Regulatory and Legal basics of Token Offerings

When Jay Clayton, the chairman of the U.S. Securities and Exchange Commission (SEC) stated in front of the Senate in February that “I believe every ICO I’ve seen is a security”, it confirmed something we had known for a while: no matter how much you have tried to structure your white paper and token model, there is always the risk if not certainty that your ICO might be considered selling securities.

Even though SEC Director William Hinman in June declared in a speech at the Yahoo Finance All Markets Summit that “a token once offered in a security offering can, depending on the circumstances, later be offered in a non-securities transaction”, he made it clear that while a digital asset itself may simply be code, it is the way it is sold that matters, i.e. as part of an investment; to non-users; by promoters to develop the enterprise – can be, and, in that context, most often is, a security – because it evidences an investment contract. He also emphasised that “regulating these transactions as securities transactions makes sense” since the impetus of the Securities Act was to “remove the information asymmetry between promoters and investors”.

Other regulators have been singing from the same hymn sheet: the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) highlighted in a letter to the senate in March 2018 on ICOs that these were far from from operating in a legal no-man’s land. FinCen backed this up by guidance clarifying that any administrator or exchanger of virtual currencies is a money services businesses under FinCEN’s regulations.


More regulators around the globe have acted in a similar way: The European Securities and Markets Authority (ESMA) already declared in November 2017 that firms involved in ICOs “must give careful consideration as to whether their activities constitute regulated activities”.

The European regulator continued by saying that “if their activities constitute a regulated activity, firms have to comply with the relevant legislation and any failure to comply with the applicable rules would constitute a breach.”

While ICOs may fall outside of the scope of the existing rules and hence outside of the regulated space depending on how they are structured, ESMA stressed that “where the coins or tokens qualify as financial instruments it is likely that the firms involved in ICOs conduct regulated investment activities, such as placing, dealing in or advising on financial instruments or managing or marketing collective investment schemes. Moreover, they may be involved in offering transferable securities to the public.” The bottom line was while such a possibility of non-security tokens existed in the vast majority of cases it was far more likely not to be the case.

National regulatory authorities like Germany’s Federal Financial Supervisory Authority BaFin published guidance on 20 February with regard to the regulatory classification of ICOs as financial instruments. The regulator acknowledged the different kinds of token models and confirmed that it will consider each ICO on a case-by-case basis. The guidance therefore didn’t provide any absolute clarity but reiterated that under certain circumstances, tokens could well be considered securities and as such would require regulatory approval. The guidance made it clear that approval by the authorities would be necessary in a number of other cases, e.g. if the token issuance or trading would be considered brokering, emission or a financial services that require authorisation in accordance with existing financial regulation. Again, in many cases the latter would be the case but since Germany cannot be considered as embracing ICOs with open arms (the sheer number of “German ICOs” gives witness to that), there is a lack of statistical proof. Regardless of that, one should remember that while Germany’s crypto regulation is a bit of a minefield as recently a large question mark appeared above BaFin’s classification of tokens as financial instruments when a recent decision of the higher regional court of Berlin came to the conclusion that BaFin may have overstepped its authority.

France’s AMF was less decisive on covering ICOs under existing securities regulations but did not rule out the possibility when it published a consultation paper on the matter last year. However, following up on its ongoing work, the AMF has been sending a questionnaire to French ICO project initiators to measure the impact of these fundraising transactions on the financing of the economy and in consequence is busy preparing dedicated ICO regulation, which is said to be introduced next year.

The Swiss Financial Market Supervisory Authority FINMA published guidelines in February that outlined how it intends to apply financial market legislation in handling enquiries from ICO organisers. The guidelines also defined the information FINMA requires to deal with such enquiries and the principles upon which it will base its responses, creating clarity for market participants. FINMA pointed out that each case must be decided on its individual merits, but as set out in FINMA Guidance 04/2017, there are several areas in which ICOs are potentially impacted by financial market regulation, especially anti-money laundering and securities regulation.

The Monetary Authority of Singapore (MAS) has clarified in August 2017 that the offer or issue of digital tokens in Singapore will be regulated by MAS if the digital tokens constitute products regulated under the Securities and Futures Act (Cap. 289) (SFA). MAS’ clarification came in the wake of a recent increase in the number of initial coin (or token) offerings in Singapore as a means of raising funds in the months leading up to the statement.

Regulatory consequences

If a token should be considered a security, what would be the consequences though? ESMA provided an excellent overview of the key EU rules listed that are likely to apply:

Prospectus Directive

The Prospectus Directive (PD) aims to ensure that adequate information is provided to investors by companies when raising capital in the EU. It requires publication of a prospectus before the offer of transferable securities to the public or the admission to trading of such securities on a regulated market situated or operating within a Member State, unless certain exclusions or exemptions apply. In particular, the PD specifies that the prospectus shall contain the necessary information which is material to an investor for making an informed assessment of the facts and that the information shall be presented in an easily analysable and comprehensible form. The PD does not directly specify who should draw up the prospectus but requires that the party responsible for the information (being at least the issuer, the offeror, the party seeking admission to trading or the guarantor) is specified in the prospectus. Depending on how the ICO is structured, the coins or tokens could, potentially, fall within the definition of a transferable security, and could therefore necessitate the publication of a prospectus which will be subject to approval by a Competent Authority.

The Markets in Financial Instruments Directive

The Markets in Financial Instruments Directive (MiFID) aims to create a single market for investment services and activities and to ensure a high degree of harmonised protection for investors in financial instruments. A firm that provides investment services/activities in relation to financial instruments as defined by MiFID needs to comply with MiFID requirements. In the case of ICOs, where the coin or token qualifies as a financial instrument, the process by which a coin or token is created, distributed or traded is likely to involve some MiFID activities/services, such as placing, dealing in or advising on financial instruments. The organisational requirements, the conduct of business rules and the transparency requirements laid down in MiFID would then apply, depending in some cases on the services provided.

Alternative Investment Fund Managers Directive

The Alternative Investment Fund Managers Directive (AIFMD) lays down the rules for the authorisation, ongoing operation and transparency of the managers of alternative investment funds (AIFMs) which manage and/or market alternative investment funds (AIFs) in the Union. Depending on how it is structured, an ICO scheme could qualify as an AIF, to the extent that it is used to raise capital from a number of investors, with a view to investing it in accordance with a defined investment policy. Firms involved in ICOs may therefore need to comply with AIFMD rules. In particular, AIFMD provides for capital, operational and organisational rules and transparency requirements.

Fourth Anti-Money Laundering Directive

The Fourth Anti-Money Laundering Directive prohibits money laundering and terrorist financing. It applies to firms including credit institutions and financial institutions, the latter including MiFID investment firms, collective investment undertakings marketing their units or shares and firms providing certain services offered by credit institutions without being one.

The Directive requires firms to carry out due diligence on customers and to have in place appropriate record-keeping and other internal procedures. Firms have an obligation to report any suspicious activity and to co-operate with any investigations by relevant public authorities.

While this overview is based on the regulatory framework as of November last year, it is still fairly accurate though the amendment of some of these rules need to be taken into consideration, namely the arrival of MiFID II in January 2018 and the upcoming AML V. While the changes introduced by MiFID II are very limited in respect of security tokens, the update of Europe’s money laundering rules addresses specifically ICOs and cryptocurrencies, providing a uniform AML regulation of the crypto market in Europe. The Directive has entered into force on 9 July 2018 and the EU Member States have now 18 months to implement the new rules into into national law, effectively making 10 January 2020 the actual deadline.


Getting back to the original statements from US regulators, token issuers often focus on the possibility to circumvent securities regulations in the form of exemptions or otherwise to rid them of the burden of the applicable regulatory obligations.

Regulation S

One way to do this could be to file for the so-called Regulation S exemptions in the US. Regulation S  is a “safe harbor” that defines when an offering of securities is deemed to be executed in another country and therefore not be subject to the registration requirement under section 5 of the Securities Act. The regulation includes two safe harbor provisions: an issuer safe harbor and a resale safe harbor. In each case, the regulation demands that offers and sales of the securities be made outside the United States and that no offering participant (which includes the issuer, the banks assisting with the offer and their respective affiliates) engage in “directed selling efforts”. In the case of issuers for whose securities there is substantial U.S. market interest, the regulation also requires that no offers and sales be made to U.S. persons (including U.S. persons physically located outside the United States). So, as a result, in order to avoid the consequences of US securities laws, token issuers simply try to exclude US citizens altogether, but while this creates practical issues to enforce the block, it also means that a large chunk of potential investment cannot be tapped.


Another way that is sometimes used to avoid these unwanted consequences is the use of a Simple Agreement for Future Tokens (SAFT). It is based on the simple agreement for future equity (SAFE), which was developed by the Californian law firm Orrick and the Silicon Valley based accelerator Y Combinator to provide for an alternative to convertible notes, which are predominant in start-up financing. A SAFE is is not a debt instrument unlike a convertible note and therefore does not have maturity dates, isn’t subject security regulations, nor creates it the threat of insolvency. It doesn’t accrue any interest a start-up would need to worry about and aims to be a straightforward document to simplify negotiations. It is an agreement between an investor and a startup that provides warrants to the investor for equity in the company without determining a specific price per share at the time of the investment. Instead, the SAFE investor receives the futures shares once a priced round of investment or a specific liquidation event occurs. However, this approach has been disputed for a while for its regulatory effectiveness particularly in light of the SEC subpoenas issued to ICOs in spring. So, simply using a SAFT without paying attention to the specifics of a respective token sale does in no form mean compliance with US secutiry laws.

Accredited Investors only?

So, is the only safe heaven to target only accredited investors as set out, for example, in Regulation D? Under the federal securities laws, a company or private fund may not offer or sell securities unless the transaction has been registered with the SEC or an exemption from registration is available. Certain securities offerings that are exempt from registration may only be offered to, or purchased by, persons who are accredited investors. One principal purpose of the accredited investor concept is to identify persons who can bear the economic risk of investing in these unregistered securities. Regulation D is a SEC regulation governing private placement exemptions targeting such investors or limiting a securities sale in a specific way. The problem is however that it also limits the potential reach of any offering, token or traditional and it’s value for regular ICOs is therefore questionable. This example also focuses only on the exemption regarding wealthy investors according US rules, but while this kind of exemption exists in other jurisdictions, too, it can differ significantly.

The bottom line

Navigating securities regulations for token issuers remains a challenge. If nothing else though the above shows that trying to do so without solid legal and regulatory advice would be rather foolish though.

Please note that we at PlanetCompliance take all reasonable care to ensure that the materials and information on this web site are accurate and complete. However they are provided for general information purposes only. They are not intended to be comprehensive or to include advice on which you may rely. You should always consult a suitably qualified lawyer on any specific legal matter.

Lavanya Rathnam

Lavanya Rathnam is an experienced technology, finance, and compliance writer. She combines her keen understanding of regulatory frameworks and industry best practices with exemplary writing skills to communicate complex concepts of Governance, Risk, and Compliance (GRC) in clear and accessible language. Lavanya specializes in creating informative and engaging content that educates and empowers readers to make informed decisions. She also works with different companies in the Web 3.0, blockchain, fintech, and EV industries to assess their products’ compliance with evolving regulations and standards.

Posted in UncategorizedTagged , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *