Securities Enforcement Forum, East Palo Alto, California (<i>by video</i>)

One year ago, I gave a speech—appropriately in Southern California—called “Beaches and Bitcoin.”[1] At that time—not so long ago in analog time but eons ago in digital time—the burning question was how to decide when issuing tokens constituted an offering of securities. The industry was rapidly developing and I worried that the SEC, as one of its potential regulators, would stifle its growth. I will admit today that I was very wrong, not about whether the SEC would stifle the industry’s growth—it has—but in how it would do it. Given that opening, I better give my disclaimer that my remarks represent my own views and not necessarily those of the Commission or my fellow Commissioners.

In last year’s remarks, I contrasted regulatory sandboxes with regulatory beaches. A beach has the necessary oversight, but offers a lot of freedom. I worried that, by contrast, a regulatory sandbox, something the SEC had been urged to establish, would tempt the Commission to “grab hold of the shovels and buckets” and meddle in the building of sandcastles. It is not the regulator’s job to get involved in the creative process, and, in any case, creativity is not the regulator’s strong suit.

I also expressed my concern that the SEC would lead with its enforcement powers, thus allowing anxiety about the risks of new technology to overshadow the opportunities it presents. I worried that hasty regulation would smother the industry in its infancy. My concerns did not become reality. The enforcement actions we have taken to date in the crypto space have—for the most part—exhibited appropriate restraint. On the regulatory side, hasty is not the word I would use to describe the SEC’s pace. It is not the SEC’s overzealous action that has stifled the crypto industry, but its unwillingness to take meaningful action at all.

Forbearance on the part of a regulator is often appropriate, especially in the interest of allowing market forces, rather than knee-jerk regulatory impulses, to shape a developing industry. The problem is that the securities laws do not cease to operate as a new industry develops. Consequently, individuals and companies in the industry must comply with our securities laws or risk becoming the subject of an enforcement action. It is therefore our duty as a regulator to provide the public with clear guidance as to how people can comply with our law. We have not yet fulfilled this duty.

I would like to outline the key areas in which clarity is lacking, but first it may be helpful to back up a bit and provide better context. While there are areas where we must provide guidance and clarity, I do not want to give the impression that we have been entirely silent on the topic of digital assets.

For example, when I spoke about ICO regulation a year ago, it seemed necessary to introduce my audience to an old Supreme Court case known as Howey.[2] Now, for most people following the crypto space, Howey is an old frenemy. As you know, Howey provides the framework for determining whether certain assets are securities. Regardless of form, something is a security if it represents an investment in a common enterprise with the expectation of profit solely through the efforts of others. In practice, as interpreted by the courts and the Commission, profit need not be solely from the effort of others.[3]

Undoubtedly, digital assets can be securities if they meet the Howey test. On this point, the SEC has been very clear. In 2017, before my arrival at the SEC, the Commission issued the DAO Report, which found that—despite some confounding factors—the tokens issued by the unincorporated organization known as the DAO were indeed securities under the Howey test.[4] In early 2018, SEC Chairman Jay Clayton testified during a Senate hearing “I believe every ICO I’ve seen is a security.”[5] Later that year, Director of Corporation Finance Bill Hinman gave a now well-known speech “When Howey Met Gary (Plastics),” in which he stated “calling the transaction an initial coin offering, or ‘ICO,’ or a sale of a ‘token,’ will not take it out of the purview of the U.S. securities laws.”[6]

We also have brought a handful of enforcement actions against individuals and organizations that have issued what are clearly securities without either registering the offering with us or qualifying for an exemption. I have been pleased to see that our staff has worked to enforce our laws fairly and, in crafting its recommendations, has taken pains to provide relief where issuers have self-reported. For example, in February of this year, we settled with Gladius Network LLC.[7] In late 2017, after the SEC’s DAO report was public, Gladius conducted an ICO without registering the offering with the SEC or qualifying for an exemption. In 2018, Gladius self-reported and demonstrated a willingness to work with the SEC to take the necessary remedial steps. Because of this, we imposed no penalty. Instead, as is typically required for improperly issued private offerings, Gladius was required to make a rescission offer to its investors and to register its tokens as securities. One notable part of the order was a provision envisioning the possibility that one day the tokens might no longer be securities.

Since last year’s speech, we also established FinHub to provide a common contact point and center of organization for all things financial technology at the SEC.[8] Valerie Szczepanik, who oversees FinHub, has conducted several outreach events to engage those working on crypto issues. Indeed, just last week, she held one of FinHub’s so-called “peer-to-peer” events in the SEC’s Denver office. These P2P events are opportunities for people working in this space to interact directly with the SEC staff.

As pleased as I am to see FinHub up and running, I view other efforts in the crypto area as more of a mixed bag. The SEC staff recently issued a framework to assist issuers with conducting a Howey analysis of potential token offerings.[9] The document is a thorough 14 pages. It points to features of an offering and actions by an issuer that could signal that the offering is likely a securities offering. If this framework helps issuers understand what the different Howey factors might look like in an ICO context, it may be valuable. I am concerned, however, that it could raise more questions and concerns than it answers.

While Howey has four factors to consider, the framework lists 38 separate considerations, many of which include several sub-points. A seasoned securities lawyer might be able to infer which of these considerations will likely be controlling and might therefore be able to provide the appropriate weight to each. Whether the framework gives anything new to the seasoned securities lawyer used to operating in the facts and circumstances world of Howey is an open question. I worry that non-lawyers and lawyers not steeped in securities law and its attendant lore will not know what to make of the guidance. Pages worth of factors, many of which seemingly apply to all decentralized networks, might contribute to the feeling that navigating the securities laws in this area is perilous business. Rather than sorting through the factors or hiring an expensive lawyer to do so, a wary company may reasonably decide to forgo certain opportunities or to pursue them in a more crypto-friendly jurisdiction overseas.

On the same day the Corporation Finance staff issued the Framework, the staff also issued the first token no-action letter in response to an inquiry from TurnKey Jet, a charter jet company.[10] The company intended to effectively tokenize gift cards. Customer members could purchase tokens that would be redeemable, dollar for dollar, for charter jet services. The tokens could be sold only to other members. This transaction is so clearly not an offer of securities that I worry the staff’s issuance of a digital token no-action letter—the first and so far only such letter—may in fact have the effect of broadening the perceived reach of our securities laws. If these tokens were securities, it would be hard to distinguish them from any medium of stored value. Is a Starbucks card a security? If we are going that far, I can only imagine what name the barista will write on my coffee cup.

And yet, the staff’s letter did not stop at merely stating that the token offering would not qualify as a securities offering, but highlighted specific but non-dispositive factors. In other words, the letter effectively imposed conditions on a non-security. For example, the staff’s response prohibits the company from repurchasing the tokens unless it does so at a discount. Further, as I mentioned earlier, the incoming letter precluded a secondary market that includes non-members. Does that mean that a company that chooses to offer to repurchase gift cards at a premium or that allows gift card purchasers to sell or give them to third parties needs to call its securities lawyer to start the registration process?

I have supported the issuance of staff no-action letters in the crypto space. No-action letters can provide valuable comfort to market participants whose planned activities may occupy a murky or gray area of securities law. I do not believe there was anything gray about the area in which TurnKey planned to operate, but issuing this letter may give the false impression that there was.

It is not only issuers of tokens that have to worry about what they are. The venues on which they trade, the professionals who buy and sell them, and the funds that hold them also need to know what the tokens are.

Investors typically use brokers to buy and sell their securities. Brokers and investment advisers who hold client assets are subject to regulations regarding the custody of those assets. How can they satisfy the custody rules if the thing being custodied is a digital security? How can auditors fulfill their obligations in connection with digital securities? If a broker is selling a digital security, how can the broker prove that it has control over the security such that no one else can sell the same asset? May a broker-dealer’s business include a mix of digital assets, only some of which are securities? If a platform wants to allow trading in digital assets, what are its obligations? Is it permitted to trade both securities and non-securities?

On these points, the SEC has been nearly silent. This silence may ultimately be deadly. An issuer can conduct a private securities offering with no SEC involvement. The rules that distinguish a private from a public offering focus on the offerees and investors. The form that the security is in—whether shares of common stock or interests in orange groves—has no bearing on how the rules operate. The rules that govern broker-dealers, investment advisers, auditors, and trading platforms are different. They govern the ownership, storage, and exchange of securities—exactly the aspects of digital assets that the crypto industry seeks to transform. A broker or adviser cannot custody an asset if it does not know how to show it has possession and control of the asset. An auditor must be able to review and verify the actual transactions.

Additionally, while issuers that rely on the private offering exemption do not need SEC permission to issue securities, a platform cannot trade securities unless it is registered with the SEC as an exchange or an alternative trading system. A broker-dealer generally must register with the SEC and FINRA.

The SEC has yet to provide guidance to the public or FINRA on any of the core questions. The result is that many would-be brokers and trading platforms are stuck in a frustrating waiting mode; they are unable to get clear answers to questions about how they may proceed in this market.

Questions also remain for investment advisers and funds that might want to include digital assets in their portfolios. The SEC’s Division of Investment Management recently issued a letter that outlines a number of questions regarding custody, including custody of digital assets, under the Investment Advisers Act.[11] The letter is helpful in that it provides insight into the questions advisers should be thinking about as they consider whether to buy and hold digital assets on behalf of their clients. It is less helpful in that it provides no current guidance on how an adviser might comply with the custody rule. There is nothing wrong with the SEC raising questions for public input. In a new and rapidly developing area, it is indeed an essential first step. But it is only the very first step. There are several more that the SEC must take, and soon.

Without a functional secondary market, which encompasses broker-dealers and trading platforms that can legally trade digital securities, and advisers and funds that can buy and hold the assets, the primary market in the U.S. will wither and retail investors will not enjoy the protection our securities laws offer.

This is not to say that our primary markets are functioning as well as they could, either. While, as I said, an issuer can conduct a private offering without SEC involvement, there are reasons an issuer might prefer to use another type of offering and may therefore require our involvement. The most attractive offering type for many smaller issuers wishing to use tokens may be the Regulation A offering. Regulation A offerings are often called “mini IPOs” because they involve an offering to the public but require fewer disclosures than a fully registered public offering and are limited in size. Unlike a private offering, however, a Regulation A offering must be qualified by the SEC before the issuer can begin raising money. Although several companies seeking to issue tokens have begun the process, none has yet had its Regulation A offerings qualified. The lack of progress is not only difficult for the companies that remain in limbo, unable to move forward with raising capital, but also may scare off other companies. These companies may opt for a private offering instead, depriving the general public of the opportunity to invest, and also depriving the market of the public disclosure of the information included in the Regulation A offering materials.

Developing appropriate guidance is not an easy task, but the SEC is not alone in this endeavor. Many companies, including start-ups and large, established players, are working on solutions to just these questions. We must invite the market to continue its development by providing greater engagement and offering guidance on which types of solutions are likely to satisfy our regulatory requirements.

We have taken the first step by providing some sense of how we look at Howey in the digital assets context. Our Jackson Pollock approach to splashing lots of factors on the canvas without any clear message leaves something to be desired, so we still have work to do in clarifying what factors are the most important in making that determination. It is time for us to tackle the remaining legitimate legal questions in a way that does not throw merit-based obstacles in the way of socially beneficial innovation. As I said last year, regulators are not in charge of the creative process. We should not be trying to guide innovation, but we also should recognize that we cannot stop it and embrace the potential for positive change that innovation offers. Our silence is likely to simply push this innovation and any attendant economic growth into other jurisdictions that have done their work and provided clear guidelines for the market participants to follow. The U.S. securities markets have historically been the envy of the world; I do not want heel-dragging by the SEC in crypto to mar that well-deserved reputation.

Thank you all for your time. I am sorry that I could not be there in person for what looks like a fascinating day.