The Securities and Exchange Commission could be gearing up to drop major actions on issuers of initial coin offerings (ICOs).

According to Nicolas Morgan, a former lawyer for the U.S. government agency tasked with regulating the securities industry, the SEC is likely to roll out a sort of “assembly line” of enforcement actions against the nascent industry in the coming years.

While the SEC has issued guidance to the ICO industry, recently laying out why it classified tokens issued by The DAO (a now-defunct ethereum smart contract that sold its token to investors) as securities, the agency has yet to announce formal rules.

In response, the industry has moved in a different direction. Some, such as Overstock subsidiary tZERO, are deciding to get regulated, while others have moved to create utility for their tokens, thereby establishing it as a resource necessary for software products.

But according to Morgan, and others in the industry, the ever-expanding language and group of terms and techniques the industry uses could still expose entrepreneurs to a time-consuming SEC investigation and litigation.

“You might be right that your ICO is not a security, and some judge, at the end of the day, may agree with you, but is it worth the expense and distraction to get that answer from a judge?” he told CoinDesk, adding:

“It’s probably a better course of action if you’re anywhere close to being a security, to just assume that it is and go forward with that presumption in mind.”

Recently speaking at the ICO Forward Summit in New York City, Morgan, who served about seven years in the SEC’s enforcement division, spoke to CoinDesk about what to watch for in terms of SEC enforcement in the coming years.

This interview has been edited and condensed.

CoinDesk: At what point will the SEC and others weigh in more formally on ICOs?

Morgan: You’re not going to get a satisfactory answer that [your token is] not a security until the end of the SEC investigation process, in litigation, when you might get a judge that agrees with you that your ICO is not a security.

But it doesn’t even necessarily have to be at trial; a trial happens at the end of a legal proceeding. For example, in the Zaslavskiy case – the diamonds and real estate ICO in Brooklyn, New York – the SEC had to go into court, they filed a complaint, they [effectively] said “this token is a security.”

Then they got a preliminary ruling from the judge in that case that indicated that it probably was a security. That’s as close as we’ve gotten to a ruling by a judge.

Or take the Tezos class action, as another example: private lawsuit, filed in San Francisco state court. Not the SEC.

The plaintiffs and their lawyers have alleged that [Tezo’s ICO] involves a security. I have a feeling the very first line of defense by the defendants will be, “This is not a security. These particular laws don’t apply.” But no judge has ruled on it.

We don’t have judicial rulings on this, and we won’t have them for probably several months.

What does a startup need to do if it wants to proceed as if its token is a security, then?

If you’re proceeding on the assumption that you have a security and you want to have an ICO, the first thing is to decide whether you’re going to offer the tokens on a registered basis or pursuant to an exemption to registration. That’s probably the first issue that needs to be confronted.

Then there is: How will your sales and efforts selling ICOs or tokens be judged in hindsight? Use of proceeds is probably the biggest single representation to potential investors that will be scrutinized by regulators or private plaintiffs after the fact.

The use of proceeds has to be accurate. So that’s step one.

Step two: If you’re going to tout the qualifications of your board of advisors, make sure they actually are advisors and have agreed to be listed as such. And make sure when you’re describing either your advisors or your management, that the descriptions are accurate, not exaggerated.

Those things will be scrutinized.

A third thing is how you’re describing what it is you’re going to do. Not in terms of how the money is going to be spent, but, “We have certain milestones. We are going to launch this platform by January.” Well, if you say that, and January comes and goes and no launch has happened, that may be an issue.

Be careful how you characterize what you do operationally.

In your “assembly line” reference – where the SEC assesses tokens and takes some into investigation on a rolling basis – how this would work?

Models that might be a good analogy … one was a particular model in the PIPES market.

PIPES is an acronym for private investment in public equities, and it was a way for hedge funds and other investors to invest generally in small publicly traded companies through a private offering. It’s still around.

But the SEC latched on to a particular model, where the hedge funds would sometimes short the company’s stock simultaneously with purchasing in the PIPE.

The enforcement folks saw this going on. They didn’t like it; they thought it was a violation of law. And they sent these subpoenas out by the dozens.

The SEC developed a model where they saw the same fact pattern over and over again, where they would send out the subpoenas, check to see that fact pattern existed and then very quickly brought a lawsuit against companies. And so I can see that happening here.

We see an ICO, it pretty obviously falls into the realm of a security, in that they put out a white paper, they didn’t have a registration statement, they didn’t fit into an exemption to the registration requirements. So, let’s send out a subpoena.

And if the fact patterns recur over and over again, it makes it pretty easy for the SEC, that’s why I described it as an assembly line. Something that’s not automated, but it’s easily replicated on their side.

Do you think the SEC will come out with more formal guidance soon?

So, you see it a couple of different ways. You see it in something like the DAO report. That’s called a 21(a) report, because the report is issued under a certain section of the law.

The other way the SEC communicates is through speeches, public comments. We’re also going to see No Action letters, so you can go and basically ask a very specific question: “If we do this, will you agree not to recommend an action be brought against us?”

And then the absolute least effective way the SEC speaks is by bringing lawsuits. We’re going to see more of those.

You can tell what the SEC’s thinking because they allege it in a complaint they file in federal court or bring in an administrative proceeding. That’s a tough way to regulate, by litigation, but that’s going to happen too.

There are those in the ICO space who would prefer the SEC promulgate some regulations. I think that’s likely to happen also. They’ve got a lot on their plate that has nothing to do with ICOs, and the rulemaking process is a slow process.

So that’s why we may see the so-called regulation by litigation happen more immediately.

If rules came along, would the SEC grandfather in projects operating before those rules were formalized?

No. I don’t think they would.

Will all the fumbling with language, such as companies using “token” versus “coin” in their marketing, be effective?



The economic reality matters far more than the label. Tezos may be the test case on that, because they tried to call it a “donation.”

But it’s the economic reality, not the label, that’s the most critical issue.

How is the SEC doing, in your mind, investigating and regulating the industry? Does anything about the way regulation will be laid down worry you?

The DAO was a pretty obvious call as far as whether it was a security or not. I think that was good that the SEC did that, but it doesn’t go far enough.

They should put out pronouncements about tokens that are a closer call. And they will. They’ll get there. It will be in the form of No Action letters and rule-making.

I don’t disagree with the SEC’s approach.

What I’m anticipating disagreeing with is that I think the enforcement division is going to bring some cases where they just assume it’s a security, but where the defense may have a legitimate argument that it’s not a security.

I fear that the SEC will, in an effort to really make a point, bring cases where the existence of a security does not get the consideration that it really deserves, because there will be other bad factors in these cases. Fraud, theft of money, whatever it is.

So we won’t get the development of the law that we should. There won’t be the nuanced thinking about whether a security exists, because there will be other facts that overshadow that issue.

Assembly line image via Shutterstock