Blog Article

3 Common Misconceptions about ICO Law


Stellar Development Foundation

Publishing date




Recently, many blockchain companies have been exploring the use of initial coin offerings (ICOs) to raise funds to launch and grow ambitious projects. As a lawyer and cryptocurrency enthusiast, I’ve spoken to numerous Silicon Valley entrepreneurs about their ICO plans. My company,, has helped multiple blockchain entrepreneurs integrate with the Stellar ecosystem for their token infrastructure needs. We hope that the recent torrent of innovation in the blockchain and distributed ledger technologies will lay the groundwork for what could be the next generation internet.

ICOs have the promise to expand financial inclusion, generate built-in user networks, and spur extensive open-source development. However, companies should be aware of the regulatory and legal landscape so that they may proactively act to avoid future civil and criminal liabilities. During our discussions with ICO-curious companies, I’ve noticed that many founders share some of the same misconceptions about the legal implications of ICOs. In this post, I hope to help blockchain entrepreneurs better navigate this developing space by clearing up a few common misunderstandings surrounding the regulatory landscape.

Misconception #1: My token is a “utility token”. Therefore, it is not a security.

Reality: A utility token is a token that can be used to access a product or service. Some analogize utility tokens to gift cards or software/network licenses, which are not traditionally considered securities. The value of a utility token theoretically derives from its consumptive use.

If a token has a significant utility in the operation of the application, it may be less likely to be considered a security (since this characteristic may help the token to fail the Howey test, as discussed below). However, be wary of umbrella statements that “utility tokens are not securities.” The reality is that utility tokens can indeed be considered a security under the definitions set forth in Section 2(a)(1) of the Securities Act of 1933 (1933 Act) and Section 3(a)(1) of the Securities Exchange Act of 1934 (1934 Act). The fact that a utility exists is not determinative in determining whether the token is a security. If it were, we’d get an absurd result: any offering could escape securities law jurisdiction simply by building in a trivial utility to the token. Imagine a tokenized share of stock, except the token also enables you to redeem it for a cat GIF.

Until the SEC delivers on-point guidance through rule-making, no action letters, interpretative releases, or more, no one can say for certain that utility tokens are not securities. The most likely outcome is that some types of utility tokens are securities, and some types are not, evaluated on a case-by-case, fact-based basis.

Misconception #2: My token didn’t meet the definition of a security under the Howey test. Therefore, it can’t be a security!

Reality: The threshold question is whether a particular token would be considered a security under the 1933 Act and the 1934 Act. If the answer is yes, the token may be subject to various SEC registration, exemption, sale, transference, and reporting requirements.

Section 2(a)(1) of the 1933 Act and Section 3(a)(1) of the 1934 Act enumerate multiple instruments that are considered securities. The definition of security includes notes, stock, security futures, swaps, bonds, debentures, options, investment contracts, and more. The “investment contract” phrase has acted as a catch-all phrase to encompass innovative financial arrangements that have the spirit of a security, but may not meet the description of the enumerated instruments.

Applying Howey’s 4-Factor Test

In SEC v. W. J. Howey Co. (1946), the U.S. Supreme Court provided a four-part test for whether an arrangement constitutes an “investment contract”. The test checks whether there is (1) an investment of money (2) in a common enterprise (3) with an expectation of profits (4) which are derived solely from the efforts of the promoters or third parties.

The idea that utility tokens may not be considered securities arises from the thought that if a token has a utility, then any expectation of profit would derive mainly from the token’s consumptive value, not on the efforts of third parties. Therefore, the fourth factor would fail, making the arrangement not an investment contract. Marco Santori from Cooley provides a more in-depth analysis of Howey for tokens here. Coinbase, Coin Center, Union Square Ventures, and Consensys have also built-out a thoughtful securities law framework to test whether a token may be considered a security.

While the Howey test is relied upon to judge whether an arrangement is an investment contract, Howey is not the end-all-be-all test to check whether a token is a security. A court may choose a different test.

Applying Reves’s Family Resemblance Test

A separate securities test is the Reves “family resemblance” test from the 1990 U.S. Supreme Court decision in Reves v. Ernst and Young. The Reves test articulates four factors to determine when a note, one of the enumerated categories of securities in the 1933 and 1934 Act, should be classified as a security.

In Reves, the default presumption is that a note is a security, but this presumption could be rebutted if it bears a “family resemblance” to one of the enumerated categories on a judicially developed list of exceptions. The Reves test considers: (1) the parties’ motivation for entering into the transaction, (2) whether there was a trading market for investment in the instrument, (3) the expectation of the investing public, and (4) whether there are other regulatory schemes applicable to the instrument that could reduce risk to the buyer. Based on this test, the court determines whether a note resembles an excepted non-security note and is therefore not a security.

While Reves applies to notes, the same judicial rationale could be extended to other enumerated categories of securities. The Howey and Reves tests could both be applied -- for example, even if a token is not an investment contract under Howey jurisprudence, it could be considered a security under Reves. A token issuer should be mindful of how Howey and Reves may apply to its token.

Applying the Risk Capital Test

Token issuers also have to consider securities regulation beyond the SEC. Issuers who distribute their tokens all across the U.S. may have to comply with each state’s securities regime (i.e. “Blue Sky” laws). This means a token that is beyond the jurisdiction of the SEC may still be subject to securities regulation by one or more of the states.

States may use different frameworks to judge what constitutes a security. For example, courts in California, Arkansas, Michigan, Washington, Oregon, and other states have instituted a “risk capital” test. In California, the risk capital test considers whether there is attempt by an issuer to (1) raise funds for a business venture or enterprise (2) through an indiscriminate offering to the public at large, (3) where the investor is in a passive position to affect the success of the enterprise, and (4) the investor’s money is substantially at risk because it is inadequately secured.

Using this test, the California Supreme Court found that country club memberships were securities in a landmark case called Silver Hills Country Club v. Sobieski (1961). In this case, an organization attempted to finance improvements on a country club by selling club memberships. The membership did not entitle the holder to any share of profits -- it only enabled the holder to use club facilities. The court held that courts have to look through form to substance to protect the public from schemes to attract "risk capital” with which a company can develop a business for profit. The purchaser has to contribute capital in a high risk project for there to be any chance that the benefits of club membership will materialize.

A state that uses the risk capital test may apply it in conjunction with Howey. A transaction is considered a security if it satisfies either test. Given that many token issuers are raising funds from the general public for business ventures in which passive investors contribute capital to help materialize a risky product, the risk capital test may be applicable in many circumstances.

Misconception #3: I’ve been assured by the best law firms that my token will not be considered a security subject to U.S. federal and state securities laws. I can now do whatever I want.

Reality: Beyond U.S. securities laws, there are multiple other areas of law that must be considered for a token sale.

Three key considerations are tax laws, consumer protection laws, and anti-money-laundering laws.


If a token is not considered a security, then the revenue generated from the token sale may be considered taxable revenue. This has been one of the key motivators of structuring offshore foundations to be the token issuer -- offshore foundations may not be subject to some taxation requirements.

Consumer Protection

Token issuers who make misleading statements may be liable for breach of contract, false advertising, and fraudulent or negligent inducement, to name just a few claims. On the federal level, the Federal Trade Commission could investigate an organization for unfair and deceptive advertising (e.g. lying about the scope or character of the products and services promised in an ICO campaign).

On the state level, states have differing consumer protection regulatory regimes. For example, some states require the organization to refund consumers if it isn’t able to deliver the product or service.

Anti-Money Laundering

The Bank Secrecy Act and its implementing regulations require Money Service Businesses to register with the Financial Crimes Enforcement Network (FinCEN). FinCEN has stated that “exchangers” and “administrators” in the virtual currency ecosystem are considered money transmitters (a category of Money Service Businesses), and are therefore required to register with FinCEN and comply with AML regulations.

By FinCEN’s definition, an exchanger of virtual currency is a person or entity that is “engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency.” An administrator of virtual currency is a person or entity “engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency.” Note that token issuers may fulfill the definition of an “administrator,” given that they issue a virtual currency, and may have the authority to withdraw their virtual currency from circulation.

While registration with FinCEN is quickly done through the bureau’s website, a company must assume the on-going burden of AML and know your customer (KYC) compliance programs, including collecting personally identifying information about customers, monitoring transactions, reporting suspicious activity, creating risk mitigation plans, and more. Moreover, most states require money transmission licenses to operate money transmitter businesses in-state (the definition of “money transmitter” differs across states). In some states, it can be very resource-intensive to obtain a money transmission license (e.g. New York).

Industry-Specific Regulations and Global Regulatory Regimes

Beyond taxes, consumer protection, and AML, each token issuer has to consider the legal implications of their underlying business. For example, an organization that issues a token that can be used to “win” an award may be subject to gambling regulations. An organization that transmits personal data across a blockchain may be subject to various privacy laws. All these must be considered.

Beyond U.S. laws altogether, the token issuer may be subject to the regulations of many, if not all, of the countries where its token holders reside. Each country would have its own regulatory scheme for securities, tax, consumer protection, AML, and more.

Innovate! But Tread Carefully

The legality of token sales is a complicated question with multiple dimensions for consideration. DIY lawyering in this space is not a wise decision. A good lawyer would be able to help you assess what and how legal frameworks may apply to your organization’s operations and needs. Moreover, a lawyer would be able to help assess the risks of prosecution and help craft a regulatory strategy. Law firms like Cooley, Perkins Coie, and Morrison Foerster have been leaders in this space.

Despite current regulatory uncertainty, I’m excited about the recent surge of innovation in distributed ledger and blockchain technologies. I believe that sustainable growth in this space will require the community to respect the intent of regulatory schemas and comply with necessary regulations. At the same time, the community should advocate for necessary change and self-regulate in areas where there are significant risks of public harm that have not been addressed by current law.

Best wishes to all blockchain entrepreneurs! Whether you’re considering an ICO or you’re interested in building out cryptographic token infrastructure for your business, please contact the team at [email protected] if you’d like to discuss how Stellar technology can help you launch secure and production-ready token infrastructure.

Lindsay is a counsel and program manager at, a company powered by Stellar. Lightyear helps institutions implement distributed ledger infrastructure to send payments (and other transactions) across borders as easily as sending an email. The content in this post is offered as general legal information and does not constitute legal advice. Lightyear does not provide legal consultation services.