Tokenization

Tokenization limits the exposure of sensitive information and makes digital transactions more secure. Whether people realize it or not, millions of Americans already use tokenization technology on a daily basis. Recent developments in blockchain systems and decentralized finance create new uses for tokenization, raising legal questions as to how existing regulatory frameworks will apply or adapt.

At its core, tokenization replaces sensitive data with non-sensitive data—a token. When transacting, a token is used in lieu of personal identifying information but contains sufficient unique features so that an individual can be linked back to a token when verification is required. For example, when a consumer uses a payment card to make a purchase, the merchant’s payment terminal doesn’t look up the buyer’s personal banking information in order to confirm identity and ability to pay. Rather, tokenization replaces the buyer’s personal information with an algorithmically randomized set of numbers which the merchant cross-checks with the token service provider (typically a bank or third party). In turn, the token service provider checks the token against its records which are stored in a token vault. Once the cardholder’s information is verified, the token service provider confirms the transaction with the merchant. Without a secret key to decryption, an intercepted token is useless outside the current transaction. This is similar to how poker chips work at a casino. When a customer trades money for playing chips at the casino cage, information and currency is exchanged for standardized tradable tokens which act as units of value. These tokens enable anonymous participation at any table within the casino’s confines. When the gambler is done for the day, he or she may trade tokens back in for currency.

Raising the Stakes

Data security and transactional efficiency are just some of the many traits making tokenization increasingly popular. As the world economy increasingly goes digital, innovators, market participants, and regulators are finding new ways to tokenize assets and modulate their use. As Bloomberg’s Cryptocurrencies desk reported in June, State Street’s new digital division is already discussing tokenizing traditional assets like real estate.[1] This news is part of a string of statements coming from leading institutions looking to get ahead of the curve. In February, for instance, BNY Mellon announced that it would hold, transfer, and issue cryptocurrencies on behalf of clients.[2] And, the world is reacting to the new Banking future.[3]

However, the rapid pace of token development coupled with federal agencies’ seemingly siloed approach to regulatory guidance has left many perplexed, especially where lack of uniformity suggests contradiction. For instance, the U.S. Securities and Exchange Commission (“SEC”) has issued a framework to evaluate the nature and use of a digital asset to determine whether federal securities law applies.[4] The Commodity Futures Trading Commission (“CFTC”), on the other hand, has indicated that cryptocurrencies like Ether and Bitcoin (“BTC”) are subject to commodities regulations rather than securities law.[5] In order to better understand what regulatory treatment to expect, market participants and investors alike must first understand some digital token basics.

Tokenization Basics

First, one should be careful not to confuse tokens with cryptocurrencies. Cryptocurrencies are native to one blockchain and form an intrinsic piece of the blockchain on which they are built.[6] Ether and BTC are native assets of the Ethereum blockchain and the Bitcoin blockchain, respectively. Tokens on the other hand, are additional programmatic assets built on a blockchain. They come in many shapes and sizes, their utility being one driver of pricing. For a token marketplace to exist there needs to be underlying value. Value can be commonly agreed-upon or scarcity-based. Accordingly, tokens may be fungible or non-fungible. Fungible tokens represent units that are interchangeable and indistinguishable, like two one dollar bills. A non-fungible token (“NFT”) represents a unique item.

Next, tokens must be issued. Fintech has already embraced two popular approaches, the Initial Coin Offering (“ICO”) and Security Token Offerings (“STO”). Like the Initial Public Offering (“IPO”), an ICO serves to raise funds from a pool of interested investors to whom crypto coins or tokens are offered instead of traditional shares. In this context, the underlying value may be the new coin itself. In their early days, ICOs were subject to little regulation, but mounting reports of scams and abuse led the SEC to ramp up enforcement actions in 2018.[7] More recently, SEC Chairman Gary Gensler’s statements suggest continued scrutiny of ICOs while highlighting his view that ICO tokens are likely subject to securities laws.[8] Similarly, an STO serves to raise capital, distributing security tokens to its investors through a blockchain. However, STOs make it clear to investors that the token they are receiving is a security, carrying rights and obligations which vary according to the underlying assets. As such, the SEC has exercised regulatory jurisdiction. Security tokens typically come in three categories:

  • Equity tokens: like traditional equities, represent fractional ownership and entitle their owner to profits and voting rights.
  • Debt tokens: represent a loan governed by a smart contract.
  • Asset tokens: stand for ownership of an asset, whether it be real estate or art.

Depending on how token categories and underlying assets are combined, different legal implications may arise. For instance, Binance, one of the largest cryptocurrency exchanges by trade volume, made news back in April when it announced that it would be offering stock tokens of popular companies on its platform. These included Tesla, Apple, and Microsoft. By mid-July, after securities regulators from several countries issued statements on the possible illegality of the offerings, Binance made new stock tokens unavailable for purchase and stated it will no longer support stock tokens after October 14.[9] The concerns regulators voiced like the German Federal Financial Supervisory Authority (“BaFin”)[10] and Hong Kong’s Securities and Futures Commission (“SFC”)[11] revolved around the improper marketing or unauthorized sale of regulated financial products.

Regulating Tokens

In their current nascent state, digital assets such as tokens draw scrutiny for their lack of standardization and regulatory guidance. This ultimately disincentivizes more conservative participants from investing. A lack of uniformity can also hamper market value. Within the context of credit cards, tokenization standards are chiefly managed by the Payment Card Industry Security Standards Council (“PCI SSC”). In the context of digital assets, federal regulators and cryptocurrency platform developers alike are offering distinct paths for the treatment of tokens.

On the one hand, to address the regulatory consequences different types of tokens entail, the SEC published a framework for applying the Howey test in 2019.[12] This framework helps interpret when the SEC is likely to deem a token subject to U.S. federal securities laws. Cognizant that the immediate application of securities regulation to a nascent sector may stifle innovation, SEC Commissioner Hester M. Peirce has since developed a potential proposed Securities Act Rule that would create a temporary safe harbor for token developers. The Token Safe Harbor 2.0, published April 13, 2021, on GitHub,[13] would provide “network developers with a three-year grace period within which, under certain conditions, they can facilitate participation in and the development of a functional or decentralized network, exempted from the registration provisions of the federal securities laws.”[14] The proposal remains as much at the time of writing.

SEC Chairman, Gary Gensler, discussed crypto assets at the recent Aspen Security Forum:[15]

I think former SEC Chairman Jay Clayton said it well when he testified in 2018: “To the extent that digital assets like [initial coin offerings, or ICOs] are securities — and I believe every ICO I have seen is a security — we have jurisdiction, and our federal securities laws apply.”[7]

I find myself agreeing with Chairman Clayton. You see, generally, folks buying these tokens are anticipating profits, and there’s a small group of entrepreneurs and technologists standing up and nurturing the projects. I believe we have a crypto market now where many tokens may be unregistered securities, without required disclosures or market oversight.

This leaves prices open to manipulation. This leaves investors vulnerable.

Over the years, the SEC has brought dozens of actions in this area,[8] prioritizing token-related cases involving fraud or other significant harm to investors. We haven’t yet lost a case.

Chairman Gensler’s comments reflect his belief that tokens distributed through ICOs are likely securities. He further stated that the exchanges and other DeFi platforms using these tokens are subject to securities, commodities, and banking laws. He more recently emphasized to the United States Senate Committee on Banking that regulation of the crypto asset market deserves assistance from Congress.[16] The Chairman likened the burgeoning crypto market to the “wild west”. Id.

Similarly to the agencies’ multipronged approach, crypto developers and market participants advocate for various propositions. Generally, however, they fear that overly broad and stringent regulatory oversight will cool a culture of collaboration driven in part by trial and error. Additionally, many key players have signaled a strong desire for more clarity and cohesion within the industry. For example, Ethereum, a leading blockchain with smart contract functionality, supports several token standards meant to homogenize core token traits while guiding developers operating within its ecosystem. These include Ethereum Request for Comments (“ERC”) 20, ERC-721, and ERC-1155. ERC-20 features uniform functionalities fungible tokens must have. ERC-721 covers non-fungible tokens and provides basic functionalities supporting unique token identification, encoding custom properties, and ownership transfer. ERC-11-55 accommodates for fungible and non-fungible tokens alike. Several other platforms have also developed their own protocols for asset tokenization. Algorand, for instance, has developed Algorand Standard Assets (“ASAs”) protocol for asset tokenization compatible with fungible and non-fungible assets alike. While these separate standards suggest different programmatic outcomes, similar token functionalities have been preserved. As noted in the economic research posted by the Board of Governors of the Federal Reserve System, “[d]espite differences in the technology underlying these platforms, the conceptualization of tokens as programmatically-defined units of value that can be transacted on those platforms and tracked via account balances, remains a common feature.”[17] It’s when discussion turns to regulation and taxation that divisions arise.

Taking center stage is the federal infrastructure bill approved by the Senate on August 11. The bill requires brokers of digital assets to report transactions to the Internal Revenue Service (“IRS”). The chief concern for the crypto community is the overly broad definition of “broker,” which is expanded to include “any person who (for consideration) is responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person.”[18] As worded, the bill could impact transaction validators (i.e. miners, and stakers), developers, and possibly a vast number of community participants. To date, attempts to amend the definition have failed. A small source of comfort comes from a statement by Treasury Department that it intends to apply the “broker” definition currently used in the Internal Revenue Code (“IRC”).[19]

While some crypto industry actors have shown more willingness to work with Congress to promote legislation, others have not.[20] “Big Crypto,” increasingly institutionalized and organized through groups like the Blockchain Association and the Chamber of Digital Commerce, has signaled its willingness to accept broader crypto legislation with the hopes of playing a role in steering its course. Having attained certain economies of scale, Big Crypto is generally more amenable to regulation that will enhance clarity and predictability, allowing big players to focus on growth and profitability. This is in increasing contrast with smaller market participants in the crypto community at large. Smaller participants are proportionately more concerned with increased burdens from more oversight and reporting requirements. This manifested itself with the rallying around Commissioner Hester M. Peirce, affectionately called “Crypto Mom”, at the time of her safe harbor proposal.[21] The final form of the infrastructure bill remains uncertain, but crypto stakeholders are steadfast in their intent to limit any harmful impact on the industry’s innovation and growth. To what degree and with what success is yet to be determined.

Conclusion

Tokenization utility and adoption is rapidly growing in the financial technology industry. The SEC and CFTC continue to consider new regulations for Tokens. They have signaled that whether a token will be considered a security will depend in part upon whether it is perceived as representative of a traditional security. In other words, regulators will likely continue to look through the same lens they have been using for years. The current infrastructure bill and its interpretation hopefully will provide direction for Token reporting requirements. Transparency in regulation that will strike a balance between innovation and the rule of law will be welcome relief to the Fintech community.

*William de Sierra-Pambley is a Law Clerk in our Finance & Bankruptcy Practice Group.