Regulation of token sales/ICO under international securities law - 1
Yet law-abiding scholars write:
Law is neither wrong nor right,
Law is only crimes
Punished by places and by times,
(W H Auden)
The PBC has recently announced that the offer of Tokens within the Chinese market is now banned. This ban is apparently being applied against Chinese operators including exchanges:
The People’s Bank of China said on its website Monday that it had completed investigations into ICOs, and will strictly punish offerings in the future while penalizing legal violations in ones already completed. The regulator said that those who have already raised money must provide refunds, though it didn’t specify how the money would be paid back to investors (Bloomberg)
Whilst it seems likely that this ban is strongly linked to the ongoing concerns about capital flight from China, it is also reasonable for all market participants to take the time to now further consider the risks of crime and consumer harm in this sector and the issue of applicability of international laws.
As lawyers (and now many token sale founders) know, there is not one law or legal framework that specifically applies to the issuance, promotion and sale of crypto-tokens by enterprises. The title of this article is therefore something of a misnomer but hopefully it will prove useful to highlight some key common principles in securities law in the USA and Europe — the issue of jurisdictional differences and sovereignty of legal jurisdictions is also crucial to remember given the ability for e-commerce services to be provided entirely remotely globally.
The question of which laws are ‘applicable laws’ for online offerings is always a challenging question in any sector [1.]
The token sale sector (sometimes unhelpfully referred to as Initial Coin Offerings) has really launched into the stratosphere in the last 6 months. Even those of us e-commerce lawyers with a long-standing interest in cryptocurrency have been surprised by the speed and the amplitude of this wave.[2.]
Recently the Securities and Exchange Commission issued guidance in relation to a specific offering (the Decentralized Autonomous Organization) in the token sale sector that has relevance for the wider sector. In this article I will not be referring to token sales as Initial Coin Offerings (ICO’s), given the technical and legal confusion that may arise from use of that phrase. 
Privately ‘issued’ tokens & crowdfunding
It is unarguable that token sales constitute a form of crowdfunding when offered to the public. The question is therefore whether they represent a regulated form of crowdfunding. Prior to the phenomenal rise of token sales, crowdfunding could be characterised within three main categories:
- Gift based: providing capital for persons to do good works (e.g. charitable or social enterprise activities)
- Reward based: providing capital for people to develop and build products (e.g. Kickstarter) for which contributors receive the prototype products and/or exclusive benefits (e.g. visit the set of the band making a vinyl album)
- Investment based (debt and equity): provide assets or capital in return for shares, or a contract providing return of capital plus interest, ‘units’ in a fund or other contractual rights that represent some right to income, capital, revenue, royalties or profit of an issuer of the same.
Some architectural principles of regulatory law
Before diving into specific legal principles related to different jurisdictions it is worth highlighting some common and, I would hope, obvious and unarguable principles of law and public policy:
- The principle of ‘equivalence’: good laws should be subject to a high degree of technological neutrality when they are seeking to avoid a public harm or foster a public good.
Whilst some new technologies are not capable of being compared like for like in a meaningful way to existing technologies because the differences in their use cases are so wide (e.g. think data protection laws for filing cabinet vs electronic databases.
In many cases new technologies may be competing with existing technologies in approximately the same way for the purposes of considering many public policy risks (e.g. some cloud based computing architectures using, e.g. MySQL and PHP vs a decentralised blockchain based on the Ethereum protocols).
The starting point, that is firmly embodied in European laws and jurisprudence, is that specific laws should seek to be technologically neutral (thereby avoiding unintentional skewing of innovation or support for particular market participants).
The SEC guidance was useful on the technological neutrality point too:
"The Commission deems it appropriate and in the public interest to issue this Report in order to stress that the U.S. federal securities law may apply to various activities, including distributed ledger technology, depending on the particular facts and circumstances, without regard to the form of the organization or technology used to effectuate a particular offer or sale."
2. The principle of substance: if done correctly the name given to a thing is just a way of trying to apply a recognisable short-hand or delineation to a collection (set) of components. This means that the nature of something (for legal purposes too) can not determined solely by a potentially arbitrary naming convention.
In layman’s terms, a ‘token’ may be a ‘security’ but that will depend on the analysis of its structure and purposes and particularly the legal ‘promises’ made to purchasers/contributors. The SEC guidance was also pellucid on this point:
"In analyzing whether something is a security, “form should be disregarded for substance,” Tcherepnin v. Knight, 389 U.S. 332, 336 (1967), “and the emphasis should be on economic realities underlying a transaction, and not on the name appended thereto.” United Housing Found., 421 U.S. at 849."
That said, clearly if a person names something as an offer of securities, even if it was not actually a security under a strict legal analysis, one could have strong grounds to bring a claim if that inaccurate naming caused you to believe you had rights or protections that you did not in fact have.
Investment contracts, funds and the Howey test
In the USA, significant consideration is given to the so-called Howey test, which is a test created by the US Supreme Court for determining whether certain transactions qualify as “investment contracts.” If they do, then under the Securities Act of 1933 and the Securities Exchange Act of 1934 they are subject to a range of securities requirements relating to registration and promotion.
Under the Howey Test, a transaction is apparently an investment contract if:
- It is an investment of money
- There is an expectation of profits from the investment
- The investment of money is in a common enterprise
- Any profit comes from the efforts of a promoter or third party
The Howey Test uses the term ‘money’ but other cases have expanded this to include money’s worth and other assets. US courts often appear to define a common enterprise as one where investors pool their money or assets together to invest in a project. However, I note this does not appear to be a harmonised area of US law. The fact that most US law in this field is based on very old case-law that can be interpreted differently both in time and in different States must make advising token sale clients an interesting challenge for US lawyers.
In Gibraltar and the UK we have a quite similarly wide approach in respect of the regulation of promotion of collective investment schemes (CIS) and European wide we also have the substantially similar concept of an alternative investment fund (AIF).
For example, in Gibraltar and the UK the definition of a CIS is purposely very wide:
"any arrangement with respect to property, the purpose or effect of which is to enable persons taking part in the arrangement, whether by becoming owners of the property or any part of it or otherwise, to participate in or receive profits or income arising from the acquisition, holding, management or disposal of the property or sums paid out of such profits or income...An arrangement..must be such that the participants do not have day to day control over the management of the property subject to the arrangement.. and must have at least one of the following characteristics: (i) the contributions of the participants and the profits or income out of which payments are to be made to them are pooled, (ii) the property is managed as a whole by or on behalf of the operator of the scheme"
An example of a CIS structure
However, in most cases a utility token would not normally risk being a CIS unless it also includes direct rights to a share of the income/profit/capital/royalties of the token issuing entity or related parties. In addition there are specific exemptions that may be relevant to exclude certain commercial structures from the CIS regime whether tokenised or otherwise (e.g. genuine franchise arrangements).
Under a US and European legal analysis a key issue is therefore that, whilst there is pooling of capital raised in the token sale to develop a technology or platform, to the extent the token gives no direct rights to participate in the capital or profit of the token issuing entity (and, if different, the capital or profits of the underlying enterprises that may accept the tokens) then it is unlikely to represent more than a private contractual means of value exchange for future use.
There may be a hope that the token will increase in price/value but that does not of itself make it an AIF, a CIS or, I would expect, an investment contract for US purposes .
Just tell me — when is a token offer a ‘security’ offer?
That really depends. In my view the simplest thing to do at the beginning of any analysis for a client is to ask the question: if this offer was mediated with fiat currency rather than cryptocurrency would it be regulated as a security?
If the answer is ‘yes’, then you know you will have to work hard to justify why the use of cryptocurrency should make it unregulated both on technical legal grounds and, importantly when dealing with regulators on this issue, on public policy grounds.
If the answer is ‘no’, then there would rarely be a good reason for the use of a cryptocurrency and token to change the analysis from a securities perspective (in another article in this series we will however examine some other regulatory risks that arise from non-fiat transactions). Obviously more detailed technical analyses are required of various elements of the sale but the overall ‘look and feel’ is crucial when forming an opinion on the nature of the sale.
A fitting joke for wordy lawyers...
Regulators are, quite rightly, less interested in overly technical (and usually long winded) legal analyses that fail to consider the purpose of the relevant legislative framework (in most cases to protect consumers/retail customers and prevent crime including tax evasion).
Potential legal characterisations of some utility tokens
First we note that even in respect of cryptocurrencies, that normally have greater functionality as a medium of exchange than utility tokens, these are not currently normally regulated as legal payment instruments or as regulated financial instruments or securities (BTC and ETH being the most well known).
Using a regulatory equivalence approach you can also see that some token sales are not and should not be obviously considered as regulated instruments or securities for the following reasons:
- They involve the offer of a store of value that is intended to be usable on a network or platform at a later date (the ‘AppToken’ or utility token — this can be compared with unregulated stores of value that are issued by a commercial entity and only usable in a limited network ); and/or
- They are used to reward efforts or to provide benefits to members linked to the particular activity of the tokenholder and not simply their capital (e.g. affiliate/ member/loyalty schemes including rewards for information, services and wider support from Contributors in return for tokens).
In the above examples you have a token that can be purchased or earned and that can give rise to economic benefits in terms of its usability (on a platform or network) or its exchangeability as an electronic asset. The assessment of a token in respect of securities law (including for example, US rules relating to investment contracts) must be undertaken in detail in any relevant jurisdiction to reach a (relatively) conclusive position.
Whilst many token purchasers/contributors may be acquiring tokens at least partly in the hope that they will be worth more in the future that does not in itself normally determine the securities analysis, since the same is true of other forms of property speculation (e.g. off-plan real estate, sale of commodities including cryptocurrencies).
The final point to make in respect of the securities is that it follows that if a token also represents a regulated ‘security’, then the offer, sale, promotion and listing of the same may also be a regulated activity unless relying on specific exemptions. The extent of risk and liability for involvement in the intermediation of tokens therefore strongly turns on whether we are discussing those tokens that also represent securities (such as DAO).
Whether an exchange or promoter of a token is authorised to undertake their activities in relation to the sale will first require careful consideration of the nature of the tokens being intermediated or promoted by such operators.
Does that mean there should be no regulation for tokens that do not represent regulated payment forms, financial instruments or securities?
No it does not, however before starting to build a regime we must consider the matter from general public policy grounds in order to ensure any bespoke regulatory regime addresses significant risks without destroying the energy and value in the internationalisation of crowdfunding that token sales represent.
It is essential to also distinguish different types of token sales (for different purposes) as well as consider possible best practices that could be implemented given practical constraints and appropriate thresholds for managing various risks. We will consider this interesting question further in an instalment to follow. We will also consider some issues involved in the tokenisation of a range of securities in a later article.
This opinion piece is clearly not legal advice. Great care must be taken by all participants in this innovate immature sector and all participants must be mindful of the high risks involved and the many other legal and finance issues that arise in a token sale that need detailed consideration.
[1.] I am a qualified lawyer admitted in Gibraltar and the UK and able and insured to advise clients on the laws of Gibraltar, England & Wales and the Europe Union. I am also a shareholder in the Gibraltar based crypto-economy advisory company Rockchain. References to US law are based solely on publicly available information and consideration of legal principles and not any US legal experience or advising clients on US law. Gibraltar is a leading jurisdiction in the new crypto-economy and is currently implementing a financial services based regulatory regime intended to be applicable to a range of blockchain based businesses that store or transmit crypto-value on behalf of others (e.g. exchanges and vaults/custodians).
 Tokens and coins are normally distinguished as being different in quality in that a token is for use/redemption on a specific platform whereas a Coin is independent to any platform. In addition, the association between Initial Public Offerings (IPOs) is not particularly helpful when seeking to distinguish tokenisation of regulated securities from unregulated token sales. See, e.g., https://medium.com/startup-grind/understanding-the-difference-between-coins-utility-tokens-and-tokenized-securities-a6522655fb91
 Note that under the laws that I am qualified to advise on it is normally the collective investment scheme rules relating to investment ‘funds’ that causes the most work when considering if a token might also be the offer of a security since they apply to all forms of property and not just regulated instruments and investments. However, EU Prospectus requirements may also apply where the token is the offer to the public of a ‘transferable security’ as defined in Directive 2004/39/EC (MiFID such as such as shares in companies and other securities equivalent to shares in companies, partnerships or other entities, and depositary receipts in respect of shares, bonds or other forms of securitised debt and any other securities giving the right to acquire or sell any such transferable securities or giving rise to a cash settlement determined by reference to transferable securities, currencies, interest rates or yields, commodities or other indices or measures.
 I note the very careful wording of the SEC guidance and a number of recent US token sales that appear to have been carefully constructed and conducted from the US — such as the Civic sale that was conducted by a Californian company: https://tokensale.civic.com/
 See for example, Directive (EU) 2015/2366 (PSD2), which exempts from regulated the definition of regulated payment services certain limited network payment instruments such as store cards, fuel cards, membership cards, public transport cards, parking ticketing, meal vouchers or vouchers for specific services. Note PSD2 does not apply to payment using cryptocurrencies per se since it is normally limited to payment transactions relating to ‘funds’ being “banknotes and coins, scriptural money or electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC”.
This article was first published on Medium