Issuers and other professionals participating in Initial Coin Offerings — widely known as ICOs — are facing the increasing threat of both U.S. Securities Exchange Commission enforcement actions and private class action suits from aggrieved investors, at least where the ICO resembles a securities offering. In the final months of 2017, the SEC filed four enforcement actions, backing up earlier statements that it considered most ICOs to date to involve unregistered securities offerings. The campaign included a mid-December action that froze an in-process ICO in its tracks. Separately, also in late 2017, plaintiffs’ attorneys filed the first private investor suits involving ICOs, including a series of suits targeting the organizers of Tezos, the largest ICO in 2017.
Below, we examine the evolving regulatory and litigation landscape for ICOs and suggest where regulators and plaintiffs’ lawyers may be heading.
ICOs are a novel method of crowdfunding the development of new projects using cryptocurrency. In a typical ICO, developers issue cryptographic “coins” or “tokens” to investors in exchange for commonly accepted cryptocurrencies such as bitcoin, ether or cash. The developers typically tell investors that they are planning to use funds raised in an ICO as capital to build a project that they are promoting. Many promoters structure the ICO so that contributors receive a bundle of rights that includes “utility” coins or tokens, which operate inside the system the company is developing. But many purchasers view these coins or tokens as an investment that they hope will increase in value.
ICOs became red hot in 2017: More than 160 ICO projects raised over $4 billion last year alone, compared to less than $300 million raised in 2016, according to a recent Wall Street Journal article. This extraordinary phenomenon attracted both regulatory scrutiny and interest from the private class action bar.
The cryptocurrencies offered in many ICOs appear to resemble investment securities, which did not escape the SEC’s notice. On July 25, the SEC issued a Report of Investigation under Section 21(a) of the Exchange Act, which concluded that the tokens offered by the DAO organization were securities that should have been — but were not — registered with the SEC. The Securities Act of 1933 imposes liability on participants in any securities offering that is not properly registered with the SEC or does not fall within a registration exemption.
The SEC’s DAO report provided much needed guidance, but was limited only to the DAO token. Notably, the SEC did not draw a clear line as to whether all ICOs constitute securities offerings, but noted that it was dependent on the “particular facts and circumstances” of each offering. It is worth noting that SEC 21(a) reports are rare; the SEC has issued fewer than 15 such reports in the last 10 years. The SEC often uses such reports to highlight a particular area of concern, and to warn market participants that the conduct highlighted in the report could, in the next instance, be subject to an enforcement action. The DAO 21(a) report was no different — it was a clear warning to companies contemplating an unregistered coin offering, or to those participating in sales of already issued unregistered tokens through a secondary market.
Since the DAO 21(a) report, the SEC has ramped up its public scrutiny of ICOs:
- In September, the SEC announced its first enforcement action targeting two allegedly fraudulent ICO offerings. Prosecutors subsequently filed criminal charges for the same alleged misconduct.
- On September 25, the SEC announced the creation of a Cyber Unit inside the Enforcement Division to address cyber-related misconduct including “market manipulation,” and “[v]iolations involving distributed ledger technology and initial coin offerings.”
- On November 1, the SEC issued a statement to investors on the potential unlawful promotion of ICOs by celebrities. The statement referenced the DAO action and warned that endorsements may run afoul of securities regulations if they fail to disclose the “nature, source, and amount” of any paid compensation.
- In a speech on November 8, SEC Chairman Jay Clayton described the ICO market as opaque and “subject to price manipulation and other fraudulent practices.” In widely reported and unscripted remarks, the chairman noted that “I have yet to see an ICO that doesn’t have a sufficient number of hallmarks of a security.”
- On November 16, Chairman Clayton responded to questions at a symposium on cybersecurity and financial crimes saying his office will start taking action against coin offering issuers who fail to register with the agency or comply with federal laws. “I think that now we have given the market a sufficient warning where we can move from level-setting the field to enforcing it” Clayton said. “[W]here we see fraud, and where we see people engaging in offerings that are not registered, we are going to pursue them because these types of things have a destabilizing effect on the market.”
- In a forum organized to discuss small business and capital formation, the SEC’s Division of Corporation Finance chief said he expected future SEC guidance on ICOs to come “through the enforcement actions we expect to bring,” according to a November 30 article in Law360.
- On December 4, the SEC announced that it had filed an emergency action to freeze proceeds and halt an ICO “scam.”
- On December 11, Chairman Clayton issued a Statement on Cryptocurrencies and Initial Coin Offerings noting that he has asked the SEC’s Division of Enforcement to police this area vigorously and recommend enforcement actions against those that conduct ICOs in violation of federal securities laws.
- On December 11, the SEC enforcement division issued a cease and desist to Munchee, a company offering utility tokens to be used inside a restaurant review application the company was building.
The SEC’s most recent action in Munchee is significant in a number of respects. First, unlike the three prior SEC ICO enforcement actions, the SEC did not allege that the Munchee offering involved fraud, only that the offering violated the securities registration provisions. Second, the SEC enforcement staff determined that the Munchee token was a security in spite of Munchee’s white paper which noted that the company had done an analysis and had concluded that the tokens were not securities, and that there was not a “significant risk of implicating the federal securities laws.” Finally, the SEC enforcement division moved quickly to shut down the ongoing Munchee offering before it issued tokens by first contacting the company and securing an agreement that it would halt sales and return any proceeds it had received. This quick response confirms that SEC Cyber Unit staff are closely monitoring any new ICO offerings.
Looking more closely at the SEC’s Munchee order shows the factors that the SEC will emphasize as it evaluates whether ICOs involve the issuance of securities. The SEC applied the well-known Howey test it highlighted in the DAO report to evaluate whether the Munchee tokens were securities. The Munchee ICO aimed to fund the development of an ecosystem for restaurant reviews via the sale of a newly-created ‘MUN’ token, described as a utility token for operation inside the ecosystem. Usually, a practical use for an asset at the time of sale would weigh against applying the ‘security’ label. But the SEC looked past the utility of the token, making clear that it will give significant weight to factors besides utility:
“[e]ven if the Munchee tokens had a practical use at the time of the offering, it would not preclude the token from being a security. Determining whether a transaction involves a security does not turn on labelling — such as characterizing an ICO as involving a ‘utility token’ — but instead requires an assessment of ‘the economic realities underlying a transaction.’ All of the relevant facts and circumstances are considered in making that determination.”
What the SEC focused on — and what we believe the enforcers will continue to focus on — was instead whether investors had a reasonable expectation of profits derived from the managerial efforts of others. The order put significant weight on whether the advertising indicated a future increase in value. It also suggested that the ‘efforts of others’ prong of the Howey test is satisfied where the promise of future improvements by the issuer is combined with a promise of profit. And finally, the SEC noted that Munchee was promising to develop an ecosystem that drives token appreciation and supports secondary markets where the MUN tokens could be bought and sold, which the SEC concluded points away from utility and towards a security.
The SEC’s emphasis on the availability of secondary market trading for the MUN tokens may telegraph the SEC Enforcement Division’s next set of targets: exchanges that trade tokens issued in ICOs. Section 15(a) of the Securities Exchange Act of 1934 requires any business brokering the sale of securities to be registered with the SEC as a broker-dealer. Once the SEC deems a token a security, then exchanges dealing in those securities are at risk of enforcement actions as unregistered broker-dealers. If the SEC’s goal is to dampen the market for unregistered securities fashioned as ICOs, then cutting off the liquidity for investors in such instruments is a likely next step.
Although it is clear that the SEC is closely scrutinizing ICOs, and will bring actions where the facts clearly indicate an unregistered and/or fraudulent offering, this does not mean that every ICO will become an enforcement target. Offerings that evidence careful legal structuring and steer clear of SEC hot buttons (such as emphasis on profit potential of the tokens) may escape SEC action. But SEC enforcement is only the first of two securities issues facing coin issuers.
ICO participants who escape SEC (or other governmental) scrutiny face another emerging risk: private suits brought by aggressive plaintiffs’ lawyers on behalf of investors. The explosion of interest in ICOs and in “blockchain” or “coin” technology has piqued the interest of the plaintiffs’ bar, signaling a rise in putative class action suits in the near future.
In October and November 2017, a series of class actions against the founders of a project called Tezos hit federal courts. The Tezos Foundation and Dynamic Ledger Solutions (a Tezos-related IP holding company) face lawsuits in the Northern District of California and the Middle District of Florida alleging violations of state and federal securities laws. The complaints claim that officers and advisers of the foundation fraudulently and deceptively marketed the sale of its as-yet-nonexistent tokens, or “Tezzies,” as charitable contributions without a plan for any actual product or system, and that back-room infighting undercut projected increases in value. The complaints also allege that the tokens represented an unregistered securities offering. Interestingly, plaintiffs suffered a recent setback in one of the Tezos suits, MacDonald v. Dynamic Ledger Solutions, No. 3:17-cv-07095-RS (N.D. Cal. Dec. 13, 2017), when Judge Richard Seeborg denied the plaintiff’s motion for a temporary restraining order and asset freeze. According to the court, the plaintiff had not shown enough certainty of immediate irreparable harm sufficient to freeze Tezos’ assets.
The Tezos cases in the Northern District are now consolidated, and will be an interesting study on how courts intend to treat future class actions suits targeting ICOs.
A second ICO was hit with a similar class action in mid-December. Investors in the Centra Tech ICO alleged a fraudulent and unregistered securities offering. The Centra Tech ICO raised over $30 million, perhaps fueled by the celebrity endorsement of Floyd Mayweather.
The SEC’s enforcement campaign is moving forward with a message: It intends to investigate and file enforcement actions against ICOs that the agency believes involve fraud or clearly involve unregistered offers or sales of securities. But that does not mean that the SEC is anti-ICO or anti-cryptocurrency — it is not. Simply put, the SEC is concerned with ICOs that appear to flout the registration provisions of the securities laws, or involve fraudulent misstatements designed to fuel investor purchases. We expect that enforcers will continue to pick the more egregious ICOs for enforcement. At the same time, agency officials will continue to gather information and speak on public industry panels, but will probably offer little new guidance, preferring the enforcement investigations and actions to run their course. Also, we expect plaintiffs’ attorneys to be closely watching how the Tezos suits develop and will be ready to file suits on behalf of investors in other ICOs if there are signs that product development is not progressing or token values suddenly fall.
Participants in ICOs will want to consult experienced counsel to ensure that their activities steer clear of SEC and plaintiff lawyer scrutiny. And should ICO participants nonetheless be contacted by the SEC enforcement division, working with experienced SEC counsel can assist in crafting the best case to the staff that a particular ICO should not be singled out for enforcement.