On March 1, 2018, Overstock.com disclosed that its ongoing $250 million initial coin offering has been under investigation by the U.S. Securities and Exchange Commission since February.1 The investigation appears to be part of a widespread probe pursuant to which “scores” of companies and advisers in the ICO industry have reportedly received subpoenas and requests seeking information from numerous SEC regional offices relating to the structure and marketing of the offerings.2 This initiative suggests the onset of a broad regulatory push to rein in the burgeoning ICO market after a series of “warning shots” in the form of enforcement actions and public statements, and it underscores the SEC’s continued commitment to vigorous oversight in the virtual currency space.3
This article first sets forth the relevant framework for assessing whether a digital token constitutes a “security” and therefore falls within the SEC’s jurisdiction under the federal securities laws. It then provides an overview of the commission’s main ICO enforcement actions to date, as well as key takeaways for market participants.
ICOs are an innovative financing tool through which companies can fund projects by utilizing the distributed ledger technology, or blockchain, that underpins cryptocurrencies. Instead of issuing equity shares, as in a traditional public offering, ICOs issue proprietary digital tokens that confer some value or right to the purchaser in connection with the project that will be funded from the offering. The core marketing mechanism of ICOs is a white paper describing the project, which is made available to the public. Last year alone, ICOs raised approximately $6.5 billion in capital.4
Notwithstanding this meteoric growth, the burgeoning ICO market was subject to relatively little regulatory oversight until July 2017, when the SEC issued an advisory report stating that digital tokens may fall within the catch-all category of securities known as “investment contracts.”5 The SEC explained that the determination of whether tokens are securities will depend on the “facts and circumstances” of each case and, specifically, whether the digital token at issue qualifies as an investment contract under the test established by the U.S. Supreme Court in SEC v. Howey. In this context, the relevant inquiry focuses on whether the digital token involves (1) an investment of money (2) in a common enterprise (3) with the expectation of profits (4) solely from the efforts of third parties. Because ICOs by definition almost always involve an investment of money in a common enterprise, the analysis of whether a digital token is a security rests largely on whether the purchaser reasonably perceives the digital token as an investment that will generate future profits based on the company’s efforts to develop the underlying business.
Classifying a digital token as a security has important practical consequences in the ICO context. For example, a digital token that functions as a security must be registered with the commission in accordance with the federal securities laws or fit within a valid exemption (such as through a private placement exempt from registration under Regulation D of the Securities Act). Similarly, any associated entities or individuals marketing such digital tokens generally must be registered as broker-dealers. The failure to comply with registration requirements may trigger rescission rights that allow investors to sell their digital tokens back to ICO sponsors to obtain a full refund. Moreover, not only may violations of the federal securities laws result in an SEC enforcement action, but they may spur class action litigation by purchasers who claim they participated in an illegal offering.
To date, the SEC has brought four ICO-related enforcement actions based on a finding that a company’s sale of digital tokens in an ICO constituted the unregistered offer and sale of securities.6 Three of these actions have been relatively straightforward, in the sense that the digital tokens were specifically marketed as investments that would yield substantial financial returns based on the managerial efforts of company staff or consultants, thus plainly satisfying the requirements for an investment contract under Howey..7 Moreover, each of these three actions involved the specter of fraud, thereby making them particularly likely targets for regulatory scrutiny. Specifically:
- On Sept. 29, 2017, the SEC filed a federal complaint alleging that Maksim Zaslavskiy and his companies, REcoin Group Foundation and Diamond Reserve Club World, or DRC, lured investors to participate in a pair of ICOs based on false promises of financial returns.8 The marketing materials indicated that investors would profit from (1) the appreciation in value of the investments each company would make in real estate (in the case of REcoin) or diamonds (in the case of DRC) and (2) the appreciation in value of the digital tokens themselves — including one touted as “The First Ever Cryptocurrency Backed by Real Estate” — as the companies’ businesses grew and/or the demand for such tokens increased. The SEC alleged that, in reality, neither company had “any real operations” and that investors never even received the digital tokens.
- On Dec. 4, 2017, the SEC announced that it “obtained an emergency asset freeze to halt a fast-moving [ICO] fraud that had raised up to $15 million … by falsely promising a 13-fold profit in less than a month.”.9 The complaint alleged that Dominic Lacroix, his partner, Sabrina Paradis-Royer, and his company, PlexCorps, duped investors into purchasing securities in the form of digital tokens based on a 1,354 percent return rate stemming from, among other things, the appreciation in value of the tokens based on the managerial efforts of PlexCorps’ nonexistent team of supposed experts and “market maintenance” personnel.
- On Jan. 30, 2018, the SEC obtained a court order against AriseBank and its co-founders, Jared Rice Sr. and Stanley Ford, to halt what has perhaps been the largest ICO to date.10According to the SEC, although the company publicly claimed that the ICO raised $600 million in just two months to fund the world’s first “decentralized bank” and “bring cryptocurrency to the average consumer,” it was an “outright scam” that duped investors through deceptive marketing tactics. The complaint noted that the defendants represented as part of their sales pitch that the offered digital tokens would entitle holders to daily profits generated from the bank’s algorithmic trading application and detailed the ways that it would increase their value.
The commission’s remaining action, brought against Munchee Inc. on Dec. 11, 2017, is perhaps the most notable because it does not fit the pattern of cases specifically emphasizing the investment potential of the offering.11 In Munchee, the offered digital tokens (MUN tokens) were styled as “utility tokens” that could be exchanged for goods or services, and therefore had a commercial purpose separate and apart from their use as an investment. There were also no indicia of fraud.
According to the SEC, Munchee’s ICO was designed to raise $15 million in capital to enable the company to improve its app, which allows users to post restaurant reviews and photographs of their meals. Although MUN tokens had no viable commercial purpose at the time of the offering, Munchee told potential purchasers that it would use the ICO proceeds to build a network where MUN tokens could be used to buy goods and services. Specifically, Munchee envisioned that the MUN tokens would be used to pay reviewers, make in-app purchases, purchase advertising for restaurants, and potentially even buy food in participating restaurants. Although Munchee’s white paper noted that the value of MUN tokens would increase as it executed its business plan and more users and restaurant owners participated in the network, the company reassured participants that it had done a “Howey analysis” and that “the sale of MUN utility tokens does not pose a significant risk of implicating federal securities laws.” The commission disagreed, taking the position that the conduct and marketing materials of Munchee and its agents satisfied Howey because they reasonably led purchasers to expect that their investment would yield profits based on the company’s entrepreneurial and management efforts. Among other things, the SEC observed:
- The proceeds from the ICO were intended to help the company build a network that would create demand for MUN tokens and make them more valuable.
- The company made or endorsed several public statements stating that the value of MUN tokens would increase over time.
- The company targeted its marketing of MUN tokens to people with an interest in digital assets and the ICO space, rather than to the restaurant industry or current users of the company’s products.
- The company highlighted that it would ensure that a secondary trading market for MUN tokens would be available shortly after the completion of the offering.
The SEC discounted the company’s designation of the MUN token as a “utility token” and warned that “whether a transaction involves a security does not turn on labeling” and “instead requires an assessment of the economic realities underlying a transaction.”12 While the question of whether an ICO involves securities must be resolved on a case-by-case basis, Munchee suggests that even ICOs that seek to raise funds for legitimate projects and that contemplate specific uses for the digital token may run afoul of the federal securities laws.
Even before the recent wave of subpoenas and information requests, the commission had issued numerous public statements suggesting that this industry sweep was coming. First, Chairman Jay Clayton has repeatedly stated that he has instructed the SEC to aggressively monitor and police the virtual currency markets and, specifically, ICOs.13 Second, during a Senate hearing on Feb. 6, 2018, Clayton expressed skepticism toward ICOs and observed that he has yet to come across an ICO that is not a security.14 Third, the SEC has partnered with the U.S. Commodity Futures Trading Commission to warn market participants that the agencies will work together “to bring transparency and integrity to [the ICO] markets,” signaling that market participants may face scrutiny from both the CFTC and SEC for related ICO activity.15
Under these circumstances — and in light of the SEC’s recently formed cyber unit, which focuses on cyber-related misconduct such as violations involving distributed ledger technology and ICOs — it is all but certain that the SEC’s scrutiny in this area will continue.