Cryptocurrency has become one of the hottest trends in the financial world in the last few years, and for good reason. The astronomical gains realized by some investors have created a gold-rush mentality. While some cryptocurrencies offer solid investment opportunities, others have been outright scams seeking to cash in on the hype.1 In this new Wild West, regulators are grappling with how to protect investors within the existing legal framework. The SEC, for example, has drawn a clear line with some cryptocurrencies like Bitcoin and Ether, but has been less conclusive with other blockchain-based financial applications.
A type of token-based fundraising endeavor, known as an Initial Coin Offering (ICO), has the potential to change the way people invest as more and more startup companies use them to raise capital. In the first quarter of 2018 alone, ICOs raised $6.3 Billion, more than they raised in all of 2017.2 To truly unlock the potential of ICOs in the United States, however, regulators will have to reconcile the new financing tool with existing securities laws. This article examines the current regulatory state-of-play and highlights important considerations for investors and market participants.
Blockchain, Cryptocurrency, and Security Tokens
Before discussing the role regulations plays in this sphere, it is helpful to have an understanding of what is being regulated. Cryptocurrencies operate on blockchain technology. A blockchain is a decentralized ledger or database that is shared by multiple users on a network. Users can access this public network and record transactions that are visible to every other user on the network, meaning that records are transparent and verifiable by all users. The transaction data is encrypted in blocks connected to one another in a potentially endless chain of chronologically ordered information.
The best-known cryptocurrencies like Bitcoin, Ether, and Ripple act mainly as a store of value, a digital asset that is encrypted on a particular blockchain and can be exchanged by holders for goods or services just like fiat currencies. Transactions using cryptocurrency are effected using a private key, unique to each user, in combination with a public key accessible to all. The combination of the two is needed to record each transaction, with the unique private key acting like a signature on a check sending cryptocurrency from one holder to another. Once the transaction is recorded on the blockchain, the distributed ledger of all transactions, it is irreversible.
An important distinction for investors, businesses in regulators is between utility tokens and security tokens. A utility token essentially gives the holder future access to a company's products or services, not unlike a gift card. In the case of Bitcoin, for example, the service is the protocol itself, an anonymous and secure peer-to-peer financial exchange platform. The key element is that the goal of purchasing a utility token is to get access to an ecosystem, rather than to profit from an investment. That's not to say that utility tokens can't grow in value, but their value is tied to the demand for the underlying goods or services and the supply relative to that demand. In contrast, security tokens derive their value based on their attachment to an underlying external asset. While the asset underlying a security token could theoretically be any number of things, security tokens are commonly used to raise venture funding for startups. Issuances of security tokens are accomplished through ICOs. In such cases, investors purchase tokens that confer “some assortment of automated rights…in relation to the company issuing the token.”3 While the market is currently dominated by utility tokens like Bitcoin and Ether, investment in ICOs has greatly increased in the last year. Still, many analysts and industry insiders believe that investors, especially large investors, are waiting for the outstanding legal questions to be settled before participating in the burgeoning security token market.
At the heart of the uncertainty over token regulation is the question of which crypto assets classify as securities and which do not. The SEC's position is that the answer depends on the specific facts and circumstances of the crypto asset itself. The SEC has explicitly stated that Bitcoin, Ether and other cryptocurrencies are not securities, and many new tokens are designed in ways intended to avoid security regulations. The growth of the market, however, has increasingly drawn the attention of the SEC, and a crackdown on unlicensed security offerings seems probable. Those seeking to sell or purchase tokens must understand when and how they might be classified as securities.
The Securities Exchange Act of 1934 (“Exchange Act”) defines a security by enumerating a long list of financial instruments, including “any note, stock, treasury stock, security future, security-based swap, bond…[or] investment contract.”4 The term ‘investment contract’ has been used to classify certain crypto assets as securities.
The SEC applies the “Howey test” to determine whether a transaction constitutes and investment contract and thus a security subject to regulation. Under the test first stated in SEC v. W.J. Howey Co., an ‘investment contract’, for the purposes of the Exchange Act means “a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.”5 This test has been broken down into four distinct factors. When evaluating whether a crypto asset qualifies as a security, each of these factors must be assessed.
The first and second factors ask whether there has been an investment of money in a common enterprise. ‘Money’ in this context is broadly defined to include goods and services, and does not necessarily need to be in the form of currency.6 Circuit Courts in the US differ in how the ‘common enterprise’ requirement is satisfied. Some look for horizontal commonality, meaning all investors have a shared interest in the investment and will succeed or fail together. In other cases, this factor will be satisfied by vertical commonality, where an investor's return is linked to the manager of the investment itself. 7
The third factor that must be satisfied for a transaction to constitute an investment contract is a reasonable expectation of profits. Importantly, this factor often examines the subjective intent of the investors themselves, inquiring whether the investors were drawn to the investment primarily by the promise of returns. The profits do not need to take the form of dividends or cash returns.
The fourth and final factor of the Howey test is perhaps the most important in the context of crypto assets. This factor asks whether the expected profits will be derived predominately from the managerial efforts of others. This standard has proven flexible, allowing the SEC to exert regulatory authority over investment contracts even when they confer responsibilities on holders such as active participation in the marketing of the enterprise.8
Recent SEC Actions
In 2017, the SEC put the crypto community on notice when it applied the Howey test in a report of its investigation into the sale of “DAO” tokens.9 DAO, a decentralized autonomous organization, was a blockchain application created by the group Slock.it.10 The idea was to raise capital by selling DAO tokens to investors and then use that capital to invest in projects. Token-holders would receive returns from these investments and would also be able to monetize their tokens by selling them on secondary platforms.11 DAO tokens entitled holders to vote for which projects the organization invested in and allowed them to propose projects to the group.12 A smaller group of ‘curators’ would act as gate keepers, determining which proposed projects could be viewed and voted on by all token holders.13 Before the organization could start funding projects, an attacker exploited a flaw in the DAO's code and stole more than a third of the assets. The DAO creators managed to return the money to investors before the project went dormant.14
The SEC did not pursue an enforcement action against the DAO and its creators, but did release a report of the official investigation stating unequivocally that the DAO tokens were securities. Applying the Howey test, the SEC found that investors had made an investment of money in a common enterprise when they invested the cryptocurrency Ether in a pooled fund.15 They did so with a reasonable expectation of profit, either from the success of the projects or from the increased value of the DAO tokens themselves.16 The SEC found that the curators, whose role involved selecting the potential projects for the group, were essential to the enterprise, and the voting rights of token holders were limited to such an extent that they could not exert meaningful control over the enterprise.17 Thus the SEC determined that the token holders “relied on the significant managerial efforts provided by Slock.it and its co-founders, and the DAO's Curators” and found that all factors of the Howey test were met, making the DAO tokens securities that are subject to regulation under US law.18
Since the release of the DAO report, the SEC's position has arguably hardened in regards to ICOs. Speaking at Princeton University in April of 2018, SEC Chairman Jay Clayton stated unequivocally “I believe every ICO I’ve seen is a security.”19. Clayton reiterated this position in June of 2018.20 At the same time, the SEC has explicitly stated that two well-established cryptocurrencies, Bitcoin and Ether, are not securities.21 The distinction seems to be in the level of establishment and decentralization. Bitcoin and Ether are sufficiently popular and distributed that their value does not depend on the managerial efforts of others. While these cryptocurrencies may be bought with an expectation that they will increase in value, it is not a result of the managerial efforts of others but of market forces. In such cases, the cryptocurrencies more closely resemble commodities than securities.
The majority of crypto assets, however, do not have the same already-functioning ecosystem as Bitcoin and Ether. Even utility tokens issued through an ICO can be pre-functional, with users purchasing based on an expected future functionality. In such cases, even utility tokens can be classified as investment contracts if the tokens are purchased based on future value that will accompany future functionality.
The Munchee ICO, shut down by the SEC in late 2017, exemplifies the utility token as security. Munchee was a planned restaurant review app where token holders could purchase services with MUN, a cryptocurrency created by the company using the Ethereum blockchain. In their white-paper (essentially an ICO prospectus), Munchee specifically referenced the SEC’s DAO report, stating that they had done a ‘Howey analysis’ and believed their ICO did not implicate federal securities law.22 The SEC disagreed and sent a cease and desist letter, ordering Munchee to return $15 million to the 40 investors who purchased the coins.23 Specifically, the SEC highlighted a Munchee blog post listing reasons to join the token event. Reason number four stated “As more users get on the platform, the more valuable your MUN tokens will become…[token holders can] watch their value increase over time”.24 The SEC concluded from the profit-oriented language in Munchee's marketing material that “[p]urchasers had a reasonable expectation that they would obtain a future profit from buying MUN tokens if Munchee were successful in its entrepreneurial and managerial efforts to develop its business.”25 Despite labeling their ICO as an offer of utility tokens, and despite their internal Howey analysis, Munchee's ICO was halted by the SEC as a sale of an unregistered security.
The Munchee ICO also demonstrates that the SEC's focus is on the substance of a token sale rather than the form. As one commenter noted, “[w]hether a Utility Token is a security is difficult to predict as decisions are limited, but based on the DAO Report and a recent SEC decision regarding the Munchee ICO, the determining factors may be the functionality of the token and the manner in which the company promotes the token.”26 If a transaction looks like a security investment, and especially if it is touted as such by its promoters, the SEC will likely seek to regulate it like one. This is a rational approach, considering a core part of the SEC's mission as an agency is to protect investors. The present lack of clear regulation has allowed a number of unscrupulous actors to take advantage of investors looking to cash in on the crypto-craze without fully understanding the market. Expect the SEC to ramp up its enforcement activity to prevent such scams.
Considerations for Crypto-Businesses
Many cryptocurrency businesses are hopeful that clear regulation from the SEC, even if burdensome, can provide a level of stability to the nascent asset class. Coinbase, the largest US cryptocurrency exchange, recently purchased a licensed securities broker in order to absorb that broker's ability to trade in registered securities, in anticipation of increased regulatory scrutiny.27 Circle, another investment platform backed by Goldman Sachs, has plans to apply for a federal banking license and to register with the SEC as a brokerage and trading venue.28 In addition to providing added protection to consumers, the imprimatur of SEC compliance will send a strong signal to large institutional investors who have largely stayed on the sidelines waiting for the regulatory landscape around cryptocurrency to settle before investing.
There are many companies interested in getting into the crypto space. For startups, ICOs offer an efficient and attractive option for raising capital. Brokers and investors see a burgeoning asset class already posting astronomical gains. It is important for businesses and individuals interested in cryptocurrency to keep in mind that while the SEC has not offered a definitive regulatory framework, it has strongly signaled that cryptocurrencies like Bitcoin and Ether, not subject to securities law, are the exception rather than the rule. Compliance with SEC securities regulation, including disclosure, licensing, and registration as an exchange or broker-dealer can be burdensome, but it is far less onerous than dealing with an SEC enforcement action. Rather than assuming crypto assets are outside the purview of the SEC, businesses should work with an experienced securities lawyer who can help them navigate this evolving legal landscape.
1. See Gareth Jenkins, Unpacking the 5 Biggest Cryptocurrency Scams, Coin Telegraph (Apr. 18, 2018), https://cointelegraph.com/news/unpacking-the-5-biggest-cryptocurrency-scams
2. David Floyd, 6.3 Billion: 2018 ICO Funding Has Passed 2017’s Total, Coindesk (Apr. 19, 2018), https://www.coindesk.com/6-3-billion-2018-ico-funding-already-outpaced-2017/
3. Ori Oren, ICOs, DAOs, and the SEC: A Partnership Solution, 2018 COLUM. BUS. L. REV. 617, 627.
4. 15 U.S.C. § 77b
5. SEC v. W.J. Howey Co., 328 U.S. 293, 298-99 (1946)
6. Sec. & Exch. Comm'n, Release No. 81207, Report of Investigation: The DAO (2017),
https://www.sec.gov/litigation/investreport/34-81207.pdf [“The DAO
7. Oren, 617.
8. Id. at 624
9. The Dao Report, 1.
10. Id., 3.
12. Id., 4.
13. Id., 7.
14. Id., 1.
15. Id., 11.
17. Id., 12.
19. Stan Higgins, SEC Chief Clayton: Every ICO I’ve Seen is a Security, Coindesk (Feb. 6, 2018) https://www.coindesk.com/sec-chief-clayton-every-ico-ive-seen-security/
20. Molly Jane Zuckerman, SEC Chairman Jay Clayton Says Bitcoin Not a Security, Most ICOs Likely Are, CoinTelegraph (June 6, 2018) https://cointelegraph.com/news/sec-chairman-jay-clayton-says-bitcoin-not-a-security-most-icos-likely-are
21. Louise Matsakis, Rest Easy Cryptocurrency Fans, Ether and Bitcoin Aren’t Securities, Wired (June 14, 2018) https://www.wired.com/story/sec-ether-bitcoin-not-securities/
22. John Biggs, SEC Shuts Down Munchee ICO, TechCrunch (Dec. 12, 2017) https://techcrunch.com/2017/12/12/sec-shuts-down-munchee-ico/
23. Munchee Inc., Securities Act Release No. 10445, (Dec. 11, 2017), https://www.sec.gov/litigation/admin/2017/33-10445.pdf
25. Id.. 5.
26. Oren, 629.
27. See Asif Hirjji, Our Path to Listing SEC Regulated Crypto-securities, The Coinbase Blog (June 7, 2018) https://blog.coinbase.com/our-path-to-listing-sec-regulated-crypto-securities-a1724e13bb5a
28. Reuters Staff, Goldman-backed Circle in Talks to Seek Banking License, Reuters (June 6, 2018) https://www.reuters.com/article/us-fintech-banking-circle/goldman-backed-circle-in-talks-to-seek-banking-license-idUSKCN1J21V1
(Photo credit: storeofvalueblog.com)