Regulating Initial Coin Offerings

Font Size:

Scholar suggests alternatives to regulating cryptocurrency offerings as conventional securities.

Font Size:

“Only the rich” benefit from securities regulation in the cryptocurrency space, said CEO Erik Voorhees in a recent tweet.

Voorhees, the head of the cryptocurrency exchange Shapeshift, issued his tweet after messaging startup Telegram’s decision to cancel its initial coin offering (ICO), a new way to raise capital enabled by blockchain technology. According to Voorhees, fear of regulatory scrutiny by the U.S. Securities and Exchange Commission (SEC) drove Telegram to abandon its ICO and opt for private financing instead—taking its capital acquisition out of the purview of securities regulations but also beyond the reach of everyday investors.

Syren Johnstone at the University of Hong Kong Faculty of Law echoes Voorhees’s concern, worrying that companies’ concerns that ICOs will be regulated under traditional securities laws may frustrate those laws’ primary purpose.

According to Johnstone, the big-picture purpose of the Securities Act of 1933—one of the foundations of U.S. securities regulation—is to encourage capital flows away from fraudulent securities offerings and toward “honest business.” But since larger startups such as Telegram can avoid many of the burdens of securities regulation through exemptions that allow them to raise capital through private financial backers, Johnstone worries that only smaller startup companies will make use of public ICOs.

Because everyday investors largely cannot participate in private fundraising, though, they would only be able to invest in smaller companies’ ICOs. “Yet these are the startups that may be statistically more likely to fail,” Johnstone writes. Rather than limiting generally accessible investment opportunities to these risky options, Johnstone would not apply securities regulation to ICOs and instead protect investors by other means.

To Johnstone, incompatibility between ICOs and the design of existing securities law creates a tension between what he argues is the 1933 Act’s purpose—accessible and efficient allocation of capital—and its purported effect of suppressing public access to investment opportunities such as Telegram’s planned ICO.

ICOs’ primary incompatibility with current securities law stems from their ability to raise capital without need for active human management, Johnstone claims. But modern securities regulation assumes the existence of human actors, who are at the center of the SEC’s use of disclosure rules that aim to protect investors. These rules, former SEC commissioner Troy Paredes points out, allow investors to “bring pressure to bear on directors, officers, fund managers, and other market participants to serve investor interests.”

With ICOs, though, there are no directors, officers, or fund managers. Not even the companies that launch ICOs can control them once they are created. Instead, ICOs self-operate through digital code. And, because ICOs are coded to be immutable—that is, unchangeable by human acts—investors have no way to hold them accountable for poor performance, short of becoming involved in how the ICO was coded in the first place.

The immutability of the digital code behind ICOs creates another incompatibility with existing securities law: Mistakes in the initial code cannot be changed. Yet immutable bugs embedded in ICOs can be exploited repeatedly. In June 2016, hackers used a bug in an ICO created by the DAO, a startup venture capital fund, to siphon away a sum of cryptocurrency worth $60 million. Some called it theft, but a person claiming to be the perpetrator argued that it was a “legal” transaction. After all, the ICO’s code had “approved” it.

The SEC called the DAO’s ICO a violation of securities law. Deeming it to be a securities offering, the SEC said that the ICO should have been registered with the Commission “to ensure that investors are sold investments that include all the proper disclosures and are subject to regulatory scrutiny for investors’ protection.” Although the SEC refrained from bringing charges, it cautioned that future offerings would be subject to federal securities laws, “regardless of whether the issuing entity is a traditional entity or a decentralized autonomous organization.”

Instead of treating ICOs as traditional securities offerings, Johnstone floats several other ways to protect investors. One approach is self-governance. In the case of the DAO, users of the stolen cryptocurrency, Ethereum, voted 9-1 to reverse the hack. Now there exist two Ethereum universes: one that erased the hack from history, and another that contains the users who voted against any reversal. Johnstone notes, however, that this fork of Ethereum into two universes was a drastic measure, considered by some to be counter to the immutable design of ICOs.

Alternatively, Johnstone says that creators of ICOs could develop and follow industry best practices. Because the market for ICOs has yet to mature, industry standards may not make sense until the industry itself reaches an understanding about ICO best practices, Johnstone writes. But he believes that, eventually, ICOs will be accompanied with the most importance financial disclosure: what the code does or aims to do. ICO creators should also disclose how their code is written to prevent hacks and to show what security protocols are built into the code in event of a hack, Johnstone says.

Finally, Johnstone argues that ICO creators should disclose whether and how events that occur on their code, hacks or otherwise, should be governed after the fact. For those ICO creators who decide to provide such “code governance,” one blockchain has essentially introduced traditional contract law into dispute resolution for its “smart” code-based digital contracts.

That blockchain, known as EOS, allows for resolution of smart disputes using “carefully vetted, independent arbitrators” following “best practices from international arbitral forums.” Johnstone says that EOS’s Community’s Arbitration Forum has shifted smart contract interpretation on the EOS network from strict, literal execution of the code—which may create adverse outcomes such as the DAO hack—to interpretation of smart contracts that reflects their drafters’ original intent.

There appears to be a market for these so-called governed blockchains. EOS’s own ICO raised $4 billion worth of Ethereum, the most ever for an ICO.

EOS’s model of dispute resolution, however, has struggled to gain traction among those who find the arbitration system to be anathema to the spirit of blockchain. To those critics, a centrally governed blockchain such as EOS contradicts the purpose of blockchain technology, which they claim is the facilitation of decentralized transactions.

As the ICO community grapples with whether to adopt code governance, Johnstone sees an opening for an assist from traditional financial regulators. He says that they could clarify the relationship between ICO smart contracts and the existing legal system. By assuring potential investors that they will get what they pay for, allowing traditional courts to adjudicate smart contract disputes might facilitate continued growth in demand for ICOs.