Part I: The Basics

Everyone is talking about “ICOs” or “initial coin offerings.”  Celebrities are tweeting about them.  You cannot open the Wall Street Journal or Financial Times on any given day without at least one story about ICOs.  Prominent CEOs of financial institutions have taken to the bully pulpit to fulminate about ICOs and cryptocurrencies, using words such as “bubble” and “fraud.”  Parallels are drawn to 17th century tulip mania.  And securities and financial regulators around the world are taking notice, with varying degrees of reactions.

But why have ICOs elicited such attention?   In this series of posts, our aim is to shed light on this innovative way of raising funds, the regulatory responses (thus far), the challenges to regulation in various jurisdictions, the factors motivating regulators and possible future actions by regulators.

First … what is an ICO (for the uninitiated)?

ICOs borrow their name from initial public offerings, although instead of shares, digital tokens or coins are offered for sale in order to raise funding for a project.  By purchasing digital tokens in an ICO, purchasers[1] may receive a return on their investment if the project is successful, governance rights in a decentralized enterprise, or rights to use a service or purchase a product that will be available through the project.  The projects to be funded by ICOs may be defined with some degree of specificity at the time of the ICO, such as a project to design or use distributed ledger technology for a specified purpose, or more amorphously described at the time of the ICO according to general goals set out by the ICO sponsor.  The purpose and goals of an ICO are typically set forth in a white paper, available and publicized via dedicated websites and social media platforms.  Payments for digital tokens are typically made in the form of cryptocurrencies, such as Bitcoin or Ether.

Digital tokens may share attributes with a traditional security or financial instrument.  Where they do, they are clearly in the cross-hairs of existing regulations that govern offerings of, trading in, and advising and dealing in, securities and financial instruments.  In July 2017, the U.S. Securities and Exchange Commission (the “SEC”) issued a Report of Investigation regarding DAO tokens (the “DAO Report”)[2] – digital tokens sold via an ICO in order to fund projects to be selected at a later date – finding that DAO tokens were securities subject to the U.S. securities laws according to the test for “investment contracts” set out in the seminal 1946 U.S. Supreme Court case, SEC v. W.J. Howey.[3] (See our previous blog post on the SEC’s Report of Investigation here.)

However, the attributes of the DAO tokens fit fairly comfortably within the elements of the Howey test.  As a warning shot off the bow to ICO sponsors and participants, the SEC staff chose a straightforward test case to send a message to the market.  For many ICOs, the analysis will not be as clear.

Why does it matter if a digital token is or is not a security?

Laws and regulations governing offerings, sales, trading, advising and dealing in securities are designed to protect investors.  While laws and regulations vary by jurisdiction, generally these laws and regulations protect investors by ensuring they have sufficient information in order to make an informed investment decision with respect to the securities.  In many cases, the regulator or other competent authority designated by the regulator will serve as the gatekeeper for this purpose, for example, in its role reviewing and providing approval of prospectuses used in an offering and providing on-going supervision of issuers and other market participants, including the exchanges on which securities are traded.

If a digital token is a security or other regulated financial instrument, then it falls within the scope of these laws and regulations and supervision by the regulator, and investors receive the benefits of these protections.  For ICO sponsors, it also may mean significant costs and the burdens of on-going regulatory supervision, which could stifle a potentially innovative means of raising funds.

If a digital token is not a security or otherwise within the scope of existing regulations, then it is not subject to these laws and regulations.  There may still be certain aspects of an ICO that fall under existing laws and regulations, for example, crowdfunding rules, but the panoply of securities laws and protections would not apply.  Investors, especially retail investors, may not appreciate this.  The result is that they see their favorite celebrity promoting the ICO on Twitter (without any indication that the celebrity may have been paid to do so) and dizzying valuations, but are not provided with any disclosure (beyond a fairly short white paper) or warnings of the risks associated with what are essentially investments in very complex, and often nascent, technologies.  Given that cryptocurrencies exist and are traded on distributed ledger technology platforms that are often opaque by design, ICOs also provide opportunities for fraud and money laundering.

Here come the regulators

With the explosion of funds raised by ICOs in the last twelve months,[4] high-profile scams and corporate governance issues,[5] regulators around the world are taking notice and responding to this new form of fundraising.  While some regulators have issued broad bans on ICOs in their jurisdictions (such as China and South Korea), most have issued cautionary statements, warning market participants of the risks in investing in digital tokens and warning ICO sponsors that tokens may constitute securities or financial instruments within the scope of applicable regulations.  The Financial Times categorized the reactions to ICOs by regulators according to three categories: Bans, Fans and Wary.[6]  There are two primary questions for regulators: can they regulate ICOs within the existing regulatory framework and should they regulate ICOs to the extent ICOs do not fall within that framework?

The first question centers on whether an ICO is subject to regulation.  ICOs that perpetuate fraud and scams will always be subject to criminal statutes and case law targeting fraud and similar criminal activity.  But the arsenal of the securities laws, and the tools the regulators have under these laws to target offerings and provide protections for investors, and for investors to claim redress under those laws, are dependent on classifying a digital token as a “security” or “financial instrument” (according to the nomenclature of the relevant jurisdiction’s securities laws).  And as described above, in light of the many different types of digital tokens and ICOs, this is not always a straightforward analysis.  Further complicating that analysis is that digital tokens may fall within or outside the definition of a security or financial instrument at various points of the development of the underlying platform on which the digital token may be used.  The SEC Chairman Jay Clayton heavily indicated how the SEC will answer these questions at a recent conference, stating “I have yet to see an ICO that doesn’t have a sufficient number of hallmarks of a security.”[7]

The next question for regulators is should they regulate ICOs, to the extent ICOs do not already fall within the scope of existing regulations.  In this respect, regulators recognize that ICOs are a disruptive, innovative form of fundraising, used by tech-focused start-ups, including FinTech, a sector regulators in various jurisdictions are keen to foster and promote.  The fact that the majority of regulators have issued warnings to date, and have not unleashed the hammer of regulation, indicates that regulators do not want to quash ICOs and have mainly adopted a “wait and see” position while they continue to learn about this form of fundraising and consider whether it may fall within or outside the bounds of existing regulation, or whether new regulations should be adopted to specifically address ICOs.

Consider also the parallels to the first dot.com boom of the late 1990s / early 2000s.  During this phase of the tech industry, start-ups rushed to market through conventional capital raisings in IPOs.  Many of these companies were not ready to be public companies, their businesses did not take off as expected, valuations were unrealistic, and the bubble burst.  Only the strongest survived, and today we have Amazon, Netflix and Google as a result of that boom.

In the current phase of tech industry development, ICOs provide a means of funding for start-ups isolated from the traditional capital markets.  However, if the bubble bursts, investors in ICOs may lose significant amounts of money, as the regulators have warned.  Many ICOs to date have also not limited offerings to sophisticated investors, meaning that retail investors – those that regulators are most concerned in protecting – may be significantly exposed.  A dot.com that went public in the last boom was at least obligated to provide continuing disclosure and transparency to investors.  There are no such requirements on ICO sponsors if the ICO is not subject to regulation.

These are all reasons why regulators are likely to step in more actively, especially as the amounts raised in ICOs continue to grow and reports of scams and fraud become more widespread.  Regulation and regulatory oversight are not a panacea – certainly there have been many cases of fraud among companies that have conducted offerings subject to review by regulators and/or were subject to regulatory supervision.  But the prospect of regulatory review and scrutiny does serve as important deterrent, even if a few cases still slip through the cracks of the gatekeepers to the process.

Around the world in ICOs

In this series of posts, we will explore the regulatory reaction to ICOs across jurisdictions and consider the implications for regulators, ICO sponsors and ICO participants.  We will begin the journey in Europe and the United States, as the regulator in France is among the first to propose for consultation different approaches to regulation of ICOs and the SEC has issued further statements regarding ICOs following the publication of the DAO Report earlier this year and launched enforcement actions against ICOs through its recently established Cyber Unit, which is tasked with targeting cyber-related misconduct.  We will then turn our attention eastward, examining the response across the Middle East and APAC.  Continue to watch this space as regulators’ positions evolve and crystallize!

[1] ICOs often seek to avoid terms that may carry significance from a legal or regulatory standpoint.  Purchasers in ICOs are often referred to as “contributors” for this reason.

[2] The DAO Report is available at: https://www.sec.gov/litigation/investreport/34-81207.pdf (last visited Dec. 7, 2017).

[3] 328 U.S. 293 (1946).

[4] Coindesk, which tracks ICO volumes, estimates approximately $3.5 billion has been raised in ICOs through the end of November 2017 (https://www.coindesk.com/ico-tracker/ (last accessed Dec. 7, 2017).  This compares to $250 million raised during the same period in 2016.  The two largest ICOs tracked by Coindesk, Filecoin ($262 million) and Tezos ($232 million), took place in 2017.

[5] Chloe Cornish, Acrimony over $232m ICO set to intensify regulatory scrutiny, Fin. Times, Oct. 26, 2017, https://www.ft.com/content/fcb16026-b45a-11e7-aa26-bb002965bce8.

[6] Caroline Binham, ICO regulation inconsistent as cryptocurrency bubble fears grow, Fin. Times, Nov. 24, 2017, https://www.ft.com/content/32315636-cb01-11e7-ab18-7a9fb7d6163e.

[7] Dave Michaels and Paul Vigna, SEC Chief Fires Warning Shot Against Coin Offerings, Wall St. J., Nov. 9, 2017, https://www.wsj.com/articles/sec-chief-fires-warning-shot-against-coin-offerings-1510247148.