The SEC cracks down on two ICOs, creating a template for future enforcement

There was huge news on the ICO/token sale front from the SEC on Friday regarding two initial coin offering (ICO) issuers. Let’s break it down.

What happened? Cease-and-desist orders were entered under the Securities Act of 1933 against two companies that raised money in token sales in late 2017. The SEC says:

(1) each company’s token was a security

(2) each broke U.S. securities laws because they

(a) failed to register with the SEC

(b) did not qualify for an exemption

Who are the companies?  Here is how the orders describe them:

• “Paragon is an entity, established in July 2017, to ‘deploy a suite of blockchain enabled products to organize, systemize and bring verification and stability to the cannabis industry.'”
• Airfox was “[a]s of August 2017 … a Massachusetts business that sold technology to mobile telecommunications companies” that allowed people to earn free or discounted airtime by watching advertisements. In August 2017, Airfox 'developed a business plan that included raising capital through the sale of AirTokens, and then introducing a mobile application that would allow users to earn AirTokens, exchange them for free or discounted mobile data and, ultimately, other goods and services.'”

How much money did they raise?  Airfox raised $15 million in its ICO. Paragon raised $12 million.

If you sell securities in interstate commerce in the U.S. you have to register with the SEC unless you fall within an exemption. Neither Airfox nor Paragon did this. That’s what these two orders and the remedies they impose deal with.

What are the implications? A number of things jump out about these two orders:

(1) A template: They are nearly identical in structure. In a number of sections the language is identical. The introductory paragraphs are exactly the same language, including the same initial footnote. The same is true of the language describing the remedial actions and penalties at the end of each order. In short, the SEC has developed or appears to be developing a template for ICO enforcement.

It is not very difficult once there is an enforcement template in place to look down the list of tokens on www.coinmarketcap.com and start instituting boilerplate enforcement actions against issuers with a U.S. nexus.

(2) Publicly available information: Each order provides a detailed factual record derived in substantial measure from the ICO white papers, social media comments, websites, and a large record of public statements. The SEC had these folks dead to rights based on things that were easily available in the public.  This was entirely predictable and some of us predicted it.

(3) Functionality did not exist: In both cases, the token sale was used to raise money for functionality that did not exist and that would only exist once built using token sale proceeds. For example, in the case of Airfox, the SEC observes:

“The terms of Airfox’s initial coin offering purported to require purchasers to agree that they were buying AirTokens for their utility as a medium of exchange for mobile airtime, and not as an investment or a security.  At the time of the ICO, this functionality was not available. Rather, the Airfox App was a prototype that only enabled users to earn and redeem loyalty points, which could be exchanged for mobile airtime. According to the company, the prototype was “really just for the ICO and just for investment purposes so people know ... how it’s going to work” and “[did not] have any real users” at the time of the ICO. Despite the reference to AirTokens as a medium of exchange, at the time of the ICO, investors purchased AirTokens based upon anticipation that the value of the tokens would rise through Airfox’s future managerial and entrepreneurial efforts.”

(4) An "ecosystem" is not not a defense: Both projects promised to build an “ecosystem” that would give the token value. “But it’s an ecosystem,” it seems, is not a defense to a securities enforcement action. Similarly, calling something a “utility token” doesn’t fool anyone either (see (3) above).

(5) Promises of a secondary-trading market: In both Orders the SEC notes that the issuers highlighted to investors that the the issuer “ensure a secondary trading market for [Paragon] PRG tokens would be available shortly after the completion of the offering and prior to the creation of the ‘ecosystem’.” In other words, the fact that the tokes were marketed as speculative trading instruments that would be available on crypto exchanges did not escape the SEC’s eye and was certainly a factor in its conclusion that these things were in fact securities.

(6) Cut-and-paste legal analysis: The legal analysis is exactly the same in both orders. They appear to be cut and paste, in fact, tailored to the precise facts of each case. In fact, paragraphs 37 and 44 of the Paragon Order are identical to paragraph 17 and 23 of the AirFox Order. It’s pretty much straight Howey Test, with a nod to the DAO report and a wave at In re Munchee. (As a reminder: “An investment contract is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.” There is no blockchain exception.).

(7) Tokens that fit within the Howey rubric are securities: In fact, some of the language in these orders also appears in the In Re Munchee Order from December 11, 2017.  The Legal Analysis section in both looks like a cut and paste. The SEC made it clear that tokens that fit within the Howey rubric are actually securities. The roadmap and analytical framework were there, for anyone who wanted to see it.

(8) The remedial actions are identical: In both cases the remedial actions and undertakings by the companies are identical  --  payment of a $250,000 penalty to the SEC, registration of the token as a class of security, publication of a
"claim form” to token purchasers, ongoing Exchange Act reporting for at least one year, and a number of other reporting obligations to the SEC regarding compliance with the Order. Does that mean these cases provide a “roadmap” for how to bring an errant ICO into compliance? Maybe. Maybe not.  They do show a path that these two companies were able to follow. Whether it will work for them and whether it will be available for others remains to be seen.  For now, resolution appears to remain ad hoc.

(9) No fraud or misrepresentation is involved: Neither case involves fraud or misrepresentation of any kind. The SEC didn’t come down on these companies due to allegations that they ran off with money to pay for fancy cars or home furnishings as they have in some other well-publicized enforcement litigation. Rather, the SEC is focusing here on a statutory requirement that one must register securities unless they qualify for an exemption. This has been the law in the United States since the 1930s, and this law applies with equal weight, blockchain or no blockchain. This shouldn’t be a surprise to anyone in the space, post the DAO report, which is also cited in both Orders.

What happens next? If you look at the SEC’s actions and statements over the past 18 months or so, you can see a clear pattern. It started with a warning from the SEC that securities laws apply to token sales in the DAO Report. This was followed by a focus on clearly fraudulent offerings.

Next, in In re Munchee, the SEC warns one must file a registration statement. The SEC issued a cease-and-desist order, while allowing the issuer to shut down its offering and return the money it received — no penalty imposed. Finally, on Friday, the SEC has imposed civil penalties on two larger issuers, and imposed registration and other obligations on them.

In short, it would appear that the screws are tightening on ICOs, and it seems reasonable to expect them to tighten more. It would also seem that the volume of enforcement actions by the SEC is set to increase given the consistency of language and apparent enforcement template that now exists.

From a five act play standpoint, we’re definitely in Act III territory now.