As of August 2017, Initial Coin Offerings (ICOs) – a means of raising funds for a new cryptocurrency venture, whereby units of the new cryptocurrency are sold to early backers of the project in exchange for legal tender or other cryptocurrencies – were said to have collectively raised over $1.2 billion, surpassing early stage venture capital funding for internet companies. The value and nature of these transactions have, unsurprisingly, drawn the attention of regulators worldwide including a total ban on ICOs from the People’s Bank of China. On July 25, 2017, in response to criticism and concerns surrounding ICOs, the U.S. Securities and Exchange Commission (SEC) released a report on its investigation into whether virtual coins or tokens may be securities in which it stated that “coins” in one prominent ICO were, in fact, investment contracts under the Securities Exchange Act of 1934 (48 Stat. 881, 15 U.S.C. 78a-78kk) (the “Exchange Act”) and that, “depending on the facts and circumstances”, the same can be said of other virtual currencies, rendering them subject to federal securities laws.
Fallout From the Downfall of the “The DAO”
The SEC’s investigation focused on a May 2016 offering known as “The DAO”. The DAO was built on the popular blockchain platform Ethereum. Blockchain is a decentralized, incorruptible public ledger visible to all its users whose identities are encrypted. Through its virtual token sale, The DAO raised a historic USD $150 million in digital currency from some 11,000 investors in what had been lauded as the largest crowdfunding campaign currently on record. While the intention of “The DAO” was to create a digital decentralized investment fund, its experiment in investor-directed venture capital was thrown into a state of chaos when on June 17, 2016 a hacker exploited a vulnerability in The DAO code and stole USD $50 million worth of tokens, the equivalent of one third of The DAO assets. Fortunately, the withdrawal of funds was programmed to include a waiting period that the hacker was unable to bypass before exchanging their stolen cryptocurrency to offline currency. As a result, investors were afforded time to find a solution to recover most of their investment.
The solution, in brief, involved undoing the hack by creating an alternative version of the blockchain on which the hack never happened – what is known as a “hard fork”. The original version of the blockchain, on which the hack existed, was to then fade into disuse. In this way, investors would be reimbursed without undoing or compromising any unrelated transactions. The solution, however, has sparked controversy and debate within the blockchain community – the details of which are beyond the scope of this article –, and raised questions with respect to legal liability and investor rights. In the end, the legal ramifications prompted the SEC investigation.
Is Cryptocurrency a Security?
The SEC’s investigation was concerned not with identifying and charging those involved in the hack, but on whether the U.S. federal securities laws applied to the offer and sale of The DAO tokens. The threshold question was whether The DAO tokens are a security, in accordance with section 2(a)(1) of the Securities Act of 1933 (48 Stat. 74, 15 U.S.C. 77a-77mm) (the “Securities Act”). A security is essentially a tradable financial instrument that holds monetary value, such as a stock, bond, option, investment contract, etc. The offer and sale of securities in the U.S. is regulated under the Exchange Act, which was enacted in the aftermath of the stock market crash of 1929. Its objectives are: to “require that investors receive financial and other significant information concerning securities being offered for public sale; and prohibit deceit, misrepresentations, and other fraud in the sale of securities.”
For years cryptocurrencies have occupied a relatively grey regulatory area. The lack of regulatory oversight has largely been the reason behind the success virtually unknown companies have had in raising millions – sometimes hundreds of millions – of dollars through ICOs. These companies have benefitted from bypassing regulations requiring, for example, financial disclosures and business plans to potential investors that must be provided. The lack of regulatory hurdles has reduced the cost and launch time for ICOs, which are conducted over websites while blockchain participants manage and control the software platform. In this way, ICOs benefit from requiring little or nothing in the way of lawyers, accountants, underwriters, other professionals, administration, and even stock exchanges – the traditional entrance barriers are removed. The implications of finding that cryptocurrencies are securities would be drastic and, it has been speculated, could even make the use of some, such as Bitcoin, impossible.
In determining whether cryptocurrencies are securities, the SEC examined whether they qualify as an investment contract under 2(a)(1) of the Securities Act and 3(a)(10) of the Exchange Act. As noted by the SEC, an investment contract is “an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.” The SEC further noted, “the definition embodies a ‘flexible rather than static principle, one that is capable adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profit.’” The legal test for determining whether certain transactions qualify as investment contracts was devised by the US Supreme Court in SEC v. W.J. Howey Co., 328 U.S. 293, 301 (1946) (Howey), commonly known as the “Howey Test”.
Under the Howey Test, a transaction will be determined to be an investment contract, and therefore a security if:
- It is an investment of money;
- There is an expectation of profits from the investment;
- The investment of money is a common enterprise; and
- The profit is derived from the effort of a promoter or third party
Later cases expanded the investment of “money” to include assets other than cash (see Uselton v. Comm. Lovelace Motor Freight, Inc., 940 F.2d 564, 574 (10th Cir. 1991)). In applying this test, any investigation must look to the substance and economic realities behind an investment scheme, not simply the name and form.
In applying the Howey Test to The DAO, the SEC report concluded that digital coins or tokens issued by an individual or entity for the purpose of raising funds for projects may be considered securities under federal law, regardless of whether done so using a traditional company or decentralized autonomous organization.
Implications in the U.S. and Canada
In the U.S., the immediate implication of the SEC’s conclusion that ICOs may be regulated like securities is to require those found to be securities to be subject to applicable U.S. securities laws and SEC regulations. Accordingly, digital entities and organizations established to hold securities in pooled portfolios for investors may be required to register as an investment company. As such, they would be subject to onerous obligations under the Investment Company Act, such as registering with the SEC as an “investment company” or qualifying for an exemption from registration, conforming to a narrow set of allowable governance structures, and registering the individual with ultimate discretion over investment decisions as an investment advisor.
The SEC’s conclusion also raises issues with respect to liability. U.S. participants in unregistered offerings may be held liable for violations of the federal securities laws. As a result, in order to avoid having to deal with U.S. federal regulators, it has been suggested that there may be a rise in the overseas cryptocurrency markets and of offerings that specifically prohibit US participation. For these reasons, the SEC’s conclusion is anticipated to have a chilling effect on the growth of the market. However, for some the news that ICOs may be regulated like securities is positive, as it provides greater legitimacy to virtual currencies and the blockchain capital-raising mechanism. This, in turn, may allow traditional financial institutions to use ICOs as a financial technology alternative to IPOs. What is more, the increased regulation may help root out fraudulent schemes that benefitted from the lack of regulatory certainty and oversight. This may lead virtual currencies to be considered reliable enough to be used as collateral within capital markets.
While the SEC decision can be viewed as crucial to the regulation of cryptocurrencies, it is also notable for its uncertainty. Whether or not a digital coin or token will be subject to U.S. securities laws will depend on the specific facts and circumstances of the transaction. As a result, developers may try to avoid securities classification by designing tokens that will fail to satisfy one of more of the Howey Test criteria. For example, it has been suggested that they could “[design] tokens to provide the purchaser with greater individual rights and involve the purchaser more in the management of the enterprise” in order to increase the likelihood that “profits are viewed as resulting from a purchaser’s own efforts rather than through a passive investment.” What is more, when marketing tokens, developers are being encouraged to “communicate in a way that will not create an expectation of profit through the token developer’s effort”. Additionally, where registration with the SEC is required, it is unclear with whom the obligation falls given the anonymous, decentralized nature – for many, the draw – of many of these currencies. Where currencies are continuously mined, for example, as with Bitcoin, it is yet unclear whether miners will be regarded as “issuers” or as acting as agents of the issuer under Section 3(a)(8) of the Exchange Act and, therefore, subject to strict registration, disclosure, and reporting requirements.
Finally, there is considerable uncertainty surrounding how existing cryptocurrencies will be treated versus new entrants to the cryptocurrency market. As mentioned, charges were not brought against the The DAO, thus it seems that the SEC is primarily focused on regulating new entrants. This, however, could create a serious regulatory blind spot, as existing currencies could use “hard forks” to continue to create new currencies while evading regulatory scrutiny. Just such a “hard fork” was used on August 1 by Bitcoin to create an alternative cryptocurrency, Bitcoin Cash.
Following quickly on the heels of the SEC report, the Canadian Securities Administrators (CSA) released a Staff Notice on cryptocurrency offerings on August 24, which acts as a joint statement on how Canada’s provincial and territorial security regulators view ICOs/ Initial Token Offereings (ITOs). While the Staff Notice does not create any new laws, it is informative to understanding how Canadian securities law applies to ICOs. These will apply if the individual or entity selling the securities is conducting business from within Canada or involve Canadian participants.
The Staff Notice confirms speculation that Canadian regulators would take an approach similar to that articulated by the SEC. The CAS takes the position that many coins/tokens fall within the definition of “securities” under Canadian securities laws. Consequently, ICOs/ITOs will be subject to prospectus or exemption from prospectus requirements and ancillary or supporting businesses may similarly be subject to registration requirements. The CAS also cautions that ICOs/ITOs may also be derivatives and, thus, subject to derivatives laws. Further regulation may also apply where a platform that allows for the trade of coins/tokens found to be securities may be considered a “marketplace” or an “exchange” under provincial and territorial securities laws. In order to avoid the application of such laws, exchanges could restrict listings to only those coins/tokens that are not considered securities. However, determining whether a coin/token is a security may pose a challenge due to the form of the analysis.
Like the SEC, the CAS advises that, in determining whether or not a token/coin is a security, ICOs/ITOs will be assessed on a case-by-case basis. What is more, in finding a security, regulators will look to the substance over the form of the transaction and apply the existing test for finding a security expressed in Pacific Coast Coin Exchange v OSC (1977) (Pacific Coast), the leading case on what constitutes a security in Canada. Applying the test, Canadian regulators will consider whether an ICO/ITO involves: (i) an investment of money, (ii) in a common enterprise, (iii) with the expectation of profit, (iv) to come significantly from the efforts of others. The similarities to the Howey Test stem from the instructive role played by Howey on the Supreme Court of Canada’s analysis in Pacific Coast.
In making its point with respect to utilizing by a case-by-case assessment, the CAS provides an example of “coins/tokens that allow him/her to play video games on a platform” versus those “whose value is tied to the future profits or success of a business.” They note that while the former may not be securities, the latter will likely be found to be securities and, therefore, attract such regulatory treatment. This example is heartening because it suggests that Canadian regulators are aware of and engaging with the various uses for virtual coins/tokens.
While regulators in the U.S. and Canada have cautioned and provided guidance to blockchain industry participants with respect to the securities regulatory obligations that may attach to coins/tokens, the fundamental question attracting such obligations to cryptocurrencies is whether a coin/token is a security. Both in the U.S. and Canada the case-by-case assessment approach being taken, however, leaves blockchain industry participants largely reliant on hindsight. This has the possible effect of creating significant entrance barriers, chilling the cryptocurrency environment, and/or leaving well-meaning participants offside securities laws. This is especially so given the fast pace of technological advancement and growth of the blockchain industry. In order to provide greater certainty to the cryptocurrency market, it would be helpful for both U.S. and Canadian regulators to provide a better understanding of how common characteristics of coins/tokens might be treated applying the tests from Howey and Pacific Coast, respectively.