Last week, U.S. District Judge Gonzalo Curiel of the Southern District of California reversed his previous November 2018 order and issued a preliminary injunction against Blockvest LLC (Blockvest) and its founder, Reginald Buddy Ringgold, III, after finding that the Blockvest token (BLV token) met the definition of an investment contract under the Howey test and was therefore a security. While we are keen to see an example of a digital asset that falls outside the definition of a security either through application of the Howey test or a new test, we are relieved that Judge Curiel did not use the Blockvest case to set forth this precedent.
Blockvest and its BLV token – like many initial coin offerings (ICOs) – had a website and a whitepaper, and conducted a pre-sale (claiming to have raised $2.5 million in seven days). However, Mr. Ringgold later allegedly said that BLV tokens were never sold to the public and only 32 pre-vetted “testers” with a personal relationship to him collectively invested less than $10,000 of Bitcoin and Ether into the Blockvest Exchange. It was under these disputed facts that Judge Curiel initially held that the BLV token was not a security.
Upon reconsideration, though, the judge looked more expansively at the promotional materials, the whitepaper, and the use of social media surrounding the BLV token ICO. He found that any legitimate aspects of the BLV token were dwarfed by the numerous alleged fraudulent misrepresentations by Blockvest, including:
That the BLV token is “registered” and “approved” by the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and the National Futures Association (NFA);
That Blockvest “partnered” with and is “audited by” Deloitte Touche Tohmatsu Limited (Deloitte); and
That Blockvest is overseen by the fictitious Blockchain Exchange Commission (BEC), which has a seal, logo, and mission statement nearly identical to those of the SEC (conveniently enough, the BEC also shares the same address as the SEC).
Based on this collection of evidence, Judge Curiel found that the BLV token satisfied the three elements of the Howey test – (1) an investment of money (2) in a common enterprise (3) with an expectation of profits produced by the efforts of others. (Judge Curiel, though, still continues to believe that there are disputed issues of fact with respect to the offers and promises made to the testers and other investors.)
In issuing the preliminary injunction, Judge Curiel also found a reasonable likelihood that the fraudulent conduct would be repeated. In his earlier order, Judge Curiel was satisfied by Mr. Ringgold’s statements that he intended to comply with the federal securities laws and that he had ceased all efforts to proceed with the ICO. As to the fraudulent misrepresentations noted above, Mr. Ringgold acknowledged that “mistakes were made.” Judge Curiel now seems less sympathetic to Mr. Ringgold, questioning how creating a fictitious agency that so closely resembles the SEC could merely be a “mistake.” It also appears that the decision of Blockvest’s counsel to withdraw, after being asked to file documents that it could not certify were factually or legally supported, influenced the judge’s view that the alleged fraud is likely to continue.
In sum, this preliminary injunction is a victory for the SEC – and a favorable outcome for the cryptocurrency community. If the alleged fraudulent activities were capable of skirting the federal securities laws, the reputation of the industry could have suffered and the potential for unnecessary and potentially reactive legislative fixes could have intensified.
And while we do not share SEC Chairman Jay Clayton’s view that all token offerings are securities, we agree with him and the SEC that the BLV token is not the example that disproves this view. Judge Curiel – in reversing his previous order and holding that the BLV token is a security – has essentially saved for another day an example of when a token issued through an ICO is not a security. The wait continues.
The Global Blockchain Business Council (GBBC) recently published its 2019 Annual Report, “Beyond the Hype: Building Blockchains for Real World.” The report provides a comprehensive update on the global regulatory landscape surrounding blockchain technology along with an overview of some of the blockchain solutions being built by GBBC members.
Steptoe authored an overall insights piece, titled “Regulation in the US: Where are We, and Where are We Going?,” which looks at where the United States stands in terms of regulation and predicts what we’ll see in terms of regulation in 2019. Steptoe also provided regulatory updates for the United States as part of a global regulatory overview, with specific insights on ICO regulation in the US.
Last month the Texas Department of Banking published an updated supervisory memorandum discussing the application of the state’s money transmitter law to digital assets. Nearly every state has a money transmitter statute regulating businesses engaged in the transfer of money within that state, but states vary considerably with respect to how their laws apply to digital assets. A number of states, including Texas, have taken the position that their money transmitter laws apply only to fiat currency and not cryptocurrency. Such laws might still apply to a cryptocurrency company, for example one that exchanges cryptocurrency for fiat currency, but don’t govern companies that do not offer fiat-based services.
Most observers have assumed that stablecoins, a type of cryptocurrency tied to an underlying asset in order to promote price stability, would be treated like other types of cryptocurrency and not regulated in states whose laws apply only to fiat currency. However, the recent guidance from Texas, a fiat-only state, takes a more nuanced approach.
Under the new Texas guidance, stablecoins that are (1) backed by fiat currency and (2) issued with a redemption right to convert the stablecoin into fiat currency at a future date are considered “money or monetary value” under the Texas Finance Code and therefore may be subject to the state’s money transmitter licensure requirement. The guidance adds, “This is true regardless [of] whether the redemption right is expressly granted or implied by the issuer.”
Notably, the Texas guidance on such stablecoins appears to apply to any entity “receiving [the stablecoin] in exchange for a promise to make it available at a later time or different location.” This means that in addition to the issuer of the stablecoin, other entities dealing in the stablecoin, such as an exchange, may need to obtain a license to operate within Texas. This could have important implications for a variety of digital asset companies, including crypto-to-crypto exchanges, which may have previously viewed themselves as outside the scope of the state’s regulations.
The Texas guidance marks the first time a state regulator has explicitly addressed the issue of stablecoins. It remains to be seen whether other states with fiat-only money transmitter regimes will move to regulate fiat-backed stablecoins. In the meantime, the new Texas guidance will create an additional layer of complexity for digital asset companies seeking to comply with the complex and differing web of state money transmitter laws.
Have you ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines? Or whether distributing a permanent ledger to every participant in a network might run afoul of privacy laws and regulations? Data security and privacy are frequently part of the conversation about blockchain and technology in general, and they raise complicated legal issues for practitioners and clients to consider.
In a recent article for Practical Law, Jared Butcher offers in-depth analysis of these issues, surveying the rapidly evolving landscape where blockchain intersects with data security and privacy. The article focuses on the fundamentals that practitioners should understand when thinking about the cyber threats and potential vulnerabilities in blockchain applications. It then provides an overview of the developing privacy landscape, including the potential tension between blockchain’s immutability and the GDPR’s mandates such as the right to be forgotten. Although there are no easy answers, the article walks through the questions with an eye toward fostering a better understanding of the current state of blockchain security and privacy.
Click here to read the article, “Cybersecurity Tech Basics: Blockchain Technology Cyber Risks and Issues” and learn more about these issues.
Evan Abrams recently published an article on CIO Review titled “Blockchain and The Law: How a Simple Project can get Complicated Quickly.” In his article, Evan discusses a number of complex legal regimes that CIOs should consider when building enterprise blockchain applications. Companies should assess which legal regimes apply to their specific application from both a federal and state level and keep in mind the laws applying to blockchain technologies can change rapidly. At the federal level, oversight may come from the Department of Treasury’s Financial Crimes Enforcement Network, the Securities and Exchange Commission, the Commodity Futures Trading Commission, and the Internal Revenue Service, among others. Companies seeking to enter the blockchain space should also look at state regulation, which varies widely. For example, New York has adopted a regulatory regime known as the BitLicense that covers a variety of virtual currency business activity.
On December 17th, Alan Cohn hosted the 244th episode of The Cyberlaw Podcast. We took a deep dive into all things blockchain and cryptocurrency discussing recent regulatory developments and projections for 2019.
Our episode begins with Alan welcoming Will Turner, who recently joined Steptoe’s Corporate and Blockchain Practices as partner in the firm’s Chicago office. Will Turner explains why the crypto market became bear in 2018, associating this development to the increase in mergers & acquisitions activity in the crypto market. Moving into 2019, Will projects the “hot items” will be anti-money laundering and securities compliance. Evan Abrams discusses the joint statement issued by the Federal Reserve, the Federal Deposit Insurance Corporation, the Treasury’s Financial Crimes Enforcement Network, the Office of the Comptroller of the Currency, and the National Credit Union Administration urging use of technology to bolster anti-money laundering compliance. Abrams also highlights the New York Department of Financial Services (NYDFS) recent announcement authorizing Signature Bank, a New York State-chartered bank, to offer a digital payment platform that leverages blockchain technology called Signet. Finally, Josh Oppenheimer covers recent LabCFTC updates from the Commodity Futures Trading Commission. Oppenheimer also discusses the pledge the G20 nations made earlier this month regarding their commitment to regulate crypto-assets to further a resilient and open global financial system.
For the interview portion of our podcast, Alan welcomes back Gary Goldsholle, who joins the firm as partner, after serving nearly four years as deputy director and senior adviser of the Securities and Exchange Commission’s (SEC) Division of Trading and Markets. Goldsholle discusses some of the SEC’s recent activity, including charging two cryptocurrency companies who conducted initial coin offerings in violation of the securities registration rules and settling an order against EtherDelta for operating as an unregistered “exchange.” This activity has significant implications for the industry regarding regulatory oversight and enforcement of cryptocurrency companies.
You can read the full summary and listen to the podcast here.
Sanctions compliance considerations have always been an important factor for cryptocurrency companies, but a number of recent US government actions suggest regulators are increasingly focused on the intersection between digital currencies and economic sanctions. This intensified focus highlights the importance of sanctions compliance for blockchain-related companies, particularly for those considered US persons.
This increased focus has been building for a number of months. For example, in March of 2018, President Trump issued an Executive Order imposing certain sanctions on the Venezuelan government-issued digital currency known as the petro.
Last week, the US Department of Treasury’s Office of Foreign Assets Control (“OFAC”) took another step to ramp up sanctions against bad actors utilizing digital currency. OFAC designated two Iranian individuals who helped exchange bitcoin ransomware payments into Iranian rials on behalf of Iranians involved in the SamSam ransomware attack. In making those designations, OFAC listed specific digital currency wallet addresses associated with the designated individuals, marking the first time it has done so. According to Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker, “We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives.”
Property and interests in property of designated persons must be blocked when within the United States or the possession or control of a US person and US persons are generally prohibited from dealing with blocked persons. OFAC explains that, “Like traditional identifiers, these digital currency addresses should assist those in the compliance and digital currency communities in identifying transactions and funds that must be blocked and investigating any connections to these addresses.”
OFAC also published two new FAQs regarding sanctions compliance and digital currencies. The FAQs clarify that institutions holding digital currency required to be blocked pursuant to OFAC regulations must take steps to deny access by blocked persons to those assets. OFAC notes that institutions may choose to block “each digital currency wallet associated with the digital currency addresses that OFAC has identified as being associated with blocked persons, or opt to use its own wallet to consolidate wallets that contain the blocked digital currency (similar to an omnibus account).” The FAQs state the relevant institution must retain an audit trail allowing the digital currency to be unblocked only when legally authorized and that blocked digital currencies do not need to be converted into fiat currency. As with all blocked property, a report must be made to OFAC within 10 business days. The FAQs also explain that institutions may tell customers their digital currency has been blocked pursuant to OFAC regulations.
Last week’s designations and FAQs demonstrate that OFAC is continuing to increase its interest in digital currencies and we anticipate that the agency will identify additional wallet addresses in the future. Financial institutions have long been a popular target for US regulators and law enforcement officials, as evidenced by last month’s $1.4 billion settlement with Société Générale. As blockchain-related financial institutions continue to grow it seems likely that some of the attention previously focused on traditional financial institutions will shift toward their digital counterparts.
The Securities and Exchange Commission’s (SEC or Commission) November 16 announcement charging two cryptocurrency companies—CarrierEQ Inc. (d/b/a Airfox) and Paragon Coin Inc. (Paragon)—with conducting an initial coin offering (ICO) in violation of the securities registration rules should not come as a surprise to those in the industry. The SEC has repeatedly emphasized that issuers of securities—even those based on a blockchain or distributed ledger technology—must register such securities or comply with an applicable exemption from registration under the Securities Act of 1933 (the Securities Act). The Airfox and Paragon orders explain when the SEC will determine that a token offering constitutes a security, and the remedial measures that the SEC may require for token offerings that do not comply with the Securities Act. Following the announcement, the Commission’s divisions also put out a public statement outlining their views on digital asset securities issuance and trading. We view these actions as signals that the Commission is likely to ramp up its efforts to enforce the securities laws in the weeks and months to come.
As further discussed below, the Airfox and Paragon orders are noteworthy for indicating that there will be no free passes from enforcement for securities law non-compliance for any ICOs that occurred subsequent to the publication of the SEC’s July 2017 DAO Report and involved the offering of securities. It also is important to note the Commission effectively treated the DAO Report as the sufficient legal notice to the industry of securities law requirements even though the features of the Airfox and Paragon tokens were distinguishable from the DAO tokens. The Airfox and Paragon tokens did not, like the DAO tokens, confer equity interests and voting rights in an enterprise, but, rather, were offered to be a medium of exchange in each issuer’s ecosystem of goods and services. The orders also are noteworthy for establishing a regulatory process that can preserve the legality and value of the tokens going forward, rather than declaring them a worthless legal nullity.
Significantly, these ICOs also predated the SEC’s December 2017 settlement order against Munchee, Inc. (Munchee), which was the first time the agency announced that purely “ecosystem” tokens also could be securities. These orders effectively reiterate the Munchee analysis in applying the Howey Test. Thus, the SEC seems to be of the view that any issuance of such tokens after the DAO Report that did not comply with the requirements for securities offerings and secondary sales could face legal jeopardy for non-compliance. Such issuers will need to evaluate whether and how best to approach the SEC on these subjects.
Airfox and Paragon Settle SEC Registration Charges
On November 16, the SEC settled charges against Airfox and Paragon for failing to register tokens issued through ICOs in 2017 after the Commission warned the public in its DAO Report and Munchee cease-and-desist order that such offerings could be considered securities offerings. The settled orders against Airfox and Paragon—whose tokens issued through these two ICOs the SEC determined to be securities—require each company to pay monetary penalties, register the tokens as securities, and file periodic reports with the Commission. The companies also have agreed to conduct a claims recovery process for investors who purchased the tokens in the illegal offerings. Airfox and Paragon consented to the orders without admitting or denying the findings.
Airfox is a Massachusetts-based business that sold 1.06 billion AirTokens to more than 2,500 investors through an ICO. The ICO raised roughly $15 million for the stated purpose of creating and expanding an ecosystem where prepaid mobile phone users earn free or discounted data by interacting with ads. Airfox told its investors the new functionalities would be added over time, including the ability to transfer AirTokens between users, and, eventually, to use the tokens to buy and sells goods and services beyond mobile data. Airfox further advertised that the AirTokens would increase in value as a result of its efforts, and that Airfox would work to provide investors with the ability to trade the tokens on secondary markets.
Paragon is an online entity that sold PRG tokens to over 8,000 investors and raised approximately $12 million to develop and implement its plan to add blockchain technology to the cannabis industry and work towards legalizing cannabis. In its offering, Paragon described how the PRG tokens would increase in value as a result of Paragon’s efforts to create an “ecosystem” and that the tokens would be traded on secondary markets.
The Commission determined that both the AirTokens and PRG tokens were “securities” pursuant to the Howey Test and subsequent case law summarized in the DAO Report. It reasoned that purchasers in the offering would have had a reasonable expectation of obtaining future profit based on the companies’ efforts, which included the building out of the “ecosystem” where the tokens could be used so as to increase their value. The SEC charged Airfox and Paragon with violating Sections 5(a) and 5(c) of the Securities Act for offering and selling securities without first registering them as such or qualifying for an exemption from registration.
Both companies agreed, among other undertakings, to pay $250,000 in penalties, register the tokens as securities under Section 12(g) of the Securities Exchange Act of 1934 (Exchange Act), and file periodic reports with the Commission for at least one year. Registration of securities under Section 12(g) is accomplished by filing Form 10 with the Commission. The information required in Form 10 is similar to that which is required in Form S-1 (typically used for an initial public offering), with the exception of those disclosures that pertain to a securities offering. In addition, the Commission is permitting both companies to conduct an unregistered claims recovery process in lieu of registered rescission offerings. These processes still require the distribution of notices and claims forms approved by the SEC, and provide a three-month period for potential claimants to submit claims for losses from tokens purchased in the ICOs. The companies will be required to report to the SEC on their handling of the claims.
Unlike the first non-fraud ICO registration case against Munchee, which did not impose penalties and involved a simple refund of money to purchasers, the orders against Airfox and Paragon are the first non-fraud ICO registration cases to impose monetary penalties and require the securities to be registered with the Commission. The SEC did not impose penalties or include undertakings from Munchee because Munchee stopped its offering before delivering any tokens and promptly returned proceeds to its investors.
The orders against Airfox and Paragon are nearly identical, and demonstrate the SEC’s current thinking in applying the Howey Test to issuers who have sought to develop “ecosystems” around ICOs tokens. The orders note that the ICO purchasers in both cases had a reasonable expectation of profits, and that such profits would be derived from the significant entrepreneurial and managerial efforts of others who were to create the ecosystem.
As further explained below, though, the Commission did not choose to shut these offerings down completely. Rather, it has given the two companies the opportunity to provide their investors with the information they would have received if Airfox and Paragon had registered the tokens as securities prior to their offer and sale. Investors will be able to decide whether to partake in the claims process or continue to hold their tokens. The restraint the Commission applied here suggests it wants to encourage registration of tokens deemed to be securities over remedies that might completely stifle innovation. It still will not, however, excuse non-compliance with the federal securities laws.
SEC Continues to Apply Its Securities Laws
Underscoring the Commission’s seriousness in policing the issuance and sale of security tokens that are not properly registered or exempt from registration under the Securities Act, shortly after it announced the Airfox and Paragon settlements, the SEC Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets (the Divisions) issued a joint statement summarizing their views on digital asset securities issuance and trading, generally. The statement covered: (1) initial offers and sales of digital asset securities (including security tokens issued in ICOs); (2) investment vehicles investing in digital asset securities and those who advise others about investing in these securities; and (3) secondary market trading of digital asset securities.
In the statement, the Divisions first discussed the Airfox and Paragon settled orders and highlighted the monetary penalties and required undertakings imposed on the two companies. The statement notes the importance of the fact the investors in the two ICOs will soon receive the type of information they would have received had the ICOs been conducted in compliance with the Securities Act in the first place. Registration of the securities under Section 12(g) of the Exchange Act will lead to periodic reporting obligations. In allowing the offerings to continue if they become registered (rather than shutting them down completely), the Divisions suggest that they are willing to work with issuers to become compliant with the federal securities laws going forward.
Next, the Divisions reviewed the September 2018 order against Crypto Asset Management, LP, finding that the manager of a hedge fund formed for the purpose of investing in digital assets had improperly failed to register the fund as an investment company under the Investment Company Act of 1940 (Investment Company Act). The order also found that the fund’s manager was an investment adviser, and had violated the antifraud provisions of the Investment Advisers Act of 1940 (Advisers Act) by making misleading statements to investors. The statement reminds investment vehicles and those who advise others about investing to be aware of registration, regulatory, and fiduciary obligations under the Investment Company Act and the Advisers Act.
Finally, the Divisions discussed secondary market trading of digital asset securities, and, specifically, securities exchange and broker-dealer registration requirements. With respect to securities exchange registration, the statement revisits the Commission’s November 8 order against EtherDelta, which found that the company operated an unregistered securities exchange. EtherDelta provided a marketplace for bringing together buyers and sellers for digital asset securities through the combined use of an order book, a website that displayed orders, and a smart contract run on the Ethereum blockchain. (Read more about the EtherDelta order in our Steptoe Blockchain Blog post here.)
The statement asserts that the staff will apply a “functional approach” in determining whether a system constitutes an exchange under Exchange Act Rule 3b-16. The parameters of this functional approach, though, are less clear. The Divisions say that “. . . activity that actually occurs between the buyers and sellers—and not the kind of technology or the terminology used by the entity operating or promoting the system—determines whether the system operates as a marketplace and meets the criteria of an exchange.” Additionally, they say the analysis of whether a system is an exchange also includes “an assessment of the totality of activities and technology used to bring together orders of multiple buyers and sellers using ‘established non-discretionary methods’ under which such orders interact.”
Few would disagree with these positions and the statement does little to explain how the Divisions will apply its functional approach. For example, the statement continues, “[A]n entity that provides an algorithm . . . as a means to bring together or execute orders could be providing a trading facility” (emphasis added). It also says that if an entity arranges for other entities to provide the functions of a trading system that meet the definition of an exchange, “the entity arranging the collective efforts could be considered to have established an exchange” (emphasis added).
At this stage in the development of platforms trading digital assets, it would be helpful if the Divisions’ staff could be more precise in delineating between exchange and non-exchange activities, such as what types of algorithms would—and would not—constitute a trading facility, or how the exchange definition applies in a decentralized environment, in which the various functions of bringing together multiple buyers and sellers of securities are provided by distinct, unaffiliated third parties.
With respect to broker-dealer registration, the Divisions also describe the “functional approach” the Commission will take (i.e., taking into account the relevant facts and circumstances irrespective of how the entity characterizes itself or its activities or technologies) in determining whether an entity meets the definition of a broker or dealer under Section 3(a) of the Exchange Act. The statement cites to the September 2018 order against TokenLot LLC to illustrate the application of the broker-dealer registration requirements to entities trading or facilitating transactions in digital assets that are securities, even if the platforms or applications do not meet the definition of an exchange. TokenLot operated as a self-described “ICO superstore” where investors could purchase digital assets during or after an ICO. Its brokerage activities included marketing and facilitating the sale of the digital assets, accepting investors’ orders and payment, and enabling the disbursement of proceeds to the issuers. The Commission also found that TokenLot acted as a dealer by regularly purchasing and then reselling digital tokens (presumably deemed to be securities) for accounts in its name.
Overall, the Divisions’ statement is a user-friendly compilation of recent Commission efforts pertaining to digital asset securities, and the staff should be commended for their efforts to improve communication with the blockchain and cryptocurrency community. Like many prior announcements, however, the statement leaves a number of critical questions unanswered. Among the most important unaddressed topics are (1) how registered broker-dealers can custody digital assets; and (2) how platforms that trade ICO tokens that are securities, or that were (but no longer are) securities, should manage their regulatory liabilities, compliance, and remediation efforts.
In a recent Client Alert, Alan Cohn, Jason Weinstein, and Meegan Brooks discuss the impact of blockchain technology in the retail industry, which will likely see more disruption in the next few years than it has seen in decades. What role will blockchain technology play in that disruption?
Instead of completely disrupting the retail industry, blockchain technology could be used to aid compliance with new and evolving regulations. There are three specific applications within the retail industry where blockchain technology can be used to provide greater efficiency, effectiveness, transparency, and trust: (1) supply chain management and tracing the provenance of goods; (2) the resale market; and (3) automatic renewal and subscription services. While implementing any new technology, including blockchain, comes with its own challenges in terms of scalability and implementation, the benefits may outweigh the costs.
On November 8, the SEC issued a settled order against Zachary Coburn, the creator of the smart contract that powers the EtherDelta decentralized exchange. In the settled order, the Commission found that Coburn’s EtherDelta smart contract, which enabled trading of Ether against any other ERC20 token, and the EtherDelta website through which buyers and sellers of ERC20 tokens met, operated as an unregistered “exchange” in violation of Section 5 of the Exchange Act. Without admitting or denying the findings, Coburn consented to the order and agreed to pay $300,000 in disgorgement plus $13,000 in prejudgment interest and a $75,000 penalty. The Commission’s order notes that Coburn’s cooperation was a consideration in not imposing a greater penalty.
This is the first case involving a so-called “decentralized exchange.” Unlike some of the most well-known cryptocurrency platforms like Coinbase and Gemini, which generally operate as custodians, EtherDelta never maintained accounts for its users’ funds. Instead, parties could transact directly with each other using the EtherDelta smart contract. Though the EtherDelta smart contract by itself is merely code that runs on the Ethereum blockchain, the Commission found that the activities taken by its creator to bring together buyers and sellers to transact through the smart contract constituted an “exchange” as defined under Section 3(a)(1) of the Exchange Act and Rule 3b-16 thereunder. In particular, Coburn’s website had features similar to many online securities trading platforms. The website displayed EtherDelta’s order book and transaction information, and provided graphical tools to assist users in understanding and analyzing the data. Users could enter limit orders to buy or limit orders to sell. The website also maintained a curated list of “official [token] listings” which had undergone due diligence by Corburn, even though the EtherDelta smart contract by its terms would effect a transaction with any ERC20 token. The EtherDelta smart contract charged a fee of 0.3% of the transaction trade value to a person transacting against a posted limit order (“taker”). The fee was paid to Coburn as the owner of the “fee account” specified in the EtherDelta smart contract.
The settled order does not directly affect the operation of well-known custodial cryptocurrency platforms, but it clarifies the legal status of decentralized exchanges in the eyes of the SEC, and it raises some significant questions for operators of various types of cryptocurrency platforms.
A few observations.
The SEC differentiates transactions between activity pre-DAO Report and post-DAO Report. In this case, 92% occurred post-DAO Report. This suggests that the SEC is still continuing to distinguish between conduct that took place before and after its 21(a) Report, its first major statement that digital assets could be securities.
There are no allegations of fraud or customer harm or market abuse. This case is strictly about operating an unregistered exchange.
Perhaps the most glaring omission in the order is that it does not indicate how many or which of the 3.6 million trades effected on the platform during the period of the alleged violation (from July 12, 2016 to December 15, 2017) involved a security. On one hand, it is understandable that an order against an unregistered exchange is not the proper context for such guidance. A statement by the Commission that a particular digital asset is a security would have a pronounced effect on the asset, and would, in accordance with fundamental principles of due process, necessitate an opportunity for the issuer of such asset to address the SEC’s findings. On the other hand, the order raises the possibility that any type of platform handling any ERC20 token could be subject to this same type of proceeding. In that way, the order could have a pronounced effect on all types of cryptocurrency platforms, creating uncertainly even for those that do not turn out to be handling any types of tokens that the SEC may ultimately find to be a security.
 See Steptoe’s previous discussions on the DAO Report here and here.