However, in what became somewhat of an inevitability after the demise of Mt. Gox, U.S. regulators have shown an increased willingness to lay claim to exercising oversight in the space. Commodities Futures Trading Commission (CFTC), Consumer Financial Protection Bureau (CFPB), Financial Industry Regulatory Authority (FINRA), Securities and Exchange Commission (SEC) and the Internal Revenue Service (IRS) have each briefly weighed in, issuing various investor or consumer alerts, guidance and the occasional enforcement action (*1). For instance, in March 2014 the IRS issued guidance that, despite being used as currency in certain circles, absent having legal tender status in any jurisdiction, virtual currency is to be treated like property for U.S. federal tax purposes. Then, in 2015, the CFTC used an enforcement action to classify Bitcoin and other virtual currencies as commodities. This combined guidance amounted to a set of vague and conflicting guidelines for the use of virtual currencies and their treatment by regulators as an asset class. The CFTC pronouncement was largely seen as a grab of jurisdiction for enforcement purposes while the IRS determination has drawn particular criticism for being non-sensical, creating tax reporting issues for consumer users, and creating a chilling effect on their functional use as currency. In both cases, little guidance has followed.
On a more global scale, absent sparse regulatory guidance (and banning the use of virtual currencies in some jurisdictions), the space has largely been an unregulated Wild West gold rush of speculation and, as is common absent oversight – fraud and ponzi schemes, hacking, money laundering and other unsavory practices have proliferated.
Recently, other U.S. regulatory agencies have weighed in. On July 25, 2017, the SEC issued an investor bulletin on initial coin offerings (ICOs) containing a determination that “[d]epending on the facts and circumstances of each individual ICO, the virtual coins or tokens that are offered or sold may be securities. If they are securities, the offer and sale of these virtual coins or tokens in an ICO are subject to the federal securities laws.” Then, one day after the SEC guidance was released, the Financial Crimes Enforcement Network or FinCEN reached across jurisdictional lines to find that Canton Business Corporation, one of the world’s largest digital currency exchanges by volume and commonly known as BTC-e, and its principal Alexander Vinnick had violated the Bank Secrecy Act. Specifically, BTC-e violated the BSA by failing to register with FinCEN as a money services business (MSB); lacking internal controls to prevent the use of its services in furtherance of criminal activity, and as a result, was a go to MSB of actors perpetuating everything from financial crimes to drug trafficking to terrorism and laundering the funds through BTC-e.
This marked uptick in U.S. enforcement in the space could mark the beginning of (what will hopefully be) a coordinated attempt by U.S. regulators to exercise meaningful oversight and to draw boundaries between the forms of virtual currencies that are subject to their particular jurisdictions. Because of the inherent characteristics of virtual currencies, the risk profile of the space makes it a natural adjunct of what the SEC regulates. The SEC is in the business of investor protection and seeks to regulate risky investments being made available to less sophisticated investors, especially when offered with little disclosure or other information provided on the risks of the investment. Investing in virtual currencies involves a great deal of risk, in part due to their below characteristics:
The inherent uncertainty in whether a currency will be widely adopted as legal tender (if at all) makes the space highly speculative; The day to day volatility in the value of the more prominent digital currencies (Bitcoin, Ethereum, Litecoin etc) makes for wide swings in valuation and holding currencies or trading in the space inherently risky; Unlike other forms of legal tender, the fact that none of these currencies are backed by a central bank poses the unmitigated risk of the loss of your entire investment; Digital currency platforms have failed and been hacked (and digital wallets can be hacked); The above issue is exacerbated by the relative anonymity created by blockchain and resulting difficulty in tracing ownership across successive owners - this limits recourse once hacking, theft or fraud has occurred.
What is the SEC doing?
Building on the issues listed above, to the extent a hacking or other theft or fraud is traceable, because these virtual currencies are supranational in scope, the actors involved may be spread across the world, creating jurisdictional barriers to enforcement and, if an enforcement action is brought, obstacles to collecting on any judgement.
The SEC has now taken the first step in laying its claim to this space by offering guidance that, under certain fact patterns and using the DAO as a case study (*2), virtual currencies constitute securities and therefore fall under the purview of the SEC. Though the SEC should be commended for exercising more restraint than the CFTC by refraining from making a broad determination that all virtual currencies are securities, the SEC has yet to say specifically what fact patterns will lend themselves to a determination that the virtual currency in question is a security.
Section 2(a)(1) of the Securities Act of 1933 defines a security as “any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement … investment contract … or, in general, any interest or instrument commonly known as a ‘security’, or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing.”
In the absence of precise guidance, many have and are continuing to apply the traditional test, known as the Howey Test, as to whether a particular virtual currency or transaction involving a virtual currency will be classified as a security. The Howey Test focuses on the “investment contract” piece of the definition of security and has been used to characterize instruments that are more ambiguous in nature than stocks as securities. Under the Howey test, an instrument is a security provided all elements of the following criteria are satisfied: there is an investment of money; in a common enterprise; with an expectation of profits; solely (or predominantly) from the efforts of others. Undoubtedly, some of the ICOs involving a special purpose or a singular use virtual currency (that act like a gift card to a startup) will be held to violate securities laws, other transactions and products in the space will be harder to regulate using Howey. While there is a body of case law providing finer details on each of the Howey factors as they have been adapted to innovative products and fact patterns over the years, on a basic level, a test developed by the U.S. Supreme Court in 1946 will need to be stretched to apply to virtual currencies. Whether applying Howey or developing a new test, further standards and guidance are needed for the SEC to exercise meaningful oversight in this space.
To aid in this process, actors in this space are on the forefront of proposing new methodologies to aid regulators in understanding and providing meaningful oversight to the space. Coin Center, a Washington, D.C.-based non-profit research and advocacy center focused on the public policy issues facing virtual currencies and decentralized computing technologies, put out a proposed regulatory framework that serves as a pre-cursor for applying the Howey framework for use in analyzing whether a virtual currency constitutes a security. Citing as its basis the underlying policy goals of securities regulation, Coin Center’s framework notes the vast spectrum of how virtual currencies are fundamentally structured and concludes that certain types of currencies do not fit the definition of a security, are ill suited to the application of Howey and the risks they pose are not well suited to be addressed through securities regulation.
The Coin Center framework proposes that an initial determination as to whether to classify a virtual currency as a security should be based on seven key variables, divided into two classifications (i) variables in underlying software and network and (ii) variables in the community that develops and runs that software. These seven variables shape the relative risk profile of a given virtual currency and determine whether classification as a security (by use of the Howey test) is appropriate:
- Scarcity (what are the economics of the coin’s supply?)
- Distribution (how do new coins reach users?)
- Consensus (how does the network agree on supply and transaction history?)
- Permissions (what does possession of the coin allow the user to do?)
- Decentralization (how centralized is the network and developer community?)
- Profit-Development Linkage (how linked are developer profits to coin sales?)
- Transparency (how transparent is the network and developer community?)
Using the above variables, Coin Center argues that virtual currencies structured as larger, decentralized virtual currencies (ie. Bitcoin), pegged virtual currencies (ie. sidechains), and distributed computing platforms (ie. Etherium), pose less risk to users based on their decentralization and the transparency of their networks. Coin Center likens these to commodities, with pricing that fluctuates based on market forces. At the same time, Coin Center agrees that smaller virtual currencies with less widespread acceptance, when paired with certain design features (i.e. special purpose or single use currencies) and when aggressively marketed could constitute securities subject to SEC oversight.
WHAT DOES THIS ALL MEAN?
The U.S. has yet to come up with a coherent regulatory scheme in the virtual currency space, and the SEC has just dipped its toe into exercising jurisdiction. If anything, this is an indication that there will be a lot more to come.
It will be interesting to see if the IRS revisits the U.S. treatment of Bitcoin for tax purposes given its recent mainstream acceptance in various jurisdictions, including by Japan as a legal payment method, its acceptance in Germany as a financial instrument, and the movement by Russia and others, to give Bitcoin and certain other cryptocurrencies a similar status as a means to combat money laundering.
The SEC for one, while not addressing the underlying technological aspects, has demonstrated a willingness to look to function and use, indicating that “[w]hether a particular investment transaction involves the offer or sale of a security – regardless of the terminology or technology used – will depend on the facts and circumstances, including the economic realities of the transaction.” Also to its credit, the SEC has also historically been open to crowdsourcing feedback in its rule making process.
Given the low barriers to entry, rapid pace of development and growth in the virtual currency market, it will be especially important for the SEC and other regulators to work with actors in the space (like Coin Center) to come up with a coherent regulatory scheme that is flexible enough to adapt and remain relevant in the face of ever present change. Namely, a regulatory scheme based on the functional uses of the virtual currency in question instead of the patchwork determinations we have seen to date attempting to classify a range of existing products into a neat box.
Absent industry buy-in and acceptance, regulators have rule of law issues on their hands as this growing market continually proves to be nothing but innovative. For every attempt to regulate without building consensus, there will be reactions from actors in the space, including the restructuring of offerings, products and the virtual currencies themselves to avoid such regulation. If regulation and oversight can be employed to minimize fraud, theft and other crimes without stifling innovation – the space will be better for it. For now, we are still watching the law catch up with innovation.
Sarah H. Brennan is a senior associate in the Corporate and Securities practice group at Lippes Mathias Wexler Friedman LLP. She focuses primarily on mergers and acquisitions, private equity and corporate and securities law.
(*1) For examples of U.S. regulatory guidance and alerts, see IRS - IRS Virtual Currency Guidance: Virtual Currency Is Treated as Property for U.S. Federal Tax Purposes; General Rules for Property Transactions Apply (3/25/2014); and FINRA - Bitcoin: Investor Alert - Bitcoin: More than a Bit Risky (5/7/2014); and CFPB – Consumer Advisory: Risks to Consumers Posed by Virtual Currencies; SEC Investor alert – Ponzi Schemes and Virtual Currency