John Reed Stark

One of the most interesting and arresting business stories of 2017 has been the astonishing proliferation of initial coin offerings (ICOs), as I discussed in a prior post (here). Readers who have been watching this story develop undoubtedly are aware that things have been moving very quickly recently on the regulatory front with respect to ICOs. ICOs suddenly are facing a very different regulatory environment. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look the recent regulatory developments and examines their implications. A version of this article originally appeared on Securities Docket. I would like to thank John for his willingness to allow me to publish his guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s guest post.

************************************

Worked on, or invested in, an ICO and worried that your ICO may be targeted by the SEC? You should be.

Internet Coin Offerings (ICOs), the method by which startups or other parties can issue cryptographic tokens in an effort to fund or bootstrap a new block chain network, got hit by a double whammy when the U.S. Securities and Exchange Commission (SEC) made two key announcements in September of 2017.

First, the SEC announced the formation of a new cyber unit to target violations involving distributed ledger technology and ICOs as part of a new effort to fight cybercrime. The new cyber unit, chartered among other things, to police ICOs, is already well-staffed with seasoned SEC veterans and up and running.

Second, the SEC created a retail strategy task force that will “develop proactive, targeted initiatives to identify misconduct impacting retail investors, including to pursue “misconduct perpetrated using the dark web,” where bitcoin and other cryptocurrencies are used to pay for illicit goods. This new team will “apply the lessons learned from [past securities fraud] cases and leverage data analytics and technology to identify large-scale misconduct affecting retail investors.

Last week, the SEC’s new cyber unit initiated its first official ICO enforcement action – and it was a powerful opening salvo. Specifically, the SEC announced it obtained an emergency asset freeze to halt a fast-moving ICO fraud that raised up to $15 million from thousands of investors by falsely promising a 13-fold profit in less than a month.

The SEC filed its charges against a recidivist Quebec securities law violator, Dominic Lacroix, and his company, alleging that Lacroix and Plextor’s marketed and sold securities called PlexCoin to investors in the U.S. and elsewhere, claiming that investments in PlexCoin would yield a 1,354 percent profit in less than 29 days. The SEC also charged Lacroix’s partner, Sabrina Paradis-Royer, in connection with the scheme.  Robert Cohen, the newly appointed chief of the SEC’s Cyber Unit had this to say about his team’s first action:

“This first Cyber Unit case hits all of the characteristics of a full-fledged cyber scam and is exactly the kind of misconduct the unit will be pursuing.  We acted quickly to protect retail investors from this initial coin offering’s false promises.”

Speaking at a conference in Washington a few days later, SEC Chairman Jay Clayton reinforced the Cyber Unit’s ICO mission and jurisdiction, noting that:

“ . . . [I]n ICOs you are asking people for their money for you to take and use in a commercial endeavor with the prospect of increasing the value of that piece of the distributed ledger . . . I see very little distinction — or any — between that and handing someone a piece of paper that says stock.”

This week the SEC filed an administrative action against a California-based company selling digital tokens to investors to raise capital for its block chain-based food review service. The company, Munched, Inc. halted its ICO after being contacted by the SEC, and agreed to an order in which the Commission found that its conduct constituted unregistered securities offers and sales.

According to the SEC’s order, before any tokens were delivered to investors, Munchee refunded investor proceeds after the SEC intervened. Munchee was seeking $15 million in capital to improve an existing iPhone app centered on restaurant meal reviews and create an “ecosystem” in which Munchee and others would buy and sell goods and services using the tokens. The company communicated through its website, a white paper, and other means that it would use the proceeds to create the ecosystem, including eventually paying users in tokens for writing food reviews and selling both advertising to restaurants and “in-app” purchases to app users in exchange for tokens.

Co-director of enforcement Stephanie Avakian touted the Cyber Unit’s second ICO enforcement action, stating:

“We will continue to scrutinize the ICO market vigilantly for improper offerings that seek to sell securities to the general public without the required registration or exemption.  In deciding not to impose a penalty, the Commission recognized that the company stopped the ICO quickly, immediately returned the proceeds before issuing tokens, and cooperated with the investigation.”

Anyone affiliated with an ICO in any way should be concerned.  Indeed, Chairman Clayton warned in an extraordinary ICO Statement issued on December 11th, 2017:

“On this and other points [of this ICO statement] where the application of expertise and judgment is expected, I believe that gatekeepers and others, including securities lawyers, accountants and consultants, need to focus on their responsibilities.”

Asked by reporters if the SEC will investigate and prosecute other ICOs, SEC Chairman Clayton has noted ominously: “If people continue to ignore the securities law, yes.” In other words, while the SEC’s PlexCorp and Munchee enforcement actions may have been the first ICO prosecutions brought by the SEC’s new cyber unit, but they will clearly not be the last.

According to the cryptocurrency statistics website Coinschedule, a grand total of 234 projects have raised over $3.6 billion through ICOs in 2017 alone – with no slowdown in sight. Given these startling statistics, together with the chaotic and unregulated nature of the embryonic, novel and crazed ICO marketplace, ICO investors are now probably scratching their heads, concerned that their ICO tokens could be impacted by a future SEC enforcement action.

Below are some critical questions that ICO purveyors and investors alike should be asking themselves not just as a matter of SEC compliance – but also to determine which ICOs risk getting caught up in the SEC Cyber Unit’s ICO dragnet.

Is the ICO Offering Securities for Sale to the Public?

In a typical ICO, virtual coins or tokens are distributed by a company to the public in exchange for another cryptocurrency or fiat currency. These coins or tokens come with particular rights, such as: a right to access to a future service once the ICO is launched; a right to redeem the token for a currency or service; or a right to receive future profits from the company (like a dividend).

To determine how traditional securities regulation applies to ICOs, the SEC will undoubtedly apply the four-pronged Howey Test, derived from the 1946 Supreme Court decision in SEC vs. W.J. Howey Co., which states that a security is an investment contract in which a person 1) invests their money; 2) in a common enterprise; 3) with an expectation of profits; 4) based on the efforts of the promoter or a third party. In order to be considered a security, an offering must meet all four prongs.

Most token purchasers expect that they will earn a profit by selling their tokens once they appreciate in value. Rather than prospectuses, token issuers put out so-called “white papers” describing the platform, software or product they are trying to build, and then investors buy those tokens using widely-accepted cryptocurrencies (like bitcoin and ethereum) or fiat currencies like the U.S. dollar. These issuers also often employ a litany of promoters and facilitators to generate interest, excitement and participation in the ICO.

Historically, the courts and the SEC have taken an extremely broad view of whether any kind of investment is a security. Indeed, the definition of “security” under Section 2(a)(1) of the Securities Act of 1933 (and the nearly identical definition under Section 3(a)(10) of the Exchange Act of 1934) includes not only a number of specific types of financial instruments, such as notes, bonds, debentures and stock, but also broad categories of financial instruments, such as evidences of indebtedness and investment contracts. The definition of security was plainly crafted to contemplate not only known securities arrangements at the time – but also to any prospective instruments created by those who seek the use of the money of others on the promise of profits.

The DAO 12(a) Report

With respect to ICOs, the critical area of inquiry for the SEC is whether investors were relying on the managerial efforts of others. On July 25, 2017, the SEC provided important initial guidance on its views of whether ICOs are securities when it released a Section 21(a) Report of Investigation on its findings regarding the token sale by The DAO (more on the report itself later).

The bottom line from the DAO 21(a) Report is that the SEC views ICOs as selling securities. In making this determination, the SEC focused on whether the efforts of others were “the undeniably significant ones … that affect the failure or success of the enterprise.” The SEC found that the so-called curators of the DAO played the requisite role. The curators held themselves out as experts in, among other matters, the block chain protocol, determined which projects would be voted on by DAO Token holders, addressed security issues and more generally held itself out in marketing materials as a group that investors could rely on for their managerial efforts.

The SEC also concluded that the voting rights of the DAO Token holders were limited. In a critical sentence, the SEC noted: “[e]vend if an investor’s efforts help to make an enterprise profitable, those efforts do not necessarily equate with a promoter’s significant managerial efforts or control over the enterprise.” The SEC concluded that the voting rights of DAO Token holders was largely “perfunctory.” Since they could only vote on projects approved by the curators, token holders did not receive sufficient information to vote in a meaningful way, and there were no means to obtain additional information.

Equally important, the SEC also noted: that the widely dispersed DAO Token holders could not identify and effectively communicate with each other; that there was a large number of them; and that they could not be deemed to be in a position to effectuate meaningful control.

The SEC message to the purveyors of ICOs was clear: ICOs are very likely selling plain-old shares of stock fancifully masquerading as tokens — and their offer and sale would need to be registered under the Securities Act or qualify for an exemption from registration.

If the token offering is exempt from registration, the offering likely would need to be made to accredited investors, the tokens would be subject to limitations on resales or transfers, and any general solicitation would likely be prohibited. Regardless of whether the offering is registered or exempt, careful consideration would also have to be given to ensuring that prospective investors receive sufficient disclosure about the offering, including associated risks.

Is the ICO Being Marketed by Unregistered Broker-Dealers?

One of the more critical federal and state regulatory registration requirements that may emerge when participating in the operation of an ICO, is that of broker-dealer activity. If tokens are deemed securities, intermediaries such as token exchanges and promoters would likely need to comply with broker-dealer registration requirements.

Specifically, Section 15(a)(1) of the Securities Exchange Act of 1934 makes it unlawful for a person to “effect a transaction in securities” or “attempt to induce the purchase or sale of, any security” unless they are registered as a broker or dealer under the rules and regulations of the Financial Industry Regulatory Authority, Inc. (FINRA). FINRA is the regulatory organization designated by the Securities and Exchange Commission (SEC) to license and regulate broker-dealers.

The ramifications for failure to register as a broker-dealer are severe, even criminal. Section 29(b) of the Exchange Act provides that every contract made in violation of any provision of the broker-dealer registration requirements “shall be void” as to rights of persons who made or engaged in the performance of such contract. It results in the underlying purchase of securities becoming a voidable transaction that gives the investor a right of rescission, so if for purchasers losing money on the investment, there is an instantaneous and simple claim to get a refund of their investment.

Moreover, Section 20(e) of the Exchange Act, under which the SEC may impose aiding-and-abetting liability on any person that knowingly or recklessly provides substantial assistance in a violation of the Exchange Ac, creates additional potential liability. Finally, merely retaining and permitting an unlicensed intermediary to help facilitate or effect a securities transaction (such as an ICO) may be a violation of federal and many state laws, and may subject the issuer to possible civil and criminal penalties.

In accordance with these fairly stringent requirements, when a company is at all engaged in facilitating or helping conduct the ICO (for example by promoting the ICO or by helping find ICO investors), the company may be required to register as a broker dealer with the SEC.

For instance, many ICO promoters and affiliates negotiate payment of “success fees” upon completion of an ICO-related transaction or arrange for some other iteration of transaction-based compensation. Even if the arrangement masquerades the true intent of the relationship, payment of transaction-based compensation is treated by U.S. securities regulators as a nearly-conclusive indication that a person is engaged in the securities business and should be registered as a broker-dealer.

Thus, when an unregistered person or entity is involved as a broker, finder, etc. of an ICO, the ICO could become immediately and irrevocably tainted. This notion makes a lot of sense. Broker-dealers are supposed to provide a gatekeeper to protect investors in the marketplace and are required to “observe high standards of commercial honor and just and equitable principles of trade” in the conduct of its business, including determining if an investment is “suitable” for its customer and maintain meticulous records of communications, representations, transactions and other important information. Broker-dealers also are subject to SEC and FINRA examination together with a broad range of regulations and rules of conduct.

The SEC considers the principle of gatekeeper registration sacrosanct, broadly construing the broker-dealer laws while narrowly construing the few permitted exceptions.

Is the ICO Being Promoted Without Proper Compensation Disclosure?

Like other trendy cultural phenomena, some noteworthy celebrities – such as boxer Floyd Mayweather and hotel heiress Paris Hilton – have become involved in ICO promotional efforts, largely conducted via social media outlets, related to ICOs.  This practice raises obvious concerns about possible securities violations, most definitively, Section 17(b) of the Securities act of 1933.

Section 17(b) prohibits the publication of paid for descriptions of securities without full disclosure of the compensation arrangement. This prophylactic measure was “particularly designed to meet the evils of the tipster sheet, as articles in newspapers or periodicals that purport to give an unbiased opinion but which opinions in reality are bought and paid for.

Prior to the Internet era, section 17(b), unchanged from its enactment in 1933, with no rules or regulations ever promulgated thereunder, served the SEC as the legal basis to combat touting fraud in a variety of mediums, including brochures, newsletters, and radio talk shows – wherever touters attempted to disguise their paid promotions as independent, objective analysis.

In the early 1990s, as the Internet begin to evolve into an important tool for investors, unlawful touting spread to every corner of cyberspace, including websites, newsletters, spams (electronic junk mail), and then online message boards, discussion forums and now, social media.

The SEC first acted upon trending unlawful Internet investment promotions with several enforcement actions brought between 1996 and early 1998. But despite the SEC’s efforts, the practice continued to proliferate, prompting the SEC to take even stronger action in several Internet “sweeps,”, one in October 1998 and another in February 1999. These coordinated 17(b) roundups, led by the SEC’s Office of Internet Enforcement (the first SEC cyber office, discussed below) consisted of more than 25 Separate enforcement actions against more than 50 individuals and companies, garnering tremendous publicity at the time, and virtually eliminating the unlawful promotion practice entirely, while simultaneously stunting the growth of unlawful securities offerings as well.

If an ICO involves any kind of paid promoter, without appropriate disclosure, the ICO will be violating Section 17(b), which is a strict liability statute. This means that a 17(b) violation does not require a finding of fault (such as negligence or tortious intent). The SEC need only prove that the ICO promotion occurred without the proper disclosure and that the defendant was responsible.

Is the ICO at all Fraudulent?

Aside from the broad range of registration requirements set forth above, if any aspect of an ICO is being offered fraudulently, the ICO will likely violate SEC Rule 10b-5, issued by the SEC under Section 10(b) of the Securities and Exchange Act of 1934, which generally prohibit any form of fraud in connection with the purchase or sale of a security. This can include a blatant misrepresentation, such as a promise of any sort of ICO investment return, or the simple failure to disclose an investment risk, such as the risk that the ICO token’s value could decrease.

Despite the volumes of case law and legal commentary surrounding them, there is actually nothing very complicated about the anti-fraud provisions of the federal securities laws. Any form of lying, deceit, misrepresentation or other chicanery associated with any kind of investment falls within the SEC’s anti-fraud jurisdiction. In fact, the SEC’s anti-fraud statutory weaponry is designed specifically as a catch-all to apply to any kind of investment-related deception or dishonesty.

Is the ICO Operating Within the United States?     

This is a trick question — because simply relocating an ICO to a foreign jurisdiction may not be sufficient to avoid the long (and global) arm of U.S. federal securities laws.

U.S. federal securities laws are oddly idiosyncratic and drafted as laws of inclusion, rather than exclusion. In other words, the U.S. federal securities laws boldly apply to everyone in the world, with exceptions being available to the extent the person or organization in question does not actually transact in the U.S. or with U.S. persons or companies. U.S. federal securities laws even define a “person” broadly, not limiting the definition to U.S. citizens.

Thus, going “offshore” is not always an ICO’s regulatory escape if U.S. persons can purchase tokens in the ICO or if there is potential for post-issuance trading of ICO tokens to persons in the U.S. The primary trigger for SEC jurisdiction will likely be whether the ICO is being offered and sold to U.S. investors. If an ICO is soliciting and accepting U.S. investors, and there are assets of the ICO in the U.S., the SEC can seek to freeze those assets, choking the life out of an ICO.

However, merely because the SEC can assert jurisdiction over an ICO does not always mean the SEC can take meaningful action against its offshore purveyors, promoters, curators, sponsors and the like.

Given the many problems associated with investigating and prosecuting offshore entities, from serving subpoenas to locating assets to extradition, the SEC must work with international authorities using present treaties, memorandum of understanding, and other formal and informal international agreements. This kind of multi-jurisdictional effort takes extraordinary resources and thoughtful commitment by multiple government departments and agencies, at a time when law enforcement resources are already strained by budget cuts and other more pressing priorities (like combating terrorism).

SEC officials would likely argue however, that the list of cooperating countries with the SEC also continues to expand and “the level of cooperation and coordination among regulators and law enforcement worldwide is on a sharply upward trajectory.” In fact, newly anointed SEC Enforcement co-director Steven R. Peikin recently noted that:

“In the past fiscal year alone, the Commission has publicly acknowledged assistance from 19 different jurisdictions in FCPA matters] And, one need look no further than two recent, substantial cases that were resolved globally: (i) a settlement that we, the U.S. Department of Justice, and authorities in the Netherlands and Sweden reached with Teliasonera , and (ii) the coordinated Brazilian-Swiss-U.S. resolutions with Braskem .” 

Indeed, based on analysis of SEC cases of the last decade or so done in cooperation with the Harvard Law School Forum, whether in the context of information-sharing to pursue parallel investigations in more than one jurisdiction or simply through the production of materials by a foreign regulator to the SEC under the auspices of a bilateral or multilateral memorandum of understanding (MOU), the SEC has proven itself quite adept at forging cooperative relationships with many of its overseas counterparts which have resulted in real, tangible cooperation and assistance.

Notwithstanding international cooperation challenges, the SEC also faces the logistical problem for the SEC to somehow freeze or otherwise secure investor funds that are held in a virtual currency. Virtual currency wallets are encrypted and unlike money held in a bank, brokerage account or other traditional financial institution, virtual currencies may not be held by any kind of third-party custodian. In fact, traditional financial institutions (such as banks) often are not involved with ICOs or virtual currency transactions, making it more difficult even to follow the flow of money and trace it – let alone, obtain any kind of asset freeze.

Certain Relevant SEC International Prosecutions

Although the hurdles for SEC international prosecutions and asset freezes remain significant, the SEC has nonetheless obtained some fairly significant results pertaining to securities violations orchestrated overseas which are worthy of discussion.

  1. Account Takeover Cases

Consider for example, the recent SEC brokerage “account takeover” cases, which typically involve foreign perpetrators unlawfully accessing (often via cyber-attack) the brokerage accounts of unwitting victims and making unauthorized trades to artificially affect the stock prices of various companies the perpetrators already own. The cyber-attacker of these frauds profits by trading in the same securities in his own accounts and taking advantage of the artificial stock prices that resulted from the unauthorized trades placed in the victims’ accounts.

One recent SEC account takeover enforcement action actually involved a trader’s efforts to conceal his unlawful profits using bitcoin to launder the proceeds. Specifically, the SEC alleges that day trader Joseph Willner and other accomplices, secretly and without authorization, hacked at least 110 brokerage accounts of unwitting accountholders in a scheme based on a profit-sharing arrangement. To make the payments as part of the cooked-up arrangement, Willner allegedly transferred proceeds of profitable trades to a digital currency company that converted U.S. dollars to Bitcoin and then transmitted the bitcoins as payment.

In some account takeover cases, the SEC obtained asset freezes of perpetrators without even knowing the perpetrator’s identity. For instance, back in 2007, the SEC Office of Internet Enforcement froze the assets of an account takeover scheme held in a Latvian-based bank’s U.S. trading account, which resulted in millions of dollars being returned to victims.

The SEC, by working with U.S. prosecutorial agencies, can sometimes even help capture the culprits of offshore securities fraud schemes. For example, also back in 2007, the SEC Office of Internet Enforcement led the charge against three Indian nationals for participating in a fraudulent scheme to manipulate the prices of at least fourteen securities through the unauthorized use of other people’s online brokerage accounts.

Specifically, the SEC alleged that, between July and November 2006, Jaisankar Marimuthu, Chockalingam Ramanathan and Thirugnanam Ramanathan hijacked the online brokerage accounts of unwitting investors using stolen usernames and passwords. Prior to intruding into these accounts, the defendants acquired positions in the securities of at least thirteen issuers and options on shares of another issuer. Then, without the account holders’ knowledge, and using the victims’ own accounts and funds, the defendants placed scores of unauthorized buy orders at above-market prices. After these unauthorized buy orders were placed, the defendants sold the positions held in their own accounts at the artificially inflated prices. These transactions created the appearance of legitimate trading activity and pumped up the share price of the fourteen securities.

The SEC further alleged that on several occasions, the defendants opened new online brokerage accounts using stolen personal information, and then funded these accounts using hundreds of thousands of dollars taken from the account holders’ own bank accounts.

Parallel to the SEC action, the U.S. Department of Justice initiated a global hunt for the three defendants and succeeded in extraditing and prosecuting two of them. Specifically, Marimuthu was arrested on Dec. 20, 2006, by the Hong Kong Police on charges of computer fraud, money laundering, and possession of equipment to make a false instrument; extradited to the U.S. following his conviction there; and eventually sentenced to 81 months in prison and also ordered to pay $2.4 million in restitution.

Thirugnanam Ramanathan was similarly arrested by authorities in Hong Kong on Jan. 26, 2007, pursuant to a U.S. provisional arrest warrant; eventually pled guilty to one count of conspiracy to commit wire fraud, securities fraud, computer fraud and aggravated identity theft; and was sentenced to two years in prison. (Co-defendant Chockalingham Ramanathan, was charged with one count of conspiracy, eight counts of computer fraud, six counts of wire fraud, two counts of securities fraud and six counts of aggravated identity theft but apparently evaded authorities and remains at large.)

  1. Unknown Purchaser Cases

Historically, the SEC has even brought prosecutions against defendants who, because of their international domicile, are unknown. For example, the SEC brings cases against unknown foreign defendants when the SEC gets indications of unusual trading in an account at a broker-dealer firm but does not have the name of the account holder. The SEC then often tries to freeze the account so that the holder cannot get to the profits.

These cases demonstrate that trading in the U.S. markets through foreign accounts does not shield foreign nationals from SEC scrutiny and potential liability. In each of these unusual prosecutions, the SEC works closely with international regulators to quickly bring insider trading case that involving internationally domiciled perpetrators.

The SEC brought one of the first of these international matters more than 20 years ago in 1995, freezing several million dollars and filing insider trading charges against unknown traders who bought CBI Industries stock just days before Praxair Inc. announced a takeover bid for the company. The SEC announced the lawsuit just hours after CBI, a carbon dioxide and industrial gas producer, rejected the $2.1 billion takeover bid as “inadequate.” At the time, the identities of the investors were purportedly protected by secrecy laws in Switzerland and Germany, where they placed the stock purchase orders through Swiss and German banks that maintained accounts with United States broker-dealers. The SEC had asked the banks through which the orders were placed whether their customers would consent to being identified, but received no response.

The SEC ultimately determined the identities of the unknown purchasers, who were part of a group of Zurich and Lichtenstein companies trading through Swiss and German markets, and obtained final judgments against all of the individuals and companies involved, while also depositing the asset freeze proceeds in the Court Registry Investment System for eventual disgorgement to aggrieved investors.

Another similar SEC action occurred in 2008, when the SEC filed insider trading charges against unknown individuals accused of making suspiciously well-timed purchases of call options in two companies before the companies announced multibillion-dollar mergers. The matter involved certain suspicious trading by the “one or more unknown purchasers” including the purchase of call option contracts to buy shares of defense company DRS Technologies and American Power Conversion Corp, a power and cooling services company. DRS was in a pending deal to be acquired by Italy’s Finmeccanica Spa SIFI.MI, for $3.94 billion, while American Power was bought by French engineering group Schneider Electric SA (SCHN.PA) for $6.1 billion. Through an account at UBS AG UBSN.VX in Zurich, the SEC alleged that the purchasers made “well-timed purchases” of call options of DRS and American Power that yielded profits of about $3.3 million.

The SEC ultimately identified the defendant as a resident of Rome, Italy, leading Toni Chion, who led the SEC investigation, to proclaim boldly:

“In today’s global markets, we will act quickly and decisively against violations of the U.S. securities laws, no matter where that conduct occurs, to protect our securities markets and investors.” 

The international flair of the SEC continued in late 2010 when the SEC obtained an asset freeze and other relief against unnamed investors who bought Wimm-Bill-Dann Foods, in the days before the PepsiCo agreed to buy the Russian beverage maker. The SEC noticed that the investors’ stock purchases “were highly profitable and suspicious” and obtained an asset freeze the proceeds of the relevant trades. The SEC’s asset freeze order secured more than six million dollars, which the SEC eventually kept as part of a settlement from one of the defendants, who was ultimately identified as a British Virgin Islands corporation.

Specifically, the unknown buyers acquired 400,000 American Depositary Receipts in Wimm-Bill-Dann from Nov. 29 to Dec. 1. Pepsi announced the deal, in which it paid $3.8 billion for a 66 percent stake, on Dec. 2. The Russian company’s shares spiked 28 percent on the day of the announcement. ‘ As a result, the unknown purchasers were in a position to realize total profits of approximately $2.7 million from the sale of the ADRs. The shares were purchased in an account maintained at SG Private Banking, the Swiss banking unit of Societe Generale, and the trade orders were routed through Instinet Europe, and Brown Brothers Harriman & Co. was the custodian of the shares.

In a more recent similar matter in 2013, the SEC obtained an emergency asset freeze in a Zurich, Switzerland-based trading account that was used to reap more than $1.7 million from trading in advance of a public announcement about the acquisition of H.J. Heinz Company by Berkshire Hathaway and 3G Capital. Sanjay Wadhwa, who led the SEC team stated at the time:

“Despite the obvious logistical challenges of investigating trades involving offshore accounts, we moved swiftly to locate and freeze the assets of these suspicious traders, who now have to make an appearance in court to explain their trading if they want their assets unfrozen.” 

In another recent matter in 2013, SEC v. Well Advantage Limited and Certain Unknown Traders, there is an even more tenuous connection to the U.S. market. This matter involved the activities of Well Advantage (Well), a company incorporated in the British Virgin Islands and headquartered in Hong Kong.

According to the SEC, Well is indirectly owned by Zhang Zhi Rong, a Hong Kong businessman with close ties to China National Offshore Oil Corporation (CNOOC). In July 2012, CNOOC announced that it had agreed to acquire Nexen. Prior to the announcement, Well and a number of other then unknown traders stockpiled Nexen shares, which were liquidated shortly after the announcement. Alleging unlawful insider trading, the SEC obtained a series of emergency asset freezes in the Well Advantage matter, ultimately freezing a total of $44 million. As in the Heinz matter, the SEC took its initial action within days of the announcement of the Nexen deal, and less than 24 hours after Well sold off its position.

The SEC’s investigation ultimately identified a Chinese businessman Ren Feng and his wife Zeng Huiyu, as the previously unknown traders as well as Ren’s private investment company CT Prime Assets Limited and four of Zeng’s brokerage customers on whose behalf she traded. The scheme yielded a combined $2.3 million in illegal profits from Nexen stock trades made by Ren and Zeng and the traders paid more than $3.3 million combined to settle the matter.

  1. Prime Bank Cases

Another successful area of international SEC enforcement initiatives pertains to so-called prime bank instruments, which involve the sale of bogus instruments purporting to represent a European secondary market for stand-by letters of credit (a wholly fictional concoction). Many of the original purveyors and promotors of prime bank instruments reside offshore but also employed U.S. operators who warehouse their fraudulent proceeds in U.S. banks and brokerage houses, which render them subject to judicially obtained SEC asset freezes.

For example, in one prime bank SEC prosecution from 2013, the SEC alleged that attorney Bernard H. Butts, Jr. acted as an escrow agent to enable Fotios Geivelis, Jr. and his purported financial services firm Worldwide Funding III Limited, to defraud approximately 45 investors out of more than $3.5 million they invested in a trading program that never actually existed.

Geivelis touted returns of 6.6 million Euros for investors within 15 to 45 business days on an initial investment of $60,000 to $90,000 in U.S. dollars, assuring investors that their funds would remain in an escrow account until Worldwide Funding acquired the bank instruments necessary to generate the promised returns. Butts instead had allegedly been doling out investor funds almost as soon as they were received to enrich himself and others, spending the money on such personal expenses as travel and gambling.

  1. Future SEC ICO International Prosecutions

Though challenging and resource-intensive, the SEC does have options for filing charges against internationally orchestrated ICOs. For instance, with respect to offshore ICOs, the SEC can: easily assert jurisdiction; seek asset freezes of any related U.S. funds; and work with criminal authorities to obtain extradition and arrest of culprits in cooperating countries.

Thus, foreign ICO firms, marketers and promoters should at least be prepared for how they will respond to a cross-border regulatory SEC investigation, whether in the form of an SEC subpoena (or, an asset freeze order from a U.S. federal court) by carefully analyzing the intersection of a foreign request or court order with local banking, privacy, and consumer protection laws in the various jurisdictions in which they operate. While such issues must be considered on a fact-specific basis, ICO firms that plan their possible response to these issues before they arise will be far better positioned to handle them when they occur than those who put off consideration of such cross-border complexities until a problem arises.

It is also important to note that the SEC prosecutions against the Latvian Bank the three Indian nationals in Hong Kong and a range of prime bank fraud cases were all led at the time by the SEC’s Office of Internet Enforcement, which was shut down in a reorganization in 2010, but as mentioned above, has now been re-opened as the new “Cyber Unit” by Chairman Jay Clayton in 2017.

Now that the new SEC Cyber Unit is up and running, and the SEC has once again dedicated specialized resources to cyber matters, perhaps the SEC’ appetite for more complex cases will reawaken and the new group will venture to pursue internationally orchestrated unlawful ICOs that impact U.S. investors and markets.

Above all else, international ICO participants should not let themselves feel their non-U.S. domicile provides a shield against the sword of the SEC’s new cyber unit – because as the SEC Office of Internet Enforcement proved during its prime – where there is a will, there is a way.

Is the ICO Operating as an Unregistered Exchange?

After having previously declined to approve proposed rule changes to facilitate the listing and trading of shares of the Winklevoss Bitcoin Trust, the SEC followed the path of the U.S. Commodity Futures Trading Commission (CFTC) on July 24, 2017, and affirmed the SEC’s role in regulating platforms like those on which block chain-based instruments are traded.

Thus, to the extent that ICO tokens traded on a digital asset trading platform are securities, the platform may be required to register as a national securities exchange under Section 3(a)(1) of the Exchange Act. 

Given the nature of the platforms that trade cryptocurrency tokens and provide users with an electronic system that matches orders from multiple parties to buy and sell tokens for execution based on non-discretionary methods, ICO platforms would appear to fall within the definition of a securities exchange.

This means that ICOs could require registration as a national securities exchange pursuant to Sections 5 and 6 of the Exchange Act or operated pursuant to an appropriate exemption (such as an alternative trading system that complies with Regulation ATS, which requires, among other things, registration as a broker-dealer and filing of a Form ATS with the SEC to give notice of the alternative trading system’s operations).

Token offerings are frequently conducted on crowdfunding platforms that are not registered as national exchanges. As with traditional exchanges, ICOs should mandate that: 1) investors funds and securities be handled appropriately; 2) investors understand the risks involved in purchasing the often illiquid and speculative securities that or traded in an ICO; 3) buyers must be made aware of the last prices on a particular ICO; and 4) companies provide adequate disclosure regarding the ICO. Overall entities providing exchange like services must carefully handle access to, and control of, investor funds, and provide all users with adequate protection and fortification.

Potentially, an ICO could fall within the Regulation Crowdfunding exemption, although the DAO 21(a) Report cautioned that the DAO would not have met the requirements of the Regulation Crowdfunding exemption because, among other things, it was not a broker-dealer or a funding portal registered with the SEC and the Financial Industry Regulatory Authority (FINRA).

Is the ICO Operating as an Unregistered Investment Adviser?

Depending on the structure of a token offering and the token structure’s investment objective, a sponsor of a token offering may be deemed an investment adviser under the Investment Advisers Act of 1940 and subject to registration with the SEC or with one or more states as such.

Section 203A of the Investment Advisors Act generally makes it unlawful for any “investment advisor, unless registered, to use any means of interstate commerce in its advisory business.” Section 202(a)(11) defines “investment advisers” as persons who receive compensation for providing advice about securities as part of a regular business. Whether or not a person is considered to be an investment adviser under the Investment Advisers Act generally depends on three criteria: the type of advice offered, the method of compensation, and whether or not a significant portion of the “adviser’s” income comes from proffering investment advice. Related to the last criterion is the consideration of whether or not a person leads others to believe that he or she is an investment adviser, as for example through advertising.

The Investment Advisors Act mandates disclosure and ongoing compliance requirements; requires the maintenance of certain books and records, which are subject to periodic SEC examinations; and makes it unlawful for “any investment advisor “(whether or not registered) to engage in fraudulent activities.

With the proliferation of all sorts of goods and services offered over the Internet, investment advisors peddling their services have not lagged far behind; just about every type of investment advisor has sprouted in cyberspace. Although the original drafters of the Investment Advisers Act probably never contemplated the cyberspace investment advisor, the provisions of the investment advisors act appear flexible enough to ensure it safeguarding provisions (disclosure, record keeping, and other customer protections) apply equally to ICO related advisory activities.

Is the ICO Offering an Unregistered Mutual Fund?

The Investment Company Act of 1940 requires “investment companies” to register with the SEC unless they qualify for one of several exclusions from the definition. Generally, an investment company is an issuer that is engaged or proposes to engage in the business of investing, reinvesting, owning, holding, or trading in securities, and owns or proposes to acquire “investment securities” having a value exceeding 40 percent of the value of its total assets (exclusive of government securities and cash items) on an unconsolidated basis. For this purpose, “securities” and “investment securities” are broadly defined, and in some instances, include instruments that may not even be securities under the Howey test.

Investment company registration and ongoing structural requirements are highly complex and issuing platforms may find complying with them without compromising the business model difficult or impracticable. The platform would therefore likely need to be structured to meet an applicable exclusion from the definition of an investment company under the 1940 Act, which would limit the number of U.S. investors due to eligibility requirements and other limitations under the 1940 Act.

An issuer that is required to register as an investment company but fails to register is subject to many potential penalties, including criminal sanctions. Notably, the DAO 21(a) Report did not address whether the DAO would be an investment company under the 1940 Act, leaving that analysis for another day and another issuer.

Final Thoughts

In a recent interview with the New York Times, Joseph Grandest, a former commissioner at the S.E.C. in the 1980s and now a law and business professor at Stanford University, said he had been contacting current SEC officials to urge them to bring ICO prosecutions, and fast. Professor Grundfest explained incredulously:

“I.C.O.s represent the most pervasive, open and notorious violation of federal securities laws since the Code of Hammurabi . . . It’s more than the extent of the violation, it’s the almost comedic quality of the violation . . . These are not hard cases, you don’t need teams of accountants poring over complex financing documents.” 

Professor Grundfest explained to the New York Times reporter that several teams looking at doing ICOs had approached him to ask how to lawfully conduct an ICO, but the discussions are never very fruitful:

“I say, ‘Look, you are at very high risk for violating the securities law,’ and explain why . . . Then they go find another lawyer.” 

Professor Grundfest is not just a securities regulation expert and a pioneer of novel and effective capital formation strategies, Professor Grundfest also happens to be a legendary Silicon Valley brain trust, and his admonition should be taken seriously.

The $3.5+ billion in ICOs offered to date originated so quickly that the ICO marketplace somehow managed to launch amid an unregulated vacuum, without the involvement of financial institutions or regulators. But while ICOs have perhaps provided excitement and intrigue for eager investors looking for alternatives to traditional investments in a more liberated and free-spirited virtual arena, ICOs are a serious eye sore for SEC staff.

SEC concerns stem from the freewheeling operations of ICOs, rendering these new-age currencies susceptible to fraud and manipulation (not to mention to being used as a vehicle for money laundering, drug dealing, terrorism and other crimes).  In fact, ICO’s produce a veritable “Driver’s Ed” film of possible securities law violations, raising legal questions and regulatory issues from every angle.

Given the wholly unregulated, unmonitored and unfettered ICO marketplace and the threat posed to U.S. retail investors in particular, it is not surprising that the SEC has taken such a keen interest in ICOs and that its new cyber unit has commenced their ICO dragnet with such vigor and determination.

As a precursor to its ICO enforcement program, this year alone the SEC has issued a slew of extraordinary official admonitions about cryptocurrencies, including a detailed Investor Bulletin warning investors about ICOs. The SEC even put the spotlight on social media ICO promotions and endorsements by celebrities that were not properly disclosing the celebrity’s financial relationship to the ICOs.  The SEC warning cautioned celebrities and other influencers that they may run afoul of securities laws when advertising cryptocurrency and other investments including ICOs.

Clearly, issuers, promoters, facilitators, so-called “finders,” investment banks, law firms and anyone else connected to ICOs, should redouble their efforts to scrutinize the legality of any ICO they have touched – and a good place to start is by asking the questions organized and presented herein.

Because if not prepared, ICO curators, sponsors, affiliates and the rest might all find themselves caught in the SEC’s investigative, regulatory and prosecutorial crosshairs – which is not a place where any company (or anyone) ever wants to be.

********************

John Reed Stark is president of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, “The Cybersecurity Due Diligence Handbook.”