The Securities and Exchange Commission’s (SEC or Commission) November 16 announcement charging two cryptocurrency companies—CarrierEQ Inc. (d/b/a Airfox) and Paragon Coin Inc. (Paragon)—with conducting an initial coin offering (ICO) in violation of the securities registration rules should not come as a surprise to those in the industry. The SEC has repeatedly emphasized that issuers of securities—even those based on a blockchain or distributed ledger technology—must register such securities or comply with an applicable exemption from registration under the Securities Act of 1933 (the Securities Act). The Airfox and Paragon orders explain when the SEC will determine that a token offering constitutes a security, and the remedial measures that the SEC may require for token offerings that do not comply with the Securities Act. Following the announcement, the Commission’s divisions also put out a public statement outlining their views on digital asset securities issuance and trading. We view these actions as signals that the Commission is likely to ramp up its efforts to enforce the securities laws in the weeks and months to come.

As further discussed below, the Airfox and Paragon orders are noteworthy for indicating that there will be no free passes from enforcement for securities law non-compliance for any ICOs that occurred subsequent to the publication of the SEC’s July 2017 DAO Report and involved the offering of securities. It also is important to note the Commission effectively treated the DAO Report as the sufficient legal notice to the industry of securities law requirements even though the features of the Airfox and Paragon tokens were distinguishable from the DAO tokens. The Airfox and Paragon tokens did not, like the DAO tokens, confer equity interests and voting rights in an enterprise, but, rather, were offered to be a medium of exchange in each issuer’s ecosystem of goods and services. The orders also are noteworthy for establishing a regulatory process that can preserve the legality and value of the tokens going forward, rather than declaring them a worthless legal nullity.

Significantly, these ICOs also predated the SEC’s December 2017 settlement order against Munchee, Inc. (Munchee), which was the first time the agency announced that purely “ecosystem” tokens also could be securities. These orders effectively reiterate the Munchee analysis in applying the Howey Test. Thus, the SEC seems to be of the view that any issuance of such tokens after the DAO Report that did not comply with the requirements for securities offerings and secondary sales could face legal jeopardy for non-compliance. Such issuers will need to evaluate whether and how best to approach the SEC on these subjects.

Airfox and Paragon Settle SEC Registration Charges

On November 16, the SEC settled charges against Airfox and Paragon for failing to register tokens issued through ICOs in 2017 after the Commission warned the public in its DAO Report and Munchee cease-and-desist order that such offerings could be considered securities offerings. The settled orders against Airfox and Paragon—whose tokens issued through these two ICOs the SEC determined to be securities—require each company to pay monetary penalties, register the tokens as securities, and file periodic reports with the Commission. The companies also have agreed to conduct a claims recovery process for investors who purchased the tokens in the illegal offerings. Airfox and Paragon consented to the orders without admitting or denying the findings.

Airfox is a Massachusetts-based business that sold 1.06 billion AirTokens to more than 2,500 investors through an ICO. The ICO raised roughly $15 million for the stated purpose of creating and expanding an ecosystem where prepaid mobile phone users earn free or discounted data by interacting with ads. Airfox told its investors the new functionalities would be added over time, including the ability to transfer AirTokens between users, and, eventually, to use the tokens to buy and sells goods and services beyond mobile data. Airfox further advertised that the AirTokens would increase in value as a result of its efforts, and that Airfox would work to provide investors with the ability to trade the tokens on secondary markets.

Paragon is an online entity that sold PRG tokens to over 8,000 investors and raised approximately $12 million to develop and implement its plan to add blockchain technology to the cannabis industry and work towards legalizing cannabis. In its offering, Paragon described how the PRG tokens would increase in value as a result of Paragon’s efforts to create an “ecosystem” and that the tokens would be traded on secondary markets.

The Commission determined that both the AirTokens and PRG tokens were “securities” pursuant to the Howey Test and subsequent case law summarized in the DAO Report. It reasoned that purchasers in the offering would have had a reasonable expectation of obtaining future profit based on the companies’ efforts, which included the building out of the “ecosystem” where the tokens could be used so as to increase their value. The SEC charged Airfox and Paragon with violating Sections 5(a) and 5(c) of the Securities Act for offering and selling securities without first registering them as such or qualifying for an exemption from registration.

Both companies agreed, among other undertakings, to pay $250,000 in penalties, register the tokens as securities under Section 12(g) of the Securities Exchange Act of 1934 (Exchange Act), and file periodic reports with the Commission for at least one year. Registration of securities under Section 12(g) is accomplished by filing Form 10 with the Commission. The information required in Form 10 is similar to that which is required in Form S-1 (typically used for an initial public offering), with the exception of those disclosures that pertain to a securities offering. In addition, the Commission is permitting both companies to conduct an unregistered claims recovery process in lieu of registered rescission offerings. These processes still require the distribution of notices and claims forms approved by the SEC, and provide a three-month period for potential claimants to submit claims for losses from tokens purchased in the ICOs. The companies will be required to report to the SEC on their handling of the claims.

Unlike the first non-fraud ICO registration case against Munchee, which did not impose penalties and involved a simple refund of money to purchasers, the orders against Airfox and Paragon are the first non-fraud ICO registration cases to impose monetary penalties and require the securities to be registered with the Commission. The SEC did not impose penalties or include undertakings from Munchee because Munchee stopped its offering before delivering any tokens and promptly returned proceeds to its investors.

The orders against Airfox and Paragon are nearly identical, and demonstrate the SEC’s current thinking in applying the Howey Test to issuers who have sought to develop “ecosystems” around ICOs tokens. The orders note that the ICO purchasers in both cases had a reasonable expectation of profits, and that such profits would be derived from the significant entrepreneurial and managerial efforts of others who were to create the ecosystem.

As further explained below, though, the Commission did not choose to shut these offerings down completely. Rather, it has given the two companies the opportunity to provide their investors with the information they would have received if Airfox and Paragon had registered the tokens as securities prior to their offer and sale. Investors will be able to decide whether to partake in the claims process or continue to hold their tokens. The restraint the Commission applied here suggests it wants to encourage registration of tokens deemed to be securities over remedies that might completely stifle innovation. It still will not, however, excuse non-compliance with the federal securities laws.

SEC Continues to Apply Its Securities Laws

Underscoring the Commission’s seriousness in policing the issuance and sale of security tokens that are not properly registered or exempt from registration under the Securities Act, shortly after it announced the Airfox and Paragon settlements, the SEC Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets (the Divisions) issued a joint statement summarizing their views on digital asset securities issuance and trading, generally. The statement covered: (1) initial offers and sales of digital asset securities (including security tokens issued in ICOs); (2) investment vehicles investing in digital asset securities and those who advise others about investing in these securities; and (3) secondary market trading of digital asset securities.

In the statement, the Divisions first discussed the Airfox and Paragon settled orders and highlighted the monetary penalties and required undertakings imposed on the two companies. The statement notes the importance of the fact the investors in the two ICOs will soon receive the type of information they would have received had the ICOs been conducted in compliance with the Securities Act in the first place. Registration of the securities under Section 12(g) of the Exchange Act will lead to periodic reporting obligations. In allowing the offerings to continue if they become registered (rather than shutting them down completely), the Divisions suggest that they are willing to work with issuers to become compliant with the federal securities laws going forward.

Next, the Divisions reviewed the September 2018 order against Crypto Asset Management, LP, finding that the manager of a hedge fund formed for the purpose of investing in digital assets had improperly failed to register the fund as an investment company under the Investment Company Act of 1940 (Investment Company Act). The order also found that the fund’s manager was an investment adviser, and had violated the antifraud provisions of the Investment Advisers Act of 1940 (Advisers Act) by making misleading statements to investors. The statement reminds investment vehicles and those who advise others about investing to be aware of registration, regulatory, and fiduciary obligations under the Investment Company Act and the Advisers Act.

Finally, the Divisions discussed secondary market trading of digital asset securities, and, specifically, securities exchange and broker-dealer registration requirements. With respect to securities exchange registration, the statement revisits the Commission’s November 8 order against EtherDelta, which found that the company operated an unregistered securities exchange. EtherDelta provided a marketplace for bringing together buyers and sellers for digital asset securities through the combined use of an order book, a website that displayed orders, and a smart contract run on the Ethereum blockchain. (Read more about the EtherDelta order in our Steptoe Blockchain Blog post here.)

The statement asserts that the staff will apply a “functional approach” in determining whether a system constitutes an exchange under Exchange Act Rule 3b-16. The parameters of this functional approach, though, are less clear. The Divisions say that “. . . activity that actually occurs between the buyers and sellers—and not the kind of technology or the terminology used by the entity operating or promoting the system—determines whether the system operates as a marketplace and meets the criteria of an exchange.”  Additionally, they say the analysis of whether a system is an exchange also includes “an assessment of the totality of activities and technology used to bring together orders of multiple buyers and sellers using ‘established non-discretionary methods’ under which such orders interact.”

Few would disagree with these positions and the statement does little to explain how the Divisions will apply its functional approach. For example, the statement continues, “[A]n entity that provides an algorithm . . . as a means to bring together or execute orders could be providing a trading facility” (emphasis added). It also says that if an entity arranges for other entities to provide the functions of a trading system that meet the definition of an exchange, “the entity arranging the collective efforts could be considered to have established an exchange” (emphasis added).

At this stage in the development of platforms trading digital assets, it would be helpful if the Divisions’ staff could be more precise in delineating between exchange and non-exchange activities, such as what types of algorithms would—and would not—constitute a trading facility, or how the exchange definition applies in a decentralized environment, in which the various functions of bringing together multiple buyers and sellers of securities are provided by distinct, unaffiliated third parties.

With respect to broker-dealer registration, the Divisions also describe the “functional approach” the Commission will take (i.e., taking into account the relevant facts and circumstances irrespective of how the entity characterizes itself or its activities or technologies) in determining whether an entity meets the definition of a broker or dealer under Section 3(a) of the Exchange Act. The statement cites to the September 2018 order against TokenLot LLC to illustrate the application of the broker-dealer registration requirements to entities trading or facilitating transactions in digital assets that are securities, even if the platforms or applications do not meet the definition of an exchange. TokenLot operated as a self-described “ICO superstore” where investors could purchase digital assets during or after an ICO. Its brokerage activities included marketing and facilitating the sale of the digital assets, accepting investors’ orders and payment, and enabling the disbursement of proceeds to the issuers. The Commission also found that TokenLot acted as a dealer by regularly purchasing and then reselling digital tokens (presumably deemed to be securities) for accounts in its name.

Overall, the Divisions’ statement is a user-friendly compilation of recent Commission efforts pertaining to digital asset securities, and the staff should be commended for their efforts to improve communication with the blockchain and cryptocurrency community. Like many prior announcements, however, the statement leaves a number of critical questions unanswered. Among the most important unaddressed topics are (1) how registered broker-dealers can custody digital assets; and (2) how platforms that trade ICO tokens that are securities, or that were (but no longer are) securities, should manage their regulatory liabilities, compliance, and remediation efforts.