Guide to the US Federal regulatory landscape
On June 14th the SEC director of the corporate finance division, William Hinman, finally declared that Bitcoin and Ethereum are not securities, but rather, commodities that may be legally traded on the open market. This proclomation wasn’t all that groundbreaking, SEC Chairman Jay Clayton made similar statements in December of last year, but nevertheless, casual observers and investors breathed a collective sigh of relief and took it as vindication, all the while ignoring the implications for the vast majority of tokens. The fact is, most tokens on the market today are unregistered securities and the oft-prophesied “crypto bubble pop” will likely take the form a major breach of trust or technical failure of one or more of these coins.
Now, the point of this article is not to trash unsophisticated investors or finger-wag less-than-scrupulous blockchain developers, but rather to give a general overview of the regulatory landscape in the US so investors and developers can make more informed decisions about the projects they hope to support. The possibilities opened up by blockchain technology may seem endless, but excitement around new technology often blinds individuals to the reality that amoral actors have and will continue to exploit this excitement for personal financial gain through fraudulent and misleading capital accumulation tactics (looking at you BitConnect).
It is through this lens that you should understand SEC regulation. The SEC was founded in 1934 to protect investors from the sort of securities fraud that was rampant in the 1920’s and played a huge role in the crash of 1929. Director Hinman put it like this, “The impetus of the Securities Act is to remove the information asymmetry between promoters and investors. In a public distribution, the Securities Act prescribes the information investors need to make an informed investment decision, and the promoter is liable for material misstatements…These are important safeguards, … As an investor, the success of the enterprise … turns on the efforts of the third party. So learning material information about the third party – its background, financing, plans, financial stake and so forth – is a prerequisite to making an informed investment decision.”
To that end, the SEC requires that the issuer of an investment contract – More often referred to as a security – register, and provide material information to prospective investors. So what constitutes a security in the view of the SEC? In general, the SEC views securities through the lens of a 1946 Supreme Court ruling SEC v. W.J. Howey Co. which established a simple four pronged test to determine if a transaction is, in fact, a security. Is it (1) an investment of money (2) in a common enterprise (3) with an expectation of profit (4) derived from the efforts of others? If so, it’s a security as far as the Federal Government is concerned. It is important to note, for a transaction to be considered a securities transaction, it must meet all four prongs of the Howey test, otherwise no disclosure is required (It is, however, a taxable event, but how and when to report it is beyond the scope of this article). Again, this is a general test, the SEC approaches enforcement actions on a case-by-case basis and considers the “economic reality” first and foremost.
The recent statements by Hinman and Clayton are ultimately unsurprising because they are merely extensions of previous regulatory actions on the part of the SEC. The SEC’s investigation of The DAO is particularly instructive when it ccomes to understanding how the Howey test is applied to cryptocurrency.
If you are unfamiliar with The DAO, consider yourself lucky. Briefly, The DAO, or Genesis DAO, was a distributed venture capital fund, built on the Ethereum network, that allowed all DAO token holders to vote on which projects the fund should support. A novel idea that unintentionally raised $120 Million at a time when the ETH price was hovering around $20. This accounted for ~13% of the total ETH supply making The DAO systemically important to the Ethereum ecosystem. Unfortunately for slock.it, the company that wrote The DAO code, DAO token holders, and the Ethereum community at large, the smart contract was vulnerable to a bug that allowed an attacker to drain around $60 million in just under 3 hours. To correct this horrible mistake, the Ethereum community initiated a hard fork before the attacker could withdraw their funds, and thus, created Ethereum Classic. (It’s an incredibly interesting story that you can read more about here for slock.it’s perspective or here for a focus on the regulatory implications).
Shortly thereafter, the SEC initiated an investigation and issued a ruling that it considered The DAO in violation of federal securities law, but curiously, chose not to pursue enforcement action (likely because all ETH had since been returned to investors). The DAO was clearly an investment of money in a common enterprise with an expectation of profit, but had the SEC pursued an enforcement action, slock.it would have argued that the expectation of profit was not derived from the managerial efforts of others. Afterall, how could the profit be derived from the effort of others if every token holder has a proportional vote on which direction to take the company? This is why in the final report, the SEC spends three paragraphs establishing the first three prongs of the howey test, and then spends three full pages establishing the final prong. Their argument boils down to two basic principles, 1) the efforts of a central third-party was essential to the functioning of the enterprise and 2) the token holder’s voting rights were limited to the choices presented to them by the central third-party.
This pretty well sums up the view of the SEC regarding token sales. Matt Levine puts it like this in his wonderful piece for Bloomburg: “There are…two sorts of crypto-token use cases … One kind—represented by Ethereum…involves a vision of a decentralized ecosystem not owned by anyone. The point of an ICO, here, is to raise enough money for a small group of founder-visionaries to build the basic infrastructure, but once they have done that their role melts away. The system—like Bitcoin—becomes self-maintaining; it is not owned by an entrepreneur who profits from it but collectively by the people who use it. The tokens allow people to use the system—to pay for computing power or file storage or whatever—but also create decentralized incentives to maintain it…The other kind is just, you start a company, and you think up a product, and you raise way too much money for your company by pre-selling that product in the form of tokens that also have a speculative component…The company never gives up control of the ecosystem. …companies raise money by selling speculative things with no ownership rights to investors hoping for a quick profit, and then say “what? It has no ownership rights! It can’t be a security!”—that thing is very squarely in the SEC’s wheelhouse.” The DAO was an example of the second kind of token.
So what should prospective investors and developers take away from this? First, as an investor getting involved in a token sale, what is the function of the token and what is the role of the development team? Is it a token of intrinsic value that can be used in exchange for services over the network (i.e. cloud storage, computing power, etc.) or is it merely a promotional token designed to raise funds for a platform where the token will be useless? A good way to test this is to interrogate the company’s “Free-to-play” model. Basically, how easy is it to earn the token by participating in the network? Can you buy third-party hardware that allows you to participate in the network infrastructure a la Bitcoin or Ethereum? Can you contribute content that rewards you in tokens from other users a la STEEM? In the case of an ICO, does that functionality exist at the time of the sale? (The SEC makes no distinction when it comes to “utility tokens” that have no use at the time of sale. If it promises future functionality, its probably a security)
Even if the token is unproblematic, the role of the developers can still make it a securities offering. Are they only concerned with raising enough to make a sufficiently decentralized network such that the role of the development team is minimized? Again, from Hinman’s statement: “As a network becomes truly decentralized, the ability to identify an issuer or promoter to make the requisite disclosures becomes difficult, and less meaningful.”
Even more important is the nature of the promotional efforts. The DAO report focused heavily on the marketing efforts of the DAO, and concluded that the promoters emphasis on secondary-market profit potential was a key indicator of its status as a security.
It is unfortunately unclear where the SEC is going to draw the line in future enforcement actions. Hinman noted, ”…putting aside the fundraising that accompanied the creation of Ether, based on my understanding of the present state of Ether, the Ethereum network and its decentralized structure, current offers and sales of Ether are not securities transactions.” It may be the case that the SEC will wait for more legislative guidance before going after Ether-style ICOs in the future, but it also may be the case that Ethereum is getting a pass because their illegal security was incepted before the SEC had their eye on cryptocurrencies.
Either way, it’s easy for a developer to read all this and feel a bit discouraged. You might be asking “How can I get my project funded and still avoid scrutiny from the SEC?” The easy answer is: don’t!
Again, from hinman’s speech:
“I believe some industry participants are beginning to realize that, in some circumstances, it might be easier to start a blockchain-based enterprise in a more conventional way. In other words, conduct the initial funding through a registered or exempt equity or debt offering and, once the network is up and running, distribute or offer blockchain-based tokens or coins to participants who need the functionality the network and the digital assets offer. This allows the tokens or coins to be structured and offered in a way where it is evident that purchasers are not making an investment in the development of the enterprise.”
In other words, just bite the bullet. Your offering is likely a securities offering that has the potential to evolve into a utility token, so conduct your initial funding round through either a Regulation A or Regulation D exemption.
Reg A and D exemptions place limits on both how much capital an offering can raise, and who can participate in the offering. These exemptions allow ICO’s to raise as much as $50 million over a twelve month period, providing all participants are either “accredited” or “sophisticated” which are narrowly defined terms meaning they have enough cash-flow or investment experience (respectively) to accept the risk of investment in a venture with minimal SEC reporting and disclosure requirements.
As this article’s title suggests, we’ve only really covered the federal regulatory regime in the United States, however, each state has its own securities law that companies in their jurisdiction must comply with. This opens up an interesting third exemption that may be applicable in states that have or soon will implement their own specific, cryptocurrency regulation – Wyoming, New Hampshire, and Delaware come to mind.
Wyoming legislation and other state cryptocurrency regulation efforts are still uncertain
For instance, the Wyoming legislation provides an exemption for token sales meant to support the development of a platform for a utility token before that token is functional – in direct opposition to the SEC position linked to above. Theoretically, that makes it possible for a startup to register in Wyoming, sell tokens to investors only in Wyoming, and claim a rule 147 intrastate exemption from federal securities law.
The implications of the Wyoming legislation and other state cryptocurrency regulation efforts are still uncertain. I’ll be diving into this subject in my next article so stay tuned for more information on this evolving conversation. Remember to invest with caution, leave any questions you have in the comments below.
This article was written for informational and educational purposes only and should not be construed as legal, financial, investment, or medical advice. Please contact a qualified Investment advisor or legal professional before making any financial decisions. Please see a doctor if you have an adverse reaction to anything contained above (or if you experience an erection lasting longer than 4 hours)(I like this joke but I’m also willing to cut it if you feel it’s too silly and unprofessional).
- Security Risks in Medical IoT Devices – MEDJACK Malware Review - October 29, 2018
- Guide to the US Federal regulatory landscape - July 16, 2018