Amid the general deregulatory thrust of the Trump Administration, the Securities and Exchange Commission has launched a major regulatory initiative directed at initial coin offerings (ICOs), the fundraising devices that provide a digital “coin” or “token” to investors. SEC head Jay Clayton recently stated that he had instructed the SEC staff “to be on high alert” for ICOs that violated the federal securities laws. The SEC recently obtained a court order halting an ICO that claimed to have raised $600 million, alleging that it relied on false and misleading statements concerning its business operations. State and industry self-regulators have also signaled a crackdown on ICOs and cryptocurrencies. The regulatory effort enfolds two themes: ICOs must comply with the federal securities registration requirements and many ICOs are no more than old-fashioned frauds. Further, the form of a transaction cannot eclipse the economic substance and the manner in which an ICO is marketed is significant in determining whether it is a securities offering.

The regulatory fusillade arrives as ICOs have become big business. According to the website Coinschedule, there were over 230 ICOs in 2017 that raised approximately $3.7 billion. The commencement of Bitcoin futures trading likely will make cryptocurrencies a more attractive investment product. The surge in ICOs also occurred as the value of Bitcoin, the most prominent cryptocurrency, rocketed only to recently plummet, furthering the demand for additional safeguards in the burgeoning industry.

Definition of ICO

As the SEC has explained in statements and court filings, an ICO is a fundraising event in which an entity offers a unique “coin” or “token” in exchange for consideration, often in the form of cryptocurrency or fiat currency. The tokens are issued on a blockchain, which is a type of distributed ledger or peer-to-peer database spread across a network in theoretically unalterable, digitally recorded data packages called blocks. Each block contains a batch of records of transactions, including a time stamp and a reference to the prior block, linking the blocks together in a chain. The system relies on cryptographic techniques for the secure recording of transactions.

ICOs typically are announced and executed through public online channels. Rather than filing a disclosure document with the SEC, issuers usually release a “white paper” describing the project and the terms of the ICO, including the proposed use of proceeds. After the completion of the ICO, the issuer distributes the coin or token to the participants' unique address on the blockchain. The coins or tokens may entitle holders to certain rights such as a share in profits or assets; the right to use certain services provided by the issuer; and/or voting rights. The coins or tokens also are listed on online platforms, called virtual currency exchanges, and may be tradeable for crypto or fiat currency. Issuers often promote the ICOs with the prospect of potential increases in the value of the coins or tokens.

Initial SEC Statements

The first significant SEC pronouncement concerning ICOs occurred on July 25, 2017, with a report on whether the German corporation Slock.it UG and its founders and intermediaries had violated the securities laws through the creation of the DAO (Decentralized Autonomous Organization), an unincorporated entity that was created to raise funds through the sale of tokens to investors. The funds would then be used to support supposed projects as described in the DAO's white paper. DAO tokenholders could also re-sell their tokens through web-based platforms that supported secondary trading. DAO sold 1.15 billion tokens for 1.2 million ETH, a virtual currency that was valued at $150 million. After DAO tokens were issued, a hacker used a flaw in the computer code to steal one-third of DAO's assets, although the money eventually was recovered. (Ernst & Young estimates that 10% of funds raised in ICOs are lost or stolen as a result of hacking). Although concluding that Slock.it and the DAO violated the securities laws, the SEC did not bring an enforcement action but instead issued an investigative report as authorized by Section 21(a) of the Securities Exchange Act of 1934 (DAO Report).

Section 5(a) of the Securities Act of 1933 prohibits the sale of securities in interstate commerce unless a registration statement containing the required disclosure has been filed with the SEC and become effective. Section 5(c) of the Securities Act requires the filing of a registration statement before securities may be offered for sale. Thus barring an applicable exemption, Section 5 prohibits the offer or sale of unregistered securities in interstate commerce.

The definition of a security under the Securities Act and the 1934 Exchange Act includes an investment contract. Supreme Court decisions dating back to SEC v. W. J. Howey, 328 U. S. 293 (1946), define an investment contract as an investment of money in in a common enterprise premised on a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others. The line of decisions holds that “form should be disregarded” in favor of economic realities in determining whether something is a security.

Adhering to this precedent, the SEC concluded that the DAO tokens were securities. First, the investment of “money” need not be in the form of cash. The exchange of ETH for the tokens represented a contribution of value. Second, the investors reasonably expected to derive any profit from the efforts of Slock.it, its founders, and the DAO's Curators, who would determine which project proposals would be submitted to investors for approval. Third, the limited voting rights afforded investors were not meaningful because their approval of contracts was perfunctory and they were too widely dispersed to communicate with each other.

“By contract and reality, DAO Token holders relied on the significant managerial efforts provided by Slock.it and its co-founders and the DAO Curators … Their efforts, not those of the DAO Token holders were … essential to the overall success and profitability of any investment into The DAO.” Consequently, the offer and sale of the DAO tokens without SEC registration violated Section 5 of the Securities Act unless a valid exemption applied. The SEC warned that “Whether or not a particular transaction involves the offer and sale of a security—regardless of the terminology used—will depend on the facts and circumstances, including the economic realities of the transaction.”

Simultaneous with release of the DAO Report, the SEC issued an Investor Bulletin warning of signs of ICO investment fraud, including “guaranteed” high investment returns, unsolicited offers, pressure for an immediate investment, and the lack of any income requirements. The SEC also cautioned that law enforcement authorities faced challenges when investigating ICO fraud, such as tracing funds, the international scope and the difficulty in freezing or securing virtual currency. Another Investor Alert in August warned about potential scams involving the stock of companies falsely claiming that they engaged in ICOs and cautioned against investing in a stock following an SEC trading suspension.

Initial SEC Enforcement Actions

The initial SEC enforcement action involving ICOs was filed in late September 2017 in federal court in Brooklyn, New York. The SEC charged Maksim Zaslavskiy and his two companies, REcoin Group Foundation and DRC World with selling nonexistent digital coins. The SEC alleged that REcoin falsely told investors that the company had a team of professionals who would invest ICO proceeds into real estate when no such team existed, while DRC claimed to have invested in diamonds when it had not purchased any diamonds nor engaged in any business operations. The SEC obtained a court order freezing the assets of Zaslavskiy and his companies.

In early December 2017, the SEC filed charges, again in Brooklyn, against a Quebec citizen, Dominic Lacroix, his Quebec-based company, PlexCorps, and a business partner, Sabrina Paradis Royer. The defendants were accused of raising $15 million by marketing and selling securities called PlexCoin tokens on the internet to investors in the U.S. and elsewhere, while falsely claiming that an investment in PlexCoin would provide a 1,354 percent profit in less than 20 days. The action was the first filed by the SEC's Cyber Unit, created in September 2017 to focus on cyberfraud. The SEC obtained an asset freeze pending a hearing on the requested injunction against the sale of PlexCoin.

The ReCoin/DRC and PlexCoin actions charged not only violations of the registration requirements of Section 5 of the Securities Act, but also violations of the anti-fraud provisions under Section 10(b) of the Exchange Act and Section 17(a) of the Securities Act. Indeed, one commentator noted that the SEC had alleged no more than anodyne scams. The important test would come when the SEC explained why an ICO not charged with fraud had to be registered. The Munchee case provided such a clarification.

The Munchee Action

On Dec. 11, 2017, the SEC filed a settled administrative proceeding, In the Matter of Munchee Inc., Securities Act Release No. 10445. Munchee is a California company that created an iPhone application for people to review restaurant meals. In fall 2017, Munchee sought to raise $15 million through the creation of the MUN token issued on the Ethereum blockchain. The MUN whitepaper stated that Munchee would sell 225 million of the 500 million MUN tokens created. The whitepaper also stated that Munchee had conducted a “Howey analysis” showing that the MUN tokens did not significantly risk violating the securities laws. In the whitepaper and elsewhere, Munchee described the “ecosystem” that it would fashion, stating that it would pay users in MUN tokens for writing food reviews and that Munchee would sell advertising to restaurants. Munchee said it would seek to permit diners to buy food with MUN tokens and enable app users, such as those who wrote restaurant reviews, to be rewarded by restaurant owners with MUN tokens. As a result, MUN tokens would rise in value. Munchee also promised to seek other ways to increase the value of MUN tokens, such as a “tiered plan” in which the amount paid for a Munchee app review would depend on the amount of the reviewer's holdings of MUN tokens.

On Nov. 1, 2017, Munchee stopped selling the MUN tokens after being notified by the SEC staff that the MUN tokens were securities that had to be registered. In the Order Instituting Cease-and-Desist Proceedings, the SEC stated that the Munchee tokens were securities because investors' expectation of profits depended on the significant entrepreneurial and managerial efforts of others—namely, Munchee's ability to create the proposed “ecosystem” and create a secondary trading market in MUN tokens.

Also, the SEC alleged, Munchee had “primed” investors' expectations by using the Munchee website, the white paper and social media to promote how the Munchee app and the new “ecosystem” would stimulate demand for MUN tokens. “Because of the conduct and marketing materials of Munchee and its agents, investors would have a reasonable belief” that Munchee would provide the significant entrepreneurial and managerial efforts to increase the value of MUN tokens.

The SEC emphasized that determining whether an ICO is a security did not turn on whether the ICO is characterized as a “utility token” but on the underlying economic reality of the transaction. Indeed, a statement issued by SEC chief Clayton simultaneously with the Munchee action stated that “Merely calling a token a 'utility' token or structuring it to provide some utility does not prevent the token from being a security.”

Nonetheless, the Munchee action does not mean that promotional activities necessarily turn an ICO is a security offering. A token that has substantial existing utility—such as granting the purchaser access to the issuer's products or services—at the time of an offering may not be viewed as a security. But the likelihood that the ICO will be deemed a security is heightened where the token has little practical utility at the time of the offering and it appears that token purchasers are passive investors being lured by the prospect that the issuer's future efforts will increase the token's value.

Of course, it is possible to conduct an ICO in an orthodox fashion. Kodak announced, for example, that it will raise money for a new service using blockchain technology through a private placement under the SEC's safe-harbor provided by Rule 506(c) of Regulation D.

Cross-Border Transactions

In Morrison v. Australian National Bank Ltd., 561 U.S. 247 (2010), the Supreme Court rejected the “conduct and effects” test that the lower courts had used to determine whether a foreign transaction was covered by Section 10(b) of the Exchange Act and Section 17(a) of the Securities Act. Under that test, jurisdiction existed in the U.S. if significant wrongful conduct occurred in the U.S. or if the wrongful conduct had a substantial effect in the U.S. Morrison held that issue was not jurisdictional in nature but whether Section 10(b) and Section 17(a) covered extraterritorial transactions. In the absence of any Congressional statement to the contrary, the presumption was that they did not.

Around the time that Morrison was decided, Congress enacted the Dodd-Frank Act. Section 929P(b) of Dodd-Frank codified the “conduct and effects” test for SEC enforcement actions under Section 10(b) and Section 17(a). Some commentators questioned whether this provision effectively overruled Morrison, because it addressed the jurisdictional basis for securities actions rejected by the Supreme Court. Nonetheless, one U.S. District Court has held that that Section 929P(b) permits the SEC to bring enforcement actions concerning foreign transactions if the conduct and effects standard is satisfied. SEC v. Traffic Monsoon, LLC, 245 F. Supp. 3d 1275 (D. Utah 2017).

However, Section 929P(b) statutorily applies only to scienter or negligence based actions under Section 10(b) or Section 17(a). There remains the question of whether the SEC could rely on the conduct and effects test to bring actions involving extraterritorial transactions where only a violation of Section 5's registration requirements, which have a strict liability standard, is alleged (as in the Munchee action). More importantly, how does one determine whether the online sale of virtual tokens, involving the marketing on websites and social media, in exchange for virtual currency is a domestic or foreign transaction? Further, a blockchain is continually growing as new “blocks” that record the most recent transactions are added. The information on the blockchain may be shared and accessed by anyone with permission. The digital network supporting the blockchain does not respect national boundaries. Is the blockchain merely the recordkeeping of an ICO but not the transaction itself, or is the blockchain an integral part of any ICO? The defendants in the PlexCoin action have argued that the U.S. courts have no jurisdiction over them because potential investors were required to confirm that they were not U.S. citizens or purchasing on behalf of U.S. citizens. Defendants also argued that the mere use of U.S. based payment service websites was insufficient to confer jurisdiction. A hearing and ruling is expected later this year.

Further Actions by SEC and Other Regulators

It now seems that every day brings a new warning about the risks of ICOs. The statement issued by SEC head Clayton simultaneous with the Munchee action admonished market professionals, such as lawyers, accountants and consultants, against participating in ICOs or other cryptocurrency investments that circumvent the registration and disclosure requirements of the securities laws. The SEC previously in November had issued a statement warning that celebrities who promote ICOs may themselves face liability for violating the securities laws. Clayton's statement on Jan. 22, 2018, that the SEC staff had been placed on “high alert” also stated that the SEC was closely examining the disclosure of public companies that purport to engage in blockchain technology in order to attract investor interest. In early January, the SEC suspended trading in a Chinese-based company, UBI Blockchain Internet Ltd., because of questions concerning the accuracy of its disclosures. On Jan. 18, 2018, the SEC staff stated in a letter to two associations representing mutual funds and asset managers that the SEC would not presently approve exchange traded funds.in cryptocurrencies and cryptocurrency-related products because of fundamental questions concerning valuation, liquidity and the risk of manipulation.

Following Chairman Clayton's “high alert” speech, the SEC filed an action in federal court in Dallas to obtain a court order halting an ICO by Dallas-based AriseBank that allegedly used social media, a celebrity endorsement and other means to raise what it claimed to be $600 million of a $1 billion goal in only two months. AriseBank allegedly raised funds through an offering of its own AriseBank digital currency. The SEC's complaint against AriseBank and its two co-founders alleged that AriseBank fraudulently claimed to be the world's first “decentralized” bank, offering various consumer oriented banking products and services and supporting more than 700 virtual currencies. A key part of its sales pitch was that AriseBank had developed an algorithmic trading application that automatically made trades in various cryptocurrencies, and that such trades would be made daily in customer accounts, generating profits. AriseBank also allegedly made false statements that it had acquired an FDIC-insured bank and could offer a credit card through a payments processing platform. AriseBank also allegedly failed to disclose the criminal backgrounds of its key executives, including one who was on probation for felony theft. The SEC charged defendants with violating the registration requirements and the anti-fraud provisions of the securities laws.

On Jan. 25, 2018, Clayton and J. Christopher Giancarlo, the chairman of the Commodities and Futures Trading Commission, issued a joint statement committing the agencies to bring transparency and integrity to the cryptocurrency markets. The SEC and CFTC enforcement directors also issued a joint statement regarding virtual currency transactions that pledged their agencies “would look beyond form, examine the substance of the activity and prosecute violations of the securities and commodities laws.” The CFTC reportedly has subpoenaed records from Bitfinex, a major cryptocurrency trading platform, and Tether, which offers digital currency tied to the value of the dollar, in an investigation concerning whether Tether has artificially propped up the price of Bitcoin in the Bitfinex exchange.

Other regulators have promised a crackdown on ICOs. The North American Securities Administrators Association, representing regulators in the U.S., Canada and Mexico, issued a statement, endorsed by the SEC Commissioners, warning about the risks of investing in ICOs and other cryptocurrency investments. The Massachusetts securities regulator announced an “aggressive policing” of ICOs and expressed the view that all ICOs are securities offerings, as opposed to the SEC's facts and circumstances analysis. The Texas State Securities Board entered an emergency cease-and-desist order halting several investment programs of BitConnect, a “cryptocurrency ecosystem” that offered lending-based investment programs. The Texas regulator accused BitConnect with failing to register these programs and making materially misleading statements. The Financial Industry Regulatory Authority (FINRA) announced that its priorities for 2018 include closely monitoring the role of brokers and registered representatives in marketing ICOs and digital currencies. Finally, the Board of the International Organization of Securities Commissions, representing the securities regulators of many nations, also issued a statement warning about the risks of investing in ICOs and cryptocurrencies.

In summary, so long as the mention of “blockchain technology” and cryptocurrency has a seductive pull on investors looking the next big thing, expect the SEC and other regulators to be extremely active in this area. Aside from the ongoing enforcement actions, the SEC and CFTC are likely to undertake new regulations aimed at taming the new Wild West of securities trading.

Jared Kopel is the owner of The Law Offices of Jared L. Kopel, which is affiliated with Bergeson LLP, a litigation boutique with offices in San Jose and San Francisco.