Guest post by Sara Hanks, CEO and Founder of CrowdCheck, Inc.
Initial Coin Offerings (ICOs) are becoming increasingly popular methods of raising funds to develop new tech products or services. These products or services typically use a Blockchain, and, in turn, the typical investment product in an ICO (a “coin” or “token”) uses a Blockchain and “smart contracts” to govern some part of the relationship between the company and its investors, establishing to what the investor is entitled. In exchange for funds, paid in dollars, Bitcoin (BTC), or Ethereum (ETH), backers or investors receive a package of rights (the coin or token) that permits them to use the ICO developer’s product or service. Those rights may include the ability simply to use the product or service or to be part of its development, and in some cases, even to a share in the profit.
Sometimes these coins or tokens have the characteristics of securities, which is where CrowdCheck and CrowdCheck Law get involved, because if you sell securities you must register them with the SEC or find an exemption from registration. In the very early days of ICOs, some thought that selling “ICOs” instead of “IPOs” was a loophole that would help them avoid securities laws. Seriously, that’s adorable. But no. If you are raising funds and backers contribute because they believe what they are receiving will become more valuable over time, the likelihood is that you are selling a security.
However, it is important to note that ICO law is an evolving area. The CrowdCheck team has put together some of the most frequent questions and issues that we encounter. We expect that these thoughts will develop and additional questions will get added to this post, so be sure to check back for the most up-to-date information.
Aren’t ICOs just crowdfunding?
In essence, yes. Crowdfunding initially gained momentum with a rewards-based model where people who had an idea for a neat widget, and if you also thought the widget was neat, you would contribute money to help the developer build that widget. In turn, you would get a widget or two in the event that the developer managed to produce them commercially. With ICOs, the thing that you get is the right to use a digital product or service (such as file storage), and sometimes also to participate in the development of the service, using your own technical expertise.
One word of caution before we get into the inevitable “well aren’t ICOs the same (in securities law terms) as contributing to a rewards-based crowdfunding campaign, like the Pebble Watch campaign on Kickstarter?” argument. Bear in mind that even when dealing with pure widget-development crowdfunding, there are those (including some state securities regulators) who believe that these campaigns involve “risk capital,” which is a type of securities offering. Don’t assume that pure widget-development campaigns are exempt from the attention of regulators and plaintiffs’ lawyers. And, as we will see below, ICOs can have many more of the attributes of securities than widget campaigns.
Beanie Babies on the Blockchain are still Beanie Babies
Because ICOs have attracted so much attention, and so much money, and have that (false) allure of a loophole with respect to securities law, we’ve had some non-tech companies asking if they could make ICO offerings. In theory, they can. While it’s not entirely clear why a muffin shop would want to issue MuffinCoins denominated in Ethereum (ETH) or MuffinMoney and traded on a Blockchain, they could do so. It’s not going to change the securities law analysis, though. And ICOs seem to be best suited for products or services that are digital. We’re not sure how a smart contract would reflect the delivery of muffins (although it may be a great way to record the transfer of good, old-fashioned shares in Muffin Inc.).
So when do securities law apply?
When you are offering or selling securities, of course. And by “sell,” securities law means any transaction in which someone gets securities in exchange for “consideration,” which means paying a price or doing a thing, even if they were going to do that thing anyway. We’ve seen some folks try to argue that they are giving away their tokens. Be warned that the “no sale” theory in securities law is incredibly narrow and only really applies when the developer is literally not getting anything in which case why is it even issuing tokens?
You really need a lawyer to determine whether the coins or tokens you are offering are securities. The tokens are going to represent a bundle of rights and entitlements. These may include the right to share revenues in the project that is being developed, the right to share revenues in the company issuing the tokens, the right to vote on aspects of the project being developed, the right to vote with respect to the management of the company, the right to use the product or service being developed and the right to participate in the development of that product or service. That bundle of rights is what you examine to determine whether it’s a security.
It’s always going to be a facts-and-circumstances analysis and it’s possible for excellent lawyers to completely disagree on the conclusion. There are a number of factors that you take into account in determining whether something is a security; these are set out in court cases, one of which is SEC v. W.J. Howey Co. In that case, the Supreme Court said that an investment contract is a contract, transaction or scheme whereby a person invests his money in a common enterprise and expects profits solely from the efforts of the promoter or a third party.
One of the funniest things on the internet right now is the volume of “I’m not a lawyer, but . . .” articles explaining the Howey test. And then celebrities tweet their approval of that analysis! Please get your securities law advice from actual securities lawyers as opposed to people with a million Instagram followers. Who, by the way, may be violating Securities Act Section 17(b), the anti-stock-touting law, if they are getting compensated (in any way) for promoting an ICO offering and don’t disclose that fact.
While we can’t tell you in this memo whether your coins or tokens are securities, we will point out the following:
- Howey is not the only case that gives guidance as to whether a package of rights is a security. Look at Reves v. Ernst & Young as well, for example. The SEC and the courts will use the test that seems closest.
- Even when applying the Howey test, you need to know how lower courts (i.e. courts other than the Supreme Court) have interpreted the findings of Howey. Internet commentators seem to take a summary of Howey that they got from some other website and then apply their own analysis of those summaries. That’s not how it works.
- You can’t call the SEC and ask them to tell you whether what you are selling is a security. The most likely response you are going to get is “That is always going to be a facts-and-circumstances analysis and your own counsel (who gets paid more than we do) is in the best position to make that determination.” You might ask for a “no-action” letter but we don’t believe this is anything the SEC would issue a no-action letter on and even if they did, getting a no-action letter would likely take months (if not years) and significant legal fees. (Larger fees than if you’d hired a lawyer to structure the offering to fit within the securities laws.)
- The SEC is not the only regulator. The definition of “securities” is not the same under all state laws. Some states view “risk capital,” that is, funds provided to a business for which the funder is not in control and there is risk of complete loss of those funds if the business is not successful, as securities.
- The SEC is not the only plaintiff, either. While you might worry about the SEC deciding you were selling securities and suing you, you should probably be more worried about plaintiffs’ lawyers bringing a private lawsuit for the unregistered sale of securities and suing for return of investment plus interest. The SEC only has limited resources; they will only bring suit when policy dictates. But plaintiffs’ lawyers have every incentive to sue any outfit that didn’t tailor its offering to follow securities law.
So you are saying we should treat our ICO as a securities offering?
Unless you can get a reputable law firm to issue you an opinion (not a memo arguing both sides, but rather an actual legal opinion that says what you are offering are not securities), then yeah, that might be a good idea.
What are our options if we do decide to comply with securities laws?
Pick one of the following:
- You can register the offering with the SEC, which will let you sell to any sort of investor in the United States. This is the most expensive option in terms of filing fees and legal and accounting fees, and requires the most regulatory burden. Additionally, you’ll become a fully reporting company with the SEC and required to make annual and quarterly filings. But there’s no limit on the amount you can raise.
- Next in terms of burden and expense is Regulation A. This is limited to offerings up to $50 million. It’s available for sales to both accredited and non-accredited investors, although non-accredited investors are limited to investments of no more than 10% of their income or net worth in any particular offering. Reg A offerings are made by filing offering statements with the SEC, which reviews and comments on them before “qualifying” them (which means sales may then be made) and the company must file annual and semi-annual reports with the SEC. Regulation A is available to US and Canadian companies only.
- You can make sales to accredited investors under Regulation D. Rule 506(c) of Regulation D permits you to use the internet to solicit investors, but you have to verify those investors’ accredited status. That may be tricky if using accreditation verification services who will need to work out whether an investor’s Ethereum (ETH) wallet is really hers and whether she is worth a gazillion dollars or nothing, due to cyber currency variations. No limitation on amounts that can be raised here. But these securities will be “restricted” which means that you are going to program those smart contracts to limit to whom and how they can be traded.
- You can make sales under Regulation Crowdfunding (Regulation CF) to accredited and non-accredited investors, but only up to $1.07 million. You have to file with the SEC (they don’t formally review the filing), and post the offering on the site of a registered broker-dealer or crowdfunding portal. Regulation CF is available to US companies only.
- You can offer your securities outside the United States in reliance on Regulation S. When a US company relies on Regulation S, it has to impose a period during which the securities cannot be transferred to “US persons.” That’s a year for equity securities and 40 days for debt securities (see discussion of “What kind of securities are ICOs?” below). See “Regulation S limitations” below for some very important stuff that nearly everyone is screwing up.
“Pre-sales” are still sales
It’s pretty common for ICOs to have a “pre-sale” round, sometimes using Simple Agreement for Future Tokens (SAFTs). These aren’t pre-sales, they are actual sales of a pre-thing. If the thing is a security, all the rules above apply. Register with the SEC or find an exemption.
We note that some folks are saying that since an excellent law firm drafted the SAFT that is most commonly used, all they need to do is fill it out and use it for sales. That’s not how it works. The SAFT, no matter how brilliantly it is drafted, is the security. That security needs to be sold in a manner that complies with the securities laws.
We might note in passing that there’s an element of uncertainty in SAFTs that doesn’t exist in instruments such as SAFEs. With SAFEs there is a presumption that at some point in the future a professional investor will set the terms for an offering of preferred stock. That preferred stock may have terms that are as of yet unknown (such as anti-dilution provisions), but those terms are within known parameters – they are known unknowns. Preferred stock has a limited number of variables. That’s not true of tokens. So unless you know what will go into the bundle of rights that the token will represent, the SAFT involves an extra degree of uncertainty. And if you do know what will go into the bundle of rights, wouldn’t a token make more sense than a SAFT?
And another thing about SAFTs . . .
This post discusses several of the ways an issuer can comply with securities laws in its offering (registration, Regulation A, Regulation CF, etc.). As we law bores are constantly pointing out, this new type of security has not changed the securities laws and this includes what we refer to as the “metaphysics” of registration under the Securities Act, meaning the incredibly detailed set of rules that apply to how things get registered and what gets registered. The Division of Corporation Finance sets out some of these in its “Compliance and Disclosure Interpretations” or C&DIs, available on its website. One rule of the metaphysics is that when you are registering a security that converts into or is exchangeable for another security, either in the next year or at the option of the issuer, the SEC assumes you are registering that second (“underlying”) security too. This is because the investor is effectively making an investment decision about both the original security and the underlying security at the time of first sale.
We understand that the SEC Staff will apply this concept in the context of Regulation A and Regulation CF offerings. That means that the Regulation A or Regulation CF filing must include a description of the terms of the underlying securities (i.e. the eventual tokens). Since in many cases the tokens to be issued in SAFTs will (a) have as-yet undetermined rights and (b) convert automatically at a discount to the price paid in future offerings, as opposed to at a price certain, it is not clear how such offerings can comply with the disclosure requirements of Regulation A and Regulation CF offerings. Rule 506(c) of Regulation D, which has no disclosure requirements, may be a better option for SAFTs.
What kind of securities are ICOs?
Good question! Seriously, no-one has any real idea with respect to some types of tokens. The first thing to establish would be whether your securities are debt or equity. This matters for several reasons:
- Because of the different regulatory treatment between debt and equity in Regulation S;
- Because if they are equity they may end up triggering the Section 12(g) requirements discussed below; and
- Because knowing whether they are debt or equity helps with knowing how to document the things (see next section).
We had a good conversation with some regulators recently where we asked what sort of security are tokens. They suggested we talk to the accountants to see whether the tokens would be treated as equity or liabilities. We asked the accountants whether tokens would be treated as equity or liabilities. They said it would depend on what the lawyers said they were. We said we would look at the financial statements. Circular much (But see the discussion of SAFTs below)?
All we know for sure is that tokens, with their bundle of unique rights, are unlikely to be common equity, at least in the case of corporations (And if they were common equity, why not just issue common stock tradeable on a Blockchain, instead of tokens?).
Make sure you know whether your tokens are equity or liabilities before you start your offering, so you can take into account some of the issues in this memo.
SAFTs are basically “derivatives” whose nature is dependent on the future token that will be issued upon their exercise. So if the token is going to be equity (and you might not even know the details of the token to be issued) then the SAFT will likely be equity even if it is treated for accounting purposes as a liability, which it might be. When considering the Section 12(g) issues discussed below, bear in mind that we think it’s possible for an instrument to be a liability for accounting purposes and equity for the purposes of Section 12(g).
And once you’ve decided what they are, how do you document them?
If tokens are merely debt obligations, then this is a relatively easy question. Both LLCs and corporations can issue notes or debentures or IOUs or whatever you want to call them without messing around with their constitutive documents (Operating Agreement for LLC and Certificate of Incorporation for corporations). These securities are created by contract, and providing that the company follows its internal rules for authorizing the issuance of securities (such as Manager or Board approval), it’s probably going to work if the terms of the obligation are set out in the smart contract and nowhere else.
It gets more complicated when the securities are equity (or include some element of equity). If the issuer is an LLC, the rights and responsibilities of issuer, manager and investors is set out in an Operating Agreement, which is a creature of contract law as opposed to corporate law and thus fairly flexible. Unless the Operating Agreement has been specifically set up with a view to issuing securities on a Blockchain, it will need to be amended to allow for the issuance of securities through smart contracts. If that is done, however, it may be possible to memorialize the terms of the securities solely through the smart contracts.
That won’t work for corporations, which are subject to the corporate law of their state of incorporation. The corporate laws of most states are quite explicit about how equity securities are created and how their terms are memorialized. As we’ve mentioned above, tokens are not common stock, but if they have elements of equity, they should probably be treated as preferred stock (because there aren’t really any other options) and their terms recorded in an amended Certificate of Incorporation filed with the relevant state or alternatively set out in a Certificate of Designations (assuming the corporation’s documents are organized that way). We haven’t filed any such certificates with a state yet, so we don’t know how the states will react, especially if the purported preferred stock includes all kinds of additional rights such as the ability to change the code in the service the company is issuing the token to develop.
A safer (or faster) option might be to deconstruct the various rights that make up the token and create a “unit” consisting of preferred stock (representing the equity element) and obligations (the other rights embodied in the token). You’d still encounter the issues noted below with respect to the keeping of the stock ledger under corporate law, but you might be able to have the preferred held by a custodian for the benefit of the unit holders (which would solve the Section 12(g) issues discussed below). You probably wouldn’t want to permit the components of the units to be separately traded, but the units could be both created (or at least assembled) and traded through the smart contract.
We’ve been asked “But surely all these things are set out in the smart contract; why do you need more documents?” That’s because corporate law (in the jurisdictions we work with) doesn’t yet say “You can create securities by setting out the terms of the securities in a smart contract.”
Regulation A limitations
Regulation A is not available for “at-the-market” offerings. The SEC Staff has taken the view that most forms of variable pricing, such as “early bird” or “pre-sale” pricing, are at-the-market. This means early bird discounts or stepped pricing cannot be used in a Regulation A offering (this does, however, work in Regulation CF). The way you change prices in a Regulation A offering is to file a post-qualification amendment to the Offering Statement and get it re-qualified, so timing can be unpredictable (in theory the SEC could take a month to respond to the filing). (Note that price increases of less than 20% can be made by a filing that doesn’t require re-qualification.)
Regulation A is also not available for “investment companies.” In very general terms, an investment company is any company that has 40% of its assets invested in minority holdings in other companies. That means “ICOs of ICOs” do not work. A company founded to invest in other companies’ ICOs cannot use Regulation A and is effectively limited to Regulation D offerings to accredited investors.
You also need to engage brokers for Regulation A offerings when selling into certain states. While some lawyers argue that state broker-dealer regulations are preempted by federal law In Regulation A Tier 2 offerings, state regulators disagree and hold that you need brokers registered in that state in order to sell to its residents, and you can be very sure state regulators will be paying attention to ICOs. The states taking this position include Texas and Florida. So in order to sell into those states, you need to engage a broker or register the company as an “issuer-dealer.” Brokers seems to be taking a cautious approach in entering this market, and it’s also worth noting that the nature of Blockchain technology means that brokers can’t use it for offerings with “contingencies” or minimum offering sizes where funds have to be held in escrow, as discussed below with reference to Regulation CF.
Regulation CF limitations
You can only raise $1.07 million in any 12 months under Reg CF. Additionally, while Regulation A permits you to “test the waters” and find out whether there’s any interest in your offering without having to make any filings, you can’t make offers (that includes any communications encouraging interest in tokens) without first making a filing with the SEC. Additionally, there are restrictions on transfer of Regulation CF securities for one year; you’ll have to build compliance with these requirements into the smart contract.
It’s also not clear that offerings that make use of Blockchain technology will comply with the requirements of Regulation CF. Regulation CF requires that funds be held by escrow agents — specific types of banks or brokers — until released to the issuer (or back to the investor if the offering fails to make its target). Blockchain smart contracts with funds held in electronic wallets do not meet this requirement (although some escrow agents are moving into this space). Therefore it would seem that the initial distribution of ICOs in a Regulation CF offering in most cases would have to be done in a more “traditional” manner and then Blockchain trading could only happen after the distribution had closed.
Regulation D limitations
Securities sold under Regulation D are “restricted,” which means you will have to set up procedures in your smart contract to limit their resale or ensure that they are only traded to accredited investors. Additionally, the “Section 12(g)” problem discussed below is an immediate concern for companies selling under Regulation D. Since the offering will be made over the internet, the specific type of Regulation D offering you will be making is that under Rule 506(c). That requires you to take reasonable steps to verify that the investors in your offering are accredited. This verification process is something you could actually build into the smart contract: you could make those service providers validators of the transaction effected through Blockchain technology.
Regulation S limitations
Equity securities of non-SEC reporting US companies are subject to a one-year period during which the securities cannot be resold to US persons. Debt securities are subject to a 40-day period. This means it’s important to establish whether the securities are equity or debt. As with Regulation D, issuers are going to have to reflect these requirements in the smart contracts that govern trading.
You may wish to use Geofencing technology here and to block all US IP addresses. Regulation S securities cannot be “offered” to US persons, which means you cannot have an open-to-everyone website that describes Regulation S securities, even if the site says “we can’t sell these to US persons.” That is still an “offer” in the US. Trust us on this one. Best practice if you have any link to the US is to put the website that describes Regulation S securities behind a firewall that requires investors to certify as to their non-US status and their location before they are permitted to view details of the offering.
Additionally, compliance with the provisions of Regulation S that provide the best protection for issuers with links to the US require that investors certify that they aren’t “US persons” and promise not to resell to US persons. We understand that the SEC’s likely position is that those certifications should be made in the investor’s real name, not as a “check the box” function.
Additionally, while initial sales under Regulation D and Regulation A are “pre-empted” from state regulation (i.e. the states can’t impose their registration requirements on these offerings), that’s not the case for Regulation S. While by definition, Regulation S offerings are not going to be made into any US states, there are some states which regulate offerings made from those states. Make sure to review those requirements before undertaking a Regulation S offering.
Regulation S only tells you how to deal with US regulations, by the way. You also need to make sure that you comply with the regulations of the countries where the investors are located. Block IP addresses from any jurisdictions where you know the securities can’t be sold.
Registered and Regulation A offerings must be made on the basis of mandated disclosure which is reviewed by the SEC Staff. This disclosure includes information about the issuer, the people who control it and its primary investors, in addition to a description of the issuer’s business. The filings also include a detailed description of the securities the issuer is offering, the rights that investors will have and the way in which those rights interact with the rights granted by other securities. Companies filing with the SEC should expect the Staff to pay close attention to this section.
The “whitepapers” that have been used to attract investors or backers in ICO offerings to date are of varying quality. Some include a great deal of information about the code that the company is planning to develop, and others are merely promotional tracts. In some cases, if the company already has a whitepaper, some of that information might be usable for the section of the SEC filing that describes the company and its mission, and some might be usable for the “description of securities” section. Expect a fair amount of rewriting.
Both registered and Regulation A offerings must include “risk factors” which will be reviewed by the SEC Staff. This section is also required in Regulation CF offerings (which are not reviewed). ICO issuers should expect to make extensive disclosures about the fact that their services or products are not yet developed.
Registered, Regulation A and Regulation CF offerings also all require explanation of a new company’s financial “milestones” so that investors have some idea about the company’s future plans.
Registered and Regulation A offerings require audited financial statements and Regulation CF offerings generally require financial statements reviewed by a CPA. Even recently-formed companies are subject to this requirement. The financial statements must be prepared in accordance with US Generally Accepted Accounting Practices, which means explanatory footnotes are included, and these footnotes will need to explain how the ICOs will be treated in the company’s accounts.
Regulation D does not mandate any specific information be provided to potential investors. What is provided will depend on what the issuer and its lawyers believe need to be disclosed in order to protect the issuer from liability.
And on the subject of liability, ICO offerings (including statements in the whitepapers) are subject to liability for “misleading statements”, just as “regular” securities offerings are.
Bounty-hunters and celebrity endorsements
As we keep saying, ICOs have not warped the space-time continuum so as to apply the Securities Act differently than other classes of securities. That’s certainly true when it comes to “bounty” or referral programs in the ICO space. In these programs, people get coin or tokens for spreading the word about an ICO offering. Sometimes the person being compensated is a celebrity from the world of sports, fashion or niche liquor production (Don’t we all get our investment advice from sports stars or rappers?).
The application of normal securities laws means, if your coin or tokens are securities:
- The company issuing the coin or token must register the issuance of the securities to bounty hunters under the Securities Act or find an available exemption from registration;
- The bounty hunters or influencers must comply with the “stock touting” provisions of Section 17(b) of the Securities Act; and
- Depending on the manner in which the bounty hunters are compensated (do they get rewarded merely for discussing the ICO offering or for actual investments?) both parties may wish to consider whether the bounty hunter is acting as an unregistered broker-dealer.
Issuers may find it difficult to find an available exemption for these activities. We’ve seen some discussion of relying on Rule 701 under the Securities Act (which applies to people in employee-type relationships with the issuer) and we are skeptical. If you are compensating US-based bounty-hunters and they aren’t accredited investors, your best option might be Regulation CF.
With respect to paying people to find investors, issuers should bear in mind that if such a “finder” was later found to be acting as an unregistered broker-dealer, the entire transaction may be subject to rescission (which means you give the money back to everyone, with interest). Plus, the celebrity may be subject to fines, which could undermine their relationship with the company. There’s nothing worse than a pissed-off fashion icon with a million Instagram followers.
Don’t do any of this unless you are a company
You’re going to have to form a company in order to make securities-compliant offerings—none of this “virtual” organization stuff. For a start, to make Regulation A or Regulation CF offerings or register your offering, you have to be an actual company. Second, unless you think you are only going to be “virtually” sued by aggrieved “virtual” investors, you need the protection that proper organization brings.
And do all those boring company things too. Stay in “good standing” with your state of organization (if you don’t, your company may cease to exist) and make your offering and issue your securities in compliance with your Operating Agreement or Bylaws.
On a Blockchain, no-one knows you’re a dog …
… Up until now. However, anonymity doesn’t work well with securities law. It definitely doesn’t work when a broker-dealer is involved. Brokers have “know your client” obligations, which means that they must know who they are transferring securities to, and make sure those people aren’t involved in money laundering. For that, they are going to have to know the identities of the initial investors. Anonymous trading in the secondary market might be possible after the initial distribution (although brokers may not be able to be involved in that trading) but, as discussed below, anonymous trading presents problems in compliance with the requirements of Section 12(g), and may not work at all for Delaware corporations.
It’s not just brokers who have issues when it comes to identifying investors. As discussed above, issuers must take reasonable steps to verify the accredited status of their investors, which includes the challenges of matching the source of funds to the person whose accredited status is being verified.
And on the subject of identifying investors’ status, we have heard that some issuers looking to rely on Regulation S are asking for investors’ personal information, like passport data. That’s probably a bad idea. First, it’s not actually mandated, and secondly, issuers had better be sure that that information is not kept anywhere it could be hacked, or collected in violation of data privacy rules (which by the way are very fierce if you are dealing with Europeans). If you feel you have to do this, use some method that is not recorded, like a face to face Skype chat.
The Section 12(g) problem
Section 12(g) of the Exchange Act says that if you have assets of $10 million and a certain number of “holders of record” of a class of equity securities (2,000 holders, or 500 non-accredited holders), you have to register that class of securities with the SEC, becoming a fully-reporting company. This is not something most ICO issuers are ready for.
As discussed above, it’s important to establish whether the tokens being offered are debt or equity. Let’s assume that the tokens either represent a share in the profits of the issuer or include some aspect of profit share, such that they get treated as equity (Let’s also bear in mind that the flexibility inherent in LLC structure means that it might be easier to treat LLC interests as not being equity). Let’s also imagine that the ICO raises at least $10 million, so that asset test is met.
We’re assuming that the tokens will trade via Blockchain technology, effected through smart contracts.
Blockchain technology is anonymous by its nature; issuers will know how many transactions there are and how many “addresses” on the Blockchain hold tokens. They will never know how many investors are behind those addresses. One address could be a wallet that holds the tokens of dozens of widows and orphans. Or one person could have many addresses; one that she uses for her own investments, one for holding the tokens she is managing for the local orphanage and one for her money-laundering business. We believe the only practicable way of counting the number of “holders of record” that trigger the 12(g) registration requirement is to treat each address as if it were one holder of record, in the same way you would treat a broker holding in street name. And we think you have to assume that each “holder” is non-accredited, unless you build some accreditation-verification process into your smart contract.
So where does that leave the issuer? Depends on which type of securities offering it is making. If the issuer is making a Regulation A offering, a conditional exemption from Section 12(g) may be of some help. The exemption applies if the issuer:
- has a “public float” (common stock held by non-affiliates) of less than $75 million, or if no public float, revenues of less than $50 million;
- makes its required ongoing filings; and
- engages a registered transfer agent.
But where in the process does the transfer agent sit? One of our clients has suggested that one solution might be to “tokenize the tokens”: issue a token to an address owned by the issuer (and that’s what the transfer agent will keep track of), then chop up the tokens and transfer them on the Blockchain. This begs the question as to whether the captive Blockchain address or the addresses holding the tokenized tokens should be treated as the “holders of record”; there’s an argument to be made either way. But at least this way you manage to engage a transfer agent and can stay within the conditional exemption until you have revenues of $50 million.
Issuers making offerings under Regulation D are going to experience this problem sooner. There’s no conditional exemption from 12(g) for them. If they have 500 holders of record and $10 million in assets, Section 12(g) will apply. In that case, they are left with maybe three alternatives: build an algorithm into the smart contract that prohibits transfers except to existing token-holders once there are 500 token-holding addresses, take the approach that a captive address that tokenizes the tokens is the sole holder of record, or register with the SEC.
For both Regulation D and Regulation A offerings, we have looked at having the tokens held by a trustee. A trustee would be treated as one “holder of record” and trustees are used in “regular” Regulation A offerings. However, even once you have worked out the logistics of getting the tokens into the hands of the trustee and then onto a Blockchain, how does the trustee ensure that it fulfills its fiduciary duties to unknown investors on the Blockchain? Again, we run into the anonymity problem.
We’ve been told that securities laws interfered with the “beauty of the Blockchain” (True).
The smart contract and issuance and trading using Blockchain technology
The smart contract
A smart contract is a computerized transaction protocol that executes terms of a contract (a set of instructions that provide “if x then y, else…”). Those terms can include automatic payment, but more significantly for securities law purposes they can include processes like automatically requiring verification of accredited status as a condition to transfer. Of course, the anonymity of Blockchain addresses means that if such verification is built into a smart contract, someone’s accredited status might be confirmed, but is that someone the person who is receiving the securities?
We also have to note that it’s not necessarily easy to fit all the bundle of rights that constitutes a security (or the certifications necessary to comply with some of the Securities Act exemptions) into a standard smart contract, using the ERC20 standard, for example. We aren’t developers, but we understand that making a smart contract that would meet those requirements would require custom coding, which is why we often see “Terms and Conditions” in addition to the ERC20 contract. Since part of the purpose of a smart contract is to have an immutable record of a transaction on a Blockchain, having a highly mutable set of terms posted somewhere else would seem to undermine part of the ultimate objective.
Initial issuance and subscription
In the event a broker is involved in a securities transaction, the broker is going to have to comply with “know your client” and anti-money laundering requirements. To do so, it is going to have to know the identity of the initial purchasers of the securities.
Secondary trading after the initial issuance is better suited to use of Blockchain technology, provided that the issues identified here with respect to number and status of investors are addressed.
State securities laws and secondary trading
All offers and sales of securities must be made in accordance with registration under the Securities Act or an exemption from that registration. States have similar rules. While initial sales under Regulation D and Tier 2 of Regulation A are “pre-empted” from state regulation, meaning the states can’t impose their regulations on those transactions, that’s not true for secondary trading. While most secondary trades (as long as the seller isn’t an “affiliate” of the issuer) are able to rely on the “resale exemption” at the federal level, there is a complete patchwork of regulation at the state level. Most states exempt some secondary trading from their regulations, but the conditions vary and can include one or more of the following: unsolicited trades through a broker, trades to accredited investors, or infrequent trades. Again, anonymity creates an issue here because if you don’t know who you are selling to, you don’t know what state you are selling into either. Smart contracts for trading should be designed to address this issue, which is going to require significant research into the conditions for each of the states’ exemptions and finding a way to assure that the conditions are met.
The distributed ledger and the stock ledger
The news that Delaware (where a large proportion of corporations are incorporated) would now permit stockholder records kept using Blockchain technology was greeted with great applause, but it’s not quite as revolutionary as it looks. For a start, Delaware requires the keeping of a stock ledger with the names and addresses of stockholders, so means of identification is going to have to be built into any smart contracts effecting transfers, and the issue of how to treat addresses that are wallets holding for others must be addressed. Secondly, although one upside of using this technology may be the elimination of the existing confusion between beneficial and record holders, that in itself may accelerate Section 12(g) issues.
Liquidity for founders through secondary trading?
Some founders and company insiders, including those who got their securities in “pre-sales,” may want to resell their tokens when secondary trading starts. Hold up there, Skippy. You may wish to consider a couple of things before you do that. First, might you be in possession of any “inside information”? That is, stuff you know about the company or the project that other investors don’t and which they might think is important when deciding to buy your tokens? We thought so. Don’t sell without making sure everybody else in the market has that same information. Second, might you be an “affiliate” of the company? That means officer, director or similar positions and anyone in “control” of the company (and the people who might be deemed to have “control” start with 10% shareholders, so don’t think this doesn’t apply to founders with a minority holding). If you are an affiliate, you get treated as if you were the company and your sales are treated as if you were making an initial “distribution,” not like you were making a normal secondary trade, so you need to find an exemption from registration just as if it were the company doing the offering (see above). Companies should probably reflect in their smart contracts some kind of rep from the seller of the securities that he isn’t an affiliate and isn’t in possession of inside information.
Is your exchange an “exchange”?
The SEC has pointed out that persons or entities that connect potential buyers and sellers of securities may be brokers required to register as such with the SEC. Additionally, platforms that have automatic matching processes may be required to register as exchanges or alternative trading systems (ATSs), a kind of “exchange lite”.
There are many “exchanges” providing platforms where buyers and sellers of tokens can connect, arrange trades and also exchange their holdings into other currencies. Some of the US ones are appropriately registered with the SEC. One question to be addressed is whether a company bears any liability if it arranges for trading on an unregistered exchange. U.S. federal and state securities laws have catch-all provisions regarding secondary liability for aiding and abetting a violation of securities laws, which could apply for facilitating trading through an unregistered exchange.
Easier to get forgiveness than permission?
So you’ve come to the conclusion that you’ve violated several aspects of securities law, at both the federal and state level. Oops. Can you go to the SEC and get some form of absolution? Nope. We’ve had some conversations with the SEC Staff, and funnily enough, while they are willing to be helpful in working out compliant solutions, they take violation of their laws pretty seriously. Don’t hold your breath hoping for some limited amnesty for non-compliant ICO offerings that “didn’t mean it.”
If your offering was not registered or compliant with an available exemption from registration, we have to assume that completely undoing the transaction works. Giving back every penny and cancelling the securities issued. Technically there would have been a violative offer, but the remedy for that is a rescission offer, and completely undoing the offering would get you to the same place.
It would have to be a complete undo, however. If you try to give the money back and some of your investors say “It’s ok, I believe in you guys, keep the money, we good,” that’s an investment decision on their part and you’ve probably just made another violative offering.
Plus, you already spent a lot of the money, right? The only solution here is a rescission offer, and here we get to back to those tricky “metaphysics” again. Because the rescission offer has itself to comply with the registration or exemption requirements of the Securities Act. You can make a rescission offer by registering it with the SEC. We think you could also use Regulation A. Rescission offers using Regulation D and Regulation S get a lot trickier and possibly may not even be possible.
If you have any questions about the foregoing, please feel free to contact us:
Sara Hanks: firstname.lastname@example.org
Andrew Stephenson: email@example.com
Huiwen Leo: firstname.lastname@example.org
Jamie Ostrow: email@example.com
Jeanne Campanelli: firstname.lastname@example.org
CrowdCheck is not a law firm, the foregoing is not legal advice and it is subject to change as regulatory
positions evolve. Please contact your lawyer with respect to any of the matters discussed here. In certain
circumstances we can introduce you to our affiliated law firm, CrowdCheck Law, LLP.
© CrowdCheck, Inc. 2018
 Some of the coins and tokens are designed to be cryptocurrencies in themselves. We’ll ignore currency issues (including the jurisdiction of the CFTC over such things) for the moment, except insofar as New York’s definition of virtual currency (which you need a license to move around) is very broadly construed and includes most “digital units of exchange” which could certainly include tokens. Offers and sales into New York may be best avoided for now.
 In DC, people are selling cookies for $60 and “giving away” cannabis to the people to whom they deliver cookies. That doesn’t work for weed or for securities.
 SEC v. W.J. Howey Co. (U.S. 1946).
 Reves v. Ernst & Young (U.S. 1990).
 The SEC only has civil power; that is, they can sue you but it’s the Justice Department that has the power to jail you for securities law violations. The SEC does not own any handcuffs.
 Regulations A, D, CF and S are all exemptions from registration under the Securities Act of 1933 (the “Securities Act”).
 If selling in a currency (fiat or cyber) other than U.S. dollars, you may need to constantly monitor the exchange rate to make sure you don’t take in more than $50 million in dollars.
 In general, investors with incomes of $200,000 or $300,000 with their spouses or net worth (not including their house) of $1 million.
 This is “Tier 2” of Regulation A. Tier 1 does not have ongoing reporting requirements but Tier 1 offerings must be reviewed by state regulatory authorities as well as the SEC, and ICO offerings are very likely to be rejected by many states.
 This is a significant issue for Rule 506(c) offerings. In a traditional 506(c) you get accreditation information with respect to the person whose name is on the bank account that you are getting funds from. If the source of funds is a blockchain wallet, there’s no way to link the person making the accreditation representations with the source of funds. At least not without violating the investor’s privacy in the same way Olympic drug testing does.
 Normally if securities are sold at the end of that one year holding period, companies (or their transfer agents) get an opinion of counsel that the securities may be traded without restrictions pursuant to Rule 144 under the Securities Act. If you set up the smart contracts properly you may be able to avoid having to do that. We guess that transfer agents might want an opinion that the smart contracts adequately enforce restrictions on transfer.
 You need to know where to look. See here for interpretations relating to the statute itself and here for rules under the statute. You have to know what section or rule might be being interpreted. Bear in mind that interpretations of general application are at the beginning of these works and very specific fact situations are addressed at the end.
 Or convertible or into or derivatives of equity, which count as equity under Section 3(a)(11) of the Securities Exchange Act of 1934 (the “Exchange Act”).
 ASC 480.
 We recognize the limitations of Geofencing (we use VPNs ourselves), but it’s a reasonable step to take.
 Regulation S has a bunch more requirements, which seem to be frequently ignored in ICO offerings. We are just flagging some of the most problematic ones for ICOs here.
 If you don’t form a company, the likelihood is that you and your co-founders will be treated as a general partnership, each responsible for all the stupid stuff that the other members of your team do or say.
 Or Regulation S. The securities laws don’t care whether your holders of record are in the United States or not.
This post was written by Tai Nicolopoulos on February 27, 2018
Is my Initial Coin Offering (ICO) compliant with U.S. security laws?