United States: SEC Issues Guidance On Initial Coin Offerings And Digital Assets

Michael T Boardman is an Associate at our Los Angeles office


  • The U.S. Securities and Exchange Commission (SEC) has issued a "Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO," weighing in on what are known as Initial Coin Offerings (ICOs).
  • The SEC's Report is a clear warning that ICOs offered or sold in the United States and digital assets traded in the U.S. may be subject to the federal securities laws.
  • The SEC's Report also firmly puts to rest the misguided notion that ICOs are a loophole to the SEC's regulatory oversight of capital-raising.

The U.S. Securities and Exchange Commission (SEC) on July 25, 2017, issued a "Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO," weighing in on what are known as Initial Coin Offerings (ICOs).1 The SEC's Report is a clear warning that ICOs offered or sold in the United States and digital assets traded in the U.S. may be subject to the federal securities laws.

To date, ICOs have facilitated the raising of hundreds of millions of dollars in capital, often without regulatory oversight, by selling digital "tokens" that are tradable across a blockchain network. Analyzing a recent high-profile offering from an entity known as The DAO, the SEC concluded that, depending on all of the surrounding facts and circumstances:

  1. An ICO may constitute an offer or sale of securities that is subject to the registration and disclosure provisions of the federal securities laws
  2. Any person or entity who brings together orders for securities (which include digital assets generated through the ICO process) of multiple buyers and sellers must register as a national securities exchange or operate pursuant to an exemption from such registration
  3. Virtual organizations such as The DAO might constitute "investment companies" and, therefore, be subject to the extensive regulatory requirements of the Investment Company Act of 1940
  4. Individuals who participate in such activities without complying with the federal securities laws may be subject to personal liability

The SEC's Report firmly puts to rest the misguided notion that ICOs are a loophole to the SEC's regulatory oversight of capital-raising. All individuals and entities who are considering becoming involved in ICOs (including facilitating trading the resulting digital assets) in the United States are now on notice that 1) their activities may be subject to the federal securities laws and 2) the SEC will enforce compliance with such laws.

The DAO and Its Offering

In Spring 2016, a small group of entrepreneurs launched The DAO, a revolutionary new form of fundraising over the internet. The DAO issued what it called "tokens" on the Ethereum blockchain network, which could be purchased with Ether (ETH), Ethereum's native cryptocurrency. The DAO was intended to be a democratically controlled organization in which owners of its digital tokens would be able to vote, on a pro rata basis, on project proposals on which The DAO could deploy its capital. The DAO Tokens were also treated as investment opportunities that were expected both to generate profits and to increase in value as they increased in popularity, and could be sold in secondary markets. Within a month, The DAO had raised more than 11 million ETH (then valued at nearly $150 million) from 18,000 stakeholders. Using today's exchange rate for ETH (approximately $220), this translates to nearly $2.5 billion.

The Hack and Resulting Hard Fork

Shortly after The DAO offering closed, an unknown attacker took advantage of a faulty line of code in the smart contract that controlled the flow of ETH virtual currency within The DAO's control and diverted approximately 3.6 million ETH units (nearly one-third of The DAO's capital) from The DAO's blockchain address to the attacker's address. The attacker was ultimately stymied, however, because provisions in The DAO's code required the ETH virtual currency to remain effectively frozen for 27 days. During that time, the Ethereum network agreed to implement a "hard fork" of the Ethereum blockchain that copied all of the existing information in the Ethereum blockchain onto a new blockchain. It also enabled the transfer of all ETH funds raised by The DAO to a recovery address so that DAO Token holders could exchange their tokens back to ETH virtual currency and recoup their initial investment. A majority of the Ethereum community chose this pragmatic approach, rejecting the more dogmatic notion that to effectively unwind a transaction on the blockchain was a violation of the fundamental premise that blockchains are immutable ledgers.2

Some refused to participate in the hard fork and have continued to support and propagate the original Ethereum blockchain, which is now known as Ethereum Classic (ETC). In this competing reality, the individual responsible for the attack is able to keep the spoils of its theft, albeit in the form of ETC, not ETH. ETC virtual currency currently trades at a $15 per unit market price, which means that the culprit is still sitting on some $54 million of ETC virtual currency units.3

Despite these problems, The DAO's successful debut inspired a wave of other ICOs; to date, there have been hundreds of ICOs, with dozens (possibly hundreds) more in the pipeline.

Digital Tokens Issued in an ICO Are Securities Under Federal Securities Laws

Perhaps because of The DAO's overnight success and the fact that its vulnerability to theft had not been disclosed to investors, the government quickly took an interest in ICOs. The SEC's Report applied the Howey test4 to The DAO Tokens and determined that they constituted "investment contracts," meaning that they were "securities" under federal law. (See Report at 11.) Under the Howey test, an investment contract is "an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others." (Id.)

In concluding that the Howey test was satisfied, the SEC's Report expressly noted that "[i]n determining whether an investment contract exists, the investment of 'money' need not take the form of cash" and that an investment of a cryptocurrency such as ETH "is the type of contribution of value that can create an investment contract under Howey." (Id.) After examining all of the relevant facts and circumstances surrounding The DAO offering, the SEC's Report also concluded that the Howey test was met because investors in The DAO Tokens had a reasonable expectation of profits that depended on the managerial efforts of others. (Id. at 11-14.)

As a result, the SEC found that The DAO was an issuer of securities within the meaning of the federal securities laws. (Id. at 15-16.)5 This meant that The DAO offering was subject to the same registration and disclosure rules that apply to any issuer of securities in the U.S.:

Those who offer and sell securities in the United States must comply with the federal securities laws, including the requirement to register with the Commission or to qualify for an exemption from the registration requirements of the federal securities laws. The registration requirements are designed to provide investors with procedural protections and material information necessary to make informed investment decisions. These requirements apply to those who offer and sell securities in the United States, regardless whether the issuing entity is a traditional company or a decentralized autonomous organization, regardless whether those securities are purchased using U.S. dollars or virtual currencies, and regardless whether they are distributed in certificated form or through distributed ledger technology. (Id. at 18.)

And, because the DAO Tokens are securities under federal law, persons who facilitate their trading or exchange in the U.S. must register as a National Securities Exchange or come within an exemption from such registration:

In addition, any entity or person engaging in the activities of an exchange, such as bringing together the orders for securities of multiple buyers and sellers using established nondiscretionary methods under which such orders interact with each other and buyers and sellers entering such orders agree upon the terms of the trade, must register as a national securities exchange or operate pursuant to an exemption from such registration. (Id.)

Finally, the SEC's Report raised the specter that organizations conducting ICOs might constitute "investment companies" and, therefore, be subject to extensive regulatory requirements of the Investment Company Act of 1940.6


The SEC's Report is a clear warning that any entity or individual involved in an ICO or the trading of digital assets may be subject to the federal securities laws and to an enforcement action by the SEC for noncompliance with those laws. The SEC has extensive enforcement powers and may seek, among other things, injunctive relief, the disgorgement of all ill-gotten gains and pre-judgement interest thereon, civil money penalties and bars against individuals serving in certain capacities. Given the SEC's enforcement interest in this area, any person contemplating involvement with an ICO or the trading of digital assets in the U.S. should strongly consider obtaining advice from legal counsel who is both schooled in the federal securities laws and has a sufficient understanding of the relevant technologies.

Holland & Knight has both highly experienced SEC defense counsel as well as a well-established team dedicated to blockchain and distributed ledger technology, with more than 20 lawyers throughout the country involved in the practice.    


1 Reports of Investigations under Section 21(a) are uncommon (this was the eighth such report issued over the last decade) and are intended to alert the public about enforcement positions the SEC will take going forward.

2 In an ironic twist, the individuals who created The DAO had been associated with the mantra: "Code is law." A common meaning of this phrase is that computer code is a superior form of contracting versus our traditional human prose contracts because of its highly deterministic outcome. Proponents of the "code is law" mantra believed that, by distilling the governance of The DAO to computer code, recourse to traditional laws would be unnecessary. After the removal of the ETH tokens, however, the individuals who created The DAO supported the hard fork in order to prevent the "theft" of the ETH tokens. Many in the blockchain community were quick to remind them and other proponents of The DAO that if the code permitted the individual to withdraw the tokens, then that was the "law" and his or her actions could not properly be considered theft.

3 Markets have signaled that ETH will be the dominant currency going forward, but ETC will continue to battle for legitimacy.

4 SEC v. W.J. Howey Co., 328 U.S. 293 (1946).

5 Bitcoin should be largely unaffected by the SEC's Report, as it has no issuer, does not distribute any profits and because new tokens are issued only to people who actually provide a service to the network by batch processing transactions into data objects known as "blocks" (i.e., mining).

6 The SEC's Report stated that it had not analyzed this question, but pointedly warned that "[t]hose who would use virtual organizations should consider their obligations under the Investment Company Act." (Report at footnote 1.)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.