The SEC Says Happy Thanksgiving to Token Issuers:
What Airfox, Paragon, and a Joint Staff Statement Mean for the Crypto Markets1

November 26, 2018

On the Friday before Thanksgiving, the Securities and Exchange Commission ("SEC") and its staff ("Staff") took a coordinated set of actions that should help further clarify its views on the application of the federal securities laws to tokens and other cryptocurrencies. First, in two settled administrative actions, the SEC's Division of Enforcement2 sued two token issuers – CarrierEQ, Inc., d/b/a AirFox ("AirFox"), and Paragon Coin, Inc. ("Paragon") – for publicly offering their tokens without registering them under the Securities Act of 1933 (the "1933 Act").3 The SEC did not allege fraud or any other securities law violations besides offering illegally unregistered securities.4

Second, the Divisions of Corporation Finance,5 Trading and Markets,6 and Investment Management7 (the "Regulatory Divisions") issued a joint statement summarizing, supporting, and providing regulatory context for the Division of Enforcement's recent token-related actions, including the Airfox and Paragon actions.8

In this article, we summarize some of the key takeaways from these actions. Not surprisingly, the SEC's and the Staff's actions further emphasize the need for token issuers and token exchanges to comply with the federal securities laws. In addition, we conclude this article by urging the SEC to further help token issuers by improving its processes for approving Regulation A+ and public offerings for tokens, for approving platforms on which tokens can legally be traded, and for facilitating the ability of investment professionals to provide investment advice to retail and other token investors.

Some Key Takeaways from the SEC's Pre-Thanksgiving Actions

  • Most Tokens Really are Securities. Some people in the crypto community have developed various justifications to support the contention that their tokens are not securities: the tokens have (or will have) some utility on a platform,9 the tokens are protocol layer tokens,10 the tokens will function on a decentralized platform,11 token technology is new and the federal securities laws are old, and many others.

    The SEC enforcement actions reaffirm that these justifications largely are irrelevant, that the "old" federal securities laws do apply to new tokens, and that in most cases, the considerations set out in the Howey test12 are the only considerations that matter: is there an investment of money, is there an expectation of profit, will the profit opportunity rely on the managerial or entrepreneurial efforts of a promoter, and is there a common enterprise among or between investors and/or the sponsor? If the answer to each of those questions is "yes," the token is a security, and that's true even if the token is a protocol layer token with utility on a purportedly decentralized platform (for example).13

    The SEC Staff has reviewed hundreds or thousands of tokens. To date, they have identified only two – Bitcoin and Ether – as not being securities. Any token issuer (or its advisers) that concludes that a particular token is not a security, therefore, needs to be able to point to unique characteristics of that token that sufficiently differentiates it, under the four Howey factors, from all the other tokens that the SEC apparently has determined are securities. Based on the Staff's guidance so far, we think it is rare that the Staff would be sympathetic to these types of arguments.
  • The Regulatory Divisions Agree With the Division of Enforcement. The Regulatory Divisions' Statement largely summarized and fully endorsed the Enforcement Division's recent actions and discussed the statutory bases for those actions. It is important to recognize how unusual this type of statement is; it is difficult to find other instances of the Regulatory Divisions issuing a joint statement endorsing recent actions by the Enforcement Division. It also is important to recall that this joint Statement follows many months of meetings between the Staff and various crypto market participants, in which the Staff primarily listened, but – other than statements in speeches – rarely made any public pronouncements.

    This Statement seems to be an especially emphatic rebuke by the Regulatory Divisions of a number of theories that have circulated in the crypto community for some time. The Statement strongly suggests, for example, that the Staff:
    • is not about to issue a no-action letter saying all or many tokens are not securities;
    • is not going to "grandfather" token issuers that violated the federal securities laws but did not commit fraud; and
    • does not agree that the federal securities laws are inconsistent with a vibrant token market and ecosystem – if anything, the Staff apparently believes that the federal securities laws are critical to developing and maintaining a vibrant token market and ecosystem.
  • The Airfox and Paragon Settlement Orders Imposed Significant Sanctions. Really Significant Sanctions. The SEC required both Airfox and Paragon to, among other things: cease and desist from future violations of the registration provisions of the 1933 Act;14 file a form 10 to register their tokens under the 1934 Act;15 give investors who purchased tokens directly from the issuer the right to get back their invested money, plus interest;16 and pay a civil monetary penalty of $250,000. As bad as these sound just listing them, here are some additional practical and legal consequences of those sanctions:
    • AirFox and Paragon are now "bad actors" that (absent a waiver from the SEC) no longer can issue tokens or other securities under Regulation D or Regulation A+.17 Their ability to raise new capital therefore is severely limited;
    • Airfox and Paragon must file annual reports (including audited financial statements), quarterly reports (including unaudited financial statements), and other reports when certain important events occur; they are subject to the same proxy rules, tender offer rules, Sarbanes-Oxley rules, and other rules that apply to public companies that have done an IPO. And Airfox and Paragon are subject to these rules even though they each apparently raised less than $20 million in their token offerings;
    • Airfox and Paragon each will be subject to these rules for at least a year, and each can then stop complying with these rules only if (for example) the number of outstanding token holders drops below 300.18 As a result, if their token platforms are successful and widely used, it is not clear that they ever will stop being subject to these rules; and
    • Airfox and Paragon still remain subject to potential lawsuits by state securities agencies, token purchasers, and potentially people who purchased tokens in secondary market transactions (such as on token exchanges).
    More generally, the terms of the settlements may pose a significant risk to the continuing viability of Airfox and Paragon. If, for example, every purchaser of tokens requests a repurchase, Airfox and Paragon would each have to pay back more money than they took in during the token offerings (since they would have to pay back the purchase price plus interest).19 In addition, it is likely that Airfox and Paragon have each used a portion of the proceeds raised in the token offerings for operating, development, and other expenses, so they likely do not have sufficient assets to fully repay significant repurchase requests. Each company also will incur significant expenses as public reporting companies, including audit, accounting, legal, and employee costs needed to gather and report applicable information. Also, each company presumably has borne significant legal expenses in connection with the SEC investigation and settlement, and may face additional regulatory and litigation costs.
  • The SEC May Impose Even Higher Sanctions in Future Cases. Companies Should Consider Self Reporting If They Have Illegally Sold Tokens. The terms of the Airfox and Paragon settlements likely are now the baseline for what a token issuer that illegally sold unregistered tokens can expect in a settlement with the SEC. It's important to appreciate, though, that these terms likely are a floor and not a ceiling. Among other considerations:
    • Both Airfox and Paragon received credit from the SEC for their cooperation (although neither of them apparently self-reported). It is conceivable that the SEC will not give similar cooperation credit to token issuers that it discovers through its own efforts, as contrasted with token issuers that self-report.
    • The sanctions imposed on Airfox and Paragon are significantly more onerous than those in a previous action by the Staff against another token offeror, Munchee, Inc. ("Munchee"), that the SEC found engaged in an illegal securities offering. In Munchee's case, the SEC ordered the company to cease and desist its offering without imposing additional remedial actions, fines or other penalties.20 Although some people in the token community apparently interpreted the Munchee order as suggesting that the SEC and its Staff would not take serious action against token issuers that violated the federal securities laws but that did not commit fraud, the Munchee order appears simply to have been a warning shot – the Staff appears to be ratcheting up the penalties for token issuers that engage or engaged in illegal offerings.
    • Notably, Munchee's token offering was after both Airfox' and Paragon's. This further suggests that the SEC does not view older offerings as somehow "cleansed" of or grandfathered out of potential liability.
    • The SEC limited its actions against Airfox and Paragon solely to violations of the registration provisions of the 1933 Act. Other token issuers may have engaged in additional illegal conduct, and the SEC may in the future seek to impose remedies and sanctions for that conduct as well.
      • Indeed, just based on the Airfox and Paragon settlement orders, there were likely other violations that the SEC did not pursue in those cases.
      • For example, AirFox apparently paid at least some illegally unregistered broker-dealers to sell its tokens, which at a minimum could have led to a charge that Airfox aided and abetted these violations.
      • Paragon may have charged transaction fees for transfers of tokens and may have maintained a "reserve fund" that would buy tokens from, or sell tokens into, the market to maintain the price and supply of the tokens. These may have raised broker-dealer, investment-company, market-manipulation, and Regulation M concerns.21
      • In future cases, the SEC may not be willing to overlook these types of violations.
    An issuer that may have illegally sold tokens without registration should consult with its counsel as to what remedial steps it should take, and should at least consider whether it should self-report to the SEC (and other regulators, as applicable).

A Plea to the SEC: More Resources, More Efficiency, More Communication

The SEC's pre-Thanksgiving actions are helpful, important, and informative. We also expect that the SEC will continue to bring enforcement actions against token issuers, token trading platforms, and other people and entities involved in cryptocurrency who the SEC believes took actions that did not comply with the federal securities laws. These actions will, we hope, help the token industry and its service providers better comply with the federal securities laws, and help minimize incidents of outright fraud and other misconduct in the token markets.

There is, however, more the SEC and its Staff needs to do. It has now been over 15 months since the SEC issued the DAO Report, in which it first publicly stated that tokens can be securities. Since that time, the SEC has not declared a single Regulation A+ or public offering for tokens effective; it and FINRA have not authorized a single trading market for tokens that are securities; and it has not authorized a single registered fund to trade tokens and thereby provide professional investment management services to retail and other token investors. Now that the SEC and its Staff have made it made it clear, again and emphatically, that token issuers and token platforms must comply with the federal securities laws, the SEC must make sure that it and its Staff are administering the federal securities laws in a way that permits token issuers and others to in fact comply with them.

  • The Division of Corporation Finance can and needs to move more quickly and efficiently in reviewing, commenting on, and approving token Regulation A+ offerings (and token public offerings on Form S-1 or F-1).
    • A number of token issuers apparently have accepted that the federal securities laws apply to their tokens, and they are trying to comply with those laws by qualifying or registering their tokens.
    • It also appears, though, that these issuers are waiting unreasonably long times for comments from the SEC – in some cases more than 60 days, or twice the stated goal of 30 days, for initial comments.
    • Some issuers report waiting a similar amount of time for comments on pre-effective amendments.
    • The SEC has not yet approved even a single Regulation A+, S-1, or F-1 offering for tokens.
    • There is no question that token offerings present unique issues and may require special levels of review. Nonetheless, the Division of Corporation Finance should strongly consider adding more resources, and appropriately streamlining its approach, to reviewing, commenting on, and approving these filings.
  • The Division of Trading and Markets, along with FINRA, can and needs to move more quickly and efficiently in reviewing and approving applications for trading platforms and their sponsors to register as broker-dealers and alternative trading systems ("ATSs") that are qualified to trade tokens.
    • Currently, there are no ATSs that are authorized to trade tokens that are securities.
    • Even when the Division of Corporation Finance begins approving Regulation A+ and public offerings for tokens, there cannot be an efficient token market and ecosystem unless token users have a market on which they can buy and sell tokens.
    • Also, some privately placed tokens have or soon will be outstanding for more than a year, and are or soon will become freely tradeable under Rule 144 under the 1933 Act. Holders or recipients of these tokens will not be able to easily sell these tokens until there is an approved ATS.
    • There is no question that token ATSs present unique issues, such as clearance, settlement, valuation, net capital, minimum listing standards, and others. Nonetheless, the Division of Trading and Markets should strongly consider devoting additional resources, and appropriately streamlining its approach, to reviewing and approving token ATSs.
  • The Division of Investment Management can and needs to find better ways of working with the token markets and providing investment professionals guidance regarding token-related activities.
    • The Division's initial foray was a statement to the effect that registered funds were in effect prohibited from investing in cryptocurrency,22 thereby depriving retail investors of the benefit of professional investment management of cryptocurrency trading.
    • Anecdotally, we understand that the Division has been uncharacteristically unresponsive to good faith interpretive inquiries related to, among others, investment company status issues and investment adviser custody issues that are important to the token markets.
    • There is no question that tokens present difficult issues under the Investment Company Act and the Investment Advisers Act. The Division of Investment Management should consider how the Division can better work with the industry, better encourage the industry to work with the Division, and better permit retail investors to take advantage of professional investment management services when investing in tokens and other cryptocurrencies.

  • 1 This Article was principally prepared by Robert Rosenblum, Amy Caiazza, and Taylor Evenson. Mr. Rosenblum is a partner, and Dr. Caiazza and Mr. Evenson are associates, of Wilson Sonsini Goodrich & Rosati. The views expressed in this Article are those of the authors and do not necessarily represent the views of their colleagues at WSGR or the views of WSGR's clients.
    2 The Division of Enforcement is primarily responsible for investigating potential violations of the federal securities laws, and bringing enforcement actions against people and entities that the Commission believes have violated those laws.
    3 In the matter of CarrierEQ, Inc., d/b/a AirFox, Order Instituting Cease-and-Desist Proceedings Pursuant to Section 8A of the Securities Act of 1933 (Nov. 16, 2018),; In the matter of Paragon Coin, Inc., Order Instituting Cease-and-Desist Proceedings Pursuant to Section 8A of the Securities Act of 1933 (Nov. 16, 2018),
    4 Airfox and Paragon both completed their public token offerings in October 2017, which was after the SEC first publicly stated that tokens may be securities. See Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Release No. 34-81207 (Jul. 25, 2017) (the "DAO Report"). It is still unclear whether the SEC would take a similar action, and if so whether it would impose different sanctions, against a token issuer that made a non-fraudulent public token offer prior to the time of the DAO Report.
    5 The Division of Corporation Finance is primarily responsible for, among other things, administering and providing guidance related to the 1933 Act, which generally governs the offer and sale of securities, and administering portions of the Securities Exchange Act of 1934 (the "1934 Act") dealing with the obligation of public companies to file periodic reports and comply with other rules applicable to public companies.
    6 The Division of Trading and Markets is primarily responsible for, among other things, administering and providing guidance related to the provisions of the 1934 Act governing brokers, dealers, exchanges, transfer agents, clearing agencies, and other market intermediaries.
    7 The Division of Investment Management is primarily responsible for, among other things, administering and providing guidance related to the Investment Company Act of 1940, which governs pooled investment vehicles like mutual funds, exchange traded funds, closed end funds, and private funds, and administering the Investment Advisers Act of 1940, which governs investment advisers and others who provide advice about buying and selling securities.
    8 See Public Statement, Divisions of Corporation Finance, Investment Management, and Trading and Markets on Digital Asset Securities Issuance and Trading (Nov. 16, 2018),
    9 The SEC Staff has repeatedly stated that a token does not stop being a security simply because it has some modicum of utility. See, e.g, In the Matter of Munchee Inc., Order Instituting Cease-and-Desist Proceedings Pursuant to Section 8A of the Securities Act of 1933 (Dec. 11, 2017), ("Munchee Order") ("Even if MUN tokens had a practical use at the time of the offering, it would not preclude the token from being a security. Determining whether a transaction involves a security does not turn on labelling – such as characterizing an ICO as involving a 'utility token' – but instead requires an assessment of 'the economic realities underlying a transaction.'"); William Hinman, Director, Division of Corporation Finance, Digital Asset Transactions: When Howey Met Gary (Plastic) (Jun.14, 2018) ("Howey Met Gary Speech") ("simply labeling a digital asset a 'utility token' does not turn the asset into something that is not a security.") In addition, both the AirFox and Paragon tokens were intended to have utility in the future. AirFox even required purchasers to agree that they were "buying AirTokens for their utility as a medium of exchange for mobile airtime, and not as an investment or security."
    10 Protocol layer tokens generally refer to the "native" tokens on a blockchain, which often are coded so that developers can modify those tokens to create new classes of tokens, with new functionality – or applications – that also are supported by that blockchain. Two well-known protocol layer tokens are Bitcoin and Ether, which happen to be the two tokens that Director Hinman identified as non-securities in the Howey Met Gary Speech. Some people in the crypto community have apparently inferred from this that all protocol layer tokens are non-securities. This is incorrect; Director Hinman concluded that Bitcoin and Ether are not securities because those particular tokens don't (in the case of Bitcoin) or no longer (apparently in the case of Ether) meet the definition of security under the Howey test. The determination of whether a protocol layer token is a security does not turn on its status as a protocol layer token; it turns on whether the token is a security under the Howey (or another) test.
    11 A significantly decentralized platform may result in the related tokens no longer being securities. The key, however, is that the platform must in fact be so decentralized that no sponsor or other third-party drives an expectation of return, and that the primary purpose of purchasing the tokens is for consumption purposes. See Howey Met Gary Speech. So far, the SEC Staff has identified only Bitcoin and Ether as meeting these requirements. Id. We believe that it will be rare, at least in the near future, for other platforms to reach this level of decentralization.
    12 SEC v. W. J. Howey Co., 328 U.S. 293 (1946) (discussing when an instrument is an "investment contract" and thus a security for purposes of the 1933 Act).
    13 It is important to remember that tokens can be securities even if they do not satisfy the Howey test. The definition of "security" in the federal securities laws includes a long list of instruments. Only one of those instruments is an "investment contract," and the Howey test is the test for determining whether an instrument is an investment contract. Certain tokens, however, can be securities under other parts of the definition of security. So, for example, some tokens may be securities because they are stock, bonds, debt, notes, evidence of indebtedness, or other instruments that are securities but that do not meet some or all of the elements of the Howey test. See, e.g., Reves v. Ernst & Young, 494 U.S. 56 (1990) (establishing the "family resemblance" test for determining whether a note is a security).
    14 Section 5 of the 1933 Act generally requires an issuer of securities to file a registration statement before publicly offering securities for sale, and requires the registration statement to be declared effective by the SEC before the issuer can publicly sell its securities. There are a number of exceptions from the registration requirements in Section 5, including private placements of securities to accredited investors made under Regulation D.
    15 Form 10 may be filed by an issuer that is required to register a class of equity securities under the 1934 Act. Registration under the 1934 Act is very different from registration under the 1933 Act. As discussed above, under the 1933 Act, an issuer registers securities that it will sell publicly by filing a registration statement (usually on Form S-1) with the SEC. 1933 Act registration registers securities that will be sold in a particular transaction or transactions; securities are registered only with respect to that transaction (or those transactions), and not for all time across all transactions.

    1934 Act registration is not related to a transaction. Under Section 12(g) of the 1934 Act, an issuer of a class of equity securities must register that class of securities when: (i) the issuer has at least $10 million in assets; and (ii) the class of equity securities is held by 500 or more non-accredited investors, or by 2,000 or more total investors, regardless of whether they are accredited investors. An issuer that does not meet these requirements may voluntarily register under Section 12(g); an issuer that meets these requirements must register under Section 12(g).

    An issuer that is registering a class of securities under the 1934 Act using form 10 must disclose significant quantitative and qualitative information about the issuer and its business, and then must (among other things) file annual, quarterly, and other reports containing significant quantitative and qualitative information about the issuer and its business.

    We do not believe that the Commission, by requiring Airfox and Paragon to become public reporting companies by registering under the 1934 Act, was suggesting that their tokens necessarily were equity securities, or that other token issuers will typically be required to register under the 1934 Act based on their outstanding tokens (unless their tokens qualify as equity securities and they meet the other requirements of Section 12(g)). Instead, we believe that the Commission required Airfox and Paragon to become public reporting companies so that the token purchasers would have access to sufficient information to make an informed decision as to whether to accept the repurchase offer that Airfox and Paragon each are required to make to people who purchased tokens from them. In other words, Airfox' and Paragon's 1934 Act registrations are in effect remedial substitutes for the 1933 Act registration that should have occurred prior to the companies offering their tokens.
    16 This repurchase right is derived from Section 12(a) of the 1933 Act, which permits the purchaser of an unregistered security to sue the issuer for "the consideration paid for such security with interest thereon, less the amount of any income received thereon, upon the tender of such security, or for damages if he no longer owns the security." The repurchase right in Airfox and Paragon leaves open a number of questions, such as what the applicable interest rate is and what rights (if any) secondary purchasers of the tokens have against the issuer.

    Another potentially significant issue arises if the token purchaser used Bitcoin or another cryptocurrency to purchase the tokens. In that case, is the consideration that must be repaid to the purchaser: (i) the number of Bitcoin or other cryptocurrency that the purchaser paid for the tokens; (ii) the dollar value, as of the purchase date, of the Bitcoin or other cryptocurrency that the purchaser paid for the tokens; or (iii) the number of Bitcoin or other cryptocurrency, valued at current prices, that would equal the dollar value of the purchase price as of the purchase date? For example (and leaving aside calculation of any interest due), assume that a purchaser bought tokens for the equivalent of $150,000 using 100 Bitcoin then valued at $1,500 per Bitcoin. Assume that at the time of the repurchase offer, Bitcoin is valued at $500 per Bitcoin. The issuer would be delighted to return to the purchaser 100 Bitcoin, because that would have a current market value of only $50,000 (or 1/3rd of the dollar value of what the purchaser paid). The purchaser, on the other hand, likely would prefer to get back $150,000 in cash, or 300 Bitcoin (also worth $150,000).
    17 See Rules 506(d) and 262(a) under the Securities Act.
    18 See Rule 12g-4(a)(1) under the 1934 Act. Either Airfox or Paragon also could deregister under the 1934 Act if its tokens were held by fewer than 500 persons and its total assets were $10 million or less on the last day of each of its most recent three fiscal years. See Rule 12g-4(a)(2).
    19 Notably, the repurchase offer that each of Airfox and Paragon have to make technically is to all purchasers, not just to purchasers who are U.S. citizens or residents. It is possible, however, that Airfox and/or Paragon might convince the SEC that the repurchase offer should be limited solely to U.S. citizens and residents.
    20 Munchee Order.
    21 Regulation M under the 1934 Act generally prohibits an issuer or its affiliates from simultaneously purchasing and selling its securities.
    22 See Division of Investment Management, Staff Letter: Engaging on Fund Innovation and Cryptocurrency-related Holdings (Jan. 18, 2018).