As we transition from 2017 into 2018, there has been an increase in SEC and state regulator activity in the area of Initial Coin Offerings (“ICOs”), as the agencies seek to determine (i) whETHer certain ICOs constitute a sale of unregistered securities; and (ii) whETHer public statements made in connection with ICOs are fraudulent or materially misleading.
This article identifies recent important events within this space that have provided additional guidance concerning the areas of focus for both federal and state regulators; the implications of these events on token sales; and best practices going forward in this ever-evolving regulatory landscape. Where the ICO boom of 2017 was premised upon the development of “utility” tokens that could exist outside the securities laws, this additional federal and state guidance has set a new base-line for features of token sales that may implicate regulatory scrutiny. In light of this further direction, this article suggests ways to best mitiGate the risks when proceeding with an ICO and alternatives to the traditional “utility” token ICO.
Recent Regulatory Events
On December 11, 2017, the SEC issued a Cease and Desist Order concerning Munchee, a company that had created a platform where users could write restaurant reviews and post pictures of food in order to earn tokens; where restaurants could advertise using tokens as payment; and where it was contemplated that users could eventually use tokens to purchase food at participating restaurants. While the intended platform had many “utility-like” features, the SEC determined Munchee’s ICO to be an unregistered sale of securities, and shut the ICO down on its second day. The SEC identified several factors of the company’s platform, marketing, and ICO as problematic, including that: (1) Munchee primed purchasers to reasonably expect profits by describing how its tokens would increase in value; (2) investors relied on Munchee and its expertise in managing and developing the App and creating demand for the tokens; (3) Munchee represented that its tokens would be trADAble on exchanges; (4) Munchee marketed its ICO internationally, even though the app could only be used in the U.S.; (5) Munchee marketed its tokens to investors in cryptocurrency generally, rather than purchasers who would actually use the app; and (6) the token would not have any actual utility or value to users of the app by the close of the token sale. Following the SEC intervention, Munchee returned all of the currency to the token purchasers, and the tokens were never released. The SEC specifically commented that Munchee’s immediate cooperation resulted in less severe penalties, including the avoidance of fines.
The same day as the Munchee Order, SEC Chairman Clayton also released an official statement regarding ICOs. In his statement, Clayton suggested that, while there may be situations where an ICO will be considered a utility, no company should proceed with an ICO assuming that they will qualify, suggesting that a utility token is the exception to the rule. In addition, Chairman Clayton commented on the presence of tokens on an exchange – and specifically the marketing of a token as available on an exchange – as “especially troubling” and as “key hallmarks of a security and a securities offering.” 
Following the SEC’s lead in Munchee, state regulators are now undertaking their own investigations into ICOs that may implicate state securities laws. For example, on December 15, 2017, Massachusetts Secretary of State William Galvin announced that his office’s Securities Division would begin “aggressive policing” of cryptocurrency sales in Massachusetts, expressing the view that all ICOs are sales of securities subject to regulation. Galvin stated, “[w]e see [ICOs] as a form of a security investment that should be regulated.” When asked about the more nuanced approach taken by the SEC, which has stated that it at least might determine that some digital currency is a “utility” rather than a security, Galvin stated, “I don’t know what the SEC thinks. Usually they’re second to the dance. I’m not terribly troubled by their ambiguity.”
On January 4, 2018, the Enforcement Division of the Texas State Securities Board joined the apparent crackdown on ICOs in the name of consumer protection, issuing an emergency cease-and-desist order to BitConnect, a blockchain-based technology company that was planning to launch its ICO within the week.  Based in Britain, BitConnect markets itself as an “open source, all-in-one Bitcoin (available on Coinbase) and crypto-community platform designed to provide multiple investment opportunities,” with a present market capitalization of $4.1 billion. BitConnect offers users guaranteed profits from their participation in (1) BitConnect’s trading of digital tokens through a proprietary, secret automated trading system called “volatility software”; (2) its digital token, the BitConnect Coin; and (3) its referral program. While touting itself as a “safe way to earn a high rate of return” of up to 120%, BitConnect did not disclose all of the corresponding risks of its platform nor information about the proprietary, secret trading system that it calls “volatility software.” BitConnect also did not require that its affiliates register with the Texas Securities Commissioner (or any other U.S. regulatory body) before marketing BitConnect’s investment opportunities to Texas residents. Based on these and other facts, the Enforcement Division concluded that investments in BitConnect’s trading programs constituted “securities” under state law, and that neither the company, its affiliates, nor the tokens themselves had been properly registered as required by law.
On January 9, 2018, the Securities Division of the North Carolina Department of Secretary of State agreed, issuing a Temporary Order to Cease and Desist to BitConnect, alleging similar violations to those in the Texas Order.
Outside the United States, governments are similarly becoming increasingly active in policing cryptocurrencies. South Korea, for instance, has created a cryptocurrency regulation task force. That task force is contemplating a proposal to ban cryptocurrency trading among other potential cryptocurrency regulations. While more than 150,000 South Koreans have signed a petition asking the government reject the trading ban bill, the mere existence of the bill is indicative of the significant uncertainty in the evolving regulatory environment.
Best Practices to MitiGate Risk in the Evolving Regulatory Environment
Though the analysis of whETHer an ICO may implicate the securities laws is inherently fact-specific, the above-described events have provided additional clarity as to the features of a token sale that are likely to come under regulatory scrutiny. In light of these developments, the following list provides practical guidance for navigating the ICO regulatory environment in 2018:

Regulatory Intervention Can Occur at Any Time: The recent federal and state actions illustrate that regulators can intervene at any stage. The SEC issued a cease-and-desist order in Munchee on the second day of its token sale, when currency had already been collected from purchasers, but before any tokens had been released. In contrast, state regulators intervened shortly before the scheduled commencement of the BitConnect ICO. Thus, companies can expect regulatory scrutiny pre-, mid-, and post-ICO.

Foreign ICOs Are Not Free from U.S.-Regulatory Scrutiny: Foreign companies conducting ICOs either directly or indirectly marketed in the United States should be aware that U.S. regulators may exercise jurisdiction over their token sales. A company must take affirmative steps in order to avoid the jurisdiction of U.S. regulators, including (1) issuing explicit disclaimers in all marketing materials that U.S. residents are not permitted to participate; (2) blocking U.S.-based IP addresses from accessing the company’s website; (3) disabling predictive-advertisement programs that may automatically target U.S. residents; and (4) remaining vigilant in enforcing the company’s own policies if it appears that a U.S. citizen or resident has nevertheless purchased a token.

Token Functionality Matters: WhETHer token purchasers can use the token for its stated purpose immediately at the time of sale will influence regulators’ perceptions as to whETHer the token is a “utility” token. It is unlikely that a platform in beta testing, or with minimum functionality, will suffice. Rather, the token purchasers should be able to use the token in a manner consistent with its purported utility. At a minimum, this needs to happen before the ICO, and ideally before the sale of any tokens. To the extent companies use a SAFT model and solicit investors for presales of tokens, such arrangements will likely put pressure on the analysis of whETHer the token can be considered a utility token and not a security. For companies in the token sale process, they should consider delaying their ICO until the platform has legitimate functionality that can be accessed and used by the token purchasers.

Focus on the Company’s Marketing Efforts: In determining whETHer a token is a security, regulators assess who the token is marketed to and how it is marketed. Marketing a token for its utility in forums and to individuals who are likely to use the token mitiGates the perception that the token is a security. Companies hoping to avoid regulatory intervention should focus their marketing efforts on drawing legitimate users to their platform – rather than investors or the crypto-community generally – avoiding profit-focused language, and describing their platform and token in a manner consistent with the token’s expected functionality at the time of the ICO.

Exchanges Raise a Red Flag: In his December 11, 2017 comments, SEC Chairman Clayton noted that the presence of tokens on exchanges and the marketing of the transferability of those tokens are key hallmarks of the token’s status as a security.  The SEC in Munchee and its July 25, 2017, DAO Investigative Report also identified the sale of tokens on exchanges as problematic. In light of this explicit focus on exchanges as a hallmark of a securities offering, companies seeking to avoid liability under the federal and state securities laws should avoid (1) any affirmative efforts to post their token on an exchange; (2) any marketing efforts touting the presence of their token on an exchange; and (3) any formal or informal efforts (even emails or conversations) aimed at soliciting a third party to place their token on an exchange.

Bounty and Referral Programs Raise Additional Liabilities: The enforcement actions against both BitConnect and Munchee illuminate regulators’ willingness to look beyond a company’s formal marketing materials to third party statements on social media to determine if the company has made false or misleading statements. Companies seeking to avoid liability under federal and state securities laws should avoid referral or bounty programs, as it is difficult to control the messaging of third parties, particularly when they are incentivized to tout the token’s investment potential for their own personal gain. In addition, individuals who promote a company’s tokens may face liability for operating as an unregistered broker-dealer, in the event that the tokens are eventually considered to be securities.

Marketing to Accredited Investors Requires Robust Diligence: To the extent that a company intends to proceed with a utility token, but market it only to accredited investors in the U.S., while this approach would not be fully compliant with existing securities laws should the token be deemed a security, the company must do more than simply state that their sale is open to only accredited investors, or conduct due diligence limited to self-reporting of employment and income. Instead, the company should adopt a process for ensuring that the purchasers are actually accredited, including (1) requiring proof of income; and/or (2) employing a third party service to independently verify accreditation. Companies should also keep all their records relating to their review of investor information.

Avoid Commingling Personal and Business Crypto-Funds and Excessive Spending: If a federal or state regulator intervenes in an ICO, the company should expect that the agency will analyze all bank and crypto accounts in the company’s control to see how purchasers’ funds were used by the company, with a particular focus on whETHer the funds were used to build the platform and token functionality. Thus, companies should be diligent in keeping business and personal funds separate, including those in the company’s crypto wallet(s), and also remain focused on spending. No one wants to have to explain extravagant spending of token proceeds, or the movement of funds between company and personal accounts.

Off-shore Companies: Companies that operate outside the United States need to ensure they either comply with U.S. securities laws, or they truly are 100% off-shore. This includes no marketing of tokens in the U.S., no token sale dollars coming to the U.S., and no U.S. purchasers of tokens.

Alternatives to “Traditional” Utility Token Sales
Given the recent federal and state regulatory guidance that calls into question the prevalence of “utility” tokens, or even suggests that such tokens may not exist, structuring a traditional utility token sale that does not implicate the securities laws may be difficult to do in 2018. In light of the recent regulatory guidance in this area, we offer a few proposed alternatives to the traditional utility token model:
“Purer” Utility Token Sales. There are features that a company can employ that may minimize the risk under the securities laws by making the tokens less security-like, including:

Fixed price tokens. This is a token whose price is set by the issuing company, like any good or service, and can always be purchased from the issuing company for at or around that price.

Issuing tokens that cannot be taken off platform. This token would be limited to use – and buying and selling – on the platform itself, which reduces the speculative nature of the token, and prevents it from being put on third-party exchanges, decentralized or centralized.

Passive Bulletin Board. One significant issue facing token companies is token liquidity, and facilitating future customers’ purchase of tokens after the ICO has closed. In the past, the SEC has granted no-action relief related to a system maintained by an issuer that served as a passive “bulletin board,” providing information to prospective buyers and sellers of the issuer’s securities in the secondary market. The guidance has indicated that the SEC would not recommend enforcement action if the issuer/sponsor of the system if, among other things, neither the issuer/sponsor of the system nor any affiliate (i) receives any compensation for creating or maintaining the system; (ii) receives any compensation for the use of the system; or (iii) is involved in any purchase or sale negotiations arising from the system.

While these features may make a company’s tokens less marketable than traditional utility tokens, they likely are also less risky from a regulatory perspective.
Security Token Sales. Since the SEC’s July 2017 DAO Investigative Report, and especially in light of the guidance over the past several months, we have seen an increasing movement towards the structuring of security – rather than utility – tokens. Given the current regulatory environment, this is an option that we recommend that all companies issuing tokens consider. Depending on structure, issuing a securities token will not necessarily require a company give up equity. Rather, token securities offerings may instead provide, for example, a form of a dividend to token holders; a percentage of revenue/profits; or some sharing of fees generated by some form of token activity, which could potentially be structured as a debt security or non-voting capital stock denominated in digital form. Companies may issue securities tokens under regulatory frameworks like Regulation D, Regulation S, Regulation A, and Regulation CrowdFunding, which will limit regulatory and litigation risk, including the significant business interruption that may accompany a federal or state securities enforcement action, and also the distraction and expense of private litigation arising from a sale of unregistered securities. Companies considering securities tokens will also need to consider existing securities laws with respect to structuring their securities tokens as well as any ecosystem that uses such securities tokens.
Currently, and for the foreseeable future, common securities exchanges such as The NASdaq Stock Market and the New York Stock Exchange are not likely to accept securities tokens. Therefore, other exchanges are seeking to fill the gap. Overstock.com is leading the charge with the development of TZero, an SEC-regulated alternative trading system (ATS) that matches buyers and sellers of security tokens.  he goal of TZero is to create an alternative to common securities exchanges with a ledger that is open, transparent, and immutable. TZero began a pre-sale of its security token to accredited investors in December 2017.
Conclusion
While there is no way to completely eliminate the risk that a regulator may investiGate a particular token and determine that it is a security, the recent guidance from federal and state agencies has put a finer point on the practices that are most likely to result in regulatory scrutiny. And while the best practices suggested in this article are unlikely to eliminate the regulatory risks completely, the risk of an enforcement action will be significantly reduced if a company is mindful of the recent regulatory guidance, and takes appropriate precautions in response. In the event that a state or federal regulator contacts you, please direct them immediately to legal counsel.