Legal Guide
The information below is not legal advice. This is general legal information intended as a resource.
Last updated
Was this helpful?
The information below is not legal advice. This is general legal information intended as a resource.
Last updated
Was this helpful?
Due to the diverse nature of projects that can be built in crypto, there are no uniform legal standards applicable to all projects. However, there are certain legal regimes that are more likely to impact such projects. This document surveys some of the relevant laws and regulations that developers should be aware of and potentially seek qualified and individualized legal advice on to ensure compliance.
The information below is not legal advice. This is general legal information intended as a resource for the ecosystem. To understand how this information may impact your project specifically, hire a good lawyer.
How all of the laws intersect with the exchange of digital assets is still an evolving issue and demands careful consideration. For additional resources, check out the Legal Library below that contains links to important cases, statements from regulators, and other legal commentary specific to the digital asset industry.
The United States has a set of intricate laws and regulations that apply to activities involving financial instruments that meet the legal definition of a security. These laws cover a wide range of topics, such as the rules around selling securities, who can own specific types of securities, and the required disclosures for securities investors. Due to the complexity of these laws, it's crucial to determine which transactions involving crypto assets fall under the category of securities. Answering this question is a critical first step for anyone working with crypto assets in the US.
So what is a security? Unfortunately, as even , the definition of a security is "broad and ambiguous." Consequently, it is difficult to layout a bright line rule by which a security can easily be distinguished from a non-security. Instead, that is intended to "to meet the countless and variable schemes devised by those who seek the use of money of others on the promise of profits."
In particular, the U.S. Supreme Court has outlined a four-part test for determining whether a transaction qualifies as a form of a security called an “investment contract." Originally set forth in , the Court has explained that a transaction is an “investment contract” when it involves (1) an investment of money (2) in a common enterprise (3) with an expectation of profit (4) to be derived from the efforts of others.
There is a long history of cases interpreting whether various financial instruments meet this definition of a security, covering everything from to interests in . Some of the most influential cases have been compiled here. However, there are many more cases analyzing various elements of the Howey test, each hinging on the specific facts of the particular transaction.
As proof of the inherent difficulty in defining a clear border between what is and is not a security, there have been numerous instances of courts applying the Howey test to seemingly similar transactions and coming to different results. For example, there are several cases holding certain to be securities when offered in a particular manner. Likewise, there are numerous cases addressing when the sale of a tangible product like may be offered as part of a securities transaction. These cases demonstrate that courts place less of a premium on the nature of the underlying product being sold and more on the manner in which it was sold.
It is important to understand that the primary way the law develops in the U.S. is through the application of existing legal precedent by courts to cases that present new fact patterns not previously contemplated. As of early 2019, very few U.S. courts have wrestled with how to apply the Howey test to crypto asset transactions, so it is still unclear how certain lines will be drawn to delineate securities from non-securities. There are a handful of cases pending in front of courts that may result in decisions that directly address this issue, and inevitably there will be future cases so long as certain teams use the sale of crypto assets as a way to promise future profits to third parties. For now, though, most agree that there is a lack of clarity for developers building projects in this industry.
Moreover, there is significant confusion even among lawyers as to how Howey should apply in the context of secondary market transactions in which the original token issuer is not directly involved. Even if an initial sale of a token had some of the hallmarks of a securities offering, it is unclear whether a subsequent transaction by a token holder to, for example, trade the token for a cryptokitty is somehow also a securities transaction. This confusion stems in part from the fact that virtually every historical case applying Howey deals with a transaction in which a promoter is promising some form of financial return to the counterparty.
In the context of this unclear regulatory environment, creators are left to make good faith attempts at trying to comply with the securities law. Some helpful factors to consider include:
How was the initial token sale or distribution conducted, including what did the development team represent to prospective tokens purchasers?
How is the token designed to operate within the network being created, including whether the design is meant to confer specific financial returns to the token holder or instead be used in some consumptive manner?
What is the current status of development on the underlying network or project, and is their interest and involvement from those other than the team that issued the tokens?
This suggested framework is not meant to be comprehensive, and depending on the nature of the project being developed, it may be helpful to work directly with lawyers to design a process that provides adequate protection.
The primary takeaway from these statements is that the SEC has recognized that a crypto asset previously sold in a securities offering can later be sold on the secondary market in a non-securities transactions under certain circumstances. However, there are still many questions to be answered about the standard the SEC will use to distinguish between securities and non-securities transactions of crypto assets. Furthermore, despite advocating for a nuanced analysis of each token's network to make such a determination, the SEC has not actively engaged with this concept in the enforcement actions it has brought against certain industry participants. Instead, the SEC has issued orders in settled cases involving secondary market participants in which it has alleged without further explanation that the tokens themselves are the securities. Therefore, it is unclear exactly what analysis is currently actually being applied as it relates to secondary market transactions of crypto assets.
Important sidenote: All statements from the SEC, such as the speeches cited in this section as well as all SEC orders that result from settlements with alleged wrongdoers, do not constitute binding law and should generally be interpreted as merely reflecting the position of the SEC. To what extent courts applying the law will agree or disagree with the SEC's positions remains to be seen.
Most of the securities law discussion in the industry to date has focused on the threshold question of what is a security. This makes sense because there is no need to look at other aspects of the securities laws if a transaction does not involve a security. But so long as the question of which crypto assets may be securities remains unclear, it is also important to consider a few of these other areas of securities law.
One area of focus should be what constitutes a securities exchange. A securities exchange is defined as "any organization, association, or group of persons that: (1) brings together the orders of multiple buyers and sellers; and (2) uses established non-discretionary methods (whether by providing a trading facility or by setting rules) under which such orders interact with each other, and the buyers and sellers entering such orders agree to the terms of the trade." Any platform meeting the definition of a securities exchange generally must register with the SEC and follow a number of restrictive rules.
"EtherDelta brought together orders by receiving and storing orders in tokens in the EtherDelta order book and displaying the top 500 orders (including token symbol, size, and price) as bids and offers on the EtherDelta website. EtherDelta provided the means for these orders to interact and execute through the combined use of the EtherDelta website, order book, and pre-programmed trading protocols defined in the EtherDelta smart contract. These established non-discretionary methods allowed Users to agree upon the terms of their trades in tokens on EtherDelta during the Relevant Period."
As explained above, settlement orders like this are not binding law. Moreover, every case is fact-dependent such that this order cannot answer how the SEC would view marketplaces where the various functions operate differently, are distributed among different parties, or where all tokens are not indiscriminately offered to users. However, this provides the first practical insight into which issues the SEC is focusing on when analyzing trading platforms and should be closely considered by any trading platform.
Commodities are regulated very differently than securities. Indeed, just because something is a commodity does not mean that it is subject to specific rules such as the requirements around securities governing who can purchase them, how they must be offered, etc. This is due to the fact that, historically, the spot market for trading commodities has been considerably smaller than the market for trading derivatives of commodities. Most people do not trade actual stalks of corn for cash. Instead, most people trade contracts based on the future price of corn (or other commodities) - i.e., futures contracts. However, with crypto assets, much of the exchange activity occurs in the spot market.
There are no laws directly regulating spot market transactions for commodities (i.e., transactions that involve the full payment of the purchase price and contemporaneous delivery of commodity at the time the transaction is entered by the parties). The CFTC has limited authority to police the spot markets for fraud and manipulation, but cannot adopt rules that directly control how spot market participants transact.
At a high level, a CFTC-regulated transaction can only be conducted over regulated exchanges, which include, depending on the type of transaction, Designated Contract Markets (“DCMs”) and Swap Execution Facilities (“SEFs”). Exceptions to this requirement may apply, but broadly speaking, these exceptions are only available to certain sophisticated market participants or high-net-worth individuals. In addition, the CFTC directly regulates the intermediaries that facilitate CFTC-regulated transactions, including introducing brokers, futures commission merchants, swap dealers, commodity pool operators, or commodity trading advisors. The application process to become a DCM, SEF, or regulated intermediary is costly and difficult, and regulated exchanges and intermediaries are subject to extensive ongoing regulatory oversight by the CFTC.
Unlike most other U.S. financial laws that establish process-based rules that must be followed, OFAC sanctions simply prohibits certain activity - i.e., doing business with people on the sanctions list. Relatedly, sanctions laws impose strict liability, meaning there is no legal defense for someone who tried to do the right thing. That being said, historically, the consequences for those who purposefully evade or ignore sanctions laws are much more severe than for those who attempt to avoid transacting with a sanctioned person. Indeed, consequences can be as severe as criminal prosecution and jail time.
In practice, most companies implement risk-based processes custom tailored to their business in order to avoid sanctions violations. The convenience store in Michigan faces virtually no risk of conducting significant business with sanctioned individuals and thus likely does not need a "know your customer" (KYC) program. On the other hand, a U.S. affiliated bank operating in countries that rank high in corruption will likely need to be able to conduct thorough background checks on customers to ensure compliance.
The extent of the risk of exposure to sanctioned individuals and countries can vary widely based on the specific project, and may be influenced by such variables as the type of assets being offered, the volume of transactions being facilitated, the areas in which the service is available. Ultimately, there is no one-size-fits-all to OFAC sanctions compliance but it is an issue that each project should consider.
U.S. law requires certain intermediaries in the financial system to assist in detecting and preventing money laundering activity and terrorist financing. Specifically, the Bank Secrecy Act (BSA) requires certain “financial institutions” to assist the U.S. government by, for example, implementing risk-based anti-money laundering (AML) programs and filing reports with the government when suspicious transactions are identified by those programs.
The types of financial institutions covered by the BSA range broadly and include everything from banks to casinos. Importantly, for developers working with crypto assets, the BSA applies to “money services businesses,” a category that is further subdivided to include “money transmitters.” The Financial Crimes Enforcement Network (FinCEN), which is the primary federal regulator responsible for enforcing the BSA, has interpreted certain businesses involved in crypto assets to fall under the definition of money transmitters such that they must comply with the BSA.
So what is a money transmitter? A money transmitter is defined as anyone involved as a business in “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission . . .to another location or person by any means.” When adopting this language, FinCEN confirmed that the reference to “other value that substitutes for currency” was intended to capture informal value systems that do not involve the transfer of fiat currency. The BSA regulations make the determination of whether someone is a money transmitter explicitly based on the specific “facts and circumstances,” which is a signal in the legal world that the definition is meant to be broad and flexible.
It should be evident from this broad definition that most of the current tokens widely available on the market likely meet this definition, particularly most ERC-20 tokens. However, we can also look to the other end of the spectrum and see how a non-fungible token in the form of a cryptocollectible may not meet this definition as it is hard to imagine how we could use something like cryptokitties as a medium of exchange despite each potentially having some discoverable value in fiat.
Where the line is between what is and is not a convertible virtual currency is not well defined yet. There have only been a few court cases addressing which tokens meet the definition of a convertible virtual currency. A handful of cases have confirmed that bitcoin is a convertible virtual currency. Separately, Ripple settled a case brought by the government that was premised on XRP being a convertible virtual currency. But with respect to the ever-increasing number of tokens available on the market, the only source of guidance is the language of the definition and statements by FinCEN that indicate that they interpret the term broadly to cover many tokens.
For now, let's assume we are dealing with a token that meets the definition of a convertible virtual currency. The guidance describes certain activities involving convertible virtual currencies that constitute money transmission. Specifically, FinCEN created the following categories:
User - A user is defined as someone who obtains convertible virtual currency in order to purchase goods or services. In subsequent statements from FinCEN, this definition has been broadened somewhat to include someone who purchases convertible virtual currency as investment for his or her own account.
Exchanger - An exchanger is defined as someone engaged in the business of exchanging virtual currency for real currency, funds, or another virtual currency by either 1) accepting and transmitting a convertible virtual currency or 2) buying and selling a convertible virtual currency for any reason.
Administrator - An administrator is defined as someone engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency. As most crypto assets are issued without an ability to mandate redemption, this definition is generally not that relevant for our purposes.
"A non-custodial exchange is probably not an exchanger or a money transmitter. If, like Craigslist or any other online classified advertising service, the business merely helps individual buyers and sellers find and communicate with each other, then it is never “accepting and transmitting” tokens or bitcoins for its users, nor is it “buying or selling” tokens or bitcoins. It may be commonly understood as an exchange because it deals in exchange-related information (e.g. order-books, offers, acceptances, communications between buyers and sellers) but it, as a company, is never doing the actual currency conversion or handling the actual tokens or money; that all happens peer-to-peer. Another way to characterize what these companies do is: development of a web-based software tool (e.g. a website) that facilitates peer-to-peer exchange. As we discussed earlier, FinCEN’s Software and Investment Ruling describes mere software development and distribution as outside the scope of BSA regulation."
The facts and circumstances of any particular project may impact this analysis. As with this entire primer, the above is just intended as a legal resource and for actual legal advice on any particular project or situation, you should hire a lawyer.
Regarding Crypto Assets
Important Howey Test Cases
Proposed framework from SEC's FinHub as to how to analyze whether the sale or offering of a digital asset constitutes a security in the form of an investment contract.
Settlement for unregistered securities offering resulting in no penalty due to self disclosure and cooperation.
Statement from multiple SEC divisions highlighting recent enforcement actions and providing some guidance on the SEC's interpretation about the intersection of securities law and token offerings and trading.
Settlement based on allegations that AirFox token sale constituted an unregistered securities offering and that AirFox tokens are securities.
Settlement based on allegations that Paragon token sale constituted an unregistered securities offering and that PRG tokens are securities.
Settlement based on allegation that EtherDelta operated as a securities exchange without proper registration.
Settlement based on allegations that TokenLot operated as an unregistered broker-dealer by soliciting investors to participate in ICOs and facilitating secondary market trading of tokens that were securities.
Speech by SEC official opining that ETH in its current form is not a security and laying out factors fow when a sufficiently decentralized digital asset may not be a security.
Statement from multiple SEC divisions regarding regulatory issues and consumer risks related to trading tokens on exchanges, particularly tokens that meet the definition of a security.
Settlement based on allegation that MUN token sale constituted sale of unregistered securities.
Statement from SEC Chairman directed at investors and industry participants regarding potential regulatory issues with ICOs.
Report alleging that DAO token sale constituted sale of unregistered securities and that DAO tokens were securities.
Other SEC resources:
Proposed Interpretation on Virtual Currency “Actual Delivery” in Retail Transactions
Addition of two Individuals to SDN List and identification of associated bitcoin public addresses
DOJ and FinCEN actions against BTC-E
DOJ and FinCEN settlements with Ripple Labs (May 5, 2015)
Comprehensive guidance from FinCEN on the application of the Bank Secrecy Act to various crypto asset business models, including those involved in decentralized exchange.
Speech summarizing FinCEN's approach to virtual currency.
FinCEN Administrative Rulings
Traditional centralized exchange model involving matching buyers and sellers directly constitutes money transmission despite argument that the exchange does not sit in the middle of a transaction.
Company that exchanges virtual currency for fiat in order to facilitate payment for vendors interested in accepting virtual currency is a money transmitter.
Rental of computer system for third party to mine virtual currency does not constitute money transmission when all virtual currency goes directly to third party's wallet and no virtual currency is exchanged
(1) The production and distribution of software alone is not sufficient to constitute money transmission and (2) buying and selling virtual currencies solely for one's own account is not money transmission.
A bitcoin miner is not a money transmitter when converting bitcoin to fiat for its own purposes and not as a business service for the benefit of others.
Initial guidance from FinCEN addressing who within the virtual currency industry is considered a money transmitter.
The Securities and Exchange Commission (SEC), the primary regulator of the securities market in the US, has been active in voicing its opinion about certain activities in the crypto asset industry. The SEC's first major foray in the industry came in July 2017 in the form of stating that sale of tokens by "The DAO" constituted the sale of securities. The SEC has since reached settlements with several industry participants and also issued several statements about when certain activity within the industry may be subject to securities regulations. A complete listing of those documents can be found here. Notably, some members of the SEC have said that they believe that the vast majority of tokens sold as part of a fundraising effort (so called "ICOs") were securities offerings.
In March 2019, the SEC's Strategic Hub for Innovation and Financial Technology (aka FinHub) issued a framework intended to help those within the crypto asset industry evaluate which assets may be viewed by the Staff of the SEC as securities. The identifies numerous factors to consider when analyzing whether the sale of a crypto asset meets the final two prongs of the Howey test, i.e., whether there is an expectation of profit based on the efforts of a third party. The framework places a strong emphasis on factors used to determine whether an "Active Participant" exists that provides "essential managerial efforts that effect the success of the enterprise, and investors reasonably expect to derive profits from those efforts."
Currently, one of the largest areas of debate relating to the SEC's position on the crypto asset industry is how it plans to apply securities law to the secondary market trading of tokens that may have initially been sold as part of a securities offering. The SEC's own Director of Corporate Finance has opined that "strictly speaking, the token – or coin or whatever the digital information packet is called – all by itself is not a security." Instead, the Director appropriately noted that "a careful and fact-sensitive legal analysis" of secondary market trading is necessary, focused on how the token is offered and sold, including the reasonable expectations of purchasers. The Director offered one standard for determining when a token is not a security based on whether the network upon which a token exists is "sufficiently decentralized." In a , the Director also laid out several factors that could be considered to determine whether a token is "sufficiently decentralized." The more-recent FinHub framework also addresses this issue but does not use the term "sufficiently decentralized." Instead, the framework lays out several factors to be analyzed around whether the value of the asset is still dependent on the efforts of the "Active Participants" and to what extent the underlying network technology is fully functional.
There has been significant debate about the SEC's general position relative to the crypto asset industry. Many have called on the SEC to provide greater clarity to the industry and to avoid regulating by enforcement. Most notably, for the first time ever, a crypto project in the SEC's crosshairs has decided not to settle and instead litigate against the SEC in court. The SEC filed that alleges that Kik Interactive conducted an unregistered securities offering when it sold Kin tokens for approximately $100 million dollars in other assets. arguing that it should not be sued was released to the public, and together these two documents present the stark difference in opinion that some within in the industry have aboue the SEC's current approach to crypto assets.
The Kik case will play out in court and could potentially result in judicial decisions that provide further clarity as to how securities law will apply. However, there have also been outside the judicial realm, and even in Congress, calling for the creation of standards defining the line between securities and non-securities more clearly.
The relating to exchanges was modernized in 1998 in response to market participants incorporating technology that the existing "regulatory framework, designed more than six decades ago, did not envision." Obviously, the pace of technological development has only increased since 1998, and some of the concepts set forth in the SEC's formal interpretation of the rule are difficult to apply, particularly to concepts presented by blockchain technologies.
In November 2018, the SEC with the founder of a trading platform called EtherDelta on the basis that the platform was an unregistered securities exchange. In its settlement order, the SEC alleged that some of the 500 tokens listed on EtherDelta were securities although it did not identify which ones. The SEC then alleged that EtherDelta operated as an exchange because:
When we think about commodities, historically this term has been used to refer to agriculture products like wheat, corn and sugar. However, U.S. law has evolved to define a commodity extremely broadly to also include "all services, rights, and interests . . . in which contracts for future delivery are presently or in the future dealt in.” As a result, almost anything (except ) can constitute a “commodity” under the definition.
The Commodities Futures Trading Commission (CFTC) is the primary regulator of "commodities interests". The that some virtual currencies like Bitcoin are commodities, and there have already been with this position. Based on the broad definition discussed above, it is possible that virtually every crypto asset can be legally defined as a commodity. From a practical perspective, it seems that the CFTC is taking a deliberate approach to the crypto asset industry, and is not actively extending its jurisdiction where, for example, the SEC may first want to identify an asset as a security. Moreover, it remains to be seen whether the CFTC will identify some limit to the definition of a commodity for assets like non-fungible tokens and crypto collectibles.
U.S. law does set forth detailed restrictions for a wide range of non-spot market transactions, including those involving commodities derivatives, future delivery or financing, leverage, or margin. As a result, the CFTC has been actively regulating nascent futures markets in commodities like Bitcoin. Additionally, the CFTC has been monitoring smart contract applications closely and explaining that certain actors must comply with applicable regulations when using smart contracts to facilitate regulated transactions in commodities interests, such as forwards, futures, options and swaps.
The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) maintains a list of people that U.S. persons are not permitted to transact with in any manner. The list can generally be broken down into two categories: 1) People from specific such as Iran, North Korea, and Syria; and 2) people on the , which is comprised of select individuals responsible for particularly bad behavior like human trafficking or government corruption.
OFAC sanctions is one of the legal regimes that does not suffer from a significant lack of clarity when applied to most crypto asset projects. For any U.S. person operating such a project, they are potentially liable if a sanctioned individual uses their service. For more information, OFAC has included some . Notably, OFAC states that it may identify certain virtual currency wallet addresses belonging to individuals on the SDN list so that U.S. persons can block transactions with that address. The first instance of this practice occured in November 2018, 2h3n OFAC bitcoin wallet addresses belonging to two individuals added to the SDN list.
In 2013, FinCEN directed in part at the crypto asset industry delineating when FinCEN considered certain crypto businesses to be money transmitters. Specifically, FinCEN differentiated between three categories of people involved with so-called "convertible virtual currencies". As a preliminary matter, FinCEN defines convertible virtual currency as a "medium of exchange" that "either has an equivalent value in real currency, or acts as a substitute for real currency."
Since issuing its initial guidance in 2013, FinCEN has clarified these definitions in subsequent "Administrative Rulings." In , FinCEN clarified that a person who exchanges virtual currency for their own account as not as a business service to third parties is considered a user and not an exchanger. In , FinCEN stated "[t]he production and distribution of software, in and of itself, does not constitute acceptance and transmission of value, even if the purpose of the software is to facilitate the sale of virtual currency. "
There is a strong argument that the definition of exchanger does not apply to someone who does not take custody of another person's virtual currency. As explained thoughtfully in from Coin Center:
(S.D. Cal. 2019)
, 320 U.S. 344 (1943)
, 328 U.S. 293 (1946)
, 389 U.S. 332 (1967)
, 421 U.S. 837 (1975)
, 493 F.2d 1027 (2d Cir. 1974)
, 756 F.2d 230 (2d Cir. 1985)
(Feb. 20, 2019)
(Feb. 8, 2019)
(Nov. 16, 2018)
(Nov. 16, 2018)
(Nov. 16, 2018)
(Nov. 8, 2018)
(Sept. 11, 2018)
: William Hinman - SEC Director of Division of Corporate Finance (June 14, 2018)
(Mar. 7, 2018)
(Dec. 11, 2017)
(Dec. 11, 2017)
(July 25, 2017)
resource page
re ICOs and digital assets
landing page
(Feb. 12, 2019)
(Dec. 10, 2018)
by James J. Park - UCLA School of Law (Dec. 20, 2018)
by Peter Van Valkenburgh - Coin Center (Nov. 8, 2018)
by Katherine Wu - Messari (Oct. 11, 2018)
by Jay B. Sykes - Congressional Research Service (Aug. 31, 2018)
by Peter Van Valkenburgh - Coin Center (Aug. 10, 2018)
by Peter Van Valkenburgh - Coin Center (May 24, 2018)
{video} - Coin Center (Oct. 24, 2017)
(D. Mass. 2018)
, 287 F.Supp.3d 213 (E.D.N.Y. 2018)
- Article by Commissioner Brian Quintenz (Feb. 12, 2019)
regarding smart contract regulation (Oct. 16, 2018)
(Dec. 15, 2017)
(Nov. 27, 2018)
(Jan. 4, 2018)
(Oct. 17, 2017)
(June 2, 2016)
(Sept. 17, 2015)
Cryptocurrency Derivatives, Funds and Advisers: Key Considerations Under U.S. Commodity Laws by Andrew P. Cross - Perkins Coie (Four-Part Series: , , , )
by several attorneys at Skadden, Arps, Slate, Meagher & Flom LLP (Nov. 15, 2017)
by Matthew Kluchenek - Baker & McKenzie LLP
(Nov. 28, 2018)
(Nov. 28, 2018)
by Joshua Garcia (May 3, 2015)
(July 26, 2017)
(Jan. 17, 2017)
, 209 F.Supp.3d 698 (S.D.N.Y. 2016)
, 39 F.Supp.3d 544 (S.D.N.Y. 2014)
(May 9, 2019)
(Aug. 9, 2018)
(Feb. 13, 2018)
(Oct. 29, 2014)
(Oct. 27, 2014)
(Apr. 29, 2014)
(Jan. 30, 2014)
(Jan. 30, 2014)
(Mar. 18, 2013)
by Peter Van Valkenburgh - Coin Center (March 2019)
by Peter Van Valkenburgh - Coin Center (May 2017)
The information provided in this document is based on the guidance provided by in their .