Photography by Dennis Trantham.

A Wave of Lawsuits Looms For ICO Version 1.0 – Are You Prepared?

Bitcoin, Blockchain and the Law, ICO News, Regulation | April 20, 2018 By:

Initial coin offerings, or ICOs, have become a ubiquitous and much-discussed way for companies in the blockchain and digital currency space to fund themselves.  To date, by some estimates, more than $3 billion has been raised in ICOs, outpacing all venture capital raised in the United States in 2017. The technology of the blockchain has the power to transform the business landscape for many industries, and to create vibrant new companies in the manner of the PC and internet revolutions.  But the ICO as a funding mechanism, especially in what we call “Version 1.0,” in which issuers have decided that their coins or tokens were not securities regardless of the stage of development of the company and its blockchain network, raises serious questions under the securities and other laws, and will invite litigation as losses occur in the future for those who bought into ICOs.  In fact, the first purported ICO class action appears to have been filed, against Tezos and its $232 million ICO closed in July 2017.

In this article, we examine the hypothetical case of one fictional entrepreneur who launched an ICO in early 2017 without treating the tokens as a security, and examine the potential outcomes and concerns she should take into account in the areas of securities, commodities, government enforcement, private litigation, and insurance.  We are not attempting to predict the market for Bitcoin, Ether, or other digital currencies, but rather create a scenario in order to illuminate legal issues.

Early 2017 – Ms. Entrepreneur Launches an ICO

In early 2017 Ms. Entrepreneur had an idea to found Very Fine Blockchain, Inc. to bring the blockchain—a digital ledger technology in which transactions are recorded permanently, openly, and chronologically—into Large Industry.  She gathered up a team of blockchain engineers, and partnered with a blockchain technology company, a nonprofit blockchain foundation’s for-profit wing called BlockBillions, LLC, to adapt the blockchain to the needs of Large Industry.  

Ms. E had founded a company before and raised venture capital funds.  The company had done fine, with a modest exit, but most of the sale proceeds had gone to the venture firms because of their preferred stock.  And while Ms. E had liked the VCs personally, she felt constrained by their contractual rights, their focus on equity ownership percentages, and insistence on a liquidity event before she was 100% ready.  Ms. E had followed the advent of ICOs or “token launches” with interest. As she understood it, entrepreneurs were able to fully fund (even richly fund) their business plans by selling digital currencies that were minted out of the blockchain, simply by writing the necessary code and publishing a “white paper” explaining their business concept.  There was no dilution of her equity, no Board seat to give away, no contractual rights in the holders to run her company or receive a preferred return. And no live VCs to call her at all hours with unsolicited advice. The ICO was a VC removal machine!

Ms. E was introduced to Big Law Firm, which had advised a lot of blockchain companies on ICOs.  Peter Partner took her company on as a client. He explained that the SEC hadn’t yet guided the market on whether digital currencies were securities.  Dozens of companies were raising money through ICOs and increasingly comfortable with offering the coins to U.S. buyers, and taking the position that there was no offering of securities under existing U.S. law.  Peter Partner advised her that a coin that had a “function” on the blockchain was not likely to be a security, while a coin that was purely a financial instrument might well be a security. Ms. E wasn’t sure how to distinguish the two.  Very Fine intended to have an ICO with digital currency minted on the BlockBillions blockchain, a blockchain technology patterned on the Bitcoin blockchain, but separate from it. The coins would reward developers who improved the blockchain application, and would be used by some (or maybe all) Large Industry participants on the blockchain itself to buy and sell goods or services.  So maybe that was a “function.” On the other hand, people approaching her who wanted to buy into the ICO seemed to want to buy her coins as an arbitrage play. Indeed, Very Fine and BlockBillions would each own 10% of the total coins minted, and sell them in the future at a profit they both hoped would be large, as the Very Fine blockchain became popular in the Large Industry. Ms. E’s company also intended to sell additional coins at times she deemed appropriate, in an effort to stabilize the market and the price of the coins.  It certainly seemed that the Very Fine coins might well be considered financial instruments of some kind, and maybe securities. On the one hand, the buyers wanted to make a profit on the coins as Very Fine and its blockchain solution grew. On the other hand, the buyers knew that they weren’t getting something called common stock, or voting rights, or a right to company profits. Peter Partner declined to give a formal legal opinion either way, or seek an SEC no-action letter. But he assured her that she had a solid position that her ICO was for a utility token, and he encouraged Ms. E to pursue an ICO for all of the advantages it presented.  

Ms. E had her doubts.  After all, her company consisted of nothing more than a small group of open-source engineers and a “white paper” explaining their business plan.  What if Large Industry didn’t adopt her blockchain solution? What if a competitor had already built a better mousetrap? What if the coins offered in the ICO never functioned on a working blockchain as a result, and became worthless?  Ms. E had no idea who was proposing to buy her digital currency, except for a few hedge funds and BlockBillions executives. Did the buyers understand all of the risks? Peter Partner had made clear that white papers didn’t look anything like stock offering prospectuses or purchase agreements, and didn’t include things like long risk factors or accredited investor representations.  But on the day of the sale, buyers would “click through” terms and conditions on the website where the sales would occur, including some risk factors and other language designed to shield the company. Was that enough?

Ms. E had been sued by shareholders in a prior company, so she had already taken the precaution of buying D&O insurance.  But did it cover the possibility of a lawsuit in connection with her ICO? And what if the SEC decided that her ICO was a securities offering?  Or the CFTC decided that her coins were a regulated commodity? What were the penalties for being on the wrong side of that bet?

Finally Ms. E decided that the benefits of an ICO that could fully fund Very Fine were too numerous to ignore.  In mid-2017 she raised $20 million in an ICO. Very Fine threw a party.

Summer 2017—The SEC Guides, China Decides, and the World Grapples with Digital Currency Regulation

On July 26, 2017, Ms. E started to receive emails from friends attaching an SEC investigation report on ICOs that seemed to suggest that some, or maybe many, ICOs had violated U.S. securities laws by selling securities in unregistered offerings.  She also read that China had taken action to outlaw ICOs. Various other countries seemed to follow the U.S. lead of “case-by-case” analysis. She didn’t know what any of this meant for her business. Ms. E was especially concerned about any SEC scrutiny, as her business is in the United States.  But she couldn’t be certain that her digital coins had been traded or used only in the United States.

Ms. E decided to put her head down and keep executing her business plan.  Her engineering team was making progress, and she had been in contact with major players in Large Industry who seemed intrigued by her project.  

2018—Digital Currencies Correct, ICO Companies Begin to Fail

It is now late-2018.  A major correction has come swiftly to the price of Bitcoin.  Other digital currencies, such as Ether, follow suit almost instantaneously.  It appears that speculators and programmed trading accelerated the downward spike.  Billions of dollars in investor value are gone.

Scores of companies that issued coins in ICOs have seen their digital currencies go to zero value, or very close to it.  More alarmingly, there have been several stories of entrepreneurs who simply pocketed their ICO proceeds after their modest efforts to build a blockchain solution failed, their digital currencies (and companies)  now worthless. The SEC and other regulators, as well as state attorneys general and the Department of Justice, have opened numerous investigations.

Ms. E’s friend, Fast Dan, is also the founder of a company that did an ICO.  Fast Dan called Ms. E yesterday and told her that his company has failed to build a blockchain solution anyone wants.  His engineers have quit, and the ICO proceeds have largely been spent. His only remaining asset is a large chunk of his company’s digital coins, and he intends to sell them in the open market, where they still trade at a positive value.  While the blockchain solution Fast Dan built still technically “works,” in that it has a functionality and is an open source software solution that could theoretically work forever with enough support by the open source community, he knows that without his promoting it, attracting users, responding to the needs of the market, fighting competitors, and helping it adapt to the future, the blockchain solution will wither and die, and the digital coins that work on it will go to zero value.  Ms. E also holds a large number of Fast Dan’s coins, which she bought in his ICO at his urging, and he recommends she do what he is doing and sell them before he abandons the project. After all, his lawyers told him they were “utility” tokens, and therefore he owed no duties to the buyers and was under no obligation to provide information to the market, or refrain from selling the utility tokens he owns himself. How can someone engage in insider trading of a utility? Ms. E is conflicted.  Fast Dan’s legal position is consistent with what she heard from Peter Partner, but selling her Fast Dan tokens when she knows they are worthless just feels wrong.

What’s Next?

The above scenario is one that founders like Ms. E may be confronted with in the near term.  The SEC issued a report on July 26, 2017 finding that one ICO issuance was an issuance of a security and thus was subject to the registration and other requirements of the securities laws.   Even though ICOs involve new technology, the SEC’s report and determination are not at all surprising. Regardless of the new technology, the SEC will look to the core of the underlying investment to determine whether it is in fact a security.  As stated in the SEC’s press release on its report, “The innovative technology behind these virtual transactions does not exempt securities offerings and trading platforms from the regulatory framework designed to protect investors and the integrity of the markets.”

The CFTC, which regulates the derivatives markets for commodities, has made almost identical statements about new technologies and existing regulatory goals.  If a digital coin is not a security, it may well be a commodity subject to CFTC regulatory authority.

The SEC’s report and guidance do not mean that ICO issuances cannot continue—rather, they only mean that ICO issuances could be subject to the securities laws.  This is not a bad thing. It provides regulatory oversight over those ISO issuances that are securities and requires those issuers to disclose material information to those investors.  

In conjunction with the SEC’s Report, the SEC’s Division of Corporation Finance and Division of Enforcement issued a joint statement encouraging market participants to consult securities counsel to aid in their analysis of these issuers and to contact the SEC’s staff, as needed, for assistance in analyzing the application of the federal securities laws.

Now the question for those involved in issuances of ICOs: What to do next?  This is dependent on a number of facts. First, if the issuance was already treated as a security under U.S. law, then those involved in issuances should confirm that the conclusion reached was correct, given the SEC’s report and guidance.  The much more difficult questions arise from those issuances that were not determined to be securities issuances by issuers and their counsel, and therefore were not treated as securities issuances. In those instances, those ICO issuers, with the assistance of counsel, should determine whether their issuances are governed by the securities laws and, if so, what to do to meet the requirements of the securities laws, and what exposure they face because those issuances were not registered and treated as a security when issued.  And if the ICO was considered by the issuer not to be security, was consideration given to whether the digital coins were “commodities” and therefore subject to CFTC oversight? If it is a commodity, what would that mean for an issuer that then sold more of these commodities in further sales, which many ICO issuers have done or intend to do? Below is a framework for considering these questions. (Note: The federal and state regulation of digital currencies, including anti-money laundering and “know your customer” rules, are beyond the scope of this article, as are the legal implications of non-U.S. jurisdictions.)

Is the ICO an Issuance of a Security?  A Commodity?

As the SEC concludes in its July 2017 report, “[w]hether or not a particular transaction involves the offer and sale of a security—regardless of the terminology used—will depend on the facts and circumstances, including the economic realities of the transaction.”

In its report, the SEC found the tokens issued by a company called DAO were securities under the U.S. Supreme Court’s Howey test.  An investment contract is a security if it is an investment of money in a common enterprise with a reasonable expectation of profits derived from the entrepreneurial or managerial effort of others.  Key facts in SEC’s report regarding the DAO token were that tokens sold represented interests in the enterprise in exchange for payment with virtual currency, and investors could hold these tokens as an investment with certain voting and ownership rights or could sell them on web-based secondary market platforms.

Determining whether another ICO would be considered a security will require a close application of the Howey test in each case.  In Ms. E’s case, she consulted a reputable law firm for its view and was told that she was on solid ground under the Howey standard, which was articulated in 1946.  Ms. E can take some significant comfort in this.  However, Peter Partner declined to give a formal legal opinion, and never approached the SEC for a no-action letter, like many law firms providing advice in the ICO space.  

Ms. E may have a problem under the Howey test.  While the tokens sold by her company in mid-2017 may, one day, function as mere “things” or digital commodities within a working blockchain network, at the time of the ICO no such network existed.  Her company was nothing more than a business plan and a small collection of employees hoping to execute this plan. She will have to argue that buying the tokens wasn’t an investment in the “effort of others” under the Howey test, even though the efforts of her team were indispensable to creating the network on which the tokens could ultimately be a utility in the future.  At the moment, no court or regulator has decided such a case.

If the digital coins were not a security within the existing law, they may nonetheless be considered a commodity.  The CFTC has categorized Bitcoin as such a commodity. The definition of a commodity is extremely broad. While the CFTC anti-manipulation regulatory authority has not been exercised a great deal over commodities in the so-called cash or spot markets, i.e., the non-derivative purchase and sale without a future or derivative contract, and the CFTC might see an ICO as a cash or spot sale, the downstream actions of an issuer to “regulate” the market for its own coins could raise new issues around commodities regulation, for reasons discussed below.  And if they are considered to be securities, both registration and insider trading violations will be found.  

Ms. E should consider obtaining another law firm’s counsel.

And What about the Terms and Conditions (T&Cs)?  Will They Effectively Limit Damages and/or Define Rights?

A company embarking on an ICO will typically sell pursuant to T&Cs.  The T&Cs may include a mandatory arbitration provision, a class action waiver, and limitations on liability.  If the ICO constitutes the sale of a security, investors likely can pursue, among other claims, the various statutory claims under the securities laws regardless of the limitations provided for in the T&Cs.    

On the other hand, if the ICO does not constitute the sale of a security, but rather the spot sale of a commodity, these T&Cs may be enforceable and may be an effective means of limiting damages and the company’s liability.  In its recent decisions, the Supreme Court has consistently upheld the enforceability of arbitration and class action waiver provisions. The limitation of liability provision likely will be limited to a return of the purchase price and exclude any damages for loss of profits or other consequential damages.  Such a limitation of liability will also likely be enforceable absent fraud. It is difficult to conceive of any scenario where a limitation of liability will be enforceable for fraud or intentional acts. T&Cs also may contain statements, however, which could give rise to a duty to disclose contradictory inside information as discussed below.         

What Is the Exposure for an Unregistered Securities Issuance?

Failure to register securities under Section 5 of the Securities Act of 1933 or to qualify for an exemption from registration can lead to serious exposure and risk.  First, there is the risk of SEC enforcement proceedings for violating the federal securities laws. Section 5 of the Securities Act of 1933 requires registration of securities unless there is an exemption that applies.  Section 5 is a strict liability statute and thus does not require a finding of scienter, or intent. Along with potential exposure under Section 5, a determination that the ICO is a security means that the issuer and those involved in the issuance will be responsible for false or misleading statements regarding the ICO under Section 17(a) of the Securities Act and Section 10(b) of the Exchange Act.  The risks associated with an SEC enforcement proceeding are the SEC bringing an enforcement action seeking a permanent injunction in federal court or a cease and desist order in the SEC’s administrative forum (both of which may have collateral consequences if the SEC were to succeed), disgorgement, and potential penalties. In additional to potential exposure to an SEC enforcement action, there also may be exposure to state securities regulators’ enforcement actions and private actions by investors and other parties impacted by the offering.

How Would the SEC or a State Regulator Go about Investigating an Unregistered Issuance?

The SEC could bring an investigation based on a tip brought by a disgruntled investor or any other person.  Pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act), the SEC now has authority to provide whistleblowers with a bounty of up to 30 percent of any amounts the government collects in an enforcement proceeding.  This provides for a hefty incentive for whistleblowers to report potential securities law violations to the SEC.

Are Private Securities Class Action Lawsuits Allowed for Such Violations?  

Yes.  In addition to government enforcement actions, private parties also can bring actions under certain securities laws for their losses and attorneys’ fees, in addition to common law causes of action.  These claims may include, among other remedies, purchasers returning their securities and obtaining a full refund of their purchase price, regardless of the current value of the coins. It seems likely that the plaintiff’s class action bar will take note of the ICO gold rush, and that a significant correction in digital currencies might cause the kinds of downstream losses these suits are premised upon.  

Are There Insider Trading Issues?

If the coins or tokens are securities, selling them in a marketplace while in possession of material, inside information as Fast Dan proposes to do raises a host of well-known securities laws issues.  But even if the coins are not securities, Fast Dan (and Ms. E, should she choose to sell coins as well, whether her company’s tokens or those she owns from Fast Dan’s company) is running a legal risk. Under Dodd-Frank, the CFTC was granted new, broad powers over insider trading of commodities modeled on and mimicking the securities laws under Section 10(b) of the Securities Exchange Act of 1934.  The CFTC’s insider trading anti-fraud rule Rule 180.1(a)(2) closely resembles Rule 10b-5, with the crucial distinction, however, that it explicitly refrains from imposing any duty to “require any person to disclose to another person nonpublic information that may be material to the market price, rate or level of the commodity transaction,” except as necessary to avoid making any other statement untrue.  In other words, the CFTC does not require disclosure of material, inside information prior to a sale, except to avoid making any other statement (for example, statements in T&Cs) untrue. Separately, CFTC Rule 180.1(a)(3) prohibits fraudulent or deceitful practices in connection with any contract of sale of any commodity. The position that disclosure is not required is consistent with the CFTC’s historical view that commodities market transactions are done between parties without fiduciary duties to one another, and that hedging transactions themselves provide critical information to the marketplace, rather than representing predatory practices by insiders.  Therefore, it is possible to conclude that the coin was a commodity when issued (and therefore was not subject to registration or Rule 10b-5) and that the further selling by the issuer in later months and years might be subject to CFTC anti-fraud rules, but not subject to any disclosure requirement, except as necessary to avoid making any other statement untrue.

This conclusion bears some examination.  Ms. E is correct that what Fast Dan suggests seems just plain wrong and unfair.  Unlike ordinary commodities, the value of digital coins of the type issued by Ms. E and Fast Dan’s company may well be dependent upon the activities (and health) of the issuing company.  Depending upon the stage of development of the company and its solution, and the company’s business activities, they may not be at all like soybeans or light bulbs—or for that matter Bitcoin—having a separate utility in the world once sent into the stream of commerce.  Whether the issuer is about to go bankrupt, or sign an enormous contract, or undertake a major initiative in regard to the network is potentially inside information of exactly the nature Rule 10b-5 is meant to restrict insiders from using in their own trading in company stock.  Rather than go along with a manifestly unfair outcome—insiders profiting from coin sales while clueless buyers lose money—it seems much more likely that a court, acting in hindsight, would instead conclude that the coin was a security all along, and allow the downstream coin buyer redress for both the unregistered issuance and the fraudulent insider sales.  If the CFTC rules around spot sales of commodities do not ultimately contain a disclosure requirement (or are not “read” to have a fiduciary duty where such facts exist), we believe courts may well find such a duty at the root of the transaction—the issuance—if to do otherwise results in a manifestly unfair result.

When Does an Investment in an Early-Stage Blockchain Company Become a Non-security?

Version 2.0, or perhaps Version 1.5, of the ICO appears to have arrived in the form of a recognition by many issuers that in the early stages of a blockchain solution’s development, an investment in the company is an investment contract, a security.  Therefore, they are seeking to structure their early financing under Regulation D of the Securities Act, and sell only to “accredited investors,” i.e., high-net-worth/high-income, sophisticated investors. Some investors are combining this with a so-called SAFT (“Safe Investment For Tokens”) agreement whereby the investor receives tokens only upon the blockchain network being functional or “live,” at which point the investor is, in the eyes of the issuer at least, receiving a utility token that will be regulated—if at all—as a digital commodity, not a security.  Under this theory, the “effort of others” prong of the Howey test applies in the early days of development of the blockchain, but once the network is live, the “effort of others,” i.e., the company and its managers, becomes irrelevant.  (Or, in the view of some practitioners, such efforts are not legally relevant if they do not produce the “predominance” of value, a key nuance, and one surely to be hotly litigated in the future.)

We can foresee the possibility that entrepreneurs could create blockchain solutions with digital coins or tokens that, once launched, exist without the need for the entrepreneur’s company, or any further marketing, sales, strategic, competitive, or technical efforts.  Perhaps the users of the solution and the open source community will use, run, and maintain the enterprise with no further need of the entity that birthed it. In such a case, the risk of loss all around seems small, as the tokens should not dive in value upon the demise or distress of the founding company.  Perhaps the entrepreneur may simply exit the stage with the profits derived from selling their share of tokens, and move on to another venture free from any further responsibility. This seems possible. But such pristine outcomes are not our experience in the world of business and law, especially in new technology environments experiencing fevered selling and buying such as we have seen in the blockchain and digital currency world.  It seems more likely that a vigorous and sustained entrepreneurial effort will be not only needed, but vital. And therein lies the problem. The exact measure of value that may come from the “effort of others” and have the digital coin be or become a utility token, the qualities of an enterprise or a token that achieve the shift from security to token, the future activities that an enterprise may undertake without endangering the status of “utility token” all remain to be determined.  They will likely be hashed out by litigators and courts in the near future, with ICO Version 1.0 entrepreneurs like Ms. E at the center of the action.

Does Traditional D&O Insurance Cover an ICO?

It depends on the language in the insurance policy, the nature of the claim, and the relief sought, but probably not.  None of the brokers or carriers with whom we have spoken believe current D&O policy language was written by the carriers with the intent to cover the risk of an ICO, unless such activity was specifically and explicitly covered.  Of course, policy language is always subject to different interpretations. It is likely that many (or all) insurers will resist an interpretation of their existing D&O or other policies requiring coverage of a new and untested activity such as an ICO, unless the language of the policy is fairly specific.  

Generally, a D&O policy will cover the organization and its directors for claims alleging “wrongful acts,” such as breach of duty, or negligent errors, omissions, or statements.  However, the definition of Loss generally does not include civil or criminal fines or penalties imposed by law (or taxes). That means that while the insurer may have a duty to defend the underlying claims, to the extent that fines or civil penalties are levied upon Ms. E’s company and/or its directors, no indemnification would be provided.  

Also, there are exclusions that may potentially apply to preclude coverage for claims against the issuer.  For instance, some D&O policies have Regulatory Exclusions that exclude coverage for any violations of local, state, or federal laws and to any claims brought by governmental bodies.  Some policies exclude coverage for any public offering of securities or the purchase or sale of such securities, and some may also specifically exclude coverage for crowdfunding activities, including any offer or sale of securities exempted from registration under Section 4(a)(6) of the Securities Act of 1933.  Furthermore, Ms. E and her ICO may not be able to escape the standard exclusions premised upon fraudulent/criminal behavior or gaining any profit/advantage/remuneration to which the insured was not legally entitled, although these “intentional” exclusions will generally be evoked only if they are determined by a final adjudication.  

ICO issuers should have qualified counsel review their policies, and discuss coverage options with their broker.    

Conclusion

The blockchain is an exciting new technology with use cases across many industries, and the power to transform the way business is done in many areas.  Digital currencies have yet to prove similar utility, despite the run-up in the value of Bitcoin and Ether in 2017, but given the extreme youth of the technology, this may change.  The nexus of blockchain solutions and digital currencies, especially in ICOs, raises a plethora of legal and regulatory issues that we will be grappling with for years to come. Every player—entrepreneur, coin buyer, industry executive, lawyer, insurer, and regulator alike—would do well to consider what is coming as we all adapt to this new and exciting world.

We are believers in the blockchain.  We also recognize that existing legal precedents and rules, like the Howey test, may be inadequate in providing clear guidance in the face of a new technology.  We are currently working with entrepreneurs and others to find the structure of ICO offerings that lessen or eliminate risks for our clients as they pursue the promising benefits of the blockchain.  

Authors:

Christopher O’Brien is a partner in Venable LLP’s Corporate Practice in the Los Angeles office.  George Kostolampros is a partner in the firm’s Washington, DC office.