Priya Aiyar is a partner at Willkie Farr & Gallagher LLP
One of the most significant regulatory developments of 2018 in the blockchain and virtual currency space is the SEC’s stepped-up scrutiny of digital token sales through “initial coin offerings.” Many of these ICOs involve what issuers and promoters regard as “utility tokens,” to be used or to have value on a network or platform to be built by the issuer. The SEC first made clear in July 2017 that, notwithstanding the utility features of such tokens, their sale can be a securities offering if buyers expect the token to increase in value based on the issuer’s efforts, particularly if the tokens are traded in secondary markets.
But, as I show below, it is increasingly clear that the Howey test is the beginning, not the end, of regulatory issues informing the sale of–and even innovation and coding behind– tokens as financial products.
From “Initial Coin Offerings” (ICOs) to “Security Token Offerings” (STOs)
In its now well-known “Report of Investigation” into tokens sold by a virtual organization known as the DAO, the SEC applied the Supreme Court’s Howey decision and stated that ICOs are securities offerings if they involve the “investment of money in a common enterprise with a reasonable expectation of profits from the entrepreneurial or managerial effects of others.” While the Commission found that the DAO’s offering met this test, it did not bring charges based on the unregistered sales. It did, in December 2017, issue a cease-and-desist order to Munchee, a company that was planning to sell digital tokens to raise capital for, and to be used within, its restaurant review app. That same month, Chairman Clayton issued a written statement in which he noted that, “[b]y and large, the structures of initial coin offerings that I have seen promoted involve the offer and sale of securities.” He reiterated in February 2018 congressional testimony that every ICO he had seen to date was a securities offering.
In November 2018, the SEC announced settlements in its first cases – Airfox and Paragon — imposing civil penalties for the sale of digital tokens without registration. It also announced its first settled charges against a cryptocurrency exchange, EtherDelta, for trading unregistered securities – specifically, ERC20 tokens which were issued and distributed on the Ethereum blockchain, at least some of which the Commission found to be securities (though it did not specifically identify which ones). The SEC did suffer a loss on November 27 in the Blockvest case, where a federal court denied a preliminary injunction on the ground that the record did not demonstrate that Blockvest’s tokens were securities under the Howey test. While this case shows that courts will scrutinize whether a particular ICO is a securities offering, there is no reason to think that it will alter the SEC’s fundamental legal approach, as it turned on the court’s inability to resolve disputed issues of fact at the preliminary injunction stage.
The SEC’s active scrutiny of ICOs has spurred interest in “security tokens” or tokens that are explicitly conceived and marketed as financial assets and are either registered with the SEC or fall within an exception to registration requirements. A security token is a blockchain-based representation of ownership. It can be a utility token that constitutes an investment contract under the Howey test, or a token that represents ownership of a traditional asset such as debt, equity, or real estate. Tokens that represent traditional assets have been the subject of increased interest, with a number of startup companies emerging to provide platforms for their issuance. Examples include Polymath, Harbor, and Securitize, all of which aim to embed compliance with securities-law requirements into tokens (e.g., restrictions on when or to whom they may be sold) and to provide a full set of services to issuers. Polymath, for example, states that its platform allows customers to “create security tokens in minutes.”
Why would a company issue a security token and not simply a security? Advocates of “tokenization” argue that it will increase liquidity, efficiency, and transparency in capital markets. For example, security tokens could be traded 24-7 on a blockchain with trades settled very quickly and could allow for fractional ownership of high value assets like real estate and art. Issuance and recordkeeping could be much simpler than for traditional securities, reducing administrative costs.
Some advocates also claim that it will be possible to program anti-money laundering and know your customer requirements–as well as any other restrictions on qualified purchases–into the token. Harbor, for example, is developing a decentralized compliance protocol intended to facilitate trading by issuing a permissioned ERC20 token on the Ethereum blockchain that checks an on-chain “Regulator Service” – which, according to Harbor, can be configured to meet the relevant securities, tax, and other regulations – for trade approval.
Major regulatory and practical challenges remain, however, before the promise of security tokens can be evaluated. On the practical side, there is no example yet of a security token offering that has been successfully publicly registered with the SEC or qualified under Regulation A+. Current offerings are proceeding as private placements under Regulation D, meaning the securities can be sold to the public only after being held for 12 months (and if other conditions are met). It is unclear what the market for security tokens will eventually look like, and limited trading volumes could pose liquidity and valuation challenges.
Moreover, no cryptocurrency exchange is currently registered with the SEC as a national securities exchange or as a broker-dealer operating an alternative trading system under Regulation ATS. Several have announced plans to meet these regulatory requirements and to allow trading of security tokens. However, regulators have expressed concerns about virtual currency exchanges that may need to be addressed before these plans come to fruition. For example, in a September 2018 report, the New York Attorney General’s office, while recognizing that some platforms had stronger protections than others, questioned whether virtual currency exchanges in general have adequate protections against conflicts of interest, abusive trading, and loss of customer funds, as compared to highly regulated securities exchanges.
Another issue is that “security tokens” encompasses two quite different categories of financial assets – utility tokens that meet the Howey test, and tokens that represent ownership of a traditional asset. Most utility token offerings do not provide the ownership and voting rights typically associated with equity, or the entitlement to interest and priority over other claims typically associated with debt. While the SEC’s current approach is to apply the existing disclosure regime to token sales, it is unclear whether that regime is well-suited to serve and protect investors in the context of a sale which is more akin to an early-stage angel or Series A investment.
An additional potential regulatory “gray area” is the applicability of the Investment Company Act and Investment Advisers Act to the issuer or sponsor in an ICO or STO. Issuers that retain a substantial percentage of their assets in the form of their own tokens and/or trade in other tokens could, if the tokens are securities, risk falling within the definition of an investment company. They could also be subject to custody rules that require investment companies and investment advisers to hold assets with a qualified custodian. The SEC’s DAO report did not reach a conclusion as to whether the DAO (which invested in projects proposed in the form of smart contracts on the Ethereum blockchain) was an investment company but warned that token issuers should consider their Investment Company Act obligations.
A final regulatory challenge is that a token issuer could fall within FinCEN’s definition of a money services business (MSB) as well as under state-level money transmission laws. In a February 2018 letter to Senator Wyden, the Treasury Department clarified FinCEN’s position on the applicability of its regulations to entities that engage in an ICO or token sale, stating that, in general, “a developer that sells convertible virtual currency, including in the form of ICO coins or tokens, in exchange for another type of value that substitutes for currency is a money transmitter and must comply with AML/CFT requirements that apply to this type of MSB.” The letter also stated that, “[t]o the extent that an ICO is structured in a way that it involves an offering or sale of securities or derivatives, certain participants in the ICO could fall under the authority of the SEC, which regulates brokers and dealers in securities, or under the authority of the CFTC, which regulates merchants and brokers in commodities. In such a case, the AML/CFT obligations imposed by SEC or CFTC regulations would apply to such ICO participants.” Under FinCEN regulations, a “money services business” does not include “[a] person registered with, and functionally regulated or examined by, the SEC or the CFTC” – meaning that an entity registered with the SEC should not also be subject to regulation as a MSB by FinCEN. This guidance, however, leaves token issuers in an ambiguous position where, if they are not broker-dealers or exchanges subject to registration with the SEC, they may require a money-transmission license and be subject to FinCEN regulations in addition to being subject to SEC jurisdiction as issuers of a security. In sum, the contours of SEC, CFTC, and FinCEN jurisdiction are not fully clear and potentially overlapping, leaving issuers to deal with regulatory uncertainty and agencies with many line-drawing questions to address.
The SEC has spent the past 18 months fleshing out its approach to ICOs through guidance and enforcement actions establishing that traditional securities-law requirements apply to methods of raising capital that involve distributed ledger technology, smart contracts, and other technological innovations. As it has answered that threshold question, the industry has moved towards explicitly issuing tokens as securities and “tokenizing” traditional assets. The next regulatory frontier will be clarifying how all the interlocking pieces of the securities-law regime apply to issuers, promoters, exchanges, and other participants in the token marketplace, and how that regime interacts with the different regulatory frameworks that other agencies have applied to tokens. As the uses of blockchain-based tokens continue to rapidly evolve – from making payments, to accessing particular goods or services, to raising capital or dividing ownership – agencies will continue to face novel regulatory questions and market participants will continue to operate in conditions of some uncertainty.
Priya Aiyar, former acting general counsel of the Treasury Department, is a partner at Willkie Farr & Gallagher LLP.