Regulatory Woes For Cryptocurrency ICOs
By J. David Mitchell on ALTCOIN MAGAZINE
Recently, the US SEC (Securities and Exchange Commission) has taken a more aggressive stance toward cryptocurrency ICOs (Initial Coin Offerings). In an attempt to protect the US investor from scams and pump and dump schemes, in July of 2017, the SEC issued guidance that cryptocurrency ICOs could be regulated as securities. This guidance has been followed by legal enforcement actions. In November of 2018, two companies (Airfox and Paragon Coin Inc.) were fined $250,000 each for not registering their ICOs as securities and forced to register their tokens as securities. In February of 2019, Gladius Network LLC, despite having self-reported their ICO to the SEC, was ordered to return funds to those investors who purchased tokens in their ICO and who make a request to get their money back. In June of 2019, the SEC filed a lawsuit against Kik Interactive, claiming that the cryptocurrency KEN should have been registered as a security. In the lawsuit, the SEC claims that Kik engaged in illegal or unethical business transactions and that Kik must stop using KEN and return the money raised to investors with interest. The action against Kik is the most aggressive action, to date, by the SEC.
According to the US regulators (namely, the SEC and the US Treasury Department’s FinCEN), there are three types of cryptocurrency ICOs: (1) ICOs that must register as securities, (2) ICOs that issue utility tokens that are not regulated as securities, and fall under FinCEN regulations, and (3) ICOs that produce payment tokens, which are not regulated because they are only used to facilitate the direct sale of goods and services. Let’s examine each type of ICO.
First, the SEC claims that most ICOs produce tokens that should be registered as securities. On April 3, 2019, the SEC released a guidance document titled “Framework for ‘Investment Contract’ Analysis of Digital Assets.” The Framework represents the SEC’s views, but it is not a rule or a regulation. Also on April 3, 2019, the SEC’s Division of Corporation Finance (“Corp Fin”) issued a response to a no-action request, and they detailed when a digital token would not be considered a security. So, through the Framework and the no-action letter, the SEC has delivered a clear message that most new digital tokens should be classified as securities. ICOs produce tokens that are securities because the issuer (1) seeks to create and develop a network to expand the reach of the token, (2) a purchaser has a reasonable expectation of value appreciation (or profit) that is tied to the issuer’s efforts to promote and expand the network and (3) a purchaser has the ability to transfer or trade the digital asset, e.g., on an exchange.
The Corp Fin guidance was that a token is not considered a security when (1) the tokens are set at a fixed price (like a stable coin), (2) when any money from the ICO is not used by the issuer to build or develop the services of the issuer and (3) when the tokens are not publicly traded. Corp Fin was responding to a specific use case of travel vouchers (or travel tokens), but there are parallels with the Framework.
The problem with the SECs guidance is that most companies who issue an ICO do so with the expectation that the token will be publicly traded and that they can use the proceeds from the token sales to expand the network on which the token will operate. However, the SEC says that these two attributes, namely, (1) expanding the reach of the network through the issuer’s efforts and (2) trading the token on an exchange, constitutes an investment contract with the issuer. Therefore, the tokens are securities.
As a side note, when a token network becomes decentralized (in the sense of not being under the control of any one group or party), then the token is no longer tied to an issuer or to a promoter. So, it is difficult to argue that a token is benefiting any one issuer or promoter. So, for example, ether (on the Ethereum network) is not a security, and the original issuer or promoter is no longer responsible for the token. So, when a token has reached the decentralized tipping point, then it is no longer considered a security.
According to the SEC, if you are purchasing a token in an ICO with a reasonable expectation of a profit, based on the future expansion of the network on which the token operates and based on the success of the issuer, then you are purchasing a regulated security. The emphasis in the Framework falls on the managerial efforts of the issuer in expanding the network and in bringing value to the token holder. And, if the token is largely under the control of the issuer, then the issuer is using the token as a security.
Second, there is a class of token called a “utility token” that is not regulated as a security. Utility tokens are intended to provide digital access to an application or service. Most commonly, utility tokens are used to pay for the use of the token network. Sometimes, utility tokens are used to gain voting rights on the token network. In either case, the token is used typically to interact with the token network.
When a token is used to consume resources on a token network, it is classified as a “utility token.” The token may be traded on a public exchange, but the expectation is that the primary use of the token would be to consume certain predefined resources. For example, siacoin (SC) is only used to purchase file storage space on the Sia-distributed-file-storage network (or on the Sia blockchain). Hosting providers who provide file servers for the Sia blockchain are paid in siacoin (via a smart contract or DApp). Likewise, consumers of the file servers, who store files on the Sia blockchain, pay in siacoin. Siacoin is publicly traded on cryptocurrency exchanges, and as such, the price may fluctuate. Nevertheless, the appreciation in the value of siacoin would be incidental to obtaining the right to use the coin for its intended functionality, namely, to purchase the file storing service. According to the SEC guidance, Nebulous, the company who issued siacoin, would not seek to profit from the appreciation in the value of siacoin, and any increase in the value of siacoin would be a minor consequence of being publicly traded. Siacoin may not be the best example of a utility token since Nebulous is continuing to develop Sia in an effort to increase the profitability of the company.
A utility token is used to provide access to the token network and to consume predefined resources on that network. The value of the utility token should be independent of the continuing development efforts on the part of the issuer, and the value of the utility token corresponds to the level of demand for the goods and services for which the token may be exchanged or redeemed.
Whether or not a token is regulated under the SEC as a security, the US Treasury Department’s FinCEN provides guidance for all tokens, but, typically, FinCEN focuses on tokens that are not regulated by the SEC. On May 9, 2019, FinCEN released a new guidelines document: https://www.fincen.gov/sites/default/files/2019-05/FinCEN%20Guidance%20CVC%20FINAL%20508.pdf
This document exposes the third type of token that is completely unregulated, namely, a payment token. Section 2 excludes companies from FinCEN regulation if the company is acting “as a payment processor to facilitate the purchase of, or payment of a bill for, a good or service…” and “accepts and transmits funds only integral to the sale of goods or the provision of services.” So, if a company is simply using a digital token directly to facilitate the sale of a good or service, then the FinCEN “know your customer” (KYC) regulations and “anti-money laundering” (AML) regulations would not apply.
The FinCEN guidelines are an interesting read since the document describes circumstances in which the KYC and AML regulations would apply to tokens. For example, Section 4.2.1 talks about hosted wallets for utility tokens (where the company holds the private keys for customers’ funds), and the guidance is that if a company is hosting a wallet for a third party, the company “must follow the procedures for identifying, verifying and monitoring both the user’s identity and profile, consistent with the host’s AML program.” Likewise the company “must comply with the Funds Travel Rule…” This rule has strict KYC reporting criteria for transactions greater than $3,000. So, even if a token is a utility token, the seller of the token could be subject to strict AML and KYC rules.
It is interesting to note that, according to the Swiss government, even payment tokens, which are exempt by FinCEN, are subject to AML and KYC regulations. See https://www.finma.ch/en/news/2018/02/20180216-mm-ico-wegleitung/
The guidance provided by the SEC and FinCEN can be unclear, especially, when dealing with utility tokens and payment tokens. But, the ability to issue new ICOs in the United States without being subject to fines, penalties, and enforcement actions is dependent upon being able to navigate the complex regulatory guidelines. Hopefully, this article has shed some light on these guidelines.
