Maybe the biggest regulatory question facing cryptocurrencies is whether they are “securities” under the federal securities laws. If so, they would need to comply with onerous registration and disclosure requirements imposed by those laws on anyone offering stocks, bonds, and other “investment contracts.”
In Part 1 of this series, we discussed how cryptocurrencies are a fundamental part of how blockchains work. They are the incentive that gets people to participate in verifying and updating a ledger, so that there is no more need for a centralized intermediary to do this work. If incentivizing decentralized network operations were the sole function of a cryptocurrency, it is hard to see how it would constitute an investment contract or implicate securities laws at all.
But many commentators have assumed that cryptocurrencies are or may be “investment contracts” simply because buyers often treat them as investments. This analysis overlooks what the Supreme Court in Howey did not — that in order to come under the jurisdiction of securities laws, an investment must be an investment contract. This means that there must be a counterparty who, as part of the contract, takes on some responsibility to create value, creating something roughly analogous to a principal-agent or other fiduciary relationship. But a cryptocurrency on a decentralizing or decentralized network creates no such responsibility or relationship, and thus fails to constitute an investment contract even under the plain terms of Howey.
In this piece, we will discuss:
- The Supreme Court’s Howey test for determining whether something is a security
- The basic case for why cryptocurrencies are not securities
- Three complications for the basic case
- A simple test to determine whether a cryptocurrency is not a security, or whether it merits further attention
Note that none of this is legal advice.
Understanding the Howey Test
The test for whether something is an investment contract was provided in a Supreme Court case called SEC v. W.J. Howey Co., 328 U.S. 293 (1946). In Howey, a company marketed an arrangement in which:
- it sold citrus groves via real estate contracts; (sale)
- it leased back those properties using a service agreement that gave the company exclusive rights to work the land; (leaseback + exclusive servicing agreement)
- it structured the agreement to share profits with the buyer of the property; (profit sharing).
The Supreme Court held that this constituted an “investment contract.” It explained that an investment contract is: “a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.” This is now known as the Howey test. In that case, the facts were fairly straightforward: an owner of an orange grove business — which would normally sell shares in its enterprise — came up with the elaborate arrangement described above and did basically the same thing as selling shares, except with a lot more paperwork. It is hard to imagine why this arrangement would not be an investment contract, and easy to imagine all the gamesmanship that would follow if such an arrangement were a de facto exception to securities laws (i.e., more companies would functionally sell shares by using this arrangement).
By its literal terms, the Howey test is capacious. As a result, many commentators have assumed that cryptocurrencies could well be considered securities, and members of the SEC have said as much. After all, they reason, it seems pretty clear that people invest their money in blockchains (common enterprises) in the hopes of making profits based on other people’s efforts.
But this analysis lacks rigor and is based on an ultimately indefensible application of Howey. For one, such an overly literal application of the Howey test produces absurd results. A share of Apple stock does not become a non-security if Apple hands that share out to someone for free, even though the Howey test requires “a person…[to] invest[] his money.”
More fundamentally, an overly literal application of Howey is simply wrong on the law, and would upend almost 90 years of practice, in a way that was never intended by Congress. Consider, for example, these two fact patterns:
- The New York Knicks market their apparel as “the apparel of the soon-to-be greatest championship team” and “apparel that will only increase in value as the team wins,” and fans buy their jerseys on the expectation that the jersey will increase in value.
- A company issues a $1.7bn loan syndicated to 70 investor groups comprised of 400 entities. The loan provides a rate of return in the form of interest payments, which depends on the ability of the company to stay in business (i.e., the lenders are relying on the company to stay in business for long enough to pay the loan and interest).
Is the purchase of the jersey or the provision of a loan “a transaction . . . whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party”? In both instances, the answer to the literal question is obviously and indisputably yes. And yet, in both instances, the answer to the legal question is no. Sports apparel, even if marketed as an investment, do not need to be registered as securities. And it’s also well-established that leveraged loans, even if broadly syndicated, are not securities. In Reves v. Ernst & Young, the Supreme Court recognized that many kinds of loans fall outside the text, structure, and purpose of the securities laws. Its analysis was much more nuanced than a simple application of the Howey test. It assessed factors like the motivations of the buyer and seller, how widely the note was distributed, the expectations of the public, and the presence of alternative regulatory protections.
This is all to say, the Howey test is not as literal as it seems, and it is way too simple to say something is a security simply because an investor bought it with the expectation that other people will work to drive its price up. Any application of the Howey test must be sensitive to the facts of the case, and turn on the text, structure, and purpose of the securities laws.
The basic case for why cryptocurrencies are not securities
In fact, the SEC would likely face significant pushback in courts if it argued that all cryptocurrencies are, as a general matter, securities — especially as multiple justices on the Supreme Court have raised concerns about “the danger posed by the growing power of the administrative state” in the context of agencies claiming broader-than-legislated jurisdiction to regulate.
This is because, as a general matter, cryptocurrencies serve two functions, neither of which has the economic substance or purpose of a security: (1) they reward people for participating in a network; (2) they are necessary for transacting for services provided by that network. For example, the Bitcoin protocol pays its miners in Bitcoin, and it requires that transaction costs on its network be paid in Bitcoin. On its face, this looks more like the tokens that one may receive at an arcade. They are a reward for participating, and they can be used to buy something within that particular arcade. In the context of the facts presented in Howey, it would be like if the orange grove owner paid people to do work in the groves by paying them in oranges, and also had a store in which things could be purchased with those same oranges. None of these examples has the economic function or substance of an investment contract — and in none of these cases could such an arrangement serve as an adequate substitute for selling shares, unlike the facts of Howey.
More fundamentally, the structure of the securities laws is inconsistent with applying them to decentralized cryptocurrencies. Ironically the purpose of the securities laws was largely to disintermediate banks (ironic because this has also been a rallying cry for Bitcoin and other early blockchain applications). As Ron Chernow pointed out in The Death of the Banker, prior to the passage of the Securities Act in 1933, banks had superior information about their clients and could effectively trade on that information vis-a-vis the public. As Chernow observed, the securities laws largely collapsed this advantage by requiring companies to register and to “make [material] information publicly available on a non-discriminatory basis.”
This register-and-disclose apparatus assumes the existence of a company that has material and nonpublic insider information — and thus a context in which the burdens of registration and disclosure are outweighed by benefits to the investing public. It’s hard to see how to apply that structure to decentralized blockchains. A blockchain like Bitcoin or Ethereum has a founder or founding team that creates the protocol (typically in open source code) and launches it into the real world, at which point the cryptocurrencies become available. After the protocol is launched, it is basically an open source protocol that depends on network resources and effects. There is little or no non-public information to share, much less financials like a balance sheet, income statement, or cash flow statement. It’s not even clear what it would mean to file a 10-K or 10-Q or other standard SEC disclosure forms.
Moreover, unless there are special governance features that suggest otherwise, the founding team does not retain any management control — and thus likely does not have superior information about the direction in which the blockchain could be headed. The network belongs to all the network participants, rather than a single company. The core developer team’s influence is mainly through credibility and persuasion. By design, there is no centralized party to consider and share risks. In many instances, governance “decisions” are functionally made by whether users adopt updated protocols or stick with the old version — at any moment, one protocol like Ethereum can become two, as it did when Ethereum split into Ethereum and Ethereum Classic, with some users using the former and others using the latter. This is called a fork. In effect this means decisions are made by users who decide which version they want to adopt, rather than by a management team. As a result, the very substance and structure of the securities laws are incompatible with decentralized projects in which there is no meaningful non-public information or centralized party with a necessarily more insightful view of risks.
Seen this way, it seems misguided to apply the securities laws at all. Apply them to who? The founding team? For what purpose? For how long? And what exactly is the investment contract? Who is contracting and under what terms?
Why it’s not so simple
There are three problems, however, that complicate this story and merit further discussion.
First, we earlier said that cryptocurrencies serve only two purposes. In reality, however, it was inevitable that people would also buy cryptocurrencies to speculate on their price. The market for any asset inherently builds in expectations about future values, so there is at least some Venn Diagram overlap between someone who owns a cryptocurrency and someone who owns a stock. Of course, this doesn’t necessarily mean cryptocurrencies are “investment contracts” (any more than agreements to buy art or sports jerseys or trading cards or other assets with values that fluctuate based on the performance of others). It just means that once people started to treat cryptocurrencies as investments, a dot started blinking on regulators’ radars, and the story got a little more complicated than “this is just payment for work” or “these are just tokens that purchase services on a blockchain.”
Second, so far our discussion, like in Part 1, has been about decentralized blockchains that are open source and operate by incentivizing a community (rather than through a centralized intermediary). But some blockchains are governed by centralized intermediaries and have design features that give one or a few parties the power to make governance changes (e.g., the ability to unilaterally change the blockchain’s core protocol). This doesn’t mean they are necessarily securities, just as the tokens in an arcade are not securities even if the arcade is a centralized entity that governs them. But to put it in terms used by the Supreme Court in Howey, these blockchains more plausibly implicate the idea that someone is dependent “on the efforts of others.” They may thus merit further scrutiny.
Third, cryptocurrencies are distributed in at least three ways, and each of these ways is unique from a securities law perspective:
- Pre-product sale: The purpose of selling tokens before the protocol is created is usually to raise money to subsidize building of the protocol. At this point, there is no product and the team has material and nonpublic insider information about what assets it has thus far, what it would like to build, and the risks associated with doing so. In 2018, thousands of ICOs (“initial coin offerings”) offered these products to retail investors, and regulators were right to be concerned. These look more like straightforward venture capital deals, and this is why today teams typically limit these sales to accredited investors and comply with SEC rules for doing so.
- At-launch and post-launch distribution: At or near launch, the founding team has built the protocol, which is typically open source, meaning the whole world can see it. The protocol will have a “genesis supply” of tokens, which the team then distributes to employees and pre-launch investors. But because these protocols have network effects, the success of the protocol depends on much broader adoption. In order to kickstart those network effects, the team will sell or even give away tokens to a broader base of people (through grants to developers, and auctions to the enthusiasts who follow their development). Because the point is to get as many people invested as possible, teams often consider selling tokens for “cheap” or simply giving them away; this in turn means a broader set of people can share in the network’s success, and are thus invested in helping the network achieve its potential.
- Mining, airdrops, etc: At and after launch, the protocol can be designed to reward all sorts of participation — providing processing power (mining), resources (staking), to simply holding the cryptocurrency (airdrops).
In the latter two categories — i.e., distributions at/near launch and after launch — the application of securities laws is fairly dubious. This is because the purchase or receipt of a decentralized or decentralizing open-source cryptocurrency is not an “investment contract” in plain English. There is a crucial difference between an investment contract and a mere contract. The unstated assumption in much of the popular commentary is that investment contracts are for purchasing ownership stakes in assets in the hopes that they will appreciate in value. But as we discussed, people buy a lot of things in the hopes that the value will go up (cars, jerseys, stamps, etc). These are investments, not investment contracts. The sine qua non of an investment contract is the creation of something resembling a principal-agent or general fiduciary relationship. When a person buys a share of Apple, or invests in a startup, or enters into the Howey orange grove arrangement, they are entering into a contract in which the counterparty is a person or persons who, by the terms of the contract, has some crucial responsibility in terms of making the venture work. But with cryptocurrencies, once the network is launched, the founding team does not necessarily have any such responsibility. They could simply walk away. There is no contract beyond the sale of the token. It is simply the sale of an asset; in more detailed terms, it’s the sale of a token that has utility on an open-source algorithm.
This distinction is what the Supreme Court was alluding to in Howey when it referred to expecting profits “solely from the efforts of the promoter or a third party.” Note that the SEC dropped the word “solely” in their own analysis, even as it was emphasized multiple times in Howey. While the price of cryptocurrencies may fluctuate based on the efforts of various promoters or third parties, ultimately that price is a function of the value of the network, not any one third party — and certainly not a third party who is under some contractual duty. It’s the difference between investing in Bank of America, a company with a management team, and investing in Bitcoin, which is a network promoted by its network participants. If Bank of America shut down as a company, there would be no enterprise value; the network effects it built are useless without a centralized company running its operations. But there is no one company or person or team that could, by shutting down, deprive Bitcoin or Ethereum or any other launched open source protocol of all its value. In fact, there’s no obvious way to shut down a decentralized, open-source blockchain; while the founding developer team is well positioned to lead updates to the protocol, any developer could do so.
These differences are a critical distinction for purposes of the securities laws. The entire structure of securities laws assumes the existence of a centralized company that has material and nonpublic insider information by virtue of operating the company. The law imposes requirements on that entity for that reason. But once a blockchain has launched, the information asymmetries have largely collapsed because the protocol is typically open source, which means it can be audited and reviewed and perhaps even better understood by people outside of the company. More fundamentally, absent governance features that give the founding team more power, each distribution of the network’s tokens moves power and incentives away from them and towards the broader network. At this point, the protocol can live through its network effects — even if the founding team walks away, others have all the information and incentives needed to carry the project on.
The application of the securities laws in this context is deeply misguided. It’s particularly ironic that securities law currently works to limit wider distribution, given that the wider the distribution, the more likely it is that the network has developed resilience beyond its founding team. It’s also unfortunate because securities laws basically define “accredited investors” as wealthy people, yet in this context an impecunious but clever developer or gamer is likely a much stronger addition to the network than a wealthy white collar worker. This clear mismatch of purpose are further indications that the securities laws were developed for a different context.
This is not to say that cryptocurrencies should go unregulated or that they are currently unregulated in the absence of the SEC taking jurisdiction. In fact, in Reves, the Supreme Court explained that courts should ask “whether some factor such as the existence of another regulatory scheme significantly reduces the risk of the instrument, thereby rendering application of the Securities Acts unnecessary.” Here, almost all concerns about fraud or scams in this context relate to false or misleading information, and can thus be addressed by the plethora of existing consumer protection and anti-fraud-and-deception laws that exist outside the context of the securities laws.
The current framework is stalling innovation and harming Americans, but there’s a better way.
At least one SEC official has already publicly stated that Bitcoin and Ethereum cannot currently be considered securities, though he notoriously left open whether they were securities at the start. This recognition, while important, risks the absurd result of grandfathering in Bitcoin and Ethereum while subjecting all possible competitors to significantly more regulatory scrutiny, thereby providing the first movers with a regulatory advantage that was never contemplated by law.
Beyond that, there is an almost total lack of regulatory clarity. In this void, the SEC has offered a framework based on Howey that has well over fifty factors. We can commend their attempt at being comprehensive while recognizing that a 50+ factor test simply does not give entrepreneurs — many of them young entrepreneurs and engineers eager to build the next generation of technology but who would like to comply with laws — the guidance they need to innovate. In the meantime, the SEC has postured more as a looming authority that may strike and punish at any time, rather than an agency that works with businesses to enable innovation while addressing its important public policy goals.
As a result, an alarming percentage of projects — not least of which is Ethereum — have launched outside of the United States, often in Singapore or Europe. The consequences for the US economy are and continue to be enormous. Just Ethereum is $350 billion of market capitalization. In addition, risk-averse teams try to keep tokens completely outside of US markets so that they have no exposure to US investors and thus the SEC. This means that American developers and engineers are excluded from early community membership and from participating in the rise of multiple multi-billion dollar networks, as well as interesting network acquisition and retention strategies like airdrops, in which network participants can receive as much as $50,000 of value as a reward for using the protocol. It also hampers would-be decentralized competitors to big technology companies that retain centralized control of network effects, like social media or ride-hailing companies; this result (again ironically) makes securities laws responsible for entrenching companies in which the gains of network effects are hoarded by a centralized company, rather than shared with the actual network.
This is wholly unnecessary. It is impossible to imagine that Congress would today pass a law requiring these devastating consequences for the benefit of registration and disclosure requirements that were designed for another context and have only dubious benefits as applied to cryptocurrencies. But even applying that framework, the question of whether a cryptocurrency constitutes an “investment contract” under the securities laws can be answered by a simple 2-question test, which also addresses almost all of the SEC’s concerns and which is much more administrable than either a 50+ factor test or constant case-by-case Howey tests:
- First, is the project selling future tokens of a protocol that has not yet launched (as opposed to: (a) a protocol generating/issuing tokens to miners; (b) a company or entity that sells tokens for a protocol that has launched or will imminently launch, such that the company is decentralizing rather than simply fundraising);
- Second, does the project retain special governance powers or other mechanisms of control (i.e., something that gives it more power in decision-making than other token holders or members of the community) or are parts of the protocol non-open source, such that the company selling the tokens might have material and non-public insider information about the direction the protocol will take and the risks associated with going in that direction?
If the answer to either is yes, then the sale looks more like an “investment contract” because the seller is entering into something analogous to a principal-agent or fiduciary relationship, and promising to put in some particular or special effort to drive the value of something the buyer is investing in. Consequently, under either of these scenarios, the project may be selling tokens in a context where a centralized team is governing the direction of the protocol and thus may have material and nonpublic insider information about the future of the protocol. Such situations may implicate the text and purpose of the securities laws, and a more in-depth Howey analysis can be warranted.
Even then, however, the SEC should create a streamlined registration and disclosure process that is quick and tailored to the context of cryptocurrencies, rather than applying its current framework which was designed for companies that operate through centralized decisionmakers on an ongoing basis. That process can require disclosing conflicts of interests or other useful information that would promote the integrity of network communities. Related regulation could also identify in clear terms what kind of control raises concerns or triggers special obligations (e.g., what % ownership of tokens). Moreover, any such framework can and should be designed to provide a limited safe harbor for those who are actively working to decentralize a protocol on a reasonably quick timeline, as proposed by Commissioner Pierce.
But if the answer to both prongs is no, then the project likely falls outside the mandate of current securities laws. It means there is a public open source protocol, and that: (i) tokens are being awarded to those participating in that network; and (ii) there is no third party with material nonpublic insider information about the protocol or risks associated with it — the type that makes the standard registration and disclosure requirements useful — or the kind of control or power that might make them privy to such information.
Finally, it’s important to emphasize that this analysis does not suggest there are no remaining concerns about fraud or consumer protection as it relates to cryptocurrencies. As noted above, straightforward instances of fraud are already illegal under federal and/or state laws, as are many other unfair or deceptive practices. And any gaps in those laws can easily be addressed through legislation. Perhaps one front of regulation will be more precisely regulating power that may arise from de facto economic control of decentralized or decentralizing networks. But we can address those concerns as they arise. The status quo of slowing down innovation because of uncertainty in securities law that were designed for an entirely different construct is a significant and unnecessary public policy mistake; we can and should encourage innovation while addressing and limiting abuses.