If you’re thinking of airdropping free tokens or implementing a cryptocurrency bounty program, be careful. The Securities and Exchange Commission just issued a cease and desist order (the “Order”) with respect to an initial coin offering, finding the issuance of “free” tokens through a related bounty program in exchange for online promotional services constituted an unregistered sale of securities and thus a violation of the registration provisions of the federal securities laws. Although courts and the Commission have traditionally held that the transfer of “free” shares of stock is a “sale” of securities where the issuer derives some benefit from the transfer, the Order is the first treatment of the issue in the context of cryptocurrency bounty programs.

Airdrops and Bounty Programs

An airdrop involves a controlled and periodic release of “free” tokens to people that meet a specific set of requirements, such as user ranking or activity. The main goal of an airdrop is to promote the new cryptocurrency. Bounty programs are essentially incentivized reward mechanisms offered by companies to individuals in exchange for performing certain tasks. Like airdrops, bounty progrms are a means of advertising and have become a useful part of many ICO campaigns. During a bounty program, an issuer provides compensation for designated tasks such as marketing and making improvements to aspects of the cryptocurrency framework. Airdrops and bounties are similar in that both involve issuing seemingly free tokens. In an airdrop, however, the issuer does not assign any tasks to the recipients; they need only meet some effortless requirements. But in a bounty program, individuals must execute assigned tasks before receiving the tokens.

The Facts

According to the Order, Tomahawk Exploration LLC and its founder attempted to raise money through the sale of blockchain-based digital tokens called “Tomahawkcoins” or TOM to fund oil exploration in California. Although Tomahawk failed to raise money through the ICO, it issued approximately 80,000 TOM to approximately 40 wallet holders on a decentralized platform as part of a bounty program in exchange for online promotional and marketing services to promote the ICO. Tomahawk featured the program prominently on its ICO website, offering between 10 and 4,000 TOM for activities such as making requests to list TOM on token trading platforms, promoting TOM on blogs and other online forums like Twitter or Facebook, and creating professional picture file designs, YouTube videos or other promotional materials.

Legal Background

Section 5 of the Securities Act of 1933 makes it unlawful to offer or sell any security unless a registration statement is in effect as to that security or there is an available exemption from registration. The terms “offer” and “sale” are defined very broadly in the Securities Act. Section 2(a)(3) of the Securities Act defines an “offer” of securities as any “attempt or offer to dispose of, or solicitation of an offer to buy, a security or interest in a security, for value”. Similarly, Section 2(a)(3) defines a “sale” of securities” under Section 2(a)(3) of the Securities Act as “every disposition of a security or interest in a security, for value.”

The Order

The Order found that the bounty program constituted an offer of securities under Section 2(a)(3) of the Securities Act because it involved an offer to dispose of a security for value. The Order states that the lack of monetary consideration for the shares doesn’t mean there wasn’t a sale or offer for sale for purposes of Section 5, asserting that a “gift” of a security is a “sale” within the meaning of the Securities Act when the donor receives some real benefit. According to the Order, the value or real benefit that Tomahawk received in exchange for the token distributions under the bounty program was in the form of promotion of the ICO on blogs and other online forums and in the creation of a public trading market for its securities. The decentralized platform on which Tomahawk issued the TOM tokens was publicly accessible to U.S. persons and others throughout the offering period, and bounty recipients subsequently traded their TOM tokens on a platform for digital assets.

Bounty program and airdrop enthusiasts would probably point to the Howey test, identified by the Commission as the relevant standard for determining whether a token is an investment contract and thus a security, to support the proposition that tokens issued in airdrops and bounty programs should not be securities. Howey states that for an instrument to be a security, there must be an investment of “money” (in a common enterprise with a reasonable expectation of earning a profit through the efforts of others); since no money is exchanged, the argument is that there is no security. But the Order makes it clear that the Commission continues to interpret the Howey test’s reference to “money” very broadly. That interpretation was made clear in the 2017 DAO Report:

“In determining whether an investment contract exists, the investment of “money” need not take the form of cash. See, e.g., Uselton v. Comm. Lovelace Motor Freight, Inc., 940 F.2d 564, 574 (10th Cir. 1991) (“[I]n spite of Howey’s reference to an ‘investment of money,’ it is well established that cash is not the only form of contribution or investment that will create an investment contract.”).

Possible Exemption: Rule 701

Just because a token is deemed to be a “security” or its issuance a “sale” of securities doesn’t mean it’s illegal. It just means the issuer needs either to register the offering with the SEC (not happening) or satisfy the requirements for an exemption from registration. One possible exemption that token issuers should consider when pondering a bounty program is Rule 701, which is the primary exemption used by non-reporting companies to issue equity incentive awards without registration to employees and certain consultants. There are three key elements here. First, the issuer would need to have a written instrument evidencing the recipients’ right to receive tokens as compensation for services. Second, the bounty program cannot be related to raising money, so the announcement regarding the bounty program should promote the product or service as opposed to fundraising. Finally, the recipients of the tokens in the bounty program may not be engaged in any securities promotion on behalf of the issuer.

“Can a digital asset that was originally offered in a securities offering ever be later sold in a manner that does not constitute an offering of a security?”

Such was the question posed by William Hinman, Director of the Securities and Exchange Commission’s Division of Corporation Finance, in his speech at the Yahoo Finance All Markets Summit: Crypto event in San Francisco on June 14. Hinman’s answer: a qualified “yes” where there is no longer any central enterprise being invested in or where the digital asset is sold only to be used to purchase a good or service available through the network on which it was created. This may be the most positive guidance yet from the SEC on when a digital asset might be deemed not to be a security under the Howey test. It may help create a pathway for blockchain startups to sell without registration or exemption digital tokens that had previously been sold in securities offerings, and should provide a measure of comfort to past and future issuers of SAFT-based ICOs.

After making his overarching point that a digital asset originally offered in a securities offering could be later sold in a manner that does not constitute an offering of a security when there is no longer any central enterprise being invested in or where the digital asset is sold only to be used to purchase a good or service available through the network on which it was created, Hinman went on to describe the circumstances under which he believes that could occur. In doing so, Hinman concentrated primarily on the last prong of the Howey test, namely whether an expectation of profit derived through the efforts of others, and suggested that the inquiry should focus on two areas: (i) who are the participants, and (ii) how is the digital asset structured?

Who are the Participants?

When determining whether a digital asset should be deemed to be an investment contract, Hinman stated that one should “consider whether a third party – be it a person, entity or coordinated group of actors – drives the expectation of a return.”

He suggested that this question will always depend on the particular facts and circumstances of a transaction, and offered the following non-exhaustive list of factors:

  • Promoter’s efforts play a significant role in the development and maintenance of the digital asset and its potential increase in value.
  • Promoter retains a stake or other interest in the digital asset such that he would be motivated to expend efforts to cause an increase in its value, particularly where purchasers are made to reasonably believe such efforts will be undertaken.
  • Amount raised in the ICO exceeds amount needed to establish a functional network and use of proceeds includes supporting the token’s value or increasing enterprise’s value
  • Promoter continues to expend funds from proceeds or operations to enhance functionality and/or value of system within which the tokens operate.
  • No persons or entities other than the promoter exercise governance rights or meaningful influence.

How is the digital asset structured?

Hinman then pointed to the existence of contractual or technical methods to structure digital assets so they function more like consumer items and less like a security, including the following:

  • Is token creation commensurate with meeting the needs of users or, rather, with feeding speculation?
  • Are independent actors setting the price or is the promoter supporting the secondary market for the asset or otherwise influencing trading?
  • Is it clear that the primary motivation for purchasing the digital asset is for personal use or consumption, as compared to investment? Have purchasers made representations as to their consumptive, as opposed to their investment, intent? Are the tokens available in increments that correlate with a consumptive versus investment intent?
  • Are the tokens distributed in ways to meet users’ needs? For example, can the tokens be held or transferred only in amounts that correspond to a purchaser’s expected use? Are there built-in incentives that compel using the tokens promptly on the network, such as having the tokens degrade in value over time, or can the tokens be held for extended periods for investment?
  • Is the asset marketed and distributed to potential users or the general public?
  • Are the assets dispersed across a diverse user base or concentrated in the hands of a few that can exert influence over the application?
  • Is the application fully functioning or in early stages of development?

Information Asymmetry

Director Hinman also pointed out that one of the rationales for the securities laws is to remove the information asymmetry between promoters and investors by mandating adequate disclosure to address that asymmetry. That disclosure regime is needed when a token purchaser relies on a token seller’s efforts to develop a network and generate a potential return on investment for the token purchaser.

Conversely, when the promoter’s efforts are no longer an important factor in determining the enterprise’s success, “material information asymmetries recede” and the protections of the securities laws may no longer be necessary. Moreover, as a practical matter, when a network becomes decentralized, the ability to identify a promoter to make the mandated disclosures “becomes difficult, and less meaningful.”

Implication for SAFTs

The Simple Agreement for Future Tokens or SAFT is modeled after Y Combinator’s Simple Agreement for Future Equity, or SAFE, which has been a popular mechanism for funding startups. With both the SAFE and the SAFT, the investor receives a right to something of value in the future in exchange for the current investment. With a SAFE, the investor gets the right to receive the security issued in the issuer’s next major funding round, typically preferred stock and usually at a discount to the next round’s price. In a SAFT, the investor is given the right to receive tokens, also at a discount, typically once the network is created and the tokens are fully functional.

In a SAFT-based ICO, the SAFT itself is generally acknowledged to be an investment contract and thus a security, and sold to accredited investors under Rule 506(c) of Regulation D. A quick search on EDGAR reveals there have been 37 Form D filings identifying the type of security offered as a SAFT. No court or regulator has interpreted the SAFT framework and whether or not the tokens to be ultimately issued are securities.

Director Hinman’s view that certain tokens initially issued by blockchain startups as securities may have the potential to become part of a decentralized network and no longer bear the attributes of securities may give legitimacy to SAFT-based ICOs. Interestingly, the only place where the word SAFT appears in the speech is in footnote 15 of the written version. In that footnote, Hinman states that although nothing in his remarks should be construed as opining on the legality of a SAFT (because the analysis of a particular SAFT must turn on the economic realities of the particular case), “it is clear from [his speech that he believes] that a token once offered in a security offering can, depending on the circumstances, later be offered in a non-securities transaction.”

Initial coin offerings so far have gone through two major phases in their brief lifespan. The initial phase flew under the regulatory radar in an explosion of deals that raised billions of dollars seemingly overnight and without either registering the offerings with the SEC or complying with an exemption from registration. The ICO atmosphere changed drastically when the SEC issued its now famous DAO report in July 2017, which together with subsequent speecheswritten statements and enforcement actions took the position that tokens will generally be considered securities whose offering would need either to be registered with the SEC or qualify for a registration exemption such as Regulation D. That led to a second phase of issuers launching bifurcated ICOs consisting first of a sale of SAFTs to accredited investors under Regulation D, followed by the public sale of fully function tokens that sponsors would argue are not securities.

During the Senate’s February 6, 2018 committee hearing on cryptocurrencies, SEC Chairman Jay Clayton stressed the importance of disclosure for making informed decisions, but warned investors that no ICO had been registered with the SEC yet. That all seemed to change a month later when a group calling itself The Praetorian Group filed with the SEC a registration statement on Form S-1 to publicly offer and sell its cryptocurrency called PAX. With that S-1 filing, might we be entering a third phase of SEC-registered ICOs? For the reasons covered in this post, probably not.

The Registrant

The S-1 registration statement was filed by a company calling itself The Praetorian Group, and describes a dual business plan to be carried out in two phases. In the first phase, Praetorian will operate as a self-styled cryptocurrency real estate investment vehicle, or CREIV, through which it will purchase and upgrade residential and commercial real estate properties in lower income areas in New York, and then fund “outreach programs” to enrich the quality of life for the residents living in those properties. The second phase is projected to begin 12 months after the commencement of the first, and would involve the creation of a digital wallet that will convert cryptocurrencies (e.g., BTC, ETH, LTC, NEO, XLM) into local fiat currency and enable users to earn a reward in the form of PAX tokens for every purchase they make, which they can then spend, hold or sell.

What’s Wrong with this S-1?

The Praetorian S-1 is so deficient from a disclosure standpoint and so sloppy in its drafting that if the SEC bothered to review it, it may set some sort of record for number of comments in a comment letter.

Not to get overly picky, but the sloppiness starts right on the facing page. For starters, the registrant designates “The Praetorian Group” as its “exact name … as specified in its charter”, leaving out the “Inc.” It provides that the approximate date of commencement of the proposed sale to the public is “upon SEC registration as a ‘security’”. Technically, issuers may only proceed with a public offering after their registration statement is declared effective by the SEC. Also, it appears Praetorian may have marked up the facing page from an old S-1 filing, as Praetorian’s facing page form is missing a reference to emerging growth companies (EGCs).

The EGC facing page omission leads me to a more substantive observation, which is that a registrant more serious about its offering would arguably have availed itself of a JOBS Act feature that allows EGCs to submit an S-1 confidentially and undergo an initial review off the EDGAR radar screen. Why not file confidentially and clear up any disclosure and accounting issues before having to file publicly? On that score, it’s entirely possible that Praetorian isn’t even the first ICO to file an S-1, and may have been beaten in a race to the SEC by a confidential EGC filer we don’t even know about yet.

One of the sections in the S-1 that really jumped out at me is a rather bizarre liability disclaimer, which reads as follows:

To the maximum extent permitted by the applicable laws, regulations and rules the Company and/or the Distributor shall not be liable for any indirect, special, incidental, consequential, or other losses of any kind, in tort, contract, tax or otherwise (including but not limited to loss of revenue, income or profits, and loss of use or data), arising out of or in connection with any acceptance of or reliance on this Prospectus or any part thereof by you.”

Talk about an exercise in wishful thinking. Suffice it to say that I have never seen an issuer in a Securities Act registration statement attempt to disclaim liability for losses of any kind resulting from reliance on a prospectus. Federal securities law clearly allows a private plaintiff to recover damages for economic loss sustained as a result of an issuer’s material misstatements, omissions or fraud.

Pretty interesting given that Praetorian actually states that it’s “mindful of the uncertainties associated with the [SEC]’s view as to whether or not an [ICO] would constitute a ‘security’ under applicable federal securities laws” and consequently that they “believe it is more prudent to register the offering with the SEC to avoid any unanticipated regulatory issues”. It’s as if Praetorian is under the view that a registration statement is a notice filing, rather than a disclosure document to be vetted in great detail in a review process involving typically multiple rounds of comments followed by responses and registration statement amendments, and where issuers may not proceed with selling until the SEC is satisfied that all mandated disclosures have been made and accounting and other issues resolved and the SEC has declared the registration statement effective.

Another bizarre aspect of the S-1 is that Praetorian appears to be confused over whom it may sell to, or that it’s forgotten that it has filed a registration statement (which, if declared effective, would allow it to sell to anyone) and is not seeking to sell within the purchaser requirements of a given exemption:

We strongly encourage each “accredited investor” to access the various SEC websites to gain a deeper and more knowledgeable understanding of this new form of digital currency prior to investing in the PAX token.”

Either Praetorian believes it may only sell in the public offering to accredited investors (as is the case in a private offering exemption under Rule 506(c)), or it strangely thinks that only accredited investors (which by definition must have a minimum net worth or annual income) need to be encouraged to inform themselves of the risks associated with ICOs.

Another glaring deficiency is the lack of risk factor disclosure. The only risk included in the section entitled “Risks and Uncertainties” is the risk that it may not be successful in achieving secondary market listings of the PAX token. Otherwise, the section simply consists of a conclusory statement that prospective purchasers of tokens should evaluate all risks and uncertainties associated with the company, the tokens, the token sale and the business plan prior to any purchase of tokens.

Finally, Praetorian’s S-1 omits in totality all of the information required in Part II of S-1. This includes expenses of issuance and distribution, indemnification of directors and officers, recent sales of unregistered securities, exhibits, financial statement schedules and certain required undertakings.

Conclusion

The Praetorian Guard was an elite unit of the Imperial Roman Army whose members served as personal bodyguards to the Roman emperors, sort of like the Roman equivalent of today’s Secret Service that protects the President. Although the ancient Praetorians continued to serve in that capacity for roughly three centuries, they became notable for their intrigue and interference in Roman politics, including overthrowing emperors and proclaiming successors. In the year 312, the Praetorian Guard was disbanded by Constantine the Great. Like its namesake, The Praetorian Group has generated a fair amount of intrigue with its S-1 filing, but I can only imagine that the great examiners of the SEC will take a page out of Constantine’s playbook and disband this Praetorian Group’s S-1 registration statement.

The Wall Street Journal ominously reported on February 28 that the Securities and Exchange Commission recently issued dozens of subpoenas to initial coin offering issuers and their advisors demanding information about the structure of their ICOs. Although the Commission has yet to officially acknowledge them, the subpoenas are consistent with a series of SEC enforcement actions alleging fraud or illegal sale of securities (see, e.g., here and here) and public speeches and statements warning ICO participants about regulatory compliance and promising greater scrutiny and enforcement (see, e.g., here, here and here).  Nevertheless, the enforcement actions and speeches don’t appear to have had much success in slowing down the pace of the ICO market.  Coinschedule reports that ICOs have raised over $3.3 billion in 88 deals already in 2018 through March 16, and is on pace to exceed the estimated $5.6 billion raised in 2017. The latest SEC subpoena campaign coupled with the accelerating pace of deals suggests the Commission believes its message is not resonating in the ICO market.

Although I’m grateful I didn’t find one of the subpoenas in my mailbox, I’m definitely curious about their contents.  Coindesk quotes industry sources who have seen several of the ICO subpoenas as saying that the requested information includes investor lists, emails, marketing materials, organizational structures, amounts raised, location of funds and people involved and their locations. It also cites an anonymous industry lawyer saying that the 25-page subpoena received by his client was “hyper-detailed” and that it asked for “every bit of communication around the token launch.”

So what exactly is the Commission focusing on?  Many naturally believe the Commission is primarily targeting fraud.  But the Journal, Coindesk and others suggest a different focus: Simple Agreements for Future Tokens or SAFTs.

The SAFT is modeled after Y Combinator’s Simple Agreement for Future Equity, or SAFE, which has been a popular mechanism for funding startups. With both the SAFE and the SAFT, the investor receives a right to something of value in the future in exchange for the current investment. With a SAFE, the investor gets the right to receive the security issued in the issuer’s next major funding round, typically preferred stock and usually at a discount to the next round’s price.  In a SAFT, the investor is given the right to receive tokens, also at a discount, typically once the network is created and the tokens are fully functional.

My first observation is that there may be some confusion in the media regarding SAFTs and Federal securities law, with some seeming to suggest that there may be a conflict of opinion about whether the SAFT itself is a security or whether the contract itself is illegal or non-compliant.  I’ve seen statements such as “what will happen to those who invested time and money if SAFTs don’t satisfy securities law?” and “what happens if the SEC comes out and says SAFTs are illegal”? Crowdfund Insider ran a piece with this provocative title: “Bad News: SAFTs May Not Be ‘Compliant’ After All”.

There should be no controversy regarding the SAFT itself (as opposed to the tokens that ultimately get issued). Protocol Labs and Cooley’s SAFT White Paper states in no uncertain terms that the SAFT is a security and must satisfy an exemption from registration, and contemplates compliance with Rule 506(c) under Regulation D.  I haven’t seen or heard anyone suggesting otherwise.  In fact, each SAFT investor is required to represent in the SAFT that it “has no intent to use or consume any or all Tokens on the corresponding blockchain network for the Tokens after Network Launch” and “enters into this security instrument purely to realize profits that accrue from purchasing Tokens at the Discount Price”. Accordingly, there should be no Federal securities law issue with the issuance of the SAFT itself, assuming of course that the issuer complies with Rule 506(c)’s requirements, i.e., disclosure obligations, selling only to accredited investors, using reasonable methods to verify accredited investor status and filing Form D.

The real issue is whether the eventual tokens, assuming they are issued to investors only when the network is created and the tokens fully functional, are necessarily not securities because of their full functionality.  SAFT proponents argue that fully functional tokens fail the “expectation of profits” and/or the “through the efforts of others” prongs of the Howey test, and thus should not be deemed to be securities. The SAFT White Paper analyzes these two prongs of the test from the perspective of the two likely categories of purchasers of tokens: actual token users and investors.  In the case of actual users, their bona fide desire to make direct use of the relevant consumptive aspect of a token on a blockchain-based platform predominates their profit-seeking motives, so arguably they fail the “expectation of profit” prong of Howey.  Investors, on the other hand, clearly expect a profit from resale of the tokens on a secondary market; that profit expectation, however, is usually not predominantly “through the efforts of others” (because management has already brought the tokens to full functionality) but rather from the myriad of factors that cause the price of assets to increase or decrease on an open market.

Opponents of the SAFT approach (see, e.g., Cardozo Blockchain Project’s Not So Fast—Risks Related to the Use of a “SAFT” for Token Sales) reject the concept of a bright-line test, i.e., they reject the notion that the question of whether a utility token will be deemed a security solely turns on whether the token is “fully functional”.  They maintain that courts and the SEC have repeatedly, and unambiguously, stated that the question of whether or not an instrument is a security is not subject to a bright-line test but rather an examination of the facts, circumstances and economic realities of the transaction.  Opponents also assert that the SAFT approach actually runs the risk of increasing regulatory scrutiny of utility token issuers because of the emphasis on the speculative, profit-generating aspects of the utility tokens (e.g., the investor reps referred to above), which could ironically transform an inherently consumptive digital good (the token itself) into an investment contract subject to federal securities laws.  Others have suggested that reliance on the efforts of management doesn’t end with full functionality of the tokens, and that ultimately the success of the network and hence the investment will turn on whether management is successful in overcoming competition.

If anything, the Commission’s subpoena campaign suggests that the SAFT opponents correctly predicted the increased regulatory scrutiny.  And the increased regulatory scrutiny through the subpoena campaign is a stark warning to ICO issuers and counsel that SAFTs may not be completely safe after all.

Last month, Secretary of the Commonwealth of Massachusetts William Galvin made good on his promise to conduct an exam sweep of ICOs in Massachusetts.  On January 17, the Enforcement Section of the Massachusetts Securities Division brought its first ICO related enforcement action, an administrative complaint against a company called Caviar and its founder Kirill Bensonoff for violations of state securities laws in connection with Caviar’s ICO. The complaint likely portends increased willingness on the part of state securities administrators to bring enforcement actions against ICO sponsors.  It also offers important lessons about how to conduct offshore ICOs so as to minimize the risk of offers and sales being deemed to be made to U.S. residents.

The complaint tells us that Caviar is a Cayman Islands company that has no actual place of business there, operating instead principally in founder Bensonoff’s home in Massachusetts.

The Caviar token offered in the ICO (CAV) was clearly a securities token; no pretense of a utility token here. Proceeds from the ICO were to be pooled and used to finance the acquisition of a portfolio of various cryptocurrencies, and also to finance short term “flips” of residential real estate properties. Purchasers of CAV tokens were told they would receive quarterly dividends equal to their pro rata share of 75% of the combined profits from this pooled investment fund of cryptocurrencies and real estate debt. Basically, Caviar was a virtual hedge fund and its tokens had key attributes of limited partnership or membership interests, i.e., they were securities.

The real interesting issue in this dispute would seem to be whether the offering was properly conducted offshore as intended and thus outside the jurisdiction of Massachusetts’ Securities Division (or any other securities regulators in the U.S.). Caviar’s argument would seem to be that the offering was made offshore and that they employed safeguards to ensure that no offers and sales were made to United States persons. Caviar’s ICO white paper states that United States persons (within the meaning of Rule 902 of Regulation S) are excluded from the offering and are explicitly restricted from purchasing CAV.

Before the complaint was filed, investors apparently had been purchasing CAV by visiting Caviar’s website at www.caviar.io (after the complaint was filed, the site was modified to greet U.S. persons with the following message: “It appears you are accessing caviar.io from United States of America.  Unfortunately, this website is not available in the United States of America.”).  To register for the offering, prospective investors were asked to provide an e-mail address and check two boxes. The first box indicated “Not U.S. person”, and the second box stated that the investor consulted with an experienced lawyer who advised the investor that he or she is eligible to invest. Caviar retained the services of an independent third party to screen out ineligible persons based on internet protocol addresses, i.e., numeric labels assigned to users or devices by internet service providers. If an individual was identified as a potentially prohibited purchaser, he or she would be prompted to upload copies of a government-issued photo identification. In sworn testimony given by Bensonoff before the Securities Division in this matter, he stated that “as far as [he knows], there’s not a single U.S. investor who has contributed.”

In the complaint, the Securities Division asserts that Caviar’s procedures to prevent the sale of CAV to U.S. investors are inadequate because Caviar’s identity verification procedures were relatively easy to circumvent. To prove the point, it had one of its investigators apply to participate in the Caviar ICO using the name of a “popular cartoon character”. The complaint doesn’t identify the cartoon character, perhaps in an effort to protect the Securities Division’s sources (if not its methods). When prompted to upload a photo ID (apparently because the investigator’s IP address indicated he was located in the U.S.), the investigator uploaded a photo of a government-issued photo ID obtained using a Google Image search. But the name, address, and date of birth listed on the submitted ID image didn’t match the personal information provided earlier by the investigator. Nevertheless, the investigator’s identity was “verified,” and the investigator was approved to participate in the Caviar ICO.

The complaint brought by the Massachusetts Securities Division offers some useful lessons for properly conducting an offshore ICO.  First, investor check-the-box self-certification will not suffice in the absence of effective verification measures by the sponsor to screen out ineligible persons. Second, inasmuch as it’s possible to identify applicants’ approximate geolocation based on internet protocol addresses, offshore ICO sponsors should carefully monitor the IP addresses of online investor applicants. Third, all applicants should be prompted to upload a copy of a government-issued photo ID, which should be carefully checked by the sponsor (either directly or through independent third parties) against other personal information provided by the investor.  Fourth, any attempt emanating from a U.S. IP address to open a link to an offshore ICO site should be directed to an alternate dead-end page that states nothing more than that the person seeking access appears to be in the U.S. and that the website is not available in the U.S.  Finally, a sponsor’s culpability will not be mitigated by lack of actual knowledge of any U.S. person purchases.

December 11, 2017 was a day of reckoning for entrepreneurs conducting or contemplating initial coin offerings, and for securities professionals who advise them.  First, a company selling digital tokens to investors to raise capital for its blockchain-based food review service abandoned its initial coin offering after being “contacted” by the Securities and Exchange Commission, and agreed to a cease-and-desist order in which the SEC found that its ICO constituted an unregistered offer and sale of securities. On the same day, SEC Chairman Jay Clayton issued a “Statement on Cryptocurrencies and Initial Coin Offerings”, warning “Main Street” investors and market professionals about investing and participating in ICOs, and reiterated the SEC’s determination to apply the securities laws to transactions in digital tokens. These two actions are the latest in a series of steps by the SEC to send a clear message that it intends generally to enforce the securities laws with respect to ICOs that emphasize the profit potential of tokens where such profit derives from the efforts of the entrepreneurs of the underlying project.

Cease and Desist Order

Munchee Inc. is a California-based company that developed an iPhone app for people to review restaurant meals. In October and November 2017, Munchee offered and then sold digital tokens it called “MUN” to be issued on a blockchain, seeking to raise approximately $15 million to improve the app and recruit users to eventually buy ads, write reviews, sell food and conduct other transactions using MUN. On or about October 31, 2017, Munchee started selling the MUN tokens. The next day, Munchee was “contacted” by the SEC staff, probably threatening cease and desist proceedings. The message was communicated loud and clear, because within hours Munchee stopped selling MUN tokens and promptly returned to purchasers the proceeds that it had already received. In anticipation of the institution of cease and desist proceedings, Munchee submitted an offer of settlement and consented to entry of the cease-and-desist order.

Despite Munchee holding itself out as offering a utility token that is not a security, the SEC’s position was that the MUN token was a security because the totality of Munchee’s efforts relating to the ICO resulted in a purchasers’ reasonable expectation of profits from the entrepreneurial efforts of Munchee’s management team. Interestingly, Munchee’s white paper included a three page legal disclaimer stating that it conducted a Howey analysis with the assistance of counsel and concluded that its MUN utility token didn’t pose a “significant risk of implicating federal securities laws”. As the order notes, however, the white paper did not set forth the actual analysis.

The SEC’s case that Munchee’s ICO of MUN tokens was a securities offering rests largely on the following arguments:

  • Token purchasers were led to believe that efforts by Munchee would result in an increase in value of the tokens.
  • Increase in value of the MUN tokens would occur whether or not purchasers ever used the Munchee restaurant app or otherwise participated in the MUN “ecosystem”.
  • Munchee emphasized it would take steps to create and support a secondary market for the tokens.
  • Promotional efforts included blatant predictions of increase in value of the token.
  • The ICO targeted digital asset investors, as opposed to targeting current users of the Munchee app or restaurant owners regarding the utility of the tokens.
  • ICO was promoted in worldwide publications, despite the app only being available in the United States.
  • Munchee paid people to translate offering documents into multiple languages, presumably to reach potential investors in other countries where the Munchee app was unavailable.

The order asserts that in the course of the ICO, Munchie and its promoters emphasized that investors could expect that there would be an increase in value of the MUN tokens resulting from efforts by Munchie, including paying users in MUN tokens for writing food reviews, selling both advertising to restaurants and “in-app” purchases to app users in exchange for MUN tokens, and working with restaurant owners so diners could buy food with MUN tokens and so that restaurant owners could reward app users in MUN tokens.

Munchee also emphasized in the ICO that it would take steps to create and support a secondary market for its tokens, including potentially burning (i.e., taking out of circulation) a small fraction of MUN tokens whenever a restaurant pays Munchee an advertising fee and buying or selling MUN tokens using its retained holdings in order to ensure there was a liquid secondary market for MUN tokens.

The SEC chose not to impose a civil penalty here, largely because of the remedial acts promptly undertaken by Munchee and the cooperation it afforded to the SEC staff.  Instead, the SEC ordered Munchee to cease and desist from committing or causing any violations and any future violations of Sections 5(a) and (c) of the Securities Act.  This is no slap on the wrist, however, inasmuch as it disqualifies Munchee from engaging in the next five years in an offering exempt under Regulation A or Rule 506 of Regulation D, the two likely securities exemptions for ICOs.

Chairman Clayton’s Statement

On the same day as the Munchee cease-and-desist order, SEC Chairman Jay Clayton issued a “Statement on Cryptocurrencies and Initial Coin Offerings” directed principally at “Main Street” investors and market professionals (including broker-dealers, investment advisers, exchanges, lawyers and accountants). The Statement asserts that in the aftermath of the SEC’s July 2017 investigative report applying securities law principles to demonstrate that the DAO token constituted an investment contract and therefore was a security, certain market professionals had attempted to highlight utility characteristics of their proposed tokens in an effort to claim that the tokens were not securities. “Many of these assertions appear to elevate form over substance”, Chairman Clayton noted, and that “replacing a traditional corporate interest recorded in a central ledger with an enterprise interest recorded through a blockchain entry on a distributed ledger may change the form of the transaction, but it does not change the substance”.

Particularly chilling for me as a securities lawyer was the following admonition by Chairman Clayton:

“On this and other points where the application of expertise and judgment is expected, I believe that gatekeepers and others, including securities lawyers, accountants and consultants, need to focus on their responsibilities. I urge you to be guided by the principal motivation for our registration, offering process and disclosure requirements: investor protection and, in particular, the protection of our Main Street investors” (bold appears in original Statement).”

In the Statement, Chairman Clayton presents interesting hypothetical contrasting business models for the distribution of books to illustrate the difference between a utility token and a securities token. An example of what would be characterized as a utility token that’s not a security would be a book-of the-month club selling tokens representing participation interests in the club as simply an efficient way for the club’s operators to fund the future acquisition of books and facilitate the distribution of those books to token holders. In contrast are interests in a yet-to-be-built publishing house where the token purchasers have a reasonable expectation of profit through the entrepreneurial efforts of the founders to organize the publisher’s authors, books and distribution networks. Chairman Clayton added that an additional circumstance contributing to a conclusion that a utility token is a security would be when promoters tout the secondary market trading potential of their tokens and the potential for the tokens to increase in value, which are “key hallmarks of a security and a securities offering”.

There should be no doubt about the seriousness with which Chairman Clayton is approaching the issue.  Toward the end of the Statement, he states that he has “asked the SEC’s Division of Enforcement to continue to police this area vigorously and recommend enforcement actions against those that conduct initial coin offerings in violation of the federal securities laws”.

Bloomberg reported on October 16 that over $3 billion dollars have been raised in over 200 initial coin offerings so far this year. It remains to be seen whether the pace of ICOs will slow down in the face of regulatory headwinds such as the outright ICO bans in China and South Korea. Here in the United States, the Securities and Exchange Commission has been sounding alarm bells. On July 25, the SEC’s Division of Enforcement issued a Report of Investigation finding that tokens offered and sold by a virtual organization known as “The DAO” were securities and therefore subject to the federal securities laws. I blogged about it here. On the same day the SEC issued the report, its Office of Investor Education and Advocacy issued an investor bulletin to make investors aware of potential risks of participating in ICOs.  Then on September 29, it charged a businessman and two companies with defrauding investors in a pair of ICOs purportedly backed by investments in real estate and diamonds. And on November 1, it issued a “Statement on Potentially Unlawful Promotion of Initial Coin Offerings and Other Investments by Celebrities and Others”, warning that any celebrity or other individual who promotes a virtual token or coin that is a security must disclose the nature, scope, and amount of compensation received in exchange for the promotion.

Needless to say, the days of ICOs flying below the SEC’s radar are over, and developers conducting token sales to fund the development of a network need to be aware of the securities law implications of the sale.  In its Report of Investigation, the SEC made clear (what most of us suspected all along) that the traditional Howey test for determining whether a funding mechanism is an ”investment contract” and thus a “security” applies to blockchain based tokens. I won’t go into a deep dive here. For those wanting to jump into the weeds, Debevoise has done a pretty good job on this. But the basic test under Howey is that an agreement constitutes an investment contract that meets the definition of a “security” if there is (i) an investment of money, (ii) in a common enterprise, (iii) with an expectation of profits, (iv) solely from the efforts of others.

It’s useful to consider that blockchain tokens fall generally into two broad categories. “Securities tokens” are basically like shares in a corporation or membership interests in a limited liability company where the purchaser receives an economic right to a proportional share of distributions from profits or a sale of the company. On the other hand, “utility tokens” don’t purport to offer purchasers an interest or share in the seller entity itself but rather access to the product or service the seller is developing or has developed. Unfortunately, there exists virtually no SEC or case law guidance on securities law aspects of utility tokens. The token at issue in the SEC’s investigative report on The DAO was a securities token. The DAO was a smart contract on the Ethereum blockchain that operated like a virtual venture fund. Purchasers would share in profits from the DAO’s investments and so the tokens were like limited partnership interests.

The question of whether utility tokens are securities may turn on whether the blockchain network for which the tokens will function is fully functional or still in development, and an interesting debate has emerged as to whether there should be a bright line test on that basis.

One side of the debate, advanced by Cooley (Marco Santori) and Protocol Labs (Juan Batiz-Benet and Jesse Clayburgh), is that purchasers of utility tokens prior to network launch and before genuine utility necessarily rely on the managerial and technical efforts of the developers to realize value from their tokens. Accordingly, agreements for the sale of pre-functional tokens meet the “expectation of profit” and “through the efforts of others” prongs of Howey and should be characterized as securities. On the other hand, fully functional utility tokens should not be considered securities because they fail the “through the efforts of others” prong of Howey and maybe even the “expectation of profit” prong.  Purchasers of fully functional tokens are likely to be people seeking access to the seller’s network as consumers or app developers with any expectation of profit from appreciation of the tokens being a secondary motivation, so the expectation of profit prong of Howey fails as to those purchasers. The same conclusion should apply even as to the other type of purchaser who is motivated primarily by the prospect of a token resale for profit because the profit that is hoped for is not expected to come through the managerial or entrepreneurial efforts of the developers, but rather through the many different independent forces that drive supply and demand for the tokens. There is a line of cases involving contracts for the purchase of commodities holding that they are not securities because the expectation of profit was solely from fluctuations in the secondary market, and not from any efforts on the part of the producer. Fully functional tokens are analogous to commodities in that the token developers have completed development of the network, and so there should not be any expectation that profit will result from any further efforts by the seller.

On the other side of the debate is Debevoise, which advocates for a facts and circumstances approach, rejects the bright line test of whether or not a utility token is fully functional and offers several arguments. The determination of whether an agreement is an investment contract and thus a security has long been based upon a facts and circumstances analysis. A blockchain token is not a homogenous asset class; a token could be a digital representation of an equity or debt security but it could also represent things like hospital records or a person’s identity, and that particular character of the token is unaffected by whether the network is or is not fully functional. Also, there is an implicit recognition in the JOBS Act that pre-order sales on non-equity crowdfunding sites like Kickstarter and Indiegogo are not sales of securities, and that pre-functional utility token sales should be analyzed the same way.  It also questions whether agreements by a mature company to presell a new product in development would automatically be deemed an investment contract. Finally, there’s the difficulty of determining when exactly a token is fully-functional given the complexity of software and network development.

Seems to me that the arguments on both sides of the utility token debate have merit.  I do think there’s a distinction, though, between pre-order sales of product by a mature company and a sale of pre-functional tokens, in that the tokens most likely can be sold on a secondary market, with any profit likely resulting from the entrepreneurial efforts of the developer.  I also think that until we have guidance from the SEC and/or judicial opinions on the issue, the better approach is to treat clearly pre-functional tokens as investment contracts and conduct their sale under an exemption from registration.

On July 25, 2017, the SEC’s Division of Enforcement issued a Report of Investigation (the “Report”) that concluded that the tokens issued in an initial coin offering (“ICO”) by a decentralized autonomous organization called “The DAO” were “securities” and that the ICO itself should either have been registered with the SEC under the Securities Act of 1933 or qualified for an exemption therefrom. Importantly, the Report does not conclude that all ICO tokens are securities or that ICOs must either be registered or satisfy the requirements for an exemption from registration. The Report provides important guidance, however, to blockchain startups and other entities seeking to raise capital in the United States through ICOs as to how to structure those offerings from a regulatory standpoint.

Initial Coin Offerings

An initial coin offering is a crowdfunding technique used primarily by blockchain startups in which the issuer sells cryptocurrency tokens or coins that entitle the purchaser to certain rights ranging from access to the issuer’s product or service once it is available (similar to pre-order based non-equity crowdfunding on sites such as Kickstarter or Indiegogo) to a share in the issuer’s profits (similar to equity based crowdfunding). Purchasers also typically have the right to resell their tokens on an online exchange. Purchasers make their contributions in the form of either fiat currency (e.g., U.S. dollars) or, more typically, virtual currency (e.g., bitcoin or ether). The offering and sale of the tokens are made directly to the public using blockchain technology to bypass conventional capital markets intermediaries and regulatory regimes. Advertising and information releases occur on the issuer’s website and on online forums such as Bitcointalk and Reddit.

Looming over the emerging ICO industry is the issue of whether ICOs are offerings of securities. Some issuers have chosen not to take the risk of offering and selling unregistered securities in the United States and have instead offered and sold ICO tokens only to non-U.S. persons. Among the most popular non-U.S. markets are Singapore, one of the first jurisdictions to adopt a regulatory sandbox and other regulatory relief initiatives for fintech companies, and Switzerland, whose “Crypto Valley” is a major center of blockchain startups. Other issuers in the U.S. have attempted to steer clear of possible regulation by limiting rights of token holders to access to products or services upon availability.

The DAO Initial Coin Offering

The DAO was a virtual entity referred to as a decentralized autonomous organization (i.e., not a corporation, LLC or other legal entity) formed to sell virtual tokens to raise capital for future projects, a variation on an investment fund.  DAO token holders would have the right to share in the earnings from the projects and could otherwise monetize their investments in DAO tokens by reselling them in online platforms serving as secondary markets.  The idea behind this virtual organization was to replace traditional corporate governance and decision making with smart contract coding on a blockchain.  But in addition to the automated governance structure, the DAO did have a human component as well in the form of “curators” who maintained ultimate control over which proposals would be submitted to and voted on by token holders and then funded by the DAO. A majority vote of the DAO token holders was required for a project to be funded.

The SEC’s Analysis

Section 5 of the Securities Act requires that every offer and sale of securities in the United States either be registered with the SEC or satisfy the requirements of an exemption from registration.  But are ICO tokens securities?  Under Section 2(a)(1) of the Securities Act, a security includes an “investment contract”, which was determined in the seminal case of SEC v. W.J. Howey Co. to mean an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.   In determining whether an investment contract exists, the investment of “money” need not take the form of cash. Investors in the DAO used ETH to make their investments. The Report makes clear that such investment is the type of contribution of value that can create an investment contract under Howey.

The Report then found that investors who purchased DAO tokens were investing in a common enterprise and reasonably expected to earn profits through that enterprise when they contributed ETH to the DAO in exchange for DAO tokens. The DAO’s various promotional materials informed investors that the DAO was a for-profit entity whose objective was to fund projects in exchange for a return on investment. The Report also found that investors expected profits to be derived from the managerial efforts of others—specifically, the DAO’s founders and curators. Because the investors did have an ostensible management role – voting on proposed projects — the central issue was whether the efforts of “others” were undeniably significant and essential to the failure or success of the enterprise. In this regard, the Report found that the DAO’s investors relied on the managerial and entrepreneurial efforts of the founders and the DAO’s curators to manage the DAO and put forth project proposals that could generate profits for the investors. The founders of the DAO also held themselves out to investors as experts in Ethereum, the blockchain protocol on which the DAO operated, and told investors that they had selected persons to serve as curators based on their expertise and credentials. Although DAO token holders were afforded voting rights, the SEC determined that such rights did not provide the holders with meaningful control over the enterprise because (1) their ability to vote for contracts was largely “perfunctory” (they could only vote on proposals that had been cleared by the curators); and (2) their pseudonymity and dispersion made it difficult for them to communicate or join together to effect change or exercise meaningful control.

A second major issue weighing on the ICO industry has been whether the online platforms on which ICO tokens are traded need to be registered under the Securities Exchange Act of 1934 as national securities exchanges.   Section 3(a)(1) of the Exchange Act defines an “exchange” as any group or entity that “provides a marketplace or facilities for bringing together purchasers and sellers of securities or for otherwise performing with respect to securities the functions commonly performed by a stock exchange…”.  Under Exchange Act Rule 3b-16(a), a trading system meets the definition of “exchange” under Section 3(a)(1) if the platform “(1) brings together the orders for securities of multiple buyers and sellers; and (2) uses established, non-discretionary methods (whether by providing a trading facility or by setting rules) under which such orders interact with each other, and the buyers and sellers entering such orders agree to the terms of the trade”. Alternatively, a platform could operate as an alternative trading system exempted from the definition of “exchange” if it registers as a broker-dealer, files a Form ATS with the SEC to provide notice of its operations and complies with the other requirements of Regulation ATS. The Report concluded that the platforms on which the DAO tokens were traded were exchanges under the foregoing Rule 3b-16(a) criteria, and thus should have been registered, because they provided users with an electronic system that matched orders from multiple parties to buy and sell DAO tokens for execution based on non-discretionary methods.

Key Takeaways

It’s unclear why the SEC determined to issue an investigative report rather than pursue an enforcement action against the DAO, its promoters and the exchanges on which the ICO tokens were traded. The underlying conclusions, however, are not surprising. Virtual currencies such as bitcoin and ether are “value” and ICOs in which purchasers have a reasonable expectation of profit through the efforts of the issuer’s promoters are securities offerings which must either be registered or qualify for an exemption. Giving investors “perfunctory” voting rights on proposals presented by promoters’ agents will not be enough to overcome a presumption that the investors expect a profit through the efforts of others. It’s worth noting that the SEC did not address ICOs of so called “access tokens” in which purchasers are given only a right to future products or services but no opportunity for profit. Such ICOs would need to be structured very carefully to ensure that contributors have no “reasonable expectation of profit”, and it’s unclear whether as a practical matter issuers will be able to raise significant amounts without offering a profit incentive. Finally, the Report puts ICO platforms on notice that electronic systems that match orders from multiple parties to buy and sell tokens based on non-discretionary methods must register either as a national securities exchange or as a broker dealer under Regulation ATS.