The Senate Banking Committee’s Hearing On Cryptocurrencies

On February 6, 2018, the United States Senate Committee on Banking Housing and Urban Affairs (“Banking Committee”) held a hearing on “Virtual Currencies: The Oversight Role of the U.S. Securities and Exchange Commission and the U.S. Commodity Futures Trading Commission.” Both SEC Chairman Jay Clayton and CFTC Chairman J. Christopher Giancarlo testified and provided written testimony. The marketplace as a whole had a positive reaction to the testimony, with Bitcoin prices immediately jumping up by over $1600. This blog reviews the testimony and provides my usual commentary.

The SEC and CFTC Share Joint Regulatory Oversight

The Banking Committee hearing follows SEC and CFTC joint statements on January 19, 2018 and a joint op-ed piece in the Wall Street Journal published on January 25, 2018 (see HERE). As with other areas in capital markets, such as swaps, the SEC and CFTC have joint regulatory oversight over cryptocurrencies. Where the SEC regulates securities and securities markets, the CFTC does the same for commodities and commodity markets.

Bitcoin has been determined to be a commodity and as such, the CFTC has regulatory oversight over futures, options, and derivatives contracts on virtual currencies and has oversight to pursue claims of fraud or manipulation involving a virtual currency traded in interstate commerce. Nevertheless, the CFTC does NOT have regulatory jurisdiction over markets or platforms conducting cash or “spot” transactions in virtual currencies or other commodities or over participants on such platforms. These spot virtual currency or cash markets often self-certify or are subject to state regulatory oversight. However, the CFTC does have enforcement jurisdiction to investigate fraud and manipulation in virtual currency derivatives markets and in underlying virtual currency spot markets.

The SEC does not have jurisdiction over currencies, including true virtual currencies. However, many, if not all, token offerings have been for the purpose of raising capital and have involved speculative investment contracts, thus implicating the jurisdiction of the SEC, in the offering and secondary trading markets.

Chair Clayton repeated that “every ICO I’ve seen is a security,” and added, “[T]hose who engage in semantic gymnastics or elaborate re-structuring exercises in an effort to avoid having a coin be a security are squarely in the crosshairs of our enforcement division.” Chair Clayton is very concerned that Main Street investors are getting caught up in the hype and investing money they cannot afford to lose, without proper (if any) disclosure, and without understanding the risks.  He also reiterates previous messaging that to date no ICO has been registered with the SEC and that ICO’s are international in nature such that the SEC may not be able to recover lost funds or effectively pursue bad actors. Cybersecurity is also a big risk associated with ICO investments and the cryptocurrency market as a whole. Chair Clayton cites a study that more than 10% of total ICO proceeds, estimated at over $400 million, has been lost to hackers and cyberattacks.

It is becoming increasingly certain that the U.S. will impose a new regulatory regime over those tokens that are not a true cryptocurrency, which would likely include all tokens issued on the Ethereum blockchain for capital raising purposes. Clayton made the distinction between Bitcoin, which is decentralized, on a public Blockchain and mined or produced by the public and other “securities tokens” which are the cryptocurrencies that developed by an organization and created and issued primarily for capital formation and secondary trading.

Many tokens are being fashioned that outright and purposefully resemble equity in an enterprise as a new way to represent equity and capital ownership. Clearly this falls directly within the SEC jurisdiction, and state corporate regulatory oversight as well. Furthermore, there are instances where a token is issued in a capital-raising securities offering and later becomes a commodity, or instances where a token securities offering is bundled to include options or futures contracts, implicating both SEC and CFTC compliance requirements.

In the Banking Committee testimony, the SEC and CFTC presented a united front, confirming that they are cooperating and working together to ensure effective oversight. Both agencies have established virtual currency task forces and their respective enforcement divisions are cooperating and sharing information. Also, both agencies have launched efforts to educate the public on virtual currencies, with the CFTC publishing numerous articles and creating a dedicated “Bitcoin” webpage.

In addition to cooperating with each other, they are also cooperating and communicating with the NASAA, the Consumer Financial Protection Bureau, FinCen, the IRS, state regulators and others.

The Technology

Consistent with all statements by the regulators, both the SEC and CFTC agree that that blockchain technology is disruptive and has the potential to, and likely will, change the capital markets. Moreover, both agencies consistently reiterate their support of these changes and desire to foster innovation.  In fact, the new technology has the potential to help regulators better monitor transactions, holdings and obligations and other market activities.

Chair Giancarlo’s testimony states that “DLT is likely to have a broad and lasting impact on global financial markets in payments, banking, securities settlement, title recording, cyber security and trade reporting and analysis. When tied to virtual currencies, this technology aims to serve as a new store of value, facilitate secure payments, enable asset transfers, and power new applications.” In addition, smart contracts have the ability to value themselves in real time and report information to data repositories.

However, regulation and oversight need to be fashioned that properly address the new technology and business operations. Both agencies are engaging in discussions with industry participants at all levels. A few of the key issues that will need to be resolved include custody, liquidation, valuation, cybersecurity at all levels, governance, clearing and settlement, and anti-money laundering and know-your-customer matters.

Overall, Chair Giancarlo seemed more positive and excited about blockchain and Bitcoin, pointing out current uses including a recent transaction where 66 million tons of American soybeans were handled in a blockchain transaction to China. Chair Clayton, while likely also very enthusiastic about the technology, is currently more focused on the fraud and misuse that has consumed this space recently.

Current Regulations and Needed Change

While the agencies investigate and review needed changes to the regulatory environment, both maintain that current regulations can be relied upon to address the current state of the market. On the SEC side, Chair Clayton walked the Banking Committee through previous SEC statements and the DAO Section 21(a) report issued in July 2017. He again confirmed that the Howey Test remains the appropriate standard for determining whether a particular token involves an investment contract and the application of the federal securities laws. The current registration and exemption requirements are also appropriate for ICO offerings. An issuer can either register an offering, or rely on exemptions such as Regulation D for any capital-raising transaction, including those involving tokens.

Conversely, the current regulatory framework related to exchange traded fund products (ETF’s) needs some work before a virtual currency product could be approved. Issues remain surrounding liquidity, valuation, custody of holdings, creation, redemption and arbitrage. In that regard, in a coming blog, I will review an SEC letter dated January 18, 2018 entitled “Engaging on Fund Innovation and Cryptocurrency-related Holdings” outlining why a crypto-related ETF would not be approved at this time.  Senator Mark Warner was quick to point out that there seems to be a regulatory disconnect where an SEC governed ETF is not approved, but a CFTC-governed Bitcoin future is allowed.

The current federal broker-dealer registration requirements remain the best test to determine if an exchange or other offering participant is required to be registered and a member of FINRA. Chair Clayton repeats his warning shot to gatekeepers such as attorneys and accountants that are involved in ICO’s and the crypto marketplace as a whole. Chair Clayton expresses concern that crypto markets often look similar to regulated securities markets and even are called “exchanges”; however, “investors transacting on these trading platforms do not receive many of the market protections that they would when transacting through broker-dealers on registered exchanges or alternative trading systems (ATSs), such as best execution, prohibitions on front running, short sale restrictions, and custody and capital requirements.”

CFTC Chair Giancarlo reiterated that current regulations related to futures, options, and derivatives contracts, and the registration (or lack thereof through self-certification) of spot currency exchanges are being utilized in the virtual currency market. However, the part of the regulatory system that completely defers to state law may need change. In particular, check cashing, payment processing and money transmission services are primarily state regulated. Many of the Internet-based cryptocurrency trading platforms have registered as payment services and are not subject to direct oversight by the SEC or the CFTC, and both agencies expressed concern about this jurisdictional gap.

Giancarlo was especially critical of this state-by-state approach and suggested new federal legislation, including legislation related to data reporting, capital requirements, cybersecurity standards, measures to prevent fraud, price manipulation, anti-money laundering, and “know your customer” protections. “To be clear, the CFTC does not regulate the dozens of virtual currency trading platforms here and abroad,” Giancarlo said, clarifying that the CFTC can’t require cyber-protections, platform safeguards and other things that consumers might expect from traditional marketplaces.

Chair Clayton expressed the same concerns, especially the lack of protections for Main Street investors. Chair Clayton stated, “I think our Main Street investors look at these virtual currency platforms and assume they are regulated in the same way that a stock is regulated and, as I said, it’s far from that and I think we should address that.”

I am always an advocate of federal oversight of capital markets matters that cross state lines. A state-by-state approach is always inconsistent, expensive, and inefficient for market participants.

Both agencies are clear that regardless of the technology and nomenclature, they are and will continue to actively pursue cases of fraud and misconduct. Current regulations or questions related to needed changes do not affect this role. However, Chair Clayton did impress upon the Banking Committee that the current hiring freeze and budgetary restraints are an impediment. The SEC specifically needs more attorneys in their enforcement and trading and markets divisions.

Further Reading on DLT/Blockchain and ICO’s

For an introduction on distributed ledger technology, including a summary of FINRA’s Report on Distributed Ledger Technology and Implication of Blockchain for the Securities Industry, see HERE.

For a discussion on the Section 21(a) Report on the DAO investigation, statements by the Divisions of Corporation Finance and Enforcement related to the investigative report and the SEC’s Investor Bulletin on ICO’s, see HERE.

For a summary of SEC Chief Accountant Wesley R. Bricker’s statements on ICO’s and accounting implications, see HERE.

For an update on state distributed ledger technology and blockchain regulations, see HERE.

For a summary of the SEC and NASAA statements on ICO’s and updates on enforcement proceedings as of January 2018, see HERE.

For a summary of the SEC and CFTC joint statements on cryptocurrencies, including The Wall Street Journalop-ed article and information on the International Organization of Securities Commissions statement and warning on ICO’s, see HERE.

For a review of the CFTC role and position on cryptocurrencies, see HERE.

Inquiries of a technical nature are always encouraged. Contact us now.

The CFTC And Cryptocurrencies

The SEC and U.S. Commodity Futures Trading Commission (CFTC) have been actively policing the crypto or virtual currency space. Both regulators have filed multiple enforcement actions against companies and individuals for improper activities including fraud. On January 25, 2018, SEC Chairman Jay Clayton and CFTC Chairman J. Christopher Giancarlo published a joint op-ed piece in the Wall Street Journal on the topic.

Backing up a little, on October 17, 2017, the LabCFTC office of the CFTC published “A CFTC Primer on Virtual Currencies” in which it defines virtual currencies and outlines the uses and risks of virtual currencies and the role of the CFTC. The CFTC first found that Bitcoin and other virtual currencies are properly defined as commodities in 2015. Accordingly, the CFTC has regulatory oversight over futures, options, and derivatives contracts on virtual currencies and has oversight to pursue claims of fraud or manipulation involving a virtual currency traded in interstate commerce. Beyond instances of fraud or manipulation, the CFTC generally does not oversee “spot” or cash market exchanges and transactions involving virtual currencies that do not utilize margin, leverage or financing. Rather, these “exchanges” are regulated as payment processors or money transmitters under state law.

The role of the CFTC is substantially similar to the SEC with a mission to “foster open, transparent, competitive and financially sound markets” and to “protect market users and their funds, consumers and the public from fraud, manipulation and abusive practices related to derivatives and other products subject to the Commodity Exchange Act (CEA).” The definition of a commodity under the CEA is as broad as the definition of a security under the Securities Act of 1933, including a physical commodity such as an agricultural product, a currency or interest rate or “all services, rights and interests in which the contracts for future delivery are presently or in the future dealt in” (i.e., futures, options and derivatives contracts).

Where the SEC regulates securities and securities markets, the CFTC does the same for commodities and commodity markets. At times the jurisdiction of the two regulators overlaps, such as related to swap transactions (see HERE). Furthermore, while there are no SEC licensed securities exchanges which trade virtual currencies or any tokens, there are several commodities exchanges that trade virtual currency products such as swaps and options, including the TeraExchange, North American Derivatives Exchange and LedgerX.

The Commodity Exchange Act would prohibit the trading of a virtual currency future, option or swap on a platform or facility not licensed by the CFTC. Moreover, the National Futures Association (NFA) is now requiring member commodity pool operators (CPO’s) and commodity trading advisors (CTA’s) to immediately notify the NFA if they operate a pool or manage an account that engaged in a transaction involving a virtual currency or virtual currency derivative.

The CFTC refers to the IRS’s definition of a “virtual currency” and in particular:

A virtual currency is a digital representation of value that functions as a medium of exchange, a unit of account, and/or a store of value. In some environments it operates like real currency but it does not have legal tender status in the U.S. Virtual currency that has an equivalent value in real currency, or that acts as a substitute for real currency, is referred to as a convertible virtual currency.  Bitcoin is one example of a convertible virtual currency.

I note that neither the CFTC’s definition of Bitcoin as a commodity, nor the IRS’s definition of a virtual currency, conflicts with the SEC’s position that most cryptocurrencies and initial cryptocurrency offerings today are securities requiring compliance with the federal securities laws. The SEC’s position is based on an analysis of the current market for ICO’s and the issuance of “coins” or “tokens” for capital raising transactions and as speculative investment contracts. In fact, a cryptocurrency which today may be an investment contract (security) can morph into a commodity (currency) or other type of digital asset. For example, an offering of XYZ token for the purpose of raising capital to build a software or blockchain platform or community where XYZ token can be used as a currency would rightfully be considered a securities offering that needs to comply with the federal securities laws. However, when the XYZ token is issued and can be used as a form of currency, it would become a commodity. Furthermore, the bundling of a token securities offering to include options or futures contracts may implicate both SEC and CFTC compliance requirements.

The CFTC primer gives a little background on Bitcoin, which was created in 2008 by a person or group using the pseudonym “Satoshi Nakamoto” as an electric payment system based on cryptographic proof allowing any two parties to transact directly without the need for a trusted third party, such as a bank or credit card company. Bitcoin is partially anonymous, with individuals being identified by an alphanumeric address. Bitcoin runs on a blockchain-decentralized network of computers and uses open-source software and “miners” to validate transactions through solving complex algorithmic mathematical equations.

A virtual currency can be used as a store of value; however, virtual currencies are not a yield asset in that they do not generate dividends or interest. Virtual currencies can generally be traded with resulting capital gains or losses. The CFTC, like all regulators, points out the significant speculation and volatility risk. The CFTC reiterates the large incidents of fraud involving crypto marketplaces. Furthermore, there is a significant cybersecurity risk. If a “wallet” holding cryptosecurities is hacked, they are likely gone without a chance of recovery.

Although many virtual currencies, including Bitcoin, market themselves as a payment method, the ability to utilize Bitcoin and other virtual currencies for everyday goods and services has not yet come to fruition. In fact, the trend toward Bitcoin being a regularly accepted payment has seemed to have gone the other way, with payment processor Stripe, tech giant Microsoft and gaming platform Steam discontinuing Bitcoin support due to lengthy transaction times and increased transaction failure rates.

Further Reading on DLT/Blockchain and ICO’s

For an introduction on distributed ledger technology, including a summary of FINRA’s Report on Distributed Ledger Technology and Implication of Blockchain for the Securities Industry, see HERE.

For a discussion on the Section 21(a) Report on the DAO investigation, statements by the Divisions of Corporation Finance and Enforcement related to the investigative report and the SEC’s Investor Bulletin on ICO’s, see HERE.

For a summary of SEC Chief Accountant Wesley R. Bricker’s statements on ICO’s and accounting implications, see HERE.

For an update on state distributed ledger technology and blockchain regulations, see HERE.

For a summary of the SEC and NASAA statements on ICO’s and updates on enforcement proceedings as of January 2018, see HERE.

To read about the SEC and CFTC joint statements and the Wall Street Journal op-ed article, see HERE.

Inquiries of a technical nature are always encouraged. Contact us now.

The SEC And CFTC Joint Statements On Cryptocurrencies; Global Regulators Join In

On January 19, 2018 and again on January 25, 2018, the SEC and CFTC divisions of enforcement issued joint statements regarding cryptocurrencies. The January 19 statement was short and to the point, reading in total:

“When market participants engage in fraud under the guise of offering digital instruments – whether characterized as virtual currencies, coins, tokens, or the like – the SEC and the CFTC will look beyond form, examine the substance of the activity and prosecute violations of the federal securities and commodities laws. The Divisions of Enforcement for the SEC and CFTC will continue to address violations and bring actions to stop and prevent fraud in the offer and sale of digital instruments.”

The January 25, 2018 statement was issued by SEC Chairman Jay Clayton and CFTC Chairman J. Christopher Giancarlo and was published as an op-ed piece in the Wall Street Journal.  In summarizing the statements, I add my usual commentary and facts and information on this fast-moving marketplace.

Distributed ledger technology, or DLT, is the advancement that underpins an array of new financial products, including cryptocurrencies and digital payment services. Clearly the regulators understand the technological disruption, pointing out that “[S]ome have even compared it [DLT] to productivity-driving innovations such as the steam engine and personal computer.”

The regulators are careful not to discourage the technological advancement or investments themselves but rather are concerned that only those that are sophisticated and can afford a loss, participate. Likewise, unfortunately with every boom comes fraudsters, and investors have to ask the right questions and perform the right due diligence.

Like the dot-com era, of the hundreds (or thousands) of companies popping up in this space, few will survive and investments in those that do not, will be lost. The message from the regulators remains consistent, cautioning investors about the high risks with investments in this new space and stating that “[T]he CFTC and SEC, along with other federal and state regulators and criminal authorities, will continue to work together to bring transparency and integrity to these markets and, importantly, to deter and prosecute fraud and abuse.”

While the initial cryptocurrencies, like bitcoin and ether, were likened to a payment alternative to fiat currencies like the dollar and euro, these alternative currencies are very different.  None are backed by a sovereign government, and they lack governance standards, accountability and oversight, reliable reporting of trading, or consistent reporting of price and other financial metrics.

Of course, this is an exciting era of development and Chairs Clayton and Giancarlo know that, stating:

“This is not a statement against investments in innovation. The willingness to pursue the commercialization of innovation is one of America’s great strengths. Together Americans embrace new technology and contribute resources to developing it. Through great human effort and competition, strong companies emerge. Some of the dot-com survivors are the among the world’s leading companies today. This longstanding, uniquely American characteristic is the envy of the world. Our regulatory efforts should embrace it.”

The SEC and CFTC are considering whether the historic approach to the regulation of currency transactions is appropriate for the cryptocurrency markets. Check cashing, payment processing and money transmission services are primarily state regulated. Many of the Internet-based cryptocurrency trading platforms have registered as payment services and are not subject to direct oversight by the SEC or the CFTC. For example, Coinbase has money transmitting licenses from the majority of states. Gemini is a licensed trust company with the New York State of Financial Services. Furthermore, the Bank Secrecy Act and its anti-money laundering (AML) requirements apply to those in the business of accepting and transmitting, selling or storing cryptocurrencies.

Not a single cyptocurrency trading platform is currently registered by the SEC or CFTC.  However, two CFTC regulated exchanges have now listed bitcoin futures products and, in doing so, engaged in lengthy conversations with the CFTC, ultimately agreeing to implement risk mitigation and oversight measures, heightened margin requirements, and added information sharing agreements with the underlying bitcoin trading platforms. In my next blog I will drill down on the CFTC’s regulatory role and position on cryptocurrencies including a discussion of its October 17, 2017 published article, “A CFTC Primer on Virtual Currencies.”

The SEC does not have jurisdiction over transactions involving currencies or commodities; however, where an offering of a cryptocurrency has characteristics of a securities offering, the SEC and state securities regulators have, and have exercised, jurisdiction. In addition to the many SEC enforcement proceedings I have written about, state regulators have likewise been very active in the enforcement arena against those offering cryptocurrency- or blockchain-related investments. The SEC is carefully monitoring the entire marketplace including issuers, broker-dealers, investment advisors and trading platforms.  On January 18, 2018, the SEC issued a no-action letter prohibiting the registration under the Investment Company Act of 1940 of U.S. investment funds that desire to invest substantially in cryptocurrency and related products. I will provide further details on this letter in an upcoming blog.

As the boom has continued, many cryptocurrencies are simply being marketed for their potential increase in value on secondary trading platforms, again none of which are licensed by the SEC or CFTC.  The utility side of the tokens (if any) has taken a back seat to the craze.  Although a few trading platforms are licensed by state regulators as payment processors, many overseas are not licensed by any regulator whatsoever.

As the SEC has been repeating, the op-ed piece again clearly states that “federal securities laws apply regardless of whether the offered security—a purposefully broad and flexible term—is labeled a  ‘coin’ or ‘utility token’ rather than a stock, bond or investment contract. Market participants, including lawyers, trading venues and financial services firms, should be aware that we are disturbed by many examples of form being elevated over substance, with form-based arguments depriving investors of mandatory protections.”

While attending the North American Bitcoin Conference in Miami a few weeks ago, I was amazed at the thousands of attendees and companies. I go to a lot of financial conferences and had never seen anything like this. I understand the concerns of the regulators and the need to issue constant warnings. While I met some extremely smart people and learned about great companies that could have hugely successful futures, many others were obviously trying to ride a boom, with nothing to offer. They lacked a strong management team, technological know-how, engineers and programmers, a real business, a real plan, or anything to support lasting value of the token issued in their ICO, or being touted for a future issuance. The sole opportunity for an investor was a potential increase in secondary trading value, which was being propped up with hundreds of thousands of dollars (raised in the ICO) of marketing, including crews of people paid to talk about the token on chat boards such as Telegram.

Like many practitioners, I am fascinated with the technology and disruption it will bring to many aspects of our lives including the arenas of corporate finance and trading markets, and have even invested.

International Organization of Securities Commissions Issues Warning on ICO’s

On January 18, 2018, the Board of the International Organization of Securities Commissions (“IOSCO”) issued a warning on ICO’s including the high risk associated with these speculative investments and concerns about fraud. The IOSCO is the leading international policy forum for securities regulators and is a recognized standard setter for securities regulation. The group’s members regulate more than 95% of the world’s securities markets in more than 115 jurisdictions.

The statement from IOSCO points out that ICO’s are not standardized and their legal and regulatory status depends on a facts and circumstances analysis. ICO’s are highly speculative and there is a chance that an entire investment will be lost. The warning continues:

“[W]hile some operators are providing legitimate investment opportunities to fund projects or businesses, the increased targeting of ICOs to retail investors through online distribution channels by parties often located outside an investor’s home jurisdiction — which may not be subject to regulation or may be operating illegally in violation of existing laws — raises investor protection concerns.”

The IOSCO has provided its members with information on approaches to ICO’s and related due diligence. The IOSCO has also established an ICO Consultation Network with its members to continue the discussion.

Further Reading on DLT/Blockchain and ICO’s

For an introduction on distributed ledger technology, including a summary of FINRA’s Report on Distributed Ledger Technology and Implication of Blockchain for the Securities Industry, see HERE.

For a discussion on the Section 21(a) Report on the DAO investigation, statements by the Divisions of Corporation Finance and Enforcement related to the investigative report and the SEC’s Investor Bulletin on ICO’s, see HERE.

For a summary of SEC Chief Accountant Wesley R. Bricker’s statements on ICO’s and accounting implications, see HERE.

For an update on state distributed ledger technology and blockchain regulations, see HERE.

For a summary of the SEC and NASAA statements on ICO’s and updates on enforcement proceedings as of January 2018, see HERE.

Inquiries of a technical nature are always encouraged. Contact us now.

State Distributed Ledger Technology and Blockchain Regulations

In a time of rapidly changing regulations and policies on all securities industry and corporate finance topics, and the development of distributed ledger technology (DLT or blockchain) and associated initial cryptocurrency offerings (ICO’s), I have never had so many topics in the queue to write about. With a once-a-week blog, I will just keep working through the list, reporting on all developments, some quicker than others.  In this blog, I am circling back to DLT with a synopsis of state law developments and the Uniform Law Commission’s (ULC) approved Uniform Regulation of Virtual Currency Business Act (Uniform VCBA).

Uniform Regulation of Virtual Currency Business Act (Uniform VCBA)

On July 19, 2017, the Uniform Law Commission (ULC) approved Uniform Regulation of Virtual Currency Business Act (Uniform VCBA) to be used as a model for states seeking to adopt such legislation. The VCBA is a money-transmitting or payment-processing-based legislation. The VCBA defines a money transmitter in an effort to provide clarity on what businesses are required to be licensed. The VCBA also provides an anti-money laundering (AML) framework that mirrors FinCEN requirements.

The VCBA focuses on control over the currency and transaction and requires licensing by any business that has the “power to execute unilaterally or prevent indefinitely a virtual currency transaction.” This definition is meant to distinguish virtual wallets that merely hold an individual’s virtual currency and process a transaction at the behest of such owner, without any additional powers.

Delaware

The Delaware Blockchain Initiative is the state’s program to welcome and encourage blockchain businesses and to establish regulatory clarity for their operations and the use of blockchain technology overall, including DLT.

The August 1, 2017 amendments to the Delaware General Corporation Law (DGCL) Section 219, 224 and 232 will allow Delaware private companies to use DLT to maintain shareholder records, including authorized, issued, transferred, and redeemed shares, on a DLT system. As of now, the amendments to the DGCL are limited to private companies; however, the state of Delaware is in talks with the SEC related to implementing the technology for public companies.

DGCL Sections 219 and 224 have been amended to permit corporations to rely on a DLT as a stock ledger itself, potentially eliminating a separate transfer agent for private companies. Section 219(c) defines a “stock ledger” to include “one or more records administered by or on behalf of the corporation.” Section 224 provides that any records “administered by or on behalf of the corporation” could include “one or more distributed electronic networks for databases.”

A ledger must also: (i) be convertible into clearly legible paper form within a reasonable time; (ii) be able to be used to prepare the list of stockholders specified in Sections 219 and 220 (related to stockholder demands to inspect corporate books and records); (iii) must be able to record information and maintain records for various statute sections related to shareholdings, including those related to consideration for partly paid shares, the transfer of shares for collateral, pledged shares and voting trusts; and (iv) be able to records transfers of shares in compliance with the Delaware Uniform Commercial Code.

Delaware is currently working in collaboration with a private company, Symbiont, to put together “smart securities,” which are allegedly impossible to counterfeit. The ledger could be maintained by either a closed or open group of participants.  The ledger and any transfers would be updated instantaneously, effectively allowing for T+0 settlement of trades.

Nevada

Preceding Delaware by a month, on June 5, 2017, Nevada’s governor signed Senate Bill 398 into law, confirming that blockchain records have legally binding status. Unlike Delaware, Nevada’s regulations do not amend its corporate statutes (i.e., Chapter 78, Nevada’s Private Corporation Law), but rather, similar to Arizona, amends Chapter 719, Nevada’s Uniform Electronic Transactions Act.

Nevada’s statute defines blockchain as an electronic record of transactions or other data which is: (i) uniformly ordered; (ii) redundantly maintained or processed by one or more computers or machines to guarantee the consistency or nonrepudiation of the recorded transactions or other data; and (iii) validated by the use of cryptography.

The Nevada statute prohibits local governments from imposing taxes or fees on the use of a blockchain; requiring a certificate, license or permit to use a blockchain; or imposing any other requirement related to the use of blockchain. Moreover, the Nevada statute provides “written” status to blockchain records.  In particular, “if a law requires a record to be in writing, submission of a blockchain which electronically contains the record satisfies the law.”

Arizona

Prior to both Nevada and Delaware, in March 2017 Arizona passed House Bill 2417 into law, confirming the legal status of blockchain records. Like Nevada, Arizona gives smart contracts and blockchain signatureslegal binding status. In addition, the Arizona statute confirms that a smart contract has legally binding status, as would any other legal form of contract. Also like Nevada, Arizona’s provision is an amendment to its electronic transactions statute and not its corporate governance provisions.

Arizona defines “blockchain technology” as “distributed ledger technology that uses a distributed decentralized, shared and replicated ledger, which may be public or private, permissioned or permissionless, or driven by tokenized crypto economics or tokenless. The data on the ledger is protected with cryptography, is immutable and auditable and provides an uncensored truth.”

Arizona defines a “smart contract” as “an event driven program, with state, that runs on a distributed decentralized, shared and replicated ledger and that can take custody over and instruct transfer of assets on that ledger.”

Vermont

Vermont defines “blockchain technology” as “a mathematically secured, chronological and decentralized consensus ledger or database, whether maintained via Internet interaction, peer-to-peer network, or otherwise.” The Vermont statute confirms that blockchain records will be considered regular business records and makes blockchain records admissible as evidence under the Vermont rules of evidence.

Miscellaneous Virtual Currency Provisions

Multiple states, including Connecticut, New York, Oregon and Tennessee, have enacted legislations defining virtual currency and requiring money transmitters or payment processors which exchange virtual currency for U.S. dollars, to be licensed. The New York statute (the BitLicense Regulation) has received a lot of pushback, with many claiming it is vague or overly difficult to comply with, causing many in the business to avoid New York jurisdiction.

Further Reading on DLT/Blockchain and ICO’s

For an introduction on distributed ledger technology, including a summary of FINRA’s Report on Distributed Ledger Technology and Implication of Blockchain for the Securities Industry, see HERE.

For a summary on a report on an investigation related to the DAO’s ICO, statements by the Divisions of Corporation Finance and Enforcement related to the investigative report and the SEC’s Investor Bulletin on ICO’s, see HERE.

For a summary of SEC Chief Accountant Wesley R. Bricker’s statements on ICO’s and accounting implications, see HERE.

Inquiries of a technical nature are always encouraged. Contact us now.

SEC Statements On Cybersecurity; An EDGAR Hacking

On September 20, 2017, SEC Chair Jay Clayton issued a statement on cybersecurity that included the astonishing revelation that the SEC Edgar system had been hacked in 2016. Since the original statement, the SEC has confirmed that personal information on at least two individuals was obtained in the incident. Following Jay Clayton’s initial statement, on September 25, 2017, the SEC announced two new cyber-based enforcement initiatives targeting the protection of retail investors, including protection related to distributed ledger technology (DLT) and initial coin or cryptocurrency offerings (ICO’s).

The issue of cybersecurity is at the forefront for the SEC, and Jay Clayton is asking the House Committee on Financial Services to increase the SEC’s budget by $100 million to enhance the SEC’s cybersecurity efforts.

This is the first in a two-part blog series summarizing Jay Clayton’s statement, the SEC EDGAR hacking and the new initiatives. My prior blog outlining SEC guidance on the disclosure of cybersecurity matters can be read HERE.

Chair Clayton’s Statement on Cybersecurity and the EDGAR Hacking

Upon taking office in May, 2017, Chair Clayton formed a senior-level cybersecurity working group to coordinate the sharing of information, risk monitoring and incident response efforts. Chair Clayton’s September 20, 2017 statement was part of the SEC’s ongoing initiatives and necessary to inform the public of the SEC’s own hacking incident. In addition to the revelation regarding the EDGAR hacking, Chair Jay Clayton’s statement emphasized the importance of cybersecurity to not only the SEC, but all market participants.

All market participants engage in data collection, storage, analysis, availability and protection to some extent, all of which are open to cybersecurity risks. Cyber attacks can be perpetrated by identity thieves, unscrupulous contractors and vendors, malicious employees, business competitors, prospective insider traders and market manipulators, hackers, terrorists, state-sponsored actors and others.  Furthermore, the effects of attacks can be significant, including loss or exposure of consumer data, theft or exposure of intellectual property, investor losses resulting from the theft of funds, market value declines in companies’ subject to cyber attacks, and regulatory, reputational and litigation risks.

Cybersecurity efforts must include, in addition to assessment, prevention and mitigation, resilience and recovery. Chair Clayton’s statement provides detail on the SEC’s approach to cybersecurity, including: (i) the types of data they collect, hold and make publicly available; (ii) how the SEC manages cybersecurity risks and responds to cyber events; (iii) how the SEC incorporates cybersecurity considerations in their risk-based supervision of entities they regulate; (iv) how the SEC coordinates with other regulators to identify and mitigate cybersecurity risks; and (v) how the SEC uses its oversight and enforcement authorities, including to pursue cyber threats.

EDGAR Hacking

Before summarizing the other components of Chair Clayton’s statement, I will jump right to the topic that has gained national attention: EDGAR was hacked!  Sometime in 2016, a software vulnerability in the test filing component of the EDGAR system was hacked. The opening was patched once discovered, but the hackers were able to obtain information through test filings that was used to make illicit trading gains. The hackers also obtained personal information, including names, dates of birth and Social Security numbers of at least two individuals. Chair Clayton was not informed of the hacking until August 2017.

The test filing system of EDGAR allows a company to make a non-public test filing of a registration statement or report (or any document that can be filed through the EDGAR system) to be sure the actual filing will be processed correctly. The test filing is usually made hours before the actual filing, but it can be made a day in advance. By having access to material information in filings prior to the marketplace, the hackers could trade on such information and make illegal profits.

When the SEC first announced the hacking on September 20, 2017, it stated that no personal information had been compromised but in a second press release issued on October 2, 2017, the SEC confirmed that forensic data analysis uncovered further depths to the intrusion.  In the October 2 press release, Chair Clayton outlined efforts to review and remediate the 2016 hacking, including:

  • A review of the 2016 EDGAR intrusion by the Office of Inspector General;
  • An investigation by the Division of Enforcement in the potential illicit trading resulting from the 2016 EDGAR intrusion (which seems to indicate that the perpetrator has been uncovered). Chair Clayton was first informed of the hacking in connection with this enforcement investigation;
  • A focused review and appropriate uplift of the EDGAR system with a concentration on cybersecurity matters, including its security systems, processes and controls. This review will include assessing the types of data that run through the EDGAR system and whether EDGAR is the appropriate mechanism to funnel such data;
  • A focused review and appropriate uplift of all systems that include the identification of sensitive data or personally identifiable information. This review will include assessing the types of data the SEC keeps and the related security systems, processes and control; and
  • The SEC’s internal review of the 2016 EDGAR hacking to determine, among other things, the procedures followed in response to the intrusion. This review is being overseen by the Office of the General Counsel and includes an interdisciplinary investigative team including outside technology consultants.  Related to this, the SEC will enhance protocols for cybersecurity incidents.

In furtherance of this review and plan, Chair Clayton authorized the immediate hiring of additional staff and outside technology consultants to protect the security of the SEC’s network, systems and data.

Based on the SEC’s statements and testimony on the matter, there still remains a lot of secrecy surrounding the incident. For instance, the date or dates of the hacking have not been made public. The hacking was reported to the Department of Homeland Security, but the SEC commissioners were not notified. Moreover, the SEC has not revealed the type of information that was accessed nor which companies were affected.

Collection and Use of Data by the SEC

The SEC collects, stores and transmits data in three broad categories, including: (i) public facing data through the EDGAR system; (ii) non-public information including personally identifiable information related to supervisory and enforcement functions; and (iii) non-public information including personally identifiable information related to the SEC’s internal operations.

The first category involves data provided to the SEC by companies (such as public reports under the Exchange Act, and notices of private offerings on Form D) and investors (such as Section 13 and Section 16 filings). The second category includes data on companies, broker-dealers, investment advisors, investment companies, self-regulatory organizations (including FINRA), alternative trading systems, clearing agencies, credit rating agencies, municipal advisors and other market participants. The third category of data includes personnel records, internal investigations and data related to risk management and internal control processes.

Management of Internal Cybersecurity Risks

Notably, Chair Clayton begins this part of his statement by disclosing that the SEC is “the subject of frequent attempts by unauthorized actors to disrupt access to our public-facing systems, access our data, or otherwise cause damage to our technology infrastructure, including through the use of phishing, malware and other attack vectors.” As did occur with the EDGAR hacking, attackers stand to profit from information through trading activities, identity theft and a myriad of other improper uses of the illegally obtained information.

In addition to outside attacks, the SEC monitors for unauthorized actions by personnel.  In 2014, an internal review uncovered that certain laptops with sensitive information could not be located. There have also been instances where SEC personnel have used non-secure personal email accounts to transmit nonpublic information. The SEC mitigates the internal risk by requiring all personnel to complete privacy and security training.

To protect against all of its cyber-related threats, the SEC employs an agency-wide cybersecurity detection, protection and prevention program. The program includes cybersecurity protocols and controls, network protections, system monitoring and detection processes, vendor risk management processes, and regular cybersecurity and privacy training for employees. However, in light of current and changing technological advancements, the SEC intends to step up its efforts overall. As mentioned earlier, in that regard, the SEC is seeking an increase in its annual budget, and a lift on its current hiring limitations.

Just as the SEC expects public companies to maintain internal controls, including from the top down, on cybersecurity matters, so the SEC has internal policies and procedures requiring senior management to maintain policies, and to coordinate with other offices and divisions with respect to cybersecurity efforts, including risk reporting and testing.

Although all offices have responsibilities, the SEC Office of Information Technology has overall management and responsibility for the agency’s cybersecurity. The SEC’s cybersecurity program is subject to review from internal and external independent auditors, including to ensure compliance with the Federal Information Security Modernization Act of 2014 (“FISMA”).

The SEC also must report cybersecurity matters to outside agencies, including the Office of Management and Budget and the Department of Homeland Security, and has established information-sharing relationships with the National Cybersecurity and Communications Integration Center (“NCCIC”), the Financial and Banking Information Infrastructure Committee (“FBIIC”), and the Financial Services Information Sharing and Analysis Center (“FS-ISAC”).

Incorporation of Cybersecurity Considerations in the SEC’s Disclosure-Based and Supervisory Efforts

The SEC incorporates cybersecurity considerations in its disclosure and supervisory programs, including in the context of the Commission’s review of public company disclosures, its oversight of critical market technology infrastructure, and its oversight of other regulated entities, including broker-dealers, investment advisors and investment companies. Related to public company disclosures, Chair Clayton referred to the SEC guidance summarized HERE.

Related to the SEC’s oversight of market infrastructure, including regulation of exchanges and clearing agencies, the SEC adopted Regulation Systems Compliance and Integrity in 2014. Regulation SCI was proposed and adopted to require key market participants to have comprehensive written policies and procedures to ensure the security and resilience of their technological systems, to ensure systems operate in compliance with federal securities laws, to provide for review and testing of such systems and to provide for notices and reports to the SEC. Key market participants generally include national securities exchanges and associations, significant alternative trading systems (such as OTC Markets, which has confirmed it is in compliance with the Regulation), clearing agencies, and plan processors. For a review of Regulation SCI, see HERE.

Furthermore, certain SEC rules and regulations governing broker-dealers, investment advisors and investment companies directly implicate information security practices. For example, Regulation S-P requires registered broker-dealers, investment companies and investment advisors to adopt written policies and procedures governing safeguards for the protection of customer information and records. Regulation S-ID requires these firms, to the extent they maintain certain types of covered accounts, to establish programs addressing how to identify, detect and respond to potential identity theft red flags.

Coordination with Other Governmental Entities

Effective cybersecurity programs require cooperation among government agencies. The SEC shares oversight responsibility on some matters with other agencies, including the Board of Governors of the Federal Reserve System, the Commodity Futures Trading Commission, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation. Furthermore, the SEC often coordinates with other agencies, such as the Federal Trade Commission and the Consumer Financial Protection Bureau. The SEC coordinates cybersecurity efforts with each of these agencies, and more.

Enforcement of the Federal Securities Laws

The SEC is committed to enforcing compliance with the cybersecurity disclosure obligations of reporting companies, and in enforcement proceedings against those that purse cyber threats. Part of these efforts include using advanced technology to monitor suspicious trading activity across companies, traders and geographic regions.

Chair Clayton sets out examples of enforcement actions, such as a case in 2016 against three traders for allegedly participating in a scheme to hack into two prominent New York-based law firms to steal information pertaining to clients that were considering mergers or acquisitions, which the hackers then used to trade. In another case, defendants allegedly hacked into newswire services to obtain non-public information about corporate earnings announcements. These are just two examples among dozens of cases.

Inquiries of a technical nature are always encouraged. Contact us now.

SEC Issues Report on Initial Coin Offerings (ICOs)

On July 25, 2017, the SEC issued a report on an investigation related to an initial coin offering (ICO) by the DAO and statements by the Divisions of Corporation Finance and Enforcement related to the investigative report (the “Report”). On the same day, the SEC issued an Investor Bulletin related to ICO’s. Offers and sales of digital coins, cryptocurrencies or tokens using distributed ledger technology (DLT) or blockchain have become widely known as ICO’s. For an introduction on DLT and blockchain, see HERE.

The basis of the report is that offers and sales of digital assets, including cryptocurrencies, are subject to the federal (and state) securities laws. From the highest level, the nature of a digital asset must be examined to determine if it meets the definition of a security using established principles (see HERE). In addition, all offers and sales of securities must either be registered with the SEC or there must be an available exemption from such registration. This statement applies to cryptocurrency securities in the same manner it applies to all other securities. In addition, participants in ICO’s are subject to federal securities laws to the same extent they are in other securities offerings, including broker-dealer registration requirements. Securities exchanges providing for trading must register unless an exemption applies.

Despite the SEC findings, it declined to pursue an enforcement action but rather used the opportunity to inform the public on its views and, in particular, that “the federal securities laws apply to those who offer and sell securities in the United States, regardless whether the issuing entity is a traditional company or a decentralized autonomous organization, regardless whether those securities are purchased using U.S. dollars or virtual currencies, and regardless whether they are distributed in certificated form or through distributed ledger technology.”

In the press release announcing the investigative findings, SEC Chair Jay Clayton stated, “[T]he SEC is studying the effects of distributed ledger and other innovative technologies and encourages market participants to engage with us. We seek to foster innovative and beneficial ways to raise capital, while ensuring – first and foremost – that investors and our markets are protected.”

This is not the first time the SEC has addressed registration and exemption requirements associated with cryptocurrencies. There have been several other cases. For example, in December 2014 the SEC settled charges against BTC Virtual Stock Exchange and LTC Global Virtual Stock Exchange related to violations of both the broker-dealer registration requirements and the securities offer and sale registration requirements. For more information on that case, see HERE.

This blog will summarize the SEC Report of Investigation, statements by the Divisions of Corporation Finance and Enforcement and the Investor Bulletin on Initial Coin Offerings.

SEC Report of Investigation on an ICO

On July 25, 2017, the SEC issued its Report on an investigation into an ICO and related activities by the DAO, an unincorporated entity, Slock.it UG (“Slock.it”), a German corporation, and various principals and participants. As mentioned earlier, although the report provides a platform for which the SEC can educate the marketplace, it did not pursue enforcement actions against the targets of the investigation.

The “DAO” stands for a decentralized autonomous organization, or a virtual network embodied in computer code on a on a DLT or blockchain. The DAO was created by Slock.it to sell tokens to investors, which proceeds would be used to fund for-profit projects. The token holders would share in the profits and, as such, had an expectation of a return on investment. The DAO tokens were also transferable and available for secondary trading on different web-based platforms.  After the ICO, but before projects were funded, the DAO was hacked and approximately one-third of its assets stolen. Fortunately the DAO was able to come up with a plan that caused the return of ETGH raised from the DAO back to their original Ethereum address and thus return investments to the original investors.

The SEC opened an investigation as to whether the offer and sale of the DAO Tokens invoked federal securities laws, whether the DAO Tokens were securities and whether the platforms for the secondary trading of the Tokens required registration as a securities exchange.  The answer to each of these questions, under the facts and circumstances presented, was in the affirmative. Since the DAO had not yet commenced operations, the SEC did not review whether the DAO was acting as an “investment company” under the Investment Company Act of 1940, but noted that had they begun operations, such an analysis would have been appropriate.

The Report begins with the conclusion.  Whether or not a particular transaction involves the offer and sale of a security depends on an analysis of the facts and circumstances, regardless of terminology or technology used or employed. All persons or entities that use a Decentralized Autonomous Organization (DAO Entity), DLT or other blockchain-based technology as a means to raise capital in the U.S. are subject to the U.S. federal securities laws. All securities offered and sold in the U.S. must be registered or must qualify for an exemption from registration. Moreover, any entities or platforms that allow for the secondary trading of securities must either be registered as a national securities exchange or operate pursuant to a registration exemption. The automation of functions, computer code, smart contracts, and decentralization does not change the obligations under the federal securities laws.

Background and Facts

In a one-month period from April 30, 2016, through May 28, 2016, the DAO offered and sold 1.15 billion DAO Tokens in exchange for 12 million Ether (“ETH”) valued at approximately $150 million USD. ETH is a virtual currency. The Financial Action Task Force defines a “virtual currency” as:

a digital representation of value that can be digitally traded and functions as: (1) a medium of exchange; and/or (2) a unit of account; and/or (3) a store of value, but does not have legal tender status (i.e., when tendered to a creditor, is a valid and legal offer of payment) in any jurisdiction. It is not issued or guaranteed by any jurisdiction, and fulfils the above functions only by agreement within the community of users of the virtual currency. Virtual currency is distinguished from fiat currency (a.k.a. “real currency,” “real money,” or “national currency”), which is the coin and paper money of a country that is designated as its legal tender; circulates; and is customarily used and accepted as a medium of exchange in the issuing country. It is distinct from e-money, which is a digital representation of fiat currency used to electronically transfer value denominated in fiat currency.

The DAO itself was created by the founders of Slock.it as a type of alternative corporation with all corporate functions and governance automated using blockchain and smart contracts. The DAO was the “first generation” of its kind. Participants sent in ETH in exchange for DAO Tokens. DAO Token holders could vote on projects to be used with the DAO assets (ETH, which could be exchanged for fiat currency and other physical or digital assets) and participate in rewards such as profit distributions and dividends. The entire DAO was intended to be autonomous such that project proposals were in the form of smart contracts and voting administered by computer code. The DAO code was launched on the Ethereum blockchain.

The DAO promoted itself through a website which described its purpose (“[T]o blaze a new path in business for the betterment of its members, existing simultaneously nowhere and everywhere and operating solely with the steadfast iron will of unstoppable code”), how it operated, its source code, and a link to buy the DAO Tokens. The DAO was also promoted through media attention and numerous social media channels.

Anyone was eligible to purchase DAO Tokens as long as they paid in ETH and there were no limitations on the number of DAO Tokens offered for sale or the number that could be purchased by any purchaser. There were no parameters set on the accreditation or sophistication level of a purchaser. Anyone with ETH and an ETH blockchain address could participate. All ETH from DAO Token sales were aggregated in the DAO’s Ethereum blockchain address.

Only DAO Token holders could submit proposed projects in which the DAO might participate, and each proposal would have to involve a smart contract and comply with the preset DAO Token holders voting code. Projects would be approved by a majority vote of DAO Token holders. Before being submitted for a vote, projects were to be reviewed by human curators. Although beyond the scope of this blog, there appeared to be many issues with the system, including the programming for voting.

The DAO Tokens were unrestricted and there were several platforms that allowed for the immediate secondary trading of the DAO Tokens.  The secondary market trading platforms were registered with the Federal Crimes Enforcement Network (FinCEN) as Money Services Businesses. For more on FinCEN, see HERE. The DAO Tokens were in fact actively traded on various platforms.

SEC Regulatory Analysis

Section 5 of the Securities Act of 1933, as amended (“Securities Act”) requires the registration of all offers and sales of securities unless there is an available exemption. The registration provisions are based on “full and fair disclosure” of all material information for an investor to make an informed investment decision, including detailed information about the issuer’s financial condition, identity and background of management and the price and amount of securities to be offered.

Section 5 of the Securities Act, like many provisions in the securities laws, is written in the inclusive, such that all offers and sales are covered unless an exemption is available pursuant to statute or case law. Section 5 states that “unless a registration statement is in effect as to a security, it is unlawful for any person, directly or indirectly, to engage in the offer or sale of securities in interstate commerce.” A violation of Section 5 does not require intent.

The SEC begins its analysis of the DAO Tokens by reference to the definitions of a security found in both Section 2(a)(1) of the Securities Act and Section 3(a)(10) of the Securities Exchange Act. Both definitions include the term “investment contract,” which has been famously defined by the U.S. Supreme Court as an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others. For an in-depth discussion on the definition of a security in SEC v. W. J. Howey Co., 328 U.S. 293 (1946) (the “Howey Test”), see HERE.

Under the Howey Test, whether an investment instrument is a security requires a substance-over-form analysis. The Howey Test defines an investment contract as follows:

“… an investment contract for purposes of the Securities Act means a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party…. Such a definition… permits the fulfillment of the statutory purpose of compelling full and fair disclosure relative to the issuance of the many types of instruments that in our commercial world fall within the ordinary concept of a security…. It embodies a flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits.”

Applying the Howey Test, courts have interpreted a security to include such diverse items as citrus groves, warehouse receipts, chinchillas, minks, diamonds, bullion, pay phones, real estate and equipment, and condominium units, when they were offered or sold under circumstances involving the investment of money and an expectation of a return through the efforts of others.

Applying the Howey Test to the DAO Tokens, the SEC notes that “money” need not include cash, but rather can be anything of value. A contribution of ETH is an investment as considered by the Howey Test. Investors in the DAO were investing in a common enterprise with the expectation of profits, including dividends and increased value. The SEC also found that the profits were to be derived from the efforts of others, including Slock.it, its founders and the DAO curators.

In its analysis of whether the DAO was a security, the SEC spent the most discussion on the “from the efforts of others” factor. Presumably this is because the DAO was established as an autonomous organization with participants voting on all projects. However, the Slock.it team, through its curators, and management of the DAO website and participation in online forums, “led investors to believe that they could be relied on to provide the significant managerial efforts required to make the DAO a success.” Moreover, in fact, the curators and Slock.it team did exercise significant control over proposals and operations of the DAO and were responsible for stopping the hacking attack and coming up with a plan to rectify the situation.

The SEC also noted that the DAO Token holders voting rights were limited. The DAO Token holders could only vote within the rules (code) established by the Slock.it management team. The SEC points to case law related to multi-level marketing schemes which were securities despite the labor put forth by the investors because the promoter dictated the terms and controlled the scheme itself. The SEC stated that “[T]he voting rights afforded DAO Token holders did not provide them with meaningful control over the enterprise, because (1) DAO Token holders’ ability to vote for contracts was a largely perfunctory one; and (2) DAO Token holders were widely dispersed and limited in their ability to communicate with one another.” Furthermore, the SEC questioned the level of disclosure on projects, believing that such disclosure was not “full and fair” such as to allow an informed investment decision.

Upon concluding that the DAO Tokens were securities, the SEC also concluded that the DAO needed to register their issuance, or satisfy a registration exemption, regardless of whether the DAO was incorporated or an unincorporated organization. Issuers, like securities, are broadly defined to include any sponsor or organization that is primarily responsible for the success or failure of the venture. Participants in an offering are also subject to Section 5 obligations and liability. Accordingly, this included the Slock.it founders and principals.

The secondary trading platforms also required registration, or the availability of an exemption, under the federal securities laws. Section 5 of the Exchange Act makes it unlawful for any broker, dealer or exchange to directly or indirectly affect any transaction in a security or report such transaction unless the exchange is registered as a national exchange or exempted from such registration. Section 3(a)(1) of the Exchange Act defines an “exchange” as “any organization, association, or group of persons, whether incorporated or unincorporated, which constitutes, maintains, or provides a market place or facilities for bringing together purchasers and sellers of securities or for otherwise performing with respect to securities the functions commonly performed by a stock exchange as that term is generally understood …”

The functions of a stock exchange generally include: (i) bringing together orders for securities of multiple buyers and sellers; and (ii) using established, non-discretionary methods under which such orders interact with each other, and the buyers and sellers entering such orders agree to the terms of the trade. A frequent exemption to the definition of an exchange is an Alternative Trading System (ATS) that complies with Regulation ATS. Regulation ATS requires, among others, registration as a broker-dealer. The OTC Markets is an ATS, as is t0 Technologies. The platforms that traded the DAO Tokens fit within the definition of an exchange and did not satisfy any available registration exemptions.

Statement by the Divisions of Corporation Finance and Enforcement on the Report of Investigation on the DAO

On the same day that the SEC issued its investigative Report, the Divisions of Corporation Finance and Enforcement issued a statement on the Report. Off the top I notice that the SEC, under Chair Jay Clayton, Commissioner Michael Piwowar and the numerous new executive members, has a decidedly more positive attitude towards business and capital raising overall, than the prior regime. I also notice, through review of enforcement proceedings, that the new regime has not been deterred at all from its mission to detect and prosecute fraud, including micro-cap and penny-stock-related schemes.

To begin its statement, the Divisions noted that DLT, blockchain and other emerging technologies have the potential to influence and improve capital markets and the financial services industry. The Divisions “welcome and encourage the appropriate use of technology to facilitate capital formation and provide investors with new investment opportunities,” and are “hopeful that innovation in this area will facilitate fair and efficient capital raisings for small businesses.” However, new technologies also offer new opportunities for misconduct and abuse.

The Divisions reiterate the SEC Report’s assertion that an offer and sale of securities must comply with the federal securities laws and that determining whether a particular investment opportunity involves a security involves a facts and circumstances analysis, including economic realities and underlying structure, regardless of the terminology or technology used.

Noting that the SEC Report had found that the DAO Tokens were securities, the Divisions caution sponsors and other participants in offerings of digital or other novel forms of value to consider whether they involve a security and thus their obligations under the federal securities laws, including registration or meeting the qualifications for a registration exemption. Market participants that operate a web or other platform that facilitates transactions in securities must also consider whether they need to be registered as a broker-dealer or an exchange, or if there is an available exemption.

Although the Divisions statement does not mention it, keeping in line with the fundamental view that basic securities laws apply, a web platform that meets the criteria set out in Section 4(b) of the Securities Act, as created by the JOBS Act, should qualify for a broker-dealer exemption when hosting digital coin or token offerings. See HERE for details on this exemption.

Furthermore, the Divisions caution that sponsors and other market participants should consider whether their business model results in an entity that needs to be registered as an investment company and whether anyone providing advice about an investment in the security could be an investment advisor.

The Divisions also caution against bad actors and fraud, again using the same principles and tenets that have always applied to economies.  Investors should watch for red flags, including deals that sound too good to be true, promises of high returns with little or no risk, high-pressure sales tactics, and working with unregistered or unlicensed persons.

A fundamental message that I always try to deliver is that anyone engaging in any activity that could invoke the securities laws, should consult with competent securities counsel. The Divisions statement relays the same message, and in particular, that “market participants who are employing new technologies to form investment vehicles or distribute investment opportunities to consult with securities counsel to aid in their analysis of these issues.” The SEC staff also encourages direct communication with the SEC and has set up an email address for communications related to these matters.

Investor Bulletin on Initial Coin Offerings

In addition to its Report and statement of the Divisions of Corporation Finance and Enforcement, on July 25, 2017, the SEC’s Office of Investor Education and Advocacy issued an Investor Bulletin on Initial Coin Offerings (ICO’s). The Investor Bulletin is written in a simple format and helps to inform the public on the basics of ICO’s.

As noted throughout this blog, virtual coins or tokens are created using DLT or blockchain and can be sold in exchange for other virtual coins (such as Bitcoin or Ethereum) or for fiat currency such as U.S. dollars. Generally tokens sold entitle the purchaser to some return on investment or participation in a project and also may be resold or traded on secondary markets, such as virtual currency exchanges. The Investor Bulletin informs the public that these virtual coin or token offerings can invoke the federal securities laws.

The Investor Bulletin provides some basic information on blockchain and virtual currencies. In particular, taken from the Investor Bulletin:

What is a blockchain?

blockchain is an electronic distributed ledger or list of entries – much like a stock ledger – that is maintained by various participants in a network of computers. Blockchains use cryptography to process and verify transactions on the ledger, providing comfort to users and potential users of the blockchain that entries are secure. Some examples of blockchain are the Bitcoin and Ethereum blockchains, which are used to create and track transactions in Bitcoin and Ether, respectively.

What is a virtual currency or virtual token or coin?

virtual currency is a digital representation of value that can be digitally traded and functions as a medium of exchange, unit of account, or store of value.  Virtual tokens or coins may represent other rights, as well. Accordingly, in certain cases, the tokens or coins will be securities and may not be lawfully sold without registration with the SEC or pursuant to an exemption from registration.

What is a virtual currency exchange?

A virtual currency exchange is a person or entity that exchanges virtual currency for fiat currency, funds, or other forms of virtual currency. Virtual currency exchanges typically charge fees for these services. Secondary market trading of virtual tokens or coins may also occur on an exchange. These exchanges may not be registered securities exchanges or alternative trading systems regulated under the federal securities laws. Accordingly, in purchasing and selling virtual coins and tokens, you may not have the same protections that would apply in the case of stocks listed on an exchange.

Who issues virtual tokens or coins?

Virtual tokens or coins may be issued by a virtual organization or other capital-raising entity. A virtual organization is an organization embodied in computer code and executed on a distributed ledger or blockchain. The code, often called a “smart contract,” serves to automate certain functions of the organization, which may include the issuance of certain virtual coins or tokens. The DAO, which was a decentralized autonomous organization, is an example of a virtual organization.

The Investor Bulletin continues with warnings to potential investors, including to be aware that the federal securities laws require either registration or an exemption from registration for an offer and sale of securities. The Investor Bulletin points potential investors to the EDGAR database to find registration statements, and reminds investors that exemptions usually are limited to accredited investors.

Further, the Investor Bulletin discusses disclosure obligations and sets forth key information that an investor should be informed of, such as use of proceeds, management and business plans.

The Investor Bulletin points out that even if there has been a fraud or theft, their rights may be limited do to the nature of ICO’s in general, including that they can be autonomous, the inability to trace money, the international scope of offerings, that there is no central controlling authority and that there is no method to freeze or secure virtual currency.  Finally, the Investor Bulletin points to the usual red flags, including “guaranteed” high returns or low risk, unsolicited offers, sounds too good to be true, buying pressure, no net worth or other investor requirements and unlicensed sellers.

Inquiries of a technical nature are always encouraged. Contact us now.

An Introduction To Distributed Ledger Technology (Blockchain Technology)

On July 13, 2017, FINRA held a Blockchain Symposium to assess the use of distributed ledger technology (DLT) in the financial industry, including the maintenance of shareholder and corporate records. DLT is commonly referred to as blockchain. The symposium included participation by the Office of the Comptroller of Currency, the US Commodity Futures Trading Commission (CFTC), the Federal Reserve Board and the SEC.

FINRA also published a report earlier in the year discussing the implications of DLT for the securities industry. Delaware, Nevada and Arizona have already passed statutes allowing for the use of DLT for corporate and shareholder records. This is the first in many blogs that will discuss DLT as this exciting new era of technology continues to unfold and impact the securities markets. In this blog I will discuss FINRA’s report published in January 2017 and in the next in the series, I will summarize the recent SEC investigative report on initial coin offerings and conclusion that cryptocurrencies and tokens are securities. In a follow-on blog, I will summarize the state blockchain legislation to date, including Delaware’s groundbreaking statute.

Blockchain is an openly distributed database which is used to continuously maintain a list of records, called blocks. Each new block is linked to prior blocks in such a way that data cannot be retroactively changed in a prior block without changing all blocks, which is virtually impossible. A DLT ledger is shared among a network of participants, instead of relying on a single central ledger.

Ultimately the blockchain technology could be used to maintain shareholder records in a secure immediate form as well as to process capital markets trades instantaneously. It is thought that stock ledgers and any transfers would be updated instantaneously, effectively allowing for T+0 settlement of trades without the need for intermediaries. A change of this magnitude is many years away as effective regulation and consideration on market impacts will take time. For more on trade settlements, see HERE.

The technology is already being utilized, most notably by the cryptocurrency industry. At least one industry leader, Overstock CEO Patrick Byrne’s t0 Technologies, has created a system that could form the basis for widely used blockchain technology which disrupts the capital market trading systems. I don’t expect quick changes to trading systems and settlement. Blockchain remains widely unregulated and without consensus from top financial regulators, any change to capital market structures will face roadblocks. However, I expect that the ability for public companies to maintain stock ledgers using DLT technology will be forthcoming very soon.

FINRA Report on Distributed Ledger Technology and Implications of Blockchain for the Securities Industry

On July 13, 2017, FINRA held a Blockchain Symposium to assess the use of distributed ledger technology (DLT) in the financial industry.  The symposium followed FINRA’s January 2017 report on DLT and its implications for the securities industry. In recent years, over $1 billion has been invested by various market participants to explore the use of DLT in the financial services industry. Although the level and speed of disruption to current systems remains debated, it is universally agreed that DLT will be utilized in the securities industry. DLT has the potential to completely change business models and practices and as such, regulators realize the necessity to be actively engaged to prepare for the new regime. On a positive note, FINRA views DLT as having the potential to provide investors with greater access to services and transparency and to provide firms with increased operational efficiencies and enhanced risk management.

Many aspects of FINRA’s rules and areas of responsibilities can be impacted by DLT, including, for example, clearing arrangements (it is thought that DLT can eliminate middle-market participants involved in the clearing process), recordkeeping requirements, and trade and order reporting and processing. In addition, FINRA rules such as those related to financial condition, verification of assets, anti-money laundering, know-your-customer, supervision and surveillance, fees and commissions, payment to unregistered persons, customer confirmations, materiality impact on business operations, and business continuity plans also may to be impacted depending on the nature of the DLT application.

DLT is already being used in the securities markets in the form of initial cryptocurrency offerings (ICO’s) and in states that have passed corporate statutes allowing for the use of the technology to maintain corporate and shareholder records. On July 25, 2017, the SEC issued a report on an investigation related to an ICO by the DAO and statements by the Divisions of Corporation Finance and Enforcement related to the investigative report. Although I will write an in-depth blog on the report and statements in the coming weeks, the SEC concluded that the fundamental tenets related to the definition of a security apply and that cryptocurrenciesand tokens that fall within that definition are securities, subject to SEC regulations, regardless of the title or form they may take. For more on decoding what is a security, see HERE.

FINRA’s report on DLT is broken down into three sections including: (i) overview of distributed ledger technology; (ii) DLT securities industry applications and potential impact; and (iii) factors to consider when implementing DLT. FINRA also discussed regulatory requirements and potential changes related to DLT. I will summarize each section with my usual commentary and input.

Overview of Distributed Ledger Technology

DLT involves a distributed database maintained over a network of computers where information can be added by the network participants.  Each added layer of information or data is referred to as a block. The network participants can share and retain identical cryptographically secured information and records.

DLT uses either a public or private network. A public network is open and accessible to anyone that joins, without restrictions. All data stored on a public network is visible to anyone on the network, although it is encrypted. A public network has no central authority and relies solely on the network participants to verify transactions and record data on the network. Algorithm and computational technology is used to protect the integrity of the data.

A private network is limited to individuals and entities that are granted access by a network operator. Access can be tiered with different entities being allowed differing levels of authority to transact and view data. In the financial services industry, it is likely that networks will be private.

The transactions and data on the network usually represent an underlying asset that may be digital assets, such as cryptosecurities and cryptocurrencies, or a representation of a hard asset stored offline (a token representing an interest in a gold bar, for example). Assets on a DLT network are cryptographically secured using public and private key combinations. The public key combination allows access to the network itself, and the private key is for access to the asset itself and is held by the asset holder or its agent.

A transaction may be initiated by any party on the network that holds assets on that network. When a transaction is initiated, it is verified using a predetermined process that can be either consensus-based or proof-of-work based, although new verification processes are being explored. In layman’s terms, the verification process is based on computer computations. The settlement of the transaction is occurs when verification is completed. Currently this can occur immediately or take a few hours.

Once verified, a transaction is “cryptographically hashed” and forms a permanent record on the DLT network. Records are time-stamped and displayed sequentially to all parties with network access. Currently, historical records cannot be edited or changed, though technology is being developed to change that.

DLT Securities Industry Applications and Potential Impact

Currently, market participants are experimenting with several uses of DLT within the market infrastructure and ecosystem. DLT can be used in specific markets, such as debt, equity and derivatives, and in specific market functions, such as clearing. Many discrete applications exist for the use of DLT, including, for example, clearing arrangements, recordkeeping requirements, and trade and order reporting and processing. In addition, DLT can impact financial condition recordkeeping and reporting, verification of assets, anti-money laundering, know-your-customer, supervision and surveillance, fees and commissions, payment to unregistered persons, customer confirmations, materiality impact on business operations, and business continuity plans.

The most common current use of DLT is related to private company equities. DLT can be used to track transfers, maintain shareholder records and for capitalization tables. Nasdaq has utilized DLT technology to complete and record a private securities transaction using its Nasdaq Linq blockchain ledger technology. The Nasdaq platform allows private companies to use DLT to record and track trading of private securities.

DLT will eventually be used for public company equities, but the regulatory aspects are behind the technology. However, Overstock’s Patrick Byrne has created and launched a private platform to allow for public trading of securities using blockchain, called t0 Technologies. The platform only currently trades Overstock’s digital shares, but as an SEC licensed alternative trading system (ATS), the foundation is in place for utilizing the platform to launch and trade public offerings of third-party securities.

The debt market also sees the benefit of DLT. The current average settlement time for the secondary trading of syndicated loans is approximately a month. The repurchase agreement marketplace is filled with inefficiencies, as is the trading market for corporate bonds.  DLT could be used in all aspects of these markets. It is thought that DLT can also be used to automate the derivative marketplace and create greater transparency.

DLT technology is being worked on to create operational processes with the securities industry itself as well, including by creating central repositories of standardized reference data for various securities products, creating efficiencies for all participants. DLT can also centralize identity management functions, on a global scale.

In addition to the centralization of data, DLT can be used to process transactions by using overlaid software. For example, “smart contracts” can be created that would automatically execute agreed-upon terms in a contract based on certain triggering events. Smart contracts can be used for escrow arrangements, collateral management and corporate actions such as dividends and splits.

In addition to discrete areas, DLT can have market-wide impacts as well.  One area that is gaining traction is the clearing process.  Overstock’s platform is called t0 as a play on the widely used T+2 (formerly T+3) time for settlement. t0 references the immediate clearing and settlement of trades using DLT technology. However, despite the technological abilities, FINRA notes that it is unclear what the ideal settlement time would be for various segments of the securities market. Some market participants advocate for a netting and end-of-day settlement rather than a real-time contemporaneous process.

Real-time settlements would also impact short trading and other hedging transactions, including by market makers. On the positive side, it is thought that real-time settlement will reduce market risk, free up collateral and create overall efficiencies. As FINRA notes, it is likely that considerations related to settlement times will differ based on asset type, volume of transactions, liquidity requirements, impact on market makers and current market efficiencies.

Clearly DLT will increase market transparency. The basis of the technology is a series of blocks with a complete history available for view by network participants. Market participants and the investing public could be provided with access to relevant information on the network without the need to create a new reporting infrastructure. FINRA notes that regulators need to consider the benefits of such total transparency and the counter need to protect privacy, personally identifiable information and trading strategies. Also, consideration must be given to the need to ensure that material information available to a private network does not disadvantage the rest of the public.

DLT has the ability to alter or even eliminate the roles of intermediaries in the securities industry. The process of executing a trade as well as the subsequent settlement and clearing of such trade could be done directly between the issuing company and purchaser or third-party buyers and sellers. In addition, the need for market participants that effectuate transaction netting and maintenance of margin requirements could be reduced or eliminated.

The operational risks associated with the securities markets can be changed including sharing information over a network of multiple entities, the use of private and public keys to obtain access to assets, the use of smart contracts and other automated operations. The very nature of DLT as a shared network creates cybersecurity risks and the need for robust countermeasures.

Factors to Consider When Implementing DLT

As discussed, DLT applications have already impacted the securities industry. Many financial institutions have already established in-house or third-party research teams to build and test DLT networks and applications. FINRA’s report provides a good high-level summary of the obvious factors to consider with implementing DLT technology in capital markets, including governance, operational structure and network security.

Governance

A basis of DLT technology is that it is an open network with no centralized governing power or operator. FINRA notes that although there are benefits to this system, there are also issues, such as how to handle a large volume of transactions effectively. As a result, closed networks have started where participants are pre-vetted trusted parties. In the capital markets, questions will need to be answered related to the operation of the network and who has responsibility for what aspects—for example, who would decide governance and internal controls and procedures, who would enforce these governance rules, who would be responsible for day-to-day operations including addressing system failures or technical issues, how errors would be rectified and conflicts of interests addressed.

Operational Structure

Any DLT Network will need to consider its operational structure including a framework for: (i) network participant access and related onboarding and offboarding procedures; (ii) transaction validation; (iii) asset representation (such as shares of stock); and (iv) data and transparency requirements.

A network will need to establish criteria and procedures for establishing and maintaining participating members and determining their level of access. Controls and procedures will need to address: (i) criteria for participants to gain access to the network; (ii) a vetting and onboarding process including identity verification and user agreements; (iii) an offboarding process for both involuntary offboarding as a result of noncompliance and voluntary offboarding; (iv) monitoring and enforcement procedures for compliance with rules of conduct; (v) establishing various levels of access; and (vi) access for regulators.

Networks will need to determine a method for transaction validation. In the short history of blockchain, there have already been different methodologies. Validation could be consensus-based, single-node verifier or multiple-node verifier. Each method has pros and cons, and the specific algorithms and processes would need to be ferreted out.

On the topic of asset representation, networks will need to determine if the actual asset will be directly issued digitally (which only works for certain assets such as intangibles, stock or agreements representing ownership interests) or issued traditionally and be tokenized on the network. If tokenized, further thought must be given to security, handling loss or theft of the underlying asset, fractionalization issues, handling changes such as reverse or forward stock splits or conversions, and new issuances as some examples.

Likewise, thought must be given to the handling of cash on the network, including the settlement of transactions. In that regard, could tokens become a form of cash and if so, how would they ultimately be converted into established government currencies?  Ownership in almost any asset could also be tokenized (such as diamonds, gold, precious metals, art, etc.), creating issues of custodianship and security for the underlying asset. Intangible assets would be relatively easy to tokenize. Fungible assets would be easier than non-fungible assets, with unique assets being the most difficult.

A network will need controls and processes related to data transparency including public or shared information versus private information.

Network Security

In addition to the security of the underlying asset, there are security concerns with the network itself. The issue is more complex due to the decentralized nature of, and global access and participants to, the network. A DLT Network must have security for external and internal risks while maintaining the privacy of personal information for network participants.

Network participants will need to consider: (i) how DLT fits within their current recordkeeping framework including maintenance and backup systems; (ii) cybersecurity issues, including hacking, phishing, malware and other forms of threats and program and testing requirements; (iii) updating written supervisory procedures and policy procedures; and (iv) business controls for identity and transaction verification and fraud prevention.

Regulatory Considerations

Broker-dealers are currently exploring issuing and trading securities, facilitating automated actions such as dividend payments and maintaining transaction records on a DLT network. These areas are regulated by both the SEC and FINRA. The FINRA report points out the potential for a “paradigm shift for several traditional processes in the securities industry through the development of new business models and new practices incorporating DLT” that requires regulatory attention.

I personally believe this shift will occur in a shorter period of time than some others predict. I can see a time in the not-too-distant future where the role of transfer agents is minimalized or completely changed to a reviewer of opinion letters for legend removals; the DTC will be drastically changed and much less powerful; there will no longer be a separation between clearing firms and introducing brokers and all trades will clear instantaneously (t+0).

The FINRA report specifically discusses some major areas of consideration including: (i) customer funds and securities; (ii)

Customer Funds and Securities

DLT will create new ways to hold customer funds and securities and thus custodial changes. Broker-dealers that hold funds and securities must generally comply with Exchange Act Rule 15c3-3, which generally requires the broker to maintain physical possession or control over the customer’s fully paid and excess margin securities. Where funds and securities are purely digital, such as cryptosecurities, consideration will need to be made over how they are accounted for and who has the obligation. In addition, certain activities and access levels could amount to “receiving, delivering, holding or controlling customer assets” such as having access to a private key code for a customer.

Also potentially implicated in this area are Exchange Act Rule 15c3-1 related to net capital requirements, FINRA Rule 4160 on verification of assets and Exchange Act Rule 17a-13 related to quarterly security accounts.

Broker-Dealer Net Capital

Exchange Act Rule 15c3-1 requires a firm to maintain a minimum level of net capital at all times. The FINRA Rule 4100 series sets forth the rules and requirements for complying with net capital requirements including calculations and which assets are allowable or non-allowable within those calculations. Regulations need to address how cryptosecurities, digital currency, and tokens in general will be accounted for, for purposes of net capital calculations.

Books and Records Requirements

Exchange Act Rule 17a-3 and 17a-4 and FINRA Rule 4511 regulate book and record requirements for broker-dealers. DLT allows books and records to be maintained on the network itself, though consideration must be made as to how this will comply with regulations, and what changes need to be made with the regulations to update for the new technology.

Clearance and Settlement

It is my view that DLT could have the biggest impact on clearance and settlement from a pure industry disruption viewpoint. FINRA notes, “Depending on how trade execution and settlement is ultimately structured, broker-dealers and other market participants may wish to consider whether any of their activities in the DLT environment meet the definition of a clearing agency and whether corresponding clearing agency registration requirements under Section 17A of the Exchange Act would be applicable.”

In addition, as mentioned, DLT could eliminate the distinction between introducing and clearing brokers and the corresponding carrying agreement rules.

Anti-Money Laundering and Customer Identification Programs

DLT allows for global and anonymous participation, and accordingly practices and regulations will need to address anti-money laundering (AML) and customer identification obligations (CIP). The Bank Secrecy Act of 1970 requires controls and procedures to detect and prevent money laundering. FINRA Rule 3310 addresses AML obligations.  For more on this topic, see HERE.

In addition, FINRA Rule 2090, the Know Your Customer (KYC) rule, requires firms to “use reasonable diligence, in regard to the opening and maintenance of every account, to know (and retain) the essential facts concerning every customer and concerning the authority of each person acting on behalf of such customer.” Technology is already being explored to centralize identity management functions such that once a customer identity is verified, the information can be shared with all network participants. Obviously this would greatly streamline processes for broker-dealers and customers alike.

It is likely that DLT technology will surpass regulatory changes in the AML/CIP/KYC sectors. The FINRA report notes that the current rules allow a firm to outsource functions to third parties, but not overall responsibility. Accordingly, a firm could utilize DLT technology for these functions now if they can fashion internal controls and procedures that comply with the ultimate rule responsibilities.

Customer Data Privacy

Broker-dealers have an obligation to protect personal customer information (Regulation S-P). The rules also require that a firm provide an annual notice to customers related to the protection, and sharing, of their personal information. DLT by nature will include customer information and transaction histories that will be available to network participants. Regulations, as well as internal controls and procedures, will need to adapt for DLT technology.

Trade and Order Reporting Requirements

FINRA regulates the trading and order reporting requirements for the over-the-counter (OTC Markets) and requires certain reports to a centralized Securities Information Processor for listed securities. DLT may be soon be used for the facilitation of OTC Markets equity transactions. This may involve tokenizing existing securities and trading on a different network. FINRA Rule 6100 Series (Quoting and Trading in NMS Stock), Rule 6400 Series (Quoting and Trading on OTC Equity Securities), Rule 4550 Series (Alternative Trading Systems) and Rule 5000 Series governing offering and trading standards and practices would all be implicated.  I note that t0 Technologies has registered as an ATS.

Supervision and Surveillance

DLT networks will present new and unique challenges related to maintaining supervisory rules and procedures as well as surveillance systems themselves. This area includes the ability to review customer accounts and correct order errors. Like other areas of DLT technology, centralized systems available to all network participants are being developed that can perform some of these functions.

Fees and Commissions

Certain additional fees may be necessary for a DLT network, such as wallet management, key management and on-boarding, whereby other areas may reduce fees as centralization brings economies. In addition, consideration must be given to the payment of fees to third parties that are not registered broker-dealers but that provide DLT outsource functions.

Customer Confirmations and Account Statements

Exchange Act Rule 10b-10 requires firms to provide customers with certain records including trade confirmations and account statements.  DLT technology will change the flow and availability of information.

Material Impact on Business Operations

NASD Rule 1017(a)(5) requires broker-dealers that undergo a material change in business operations to file a Continuing Membership Application (CMA) prior to implementing the material change. Many of the aspects of DLT technology may result in a material change and broker-dealers need to consider the need to file 1017 applications.

Business Continuity Plans

FINRA Rule 4370 requires broker-dealers to maintain business continuity plans. Firms must consider the impact of DLT technology on their plans and update accordingly.

What Is A Security? The Howey Test And Reves Test

Sometimes it’s good to go back to basics.  In my blogs I often refer to the registration and exemption requirements in the Sec,urities Act of 1933 as amended (“Securities Act”).  Section 5 of the Securities Act makes it unlawful to offer or sell any security unless a registration statement is in effect as to that security or there is an available exemption from registration.  Similarly, I often refer to the broker-dealer registration requirements.  To be a “broker” or “dealer,” a person must be engaged in the business of effecting transactions in securities.

In today’s small cap world corporate finance transactions often take the form of a convertible note and/or options and warrants, the conversion of which relies on Section 3(a)(9) of the Securities Act.  Section 3(a)(9) is an exemption available for the exchange of one security for another (such as a convertible note for common stock).  Likewise, Rule 144(d)(3)(i) allows the tacking of a holding period where the securities being sold were acquired solely in exchange for other securities of that company.  In the wake of the SEC actions against E-Trade, brokerage firms have been examining whether the underlying “note” is indeed a security qualifying for the use of Section 3(a)(9) and Rule 144 tacking of a holding a period.  (See Here )

Moreover, where a transaction involves a security, the anti-fraud provisions and accompanying rights and remedies found in the state and federal securities laws will apply.

Clearly the overriding question of “what is a security” is fundamental to the analysis of security law matters.  Surprisingly (or not), what would appear to be a simple definitional discussion actually involves a lengthy and complex area of the securities laws.  Accordingly this blog is merely a high-level discussion as to what is a security, and specifically excludes a discussion of derivatives, which will be the topic of a future blog.

Statutory Definitions

Both the Securities Act and the Securities Exchange Act of 1934 (“Exchange Act”) contain definitions of a security.

Section 2(a)(1) of the Securities Act defines a security as:

The term “security” means any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or, in general, any interest or instrument commonly known as a “security”, or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing.

Section 3(a)(10) of Exchange Act defines a security as:

The term “security” means any note, stock, treasury stock, security future, security-based swap, bond, debenture, certificate of interest or participation in any profit-sharing agreement or in any oil, gas, or other mineral royalty or lease, any collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or in general, any instrument commonly known as a “security”; or any certificate of interest or participation in, temporary or interim certificate for, receipt for, or warrant or right to subscribe to or purchase, any of the foregoing; but shall not include currency or any note, draft, bill of exchange, or banker’s acceptance which has a maturity at the time of issuance of not exceeding nine months, exclusive of days of grace, or any renewal thereof the maturity of which is likewise limited.

The definitions are substantially similar and are not intended to be treated differently in application.  It was the congressional intent that the definition of security be very broad to encompass all forms of investment instruments and contracts that may be used in the commercial world.

Notably, the statutory definition contains qualifying language—to wit, “unless the context otherwise requires” which requires a facts and circumstances analysis of the particular matter in question where such facts and circumstances reasonably raise questions as to whether a security is involved or intended in a particular transaction.

SEC v. W.J. Howey Co.

The landmark U.S. Supreme Court case interpreting the definition of an “investment contract” as a security is SEC v. W. J. Howey Co., 328 U.S. 293 (1946), the result of which has become commonly known as the “Howey Test.”

Under the Howey Test, whether an investment instrument is a security requires a substance-over-form analysis.  Clearly a “stock” or “bond” is a security, but an investment contract can take many different forms and its underlying character may not be as easily recognizable.  The Howey Test defines an investment contract as follows:

“… an investment contract for purposes of the Securities Act means a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party…. Such a definition…permits the fulfillment of the statutory purpose of compelling full and fair disclosure relative to the issuance of the many types of instruments that in our commercial world fall within the ordinary concept of a security…. It embodies a flexible rather than a static principle, one that is capable of adaptation to meet the countless and variable schemes devised by those who seek the use of the money of others on the promise of profits.”

To further break down the analysis, Howey established a four-part test.  In particular, an investment contract exists where there is:

(i) An investment of money – Although in Howey the term “money” was used, subsequent case law has expanded this concept to include any form of consideration with value.

(ii) In a common enterprise – The subsequent court cases are not consistent regarding the meaning of a “common enterprise.”  The majority of federal courts define a common enterprise as involving “horizontal commonality,” which involves the pooling of money or assets from multiple investors whereby the investors share in the profits and risk in some proportion.

However, another group of federal courts define a common enterprise as involving “vertical commonality,” which focuses on the relationship of the parties.  In vertical commonality, the investor’s profit or loss is subject to the efforts of the promoter putting together the deal, regardless of the existence or status of other investors.  Vertical commonality can further be broken down into “broad vertical commonality” whereby the promoter’s profits are not tied to the investor’s profits and “narrow vertical commonality” whereby the promoter only profits if the investor profits.

The bottom line is that if a commonality of enterprise is found, regardless of the form it has taken, this factor in the test will be satisfied.

(iii) With an expectation of profits – Profits can either be in the form of capital appreciation, cash return on investment or other earnings (including dividends or interest).  Profits for purposes of the Howey Test refers particularly to a return to the investor and not necessarily the success of the enterprise as a whole.  A Ponzi scheme clearly involves a security, even though the enterprise itself is designed to be a failure.

The analysis turns on a finding that the investor is motivated by a return on his investment. So for instance, in a later case, the court found that sale of shares in a housing cooperative that were bundled with the cost of the apartment itself and used for common operating expenses and upkeep of the building, did not give rise to a securities transaction where the investors were attracted solely by the prospect of acquiring a place to live, and not by financial returns on their investments.

However, courts have found that the sale of a condominium unit itself can be a security where (i) the offer of the unit is accompanied with an opportunity to participate in a rental pool; (ii) the offer of the unit requires use of an exclusive rental agent; (iii) the offer of a unit that limits time of use of the owner or involves shared ownership (time share arrangements); or (iv) advertising the sale of a unit with an emphasis on economic benefit (such as rental income or tax benefits).

(iv) Which are derived solely from the efforts of the promoters or third parties – The efforts of the promoter(s) or third party(ies) must be undeniably significant in the success or failure of the enterprise.

Applying the Howey Test, courts have interpreted a security to include such diverse items as citrus groves, warehouse receipts, chinchillas, minks, diamonds, bullion, pay phones, real estate and equipment, and condominium units, when they were offered or sold under circumstances involving the investment of money and expectation of a return through the efforts of others.

The Howey Test actually interprets an “investment contract” in the context of the statutory definition and, as later clarified by the Supreme Court in Landreth Timber Co. v. Landreth, is not meant to be used to decide whether all securities are indeed a “security.”  Accordingly, even though where the sale of a business is completed through the sale of stock or other equity interests, the ultimate success of the investment is dependent on the efforts of the investor/buyer, the stock or other equity is clearly a security in the statutory definition and the Howey Test does not apply.  In particular, Landreth confirms that where a business is sold via the sale of the equity in the business, it is a security and the registration and exemption provisions of Section 5, broker-dealer registration requirements under the Exchange Act and anti-fraud provisions under both the Securities Act and Exchange Act apply.

Promissory Notes – Reves v. Ernst & Young

Although the term “note” is specifically included in the statutory definition of a security, case law has determined that not every “note” is a security.  The Exchange Act and SEC specifically exclude notes with a term of less than nine months, the proceeds of which are used for a current transaction, from the definition of a “security.”  Moreover, numerous lower courts had carved out exemptions over the years for commercial paper type notes such as purchase money loans and privately negotiated bank loans.

Relying on Howey, many courts developed an analysis based on the risk of the loan.  That is, the issue revolved around whether the lender had contributed “risk capital” subject to the entrepreneurial or managerial efforts of the borrower.  Relying on Landreth, other courts decided a “note” is a security as it appears in the statutory definition.

Analyzing and bringing together the line of lower court opinions, the U.S. Supreme Court in Reves v. Ernst & Young, 494 U.S. 56 (1990) adopted the “family resemblance” test to determine whether a note is a security.

Under the “family resemblance” test, one must start with the presumption that a note is a security which presumption is rebutted if the note bears a resemblance to one of the enumerated categories on a judicially developed list of exceptions.  If the “note” does not bear a resemblance to an item on the list, the analysis continues to determine if a new category should be added to the list.

The following is a list of notes that have judicially been determined to fall outside the definition of a “security”:

(i) a note delivered in consumer financing;

(ii) a note secured by a mortgage on a home;

(iii) a  short-term  note  secured  by  a  lien  on  a  small  business  or some of its assets;

(iv) a note evidencing a character loan to a bank customer;

(v) a short-term  note  secured  by  an  assignment  of  accounts receivable;

(vi) a note which simply formalizes an open-account debt incurred in the ordinary course of business (particularly if, as in the case of the customer of a broker, it is collateralized); and

(vii) a  note  evidencing  loans  by  commercial  banks  for  current operations.

In determining whether a note bears a resemblance to one of the enumerated exceptions to a security, or whether a new exception should be added, the courts consider:

(i) The motivation of seller and buyer – The first factor is described as the motivation that prompts “a reasonable seller and buyer to enter into” the transaction.  If the seller’s motivation is to raise money for his/her business and the buyer’s motivation is to earn profits, then the note is likely a security.  Even if the note is not necessarily characteristic of a security, if the investor reasonably expected that they were buying a security, and would be protected by the accompanying securities laws, the courts can determine that indeed a security has been sold.

(ii) The plan of distribution of the instrument – The second factor determines whether the instrument is being distributed for investment or speculation.  If the note instrument is being offered and sold to a broad segment or the general public for investment purposes, it is a security.

(iii) The reasonable expectations of the investing public – An instrument will be deemed a security where the reasonable expectation of the investing public is that the securities laws (and accompanying anti-fraud provisions) apply to the investment.

(iv) The presence of alternative regulatory regime – The fourth and final factor is a determination whether another regulatory scheme “significantly reduces the risk of the instrument, thereby rendering the application of the Securities Act unnecessary.”  The FDIC and ERISA laws are two such examples.

Both before and after Reves, the issue of whether bank notes or CD’s are a security has been often litigated.  In Marine Bank vs. Weaver, 455 U.S. 551 (1982), the U.S. Supreme Court held that a federally insured bank CD is not a security. In that case the court relied heavily on the fact that the bank was federally regulated and the subject CD was federally insured.  The Court stated that CDs could be securities subject to the Act in other contexts, and that instruments “must be analyzed and evaluated on the basis of the content of the instruments in question, the purposes intended to be served and the factual setting as a whole.”

The exclusion for a note which simply formalizes an open-account debt incurred in the ordinary course of business warrants further discussion.  Under this analysis a note evidencing a trade payable such as for office supplies or attorney’s fees is not a security and Section 3(a)(9) may not be relied upon to exchange such a note for common stock.  However, such a note could be considered a security such as where the note is convertible into common stock and represents an investment decision by the creditor to exchange its trade debt for a security of the company.  In such a case, though, the creditor could not rely on Rule 144 to tack onto the holding period of the trade payable, as the trade payable itself is not a security.