Hackernoon logoICO in 2018: The Challenges of Complying with Securities Laws by@profile

ICO in 2018: The Challenges of Complying with Securities Laws

noprofile Hacker Noon profile picture


This profile doesn't exist.

The free ride of the regulation-free ICO market is quickly screeching to a halt. Regulators are coming to grips with blockchain tokens, and they are beginning to stamp their authority on the Wild West crypto economy. Every action and statement from regulators at this point is a crucial indicator as to how ICOs will be regulated in the future. As we’ll see, one of those indicators is that many tokens currently offered in ICOs are securities and fall under securities laws.

This is a big deal for the startups who are planning to raise funds through an ICO, as complying with securities law comes with all sorts of challenges. ICOs offer a new economic model, and figuring out how to comply to the existing laws isn’t easy. By carefully analyzing the hints given by regulators and the opinions of lawyers and professional investors, we can work out the steps that token issuers need to take.

ICO Tokens as Securities

Most tokens sold in ICOs over the past couple of years have been branded as utility tokens (coins only to be used within an application) and therefore fall outside of regulated trading space which do not need to comply with securities laws. However, this is probably just wishful thinking.

Despite how founders might classify their own tokens, it’s the law that ultimately determines how they’ll be regulated. Vincent Molinari, CEO of Liquid M. Capital and licensed in the securities industry for over 30 years stated in an interview, “Only about 8% [of ICOs] were using the token within the app itself,” and therefore, “most perceived utilities are acting like securities.” He expects that much of the misunderstanding is down to “naivety.” It’s not the law that’s changed; the current US definition of a security has existed since the 1940s. It’s just that the regulators are only now just catching up with the market.

Regulators from Australia, Switzerland, US, Canada, EU, Japan, and others have all warned that many ICOs may well be offering security tokens. And if they are, they are required to comply with all relevant securities laws. This is a big wake-up call for ICO issuers. The next step needs to be understanding what securities laws apply to ICOs.

Complying with Securities Law

Securities law is an enormous field, and every ICO in every jurisdiction will have different requirements. Having said that, there are a few core areas of securities law that apply to ICOs.


Anti Money Laundering (AML) is a set of regulations in place around the world to detect customers and transactions with a high risk of illegal activity, such as corruption and money laundering. Financial and other regulated companies (e.g. ICO token issuers) must perform with “due diligence” in order to identify customers and track transactions to ensure that everything is legitimate. It’s entirely the responsibility of the company do so.

Know Your Customer (KYC) is the core process within this framework. It essentially entails identifying customers and looking for suspicious activity.

The typical procedures for KYC are:

  • Identifying customers — Usually by collecting and analyzing ID documents
  • Checking if they are on any high-risk “lists” — E.g. a politically exposed person
  • Determining the risk of identity theft, money laundering, or financing crime
  • Creating an expectation of the customer’s transaction behavior based on this information, kind of like a predictive profile of what transactions they’ll make
  • Using that expected profile to check for suspicious activity

Performing these checks is difficult for public ICOs. Most just let anyone buy their tokens with Ether or Bitcoin, while others make a weak attempt to block US citizens, for example, with the eos.io ICO.

Lockup periods

Some regulations also apply to the secondary market after an ICO has finished, when the tokens are being traded on exchanges. An example of this is running an ICO under the Regulation D in the US. By doing this, token issuers can sell securities tokens in the US without having to go through the expensive process of registering those tokens with the SEC.

This approach has gained popularity, but in most cases it ultimately fails to be compliant. Under Regulation D rules, the securities tokens are restricted securities subject to a lockup period of anywhere from six to twelve months before they can be sold on the market. After that, sales are often restricted to accredited investors only.

Restricting to accredited investors

Some types of securities are limited for sale to accredited investors within a jurisdiction. These laws are in place to protect unqualified investors from bad investments. In the US, becoming an accredited investor means verifying that you have some level net worth or income.

This requirement causes a big problem for ICOs. Current token standards like ERC-20 don’t have any built-in mechanisms to help developers restrict their sale to accredited investors. These could be coded into a smart contract, but then the problem becomes accurately determining who is an accredited investor.

This is also a problem for the exchanges. The SEC released a statement aimed at crypto exchanges, warning that by the way they are doing things now they could be participating in the “unregistered offer and sale of securities,” which is a criminal offense. Exchanges are going to have to take steps to ensure that the tokens listed on their platforms are able to follow all securities regulations. Current ICOs often fail to restrict token sales in this way.

Consequences of Non-Compliance

Failing to diligently identify customers, disclose the correct information, and apply the appropriate restrictions on the transfer of securities have serious consequences throughout the world.

Regulatory retaliation

The most obvious is legal action against the securities regulators. We’ve seen this already with the SEC charging ICOs and their founders with selling unregistered securities. These actions can include civil charges like fines, restitution, disgorgement, and injunctions as well as criminal charges. The penalties vary depending on the jurisdiction and individual cases.

Sued by investors

Getting charged by the SEC can be scary, but as Sara Hanks, CEO and founder of CrowdCheck, Inc., points out, “You should probably be more worried about plaintiffs’ lawyers bringing a private lawsuit for the unregistered sale of securities and suing for return of investment plus interest.”

Yes, investors can, and are likely to, file a lawsuit against the issuer of a security token sale if it doesn’t follow the rules. Investors in the Centra ICO are doing just that and suing the founders for selling unregistered securities.

Banned by the banks

Banks are under intense scrutiny when it comes to financial regulations like AML. It’s just too risky for them to provide financial services to ICOs that don’t take due diligence themselves. This is why we’ve seen banks simply ban companies that handle crypto.

Difficulty listing on exchanges

The SEC has also made it clear that they won’t stop at the sale of tokenized securities, and they will also “regulate the trading of that security.” That means that crypto exchanges will be coming under the regulatory microscope soon too. It’s likely that ICOs and tokens that take on regulatory responsibility will have priority in exchange listings.

So, do all of these challenges mean the end of ICOs? Economist and researcher Carlo R.W. De Meijer states, “These regulatory interventions may very well change the landscape for ICOs. But will this also mean the end for ICOs? I do not think so!”

So the question becomes: how should ICOs navigate this new landscape?

Structuring an ICO for Regulatory Compliance

Complying with all these laws is no easy task; banks are currently spending hundreds of billions on the problem. The usual way of doing things is to hire a team of lawyers to structure a securities offering to comply with all relevant laws.

But that’s the old (and expensive) way of doing things. Automation is the key advantage that blockchain companies have over traditional companies. This advantage can roll over to compliance too.

Built-in compliance measures

A great place to start is by extending the ERC-20 token to have some of these compliance measures built-in. This is exactly what Mobu, a securities-focused ICO platform, is working on right now. Mobu has adapted ERC-20 into a new token standard called MOB20. Tokens that use the MOB20 standard can be restricted so they are only tradeable to verified addresses. This means that the tokens can automatically restrict themselves to only be traded to accredited investors and comply with lockup periods.

To determine who is an accredited investor, the Mobu platform has a marketplace to compliment their MOB20 standard. This marketplace will be populated by KYC providers. These are individuals or companies that offer customer identification services for a fee. Investors wanting to buy MOB20 security tokens can search the marketplace for a KYC provider to accredit them. It’s up to the providers to choose the process and requirements.

For example, let’s say that an investor, Sam, wants to invest in an ICO that is offering a new security token. These tokens are based on the MOB20 standard. In order to participate on the ICO, Sam will have to get his Ethereum account accredited on the Mobu platform. He searches the marketplace and chooses a KYC provider in his jurisdiction. The provider performs all the required checks and verifies his address. Sam can now participate in securities token sales and ICOs on the Mobu platform. He can also buy restricted securities tokens post-ICO in the secondary market directly from other investors to his accredited address.

The Mobu platform makes regulatory compliance as easy as selecting the required built-in token restrictions and purchasing KYC and AML checks from the providers already on the platform.

Lawyer and blockchain technologist Preston Byrne is excited about this new, compliance-first approach to ICOs, sometimes called ICO 2.0. He says in his blog, “I’m actually optimistic about the prospects of the ICO 2.0 space. Which isn’t really going to be ‘ICO 2.0’ as much as it’s going to be ‘Automated Securities Issuance 1.0’… ICO 2.0 has the potential to be 10x what ICO 1.0 was.”

Building for the Future

Regulators are beginning to take on the ICO industry head-first. Their message is clear; if it walks like a security and talks like a security, then it is a security and it will be regulated. The ICOs that take this message seriously will reap big benefits. Taking steps to structure an ICO to be compliant with securities law will mean a reduced risk of being sued by regulators and investors, and a token that’s more regulation friendly to both banks and crypto exchanges.

About the author:

Kirill Shilov — Founder of Geekforge.io and Howtotoken.com. Interviewing the top 10,000 worldwide experts who reveal the biggest issues on the way to technological singularity. Join my #10kqachallenge: GeekForge Formula.


Join Hacker Noon

Create your free account to unlock your custom reading experience.