I wrote a follow-up to this blog post on 4 October 2017. If of interest, link: Thoughts on the Saft Part II: SAFT Harder

This week in Initial Coin Offering (“ICO”) land brings us the first publicly-acknowledged SAFT offering, of Protocol Labs’ Filecoin. For those of you not familiar with the SAFT, or “Simple Agreement for Future Tokens,” this is an option agreement modelled after something called a SAFE (Simple Agreement for Future Equity) used by Y Combinator to reduce the complexity of early-stage raises (say, $2 million-ish), staking out a position in a investment prospect’s cap table in a legally-binding way without going through the trouble of doing a full-bore Series A process of diligence, docs & raise. SAFT is the standard-form agreement used by CoinList, the new cryptocoin investing site co-founded by, among others, Filecoin’s Juan Benet and AngelList’s Naval Ravikant.

Before we begin/full disclosure, I’m an English lawyer and not US-qualified. However (a) nobody seems to be interested in s. 21 of FSMA 2000 this week and, (b) having done securities law in the UK, I have a healthy appreciation for rules around not selling securities in the USA.

With the above in mind, please read this blog post as a casual treatment of the subject by a curious third party observer; this is not legal advice and if you need legal advice, you need to hire a US-qualified securities lawyer. I know a few lawyers who are highly qualified to advise in this area in both the US and the UK. It should be my pleasure to refer you to them.

WTF does SAFT actually do?

As we all know, ICOs were slapped down in fairly dramatic fashion last week when the U.S. Securities and Exchange Commission (“SEC”) published its comprehensive report on the “DAO” investment scheme. The SEC concluded that the DAO token sale was a sale of securities/investment contracts and subject to American securities laws, the implication being that those laws were broken since the DAO’s promoters neither filed a registration statement nor published a prospectus.

The SAFT, in theory, is a way that we can get America-compliant with our token sales. According to the media:

“what makes this offering especially compelling is the fact that [Protocol Labs] has found a way to run an initial coin offering (ICO) that [the company] suspects will satisfy Wall Street’s rule-makers, even though they haven’t really written rules for this sector yet. In part, because it isn’t so much offering its digital currency now, but a token that will convert to it later.”

The general rule about selling securities is that if you sell securities to the public, you need to register them with the SEC and publish a prospectus; registration is expensive, a huge time sink and an administrative pain in the ass. For many, it is best avoided.

The SAFT structure makes ICOs achievable, we are told, because a SAFT limits participation in the SAFT to “accredited investors” Under Rule 506(c) of Regulation D, in contradistinction to your garden-variety ICO which sells tokens to all and sundry. Do this and meet some other conditions, and you don’t have to register the securities with the Commission. You can raise your funds and avoid the expense and bother of regulation.

“What does this mean?” I hear you ask. Well, if we look elsewhere in Regulation D, “accredited investor” is defined as…

“any person who comes within any of the following categories, or who the issuer reasonably believes comes within any of the following categories, at the time of the sale of the securities to that person: (1) Any bank… any investment company… [etc.]; … (4) Any director, executive officer, or general partner of the issuer of the securities being offered or sold, or any director, executive officer, or general partner of a general partner of that issuer; (5) Any natural person whose individual net worth, or joint net worth with that person’s spouse, exceeds $1,000,000 [not including their primary residence]; (6) Any natural person who had an individual income in excess of $200,000 in each of the two most recent years or joint income with that person’s spouse in excess of $300,000 in each of those years and has a reasonable expectation of reaching the same income level in the current year; (7) Any trust, with total assets in excess of $5,000,000, not formed for the specific purpose of acquiring the securities offered, whose purchase is directed by a sophisticated person as described in § 230.506(b)(2)(ii); and (8) Any entity in which all of the equity owners are accredited investors.

In other words, this is not any Tom, Dick and Harry with a couple of Bitcoins sloshing around like you and me. These are folks with the ability to throw some money into a highly risky investment without worrying about making the rent next month.

This is the demographic to which CoinList and the SAFT are designed to cater. If you sell to them and to them only, you’re not selling to the public. There are other rules, like a requirement to produce financial statements. If you comply with these requirements, per Rule 506(c) of Regulation D, you can raise an unlimited amount of money selling securities to anyone if they’re accredited. You can even advertise your sale over the Interweb.

Startups are basically printing money with ICOs right now – over $1 billion raised this year alone. As Filecoin pre-sold $52 million, pre-product, from 150 different persons including prominent venture capital firms like USV and Sequoia (its main accredited investor sale has not even begun), it would appear the SAFT is capable of printing money as well.

Worked example

So let’s say I want to do an ICO for a new cryptocurrency. I use a SAFT and advertise the thing on CoinList. I sell coins to accredited investors only. At some point after that I will need to hash a genesis block and give the investors their coins.

Presumably, at some even later point, either one of my investors or I will want to sell some of those coins. When that happens, someone – not necessarily me, it could be anyone – could call up Kraken or Poloniex and start trading them from there. I’d trade into Bitcoin, move it over to Coinbase, cash out, pay my developers, fuel up my Lamborghini and keep developing my project.

Something people do every day.

No problem, right?

Not quite.

The answer to this question is a tiny bit more complicated and invokes a genuine piece of regulatory uncertainty.

The question here is whether a token issued pursuant to the terms of a security/investment contract (i.e. the SAFT) is itself also an investment contract. (Which, to this week’s SAFT offering’s credit, is briefly acknowledged in the PPM).

This question currently has no answer. If our hypothetical generic token isn’t a security, a lot of problems go away from a securities law perspective. But if it *is,* token issuance – SAFT or no SAFT – gets complicated, and fast.

There are two rules which are involved here. The first is Rule 230.502(d)(vii),which states

(d) Limitations on resale. Except as provided in §230.504(b)(1), securities acquired in a transaction under Regulation D shall have the status of securities acquired in a transaction under section 4(a)(2) of the Act and cannot be resold without registration under the Act or an exemption therefrom. [etc.]

And the second, to which the SEC made reference in its DAO paper as well, is Section 5 of the Securities Act, which states

Unless a registration statement is in effect as to a security, it shall be unlawful for any person, directly or indirectly (1) to make any use of any means or instruments of transportation or communication in interstate commerce [note: including the Interweb] or of the mails to sell such security through the use or medium of any prospectus or otherwise [note: presumably this encompasses half-baked crypto whitepapers], or (2) to carry or cause to be carried through the mails or in interstate commerce, by any means or instruments of transportation, any such security for sale or for delivery after sale.

These are non-trivial continuing compliance obligations which are of fundamental relevance for cryptocurrencies – keeping in mind that a blockchain is traditionally the back-end of a fully automatic system designed to facilitate the instantaneous peer-to-peer transfer of digital property (meaning it’s likely to be classed as “interstate commerce”). Whether the rules bite depends on whether the SAFT is a vanilla investment contract wrapping itself around an unregulated token, or a vanilla investment contract wrapping itself around a more exotic investment contract. It’s important to know what the answer is up front because:

First, CoinList’s structuring decisions mean the SAFT contract is the critter that benefits from the Rule 506(c) exemption, not the tokens.

This means that, assuming the issuer complies with the requirements of Rule 506, the SEC can’t nail a company for issuing a SAFT – but the yet-to-be-created tokens remain fair game.



Second, the Rule 502(d) prohibition on re-sale without registration is likely the reason why token issuers see a need for the SAFT instead of just using the accredited investor exemption to sell the tokens directly to the VCs/investors in pre-sale allocations.

Tokens, if indeed they are investment contracts, are not typical investment contracts like stock or debt in that they do not represent a claim against the company, but rather they represent an ability to write to some data structure that the company has built (in common market practice). That’s it. When a company creates these tokens/coins, very often it issues a significant number of coins to itself which it then holds as a balance sheet asset with an acquisition cost of 0. Issuers then flog the extra coins they gave to themselves on public markets to finance their operations (i.e., they make public offerings).

Availing yourself of Rule 506 for the token would basically be tantamount to admitting that your token is an investment contract and thus can’t be publicly re-sold unless you register. You can’t really call a token one thing today to obtain the benefit of a safe harbor, and then reclassify it as something else tomorrow because you want to trade it.

Third, Rule 144 won’t fly either – at least not for the kind of trading that we see on today’s ICO market. Nobody is going to get a legal opinion every time they open their crypto wallet.

Fourth, the s. 5 prohibition on resale does not apply to transactions executed by persons who are not “issuers, underwriters or dealers.” Meaning it applies to issuers, underwriters, and dealers. Where tokens are found to be part of a public offering, projects (being issuers) will not be able to liquidate their own coins due to the operation of the prohibition (note: this legal rule more or less nukes USV’s Fat Protocol thesis from orbit).

As to underwriters/dealers, these definitions are broad, but suffice it to say they’re not commonly thought to encompass day traders. Query whether the crypto hedge funds or VCs who are investing in this stuff would qualify depending on the exact nature of their businesses and involvement in a given scheme.

Fifth, it is difficult to divorce the money and exchange component from “utility tokens,” as app-coins are sometimes called, particularly in the context of a speculative ICO where the token allocation is pre-sold to persons who could not possibly consume them all and are purchasing the coins with the expectation of profit on re-sale.

Sixth, under these circumstances, the safest way for a coin to demonstrate legality in the context of a mass-market public blockchain application, and to allow it to be traded for money or money’s worth with relatively little hassle, is to endeavor to register the coin and subsequently list it on a national securities exchange.

To my knowledge, nobody has yet attempted to register a coin ICO (although some folks have done securities issuances on a public chain).

Lastly, no matter how you slice it, you’re probably going to have to pay a huge amount of tax on income or capital gains from your tokens’ sale, which doesn’t happen when you raise traditional equity. (Tax law treats this stuff differently than securities law, I’m afraid.)

But hey, if you’re paying a lot of taxes you’re selling a lot of tokens, so who cares, right?

As to the exchanges themselves, the question of whether a token is or is not a security is relevant for the purposes of Section 5 of the Securities Exchange Act of 1934, which states

It shall be unlawful for any broker, dealer, or exchange, directly or indirectly, to make use of the mails or any means or instrumentality of interstate commerce for the purpose of using any facility of an exchange within or subject to the jurisdiction of the United States to effect any transaction in a security, or to report any such transaction, unless such exchange (1) is registered as a national securities exchange under section 6 of this title, or (2) is exempted from such registration upon application by the exchange because, in the opinion of the Commission, by reason of the limited volume of transactions effected on such exchange, it is not practicable and not necessary or appropriate in the public interest or for the protection of investors to require such registration

So that’s interesting.

Is a post-SAFT token an investment contract?

We now know that a token seller answering this question incorrectly will find himself in a world of pain. So what’s the answer?

Unfortunately, the answer is “it depends” – on the facts surrounding a particular token, and on what a judge says the first time that a ICO sees the inside of a courtroom. Which has not yet happened.

For now, the SEC has left the door open somewhat by not opting for something hyper-aggressive and tantamount to a blanket ban, which leaves some room for plausible deniability among SV bigwigs and others when this bubble pops and the SHTF (if not in the eyes of the law, then at least for the sake of face-saving in two years’ time). Also, by not blanket-banning crypto-tokens they have left open a means by which a cryptocurrency can at least get through the first phase of its existence (funding protocol development) without falling foul of securities law along the way.

There are also some practical points to consider; I would expect global regulators’ attention to be focused on the more wild ICOs that pre-date the guidance, and ICOs which are quite transparently frauds (some ICOs are more honest than others). The frauds will have more victims, who will make more complaints. Those cases will therefore jump to the front of the queue.

If it turns out that garden-variety ICO tokens are not investment contracts, we really are dealing with a new paradigm and I will eat my hat on Bitcoin Uncensored. Good for the issuer and praise be to the prescience of their enlightened venture backers.

If however most of these tokens are investment contracts in the end, we know that due to the impact of the securities laws that registration is more or less the only thing we can do in order to operate a company coin within the bounds of US law. Distributing tokens with the knowledge that a crypto exchange might download the client and allow existing token-holders (to whom the tokens were privately sold) to list and start trading the tokens could see pre-sale purchasers deemed “mere conduits for a wider distribution” and see private offering status lost.

There are, of course, hypothetical transactions which I think would pass muster under the American rules – let’s say, a coin which goes from

block coinbase –> end user –> burned in software or exchanged for a good or service without making any stops at Polo or Kraken along the way

…and used in this way only might not be an investment contract. In other words, something that looks and is treated by the market more like Bitcoin 2009 than Bitcoin 2017.

But this is not what we see. By contrast, most coins are issued with the intention of appreciating – often rapidly – and they are listed on publicly-accessible financial infrastructure, i.e. the big coin exchanges, immediately upon release. Worse, if we look to sophisticated market participants’ conduct vis-à-vis these ICOs (chiefly: venture capitalists, hedge funds), they tend to do things like amass vast numbers of coins on sweetheart terms ahead of the public sale (possible underwriter?) or invest other people’s money into the deal and execute trades on their behalf (possible broker-dealer?).

We would find this kind of behaviour extremely unusual if it were taking place in relation to Oracle database licences. We would find it boring and normal in relation to startup equity or high-yield bonds. Draw your own conclusions as to what this means for any given token’s SEC v W.J. Howey Co. investment contract analysis.

Finally, there is the possibility that securities regulation will wind up being mostly irrelevant and we’re all barking up the wrong tree. Because coins aren’t actually traditional securities and (usually) confer no legal rights to anything (with some recent token purchase contracts being so vague and issuer-friendly as to border on being illusory or unconscionable from the perspective of the purchaser), there is also a non-zero risk that coin offerings will be classed as MLMs of some kind that are

“organized and operated in such a manner that the realization of profit by any participant is predicated upon the exploitation of others who have virtually no chance of receiving a return on their investment and who had been induced to participate by misrepresentations as to potential earnings.”

When the current bubble collapses (and it will), this last point might become more relevant, particularly if n00b bagholders grab their pitchforks and start asking Uncle Sam to get involved, to help them get their money back. If these are investment contracts, this is a demand aforementioned bagholders will be perfectly entitled to make.

If this happens, although the SEC will stay in the loop, the really exciting action will be in the domain of the tort lawyers and federal and state prosecutors working in tandem with the FTC. See, e.g., the recent case of Josh Garza and GAW Miners (which involved fraudulent misrepresentations relating in part to a cryptocurrency called Paycoin). Although in the civil enforcement action the SEC got a $12 million default judgment, the U.S. Attorney got a guilty plea for one good, old-fashioned count of wire fraud. No Securities Act required.

Note that if this interpretation is adopted, some state laws cast a much wider net to penalize participants than Section 5 of the Securities Act of 1933 does.

tl;dr

In the wake of the SEC’s paper last week, and at all points before it, the blockchain industry’s thinking has over-emphasized complying with regulations that govern the initial issuance of tokens, and has neglected to address the impact of all of the regulations that apply on a continuing basis.

I didn’t write this to throw shade at Protocol Labs. Far from it. Any startup which follows the CoinList route and sticks with pre-selling to accredited investors would rightly be praised for doing more compliance than most, if not all, of the other ICOs that have taken place to date.

As for the SAFT, it may yet prove to be a useful tool that gives token issuers a limited but nonetheless effective safe harbor to pre-sell tokens and get development funds. But it is the beginning of a startup’s compliance story, and not its end.

Startups who embark on the ICO journey are creating automated value transfer systems that operate across borders with no KYC. These systems, once turned on, cannot be turned off or controlled. But the startups will continue to be expected to maintain them.

This is not easy, technically or legally. For this reason, the SAFT is clearly not anything near a cure-all for the compliance issues an ICO startup will later face, whether in the field of securities regulation or otherwise.

In the previous section, I avoided giving my view on whether the SAFT (or something similar to it in another jurisdiction) would be enough to avoid liability under the securities laws. While the SAFT undoubtedly represents an improvement over the status quo, it does not change the fact that people will not realize profits by selling options for future coins – they will realize profits by selling the coins. Which, whether we’re looking at a Bitcoin clone, Ether-as-cryptofuel, or anything else, are nearly always treated by buyers as investments and not as software products.

For this reason, my personal view is that most ICOs – even the “utility coins” – are unlikely to escape regulation by jurisdiction-appropriate rules regarding public offerings, financial promotions and unfair trade practices. I have held this view since 2014 but then again I’m pretty conservative. Time will tell whether enforcement is aggressive enough for the expected payoff of raising with an ICO to fall below the expected payoff of not raising with one.

To sum up, tempting as it may be in this crazy market, startups should take great care to avoid raising too much, selling tokens which are investments, or interacting with the United States. And, again, startups should make damn sure they consult a good lawyer.