SEC to ICO Players: Our Game, Our Rules
On July 25, 2017, the U.S. Securities and Exchange Commission (the “SEC”) published an investigative report (the “Report”) cautioning market participants that the offer and sale of digital assets such as “coins” or “tokens,” often acquired through a process known as an “initial coin offering” (“ICO”), may be considered securities, thus subjecting them to the requirements of federal securities laws.
Increasingly, developers and entrepreneurs generate and transfer digital assets such as tokens on blockchains. Blockchain technology is a relatively new development and can be a difficult concept to grasp at first. Blockchain, as a concept, is often conflated with Bitcoin and other digital currencies called “cryptocurrencies.” The headlines we see often focus on the more deplorable uses for the technology—using Bitcoin to purchase drugs and weapons, for example. However, the reality is that Bitcoin and blockchain technology are no different from many other technologies. For example, the dollar itself is used for many purposes, both noble and nefarious. Blockchain technology and its derivatives, like Bitcoin, have the potential to disrupt several sectors of the global economy and the way we live our lives. Because this technology, and the terminology associated with it, is only just beginning to make its way into our collective cognizance, this article first explores two core technological concepts before delving into the SEC’s analysis of ICOs: blockchain and cryptocurrency.
When people think of blockchain, they usually think of Bitcoin. Although it is probable that one would not exist without the other, they are not the same thing. A blockchain is an open, decentralized database of transactions. It is technology with potential use cases in a myriad of forums including currency, property, and even elections. A blockchain’s function is to create a record whose authenticity is verified by a network of computers rather than a central institution. It is special because it brokers trust between multiple parties without facilitation by a third party.
So how does it work?
Think of the last purchase you made—chances are you paid with plastic. You pulled a card out of your wallet and swiped it on a vendor’s console to pay for something. We do not usually think of the few seconds between swiping and getting our receipt as a time when a third party is vouching for our ability to pay, but that is exactly what is happening.
After you swipe, your account data is routed from the vendor to the vendor’s bank, and then to the payment brand, which then forwards your information to the customer’s bank. The customer’s bank verifies whether the card is valid and that the underlying account has enough funds to cover the transaction. When the customer’s bank verifies that the amount of funds in the account is adequate, it generates an authorization code that is routed back to the card brand before the card brand forwards it to the merchant’s bank.
This system works because the bank ensures that the vendor receives payment for the particular good or service that it is providing to the customer. In other words, it is only after the bank signs off on a transaction that the vendor trusts its customer and completes the transaction. The bank, therefore, acts as a broker of trust. Without this trust, the vendor would be unwilling to release its goods or provide a service because doing so could result in nonpayment. For this trust, the vendor often pays a healthy fee of somewhere between 2-4% of the value of the transaction.
A transaction facilitated on a blockchain is different because it is processed on a distributed ledger. What is a distributed ledger, you ask? Think of a spreadsheet that holds all of the relevant details that a bank uses to evaluate your economic condition in processing a transaction—deposits, withdrawals, dates, and times—that is the ledger part. Now, imagine that the spreadsheet is available on a network of computers spread all over the world—that is the distributed part. Instead of requiring a third party, like a bank, to act as the gatekeeper to a person’s economic worthiness, the network processes and validates the transactions. The process goes something like this:
- an individual with a network address (an account) and a private key (a password) signs off on a transaction;
- the transaction is broadcasted to all of the computers on the network, individually referred to as “nodes”;
- the nodes race to review the digital ledger to determine whether the proposed transaction would compute with the other transactions in the ledger, that is, whether the holder of a private key has the requisite amount of a token to cover the transaction and related costs; and
- once verified, the individual’s transaction is recorded on a list of other recent transactions that are bundled up in a unit referred to as a block. The blocks are linked together to form a chain of data reflecting the current state of the ledger. As the number of transactions processed on a particular blockchain grows, so do the number of blocks linked together in the blockchain.
Should a person not have enough funds to process a transaction or try to spend the same coin twice, the transaction would fail to be recorded in any block.
Each node on the network provides the computing power to process transactions on a blockchain. What incentivizes a person to dedicate computing power to processing transactions on a blockchain? There may be many reasons, but the most common is the prospect of obtaining cryptocurrency. Let’s use Bitcoin as an example—when the nodes are done processing a transaction, the node responsible for the validation receives compensation in the form of Bitcoin. The more computing power provided by a particular node, the higher the chances of that node receiving the compensation derived from validating a transaction. This process of computing power allocation to process and validate transactions on a blockchain is referred to as “mining.”
Cryptocurrency, often called “digital currency,” refers to a form of currency based in cryptography; a web-based digital representation of value that functions in some respects as an alternative form of currency.” The Financial Crimes Enforcement Network (FinCEN) refers to digital currency as a form of currency that has many attributes of real currency, except for one: legal tender status in any jurisdiction. Currently, Bitcoin is the most recognized and widely used form of cryptocurrency. However, other forms of cryptocurrency, such as Ethereum’s Ether (“ETH”), with its capability to fuel “smart contracts,” have emerged and are gaining traction in blockchain circles. Like cash, which does not require the exchange of personal data to complete a transaction, cryptocurrency provides a measure of anonymity to a user in that the identities of the parties are encrypted and personal information is not exchanged; rather, the transaction is executed through network addresses and private keys.
Until the SEC issued its report, the advent of the “initial coin offering” presented business promoters with a new, inexpensive method of fundraising to acquire large amounts of capital without the need for the services of lawyers or traditional financial institutions. The process usually involves a company providing a summary of its vision for a specific project and instructions for interested investors to contribute cryptocurrency, such as Bitcoin or Ether, in exchange for the particular company’s token.
For some time, the ICO has represented a boon for developers and investors looking to launch innovative projects and companies; for example, a start-up called “Tezos” raised over $230 million through its ICO. ICOs have also provided swindlers with an amazing opportunity to make a quick buck (or, more often, a quick Ether or Bitcoin) by pretending to launch a new project only to take the “money” and run. Because the ICO space has been largely unregulated and unaddressed, companies utilizing an ICO fundraiser have not been required to provide would-be investors with the types of disclosures that would be required with an offer or sale of more traditional securities; nor have issuers been required to verify or scrutinize the financial sophistication of would-be investors. It is for these reasons that the SEC provided guidance in the Report.
In the Report, the SEC set out to answer two specific and interrelated questions: (1) whether DAO Tokens were securities, and (2) whether the federal securities laws were applicable to the offer and sale of DAO Tokens.
(a) The DAO—Background
The Report focuses specifically on a “Decentralized Autonomous Organization” known as “The DAO.” The SEC described a Decentralized Autonomous Organization as a virtual organization that is “embodied in computer code and executed on a distributed ledger or blockchain.”
The DAO was an unincorporated virtual organization founded by Slock.it UG, a German corporation and its founders. Its objective was to act as a for-profit entity that would fund various “projects.” To obtain the requisite capital to fund these projects, The DAO planned to raise funds and accumulate assets through the sale of digital tokens to investors. Investors holding DAO Tokens were able to vote on whether certain projects would be funded and stood to share in the earnings from the various projects as return on their investment. Additionally, holders of DAO Tokens had the option of liquidating their investment by re-selling their tokens on web-based exchanges that supported a secondary market for digital tokens.
The founders of The DAO and a select number of individuals known as “curators,” whom The DAO touted as experts in Ethereum and related business ventures, held a substantial amount of power and influence in the operation of The DAO. They pre-screened potential projects prior to presenting them to the investors for a vote, essentially acting as gatekeepers to the entire operation. In less than one month, from April to May of 2016, The DAO was able to raise around 12M ETH, then valued at around $150M.
In analyzing whether DAO Tokens were securities, the SEC pointed out that the definition of “security” under both Section 2(a)(1) of the Securities Act and Section 3(a)(10) of the Exchange Act includes “investment contracts.” The SEC then outlined just what constitutes an “investment contract” under precedent established in SEC v. W.J. Howey Co., via a test commonly referred to as the “Howey Test.” Under Howey, an investment contract is:
- an investment of money in a common enterprise;
- with a reasonable expectation of profits;
- to be derived from the entrepreneurial or managerial efforts of others.
To get to its conclusion, the SEC addressed each of the enumerated elements in turn.
i. An investment of money
The SEC noted that, although the test uses the word “money” and the investment provided by the investors came in the form of ETH, rather than fiat currency, “[s]uch investment is the type of contribution of value that can create an investment contract under Howey.”
ii. In a common enterprise with a reasonable expectation of profits
The DAO’s governance model allowed investors to vote on whether a particular project would be funded. Once funded, the investors holding DAO Tokens stood to share in the potential profits from these projects. The SEC concluded that token holders invested in a common enterprise in which reasonable investors “would have been motivated, at least in part, by the prospect of profits on their investment.”
iii. Derived from the entrepreneurial or managerial efforts of others
The DAO’s founders and curators were largely responsible for the operation of the enterprise: they determined and monitored the information provided to investors, safeguarded investor funds, and decided whether a proposed project should be put up for a vote by the investors. The investors, therefore, “had little choice but to rely on [the curators’] expertise.” As such, the SEC determined that “DAO token holders relied on the significant managerial efforts provided by Slock.it and its co-founders, and The DAO’s Curators” to such an extent that they were “essential to the overall success and profitability of any investment into The DAO.
The SEC concluded that the offer and sale of DAO Tokens to investors satisfied the elements of an investment contract. Therefore, DAO Tokens were in fact securities that were subject to the requirements of federal securities laws.
For the first time in blockchain tech’s short history, the SEC classified a blockchain derivative technology as a security, which is subject to the requirements set forth in the federal securities laws. Thus ending what, for a while, was an unhindered gravy train for developers and would-be blockchain entrepreneurs.
Other Potential Pitfalls
Although the scope of the Report was limited to the status of DAO Tokens as potential securities and the applicability of federal securities laws to those particular digital assets, the SEC pointed out that other aspects of the sale of DAO Tokens may implicate federal securities laws and subject issuers like The DAO to additional requirements.
For example, the Report does not address whether The DAO was an “investment company” as defined in Section 3(a) of the Investment Company Act. Companies considered investment companies must register with the SEC, unless they fall under an exception or qualify for an exemption from registration.
Typically, a company that issues securities is considered an “investment company” for securities laws purposes when it also: (1) holds itself out as a company that engages primarily in the business of investing, reinvesting, or trading in securities, (2) engages in the business of issuing face amount certificates of the installment type, or (3) engages in the business of investing, reinvesting, owning, holding or trading in securities, and owns investment securities having a value exceeding 40% of the value of the issuer’s total assets on an unconsolidated basis. In holding itself out as an entity in the business of investing, The DAO may very well have crossed into the realm of an unregistered investment company, which could have resulted in serious consequences. For example, The DAO’s contracts would have been rendered unenforceable by virtue of failing to comply with federal securities laws.
In addition, the Report touches on possible “exchange” level requirements triggered by the secondary market in which DAO Token holders were able to liquidate their investments in stating that the platforms supporting such trading “appear to have satisfied the criteria of Rule 3b-16(a) of the Exchange Act and do not appear to have been excluded from Rule 3b-16(b).” Under Section 5 of the Exchange Act, it is unlawful for any broker, dealer, or exchange to effect any transaction involving a security, or to report any such transaction, in interstate commerce, directly or indirectly, unless the exchange is registered as a national securities exchange under Section 6 of the Exchange Act.
On July 25, 2017, the world of blockchain enterprise was put on notice: federal securities laws are far reaching and will apply to offers and sales of securities that have a nexus to the United States, regardless of the method of facilitation or the name of the mechanism by which those securities are offered and sold. Innovation in this space is rapid—ideas and money flow fast. For entrepreneurs and developers in this space, the prospect of slowing the process down to conduct a thorough securities analysis may be tough to digest. However, frontloading the analysis and taking the necessary steps to ensure compliance with securities laws will help to ensure that your company’s fundraising efforts will not put you in the SEC’s crosshairs.
The SEC refrained from pursuing legal action against those responsible for The DAO, likely because they returned the money taken from investors after being hacked in June of 2016. However, since publishing the Report, over two hundred new ICOs have moved forward in their efforts to raise funds—rest assured, the SEC is watching.
 U.S. SECURITIES AND EXCHANGE COMM’N, REPORT OF INVESTIGATION PURSUANT TO SECTION 21(a) OF THE SECURITIES AND EXCHANGE ACT OF 1934: THE DAO, Release No. 81207, available at https://www.sec.gov/litigation/investreport/34-81207.pdf.
 See DEP’T OF THE TREASURY, FINANCIAL CRIMES ENFORCEMENT NETWORK, GUIDANCE: APPLICATION OF FINCEN’s REGULATIONS TO PERSONS ADMINISTERING, EXCHANGING, OR USING VIRTUAL CURRENCIES, FIN-2013-G001, March 18, 2013 available at https://www.fincen.gov/sites/default/files/shared/FIN-2013-G001.pdf.
 Supra note 1, at 1.
 15 U.S.C. § 77a et seq., available at: https://www.sec.gov/about/laws/sa33.pdf.
 15 U.S. Code § 78a, available at: https://www.sec.gov/about/laws/sa33.pdf.
 328 U.S. 293 (1946).
 Supra note 1 at 11.
 Id at 12.
 Supra note 1, citing SEC v. Glenn W. Turner Enterprises, 474 F.2d 476 (1972)
 15 U.S.C. § 80-1 et seq.
 See Klint Finley, A $50 Million Hack Just Showed That The DAO Was All Too Human, WIRED MAGAZINE, June 18, 2016, available at: https://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/.