On July 25, the Securities and Exchange Commission (SEC or the Commission) published a Report of Investigation (Report) pursuant to Section 21(a) of the Securities Exchange Act of 19341 concluding that digital tokens issued by an entity for the purpose of raising funds for projects, even if using distributed ledger or blockchain technology, may be considered securities under federal law.2 If so, such securities must be registered with the SEC or eligible for an exemption from registration requirements. Issuers and intermediaries in unregistered offerings may also be held liable for a violation of the federal securities laws. Moreover, the SEC concluded that any person offering trading facilities like an exchange for digital tokens that are securities must be registered as a national securities exchange or be exempt from such registration requirement.


Following the introduction of the Bitcoin software in 2009, digital tokens—which include both cryptocurrencies such as Bitcoin and surrogates for different types of assets—have become an increasingly popular way to exchange value as well as to evidence ownership rights or participation in a common enterprise. Bitcoin, specifically, is a type of digital asset that is based on a peer-to-peer, decentralized, computer-generated, math-based and cryptographic protocol. Among other things, Bitcoin can be used to buy and sell goods and services and can be converted to fiat currency.3 Although Bitcoin has the largest user and merchant base, there are more than 600 other virtual currencies being used today. Ethereum, a relatively new platform, is attracting an increasing consumer base.

Virtual currency is created and circulated through distributed ledger or blockchain technology. A blockchain is an electronic list of transactions maintained by participants in a network of computers. Participants are identified on the blockchain by one or more pseudonyms in the form of "digital addresses." Blockchains use cryptography to verify the electronic ledger and ensure that entries are accurate and reliable.

In addition to digital tokens that function as virtual currency, some digital tokens represent rights to underlying assets. These tokens can be sent to other persons and the transactions are recorded on blockchains. When token holders wish to claim the underlying asset, they can send the token to the issuer, who will then provide the underlying asset in return. Some of the more common assets that digital tokens can represent include digital currencies and precious metals, although people have created digital tokens to represent other assets such as intellectual property, real estate and art as well. Virtual organizations may also offer tokens that represent ownership rights in the organization, voting rights or virtual stock options. Blockchain-based applications that offer these digital tokens might also incorporate smart contract code, a code that is stored and executed on a blockchain, to carry out their operations—so-called "smart contracts."4

The SEC's Investigative Report

The SEC's issuance of the Report followed an investigation by the SEC's Division of Enforcement, which concluded that digital tokens offered and sold during April and May 2016 by DAO—an unincorporated virtual organization created by Slock.it UG, a German corporation—were securities subject to the SEC's registration requirements. According to the SEC, investors purchased DAO tokens through transactions on a blockchain known as the Ethereum Blockchain in exchange for approximately 12 million Ether ("ETH," a virtual currency) that was valued at approximately $150 million at the time.

Notwithstanding its finding, the SEC determined not to take any further enforcement action against the DAO entity, Slock.it, any of the natural person founders of the DAO entity or any entity that offered secondary trading in DAO tokens based on the conduct and activities known to the SEC at the time of its report. The SEC also declined to take enforcement action against any intermediary, including any trading facility, involved in the transactions.

According to the Commission, US federal securities laws "may apply to various activities, including distributed ledger technology, depending on the particular facts and circumstances, without regard to the form of the organization or technology used to effectuate a particular offer or sale."5 The SEC acknowledged in its report that virtual organizations and associated persons are increasingly using distributed ledger technology to raise capital, sometimes in the form of "initial coin offerings" (ICOs) or "token sales." ICOs are a new way of using digital currencies to fund projects. Investors purchase tokens which, depending on how the ICO is structured, could then lead to, among other things, a share of future proceeds of the project, participation in the project or could be exchanged for cash at a later date. These tokens also may be resold on a secondary market after they are issued.

The SEC said that DAO's founders designed the DAO entity as a for-profit enterprise that would create a number of assets to be funded through the sale of DAO tokens. Ownership of a DAO token would entitle a holder to vote on potential projects and to receive "rewards" that would essentially be ETH received by the DAO entity from funded projects.

As designed, "contractors" would submit proposals to the DAO entity. This would be done through a smart contract, the computer code in which a virtual organization is embodied, on the Ethereum-distributed ledger. Prior to any vote by DAO token holders, a proposal would be vetted by a group of curators chosen by Slock.it. Curators who, as noted by the SEC, "had ultimate discretion as to whether or not to submit a proposal for vote by DAO token holders."6 Additionally, the voting process was criticized by the SEC as not accurately reflecting the agreement of a majority of DAO token holders, as the DAO's structure incentivized token holders to either vote yes or abstain from voting rather than to oppose a proposal.7

After initial issuance, DAO tokens could be traded in a secondary market on various web-based platforms, including one US web-based platform. As it turned out, just prior to the expiration of the offering period of DAO tokens, an unknown hacker or hackers illicitly diverted ETH raised from investors from the DAO entity to a web address controlled by the malfeasant. Ultimately, a majority of the Ethereum network agreed to a change in the Ethereum protocol that effectively restored DAO token holders' investments as if the attack had never occurred and permitted them to avoid any loss.

The SEC based its conclusion that DAO tokens were securities on the four-part test articulated in a landmark 1946 US Supreme Court decision, SEC v. W.J. Howey.8 There, the Supreme Court ruled that a security includes an "investment contract" and the elements of an investment contract were an (1) investment of money (2) in a common enterprise (3) with a reasonable expectation of profits (4) to be derived solely from the entrepreneurial or managerial efforts of others. Applying this test to the DAO entity and DAO tokens, the SEC concluded that purchasers of DAO tokens (1) invested money in the form of ETH (2) to invest in a common enterprise, the DAO entity, (3) with an expectation of profits from projects. Moreover, the Commission concluded (4) that since the profits of the DAO enterprise would be derived significantly from the managerial efforts of Slock.it, its co-founders and the DAO's Curators, the fourth prong of the Howey test was also satisfied. However, it should be noted that the SEC's interpretation deviates from the Howey test in that it broadens the fourth prong of the test to include as an investment contract not only those investments with an expectation of profits to be derived solely from the efforts of others, but also those with an expectation of profits to be derived significantly from the efforts of others. Many courts have supported this expanded interpretation of the word "solely,"9 but others have refused to apply the more flexible approach and indicated that Howey should instead be applied literally.10

Simultaneously with the issuance of the Report, the SEC's Divisions of Corporate Finance and Enforcement issued a cautionary note that "sponsors in an exchange of something of value for an interest in a digital or other novel form for storing value should carefully consider whether they are creating an investment arrangement that constitutes a security."11 The Commission also issued an Investor Bulletin cautioning investors regarding risks of participating in ICOs.12

The issuance of the Report followed by one day the approval by the Commodity Futures Trading Commission (CFTC) of LedgerX as the first derivatives clearing organization authorized to provide clearing services for fully collateralized digital currency swaps.13 Previously, LedgerX was approved by the CFTC as a swap execution facility for certain institutional customers known as "eligible contract participants" to execute transactions in swaps based on digital currencies.14

It appears possible that the SEC determined not to file an enforcement action against DAO and its founders because one of the typical remedies for sales of non-registered or exempt securities is rescission.15 Here the participants in the DAO ICO were returned the ETH they invested in DAO following the illicit hack. As a result, since there was no practical customer harm, the SEC likely considered that this case provided a good fact pattern to provide industry guidance as opposed to seeking significant penalties in a new, developing area of commerce. 16

In its report, the SEC mentioned the possibility that a virtual organization may be required to register as an investment company, although this was outside the scope of its analysis. However, the SEC warned that, "[t]hose who would use virtual organizations should consider their obligations under the Investment Company Act."17 An investment company is a vehicle that issues securities and is predominantly involved in the business of investing in securities. Under the Investment Company Act, investment companies must register with the SEC or qualify for an exemption from registration. This may be relevant to a virtual organization if it offers, transacts in or advises on investments in virtual tokens that are deemed securities.  


Digital tokens can generally be divided into two categories. While some digital tokens, like Bitcoin, function as a digital currency and are created through a process whereby miners solve mathematical formulas and are rewarded with an allocation of Bitcoin, others are issued by entities to fund projects effectively controlled by a management team. The CFTC has determined that Bitcoin and other virtual currencies are commodities under applicable law and the offer and sale of derivatives based on digital currencies must be done in accordance with provisions of the Commodity Exchange Act and CFTC regulations.

Now, the SEC warns that digital tokens that effectively represent investment contracts are securities subject to applicable securities laws and SEC regulations. Presumably, any digital token falling into this category potentially is also subject to state securities laws. In order for digital token developers to avoid being subject to state and federal securities laws, they may wish to consider designing tokens to provide the purchaser with greater individual rights and involve the purchaser more in the management of the enterprise. This could make it more likely that profits are viewed as resulting from a purchaser's own efforts rather than through a passive investment. Moreover, developers also should consider providing token purchasers with comprehensive disclosures and disclaimers, including identifying relevant potential risks, and refraining from promoting their tokens as investments. It appears important to communicate in a way that will not create an expectation of profit through the token developer's effort in order to avoid satisfying the fourth prong of the Howey test. Consistent with this, in marketing the tokens it appears prudent to avoid commonly used investment language such as the term "initial coin offering" as this could draw regulatory attention and increase the likelihood of the token being considered a security.

What will be particularly challenging to navigate going forward is the gray area between or slightly outside the two aforementioned types of digital tokens. There may be some virtual currencies that begin their life as mechanisms to raise funds to develop the relevant digital currency and later morph into pure digital currencies, and there may be digital tokens that represent ownership in a common enterprise where the holders may have more unique rights than did DAO token-holders (e.g., rights to mine, rights to access the system on preferential terms, rights to charge license fees directly) and be less dependent on the managerial efforts of others. Time will tell how regulators exercise jurisdiction over these other types of digital tokens. Hopefully, the result with not stifle the evolution of distributed ledger technology and derived applications.

Ayah K. Sultan, an associate in the Financial Services practice, contributed to this advisory.

1 Section 21(a) of the Securities Exchange Act of 1934 authorizes the Commission to investigate violations of the federal securities laws and, in its discretion, to "publish information concerning any such violations." The Report does not constitute an adjudication of any fact or issue, nor does it make any findings of violations by any individual or entity.

2 Securities and Exchange Commission, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Release No. 81207 (July 25, 2017) (available at https://www.sec.gov/litigation/investreport/34-81207.pdf) [hereinafter Report].

3 Katten Muchin Rosenman LLP, "Bitcoin: Current US Regulatory Developments," November 26, 2013.

4 Stark, Josh. "Making Sense of Blockchain Smart Contracts." CoinDesk, June 4, 2016, www.coindesk.com/making-sense-smart-contracts/.

5 Report, supra note 2, at 10.

6 Id. at 8.

7 Id.

8 Securities and Exchange Commission v. W. J. Howey Co., 328 U.S. 293 (1946).

9 See, e.g., SEC v. Koscot Interplanetary, Inc., 497 F.2d 473 (5th Cir. 1974).

10 See, e.g., Hirsch v. Dupont, 396 F. Supp. 1214, 1218-20 (S.D.N.Y. 1975), aff'd, 553 F.2d 750 (2d Cir. 1977).

11 Divisions of Corporation Finance and Enforcement, Statement by the Divisions of Corporation Finance and Enforcement on the Report of Investigation on the DAO (July 25, 2017) (available at https://www.sec.gov/news/public-statement/corpfin-enforcement-statement-report-investigation-dao).

12 Securities and Exchange Commission, Investor Bulletin: Initial Coin Offerings (July 25, 2017) (available at https://www.investor.gov/additional-resources/news-alerts/alerts-bulletins/investor-bulletin-initial-coin-offerings).

13 In the Matter of the Application of LedgerX, LLC For Registration as a Derivatives Clearing Organization (July 24, 2017) (available at http://www.cftc.gov/idc/groups/public/@otherif/documents/ifdocs/ledgerxdcoregorder72417.pdf).

14 In the Matter of the Application of LedgerX LLC for Registration as a Swap Execution Facility (July 6, 2017) (available at http://www.cftc.gov/idc/groups/public/@otherif/documents/ifdocs/orgledgerxord170706.pdf).

15 See Murray L. Simpson, Investors' Civil Remedies under the Federal Securities Laws, 12 DePaul L. Rev. 71, 76-77 (1962) (available at: http://via.library.depaul.edu/cgi/viewcontent.cgi?article=3397&context=law-review).  

16 This is not the first case in which the SEC has provided guidance in the form of a Section 21(a) report as opposed to taking enforcement action. See, e.g., Securities and Exchange Commission, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: Eurex Deutschland, Release No. 70148 (August 8, 2013) (available at https://www.sec.gov/litigation/investreport/34-70148.pdf). Since 1996, the SEC has issued 15 Section 21(a) reports (all available at https://www.sec.gov/litigation/investreports.shtml).

17 Report, supra note 2, at 1.