What exactly is a security and is securities compliance necessary for crypto businesses?
Although the question may sound deceptively simple, regulators and lawyers have been arguing over a definition since the stock market crash of 1929. In today’s world, the answer significantly impacts any business that deals with cryptocurrencies or digital assets.
The growing popularity of cryptocurrencies has led to heated debates about how they should be defined and regulated. The argument centers on whether cryptocurrencies should be classified as securities—and the answer could have major ramifications for the world of digital assets going forward. Such concerns are separate from those related to crypto and money transmitter law.
Subject-matter experts with decades of experience wrote this analysis, not freelance copywriters, third party agencies, or AI-based tools. We are global regulatory compliance experts.
What is a Security?
Simply put, a security is a tradable financial asset with monetary value. Securities in the U.S. fall under three broad categories: equities, debt, and derivatives. In recent decades, the debate has begun to touch on the evolving realm of cryptocurrencies. Crypto innovation has introduced entirely new models for digital transactions.
So, which aspects of the crypto industry might qualify as securities and be subject to regulation that requires securities compliance programs?
How We Got to This Point
The SEC and other regulators have considered digital coin offerings (ICOs, which raise funds by issuing digital coins and granting holders access to the crypto business or project, as well as to the potential profits generated), tokens, crypto trading/lending platforms (DeFi), and other assets.
To understand the debate, it is important to recognize that new forms of assets cannot escape regulation just because they have new names. In 2018, former SEC Chairman Jay Clayton stated that “merely calling a token a ‘utility’ token or structuring it to provide some utility does not prevent the token from being a security.”
In other words, using the framework of a blockchain or distributed ledger does not, in itself, affect the inherent security status of a particular asset. While the SEC has suggested that both Bitcoin and Ether escape the security fold, so far they have not concluded where other crypto-assets fall. As a result, market participants have to figure it out for themselves.
Latest SEC Thinking
Current Chairman Gary Gensler has given some signals to indicate the SEC’s current thinking on the topic. On August 3, 2021, Gensler discussed his views at the Aspen Security Forum, saying: “To the extent that digital assets are securities – and I believe every ICO I have seen is a security – we have jurisdiction and our federal securities laws apply.”
Gensler went on to consider those crypto platforms priced off the value of securities and that operate like derivatives, providing synthetic exposure. These, too, he classified as securities, as well as DeFi trading and lending platforms.
Three months later, on November 4, 2021, Gensler reiterated the principle that, regardless of labels, he would be looking at the circumstantial realities, without regard to the technology or business model, or any kind of regulatory arbitrage, to determine how assets comply with the “spirit of the law.”
Yet, while such statements claim that it is theoretically clear or “well-settled” whether a crypto asset is a security, in practice, the distinction is not so thoroughly unambiguous and continues to be challenged in litigation.
Understanding the Howey Test
The four-part “Howey Test” has existed since 1946, when in the case of SEC v. W. J. Howey Co., the Supreme Court ruled on the elements of an investment contract, which is a form of security. The Court established four typical elements for a security (some or all of which may apply):
- An investment of money
- An expectation of profits from the investment
- A common enterprise
- Profits derived from the efforts of a third-party promoter
Case law has traditionally examined those elements to determine whether an asset constitutes a security. It, therefore, makes sense to apply those prongs to a crypto product as clues to the potential need for securities compliance in crypto.
Applying the Howey Test to a Digital Asset
Investment of money
First, because people purchase digital assets either with fiat (real) currency or with cryptocurrencies such as Bitcoin or Ether, the “investment of money” criterion could also cover them.
Expectation of profits
Second, people often purchase digital assets because they expect them to generate profits from capital appreciation or income. The SEC particularly highlights the circumstances where there is a secondary trading market that enables digital asset holders to resell their digital assets. As a result, this criterion could also relate to the crypto world.
Third, a “common enterprise”—in other words, when an investor benefits from the efforts and successes of the entity offering the investment and other third parties—could arguably arise when issuers offer coins or other tokens to pool funds for their projects. The offering documents often reference that intended pooling.
Role of promoters
Fourth, does the purchaser of the asset expect to rely on the managerial or promotional efforts of others? Because many crypto offerings become available through digital platforms and generate buzz, this element of the Howey test could have relevance.
The legislation underpinning securities compliance primarily resides within the following four statutes. All four Acts detail the compliance requirements for registration, monitoring, record keeping, documentation and training, and audit with differing areas of emphasis. While regulatory bodies have updated each of the Acts below over time, their core provisions were established well before crypto or other fintech existed.
Enacted after the 1929 crash had exposed securities frauds, the “1933 Act” was instituted to ensure that sellers of securities disclose material information to the public. All issuers must register non-exempt securities with the SEC. Due to multiple exemptions, the Act mainly applies to primary market offerings (i.e., private company issuance of stock for public sale). The 1933 Act is primarily relevant to companies offering new tokens or coins.
The “1934 Act” primarily governs securities traded in the secondary market, regulating transactions such as those executed through brokerage companies and traded on stock exchanges. Companies of a certain size with registered publicly held securities must make public disclosures by filing annual and quarterly reports. These reports include information about the company’s management, line of business, and audited financial statements. The 1934 Act’s regulation of trading is of interest to any platforms that allow the buying and selling of crypto.
The “1940 Act” sets out requirements for registered investment companies, including control, capital, and operational activities. Whether a company qualifies as an investment company depends on its balance sheet and whether over 40% of its unconsolidated assets consist of investment securities. Its provisions could apply to companies that service clients in making or managing crypto investments, including robo advisors.
The CEA regulates commodity futures trading and establishes the Commodity Futures Trading Commission (CFTC). After the 2008 financial crisis, the Dodd-Frank Act enhanced the CFTC’s authority to oversee swaps and other derivatives. The CFTC is a separate body from the SEC and typically takes a lighter touch to oversight and enforcement.
Violations with Crypto
Two recent legal actions between crypto operators and the SEC might shed some light on the agency’s approach to crypto-assets. However, both cases are still in the early stages of litigation and are unlikely to be resolved soon. Moreover, the defenses essentially rest on procedural arguments, which may not solve more fundamental questions.
On December 22, 2020, the SEC filed a claim against Ripple for a $1.3 billion offering of XRP, an unregistered security. The SEC applied the Howey test, claiming that XRP constituted a security because Ripple sells it with an expectation of profits derived from third-party efforts. Ripple counter punched on the grounds of unfairness and bias. It protested that the SEC gave Ethereum a pass, although both companies run similar operations.
The SEC accuses Terraform of selling an unregistered security, namely its Mirror Protocol mAssets, which are synthetic tokens designed to mirror prices of US securities. The company responded that the SEC failed to properly serve its subpoenas for document disclosure on September 20, 2021. Singapore-based Terraform also challenges the SEC’s jurisdiction.
Both of these claims — and many similar cases as well — open questions about whether the SEC or the CFTC has full authority over crypto, whether a new regulator or division will emerge, and whether Congress will eventually draft and pass entirely new legislation separate from what acts from the 1930s and 1940s specify.
It has been suggested that cryptocurrencies may represent a new product category that regulators will need to treat as unique. In summary, since each new cryptocurrency can have different intentions and technical details, they may need case-by-case consideration with a mix of old and new categories in order to build effective securities compliance programs.
Securities Compliance Measures: What Crypto Businesses Should Do
While they await regulatory clarity, both crypto companies and associated broker-dealers must take prudent securities compliance measures to avoid risks of expensive liability for selling or trading unregistered securities. Online broker-dealers should start setting up robust compliance programs to prepare for scrutiny as the crypto market matures—even while acknowledging the challenges of doing so in a decentralized environment.
The first step is a rigorous analysis of your vulnerabilities in relation to registration, governance, and operational issues. Then, pending resolution on a larger scale, you need to monitor ongoing regulatory developments to determine your status.
From there, you must register and set up appropriate securities compliance operations. InnReg can help formulate your optimal structure and articulate your unique business profile to regulators.
As an outsourced compliance provider, we can help you with a full range of securities compliance areas:
- KYC, AML, and Customer Due Diligence
- Suspicious Activity Reporting
- Fraud prevention
- Red flag programs
- Information security and data protection
- Marketing and advertising compliance
- Compliance governance and risk assessment
- Staff compliance and training
Conclusion: Staying Ahead of Evolving Regulation
With cryptocurrency regulation in a state of evolution, you want to keep on top of the stream of developments that may impact your entire business. Therefore, it is critical to seek advice and input from compliance professionals who follow the latest announcements and analyses.
If you have questions about your securities compliance requirements and preparation while regulation is still developing, we’re here to support you with practical guidance.
InnReg is a team of over 30 Regulatory Compliance and Innovation Consulting experts helping fintechs succeed in highly regulated markets since 2013. InnReg specializes on mitigating regulatory risk while helping clients launch and grow innovative fintech products and services.