Recently, the Securities and Exchange Commission (the “SEC”) issued two publications relating to initial coin offerings, or “ICOs”: The SEC’s Office of Investor Education and Advocacy published an investor bulletin1 (the “Investor Bulletin”) highlighting the risks of ICO investing and providing guidance for potential investors before investing in an ICO, and the SEC’s Division of Enforcement (the “Division”) issued a report of investigation2 (the “Report”) concluding that an issuance of tokens by a virtual organization in its ICO may have violated U.S. federal securities laws. Both the Investor Bulletin and the Report address the possibility that an offering of virtual coins or tokens may constitute an offer of securities requiring registration under the U.S. federal securities laws, warning investors of the risk of loss of their investment even if the protections of the U.S. federal securities laws apply and would-be issuers or other participants in ICOs that they may run afoul of the registration requirements of the Securities Act of 1933 (the “Securities Act”). While the Report did not reach a conclusion as to whether The DAO was an “investment company” within the meaning of the Investment Company Act of 1940 (the “1940 Act”), it cautioned other virtual organizations contemplating ICOs to consider their obligations, if any, under the 1940 Act.
After the SEC’s Investor Bulletin and Report were released, a New York Times article indicated that “the price of virtual coins that have recently been sold to investors dropped sharply.” 3 However, the New York Times also reported that “[s]ince the guidance was released on July 25, [2017,] 46 new coin offerings have been announced and an additional 204 are moving toward fund-raising.”4
Focus on Investor Security
The Investor Bulletin cautions potential investors that innovative technologies such as ICOs may be used for fraudulent investment schemes, and that tokens or virtual currency may be stolen by hackers or expose potential investors to other types of cybersecurity risks. Moreover, investors in ICOs and other novel financial products may not, depending on facts and circumstances, have the benefit of the protection of the U.S. federal securities laws, and even if these protections do apply, the ability to enforce judgments against issuers or sponsors of ICOs and similar offerings may be limited by the inherent characteristics of virtual currency-linked products, including:
- the international scope of virtual currency transactions, which may restrict the ability of enforcement agencies such as the SEC to identify and obtain information about participants in the transactions; and
- the lack of any central repository of information about users of virtual currencies and the absence from the ICO market of traditional financial institutions, which are typically required to maintain records of customers and transactions.
Further Focus: What is a Security?
The apparent catalyst for the Investor Bulletin was the recent incidence of fraud or theft relating to ICOs. In July 2017, investors in the CoinDash Limited (“CoinDash”) ICO lost an estimated $7 million due to a hacking incident.5 Prior to the CoinDash offering, an ICO by a decentralized autonomous organization titled The DAO, which is an unincorporated entity created by Slock.it UG, a German corporation, and Slock.it’s co-founders, also fell victim to an attacker that found a flaw in The DAO’s code. Formed in 2016 in order to “create and hold” assets by selling tokens to potential investors that would be used to finance projects that would be submitted via “smart contracts” on the Ethereum Blockchain, The DAO raised the Ethereum equivalent of approximately $150.0 million in an ICO. However, before any such projects could be funded, The DAO lost the equivalent of nearly $50.0 million in a cyberattack.
After the attack on The DAO, the Division investigated whether The DAO and its founders had violated U.S. federal securities laws in offering and selling tokens to investors. As a predicate to finding a violation, the Division had to determine whether the tokens sold by The DAO were “securities” within the meaning of U.S. federal securities laws, noting in the Report that “foundational principles of the securities laws apply to virtual organizations or capital raising entities making use of distributed ledger technology.” The Report did not reach a categorical conclusion that any such offering would involve the offer and sale of a security, stating that such a determination “regardless of the terminology used[…] will depend on the facts and circumstances, including the economic realities of the transaction.” A token or similar instrument could represent the right to purchase goods or services from a virtual organization. However, certain attributes of The DAO tokens resulted in a finding by the Division that the tokens were securities that had been “offered” without registration or an available exemption. For example, The DAO’s marketing materials indicated that potential investors would be entitled to certain voting rights, including votes with regard to which projects to fund and “rewards” described as similar to dividends or profit interests.
The marketing materials also did not restrict token holders’ ability to resell the tokens, nor was the investor pool limited in number or level of sophistication. Section 2(a)(1) of the Securities Act and Section 3(a)(10) of the Exchange Act include “investment contracts” within the definition of “security.” In SEC v. W.J. Howey Co. and its progeny, the U.S. Supreme Court defined an investment contract as “an investment of money in a common enterprise with profits to come solely from the efforts of others.”6 The Howey test is a multi-factor test, each of which the Division found was met by The DAO tokens as noted below.
- Investment of Money. Following the adoption of the Howey test to determine whether an investment contract is a security, case law indicates that an investment of money does not need to be in cash form, and that an investment of a Bitcoin is sufficient to satisfy this factor.7 Here, investors in The DAO contributed Ethereum (a type of cryptocurrency) in exchange for tokens.
- Reasonable Expectation of Profit. According to The DAO’s marketing materials, it was established as a for-profit entity “whose objective was to fund projects in exchange for a return on investment” and, depending on the project, tokenholders were able to share in the potential projects of the particular venture. Therefore, tokenholders had a reasonable expectation of profit on their investment in The DAO.
- Derived from the Managerial Efforts of Others. Howey’s progeny interprets this factor to mean “whether the efforts made by those other than the investor are the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.”8 In this case, The DAO’s management was “critical in monitoring” The DAO’s operation, “safeguarding investor funds, and determining whether proposed contracts should be put for a vote” all of which led potential investors “to believe that they could be relied on to provide the significant managerial efforts required to make The DAO a success.” In fact, The DAO’s management provided active oversight of The DAO by, among other things, responding to the attack. Lastly, the Report noted that “voting rights afforded DAO Token holders did not provide them with meaningful control over the enterprise” so that tokenholders had to rely on The DAO’s management.
Because The DAO tokens were found to be investment contracts, and therefore securities, the Division concluded that the ICO would have been required to be registered pursuant to Section 5 of the Securities Act. In characterizing the ICO as having been conducted in violation of Section 5 of the Securities Act, the Division noted that “The registration requirements are designed to provide investors with procedural protections and material information necessary to make informed investment decisions. These requirements apply to those who offer and sell securities in the United States, regardless whether the issuing entity is a traditional company or a decentralized autonomous organization, regardless whether those securities are purchased using U.S. dollars or virtual currencies, and regardless whether they are distributed in certificated form or through distributed ledger technology.”
Key Takeaways – Investor Bulletin
According to a report by Autonomous Research LLP, over $1.2 billion was raised in ICOs during the first half of 2017. Based on the rise of ICOs and other new financial technologies and products, market participants should expect to see continued SEC focus in this area, both from the Division and from the SEC’s Office of Investor Education and Advocacy. Potential ICO investors should be aware of warning signs of investment fraud, such as promises of guaranteed high investment returns; unsolicited offers; high pressure sales tactics; and the absence of net worth or income requirements. Parties seeking to raise funds through an ICO or similar strategy should be cautious in approaching potential counterparties, and should seek the advice of counsel in order to avoid running afoul of the registration requirements of the U.S. federal securities laws.