A cryptocurrency mining rig in Moscow, Russia. (Photographer: Andrey Rudakov/Bloomberg)

SEC Halts a Real Initial Coin Offering

(Bloomberg View) --  Does this sound true to you?

On or about October 25, 2017, Munchee created a public posting on Facebook, linked to a third-party YouTube video, and wrote “199% GAINS on MUN token at ICO price! Sign up for PRE-SALE NOW!” The linked video featured a person who said “Today we are going to talk about Munchee. Munchee is a crazy ICO. If you don’t know what an ICO is, it is called an initial coin offering. Pretty much, if you get into it early enough, you’ll probably most likely get a return on it.” This person went on to use his “ICO investing sheet” to compare the MUN token offering to what he called the “Top 15 ICOs of all time” and “speculate[d]” that a $1,000 investment could create a $94,000 return.

Or how about this?

Munchee published a blog post on October 30, 2017 that was titled “7 Reasons You Need To Join The Munchee Token Generation Event.” Reason 4 listed on the post was “As more users get on the platform, the more valuable your MUN tokens will become” and then went on to describe how MUN purchasers could “watch[] their value increase over time” and could count on the “burning” of MUN tokens to raise the value of remaining MUN tokens.

Don't, like, go read the Munchee white paper, or even try to figure out what Munchee tokens do. (Something something restaurant reviews something.) Just read those paragraphs and ask yourself: Does this all sound legit? How confident would you be that Munchee would deliver 199% GAINS at its initial coin offering, or return $94,000 on a $1,000 investment? 

Alas we will never find out. Those paragraphs are from the Securities and Exchange Commission's order shutting down Munchee, or rather memorializing the fact that Munchee had shut itself down:

On November 1, 2017, Munchee stopped selling MUN tokens hours after being contacted by Commission staff. Munchee had not delivered any tokens to purchasers, and the company promptly returned to purchasers the proceeds that it had received.

Well never mind then. "Munchee was seeking $15 million in capital to improve an existing iPhone app centered on restaurant meal reviews and create an 'ecosystem' in which Munchee and others would buy and sell goods and services using the tokens," says the SEC, though in fact it only raised about 200 ether (about $60,000) from 40 buyers before shutting down. 

Why did the SEC call up Munchee and cause it to shut down? "Because Munchee was making reckless and unsupported claims about incredible returns that deceived investors and separated little old ladies from their hard-earned retirement ether," you might assume, but you'd be wrong. The SEC has no complaints about the accuracy of Munchee's claims. "False," "untrue," "misleading," "fraud": These are some of the SEC's favorite words, but you'll search for them in vain in the Munchee order.

Instead the SEC's concern is a simple technicality. The Munchee tokens were securities, and as securities they had to comply with U.S. securities laws, and they didn't. Under Section 5 of the Securities Act of 1933, it is illegal to sell securities "unless a registration statement is in effect": If you want to sell securities, you need to file a registration statement with the SEC full of prescribed disclosures. There are exemptions from this requirement -- in particular, the "private placement" exemptions let issuers do small unregistered offerings, or larger offerings to rich "accredited investors" -- but if you just want to offer securities publicly to whoever wants them, you have to register. Munchee did not register its securities or qualify for an exemption, so that's that: Its token offering was illegal, even if everything that it said about those tokens was totally above-board.

This is an important and non-obvious result. The definition of a "security" is a little fuzzy, but the basic rule is called the "Howey test": A security is "an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others."  A share of stock is obviously a security. But lots of things -- things with value, things issued by companies, tradeable things -- are not. A bitcoin, for instance, is probably not a security.  A Starbucks gift card is probably not a security, even though you pay money to a corporation for the card and expect to get back something in the future, because you are not investing the money in the expectation of profit: You're investing it in the expectation of coffee. The gift card is effectively a pre-sale of a product (coffee), not a financial investment.

What about tokens on the blockchain for restaurant-review apps? They are, I think, a genuine novelty. On the one hand, you give money to a group of people (the Munchee team) to build an "ecosystem," and if the ecosystem succeeds then your tokens are worth a lot more than you paid for them. That sounds like a security. On the other hand, if the ecosystem succeeds then you can use the tokens to pay for, I don't know, restaurant reviews or whatever. ("The MUN token holds utility for the consumer as a payment method at participating restaurants, for use in the Munchee ​app ​for ​rewards ​and ​interactions," says the white paper.) That sounds like a pre-sale of a product.  Which matters more?

Some initial coin offering promoters just assume that it is the latter: If you are pre-selling a product, then it isn't a security. The phrase "utility token" is often thrown around : A utility token is one that has a use (or will have a use) in the product ecosystem; you can use it to buy restaurant meals or cloud file storage or digital advertising or whatever. More cautious ICO lawyers are skeptical that just calling something a "utility token" protects you from the securities laws. In particular, if you sell a token that has utility in an ecosystem that doesn't exist yet, and if you sell that token based on promises that its value will go up, that sure looks like a security.

This is where those quotes up above come in. The SEC quotes Munchee's improbable promises of investment returns, not because they were improbable, but because they were promises of investment returns: Clearly, the SEC points out, "MUN token purchasers had a reasonable expectation of profits from their investment in the Munchee enterprise." The relevant fact is not what the tokens are useful for; it's why people bought them, and they clearly bought them as speculative investments. The SEC goes even further :

Even if MUN tokens had a practical use at the time of the offering, it would not preclude the token from being a security. Determining whether a transaction involves a security does not turn on labelling – such as characterizing an ICO as involving a “utility token” – but instead requires an assessment of “the economic realities underlying a transaction.” All of the relevant facts and circumstances are considered in making that determination.

Last week we talked about the SEC's enforcement action against another initial coin offering, for PlexCoin. PlexCoin "hits all of the characteristics of a full-fledged cyber scam," said the head of the SEC's Cyber Unit about PlexCoin. It sure did (allegedly). But I found that rather disappointing. I mean, sure: Full-fledged scams are bad, and the SEC should shut them down, and they are funny to read about. But the really interesting question in ICO regulation is how the SEC will regulate offerings that are only half-fledged scams, or not scams at all. I wrote:

If someone has a real serious blockchain project, and raises hundreds of millions of dollars by selling tokens, and uses the money as advertised to build the project, and the tokens have both a utility component (they can be used on the project's blockchain to buy some good or service) and an investment component (people bought them in the ICO for speculative reasons), then is that a securities offering? If the SEC had gone after a tougher case -- an ICO that looked generally legitimate, but that didn't comply with the securities laws -- then people would know more about where they stand. 

And that's what happened here, and now we know where we stand. The SEC doesn't allege that Munchee was lying about its plans to improve its iPhone app, or that it was going to misappropriate the proceeds, or that it was up to anything else nefarious. As far as the SEC is concerned, Munchee is a model corporate citizen that just slightly misunderstood securities law. But it issued utility tokens with an investment component, and the SEC thinks that those tokens are therefore securities, and Munchee didn't register those securities, so the SEC shut it down.  

After last week's entertainment with PlexCoin, the SEC has gotten serious about ICO regulation. Along with the Munchee enforcement action, SEC Chairman Jay Clayton yesterday released a pretty brisk "Statement on Cryptocurrencies and Initial Coin Offerings":

Merely calling a token a “utility” token or structuring it to provide some utility does not prevent the token from being a security.  Tokens and offerings that incorporate features and marketing efforts that emphasize the potential for profits based on the entrepreneurial or managerial efforts of others continue to contain the hallmarks of a security under U.S. law.  On this and other points where the application of expertise and judgment is expected, I believe that gatekeepers and others, including securities lawyers, accountants and consultants, need to focus on their responsibilities.

That last bit is in bold to make sure that the securities lawyers read it: This stuff is their problem now too.

Munchee, obviously, doesn't answer every question you might have about ICO regulation. Bigger and more serious ICO issuers have thought through these issues and come up with more sophisticated solutions. Filecoin, for instance, did a big ICO using a structure called the "Simple Agreement for Future Tokens." The idea here is that you issue a SAFT, which is clearly a security, to fund your development of a product ecosystem. (Distributed file storage, in Filecoin's case.) You comply with the securities laws in issuing that security (generally by doing a private placement to accredited investors). But when the ecosystem is up and running, the SAFT converts into the actual tokens, which can be used to buy stuff (cloud storage), and which hopefully aren't securities. 

When your thing is up and running, you want it to be open to everyone, not just accredited investors, so you don't want its tokens to be securities. But while you are building your thing, you are financing it by selling speculative investments, which are clearly securities. The SAFT lets you sell tokens to speculative investors, without having the tokens themselves be securities: You wrap the tokens in securities for the speculators, and then unwrap them for the eventual users.

There are still open questions about whether and how that or other approaches will work. And the SEC's Munchee order isn't even the last word on the issues here: The next Munchee might choose to fight the SEC instead of folding instantly, and perhaps a court will have a different view about whether utility tokens are securities. But for a long time now, I and a lot of other people have thought that the basic strategy of a lot of ICO issuers -- issue tokens for money, call them "utility tokens," hype their speculative benefits, and watch the money roll in -- was obviously illegal, and the SEC didn't seem to be paying attention. Now we know it is.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Matt Levine is a Bloomberg View columnist. He was an editor of Dealbreaker, an investment banker at Goldman Sachs, a mergers and acquisitions lawyer at Wachtell, Lipton, Rosen & Katz and a clerk for the U.S. Court of Appeals for the Third Circuit.

  1. Nor will you find less-popular variants like "implausible," "ridiculous," or "come on."

  2. This is a quote from the SEC's Munchee order, which cites cases including SEC v. Edwards and SEC v. W.J. Howey Co.  There is useful background on the question in the SEC's Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO in which the SEC examined whether shares in an Ethereum "Decentralized Autonomous Organization" counted as securities. (They did.) We discussed that report in July.

  3. This is not legal advice, but just pragmatically, if it thought  bitcoin  was a security, the SEC would probably have done something about it by now. (It's kind of a big deal!) And the Commodity Futures Trading Commission has designated bitcoin as a commodity, which seems to make it not a security. Here is a  Coin Center analysis noting that "Highly decentralized cryptocurrencies (e.g. Bitcoin, Litecoin)" probably aren't securities "because of a lack of vertical commonality or a discernible third party or promoter upon whose efforts investors rely," and also because their initial distribution is made through  open competitive mining or proof-of-burn  because there is no investment of money."

  4. I have said that initial coin offerings are "like if the Wright brothers sold air miles to finance inventing the airplane," and if that  had  happened, would they be securities? Frequent-flyer miles are not securities, even when airlines sell them, and yet selling them before airlines existed would have had a certain speculative component.

    Or Jay Clayton's memo yesterday says:

    For example, a token that represents a participation interest in a book-of-the-month club may not implicate our securities laws, and may well be an efficient way for the club’s operators to fund the future acquisition of books and facilitate the distribution of those books to token holders.  In contrast, many token offerings appear to have gone beyond this construct and are more analogous to interests in a yet-to-be-built publishing house with the authors, books and distribution networks all to come.

  5. It's in the Munchee white paper, which says that "a Howey analysis has been conducted to determine that, as currently designed, the sale of MUN utility tokens does not pose a significant risk of implicating federal securities laws."

  6. We talked a while back  about this memo from Wilson Sonsini Goodrich Rosati, which is quite bracing:

    Tokens that are issued before they can be used generally are securities, even if eventually they may not be securities.  In these cases, the value of the tokens at the time they are issued typically is largely dependent upon the sponsor of the tokens to develop and market the tokens and the platform on which the tokens will be used. This type of "reliance on the efforts of others" is a hallmark of determining when an instrument (like a token) is a security.

    Tokens that are solely utility tokens should not be securities.  If a token-based platform is fully developed and the tokens are widely used commercially on that platform, the tokens generally should not be securities.

    The problem is that many token-based platforms will never be "fully developed."  For many token-based platforms, the sponsor may always continue to develop or market the platform, or the continuing commercial viability of the platform may be dependent upon third parties who develop new applications to run on the platform. In these cases, even tokens that have some utility may still be securities, because the continuing efforts of the platform sponsor or others may have a significant impact on the future value of the tokens.

  7. Bloomberg News reports that

    Of the biggest digital tokens sold in ICOs this year, the ones without a working product backing their projects did the best in their first month of trading, data compiled by Bloomberg show. And the ICOs with actual products that could be tested? Almost two-thirds of those declined.

    This suggests what you probably already knew that the ICO boom is at this point more about speculation than it is about utility.

  8. Citations omitted. This seems a bit tougher than the Wilson Sonsini memo cited above, but I think the point is that a "utility token" with a real active use that is mostly  marketed  as a speculative investment could still be a security.

  9. The words "false," "untrue," "misleading" and "fraud" appear, respectively, times in the PlexCoin complaint just as a comparison. 

  10. Because Munchee is a model citizen, the SEC didn't fine it or anything. The SEC just ordered it to "cease and desist from committing or causing any violations and any future violations of Sections 5(a) and (c) of the Securities Act."

To contact the author of this story: Matt Levine at mlevine51@bloomberg.net.

For more columns from Bloomberg View, visit http://www.bloomberg.com/view.

©2017 Bloomberg L.P.