Canada: A Brave New World: Regulation Of Initial Coin Offerings

On May 30, 2017, Brave completed an initial coin offering (ICO) that raised US$35 million in under 30 seconds. More recently, on August 10, 2017, Filecoin announced just over 30 minutes into the sale that it had raised an estimated US$252 million. To date, the cryptocurrency market is valued at over US$150 billion—a staggering 795% increase this year alone.

The cryptocurrency market is heating up and securities regulators are taking notice. Last week, the Canadian Securities Administrators (the CSA) issued a Staff Notice¹ on cryptocurrency offerings, warning that certain ICOs may actually involve sales of securities that are subject to securities regulation and oversight. The CSA notice is in line with recent cautionary statements made by the United States Securities Exchange Commission (the SEC)² and the Ontario Securities Commission (the OSC).³

What is an ICO?

To understand how ICOs work, we have to start with the underlying blockchain technology that supports it—technology that has the potential to be so revolutionary it has been called "the new internet". So, what is it? The blockchain is a peer-to-peer decentralized ledger that accurately transcribes and maintains a record of transactions, which is almost impossible to alter. The decentralized and immutable nature of this ledger is the true innovation, allowing, for the first time, strangers to enter into transactions with each other with a certain level of trust and expediency, all without relying on a traditional intermediary (such as a bank or platforms like Uber and Airbnb). This has opened the door to a wide range of applications.

For instance, a number of entities are seeking to develop apps that connect a customer's digital wallet containing cryptocurrencies to credit card accounts, so that when the phone is swiped at a café or a restaurant, the merchant is paid in local currency and the users' digital wallet is debited—thereby cutting out banks with the aim of providing near perfect exchange rates to customers.

The blockchain has also garnered interest in supply chain management. In August 2017, IBM partnered with a consortium of global food giants such as Nestlé and Walmart to implement blockchain technology on a private network that would allow the companies to trace the origin, condition and movement of food and to track contaminated produce in a matter of seconds.

The hype behind ICOs is driven by the excitement for applications of this new technology, with ICOs being the fundraising vessel behind them. In an ICO, entities will offer coins/tokens in exchange for payment of convertible cryptocurrencies (the most popular of these is the bitcoin and ether), which can be converted to/from fiat currencies (e.g. the US or Canadian dollar). These entities will typically put out a whitepaper or information on their website that describes things such as the project being funded, the fundraising goal, the number of coins/tokens management will retain and the length of time the offering will remain open. The value of the coins/tokens being offered is tied to success of the project. After their acquisition, these coins/tokens can, and frequently are, traded on the secondary market.

ICOs have all the trappings of an IPO, except that investors in ICOs do not obtain an ownership interest in a company and the ICO process has—up until now—been largely unregulated, with minimal paperwork and requisite disclosure obligations. This means that it is easy for technology start ups to fundraise through ICOs and for tech-savvy millennial retail investors to participate in them.

A brave new world: high risk, high reward

The ICO market has exploded within the last year. It has created an environment reminiscent of the dot-com era, where large swings in volatility are driving hordes of people with varying sophistication to invest in hopes of making a quick buck. As just one example, the value of ether has risen 122,388% from its ICO, which took place in July 2014. This means that someone who purchased US$1,000 worth of ether in 2014 would now have US$1.2 million in holdings.

Unsurprisingly, rogues are taking advantage of this unregulated space and abuse is rampant. There has been a proliferation of cryptocurrency scams, the most common of which involves fraudsters who put out seemingly legitimate whitepapers and ICOs, raise funds from unsuspecting investors, and abscond with the money. This is the most extreme case of abuse, but due to the lack of disclosure requirements, many ICOs are based on gross exaggerations or speculation.

Unlike traditional forms of capital funding, ICOs are also uniquely prone to attacks by hackers. The most prominent example is the Decentralized Autonomous Organization (DAO), an un- incorporated entity that sold DAO tokens to create a pool of assets that would be used to fund "projects" that the DAO token holders voted to fund. Its ICO took place from April to May 2016, and, just after the ICO closed but before any projects were funded, a hacker used a flaw in the DAO's code to divert and steal approximately 1/3 of the funds raised (or roughly US$50 million).

In face of this abuse, some companies are taking proactive measures to protect investors by voluntarily complying with some aspects of securities regulations. For instance, Filecoin restricted its ICO to accredited investors.

The US Securities Exchange Commission reacts

Until recently, securities regulators have been relatively mum on if or how ICOs and coins/tokens would be treated. Many entities offering ICOs have staunchly denied that the coins/tokens are securities at all, taking the position that they should not be regulated and that any regulation would stifle innovation.

This summer, the SEC threw a damper on those hopes. On July 25, 2017, the SEC published an investigative report on the DAO, focused on the threshold question of whether the tokens it offered constituted a "security". The SEC broke ground by concluding that DAO tokens were securities and its ICO were subject to the plethora of US securities regulations. Although the SEC ultimately chose not to prosecute the DAO promoters, it released the report as a warning to the industry: in certain circumstances, the offer of coins/tokens through ICOs may be caught by securities laws and participants should do their due diligence and govern themselves accordingly.

What about the Canadian regulators?

Canadian securities regulatory authorities have also recently weighed in. In March 2017, the OSC issued a press release advising businesses that use of blockchain based ventures may be subject to securities laws. In particular, it stated that "[p]roducts or other assets that are tracked and traded as part of a distributed ledger may be securities, even if they do not represent shares of a company or ownership of an entity."

On August 24, 2017, the CSA issued a Staff Notice on cryptocurrency offerings—the first meaningful statement of its kind in Canada. It noted the significant growth of the ICO market and emphasized the need to strike a balance between innovation and investor protection. In doing so, it encouraged all businesses offering coins/tokens through ICOs to carefully determine whether a security is involved and to consider seeking legal and other professional advice in making this determination.

The CSA advised that the determination of whether a coin/token will be considered a security needs to be assessed on a case-by-case basis, looking to "substance over form" and keeping the objective of investor protection in mind. The traditional 4-pronged test for an investment contract applied: namely, does the ICO involve (i) an investment of money, (ii) in a common enterprise, (iii) with the expectation of profit, (iv) to come significantly from the effort of others (a test similar to the one employed by the SEC). For example, an individual purchasing coins/tokens that allow him/her to play video games on a platform is likely not dealing with securities.

However, the CSA noted that many of the ICOs it reviewed at the request of fintech businesses qualified as securities. The CSA offered some guidance if the coins/tokens are determined to be a security:

• Promoters of ICOs: Businesses offering the ICO must comply with securities laws. This includes filing a prospectus or relying on the available exemptions (such as selling only to accredited investors or providing an offering memoranda).
• Dealers: Businesses trading coins/tokens for a "business purpose" must register as a dealer or rely on an available exemption. Whether a business is trading for a business purpose will depend on, among other things, whether it is soliciting a broad base of investors, including using the internet (including websites and discussion boards) and attending public events. Once registered, businesses must comply with dealer obligations, including KYC (know your client) and investor suitability requirements.
• Cryptocurrency funds: Investment funds are increasingly being set up to invest in bitcoin and other cryptocurrencies. The CSA highlighted a number of regulatory issues fintech businesses looking to establish such funds should consider.

Moving forward

The cryptocurrency space is exciting and dynamic with much territory left to be charted. While the securities regulators are taking notice and have offered recent guidance on the matter, there are still many questions to be answered as the law evolves to keep pace with this swift moving technology and its applications. To this end, the CSA has set up a "regulatory sandbox" to try to support businesses by allowing firms to register and/or obtain exemptive relief from securities law requirements under a faster and more flexible process.

In this brave new world, uncertainty and disruption are the norm. Participants and interested participants should consider connecting with their professional advisors to ensure compliance with securities (and other) laws.

Footnotes

1 Canadian Securities Administrators, Staff Notice 46-307 Cryptocurrency Offerings dated August 24, 2017.

2 Securities Exchange Commission, Report of investigation pursuant to section 21(a) of the Securities Exchange Act of 1934: The DAO dated July 25, 2017 (Release No. 81207).

3 Ontario Securities Commission, Press Release "OSC highlights potential securities law requirements for tributed ledger technologies" dated March 8, 2017.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.