Lessons To Be Learned From The SEC’s Recent Penalties for ICO Companies

by | Monday November 26, 2018
Lessons To Be Learned From The SEC’s Recent Penalties for ICO Companies

The Securities and Exchange Commission recently brought their regulatory hammer down on several ICO-related companies. After months of public statements from officials and rumors of numerous subpoenas and investigations, the SEC sent a strong and undeniable message to companies that have held unregulated initial coin offerings, and to those who are considering it.

Don’t do it.

There are lessons to be learned from these recent regulatory actions. These lessons confirm what I have been preaching in my securities law practice to all of the coin/token/crypto companies I have been talking to or representing: Follow the existing securities laws to raise capital selling tokens or be prepared to suffer some extreme consequences. In this article, I will dig into the story of Carrier EQ, also known as AirFox, whose story is a perfect illustration of the dangers a company faces when they hold an ICO without following securities laws.

I am going to get into a lot of specific facts because what AirFox did is so common in the ICO world, so we can all learn from their mistakes. I will also explain in layman’s’ terms what happened to AirFox as the SEC reviewed their offering, in an effort to provide a “heads-up” to companies that still believe they can get away with holding an ICO in the United States without going through the SEC. It appears that AirFox did not receive very good advice in their ICO, and despite all the recent warnings and negative publicity, I still have ICO companies contacting me wanting to use these same methods (“But I’m selling a utility token!”) that got AirFox in trouble.

Two things are obvious after this SEC enforcement action:

  1. You cannot call what you are selling a “utility token” and have securities laws magically not apply to your offering (see Lesson 7 below), and
  2. Unless you can definitively prove what you are selling is not a security, you need to follow securities laws in your offering.

The AirFox ICO

AirFox is a U.S. company that sells mobile technology that allows prepaid mobile phone customers to earn free or discounted airtime or data by interacting with ads on their smartphones. From August to October 2017,[1]AirFox offered and sold blockchain-issued digital tokens called AirTokens in an ICO where the company raised about $15 million to create a new international business and ecosystem. AirFox told potential ICO investors that the new ecosystem would include the same functionality of AirFox’s existing U.S. business (allowing prepaid mobile users to earn airtime or data by interacting with ads) and would also add new features such as the ability to transfer AirTokens between users, peer-to-peer lending, credit scoring, and eventually using AirTokens to buy and sell goods and services other than mobile data. In the ICO, AirFox stated that AirTokens would potentially increase in value as a result of AirFox’s efforts, and that AirFox would provide investors with liquidity by making AirTokens tradeable in secondary markets.

Any advisor who even has a basic understanding of securities law would look at this and say “Hey, AirFox, you are selling securities. You are selling tokens to the general public, that you are alluding to an increase in value, to finance a new business.” Apparently, AirFox’s “crypto advisors”[2] and lawyers (if they had any) did not bother to Google “what is a security?”[3]

The SEC Penalties

On November 16, 2018, the SEC instituted “cease and-desist proceedings” against AirFox. This means, in laymen’s terms, that the SEC told AirFox to “Stop Breaking The Law!” because the SEC is about to come in, and effectively shut their company down with penalties. As a result, AirFox reached a settlement with the SEC so they could have some hope of continuing in business. The settlement requires AirFox to:

· Pay a $250,000 fine,

· Inform each person that purchased AirTokens of their right to get their money back if they still own the tokens or if they can show they sold them for a loss,

· Issue and post a press release on the company’s website notifying the public of the SEC’s order, containing a link to the order, and containing a link to a “Claim Form” for investors to get their money back,

· File the appropriate paperwork with the SEC to register the AirTokens as a class of securities — this means the AirFox now must follow all securities regulations and ongoing reporting requirements as to these tokens — an extremely expensive requirement, and

· Deal with a lot of other ongoing reporting requirements related to these penalties to keep the SEC informed.

In essence, the SEC made AirFox pay a large fine, forced them to return up to $15 million back to investors, publicly admit on online and in the press that they broke the law, and be subject to a ton of time-consuming and expensive paperwork (disclosing information like audited financial records that investors typically need to decide if a stock is a good investment ).

How many companies that held an unregistered ICO could financially stay viable with the imposition of such penalties? My suspicion is that there are very few.

What do we learn from the AirFox settlement?

1. The SEC is going to follow the Howey test[4] at least as a baseline to determine if a token sold in an ICO is a security. AirTokens were “securities” under the Howey test because people buying the tokens would have had a reasonable expectation of obtaining a future profit based upon AirFox’s efforts, including AirFox revising its app, creating an ecosystem, and adding new functionality using the proceeds from the sale of AirTokens.

Lesson: If your token offering cannot pass muster with a well-known 76-year old Supreme Court ruling, you are selling securities.

2. If you sell tokens that are securities, you have to either (a) register the securities with the SEC or (b) qualify for one of the well-known exemptions from registration such as Regulation D or Regulation A when you sell the tokens. In other words, follow existing securities laws. AirFox, like many ICO companies, did neither of these things, which is illegal.

Lesson: This isn’t rocket science. Either file an S-1 and register your token offering or be sure you qualify under one of the exemptions from registration (like Regulation A) before you sell any tokens to anyone.

3. The SEC is going to read your “white paper”[5] and review everything[6]related to your token offering. With AirFox, the SEC specifically noted that “in September 2017, AirFox explained to prospective investors in a blog post that the ‘AirFox browser is still considered ‘beta’ quality and will continue to be improved over the coming months as we execute on the AirToken plan.’” This blog post helped the SEC satisfy one of the Howey prongs of what constitutes a security: Money from the token sale was being used in a common enterprise for the company raising capital to build their business.

Lesson: Follow securities laws in all offering documents, marketing materials, media interviews, and everything whatsoever associated with the token offering.

4. AirFox’s white paper informed investors that 50% of the proceeds of the offering would be used for engineering and research and development expenses. In AirFox’s whitepaper, the company proposed a potential timeline of development milestones which covered from August 2017 through the second quarter of 2018.[7] Again, the company’s own documentation showed they were selling securities under Howey, by explaining that the company was going to use the funds from the token sale to fulfill their business plan.

Lesson: If you are using the funds from the token offering to build your business, follow your business plan, or build your ecosystem the tokens will be uses in, you are probably selling securities.

5. In its ICO, AirFox raised approximately $15 million by selling 1.06 billion AirTokens to more than 2,500 investors. The number of investors is important: A company selling securities is required to register their equity securities under “Rule 12(g)”[8] if the class of securities was held of record by more than 2,000 persons and more than 500 of those persons were not accredited investors. In other words, if you sell securities to 2,001 total investors, or 501 non-accredited investors, you have to be registered with the SEC.[9] With more than 2,500 investors, AirFox would be subject to these expensive registration requirements, if their tokens were considered to be securities.

Lesson: Watch the number of investors in your offering. Even when you are selling tokens that are clearly securities, you must pay attention to the rules surrounding how many investors you are allowed based on the laws applicable to your offering.

6. AirTokens were available for purchase by individuals in the United States and worldwide through websites controlled by AirFox. The company is based in the United States. The websites selling the tokens in the U.S. were controlled by the company. This all subjected AirFox to the jurisdiction of the SEC.

Lesson: If your company does business in the U.S., or wants to touch the U.S. investor market, you need to follow U.S. securities laws. If you are not a U.S. company[10], and do not sell or market at all to U.S. investors, most of this article may not apply to you at all.

7. The terms of AirFox’s the ICO required purchasers to agree that they were “buying AirTokens for their utility as a medium of exchange for mobile airtime, and not as an investment or a security.” In other words, AirFox assumed they could agree with their token purchasers that they were selling a “utility token” and not a security. It doesn’t work that way. Calling something a “utility token” and saying it “is not a security” is meaningless to the SEC. As the SEC notes “at the time of the ICO, this functionality was not available. Rather, the AirFox App was a prototype that only enabled users to earn and redeem loyalty points, which could be exchanged for mobile airtime. According to the company, the prototype was “really just for the ICO and just for investment purposes so people know . . . how it’s going to work” and “[did not] have any real users” at the time of the ICO. Despite the reference to AirTokens as a medium of exchange, at the time of the ICO, investors purchased AirTokens based upon anticipation that the value of the tokens would rise through AirFox’s future managerial and entrepreneurial efforts.”

This quotation from the SEC is important for two reasons:

· It makes it clear that the AirTokens violate the Howey test. Investors purchased AirTokens anticipating that the value of the tokens would rise through AirFox’s future managerial and entrepreneurial efforts. That is, almost literally, the definition of a security contract from Howey — someone investing in a company where the company’s efforts will increase the value of the investment.

· More importantly, the SEC seems to have cracked the door open a little. The SEC specifically set out several reasons why the AirTokens are securities and not “utility tokens” …but what if those reasons did not exist? What if this ICO had taken place later, and the following facts had been in existence:

(a) At the time of the ICO, the tokens’ functionality was available,

(b) The app was a not a prototype but was fully functional,

(c) The app had real users at the time of the ICO,

(d) The tokens were being used onlyas a medium of exchange at the time of the ICO, and

(e) Purchasers of the tokens had no anticipation that the value of the tokens would rise through the company’s future managerial and entrepreneurial efforts, because the tokens were not allowed to be traded on an exchange or otherwise.

While the marketplace for such tokens would not likely yield nearly $15 million in purchasers like in AirFox’s ICO, it seems that the SEC mightentertain characterizing tokens in the scenario[11] above as not being subject to securities laws.

Lesson: You can’t call what you are selling a “utility token” and have securities laws magically not apply to you. What you call your tokens is irrelevant to the SEC’s legal analysis.

8. AirFox’s whitepaper described an ecosystem to be created by the company where AirTokens would serve as a medium of exchange and that the company would maintain the value of AirTokens by purchasing mobile data and other goods and services with fiat currency that could be then purchased by holders of AirTokens and that the company would buy and sell AirTokens as needed to facilitate the purchase and sale of goods and services with AirTokens. In other words, the investors in the tokens would, again, be relying on the future efforts of AirFox, clearly one of the Howey prongs that make the AirTokens clearly securities under the law.

Lesson: If you are relying on the future efforts of the company selling the tokens to give the tokens value, the tokens have failed one portion of the Howey test.

9. Prior to the ICO, AirFox communicated to prospective investors that it planned to list the tokens on token exchanges to ensure secondary market trading. Obviously, liquidity in any investment is a huge part of the investment decision by a purchaser, and AirFox made it clear (a very common trait in unregulated ICOs) that their tokens would be traded on crypto exchanges, so buyers could sell them and potentially make a profit. This satisfies the “investment” arm of the Howey test. If investors have a reasonable expectation of profit from being the tokens, the tokens are very likely securities.

In fact, in the middle of the ICO, AirFox announced that it was reducing the token supply from 150 billion to 1.5 billion without changing the anticipated market cap “to alleviate concerns raised by many current and potential token holders and token exchanges who prefer each individual token to be worth more.”

Imagine a tradition initial public offering of stock, where the IPO company suddenly changed the number of shares of stock available but kept the valuation of the company the same. “Hey, those shares you first-in buyers got for $20 are now worth $2000 each because we decided to sell 1/100thof the number of shares.” This kind of market manipulation would likely end of with a few people in federal prison.

Lesson 1: If you tell purchasers of your token that the tokens are going to be traded and that you are going to do things to make the tokens more valuable for these investors, you are selling securities, without any question.

Lesson 2: Changing the material terms of a securities offering in the middle of it = bad idea.

10. The SEC noted the following interesting bit of information. Following the ICO, AirFox attempted to list AirTokens on a major digital token trading platform, and answered an application question that asked, “Why would the value increase over time?” AirFox’s response was “As time lapses the features and utility of AirToken will go up as we continue to build the platform. As of today, the people are able to download our browser to earn and purchase AirTokens to redeem mobile data and airtime across 500 wireless carriers. Over the next two years, the utility of the token will expand and therefore, more people across the world will need to have AirTokens in their possession to participate on our platform and ecosystem.”

Lesson: The SEC reads and reviews everything, including interactions a company has with third-party companies.

11. AirFox offered and sold AirTokens in a general solicitation to potential investors. This means AirFox advertised the ICO to the general public and solicited investments from anyone willing to send them money. In the securities world, general solicitation is limited to certain types of securities under certain exemptions, and allowing any investor to purchase securities, regardless of their accredited status, is not allowed in most cases.

Lesson: If you are going to advertise your token offering (and how else would you get the word out and find investors?) you need to follow securities laws and regulations related to general solicitation.

12. Through a “bounty” campaign, AirFox provided “free” AirTokens to people (crypto advisors) who helped the company’s marketing efforts. AirFox entered into an agreement with a crypto advisor who had previously led similar ICO promotions by other companies. This crypto advisor received a percentage of the AirTokens issued in the ICO in exchange for his services, recruited other people to translate AirFox’s whitepaper into multiple languages and to tout AirTokens in their own internet message board posts, articles, YouTube videos, and social media posts. More than 400 individuals promoted the AirToken initial coin offering as part of the bounty campaign. These individuals also received AirTokens in exchange for their services.

While the SEC did not specifically address this point in their ruling, I would not be surprised to see some regulatory or legal investigation undertaken against these crypto advisors. Depending on several factors that there is not enough publicly available information to know for certain, it is possible these crypto advisors may have conducted illegal broker-dealer activities subject to various regulations. The advertising and marketing of securities is highly regulated and based upon the representations made by those who were paid “bounties” by AirFox, it is also possible that some of these individuals did not follow existing laws and regulations as to how such advertising should be conducted.

Lesson: Follow all securities laws and regulations related to marketing, and only deal with advisors who understand and follow securities laws. When interviewing advisors, ask them about their experience in token offerings that were done in compliance with SEC regulations, not their experience with unregulated ICOs.

13. AirFox aimed its marketing efforts for the ICO at digital token investors rather than the anticipated users of AirTokens.

· AirFox promoted the offering in forums aimed at people investing in Bitcoin and other digital assets, that attract viewers in the United States even though the AirFox App was not intended to be used by individuals in the United States.

· AirFox’s principals were interviewed by individuals focused on digital token investing.

· In a blog post, AirFox wrote that an AirToken presale was directed at “sophisticated crypto investors, angel investors and early backers” of the AirToken project and in a pre-sale, prior to the public offering, AirFox made AirTokens available to early investors at a discount.

AirFox made no effort to market the ICO to the anticipated users of AirFox tokens — individuals with prepaid phones in developing countries. Instead, AirFox marketed the ICO to investors who “viewed AirTokens as a speculative, tradeable investment vehicle that might appreciate based on AirFox’s managerial and entrepreneurial efforts.”

Lesson: If you are going to claim you are selling “utility tokens” in an offering, you should sell those tokens to the ultimate users of the tokens. If you do not, you are likely selling securities to speculating investors, and your argument of selling “utility tokens” falls apart very quickly.

Conclusion (The Final Lesson)

I’ve been talking to (and in some cases, actually representing) token and crypto companies ever since the DAO decision when the floodgates opened to companies realizing that the only safe way in the U.S. to issue a digital asset, token or coin is to follow securities laws. It’s not that hard. Every mistake AirFox made was avoidable, and everything they did to violate well-established securities laws could have been avoided if they had received good advice. Selling investments to U.S. citizens is one of the most highly regulated industries in the world. To think a company can avoid following these well-established laws and regulations just because of a new technology, and because “everyone else is doing it,” is ridiculous.

Can I start openly selling cocaine online to anyone who wants to buy it because I keep the records of the sales on a distributed ledger and track each kilo on a blockchain? No, and nobody would be so stupid to try.[12]

This is not that difficult. The final lesson is: If you want to sell tokens without following securities laws to the U.S. market, you need to be 100% certain they are not securities, and that is going to be very difficult to do in most cases. If you and your advisors are not 100% certain that what you plan to sell is not a securitiy, get advice from reputable securities counsel before you do anything.

Once more thing: if you find yourself creating arguments to get around parts of the Howey Test rather than being able to definitively prove your tokens do not fit the Howey definition of a security, then the SEC is most likely going to disagree with you, and deem your tokens to be securities.


[1]It is important to note these dates. One month before the AirFox ICO, in July 2017, the SEC announced that it viewed the tokens offered by The DAO, an ICO that raised more than $150 million in 2016, as securities. This ruling was widely reported and sent shockwaves through the “unregulated” ICO industry. It would be hard to imagine that those advising AirFox were not aware of the DAO ruling when they started their ICO one month later.

[2]Some “crypto advisors” are persons (nearly always without a law degree) who advertise that they have “helped companies raise millions” in other ICOs (none of which followed U.S. securities laws). They often have influence in the ICO community and on ICO review websites where, in many cases, the review of an unregistered ICO is based on how much money you pay the website.

[3]Or, their advisors Googled it, read the Howey test, and decided “Let’s make like an ostrich and ignore the obvious.” Advisors to ICO companies should not take the attitude of “but everyone else is doing it and raising millions of dollars so it must be okay” or, my favorite, “there are no rules for ICOs, these are unregulated!”

[4]SEC v. W. J. Howey Co., 328 U.S. 293 (1946). The “Howey Test” is the U.S. Supreme Court’s definition of what a security is and has been the law for 76 years. In a nutshell, the four-part Howey Test determines that a transaction represents an investment contract if a person (a) invests his money (b) in a common enterprise and is (c) led to expect profits (d) solely from the efforts of the promoter or a third party.

[5]A “white paper” in the ICO world is a document that explains the business and the offering. In most cases, these documents are heavy on technical language regarding the tokens and blockchain but offer little to no guidance on the financial health of the business and rarely disclose all the risks of investing in the offering. In many cases, these “white papers” are not even close to what a securities lawyer would draft for any securities offering. But, many ICO companies apparently are advised to believe their white paper, with its page of legal disclaimers copied from other white papers found online, will magically protect them from any securities laws repercussions.

[6]The SEC will look at a company’s white paper, any other offering documents, websites, social media, media interviews, and any other online or offline matter related to the offering. If it is publicly available, the SEC is going to review it. Even if it is not publicly available, the SEC may subpoena it. In the AirFox case, the SEC noted that AirFox talked about prospects for development of the AirToken ecosystem on blogs, social media, online videos, and online forums and even gave a specific example of quotes from AirFox’s principals making claims in a YouTube video.

[7]These are typical White Paper 101 inclusions in an ICO. A breakdown of what the funds will be used for (which is actually a normal part of a securities law compliant offering document) and a timeline. While there is nothing wrong with these disclosures, the problem is that these white papers rarely discuss the risks involved with the offering, and almost never disclose anything about the financial condition of the company — staples of a compliant securities offering.

[8]17 CFR 240.12g-1

[9]There are notable exceptions to this rule under certain exemptions from registration, including under Regulation A, as amended in the JOBS Act.

[10]Without getting too technical, if you are a New York City based company, with offices and employees in Manhattan, who sets up a shell company in the Virgin Islands that has no office or employees and you run that company out of New York, you are not being clever and avoiding the fact that the SEC is probably still going to consider you a U.S. company. All you have done is sent up a red flag.

[11]There are other factors to consider, as Howey is just part of the analysis as to whether something is, or is not, a security. But, for illustrative purposes, this section of the SEC’s analysis is very helpful for companies considering a token sale, because it illustrates a potential path to a token not being subject to securities laws, and the possible ability in very narrow circumstances to sell a token outside of securities laws.

[12]Okay, someone might be dumb enough to try. Never underestimate the stupidity of some people. The TV show America’s Dumbest Criminals filled three years of episodes with people who might have tried this. For the record, if a stupid criminal tries this, and says it was my idea, please remember that they are, as noted, a stupid criminal and do not believe them.

Disclaimer (because I am wearing my lawyer hat): Kendall Almerico is a securities lawyer who represents companies raising capital in JOBS Act offerings (Regulation A in particular) and companies that want to sell tokenized securities in a compliant manner through a security token offering. This article does not contain legal advice and should not be relied upon bu anyone for legal advice. It is simply the opinions of Kendall Almerico interpreting certain matters that were recently in the news. Do not rely on this article for legal advice as every situation is different. In all cases, consult your own attorney or advisors.

There, I said it.

Join the All-In-One Platform empowering private capital markets.

Free forever, KoreConX makes it easy for participants in private capital markets to manage their investment portfolios, raise capital, and meet global compliance standards along every step of the way.

left line right line bottom line