Anatomy of an ICO

Authors: Andrew James Lom, Rita Astoor, Rachael Browndorf Publication | April 10, 2018

A growing number of companies are turning to initial coin offerings—called ICOs—as an innovative way to raise capital.

In a typical ICO, a company sells digital coins or tokens to participants for a purchase price that can be paid in such currencies as US dollars or euros or in a cryptocurrency, such as bitcoin or ether.

Once issued, the tokens exist on a blockchain maintained by a network of participants and computers. These tokens can serve a variety of functions depending on the company’s business model. For example, tokens may grant access to services on a blockchain platform the company has set up — for example, to trade electricity — maintain governance rights over the platform, serve as their own tailored cryptocurrency for conducting transactions on the platform, or some or all of the above.

To function properly, most blockchain business platforms need a large number of widely-distributed token holders. In addition to raising money, an ICO can facilitate that wide distribution.

Whatever the design intent of a platform and token system, in many cases the tokens do not exist yet at the time of the ICO. Instead, the money raised is intended to fund development of the platform.

Delivery of the tokens to the ICO participants is expected at some future date, contingent on actual, successful development of the platform.

This payment with hopes of future development and delivery of tokens and other practical uncertainties and risks involved with blockchains and token systems leads to further uncertainty as to how tokens are treated for regulatory purposes.

While a lot of attention has been paid to whether tokens are securities under US federal and state securities laws, tokens can also look like, or be treated like, commodities, gift cards or other regulated assets. An analysis of what a token is then informs the offering and sale process for that token.

This analysis also has implications for how the token is used and exchanged by token holders and participants in secondary markets.

Token = security?

When thinking about “securities,” most people envision stocks, bonds, mutual funds, ETFs and similar investments.

The US Securities Act of 1933 does not include “tokens” or “coins” or virtual or crypto-currencies in its litany of regulated securities.

However, the litany finishes with the term “investment contract,” which acts as a catch-all to cover any other asset that behaves and feels like a security. In the seminal case of SEC v. Howey, the US Supreme Court explained what it considers an investment contract using a four-part test.

Under the Howey test, an investment contract is (i) an investment of money (ii) in a common enterprise (iii) with an expectation of profits (iv) from the efforts of others. If an asset satisfies all four parts, then it is a security.

Determining whether an asset is an investment contract under Howey requires a factually intensive analysis, encompassing both the underlying characteristics of the asset, as well as the circumstances surrounding how it is generated, marketed and sold. When applied to tokens, the Howey analysis considers both the design and issuance of tokens, as well as how the token functions within its specific platform or blockchain. While each token is different, they all have certain similarities.

An “investment of money” is interpreted broadly to include cash, goods, services, sweat equity, promissory notes or anything else that could lead to a potential for economic loss to the purchaser. Along these lines, two US courts have determined that bitcoin is a form of “money,” with one court holding that payment using bitcoin is an “investment of money” for the purposes of Howey.

A “common enterprise” arises when there are certain ties between the seller of the asset and its buyers, or among the buyers themselves. In an ICO context, the buyers typically rely on a core team of software developers to design the blockchain platform and create the initial block of tokens. Then, once the tokens are issued, holders are usually involved in the governance of the token system through certain consensus rights attached to the tokens and, in some cases, the core team of software developers maintains the power to upgrade and steward the use of the system. On an initial and ongoing basis, token holders are tied either to each other or the software team or both, thus creating a common enterprise.

An “expectation of profits” encompasses many different forms of financial benefit, such as additional tokens accumulated through participation in a system, or returns from the sale of tokens at appreciated values on an external trading platform. Some courts also extend this part of the Howey test to include a risk of loss.

One example is a golf club membership. Generally, golf club memberships are not refundable and cannot be transferred or sold at a profit, and thus are not considered securities. However, if a person buys a membership in a golf club that has not yet been built, and the proceeds are used for development of the golf course itself, then there is a risk that the golf course may never be finished or playable. Therefore, the potential loss of money invested and loss of opportunity to use the course makes that membership a security. This is particularly relevant for tokens, when the ICO proceeds are used to finance the development of the tokens in the first place, and then the tokens may not be available for use by participants for several months, if ever.

“Efforts of others” can include, for example, someone else building a factory, designing a product or selecting an investment portfolio. Again, because many ICOs involve tokens that have not yet been built, it is not hard to see that, at least at the initial stages, the success of the ICO depends on the efforts of the token’s development team. Then, on an ongoing basis, even if individual token holders participate in governance or other aspects of the token system, success and potential profits come from the efforts of many people, not just token holders acting individually.

If a token is a security, then the US Securities and Exchange Commission or one or more state securities regulators will have jurisdiction to regulate the offer and sale of that token. In particular, as the SEC continues to remind token issuers, a security token must be registered under the Securities Act if its ICO is open to the public.

However, not all tokens fit all four parts of the Howey test. Moreover, a token to an unbuilt platform, or a contract to purchase such a token, may be a security during the ICO phase, but that same token may not be a security once built and fully functional in the hands of its end users.

If a token is not a security, then the question becomes whether it fits into any other category of regulated asset.

Token = commodity?

A whole host of assets are bought and sold with fluctuating values that may lead to speculative profits or losses, but these assets are not always securities. Many of these assets, such as consumer goods and physical coins, are commodities.

Most tokens are intended to be used as consumer goods or in place of physical coins or other money. Examples include tokens that represent a physical asset or product, such as gold, tokens that can be used to purchase concert tickets in a trusted environment with no transaction or processing fees, and tokens that can be used for buying and selling media online.

These kinds of tokens generally look like commodities, and especially so after the blockchain platform has been built by the development team and tokens have been issued to ICO participants who can use them in a fully functional way to serve the intended purpose of the token design.

In 2015, the Commodity Futures Trading Commission determined that bitcoin and other virtual currencies are “properly defined as commodities” for the purposes of the US Commodity Exchange Act of 1936.

The CFTC’s regulatory jurisdiction covers derivatives transactions on “all services, rights, and interests in which contracts for future delivery are presently or in the future dealt in.”

While this includes commodity futures contracts, options on futures and swaps, it generally excludes spot (near immediate physical delivery) contracts and forward (deferred physical delivery) transactions. Nevertheless, the CFTC does have anti-fraud jurisdiction over commodity spot and forward markets.

Generally speaking, a futures contract is “an agreement to purchase or sell a commodity for delivery in the future (i) at a price that is determined at initiation of the contract, (ii) that obligates each party to the contract to fulfill the contract at the specified price, (iii) that is used to assume or shift price risk, and (iv) that may be satisfied by delivery or offset.”

While tokens may be commodities in the consumer sense, they usually are not structured in a futures format, although it is possible to have a separate regulated futures contract on a token, as discussed below. Also, while many ICOs involve a price determined and paid at the outset for delivery later at no additional cost, that delivery usually cannot be satisfied by a cash or other offset.

Other possible labels

What else might a token be? Labels have consequences.

Some tokens are seen as a store of value that can be used within a specific blockchain platform or that can be exchanged across different systems. Bitcoin is one example of a general-purpose store of value that can be exchanged with relatively little difficulty into and out of fiat currencies like US dollars and euros.

If a token has a more limited purpose on a closed system, to the extent that money is used to buy the token and the token can only be used to buy goods or services on its particular closed system, then that token could be similar to a gift card. Nearly every state has at least some level of regulation applicable to gift cards.

Other tokens provide access to, and can serve as payment methods on, virtual worlds or game systems. To the extent that the value of these tokens depend on outcomes of events in the virtual world or game, the tokens may be viewed as a gambling device. Again, nearly every state has at least some level of regulation applicable to gambling.

As new use cases for tokens are developed, those tokens may also fall into other regulated categories.

Regardless of whether tokens are securities or commodities or something else, any marketing and advertising of tokens or ICOs must still comply with US consumer protection laws.

The Federal Trade Commission is tasked with protecting consumers by preventing deceptive and unfair acts or practices. In a sales process, this includes any representation, omission or practice if it is likely to mislead consumers and affect their behavior or decisions about the product or service. Many states have similar consumer protection laws and agencies. These laws and agency jurisdiction cover not only the ICO process, but also continued use and exchange of tokens.

The FTC has received hundreds of complaints relating to bitcoin and other virtual currencies, most commonly involving consumer claims against online merchants that failed to deliver products on time, if at all. In FTC v. BF Labs, Inc., a federal court upheld the FTC’s final order against Butterfly Labs, a company that the FTC argued had deceptively marketed bitcoin mining machines and unfairly kept consumers’ up-front payments despite its failure to deliver the machines. According to the FTC, Butterfly Labs deceived consumers regarding the “availability, profitability, and newness of machines” it had designed to mine bitcoin.

In addition to ordering payment of a monetary fine, the final order prohibited the company from taking up-front payments for any product not available to be delivered to a purchaser within 30 days of payment, and required the company to provide consumers with “prompt refunds” for any damaged or defective product.

Along these lines, when a company is using an ICO to fund the development of its platform and token, the company must make it explicitly clear to ICO purchasers that the tokens will only be issued if the platform is eventually built, and that there is some risk that the platform will not actually be built.

Token trading

The value of many tokens is based on their expected use and exchange.

After an ICO, the regulatory requirements, liabilities and usage risks of tokens can fall in various ways on the original ICO sponsors (the software team), the consumers who use the tokens, any investors in and re-sellers of tokens in trading markets, and any exchanges or platforms on which the tokens are used or traded.

If a token is a security, it cannot be offered or sold to the public, by the issuer or on the secondary market, except pursuant to a registration statement or exemption from registration. Any intermediary through which security tokens are traded must be a registered broker-dealer, regulated exchange or similar entity. In some cases, under Rule 144 of the Securities Act, an unregistered token may be able to be resold to the public after a minimum holding period and without registration, but broker-dealer and exchange regulations would still apply. Moreover, tokens that are not registered under the Securities Act may be subject to “blue sky” securities regulations in multiple states.

If a token will be registered, the issuer must file a registration statement using Form S-1, which is subject to SEC review, before any tokens can be sold. The Form S-1 requires, among other things, a prospectus describing the issuer’s business and the securities being offered, financial information about the issuer, and certain disclosures regarding executive officers and key employees. Because tokens do not represent equity or debt in a business, it is difficult to imagine how some of these topics can be addressed sufficiently in a token context.

There is currently no token that has been approved by the SEC for public sale.

If a token is not a security, then there may be more freedom to trade it, especially in the commodity spot context, but such trading is still subject to potential regulation or enforcement actions by the CFTC, the FTC, state regulators and other agencies. Then, if the token is traded in a futures or options format, like CME Group or CBOE futures on bitcoin, additional rules will apply under the Commodity Exchange Act.

However, the Financial Crimes Enforcement Network, or FinCEN, asserts its jurisdiction over any issuer or exchange that sells “convertible virtual currency, including in the form of ICO coins or tokens, in exchange for another type of value that substitutes for currency.” Under the US Bank Secrecy Act of 1970, any such issuer or exchange is a money transmitter that must be registered with FinCEN and must comply with certain anti-money laundering and know-your-customer obligations.

Enter the SAFT

Assuming, as is the case in a typical ICO, that the money raised will be used to build the blockchain platform, it is very likely that the ICO is selling a security, at least until the tokens have been built.

In this context, rather than issue a token for an unbuilt platform as a security and then convert it into a, hopefully, non-security later, the instrument purchased in the ICO is typically a “Simple Agreement for Future Tokens,” or SAFT.

A SAFT is a contract in which payment is made today for delivery of tokens at some future date.

This contract was modeled off of the “Simple Agreement for Future Equity,” or SAFE, but has developed in its own direction and is not merely a SAFE for tokens. This contract does not have to be called a SAFT to be subject to the securities law and other considerations discussed below.

In form, the SAFT has many features in common with a stock purchase agreement or subscription agreement, including representations and warranties of the purchaser and disclaimers by the issuer.

Perhaps the most important feature is the risk that the platform and tokens may never be built, or may not function as originally intended.

Moreover, a typical SAFT does not obligate the seller to refund any part of the purchase price if, after appropriate efforts, the development team is not able to create the tokens.

A SAFT is generally understood to be a security under Howey because it is an investment of money alongside other investors in a blockchain project that is to be developed by a separate team of software engineers and that has a risk of loss and an expectation of gain. A SAFT may also be a forward contract on the tokens because it is a payment now for delivery later. However, a SAFT is unlikely to be a futures contract because it can be settled only by physical delivery of the tokens, not by a cash or other offset.

When tokens are delivered under a SAFT, the regulatory status of the tokens themselves must be assessed separately, along the lines discussed above.

In addition to the SAFT, the ICO documentation package includes a white paper and a disclosure document. Among other things, the white paper discusses in more technical terms how the platform will work and what the tokens will do. The disclosure document looks like a prospectus or private placement memorandum and includes risk factors and various other pieces of information that would not necessarily be in the white paper. A key risk factor is the future regulatory treatment of the tokens. While the hope of many ICOs is that the tokens will be relatively liquid commodities and not securities once issued (perhaps a year in the future), it is entirely possible that tokens could be unregistered securities subject to substantial restrictions on transfer.

The ICO process

Because a SAFT is a security, it must be sold in the US pursuant to a registration with the SEC or pursuant to an exemption from registration.

As registration is for the time being impractical, for the same reasons that registration of tokens is impractical, a private offering under Regulation D of the Securities Act is used as the typical registration exemption for an ICO. The most relevant exemptions under Regulation D are Rule 506(b) and Rule 506(c), both of which relate in principal part to sales only to “accredited investors” and can be in unlimited dollar amounts.

Rule 506(b) requires a true private offering and prohibits any kind of general solicitation or advertising. The SEC has explicitly stated that the use of an “unrestricted, publicly available” website is a general solicitation if the website contains an offer of securities. Given the internet-based nature of ICOs and the need to have a widely distributed token base that may not be accessible through private channels, such a website is often unavoidable, making Rule 506(b) impractical for an ICO. However, if general solicitation and advertising can be avoided, the advantage of Rule 506(b) is that each purchaser can self-certify in the SAFT that the purchaser is an accredited investor, and the issuer can generally rely on such self-certifications.

Under Rule 506(c), any amount of public solicitation and advertising is allowed, which can be a very powerful tool in an ICO context, but the issuer must take reasonable steps to verify that all investors are accredited. Relying on a purchaser representation in the SAFT would not be sufficient. While verification had been seen as an onerous process, because certain third parties, such as a purchaser’s accountant, are allowed to provide the verification, it is becoming more and more mainstream.

Whether a SAFT is sold under Rule 506(b) or Rule 506(c), the issuer must file a Form D with the SEC. The issuer must also comply with certain “bad actor” disqualification rules under Regulation D.

If the ICO issuer is not in the US, then Regulation S of the Securities Act allows the issuer to conduct a public offering outside the US concurrently with an offering in the US under Regulation D.

The main requirement is that the offering activities outside the US are not directed back into the US and do not constitute general solicitation or advertising in the US. For the same reasons that a Rule 506(b) ICO may not be practical, an ICO that relies on Regulation S outside the US may not be practical unless the Regulation D offering in the US follows the requirements of Rule 506(c).

While many ICO issuers hope for a vibrant and public secondary market to develop for their tokens, because securities sold under Regulation D and Regulation S are restricted securities under Rule 144 of the Securities Act, the SAFT will often include contractual restrictions on transfer. This means that no secondary market is likely to develop until after the blockchain platform has been built and the tokens issued, and only if the tokens can be traded without violating the Securities Act, the Commodities Exchange Act or any other applicable regulations.


Apart from offering a SAFT under Rule 506(c) and Regulation S, it may be possible to conduct an ICO as a form of crowdfunding under Regulation Crowdfunding or Regulation A+ of the Securities Act. (For more on crowdfunding, see “Crowdfunding: Good Way to Raise Capital?” in the February 2015 NewsWire.)

While both of these regulations would allow more immediate trading of SAFTs and security tokens, they would also require disclosures and SEC filings that are not unlike what is required in a traditional registration statement. Thus, just as registering with the SEC using Form S-1 is not always practical in the token context, using either of these regulations is likely to raise several issues as well.


Andrew James Lom

Andrew James Lom

New York
Rita Astoor

Rita Astoor

New York