In this article we discuss a number of lessons that we believe issuers of digital tokens can draw from recent enforcement actions brought by federal and state securities regulators. But we first need to define the perimeter we will be covering.
There has been a veritable explosion of U.S. regulatory activity in the blockchain-based digital assets space over the past two months. We are going to focus on enforcement actions brought by U.S. state and federal securities regulators. In a subsequent article, we plan to analyze developments in commodities and derivatives regulation and the recent activities of the CFTC.There has been a veritable explosion of U.S. regulatory activity in the #blockchain-based digital assets space over the past two months #ICOClick To Tweet
Also, we won’t discuss the remarks that CoinDesk reports that SEC Chairman Jay Clayton recently made at Princeton University, where he largely reaffirmed existing positions. While he did state that a token can evolve from a security into a non-security, which is novel, he did not elaborate regarding the circumstances under which this might occur, leaving market participants without any guidance on how to achieve this.
Finally, because we are focused primarily on issuers of tokens, we will not discuss the New York Attorney General’s (NYAG’s) recently announced Virtual Markets Integrity Initiative, which the NYAG inaugurated by sending questionnaires concerning trading policies and procedures to 13 cryptocurrency exchanges. We restrict our scope to issuers in order to avoid losing focus – exchanges and other financial intermediaries are a whole different ballgame, so to speak.
Having defined our perimeter, we now dive into our analysis!
The Securities and Exchange Commission
The SEC has been quite active in the blockchain-based digital assets space over the past two months. The Wall Street Journal reported in late February that the SEC had quietly sent a wave of subpoenas to market participants in the Initial Coin Offering (ICO) space. There have been numerous discussions between the SEC and ICO issuers behind the scenes or in private, but since such correspondence is by nature non-public, we can’t analyze it here. Publicly, much of the SEC’s attention has been focused on intermediaries, such as exchanges. In late February, the SEC brought a case against an unregistered securities exchange (Bitfunder ) and its operator, Jon E. Montroll, alleging fraud and registration violations.
In early March, the SEC released a Public Statement warning online token trading platforms that they may be unregistered securities exchanges.
With respect to token issuers, however, the SEC’s publicly-disclosed activities have been less numerous. On April 2, 2018 it charged the principals of a token issuer called Centra Coin that had conducted an ICO with fraud and registration violations.
This is a relatively straightforward fraud case involving a number of alleged misrepresentations – Centra claimed to have created a cryptocurrency debit card that, because of partnerships with Visa and Mastercard, could be used anywhere throughout those card companies’ vast worldwide merchant networks.
However, the SEC alleges this was a wholesale fabrication – no debit card had been developed, and no such partnerships with major card network ever existed. The SEC also alleges the promoters created fictional personas of key management figures – creating fake LinkedIn profiles featuring prestigious (made up) credentials for a “Michael Edwards”, Centra’s alleged CEO and co-founder, and “Jessica Robinson”, the purported CFO.
The SEC alleged neither Edwards nor Robinson was a real person. Furthermore, the promoters claimed investors would be paid a 0.8% dividend based on the purported “revenue share” agreement with Visa and Mastercard – but this was just another lie, according to the SEC. Finally, the SEC charged that Centra’s ICO was an unregistered securities offering and so Centra violated §5 of the Securities Act of 1933.
As noted previously, this is largely a straightforward fraud case, so for non-fraudulent token issuers conducting ICOs, it doesn’t really add much to what is already known: (1) don’t lie, and (2) treat your ICO as a securities offering and either register it with the SEC or qualify for an exemption.
The SEC here conclusory stated, without giving any explanation or discussing the Howey factors, that “[t]he investments offered during the Centra ICO were ‟securitiesˮ within the meaning of… the Securities Act and… the Exchange Act.”
Conducting our own analysis, the 0.8% dividend that the promoters (fraudulently, according to the SEC) promised would be paid to Centra token holders out of the “revenue share” agreement with the card networks clearly resembles a feature associated with an “investment contract”, i.e. a security.
Also, the expectation of profits “from the efforts of others” prong of the Howey test appears easily satisfied – the ICO marketing materials urged potential token purchasers to “join our success and mission while generating a profit.” The individual defendants, Trapani, Sharma, and Farkas conducted the lion’s share of the ICO’s marketing themselves, by dreaming up the scheme as a whole, making up the Visa and Mastercard partnerships, and drafting promotional materials, creating and maintaining a social media presence, fabricating the personas of Michael Edwards and Jessica Robinson, securing celebrity endorsements, etc.
Any profits accruing to buyers of tokens in the ICO from appreciation in the token’s value derived largely from Sharma’s and Farkas’ promotional and entrepreneurial efforts, and such token buyers were part of a common enterprise, both with respect to Sharma and Farkas as well as with respect to each other. Given these circumstances, perhaps the SEC thought its position was strong enough that it was unnecessary to engage in a formal Howey analysis.
We next turn to two of the most assertive securities regulators at the state level, the Massachusetts Securities Division and the Texas State Securities Board, to see if there are any lessons for token issuers from their activities.
Massachusetts’ securities regulator, the Securities Division of the Office of the Secretary of the Commonwealth (“Securities Division”), has been very persistent in terms of enforcing Massachusetts securities law in the virtual currency space.
Following in the SEC’s footsteps, in late March, 2018, the Securities Division decided to conduct its own “ICO Cryptocurrency Sweep” that resulted in a series of consent orders against the issuers of 5 ICOs. None of the issuers had either registered with the Securities Division, or complied with a state-law registration exemption, which was the basis of the enforcement actions.
However, no charges of fraud were levied against the issuers. The outcome was that, in most cases, the ICOs terminated, with the issuers required to offer rescission rights to investors, as well as banned from conducting future securities offerings (including future ICOs or token offerings) in Massachusetts without first notifying the Securities Division.
One case – In the Matter of Sparkco, Inc. d/b/a Librium – is particularly notable, because it offers lessons on how a common market practice can result in liability. In Sparkco the issuer tried to limit the sale of the tokens solely to persons outside the U.S., or to accredited investors within the U.S, in reliance on (federal) Regulation D and Regulation S respectively, without triggering registration requirements.
This is the route that many ICOs which attempt to comply with U.S. securities laws have taken. When you sell tokens to persons in the U.S. and meet the requirements of the federal Regulation D private offering exemption, state law registration requirements are preempted, meaning they do not apply.
However, to get the benefit of federal preemption, the issuer must actually and successfully comply with Regulation D – a mere attempt at qualifying for Regulation D that is unsuccessful is ineffective to preempt state law registration requirements, as many courts have held.
Furthermore, even if state registration requirements are preempted and inapplicable, states often impose additional requirements – commonly, to file a notice of the Regulation D offering with the state securities regulator, pay a fee, and consent to service of process in that state – that issuers must comply with. (Note: State securities laws are sometimes referred to as “blue sky laws”)Massachusetts' securities regulator, the Securities Division of the Office of the Secretary of the Commonwealth, has been very persistent in terms of enforcing Massachusetts securities law in the virtual currency space #ICOClick To Tweet
We don’t know the reason why Sparkco’s attempt to comply with Regulation D strategy was not successful, because the description of the facts in the Sparkco consent order is extremely sparse and the order itself offers no details. However, one possibility is that Sparkco’s proprietary compliance software did not work as intended, whether due to faulty design, technical failures that led it to not work properly, or some other reason, thereby allowing non-qualified U.S. investors to participate in the ICO. The Securities Division noted that:
“Sparkco had built an automated web-based tool for use during a sale of [the tokens] with the specific
ability to verify the purchaser of … tokens as fitting the specified qualifications of… an “Accredited
Investor” and or [sic] being a “Foreign Investor.””
Had Sparkco’s automated compliance software worked properly and ensured that every one of Sparkco’s sales to U.S. investors been made in compliance with Regulation D, it would not have been subject to Massachusetts registration requirements. Another possibility is that Massachusetts investors were allowed to participate in the Regulation S-only (outside the U.S.) offering – which actually happened in a different Massachusetts case that we discuss below.
A technical glitch in automated compliance software is not the only possible explanation for why Sparkco failed to qualify for Regulation D. For instance, another requirement imposed by Regulation D is that the issuer file a Form D with the SEC within 15 days after it first starts selling securities in an exempt offering. Sparkco does not appear to have done so.
Without filing a Form D, Sparkco would not have conducted a valid Regulation D offering, and therefore would not be entitled to federal preemption of Massachusetts registration requirements.
Furthermore, even if an issuer conducts a valid Regulation D offering and therefore avoids state law registration requirements, many states – including Massachusetts – require issuers to meet certain additional requirements, such as to file a notice with the state securities regulator, pay a filing fee, and consent to service in their state, among others. Even assuming Sparkco conducted a valid federal Regulation D offering, Sparkco does not appear to have complied with these additional “blue sky” requirements under state law, which is another thing that could have exposed Sparkco to liability in Massachusetts. Ultimately, given the imperfect factual development in the Sparkco Consent Order, we can only speculate.
As noted above, Sparkco is not the only case where the fallibility or inadequacy of compliance software (potentially) caused a violation of securities law.
An earlier Massachusetts Securities Division enforcement action, In the Matter of Caviar and Kirill Bensonoff, also involved a compliance software failure.
In Caviar, an ICO issuer conducted an ICO that relied on excluding all U.S. investors to avoid the registration requirements of the U.S. securities laws. The issuer hired a third party vendor to supply software that would screen out U.S. persons “based on criteria such as a prospective purchaser’s IP address” and the geolocation information derived from it. Potential purchasers with U.S. IP addresses identified by the software were required to upload government-issued photo identification, which would be reviewed manually by the ICO issuer’s personnel and, if necessary, prohibited from participating in the ICO.
The Securities Division found that these safeguards were not enough, based on the fact that;
“Caviar’s identity verification procedures are relatively easy to circumvent, and inadequate to prevent the sale of Caviar tokens to Massachusetts investors.”
As evidence of this, at least two U.S. investors, including a Massachusetts-based investigator employed by the Securities Division who gave the name of a “popular cartoon character” that did not match the photo ID that the investigator provided, were nevertheless approved following a personal review by Caviar.
The Sparkco and Caviar enforcement actions should serve as a reminder to ICO issuers who intend to rely on automated compliance software that they need to take exacting pains to ensure that the software works exactly as it is supposed to, and that it is not “relatively easy to circumvent” by ineligible investors.
Sparkco also raises the issue of needing to satisfy with all aspects of Regulation D – such as the requirement to file a Form D within 15 days of the first sale. Failing to qualify for the federal Regulation D registration exemption has dire consequences, as it exposes the issuer to the need to follow the registration requirements in each state in which the securities are offered. Furthermore, even if an issuer does validly comply with Regulation D, most states still impose other “blue sky” requirements – e.g. notice filings, filing fee, and consent to service of process in the state – which, although less substantive, must nevertheless be complied with.
Like Massachusetts, Texas’ State Securities Board (the “TSSB”) has also launched a crackdown of its own against blockchain-based digital asset issuers. On April 10 it released a report (the “TSSB Report”) describing the findings of a four-week investigation it conducted, starting in December 2017, into “securities offerings tied to virtual currencies.”
We think the TSSB has been remarkably active in the virtual currency realm. During the investigation itself, it opened 32 investigations into promoters of virtual currencies, contributing to the TSSB’s cumulative total of about 60 investigations since September 2017, out of which seven enforcement actions have developed. The natural question that emerges, though, is why did only some TSSB investigations turn into enforcement actions, while others avoided that outcome? What factors or conduct does the TSSB view as meriting the conversion of an investigative file into an enforcement action?
In answering this question, the best place to start is the issue of jurisdiction. In this connection, the TSSB stressed that “[i]t is important to note” the following distinction:
[T]he TSSB is not regulating the cryptocurrencies themselves, only the investments that claim to use virtual currencies in an investment program. [Emphasis added.]
The TSSB therefore appears to draw a distinction between decentralized cryptocurrencies like Bitcoin, which would typically be outside its jurisdiction, on the one hand, and, on the other, cases where decentralized virtual currencies like Bitcoin are used as part of an investment program, in which case such investment programs would be within the TSSB’s jurisdiction.
What does the TSSB think an investment program – a security – based on an otherwise non-jurisdictional commodity (e.g. Bitcoin), looks like?
The answer seems to be that the promoter is offering a return generated primarily by its own efforts – whether by mining, lending, trading, or guaranteeing investors a profitable return. It stands to reason that the TSSB would likely not consider pure Bitcoin spot transfers, conducted on a principal to principal basis (as opposed to trading conducted through an investment manager or financial intermediary), as being within its jurisdiction.
In the USI Tech case, the promoters promised to pay investors a 1% daily return using value generated by the venture’s “interest in a series of Bitcoin mining contracts.”Like Massachusetts, Texas' State Securities Board has also launched a crackdown of its own against #blockchain-based digital asset issuers #ICOClick To Tweet
In the LeadInvest case, the promoters offered three cryptocurrency-related investments – a cryptocurrency trading program where profits would be derived from trading gains; a Bitcoin mining program whose profits would arise from mining new Bitcoin; and a fiat lending program, where investors would lend fiat, which the promoters would onward lend to borrowers as fiat or after converting to Bitcoin, in exchange for periodic payments of interest and principal.
In the Financial Freedom Club / 911MoneyStore case, investors would invest fiat, their funds would be pooled, and then the pool operator would purchase cryptocurrency investments and pay investors from the proceeds generated therefrom.
In the Davorcoin and Bitconnect cases, the instruments themselves purported to be decentralized virtual currencies, but the issuers offered “lending programs” whereby the investors would use Bitcoin to purchase Davorcoin or BitConnect Coins, and then would purportedly lend their newly-acquired Davorcoin or BitConnect Coins back to the issuers in exchange for a specified interest rate (in BitConnect’s case, up to 40% per month, plus additional daily interest).
Apart from the role of the promoter or issuer in generating profits, other factors which seemed to draw the TSSB’s attention include, for example (the following is not an exhaustive list):
- Unregistered Sales Agents/Referrals. Out of the 32 cryptocurrency schemes the TSSB investigated during the period covered by the TSSB Report, six of them actively recruited members of the public to become unlicensed sales agents, or paid them for referrals, without requiring them to first pass a competency exam or undergo a background check, as licensed securities professionals typically are required to in Texas. Yet, of the TSSB’s total of seven enforcement actions, no less than five (USI Tech, R2B Coin, LeadInvest, BitConnect, and DavorCoin) targeted investment programs that used these practices.
- Outrageous Profitability Claims. Claims of “outrageous” profitability were commonplace, whether in connection with the cryptocurrency being marketed (e.g. BitConnect’s 40% monthly profit claim), or based on an analogy to an unrelated cryptocurrency such as Bitcoin. As an example of the first tactic, the promoters of R2B Coin claimed that “r2b coin [sic], if you study the history, only goes one way, and that’s up… [w]e’re only going up… [w]e never go down in value.” In terms of the second tactic, that of drawing analogies with an unrelated cryptocurrency, the TSSB noted that “[m]any solicitations played on bitcoin’s sharp increase in price, even though the investment being marketed to investors had nothing to do with bitcoin”, for the purpose of making investors fearful of missing out on the present opportunity. The TSSB stated that such a marketing tactic is misleading because it ignores the inherent risks of investing in virtual currencies, such as pricing volatility, hacks or theft, or the impact of tighter regulation.
- No Address. Out of 32 investigations, the TSSB found that only 11 promoters provided investors with their physical address, with the other 21 only existing solely in cyberspace, leaving investors with no way to locate a promoter to serve legal process on in case of fraud.
- Lying about Management Team. In the most egregious example, the promoter in LeadInvest passed off photos of random, entirely-unaffiliated persons as members of their (fictional) management team. For instance, the “CodeOfEthics [sic] Association” of LeadInvest was accompanied by a photo of U.S. Supreme Court Justice Ruth Bader Ginsburg together with a number of former U.S. Solicitors General, none of whom were actually associated with LeadInvest in any capacity. Although these actions are as ridiculous as they are reprehensible, they do serve as a reminder to entities engaging in token offerings that they need to accurately depict the biographies and prior experience of their management teams. For instance, it is common practice in the ICO industry to list prominent persons as “advisors”, while remaining vague about the details of their actual involvement. To avoid misleading investors, if such advisors are not expected to devote their full time to the company’s affairs, have substantial outside time commitments, or have positions with competing companies which could create conflicts of interest, among other things, these and similar material facts should probably be disclosed to potential investors.
To sum up, this article analyzed recent enforcement activity by state and federal securities regulatory agencies. Be sure to stay tuned for our next article, which will focus on developments in commodities and derivatives regulation and the recent activities of the CFTC!
David Felsenthal is a partner at Clifford Chance, resident in the firm’s New York office. His practice focuses on trading, structured transactions, fintech and financial regulation. He has worked extensively on a range of derivatives – including derivatives linked to credit, foreign exchange, interest rates and equities – and other financial transactions, such as structured securities, repos and securities lending. His Fintech experience involves blockchain, shared ledgers and Regtech.
Jesse Overall is an associate at Clifford Chance. He represents issuers and underwriters in public and private initial and follow-on offerings of equity and debt securities, banks and hedge funds in secondary market par and distressed debt trading, and sponsors of and liquidity providers to securitization vehicles in connection with transactions and regulation applicable to their activities. While in law school at Georgetown, Jesse served as a two-semester intern at the CFTC, in the Divisions of Swap Dealer and Intermediary Oversight and Enforcement, and as a two-semester intern at the SEC, in the Division of Corporation Finance and in the Office of International Affairs.