedge fund

ICO project supporters exchange cryptocurrencies (including the biggest and baddest cryptocurrency of them all – bitcoin) of immediate, liquid value in return for the proposed, new tokens.

Millions of speculative dollars have poured into ICOs. Some tokens have increased in price hundreds or thousands of times greater than their initial offering price (among them, IOTA, Stratis, and Ethereum).

Stories of outrageous early returns have added fuel to the fire, attracting even greater participation in ICOs. ICOs raised over $1.3 trillion between January and August 2017 (not including the amounts raised by ICOs still in progress at the time of publishing this article). Cryptocurrency-related startups raised a record $540 million of capital in July 2017 alone.

Because ICO mania is starting to look like a speculative bubble, many people are worried this ride may not end well. The desire to avoid the carnage that could result from another bursting bubble has attracted the attention of government regulators, including one of the most powerful– the SEC.

Only Two Choices with Private Security Offerings: Exemption or Registration

Section 5 of the Securities Act of 1933 requires that all offers and sales of securities be registered with the SEC unless an exemption from registration is available. Registration is time-consuming and expensive, and exemptions from registration are limited in various ways. Often-used exemptions require that each purchaser of the securities be an “accredited investor,” which is someone who makes high annual income ($200,000 alone or $300,000 with a spouse for the past two years and expects the same this year) or has a high net worth ($1 million-plus without the value of their primary residence). Other exemptions require significant disclosures to investors, including audited financial statements. Navigating exemptions is challenging and carries high compliance costs. That’s what securities lawyers do – they help businesses raise capital and stay compliant with the law.

Selling unregistered securities without an exemption is deemed a Section 5 violation of the ’33 Act, which can lead to civil lawsuits or administrative actions. The SEC may ask a court to issue an injunction, forcing the defendant to undergo an audit. In other cases, they may seek civil monetary penalties or require the return of profits gained illegally.

Securities registration requirements are designed to provide investors with procedural protections and material information necessary to make informed investment decisions. These requirements apply to those who offer and sell securities in the United States, regardless of whether the issuing entity is a traditional company or a decentralized autonomous organization (like THE DAO), the securities are purchased using U.S. dollars or virtual currencies, or the securities are distributed in certificated form or through distributed ledger technology.

What Exactly is a Security?

Most people understand shares of stock. A share of stock is a security. Lots of other investment vehicles can also be securities – convertible notes, limited liability company interests, oil lease participations, and many other less-obvious investment arrangements. The go-to test for determining if an investment instrument/contract is a security is the Howey test.

In the 1940s, a Florida business owner and farmer named W.J. Howey offered real estate contracts for the development of citrus groves through a sale-leaseback arrangement. Buyers purchased land and then leased it back to the W.J. Howey Co., which would tend the land, harvest the crop, and ultimately market and sell the citrus. Since most of the buyers had no expertise in farming, they were happy to lease the land back to the W.J. Howey Company.

In the SEC v. W.J. Howey Co. majority opinion, the U.S. Supreme Court ruled that the leaseback agreement was an investment contract and constituted the sale of a security. The court set forth the following elements, which collectively comprise the definition of a security:

  • There is an investment of money;
  • There is an expectation of profits from the investment;
  • The investment of money is in a common enterprise; and
  • Any profit comes from the efforts of a promoter or third party and is largely outside the investor’s control.

Although the Howey test is more than 70 years old, it remains the gold standard for determining if an instrument is a security. This is principles-based regulation at its finest. None of the elements of the Howey test are cut and dry rules. They expand, contract, and evolve to fit the context and the SEC’s beliefs about what is equitable in a given situation.

The Howey court explained their intent to set out a test that is “flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits.”

While the elements of the Howey test are clearly stated and firmly entrenched, their application from case to case is unique. This is precisely what makes practicing securities law challenging. The field is defined at the margins – the tough calls and slight nuances that turn the advice provided to a client.

Despite incorporating different language and marketing spin, many ICOs have the look and feel of securities offerings. Many of the coins/tokens function like stock or other more exotic investment contracts. Due to their clear investment nature (of most ICOs), securities lawyers like myself have been speculating on when we’d see the SEC step in to the ring. Understand that this was not a question of if the SEC would show up; it was a question of when.

The SEC’s ruling on The DAO

The SEC has undoubtedly been watching closely as the cryptocurrency industry has taken off. The agency even released an “investor alert” about bitcoin back in 2014, warning that “using Bitcoin may limit your recovery in the event of fraud or theft.” However, the SEC’s official decision about The DAO packs a much stronger punch.

The DAO was a digital decentralized autonomous organization controlled and directed by DAO token holders. Its goal was to provide venture funding for commercial enterprises and non-profit entities. A team called created The DAO, which was built on the Ethereum blockchain, ensuring that every transaction would be publicly visible.

Significantly, the organizers took no steps to hide who they were and what they were doing. Transparency was a stated goal – the organizers wanted the public to see exactly what they were doing.

The DAO organizers speculated they would replace established organizational constructs. With The DAO’s backbone on the Ethereum blockchain, contracts between individual owners of the organization would be “formalized, automated and enforced using software.” Instead of relying on a conventional corporate governance structure like a board of directors and executive officers (a CEO, CFO, etc.), The DAO was designed to utilize smart contracts to overcome the problems and risks inherent in traditional corporate structures.

The DAO raised $150 million via a crowdfunded-token sale in May 2016.

Under The DAO’s business plan, companies and other crypto projects were expected to make proposals for funding. The DAO token holders would vote on the proposals, and if a proposal received the necessary quorum, it would be funded. If the project generated returns, the holders of DAO tokens would participate proportionally. Essentially, The DAO was expected to function like a venture capital fund: investors put in money, the fund managers identify and fund investment opportunities, and when the opportunities generate returns, the managers and initial investors are paid. Additionally, The DAO token holders could monetize their investments in tokens by reselling them in a secondary market through various web-based platforms.

The DAO curators held a significant role in the organization. Ultimately, they decided whether a particular proposal was put up for a vote and had the responsibility of setting the order and frequency of introducing proposals. Essentially, the success of an investment in The DAO rested heavily on the work done by its curators.

The DAO struggled with typical startup issues. These were the same types of issues facing any revolutionary business model, but they were exacerbated by The DAO’s leaderless governing structure. Seemingly every token holder had a suggestion for what needed to be done differently.

We won’t know whether The DAO would ultimately have worked through these issues and become a viable organization. In June 2016, a hacker exploited several vulnerabilities in the code underlying The DAO and stole 3.6 million ether — worth roughly $50 million at the time.

The downfall of The DAO shook the entire cryptocurrency industry. Like all ICOs built on blockchain technology, The DAO had told investors that it was immutable and entirely safe.

The extent of the losses from the hack and betrayal of public trust set the stage for the SEC’s first official decision regarding ICOs. Right out of the gate, the SEC tendered this statement:

“Based on the investigation, and under the facts presented, the Commission has determined that DAO Tokens are securities under the Securities Act of 1933 (“Securities Act”) and the Securities Exchange Act of 1934 (“Exchange Act”). The Commission deems it appropriate and in the public interest to issue this report of investigation (“Report”) pursuant to Section 21(a) of the Exchange Act to advise those who would use a Decentralized Autonomous Organization (“DAO Entity”), or other distributed ledger or blockchain-enabled means for capital raising, to take appropriate steps to ensure compliance with the U.S. federal securities laws.”

In a press release issued along with the ruling, Stephanie Avakian, co-director of the SEC’s enforcement division, issued a warning that permeated the cryptocurrency space: “The innovative technology behind these virtual transactions does not exempt securities offerings and trading platforms from the regulatory framework designed to protect investors and the integrity of the markets.”

Digging into the SEC’s Analysis of The DAO

In its ruling on The DAO, the SEC readily determined that three of the four elements of the Howey test were satisfied:

  • purchasers of tokens invested money
  • with a reasonable expectation of obtaining profits
  • through a common enterprise.

The SEC spilled considerably more ink analyzing the fourth element of the Howey test: that the profits would be derived from the efforts of others. Among the facts contributing to the SEC’s determination that this element was also fulfilled were the necessary role of the cofounders of The DAO who served as curators of “projects,” the limited voting rights of The DAO token holders, and the dispersion and pseudonymity of the token holders, which effectively eliminated their ability to join together to exercise any meaningful control. All these facts indicated that The DAO token holders were relying on the efforts of others to generate profits, which the SEC viewed as satisfying the fourth element of the Howey test.

The analysis of the fourth element is vintage SEC. If you want to understand the murky waters of securities law regulation, pick up a copy of the decision and read the analysis. It could easily be argued the other way, and the reliance on collaboration between token holders was particularly puzzling. The inability of shareholders to band together is not something that shows up in many securities law decisions.

Further bolstering the SEC’s decision was that there were no limitations placed on the following:

  • the number of DAO tokens offered for sale
  • the number of potential purchasers of DAO tokens, or
  • the level of sophistication required of purchasers of tokens.

These facts are standard fare in securities law decisions, and they each play important roles in the framework of securities registration exemptions.

If The DAO’s fate was not already sealed, the secondary market concerns took care of the job. Once in the hands of initial investors, DAO tokens could be resold, allowing further monetization of an initial investment via secondary markets. Furthermore, before The DAO ICO, advertised they would make DAO tokens available on at least one US-based exchange, and promised investors the availability of secondary market trading for their tokens. The SEC has always been über-concerned about private company security trading in the secondary markets. Secondary markets are much tougher to police and control, and the perception is that less information will be available to purchasers than if the purchasers were able to deal directly with the issuer (the company whose securities are sold).

Does the SEC’s Ruling on The DAO Mean that All ICO-Offered Tokens are Securities?

No. Although the SEC determined that The DAO tokens are securities, not all tokens are created equally. In the SEC’s investigative report on The DAO, it noted that each ICO is unique and must be reviewed on a case-by-case basis.

There are a couple key differences between The DAO’s ICO and certain other ICOs. Many coins or tokens have utility beyond investment potential, including a particular purpose within their ecosystem. For example, the stated purpose of tokens purchased in the Golem crowdsale – a project with the goal of creating a globally networked supercomputer – is a means of transacting computing power within the Golem ecosystem.

Another example of a token that fundamentally offers utility are the tokens offered by Giga Watt, a company that hosts and operates bitcoin mining equipment. Giga Watt tokens provide holders 50 years of rent-free space to host cryptocurrency mining equipment, rights that a token holder can use directly or sell to another miner.

Because the Golem and Giga Watt tokens have fundamental utility, they stand up better against the expectation of profits element of the Howey test.

However, one common thread among most coins – including the Golem and Giga Watt tokens – is the ability to trade them on an exchange. Whether an investor buys and holds, or invests for a quick flip once tokens hit exchanges, you would be hard pressed to find anyone that is involved in the ICO-craze not hoping their initial investment will balloon in the coming weeks, months, or years. The secondary market trading potential reflects investment intent, undercutting arguments that the purpose of purchasing a token is purely utilitarian. investing or purchasing and leasing back citrus groves to the W.J. Howey Company.

The Howey test element regarding the efforts of others is a critical one if an offering is to have any shot at avoiding its offered coins being labeled securities.

The DAO token holders had voting rights, and the role of the cofounders was primarily one of curatorship, not control. If other facts and circumstances suggested no one was hurt and the equities of the situation didn’t necessitate SEC involvement, securities regulators could easily argue this one the other way. The SEC’s focus on the dispersion and pseudonymity of the token holders is somewhat troubling, however, in that those are key factors in any ICO.

Without more guidance from the SEC, it’s tough to say if there is adequate room to determine if any ICO is powered by the efforts of the token holders. If there isn’t – if the dispersion and pseudonymity factors are all that is needed to fulfill this last Howey test element – arguing against an ICO being a security will rest squarely on the shoulders of the expectation of profits versus utility because there is always an investment of money and a common enterprise.

What’s Next with ICOs and Securities Regulation?

What does the SEC’s statement mean for future ICOs? For starters, it doesn’t mean the end of ICOs. There is far too much money, attention, momentum, and benefit from tokens, and ICOs are an effective method of launching them.

However, it means that if you plan on performing a crowdsale of coins or tokens and including US citizens in it, you should hire a lawyer and discuss your plan with them and possibly the SEC. In the SEC’s eyes, each ICO is different from all others and must be investigated on a case-by-case basis.

The SEC will most likely issue more decisions in the coming weeks and months. This could mean that the pipeline of ICOs for the rest of 2017 and beyond just got a whole lot tighter. In fact, the SEC recently suspended trading shares of a firm called the CIAO Group over concerns about the accuracy of information regarding their ICO.

It will be fascinating to see the response from the cryptosphere, which may stop marketing ICOs to US citizens, launch fully anonymous token offerings, cozy up to the SEC and start registering coins/tokens that are likely to fail the Howey test, or respond in an entirely unique and innovative way that we can’t imagine right now.

We are in the beginning stages of a radical overhaul of global structures and Regulation 1.0 will struggle to keep up. For now, though, the SEC remains solidly in the picture.

Feel free to get in touch with me if you want to talk about bitcoin, ICOs, securities law, partner and founder issues, traditional capital raising, or business law generally. And, if you’re looking for an attorney you can pay in bitcoin, you found one. I am happy to accept bitcoin for legal fees! To read a bit more about me to determine if we’d be a good fit to work together, visit About Brett Cenkus.


Author: Brett Cenkus

Brett Cenkus is a business attorney with 18+ years experience based in Austin, Texas. He has worked with a variety of businesses and has clients throughout Texas as well as many technology clients throughout the United States. Brett is a Harvard Law graduate with a sharply seasoned mind and an entrepreneurial heart. As a founder of 6 companies himself, he is especially passionate about helping startups succeed. In 2016 Brett was named the winner in the Individual category for RecognizeGood’s Ethics in Business & Community Award. He offers businesses solutions that are in sync with their culture, goals and values. You can learn more about Brett by visiting the About page on this website.