The SEC meets decentralization theater with safe harbors for token sales

Those building projects that use a crypto token often complain that U.S. law is holding them back. They argue ominously that if the U.S. doesn’t get with the program, Americans will be left behind, the rest of the world will benefit from the advances that this tech promises and we will get bupkis.   

As a lawyer who represents software developers — crypto and otherwise — I’m sympathetic to the complaints.  

Still, lurking beneath the white papers and utopian claims, this question often bubbles up: why do you actually, technically need a capped number of pre-mined tokens if not to enrich yourself and some lucky early investors? In other words, the token is often a needless bolt-on that is added as an excuse to raise capital to build the thing that the token will run on and in the hearts and minds of the investors (because let’s face it, that’s what they are), it would be really swell if the thing was listed on Kraken and Binance.

This isn't a moral issue, in my mind – it's a legal and policy issue.  If someone wants to exchange their hard-earned dollars for Beep Beep Boop Token, that doesn't violate any commandment I'm aware of and doesn't offend my sensibilities. 

But it might violate human law if not done right.  Right now, the U.S. regulatory landscape here is challenging for token sellers. So far, the only clarity we’ve gotten from the SEC about token sales is that prepaid air mile tokens are fine and the same for similarly structured gaming tokens. These no-action letter responses tell us what we already know, really – a consumptive token that can be bought once a platform is fully functional and can be used there and not traded on secondary markets; not a security, probably.  

There’s the SEC’s framework document, which summarizes the law, sort of, but if you’ve ever tried to apply it to an existing project you know that doing so leaves you with pages of pretzel prose and logic and about as much clarity as when you started. This isn’t the fault of the well-intentioned SEC staff who put the thing together (and who were basically begged to do this by industry participants).

The problem lies in trying to fit the round, slightly oxymoronic peg of “decentralized governance” into the square hole of U.S. securities law. So...what’s the solution?

On the one hand, I loathe telling people to avoid the United States. On the other hand, if you are building a crypto project, have to have a token that will be traded on secondary markets and are selling it before the network is functional, and can’t be bothered to comply with U.S. securities laws, avoiding the U.S. is often really quite advisable. (There’s also the not small issue of registering with states, which people frequently forget too). And don’t get me started on Bank Secrecy Act compliance, which adds a whole ‘nother layer of cost and complexity.  

On the other hand (I have three hands), it's unclear why this one area of technological development needs its own special place and protection in our securities regime. Is crypto entitled to and does it need special pleading, or do special rules end up making new problems?

It’s with these thoughts in mind that I read with great interest SEC Commissioner Hester Peirce’s “Running on Empty: A Proposal to Fill the Gap Between Regulation and Decentralization’”. It’s a very well written and thoughtful speech, that ends with a proposal for a “safe harbor” under the securities act for token sales.  At the same time, it's unclear if it solves problems or potentially create more, at least in its present form.

Peirce explains her underlying motivation as an attempt to give well-intentioned technology innovators a way to develop their projects while not running afoul of the law. She explains that:  "It is important to write rules that well-intentioned people can follow. When we see people struggling to find a way both to comply with the law and accomplish their laudable objectives, we need to ask ourselves whether the law should change to enable them to pursue their efforts in confidence that they are doing so legally."

Peirce's proposal frames the technical problem as a network bootstrapping issue:

"...in order for a network to mature into a functional or decentralized network that is not dependent upon a single person or group to carry out the essential managerial or entrepreneurial efforts, the tokens must be distributed to and freely tradeable by potential users, programmers, and participants in the network. Additionally, secondary trading of the tokens typically provides essential liquidity for the users of the network and aids in the development of the network. The application of the federal securities laws to these transactions frustrates the network’s ability to achieve maturity and prevents the transformation of the token sold as a security to a non-security token functioning on the network."

To resolve this, Peirce proposes a three year safe harbor period where an “Initial Development Team” can issue a token and create a decentralized network subject to an exemption from securities laws registration. To assure purchaser protection, some disclosures are required and sellers are still subject to the anti-fraud protections of U.S. Securities laws.

And to be eligible for the exemption, you have to satisfy four requirements. First, “network maturity” has to be achieved in three years. This is a defined term:

"is the status of a decentralized or functional network that is achieved when the network is either:

(i) Not controlled and is not reasonably likely to be controlled or unilaterally changed by any single person, entity, or group of persons or entities under common control; or

(ii) Functional, as demonstrated by the ability of holders to use tokens for the transmission and storage of value, to prove control over the tokens, to participate in an application running on the network, or in a manner consistent with the utility of the network.

The definition is not meant to preclude network alterations achieved through a predetermined procedure in the source code that uses a consensus mechanism and approval of network participants."

Here's where things get squidgy. This definition packs a lot of subjectivity into a small space and raises plenty of questions.

It is unclear what it means for a network to not be “controlled” or “reasonably likely to be controlled” by “[a] single person, entity, or group of persons or entities under common control.” Is there any current crypto project that this actually applies to at this particular historical moment? If this is adopted one imagines a decent amount of litigation over what these terms actually mean. If 3 companies or individuals control 90 percent of the mining power for a proof-of-work project, is that sufficiently decentralized to meet this standard? What about 5? What about 10? Who will decide this? When? What happens at the end of three years if network maturity isn't reached?  Do you have to give the money back? Register? What about tokens already in circulation and being traded? If they are now securities can they still be traded on the non-broker-dealer, non-securities exchanges where they are being traded? If not, doesn't this hurt the retail investors that this was supposed to protect?

The proposal also includes a disclosure requirement for projects that wish to rely on the exemption. They will have to disclose certain types of information to potential token buyers. This includes a description of the project’s “token economics,” which is a fancy way of describing issuance, distribution and “governance”, among other things. While (again) well-intentioned, the disclosure requirement reads like a whitepaper outline and it’s certainly possible could lead to a new cottage industry of whitepaper drafters, as in the 2017/18 ICO craze. The exemption doesn’t preclude the application of anti-fraud laws, so careless drafting by unqualified people could create legal problems for people, but saving money is often an incentive for people to cut corners in ways that are probably unwise.

Bottom line: the rule seems primarily designed to give people the ability to sell tokens to raise money to build a thing that doesn’t exist. Thus, the third requirement is that “The token must be offered and sold for the purpose of facilitating access to, participation on, or the development of the network.”

Note the use of the word or:  the requirement can be satisfied if you are selling tokens to facilitate the “development of the network”. That is, the primary purpose of the token can be as an investment. This is consistent with requirement 4, which is that the developers “use reasonable attempts” to “develop liquidity” for the token, including listing on secondary markets. I also note that a separate section of the proposed rule change exempts from the definitions of “exchange”, “broker” and “dealer” tokens that are issued subject to this exemption.

So...I have no idea if this rule will be adopted in its current form or as amended.

It pretty clearly did not just appear from the head of Athena but saw some heavy input from the industry. As far as I can tell, this presents a potentially great way for people to raise tons of money selling digital tokens that don’t have any actual utility. If you can “sufficiently decentralize” your project in three years and, in the meantime, get your tokens listed on an exchange, it’d be a nifty way to make a lot of money if you keep a slug of those tokens for yourself. While anti-fraud protections remain – exemption notwithstanding – if adopted, this proposal will lead to a new gold rush of token sales and more than a few opportunities for suckers to be parted from their money.

Is there another way? Sure. People can raise money the old fashioned way, with debt or equity. Use that money to build a network, decentralized or not. Open source the code if you like. When the network is launched, you issue your tokens.

Now, I get it: that doesn't solve the bootstrap problem — how do you get people to use your token if they don’t already have your token? But maybe this is a utility and marketing problem, not a securities law issue. It’s hard to get people to use new things — whether they’re solar-powered herring fryers or duck delivery apps. Build useful things that people want — sell products and services. If your token gives people access to those things: poof, securities law problems disappear, like tears in the rain.

Whether this proposal has legs and will end up being adopted remains to be seen. It is well-intentioned and in response to demand from the industry.

That said, tying the status of an asset to its degree of decentralization after it has been bought, sold and distributed as an investment vehicle could create as many problems as the proposal seeks to solve.