Subpoenas, Subpoenas Everywhere: What's an ICO Issuer to Do?1

March 8, 2018

By Tyler Kirk, Amy Caiazza, and Robert Rosenblum

There apparently has been significant shock and surprise over recent reports2 that the Securities and Exchange Commission (SEC) has issued a large number of subpoenas to initial coin offering (ICO) issuers and to ICO gatekeepers who may have been involved in token transactions that potentially did not comply with the federal securities laws. To a large extent, this shock and surprise is shocking and surprising. The SEC has been as clear as it knows how to be that it believes virtually all tokens (and simple agreements for future tokens, or SAFTs) are securities for purposes of the federal securities laws.3

It is true that the SEC's initial forays into the crypto space were comparatively gentle. Instead of bringing an enforcement action in the decentralized autonomous organization (DAO) case, the SEC instead opted to issue a report.4 The SEC also simply told Munchee Inc. to stop its unregistered token offering, and did not bring any further actions against the company.5 Some participants in the crypto community apparently mistook these actions as suggesting that the SEC would continue to be gentle, perhaps by essentially "grandfathering" pre-existing token sales, regardless of their lack of compliance with the federal securities laws, or by pursuing only the most egregious violations of federal securities laws, such as those involving token issuers engaging in garden variety fraud.

That was an unfortunate misreading of the clear signals that the SEC intended to send. The SEC Chairman's repeated statements that virtually all token offerings are securities, for example, should have been a clear signal to the market about what was likely to happen. The fact that the SEC created a cryptocurrency task force, headed by members of its Division of Enforcement, should have been another.6 The SEC is very clear in those few times when it says it may not fully prosecute prior securities law violations; a good example of how the SEC tends to approach those instances was its recent offer to investment advisers with potential fiduciary duty violations in connection with mutual fund share class selections to voluntarily discuss those violations with the SEC.7 Obviously, the SEC did not make a comparable offer to participants in the crypto community who may not have complied with the federal securities laws.

In any event, the crypto community is now on full notice that the SEC will focus on prior token and SAFT offerings that did not comply with the federal securities laws.8 The SEC also will insist that all token issuers comply with applicable federal securities laws, as they develop their platforms and token markets.

The good news is that none of this means that cryptocurrencies and platforms cannot operate in the U.S. They can, but they need to do so in compliance with the federal securities laws (and other applicable laws and regulations). There also should no longer be confusion about what the SEC thinks. The SEC thinks that virtually all tokens are securities, and it thinks that all applicable securities laws, rules, and regulations apply to tokens and token platforms. Which is, after all, precisely what SEC Chairman Clayton and others at the SEC have been saying.

A token issuer could, of course, take the SEC or private litigants to court, and it is possible that at least some courts would determine that at least some tokens are not securities. In the ordinary case, though, the issuer may first have to move through years of expensive litigation with the SEC or private plaintiffs, during which time it may be difficult to fully operate the platform due to litigation risk and market uncertainty.9 It also is worth considering that many courts may well agree with the SEC's position.

Accordingly, here is what we think are a few key takeaways and observations following the SEC's reported recent actions:

  1. Tokens are almost always securities. The SEC will treat virtually all tokens as securities, and token issuers should treat their tokens as securities.

    • “Utility Token” does not mean what you think it means.10 The SEC believes that tokens that have or will have utility generally are still securities. Legal or other opinions that a token is a "utility token," and therefore is not a security, are unlikely to be persuasive to the SEC.
    • A token does not stop being a security when the related platform becomes "operational." This is a corollary to the fact that utility tokens often are still securities. Whether or when a token stops being a security is a highly fact-specific question, which likely turns on factors like the continuing degree of involvement of one or more platform sponsors in the token ecosystem and whether the tokens are largely being purchased and held for consumptive purposes or for investment purposes. None of these have any likely correlation to the time a token platform becomes operational.
    • You can’t add your way out of a token being a security. Whether a token or any other instrument is a security is based on statutory provisions and many decades of carefully crafted court and SEC decisions. None of those provisions or decisions relies on assigning numerical values to various factors and adding them together to try to reach a target score. While some token issuers have tried to rely on purported tests that use such a mathematical approach, the SEC likely will not be persuaded that such a numerical exercise is useful to the analysis of whether a token is a security.
    • Technical and technological distinctions between tokens generally are not relevant to the question of whether a token is a security. For example, there is no difference in the analysis of whether a protocol layer token and an application layer token is a security. The differences between the two may be very significant for some purposes, but both are likely to be securities to the SEC. Similarly, distinctions between and among terms like "coins," "tokens," and "currencies" may have important distinctions in some contexts; there is no distinction in the analysis of whether they are securities.
    • Is your token really that different from all other tokens? For those token issuers that still want to argue that their tokens are not securities, you may want to ask yourself this: if the SEC thinks that each of the hundreds or thousands of tokens it has seen are securities, what are the fundamental differences between your token and all those others that make your token the only one that is not a security? Do you really want to risk an enforcement action (and potential token-holder litigation) on that distinction?

  2. Fix the problem before the SEC fixes it for you. If you have sold tokens to unaccredited investors, or if you have otherwise not complied with the federal securities laws, strongly consider fixing the problem before the SEC finds you. Potential approaches include doing a rescission offer, forking or burning certain tokens, and self-reporting to the SEC. All of these are unpalatable, to be sure. Having the SEC show up at your doorstep likely will be even more unpalatable, especially if you have not taken steps to address known securities law violations.

  3. How do you offer tokens in the U.S. if they are securities? Assuming a token or SAFT issuer is selling in a private placement, the issuer should sell only to accredited investors that have been verified as accredited, and it should sell the tokens or SAFT only pursuant to a tailored disclosure document and risk factors. White papers, while helpful, typically do not include many of the disclosures and risk factors that should be included in a well-structured private placement. Issuers also should consider conducting AML, KYC, and similar checks; must conduct OFAC reviews; and must consider the applicability of various state laws and regulations.

  4. How do you make the tokens freely tradeable and available to retail investors? If a token issuer has sold tokens in a private placement, the holders of the tokens generally may not resell them, and retail investors generally cannot purchase them. To address these limitations, many token issuers likely will consider one of three options: registering the tokens in a traditional initial public offering; qualifying the tokens under Regulation A+; or waiting a year, when the tokens may become freely tradeable, if certain conditions are met. There are significant pros, but also significant cons, to each of these options.

There has been legitimate confusion in the crypto community until now on whether, when, and how the federal securities laws apply to token and SAFT offerings. There has been an extraordinary range of advice from numerous lawyers, law firms, and others, and many ICO issuers may not have had a ready way of determining which advice was sound, which was dangerous, and perhaps which was overly cautious. That confusion is now largely gone.

For token issuers that have already made offerings that do not comply with the federal securities laws, for token consultants and distributors that may have been acting as unregistered broker-dealers, and for trading markets that may have been acting as unregistered exchanges, it is time to address these issues. Speak with experienced securities legal counsel about the steps you can and should take.

Going forward, many token issuers will undoubtedly find that the federal securities laws, as applied to tokens and token platforms, are clunky and cumbersome, and not well-tailored to their activities. Registration statement forms were not developed with tokens and blockchains in mind, periodic reporting requirements were not developed with ICO issuers and platforms as the reporting parties in mind, the securities trading rules were not developed with token platforms in mind, and the regulations governing securities exchanges and markets were not developed with cryptocurrency in mind. Nonetheless, the federal securities laws still apply.

In the short term, ICO issuers and their legal counsel can work with the SEC to attempt to tailor existing registration, reporting, trading, and exchange rules to better reflect the nature of tokens and token platforms. In the longer term, the crypto industry perhaps can work with the SEC, other regulators, and Congress to develop a modified registration, reporting, and trading system that is designed specifically for cryptocurrency.

1 Authored by Tyler Kirk, Amy Caiazza and Robert Rosenblum.  Mr. Kirk and Ms. Caiazza are associates, and Mr. Rosenblum is a partner, at Wilson Sonsini Goodrich & Rosati. This article reflects the views of the authors, and do not necessarily represent the views of Wilson Sonsini Goodrich & Rosati or other lawyers at the firm. This article is not, and cannot be relied upon as, legal advice to any person or entity.
2 See Paul Vigna, SEC Launches Cryptocurrency Probe: Regulator Issues Subpoenas to Parties Engaged in Booming Market for Initial Coin Offerings, Wall Street Journal (February 28, 2018).
3 See, e.g., Hon. Jay Clayton, Statement on Cryptocurrencies and Initial Coin Offerings (Dec. 11, 2017) (
4 See Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Exchange Act Release No. 81207 (July 25, 2017) ( (the “DAO Report”).
5 See Munchee Inc., Securities Act Release No. 10445 (Dec. 11, 2017).
6 SEC Announces Enforcement Initiatives to Combat Cyber-Based Threats and Protect Retail Investors, Press Release No. 2017-175 (Sep. 25, 2017) (
7 SEC Launches Share Class Selection Disclosure Initiative to Encourage Self-Reporting and the Prompt Return of Funds to Investors, Press Release 2018-15 (Feb. 12, 2018) (
8 The SEC generally has five years to bring an enforcement action to obtain civil penalties and disgorgement in connection with a violation of the federal securities laws. See 28 U.S.C. § 2462; Kokesh v. SEC, 137 S. Ct. 1635 (2017) (holding that disgorgement is subject to Section 2462); Gabelli v. SEC, 133 S. Ct. 1216 (2013) (holding that the discovery rule does not apply to Section 2462 and that money penalties were time barred).
9 Moreover, even if one token issuer is successful in persuading a court that its tokens are not securities, other token issuers may not find much to celebrate. The determination of whether a particular token is a security is likely to be highly fact-specific, so the fact that one token is not a security may not be of much help to tokens with significantly different characteristics.
10 See William Goldman, The Princess Bride (Oct. 9, 1987) (Vizzini: “He didn’t fall? Inconceivable.” Inigo Montoya: “You keep using that word. I do not think it means what you think it means.”).