Securities Compliance Paths for Blockchain Projects

Gabriel Shapiro
21 min readJun 8, 2019

A Simple, Commonsense Guide

Introduction

There is growing recognition that U.S. securities laws are applicable to most fundraising activities undertaken by developers of blockchain technologies, particularly when they sell pre-mined blockchain tokens to the general public at an early stage of development. Thus, many blockchain aficionados are aware that ICOs, IEOs and other types of blockchain token transactions can violate securities laws. There is also some consensus beginning to form around anti-patterns that typically will create a high risk of a token being regulated as a security — for example, ICO marketing that stresses the potential upside of the token based on the seller’s continuing efforts to develop the technology.

However, there is less awareness around patterns of securities laws compliance for blockchain token sales. Indeed, there is a common misunderstanding that U.S. regulators — in particular, the SEC — have adopted policies that essentially make legal compliance impossible for blockchain projects involving utility tokens that may increase in value. The aim of this article is to correct that misunderstanding by providing a no-frills overview of the most noteworthy and potentially useful of the available compliance paths:

  • the no-premine path
  • the consumer product sale path
  • the utility-token-as-security-token path

These paths will be summarized in this article at a high level only; to fully explain all of the nuances of each of the paths would require a treatise. This article also assumes familiarity with blockchain technologies and at least a layperson’s awareness of securities laws — thus, it does not explain how blockchain works, what a token is, or what the Howey test is; there are plenty of resources for that. Finally, the article is meant to be user-friendly for non-lawyers. Thus, in many places I simply state my opinion, informed by the law, but make no attempt to explain my reasoning by reference to the applicable doctrinal tests/statutes or to vulcanize my positions against potential objections from other lawyers. Accordingly, this is not a definitive analysis, an academic treatment, an operating manual for DIY lawyering or legal advice given by me to you — it’s a primer, a head’s-up, a conversation-starter, one lawyer’s opinion, and that’s about it. Take from it what you will.

It is also worth noting that in this article, aside from one point relating to a novel feature of securities laws in the blockchain context, I am avoiding normative statements about securities law or the benefits or detriments thereof. For what it’s worth, I believe securities laws in the U.S. could do with significant reform to reduce the costs of fundraising and public company reporting, but I do believe any such reform should be focused on securities generally rather than providing lighter regulation specifically for blockchain-based instruments just because they are blockchain-based. But that is an article for another day. Here, I merely take securities law as a given, and try to avoid normative analysis.

  1. The No-Premine Path

This is the development path followed by Bitcoin, Dogecoin, Monero, ZCash, GRIN and Litecoin. Developers self-fund the software development, or take no-strings-attached donations to fund development. The developers then launch the network (or, really, the software client that enables the network) when the software is ready.

The launch of the network entails the publication of an open-source software client that incorporates certain consensus and network communication rules embodying a ‘blockchain protocol.’ Anyone can download the client and run a node. At genesis of the blockchain, each node can perform services for the network — mainly combining valid transactions into blocks with a requisite proof of satisfying the applicable anti-Sybil-attack method (e.g., proof-of-work) — and thereby earn freshly minted token rewards in accordance with the consensus rules baked into the client. Since all of the nodes are running the same client/ruleset, a blockchain emerges that all those nodes agree upon as being canonical, and the literal or figurative account balances on that blockchain represent a distribution of the token to the various network participants.

In this type of launch, no person is selling tokens to another — rather, depending on how you look at it, either no sale of tokens is occurring, or the only sale of tokens that is occurring is a sale with a legal buyer (the nodes who perform services) but no legal seller — sitting in the seller’s position is the network itself, a thing which does not own the tokens it’s selling (it prints them de novo) and also does not have the “legal personality” necessary to serve as a contractual counterparty such as seller, despite providing seller-like functions.

Bitcoin serves as undeniable proof that the fiat-denominated value of such tokens can increase significantly over time, due to network adoption effects or changes in macroeconomic factors that cause the token to be more useful, or at least more “in demand” — whether for reasons of use, financial speculation, or both. Thus, people acquiring Bitcoin early can later sell them for a (sometimes enormous) fiat profit. Also, such networks can and do attract self-appointed champions — early adopters like Roger Ver or Andreas Antonopoulos who might heavily promote the value of the token and might mine or purchase the token in the meantime, hoping their efforts and those of other like-minded early adopters will drive up the price of the token over time. However, importantly, the network is designed in such a manner that it does not easily allow such self-appointed promoters to end up in a role similar to that of an issuer of securities. This is evidenced, in the case of Bitcoin, by the fact that even Roger Ver, who once was so influential in promoting Bitcoin that he was known as “Bitcoin Jesus,” was eventually forced to create a new Bitcoin fork in order to pursue the scaling and adoption roadmap he advocated for. Likewise, even some developers who at one time had Bitcoin Core repo authority and were influential core developers lost that influence and had to create forks of Bitcoin in order to pursue their particular visions. By contrast, Facebook Inc. would never have to fork the Facebook platform to introduce new improvements meant to drive up the value of Facebook stock.

Despite this profit potential, which in other circumstances can implicate securities laws, it is widely recognized (including by SEC staff members) that Bitcoin is not a security, and I also believe that other tokens following the same ‘no-premine’ pattern as Bitcoin are in general unlikely to be securities under U.S. federal securities law. To explain why the SEC staff and other securities attorneys are reaching this conclusion in doctrinal terms would be a complex discussion beyond the scope of this article. A cartoon thumbnail version of the reasoning is this: in all these cases, there was not an affiliated group of developers or entrepreneurs who were raising capital by selling Bitcoin, Dogecoin, etc. to people who hoped to make money from increases of value in those tokens depending predominantly on the entrepreneurial efforts of that group.

Thus, the manner in which tokens such as Bitcoin and GRIN were launched is one possible compliance path for launching a blockchain network without treating the tokens as securities.

Important caveat: We are only talking about certain types of tokens here. The manner of sale or distribution of a token is not the only important factor in determining whether it may be a security. That all of the aforementioned tokens (BTC, DOGE, etc.) are essentially ‘blank’ payment tokens — true “cryptocurrencies” — is not coincidental. For purposes of this article, I consider such tokens, as well as tokens meant to essentially confer an access or service right (such as ETH 1.0 in its capacity as providing the ability to buy computation services from Ethereum nodes), to be “utility tokens” that do not have intrinsic securities-like features. The “no premine” path, if properly followed, is also very likely to result in such utility tokens not being securities. (It is also important to note that keeping a token out of the securities regulatory regime and the SEC’s jurisdiction may more strongly situate it as money that is subject to money transmitter regulations and FinCEN ‘s jurisdiction— but that’s a topic for another day.)

On the other hand, if the token in question functions more like a financial instrument —such as by entitling the token holder to receive passive (dividend-like or interest-like) income (including other tokens of the same type) or to exchange the token for other tokens out of a potentially growing pool (e.g., a bonding curve contract) — then it is much harder to establish that the token is not a security, even if it was not premined. Similarly, any token (such as ATOM or TEZOS) that can generate dividend-like returns , but only if staked, and which also carries governance voting rights, would require a more nuanced analysis. Although such staking/governance tokens may not be securities and the “no-premine” path may help in reaching that conclusion, the intrinsic features of such tokens are too rich and complex, and too inherently similar to some securities like stock or derivatives, for the no-premine path to give reasonable assurance, in and of itself, that such tokens are not securities.

2. The Consumer Product Sales Path

This is the path that most ICOs claimed to be following, but really weren’t — the sale of a consumer product to customers who wished to use it. It is widely recognized that the sale of a consumer product to consumers is not a securities transaction, even when the purchase is a “pre-order” and the consumer product may require some additional research and development or production. Kickstarters are not securities sales. Thus, when dealing with a token like ETH, which can be used to deploy smart contracts on Ethereum and pay nodes fees for running the smart contracts, or a token like MANA that entitles the holder to virtual land in a virtual world, an argument may be made that an ICO is basically a Kickstarter or Indiegogo campaign — that is, users are pre-buying a consumer product they wish to use, rather than buying an investment instrument and thus a security. However, while this argument works in theory, it is rarely plausible in practice.

It is possible that some early ICOs like that of Ethereum really were “Kickstarters” — i.e., that the vast majority, or maybe close to all, of the buyers of the premined ETH were people just curious to try out the technology or wanting to support it as an experiment via a donation. But money ruins everything. The enormous and widely publicized price appreciation of Bitcoin, Ethereum and other cryptocurrencies has created a general awareness of the profits that can be made by acquiring cryptocurrencies early in a network’s life, or the even greater profits that can be made by buying a commitment for the tokens before the network exists at all. Moreover, buyers typically hope to make such profits based on the selling team’s efforts, not merely because of impersonal market forces. Because of this climate for purchasing and profiting off tokens, it cannot reasonably be doubted that the vast majority of interest in ICOs and IEOs is investment-oriented rather than use-oriented. Simply put, most people buy most tokens to flip them for profits accruing because of the talents of the developer team that sold the token, rather than to “consume” the tokens.

For any who might doubt that an investment motive is predominant, one strong indication of the same is the manner in which people evaluate and conduct due diligence into token sales, as evidenced in many public forums. Prospective token buyers typically undertake a detailed evaluation of the token-selling team and its “advisors” to assess their competence, reputation, the likelihood of them having long-term loyalty to the project, and their potential to increase the token’s value over time through their work. A frequent concern expressed in public discussions regarding token sales is that the development team maintain “skin in the game” by claiming a material (but not excessive) percentage of the premined token for themselves and subjecting those tokens to time-based or milestone-based vesting. Prospective token buyers may also view the involvement of sponsors with a financial motive such as Binance (an exchange) or ConsenSys (a venture incubator/investor) as badges of quality, and may “free ride” off of the due diligence they presume these higher-resourced and profit-motivated sponsors have undertaken. Due to the combined participation of venture capital investors and more casual “retail” investors, many ICOs and IEOs have raised money far in excess of Ethereum’s and far in excess of even the most successful Kickstarter campaigns — raising hundreds of millions or even billions of dollars. Objectively speaking, these events far more closely resemble massive preferred stocking financing rounds (or, at the high end, IPOs) than they do consumer product pre-sales.

Since the law does not involve mind-reading machines, the law looks to objective indicia of the nature of the transaction to measure whether buyers purchased an instrument primarily for investment purposes such that the instrument should be regulated as a security. In light of the climate described above, as a practical matter the presumption by regulators will be that most buyers in most ICOs are buying tokens for investment purposes, unless there is extraordinary evidence to the contrary. Hence SEC Chairman Jay Clayton’s statement at one time that he had ‘yet to see’ an ICO that was not a sale of securities. On the other hand, factors such as the following, alone or in combination, could provide a reasonable basis for concluding that a token is not being sold as a disguised security but rather is being sold to end-users as a bona fide consumer product:

  • Each buyer of premined tokens only buys an amount of the token that, based on how that token is used in the network, an ordinary consumer would reasonably be expected to use for ordinary consumer purposes in a reasonable amount of time — say 1–3 years (with 1 year being very typical of, say, ordinary consumer software licenses and 3 years being on the long side).
  • The token is “use it or lose it”. This could mean the token expires after a period, or that the token has a “reverse-vesting” feature so that a fraction of each account balance is burned each month if not used for its intended purpose.
  • The token is a ‘one-time use’ token that is irrevocably redeemed or burned upon use, rather than a token intended to continue circulating and potentially increasing in value indefinitely.
  • The buyers are the ordinary and natural buyers for the intended consumer use case. Venture Capital firms typically do not buy $5M in consumer products with the intent to resale them — they buy securities. Thus, the presence of a Venture Capital investor in your token sale is a strong indication that the token is likely a security. A consumer typically does not spend (absolutely or relatively) large amounts of money to pre-order a lifetime’s worth or more of a software product— thus, a consumer spending that much on a token is unlikely to solely or even predominantly be buying for a consumer purpose, and conversely is very likely to be buying for an investment purpose. This is just common sense.
  • Secondary sales of the token are prohibited, or are only permitted to bona fide users, or are capped at the initial sale price or some small percentage increase on the sale price. The issuer does not encourage secondary trading of the token on exchanges; or, better still, the issuer takes active measures to limit speculative secondary trading, such as Zynga took with Farm Bucks exchanges back in the heyday of Farmville.
  • The project is “sufficiently decentralized” such that the token buyers would not reasonably expect the token price to increase based predominantly on the entrepreneurial efforts of developers or business entities who are united with the token buyers in a common enterprise. See Section 3 infra for more on this topic.

The above is not meant to be a formula, and I am certainly not saying that a token must have any or all of these properties in order not to be a security. For example, if it were clear that the token were only being sold to consumers who wanted to use it as a product (rather than flip for profit), and the potential for price appreciation of the token based on the efforts of the token seller has some soft or hard limit, then more active secondary trading might be possible without running the risk of the token being deemed a security.

What I am pointing out, however, is that based on the way token sale dynamics have evolved to date, there will be a powerful presumption that people buying into ICOs, IEOs or other sales of premined blockchain tokens are doing so to profit from increases in value of the token as a result of the entrepreneurial efforts of the token sellers, and thus as part of a securities transaction. Accordingly, very strong evidence to the contrary along the lines suggested above is needed in order to counteract that presumption and firmly establish that such a sale is more like a Kickstarter sale than a sale of securities.

3. The Utility-Token-As-Security Path

This path is being followed when a token seller premines a utility token and sells it to raise capital for developing the project, but at the same time recognizes that as a result the token will (at least initially) be regulated not only as a consumer product but also as a security. Alternatively, this path may also arise when tokens, such as the The DAO tokens, are not premined, but have intrinsic financial features (such as delivering a return from a pool of funds in a common enterprise) that cause it to fall within the ambit of securities regulations, and thus the only manner of lawfully issuing such tokens is as securities.

Although to date this has been a slow-moving and uncertain path, we are beginning to get clarity on how this can work, and my prediction is that it will become the go-to path for projects wishing to raise capital through premined utility token sales or for general distribution of tokens that passively generate financial returns.

Due to the richness of lawful securities sales mechanisms, this path has many potential sub-paths. Here I will mention the three sub-paths most likely to actually be useful. Interestingly, these three paths can also be chained together in a bootstrapping process that uses earlier, smaller, more private rounds of funding to scale up into the level of network adoption and funding that is needed for larger, more public rounds of funding — a process that has been followed, most notably, by Blockstack, which presold utility token commitments to venture capital investors via SAFTs in a private placement, and now has a Reg A+ filing pending before the SEC which, if qualified by the SEC, will allow Blockstack to sell the tokens as securities to the public.

A. Private Securities Placement followed by Rule 144 Sales and/or Sufficient Decentralization

In general, any security may only be offered or sold in the U.S. if one of the following conditions is true: it is registered with the SEC as a public offering, or it fits within one of the exemptions from registration. Registration is expensive and time-consuming and involves recurring compliance costs; thus, the registered offering path is typically undertaken only by relatively mature companies. Seed-stage capital, on the other hand, is commonly raised under the “private placement exemptions” afforded under Section 4(a)(2) of the Securities Act of 1933 for sales of securities by an issuer not involving a public offering and the concomitant Regulation D “safe harbors” promulgated by the SEC pursuant to 4(a)(2).

When a blockchain project is at a relatively early stage, utility tokens can be sold as securities in a private placement. Private placements do not involve expensive SEC negotiations, review or filings, only a simple confirmatory Form D filing. Thus, aside from any contract documentation between the issuer and the purchasers, the overhead costs of doing a compliant private placement can be fairly low. Depending on the particular form of private placement selected, an issuer may raise an unlimited amount of funding very publicly (but only from accredited investors), an unlimited amount of funding privately (from a mix of accredited investors and up to 35 “sophisticated” non-accredited investors with certain disclosure protections) or raise smaller amounts very publicly from any type of investor. There are then two paths to these tokens becoming freely tradeable:

  • They will become freely tradeable securities after a 12-month holding period, but only (an important caveat) when sold by non-affiliates of the issuer.
  • They may cease to be securities and become pure consumer products or commodities if the blockchain project has become “sufficiently decentralized” such that token holders no longer have a reasonable expectation of profits from the entrepreneurial efforts of the issuer or other “active participants” who assume an issuer-like role. Getting comfortable that “sufficient decentralization” has been reached will generally require obtaining a legal opinion, an SEC no-action-letter, or both. The SEC has signaled its willingness to grant such no-action letters in appropriate cases.

After the point of decentralization, those who transact in the token will need to keep an eye on market developments to ensure that a new party does not re-centralize the technology and essentially step into an issuer-like role that requires the securities regulations to be applied again. While some might see this looming threat of renewed securities law regulation as a negative and as impossible to monitor, it is my belief that such a re-centralization would be fairly obvious. Moreover, the “punishment” of facing securities law regulation will serve as a sort of poison pill to disincentivize re-centralizations of decentralized networks. Thus, securities law is both an unexpected incentive to decentralize when centralized, and an unexpected disincentive to avoid re-centralization once decentralized. This is good and cypherpunk-positive. It furthers the intended aims of decentralized, P2P blockchain technology and almost becomes a form of added cybersecurity on the social layer.

One significant drawback to the private placement approach is that, because the tokens are securities, an ordinary cryptocurrency exchange will not be able to trade these tokens; only registered securities exchanges will, and currently few or none would be willing or able to. Likewise, brokers or dealers in such cryptocurrencies would need to be registered as securities brokers/dealers. However, these drawbacks occur at points of centralization where the technology is essentially being re-intermediated rather than providing the benefits of disintermediation and P2P interaction that cryptocurrencies are designed for. Accordingly, it is both appropriate and to be expected that traditional regulations would apply in those centralized nerve centers. Furthermore, in the future, there will be more registered securities intermediaries that are able and willing to transact in tokens that are securities. Until then, anyone who believes that it is essential for unregistered intermediaries to be able to transact in their blockchain token as part of a business on behalf of others should ensure that their token is not a security by avoiding selling the token in connection with an investment scheme. One way of doing so is by using the “no premine” path outlined in Section 1 above.

Another, potentially more serious drawback arises from the initial transfer restrictions that apply to tokens sold as securities in a private placement. The 12-month holding period for non-affiliates is bad enough, but what about project insiders who may have received the token as compensation and as “affiliates” of the issuer are subject to more stringent transfer restrictions? Even after the applicable holding period, these affiliates will not be able to transfer their tokens unless the issuer has satisfied public information requirements that are nearly as burdensome as the disclosure requirements for a Regulation A+ offering or full-blown registered offering. That, in turn, affects the availability of the “sufficiently decentralized” path, since the project probably cannot become sufficiently decentralized when its original developers are unable to exit their positions of control/influence by liquidating all or a large portion of their tokens. In effect, this does mean that project teams following this path should set aside a significant legal budget to prepare disclosures that would enable the securities tokens to become freely transferable by affiliates after the applicable holding period has been satisfied.

B. Public Securities Offerings Under Regulation A+

Regulation A+ is a set of SEC rules promulgated pursuant to the JOBS Act of 2012, which was intended to liberalize public securities sales by start-ups or “emerging growth companies”. Such public securities sales are sometimes confusingly referred to as “crowdfunding” — not to be confused with Kickstarter-style or Indiegogo-style crowdfunding.

By complying with Reg A+, a company may sell up to $50M of securities in a public offering that may include non-accredited investors (subject to certain investment limits by each particular non-accredited investor). A critical advantage to Reg A+ offerings is that, unlike the private placements described above, the securities sold in a Reg A+ offering are not subject to a holding period or other transfer restrictions — they may freely be traded on day one.

Thus, projects wishing to fund development of blockchain technology by selling utility tokens as investments, and thus securities, may file a Reg A+offering with the SEC and, once the SEC has reviewed and “qualified” that offering, proceed with the sale and have tokens that have been sold and are transferable in accordance with all applicable securities laws. For payment-style tokens that do not carry voting rights, the issuer can take the position that the tokens are not “equity securities” and thus that widespread ownership of the tokens does not require Exchange Act registration, thus avoiding the need to re-intermediate the technology through the use of transfer agents that may otherwise be required to avoid Exchange Act registration. Similarly, the issuer may take the position that any tokens that are held by the issuer are functionally not acting as securities in the issuer’s hands, and thus may avoid any requirement that the issuer itself register as an investment company because it holds unsold tokens.

Blockstack is the first significant blockchain project to make their Reg A+ filing public, has taken the positions summarized above with respect thereto and is currently awaiting qualification. According to the SEC and securities attorneys active in the space, there are a number of other projects that have filed under Reg A+ but still remain non-public and are awaiting SEC feedback.

Sounds pretty cool, what’s the catch? Well, there are a few pretty big issues that make Reg A+ expensive, burdensome and not to be undertaken lightly.

First, cost. In the case of Blockstack, it raised over $50M through private placements of SAFTs and other token investment vehicles before proceeding to a Reg A+ offering. As the first Reg A+ for a utility token that is also a security, it is also likely that Blockstack’s legal fees and other expenses in pursuing Reg A+ qualification were far greater than the typical Reg A+, and I would guess they were more similar to the typical costs of a full-blown registered offering/IPO. Blockstack likely could not have undertaken such a Reg A+ offering if it had not managed to attract very large private placements beforehand. In addition, there are ongoing compliance costs for teams that follow this path, since issuers with securities outstanding under Reg A+ are required to do periodic reporting with the SEC in a manner similar to exchange-act-registered companies, except that the reporting standards are less extensive and therefore somewhat less expensive to keep up with. Nevertheless, once Blockstack is qualified and some other projects get qualified under Reg A+, we will have good models for how to achieve this and the costs of doing so will be lower.

Secondly, a Reg A+ approach can make it harder to develop sustainable trust-minimized cryptoeconomic incentives for a network, since the issuer would have to pre-qualify even tokens that are later to be issued as rewards for “mining” or similar activities. As with private placements, the limits on issuance and the reporting obligations would cease if the project were able to reach a point of “sufficient decentralization” such that the token is no longer regulated as a security, as confirmed by the SEC. Alternatively, the project sponsors could create a new Reg A+ offering after 12 months, or could seek to do a fully registered offering that would enable more flexible issuance of security tokens pursuant to a shelf registration statement.

Although this Regulation A+ path is quite burdensome, nevertheless it appears to me that this is the SEC’s answer to “how do we do a compliant ICO”? Inevitably, it creates much higher barriers to entry in conducting a public token sale for investment purposes. But, I am not convinced that is such a bad thing. The other compliance paths explained above still remain available for teams that do not need to or want to raise huge amounts of money, and the stick of high compliance costs upon raising large amounts of money from the public combined with the carrot of reduced compliance costs once sufficient decentralization has been achieved will keep teams honest in pursuing the stated end-goals of the technology: to be trust-minimized, decentralized and peer-to-peer. To the extent a team fails to achieve those goals on a reasonable timeline, its technology may not be viable or useful, and any resulting costs or potential failure of the project may be deserved.

C. Fully Registered Offering

Finally, just for the sake of completeness, I’ll briefly describe the possibility of doing a fully registered public offering utility tokens as securities. This would essentially involve IPOing, but with tokens, and the issuer of the tokens would face the very heavy compliance costs of public SEC reporting. My expectation is that few or no projects will choose to pursue this path — instead, they will either not premine their tokens and thus try to ensure they are not securities, or, when they do sell tokens as investments, they will carefully plan to do so through a combination of private placements and Reg A+, then step away from the project, let it live or die on its own, and thus cause the SEC to agree that the tokens are no longer securities.

4. Conclusion

Thus concludes my brief overview of securities law compliance paths for blockchain projects. In case you forgot ’em, I invite you to read the disclaimers I dropped in the introduction about the purposes and style of this article — deliberately non-legally-technical and non-scholarly, meant as a starting point rather than an endpoint. If anything, my hope would be that people reading this think twice before assuming that the SEC is “destroying blockchain innovation” or that deploying a blockchain project in a legally compliant manner is impossible. Blockchain technology is still new, and does exist in tension with certain regulations, but regulators and legislators are both working on striking a reasonable approach to this technology. It appears to me that most regulators now recognize that when the technology functions as intended by truly being decentralized, it plays by different rules; but during any interim or bootstrapping period when it is still centrally managed, the normal rules must apply. I think this is a fair and reasonable position, one that the industry can work with, and wrote this article to try to illustrate that vision.

If you are a company or developer thinking about deploying a blockchain project or doing a complex blockchain-related project, and are looking for compliance or deal-execution advice, please feel free to contact me at g.shapiro@zerolaw.tech. Our team at ZeroLaw has the legal, business and technological expertise to assist you. You can also find me on the crypto twitterz as @lex_node.

--

--