Until yesterday, the enforcement actions of the U.S. Securities and Exchange Commission (SEC) in the digital token (aka cryptocurrency) space have primarily focused on the primary issuances of tokens. However, on November 8, 2018, the SEC announced in an order (the “Order”)[1] that it had settled charges against Zachary Coburn, the founder of the digital token exchange EtherDelta, marking the first time that the SEC has brought an enforcement action against an online digital token platform for operating as an unregistered national securities exchange.
Background
According to the Order, EtherDelta operated as an online platform that allowed buyers and sellers to trade ERC-20 tokens[2] — a type of digital token on the Ethereum blockchain frequently used in initial coin offerings (“ICOs”) — in a secondary market. To facilitate this trading, EtherDelta used a combination of (i) an order book, (ii) a website “with a user-friendly interface . . . and resembles online securities trading platforms” that displayed orders (including the token symbol, size, and price), and (iii) a smart contract running on the Ethereum blockchain.[3] During the relevant period, the platform was open to any user with an Ethereum wallet address and holding ERC-20 tokens available for trading on the platform.[4] The platform also facilitated the trading of any ERC-20 token, regardless of the token’s status as a security under federal securities laws.[5]
In July 2017, the SEC issued its landmark DAO Report, in which the SEC warned that “any entity or person engaging in the activities of an exchange must register as a national securities exchange or operate pursuant to an exemption from such registration.”[6] Despite that warning, from July 17, 2016 to December 15, 2017 (when Mr. Coburn ceded control of EtherDelta), more than 3.6 million buy and sell orders were traded on the EtherDelta platform, of which approximately 92% (3.3 million) were traded during the period following the DAO Report.[7]
To resolve the proceeding, Mr. Coburn agreed to pay disgorgement of $300,000 and a fine of $75,000. The Order noted that, in deciding to approve the terms set forth in the Order, the SEC considered both “remedial acts promptly undertaken by [Mr. Coburn]” and “cooperation afforded the Commission staff,” which efforts “facilitated the staff’s investigation involving an emerging technology.”[8]
Key Takeaways from the Order
There are a few key takeaways from the Order:
Compliance Considerations
For platforms that permit the trading of digital assets, the Order highlights the importance, emphasized prominently in the DAO Report, of operating in compliance with the federal securities laws. One path to compliance for token-trading platforms that wish to continue to provide exchange-like functionality for U.S. persons would be to operate as an alternative trading system (“ATS”). Such platforms would need to, among other things, (i) register as a broker-dealer with the SEC, (ii) become a member of the Financial Industry Regulatory Authority, (iii) notify the SEC of its intention to operate as an ATS at least 20 days before operating, and (iv) maintain compliance with ongoing obligations as an ATS.
In addition to federal securities laws, digital asset exchanges should also comply with the Bank Secrecy Act and state money transmission laws, which prevent money laundering, fraud, and terrorist financing. Finally, such exchanges should also carefully evaluate the need to comply with the Commodity Exchange Act and the Commodity Futures Trading Commission’s regulations.
Conclusion
Prior to today’s settlement, the SEC’s enforcement actions had focused on the primary issuances of digital tokens, largely for fraud in connection with unregistered sales of securities.[13] Today’s settlement paves the way for future enforcement actions against platforms and other marketplaces that facilitate secondary sales of tokens.
[1] See Order Instituting Cease-and-Desist Proceedings Pursuant to Section 21(c) of the Securities Exchange Act of 1934: In the Matter of Zachary Coburn, Release No. 84553 (Nov. 8, 2018), available at https://www.sec.gov/litigation/admin/2018/34-84553.pdf.
[2] As noted in the Order:
“ERC20 refers to a specific Ethereum token issuing protocol, formally adopted by the Ethereum network in September 2017, and used on the Ethereum Blockchain. (ERC stands for Ethereum Request for Comments and 20 is the unique identification used to distinguish this coding standard from other standards.) The ERC20 token standard, created in November 2015, ‘allows any token on Ethereum to be re-used by other applications: from wallets to decentralized exchanges’ and ‘provides basic functionality to transfer tokens, as well as allow tokens to be approved so they can be spent by another on-chain third party.’” (internal citations omitted)
[3] See Order at 3-7.
[4] See id. at 5.
[5] For general background on the treatment of tokens as securities under federal securities laws, see, e.g., Morrison & Foerster Client Alert, Howey Got Here: SEC Issues Guidance on Token Offerings (July 26, 2017), available at https://www.mofo.com/resources/publications/170726-howey-got-here-sec-token-offerings.html.
[6] See Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO (July 25, 2017), available at https://www.sec.gov/litigation/investreport/34-81207.pdf (the “DAO Report”).
[7] Order at 2.
[8] Id. at 10.
[9] 17 C.F.R. §§ 240.3b-16(a)-(b).
[10] SEC v. W.J. Howey Co., 328 U.S. 293, 301 (1946).
[11] Order at 9.
[12] Id.
[13] See generally U.S. Securities and Exchange Commission, Annual Report: Division of Enforcement (Nov. 2, 2018), available at https://www.sec.gov/files/enforcement-annual-report-2018.pdf, at 7 (noting that the Division has pursued cases involving fraud, failure to comply with the registration requirements of the federal securities laws, and failure to register as a broker-dealer).
A special thanks to corporate associates Mara Goodman, Dylan Naughton, and Lee Nisson for their contributions to this client alert.
Disclaimer
Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.