Could your decentralized token project run afoul of securities laws?

We are at Devcon2 in Shanghai this week, where research director Peter Van Valkenburgh gave a talk on how securities regulators look at decentralized tokens and what developers should think about before issuing them.

Greetings from Shanghai and the Ethereum Foundation's Devcon2. Monday morning local time I presented a talk on Regulatory Considerations for Dapp (Decentralized Applicaiton) Development. It was the first non-panel talk of the day and I was honored to literally share the stage with many of Ethereum's brilliant core developers.

Our invitation to speak right at the top of the conference underscores how seriously the Ethereum community takes these issues. The reaction from the room was very positive. Most everyone using these technologies wants to do the right thing: build great technology and avoid putting users at risk or trampling over the jurisdictions of heavy-duty regulators like the SEC. The difficulty in striking that balance has been a lack of good and widespread understanding when it comes to how securities regulation actually applies, and what it seeks to accomplish. We are thrilled to be able to build that understanding.

The ill-defined intersection of securities regulation and blockchain networks has been one of our big topics for policy research in 2015 and 2016. Over a year ago we presented a detailed framework to a large gathering of staff at the SEC. That framework was the first comprehensive approach to analyzing bitcoin as well as any alt-coin, cryptocurrency, or blockchain-denominated-token under the US standard for securities classification: the Howey test. Over the next few months we developed the slide deck from that briefing into a report that spells out the legal issues and also has a comprehensive plain English explainer of several technological and community variables in this ecosystem that can affect the outcome of that test.

If you are here looking for a quick summary, here are our conclusions once again:

We find that several key variables within the software of a cryptocurrency or decentralized token and the community that runs and maintains that software are indicative of investor or user risk. These variables are explained in depth and mapped to the four prongs of the Howey test in order to create a framework for determining when a cryptocurrency resembles a security and might therefore be regulated as such. We find that larger, more decentralized cryptocurrencies— e.g. Bitcoin— pegged cryptocurrencies—i .e. sidechains—as well as distributed computing platforms— e.g. Ethereum—do not easily fit the definition of a security and also do not present the sort of consumer risk best addressed through securities regulation. We do find, however, that some smaller, questionably marketed or designed cryptocurrencies may indeed fit that definition.

Basically the take away is that if you build a cryptocurrency or decentralized token the right way then it will not be a good fit for the US test for an investment contract, and therefore should not be classified as a security for the purposes of regulation. Build it right and it's not going to be a security. The right way to build a crypto token is, of course, a value judgement, but what I mean by this is not just my personal value judgement or the value judgement of lawyers in this space. What I mean is a value judgement that is, in fact, frequently shared by non-lawyer technologists and participants in this ecosystem. Those best practices are emergent and nascent in the ecosystem but they are there and widely shared in technical forums and online discussions. Here are a few:

  • distribute crypto-tokens through an open process (mining, peged exchange, proof-of-burn, in return for valuable computing work provided to the system etc.),
  • distribute the tokens only after the network is up and running (avoid pre-sales),
  • build tokens that have a use-value and are not mere speculative investments (the token should be able to do something: access a decentralized computing system, be a reward for providing surplus data storage to a network, etc.)
  • build with open source software (without visibility into the code how can we know its not a scam?)
  • use an open and transparent blockchain (without visibility into the network transactions how can we know its not a scam?)
  • secure that blockchain with an open network of validators (proof-of-work, proof-of-stake, social consensus)
  • cultivate a diverse community of unaffiliated developers, users, and firms (be more like the gold industry rather than a particular firm in that industry)

Deviating from these emergent best practices introduces centralization into your network, e.g.:

  • a closed source code-base is only auditable by you and your business associates,
  • a consortium chain is subject to the desires of the consortium members,
  • a purely speculative token that has no use-value is the sort of thing a small group of promoters will "pump," profit off of, and "dump."

That centralization is, in effect, the introduction of reliance on a third party promoter and issuer into a system that would otherwise function more like a competitive industry. That centralization in the real world is the difference between buying stock in a company and merely holding assets that are created and used by an open market (again, owning diamonds does not make you a shareholder of the diamond industry writ large, even though the cumulative actions of diamond miners, jewelers, traders, and scientific or industrial diamond users will inevitably affect the value of your diamonds as assets).

The great thing is, that centralization is an anathema to this community of developers; it is the very thing these systems are designed to avoid. When they are designed well, they should fall out of the tests for securities regulation because they no longer present the sort of investor reliance on third parties that securities regulation is intended to address. In this sense securities regulators and people like the Ethereum developers are both working toward the same goal: building a world where we are protected from "the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits" (SEC v. Howey). They may take very different approaches to solve these problems, and they many not always fully understand the methods and madness of their counterparts, but diverse approaches are essential to success. Let many flowers bloom.

Based in Washington, D.C., Coin Center is the leading non-profit research and advocacy center focused on the public policy issues facing cryptocurrency and decentralized computing technologies like Bitcoin and Ethereum. Our mission is to build a better understanding of these technologies and to promote a regulatory climate that preserves the freedom to innovate using permisionless blockchain technologies.