SEC to ICO Players: Our Game, Our Rules

by Schwabe, Williamson & Wyatt PC

Schwabe, Williamson & Wyatt PC

On July 25, 2017, the U.S. Securities and Exchange Commission (the “SEC”) published an investigative report (the “Report”) cautioning market participants that the offer and sale of digital assets such as “coins” or “tokens,” often acquired through a process known as an “initial coin offering” (“ICO”), may be considered securities, thus subjecting them to the requirements of federal securities laws.[1]

Increasingly, developers and entrepreneurs generate and transfer digital assets such as tokens on blockchains. Blockchain technology is a relatively new development and can be a difficult concept to grasp at first. Blockchain, as a concept, is often conflated with Bitcoin and other digital currencies called “cryptocurrencies.” The headlines we see often focus on the more deplorable uses for the technology—using Bitcoin to purchase drugs and weapons, for example.  However, the reality is that Bitcoin and blockchain technology are no different from many other technologies. For example, the dollar itself is used for many purposes, both noble and nefarious. Blockchain technology and its derivatives, like Bitcoin, have the potential to disrupt several sectors of the global economy and the way we live our lives. Because this technology, and the terminology associated with it, is only just beginning to make its way into our collective cognizance, this article first explores two core technological concepts before delving into the SEC’s analysis of ICOs: blockchain and cryptocurrency.


When people think of blockchain, they usually think of Bitcoin. Although it is probable that one would not exist without the other, they are not the same thing. A blockchain is an open, decentralized database of transactions. It is technology with potential use cases in a myriad of forums including currency, property, and even elections. A blockchain’s function is to create a record whose authenticity is verified by a network of computers rather than a central institution. It is special because it brokers trust between multiple parties without facilitation by a third party.

So how does it work?

Think of the last purchase you made—chances are you paid with plastic. You pulled a card out of your wallet and swiped it on a vendor’s console to pay for something. We do not usually think of the few seconds between swiping and getting our receipt as a time when a third party is vouching for our ability to pay, but that is exactly what is happening.  

After you swipe, your account data is routed from the vendor to the vendor’s bank, and then to the payment brand, which then forwards your information to the customer’s bank. The customer’s bank verifies whether the card is valid and that the underlying account has enough funds to cover the transaction. When the customer’s bank verifies that the amount of funds in the account is adequate, it generates an authorization code that is routed back to the card brand before the card brand forwards it to the merchant’s bank.

This system works because the bank ensures that the vendor receives payment for the particular good or service that it is providing to the customer. In other words, it is only after the bank signs off on a transaction that the vendor trusts its customer and completes the transaction. The bank, therefore, acts as a broker of trust. Without this trust, the vendor would be unwilling to release its goods or provide a service because doing so could result in nonpayment. For this trust, the vendor often pays a healthy fee of somewhere between 2-4% of the value of the transaction.

Cryptocurrency transaction chart

A transaction facilitated on a blockchain is different because it is processed on a distributed ledger. What is a distributed ledger, you ask? Think of a spreadsheet that holds all of the relevant details that a bank uses to evaluate your economic condition in processing a transaction—deposits, withdrawals, dates, and times—that is the ledger part. Now, imagine that the spreadsheet is available on a network of computers spread all over the world—that is the distributed part. Instead of requiring a third party, like a bank, to act as the gatekeeper to a person’s economic worthiness, the network processes and validates the transactions. The process goes something like this:

  1. an individual with a network address (an account) and a private key (a password) signs off on a transaction;
  2. the transaction is broadcasted to all of the computers on the network, individually referred to as “nodes”;
  3. the nodes race to review the digital ledger to determine whether the proposed transaction would compute with the other transactions in the ledger, that is, whether the holder of a private key has the requisite amount of a token to cover the transaction and related costs; and
  4. once verified, the individual’s transaction is recorded on a list of other recent transactions that are bundled up in a unit referred to as a block. The blocks are linked together to form a chain of data reflecting the current state of the ledger. As the number of transactions processed on a particular blockchain grows, so do the number of blocks linked together in the blockchain.

Should a person not have enough funds to process a transaction or try to spend the same coin twice, the transaction would fail to be recorded in any block. 

Cryptocurrency transaction chart

Each node on the network provides the computing power to process transactions on a blockchain.  What incentivizes a person to dedicate computing power to processing transactions on a blockchain? There may be many reasons, but the most common is the prospect of obtaining cryptocurrency. Let’s use Bitcoin as an example—when the nodes are done processing a transaction, the node responsible for the validation receives compensation in the form of Bitcoin. The more computing power provided by a particular node, the higher the chances of that node receiving the compensation derived from validating a transaction. This process of computing power allocation to process and validate transactions on a blockchain is referred to as “mining.”


Cryptocurrency, often called “digital currency,” refers to a form of currency based in cryptography; a web-based digital representation of value that functions in some respects as an alternative form of currency.”[2] The Financial Crimes Enforcement Network (FinCEN) refers to digital currency as a form of currency that has many attributes of real currency, except for one: legal tender status in any jurisdiction.[3] Currently, Bitcoin is the most recognized and widely used form of cryptocurrency. However, other forms of cryptocurrency, such as Ethereum’s Ether (“ETH”), with its capability to fuel “smart contracts,” have emerged and are gaining traction in blockchain circles. Like cash, which does not require the exchange of personal data to complete a transaction, cryptocurrency provides a measure of anonymity to a user in that the identities of the parties are encrypted and personal information is not exchanged; rather, the transaction is executed through network addresses and private keys.


Until the SEC issued its report, the advent of the “initial coin offering” presented business promoters with a new, inexpensive method of fundraising to acquire large amounts of capital without the need for the services of lawyers or traditional financial institutions. The process usually involves a company providing a summary of its vision for a specific project and instructions for interested investors to contribute cryptocurrency, such as Bitcoin or Ether, in exchange for the particular company’s token.

For some time, the ICO has represented a boon for developers and investors looking to launch innovative projects and companies; for example, a start-up called “Tezos” raised over $230 million through its ICO. ICOs have also provided swindlers with an amazing opportunity to make a quick buck (or, more often, a quick Ether or Bitcoin) by pretending to launch a new project only to take the “money” and run. Because the ICO space has been largely unregulated and unaddressed, companies utilizing an ICO fundraiser have not been required to provide would-be investors with the types of disclosures that would be required with an offer or sale of more traditional securities; nor have issuers been required to verify or scrutinize the financial sophistication of would-be investors. It is for these reasons that the SEC provided guidance in the Report.       

The Report

In the Report, the SEC set out to answer two specific and interrelated questions: (1) whether DAO Tokens were securities, and (2) whether the federal securities laws were applicable to the offer and sale of DAO Tokens.

(a) The DAO—Background

The Report focuses specifically on a “Decentralized Autonomous Organization” known as “The DAO.” The SEC described a Decentralized Autonomous Organization as a virtual organization that is “embodied in computer code and executed on a distributed ledger or blockchain.”[4]

The DAO was an unincorporated virtual organization founded by UG, a German corporation and its founders.[5] Its objective was to act as a for-profit entity that would fund various “projects.” To obtain the requisite capital to fund these projects, The DAO planned to raise funds and accumulate assets through the sale of digital tokens to investors. Investors holding DAO Tokens were able to vote on whether certain projects would be funded and stood to share in the earnings from the various projects as return on their investment.[6] Additionally, holders of DAO Tokens had the option of liquidating their investment by re-selling their tokens on web-based exchanges that supported a secondary market for digital tokens.

The founders of The DAO and a select number of individuals known as “curators,” whom The DAO touted as experts in Ethereum and related business ventures, held a substantial amount of power and influence in the operation of The DAO. They pre-screened potential projects prior to presenting them to the investors for a vote, essentially acting as gatekeepers to the entire operation. In less than one month, from April to May of 2016, The DAO was able to raise around 12M ETH, then valued at around $150M.

(b) Analysis

In analyzing whether DAO Tokens were securities, the SEC pointed out that the definition of “security” under both Section 2(a)(1) of the Securities Act[7] and Section 3(a)(10) of the Exchange Act[8] includes “investment contracts.” The SEC then outlined just what constitutes an “investment contract” under precedent established in SEC v. W.J. Howey Co., via a test commonly referred to as the “Howey Test.”[9] Under Howey, an investment contract is:

  1. an investment of money in a common enterprise;
  2. with a reasonable expectation of profits;
  3. to be derived from the entrepreneurial or managerial efforts of others.

To get to its conclusion, the SEC addressed each of the enumerated elements in turn.

i. An investment of money

The SEC noted that, although the test uses the word “money” and the investment provided by the investors came in the form of ETH, rather than fiat currency, “[s]uch investment is the type of contribution of value that can create an investment contract under Howey.”[10]

ii. In a common enterprise with a reasonable expectation of profits

The DAO’s governance model allowed investors to vote on whether a particular project would be funded. Once funded, the investors holding DAO Tokens stood to share in the potential profits from these projects. The SEC concluded that token holders invested in a common enterprise in which reasonable investors “would have been motivated, at least in part, by the prospect of profits on their investment.”[11]

iii. Derived from the entrepreneurial or managerial efforts of others

The DAO’s founders and curators were largely responsible for the operation of the enterprise: they determined and monitored the information provided to investors, safeguarded investor funds, and decided whether a proposed project should be put up for a vote by the investors.[12] The investors, therefore, “had little choice but to rely on [the curators’] expertise.”[13] As such, the SEC determined that “DAO token holders relied on the significant managerial efforts provided by and its co-founders, and The DAO’s Curators” to such an extent that they were “essential to the overall success and profitability of any investment into The DAO.[14]

The SEC concluded that the offer and sale of DAO Tokens to investors satisfied the elements of an investment contract. Therefore, DAO Tokens were in fact securities that were subject to the requirements of federal securities laws.

For the first time in blockchain tech’s short history, the SEC classified a blockchain derivative technology as a security, which is subject to the requirements set forth in the federal securities laws. Thus ending what, for a while, was an unhindered gravy train for developers and would-be blockchain entrepreneurs.  

Other Potential Pitfalls

Although the scope of the Report was limited to the status of DAO Tokens as potential securities and the applicability of federal securities laws to those particular digital assets, the SEC pointed out that other aspects of the sale of DAO Tokens may implicate federal securities laws and subject issuers like The DAO to additional requirements.  

For example, the Report does not address whether The DAO was an “investment company” as defined in Section 3(a) of the Investment Company Act.[15] Companies considered investment companies must register with the SEC, unless they fall under an exception or qualify for an exemption from registration.[16]

Typically, a company that issues securities is considered an “investment company” for securities laws purposes when it also: (1) holds itself out as a company that engages primarily in the business of investing, reinvesting, or trading in securities, (2) engages in the business of issuing face amount certificates of the installment type, or (3) engages in the business of investing, reinvesting, owning, holding or trading in securities, and owns investment securities having a value exceeding 40% of the value of the issuer’s total assets on an unconsolidated basis.[17] In holding itself out as an entity in the business of investing, The DAO may very well have crossed into the realm of an unregistered investment company, which could have resulted in serious consequences. For example, The DAO’s contracts would have been rendered unenforceable by virtue of failing to comply with federal securities laws.  

In addition, the Report touches on possible “exchange” level requirements triggered by the secondary market in which DAO Token holders were able to liquidate their investments in stating that the platforms supporting such trading “appear to have satisfied the criteria of Rule 3b-16(a) of the Exchange Act and do not appear to have been excluded from Rule 3b-16(b).”  Under Section 5 of the Exchange Act, it is unlawful for any broker, dealer, or exchange to effect any transaction involving a security, or to report any such transaction, in interstate commerce, directly or indirectly, unless the exchange is registered as a national securities exchange under Section 6 of the Exchange Act.   


On July 25, 2017, the world of blockchain enterprise was put on notice: federal securities laws are far reaching and will apply to offers and sales of securities that have a nexus to the United States, regardless of the method of facilitation or the name of the mechanism by which those securities are offered and sold. Innovation in this space is rapid—ideas and money flow fast. For entrepreneurs and developers in this space, the prospect of slowing the process down to conduct a thorough securities analysis may be tough to digest. However, frontloading the analysis and taking the necessary steps to ensure compliance with securities laws will help to ensure that your company’s fundraising efforts will not put you in the SEC’s crosshairs.

The SEC refrained from pursuing legal action against those responsible for The DAO, likely because they returned the money taken from investors after being hacked in June of 2016.[18] However, since publishing the Report, over two hundred new ICOs have moved forward in their efforts to raise funds—rest assured, the SEC is watching.



[3] Id.

[4] Supra note 1, at 1.

[5] Id.

[6] Id.

[7] 15 U.S.C. § 77a et seq., available at:

[8] 15 U.S. Code § 78a, available at:

[9] 328 U.S. 293 (1946).

[10] Supra note 1 at 11.

[11] Id.

[12] Id.

[13] Id at 12.

[14] Supra note 1, citing SEC v. Glenn W. Turner Enterprises, 474 F.2d 476 (1972)

[15] 15 U.S.C. § 80-1 et seq.

[16] Id.

[17] Id.

[18] See Klint Finley, A $50 Million Hack Just Showed That The DAO Was All Too Human, WIRED MAGAZINE, June 18, 2016, available at: 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Schwabe, Williamson & Wyatt PC | Attorney Advertising

Written by:

Schwabe, Williamson & Wyatt PC

Schwabe, Williamson & Wyatt PC on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.