Tech & Telecom Law News

INSIGHT: Cryptocurrency Regulation in the Crosshairs:
SEC Staff Weighs In, But Is There More Than Meets the Eye?

June 22, 2018, 12:31 PM

The SEC’s Director of the Division of Corporate Finance, William Hinman, very recently shared his views on whether the U.S. Securities and Exchange Commission ("SEC") would likely treat ether or bitcoin — the popular cryptocurrencies — as securities.

Director Hinman’s remarks were part of a speech at the Yahoo Finance All Market Summit event in San Francisco, and follows months of speculation that ether was under regulatory scrutiny for violations of securities laws. News organizations, as well as FinTech and cryptocurrency blogs, jumped on the announcement. (See, e.g., Reuters, U.S. SEC official says ether not a security, price surges; Coindesk, SEC Official Pushes Back on Claims Ether Is a Security; and CNBC, Bitcoin and ether are not securities, but some initial coin offerings may be, SEC official says.)

But, ultimately, it may be necessary to approach the comments with caution and view the remarks as a window into the SEC’s evolving thinking on cryptocurrencies, rather than settled policy. As with all speeches by officers at a government agency, Director Hinman’s speech is qualified with the following statement: “The Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the author’s views and does not necessarily reflect those of the Commission, the Commissioners or other members of the staff.”

The SEC’s announcement appears, on first blush, to be a positive step toward regulatory clarity for certain types of cryptocurrencies and initial coin offerings (“ICOs”). In recent years, as cryptocurrencies have exploded in popularity, utility, and hype, regulators across the globe have struggled with how digital assets should be classified and how companies creating or dealing in them should be regulated.

The announcement suggests how the Division of Corporate Finance intends to approach certain blockchain tokens and ICOs. Most Blockchain token launches and initial coin offerings have all of the hallmarks of investment contracts, including a reasonable expectation that the promoter will build the underlying blockchain network and the investors will earn a profit on selling their tokens in the secondary market (or back to the issuer). However, blockchains that become sufficiently decentralized, such that there is no third party carrying out managerial or entrepreneurial efforts, may find that the SEC no longer views such tokens as a security.

There are, however, significant risks that the principles put forward by Director Hinman will sow further confusion on the topic and not create the clarity sought by market participants. This article discusses some of the potential issues in the SEC’s emphasis on the centralization in the “efforts of others” analysis of the investment contract test, as well as the ambiguities inherent in a standard of based on “sufficient decentralization.” These problems, if not corrected in any anticipated formal guidance from the SEC, could create regulatory constraints on cryptocurrencies which will lead to market uncertainty.

We Won’t Change The Rules, But We Will Apply Them To Cryptocurrencies

For years commentators have predicted that cryptocurrency firms and coin/token holders would be in a for a shock should the SEC determine that cryptocurrencies are securities. Such a determination would mean a significant jump in the regulatory compliance burden of key players in the crypto marketplace—e.g., issuers, exchanges, brokers, and administrators—and could lead to a mass sell-off.

And, indeed, the SEC has signaled that ICOs are generally subject to federal securities regulation and enforcement. This position was put forward by SEC Chairman Clayton at a February 2018 Senate hearing in which he stated that “every ICO I’ve seen is a security.” Over the ensuing months, the rigid stance has softened a bit, with the understanding that some cryptocurrencies are intended as replacements for sovereign currencies and do not fit the definition of a security.

The latest announcement reflects this ongoing evolution of the SEC’s understanding of cryptocurrencies. The SEC intends to apply well-established securities principles to cryptocurrencies and ICOs rather than develop new rules for this new asset class. The SEC’s position, as reflected in its Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO (Release No. 81207 (Jul. 25, 2017) at 11), is that coins will be considered securities if their issuance meets the longstanding definition of investment contracts under the SEC v. W.J. Howey Co. test and its progeny: there is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others. With respect to whether profits are derived from others, the SEC has stated that the central issue is “whether the efforts made by those other than the investor are the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.” (SEC Report at 12.)

Director Hinman’s remarks emphasize that the expectations of purchasers and the role of third parties in generating value in the instrument being sold are the central factors in determining whether a cryptocurrency may be a security, noting that market participants should “[p]rimarily, consider whether a third party—be it a person, entity or coordinated group of actors—drives the expectation of a return.” Hinman opined that such third party criteria does not apply to bitcoin or to ether today, because they lack a central third party whose efforts are primary to determining the value of the cryptocurrency. He explained: “If the network on which the token or coin is to function is sufficiently decentralized—where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts—the assets may not represent an investment contract.”
In what will be seen as welcome relief for the industry, Director Hinman stated the SEC is prepared to issue formal interpretations and provide guidance through no-action letters explaining what the SEC considers the proper characterization of a digital asset.

New Problems For New Tech

Emphasis on Centralization
The focus on the degree of centralization within a cryptocurrency network is, on its face, a rather elegant solution to the question of whether a coin is a security. This approach connects a fundamental element of blockchain technology with a key factor in the legal test for investment contracts. In effect, the SEC’s view is that where the value of a cryptocurrency is driven by centralized management—managerial and entrepreneurial efforts of the third party controlling the coin—it is a security. In contrast, where the operation of the cryptocurrency network is or has become decentralized—there is no third party managing the coin or transactions—it may not be (or it ceases to be) a security. However, raising the degree of centralization to the primary factor in determining whether a coin is a security ignores both the utility aspect of certain centralized blockchains, and the concentration of control that drives the success underlying certain decentralized blockchains.

First, this emphasis on whether a coin is decentralized benefits unpermissioned/public blockchains because they are more likely not to be found to be a security. Decentralized coins rely on public blockchains so that a block can be validated and the blockchain updated without reliance on a central third party. However, many utility tokens make use of permissioned/private blockchains to improve transaction throughput and to ensure that only trusted parties can effect transactions. (See, e.g., Ripple, which is designed as a payment protocol between global financial institutions using the XRP digital asset: https://ripple.com/.) One can surmise from Director Hinman’s speech that utility tokens running on permissioned/private blockchains may never be considered “sufficiently decentralized” to shed their classification as a security due to the underlying consensus protocol of the blockchain network, and not based on the actual nature of the asset, how it is being sold, and the expectations of purchasers.

Secondly, there is scope in the legal tests for an asset not to be considered a security despite the fact that there is a third party overseeing the enterprise. Although utility tokens may rely on designated third parties to effect transactions on the blockchain, it is arguable that value is derived primarily from the functionality of the token and not from managerial efforts of the third party. Yet, under the centralization litmus test, these utility tokens may face an uphill battle in convincing the SEC that they are not a security.

Third, despite the fact that unpermissioned/public blockchains such as Bitcoin and Ethereum are designed to operate in a decentralized manner, the software developers that manage the blockchain’s code continue to oversee development of permissioned and unpermissioned blockchains alike. The block size fork that split bitcoin cash from bitcoin was an effort to increase bitcoin’s scalability, to make bitcoin more attractive to high volume transaction use cases. The imminent introduction of Casper to change the consensus protocol in Ethereum from proof-of-work to proof-of-stake is designed in part to drastically reduce transaction validation times in order to attract use cases with time sensitivity to the Ethereum blockchain. Each such software-driven change in the code underlying the blockchain token was intended to increase the demand for the blockchain network and increase the value of tokens already held. Ironically, the SEC’s first formal pronouncement on cryptocurrency involved a finding that the decentralized DAO fundraise was a security offering and after the hack that diverted millions in raised capital, the software developers behind the DAO created a hard fork that erased the misappropriated ether tokens (and their subsequent transfers). It is hard to imagine a more intrusive action by a central third party to maintain the value of tokens held by investors.

What is “Sufficiently Decentralized”?
In explaining why ether and bitcoin would not be considered securities, Director Hinman describes the coins’ underlying networks as having become “sufficiently decentralized.” This suggests a market where coins can start out life as a security, but, over time and with changes to the structure of the asset and the blockchain, they can become sufficiently decentralized such that purchasers would no longer expect a third party to expend managerial/entrepreneurial effort to drive value. However, this is a complicated concept which raises more questions than it settles.

The uncertainty over whether a token is sufficiently decentralized so as to no longer be considered a security is a major issue for companies that have created a cryptocurrency because of the risk of penalties and enforcement actions. A company deemed to be an issuer of securities would be required to comply with Section 5 of the Securities Act of 1933. (15 U.S.C. § 77a et seq.) Failure to comply with the registration provisions of Section 5 could result in an enforcement action by the SEC, in which case the SEC could seek fines, suspensions, and bars, among other things. Further, a violation of Section 5 gives purchasers a one-year right to rescind their transactions. In such a circumstance, the purchaser may recover the purchase price or the securities, plus interest. Where the determination of whether an asset is or is not a security depends upon the degree of decentralization its underlying blockchain may have achieved, market participants may be reticent to transact in a token where those transactions may be subsequently unwound.

Cryptocurrency research and development is rapid, with even established networks undergoing continuous development of the underlying blockchain. In such an environment, how then are issuers and market participants supposed to accurately determine when a network is “sufficiently decentralized”? Given the significant regulatory obligations in play, there is a real risk that the market will abstain from working with coins until near-certainty is guaranteed on whether the coin is “sufficiently decentralized” so as to no longer be viewed by the SEC as a security. Any SEC formal guidance should tread extremely carefully in order to provide some measure of certainty without placing too heavy a burden on evolving technologies.

Further, numerous coins are likely not to be close to having achieved “sufficient decentralization,” and may be, following Director Hinman’s remarks, considered securities until some time in the future. For now, the SEC’s suggestion to those companies that are unsure of the status of their tokens is to engage with the SEC to seek interpretive guidance on a case-by-case basis. Rather than clarifying the status of digital coins as securities, Director Hinman’s remarks have confirmed that cryptocurrencies remain in regulatory limbo, and absent formal guidance from the SEC, market participants must either themselves determine whether a reasonable purchaser is relying on the efforts of a central third party to drive that coin’s value, or seek no-action letters from the SEC. Ether may have dodged a bullet due to the regulators taking their time in deciding on how they would deal with cryptocurrencies. It is unlikely that many other cryptocurrencies will enjoy these favorable circumstances.


The Division of Corporate Finance’s involvement and engagement in this area is clearly welcomed by market participants. News outlets and blogs are latching onto every development as they try and divine how cryptocurrencies will be treated by the regulators. It is in this context that Director Hinman’s speech must be understood because it represents the strongest indication yet as to where the SEC may be headed with respect to coins and ICOs.

At this stage, however, the announcement is not all good news. Upon reflection, Director Hinman’s remarks raise more questions than answers, particularly with respect to the emphasis on centralization and unpermissioned blockchain technology. Ultimately, until the SEC issues formal guidance on cryptocurrencies, no-action letters and ad hoc SEC staff statements will provide the basis to analyze the full ramifications of the SEC’s position. For now, it is likely that all players in the cryptocurrency market will need to engage carefully with the SEC in order to avoid the many legal pitfalls in determining the present status of any coin as a security.

Matthew Kluchenek and Samuel Kramer are partners in the Chicago office of Baker McKenzie and co-chair the firm’s North American FinTech practice. Patrick Dennien is an associate in the Washington DC office of Baker McKenzie.

To read more articles log in. To learn more about a subscription click here.