ICO Utility Tokens and the Relevance of Securities Law

Abraham Lincoln famously posited that if one calls a tail a leg it doesn’t mean that a dog has five legs. Similarly, a blockchain-based token offered in an initial coin offering (‘ICO’) may, irrespective of how it is called, be a security subject to securities laws applicable to the primary market as well as secondary market activities. ICOs are an example of how new technology is changing the way the public capital market is accessed by businesses, typically start-ups, in need of capital.

The legal treatment of tokens remains unclear in many jurisdictions, which is increasingly problematic as ICO activity has ballooned from around US$300 million during 2013 to 2016 to well in excess of US$5 billion in 2017. As Hong Kong is now considering its potential status as an ICO hub, it is essential that regulatory agencies and market professionals come to grips with a better understanding of how tokens are, or may be, regulated.

A focus of this article is “utility tokens”. Unlike tokens that clearly operate like equity or debt (via payments, voting rights, etc), utility tokens present problems as regards their legal characterisation. The nature of a utility token is to permit the holder to access a service provided by the issuer’s platform. This is typically a pre-sale made by a start-up seeking capital to develop the promised service. While token-holder rights bear resemblances to, for example, licensees, franchisees, or club memberships, utility tokens may have other features that lend securities-like properties to them.

Regulatory attitudes

Regulatory and practice attitudes (in markets that have not banned ICOs) have evolved with the ICO market and roughly fall into three phases.

Around the end of 2016, ICOs were generally considered to be undesirable owing to the risk of mis-disclosure and fraud, risks magnified by the speed and ease at which money was able to be raised – eight figure US dollar sums were able to be raised in a matter of minutes or hours with no regulatory oversight. The origin and subsequent use of funds being transacted also raise money laundering and terrorist financing concerns.

By this time it had already been widely understood that blockchain technology is important to future economic development. Tokens are important in this context because they collectively facilitate a blockchain-based ecosystem that provides operational functionality – imagine that one had train carriages but no train tracks. Going into 2017 regulators were adopting a more cautionary watching role, reluctant to inhibit evolution.

That began to change with the rapid growth of offerings in 2017 and following the “21(a) Report” issued by the U.S. Securities and Exchange Commission (‘U.S. SEC’) in July 2017. The 21(a) Report concluded that a token known as “Slock.it” was a security, although it had not been promoted as such. The U.S. Sec and the Hong Kong Securities and Futures Commission (‘SFC’)) have recently gone on the offensive to warn issuers and market professionals not to put form over substance when structuring tokens as a means of seeking to circumvent securities laws that serve to protect investors, and are accordingly applying greater scrutiny to ICOs.

What is a “security”?

In consequence of the foregoing, there has been a more profound examination of what are the features of a utility token that might render it to be regarded as a security.

The law applying to the offering of securities and their marketing in Hong Kong, as set out in the Companies (Winding Up and Miscellaneous Provisions) Ordinance (Cap. 32) and the Securities and Futures Ordinance (‘SFO’) (Cap. 571), is in general consistent with best international practices that prohibit accessing public capital unless registration or authorisation requirements are complied with or a relevant exemption applies. Tokens that are securities may also be subject to laws concerning regulated activities and the operation of exchanges and automated trading services. However, whether a specific token is a security will require careful consideration.

The SFO’s definition of “security” provides little assistance in relation to tokens that do not clearly fall into pre-established categories, such as shares or debentures. The definition of “collective investment scheme” (‘CIS’), which is one form of security, is widely drafted and remains open to interpretation in its application. Hong Kong is absent of case law that provides useful guidance on either of these defined terms. The report of the UK’s Financial Markets Law Committee (July 2008) has acknowledged that the definition of CIS in s. 253 of the UK Financial Services and Markets Act 2000, which the SFO’s definition reflects, is very wide and subject to legal uncertainties. There have been a handful of cases in the UK that provide some limited assistance to understanding the CIS term, though less so regarding the particular characteristics of tokens.

The scope of the term “security” has been more extensively explored in the U.S. and the ICO community has long been well aware of the relevance of the test established by the U.S. Supreme Court in SEC v. W.J. Howey Co. (328 U.S. 293 1946) (‘Howey’). Howey established that an “investment contract”, which is one type of security as defined by the Securities Act of 1933, means “a contract, transaction, or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party” (Howey, 2). Howey is of interest here for two reasons.

First, because Howey has been applied to tokens by the U.S. SEC. First in the 21(a) Report to the Slock.it ICO and most recently (December 2017) to the “Munchee” ICO. Slock.it unsuccessfully sought to take its tokens outside of the securities legislation via a distributed autonomous organisation (‘DAO’) that tried to remove the concept of a third party’s efforts. “Munchee” actively promoted that its tokens could be traded and investors could expect to profit from the increase in the value of the tokens as a result of the efforts of its promoters, ie a purchaser of the tokens could expect profits from the efforts of another. Both of these cases are relatively clear cut, and that may not always be the case.

Second, because of potential similarities to elements in the definition of CIS that align with, though are not identical to, the concept in Howey of a common enterprise in which the efforts of another are key. The “purpose or effect” requirement under the CIS definition is possibly wider than Howey because that phrase may encompass expectation, and the notion of “profit” in Howey is easily encompassed by the CIS concept of profits, income, payments or “other returns”.

However, applying existing law to tokens is inherently problematic because blockchain has enabled fundamental changes in the ease and manner of accessing public capital, the cost and timing of doing so, the willingness of the public to purchase tokens and the ease of trading them. Moreover, the ICO market, and the new digital economy it represents, is global and borderless in a way never before encountered. These new realities make it difficult to continue with oversimplified analogies to user licenses, franchises or memberships that have traditionally not amounted to capital raising exercises from a large and anonymous public market.

Hong Kong practitioners will therefore need to exercise some caution when advising on the nature of a proposed token issuance and how it is undertaken.

Best practices

The increasing awareness that tokens can be subject to securities laws that possess uncertainties in their potential scope of application has had an impact on practices in the industry. This has led to the emergence of best practices such as Coinbase’s “A Securities Law Framework for Blockchain Tokens” (December 2016) and the “Best Practices for Token Sales” issued by the Fintech Association of Hong Kong (December 2017). A core principle of both is that an ICO should be, inter alia, transparent as to its legal structure and regulatory treatment.

While best practices have been developed to promote self-regulation of the industry, they have not always been observed in practice. As already noted, the form of a token may be given precedence over its substance in an attempt to remove them from securities laws. This has led to stern warning language from the Chairman of the U.S. SEC as regards semantic gymnastics or elaborate structuring exercises (before the Senate Committee on Banking, Housing and Urban Affairs, 6 February 2018). Two days later, the SFC issued a circular stating that “ICO issuers are typically assisted by market professionals such as lawyers, accountants and consultants for advice to structure the offering as utility tokens to fall outside the purview of the SFO and to circumvent the scrutiny of the SFC” (emphasis added).

Legal practitioners will be well aware that avoidance and evasion are quite different matters. Professional advisers often structure transactions to avoid or minimise various legal ramifications, and are under no responsibility, moral, legal or otherwise, to bring a matter under consideration within any particular law or regulatory scrutiny. There is a significant difference between that role and engaging in professional misconduct by advising issuers to engage in (or cooperating in) evasion of the law through, for example, window dressing that mischaracterises the real nature of the token. Doing so may be tantamount to conspiracy to defraud.

While that distinction may be clear-cut in principle, the characteristics of a utility token that might cause it to be regarded as a security are less clear. Where a relevant grey area is in play, advice may fall into the difficult territory of avoision. Here it will be essential that advice is based on a thorough understanding of the token’s functionality and the other circumstances of the offering, is appropriately qualified to recognise potential uncertainties and attendant risks, and that full and fair disclosures are made in connection with the ICO.

Solicitors in Hong Kong should also be cognisant of Law Society’s Practice Direction P (Guidelines on Anti-Money Laundering and Counter Terrorist Financing).

The purpose of securities laws

The overarching purpose of securities laws is to regulate investments, irrespective of the form or name they assume. Accordingly, the development of securities laws and the definition of “security” were intended to be adaptable, not to create fixed and unchangeable categories. Flexibility is the foundation on which the Financial Secretary has the power under s. 392 of the SFO to specify interests, rights or property as securities.

One might point to the development of structured product regulation as a lesson in the failure of looking at how a product fits into a pre-existing set of categories, rather than considering its function in the market. A product structured as a debenture that bears no relationship to the usual commercial purposes of a debenture is a debenture in name only. Similarly, there is a risk that bisecting utility tokens into “securities” or “not securities” based on established categories fails to identify and regulate how tokens are interacting with the public capital market.

New challenges may require regulatory agencies to interpret the law with one eye firmly fixed on regulatory intent. The Howey test and the definition of securities in the SFO with its broadly drafted definition of CIS, both permit considerable latitude. The recent comment of the Chairman of the U.S. SEC that “by and large, the structures of ICOs that I have seen involve the offer and sale of securities and directly implicate the … investor protection provisions of our federal securities laws” (made in his personal capacity to the U.S. Senate Committee on Banking, Housing, and Urban Affairs, 6 February 2018) may indicate a leaning toward a broader purposive approach, but purposive approaches can present risks.

Care needs to be taken that purposive flexibility is not applied by regulators in a way that creates uncertainty. The Swiss financial regulator, FINMA, faced with an absence of ICO-specific law, issued guidelines in February 2018 on how it intends to treat ICOs under Swiss law. It may treat a utility token as a security if it functions solely or partially as an investment in economic terms. One might ask whether this could risk subjecting token issuers to ex post facto regulation because, unlike traditional markets, an issuer may not be involved in an exchange’s decision to list its tokens – this will depend on the exchange’s perception of demand – and it is quite possible that the listing will itself promote demand that makes the token function like an investment in economic terms. This poses a conundrum where the issuer has taken no steps to promote secondary market activity.

Returning to Abraham Lincoln, he was wrong semantically. If a tail is called a leg then it can be said that a dog has five legs. And if utility token issuances put public capital at risk, expose consumers to fraud, and behaves similarly to an investment in established classes of securities, then perhaps that is enough to render it a security within the original intent of the legislature. Practitioners call it “the smell test”. Indeed, the SFO provides that “interests, rights or property … commonly known as securities” are to be regarded as securities. On the other hand, calling a security a utility token does not change its nature.


Syren Johnstone is the Executive Director of the LLM (Compliance & Regulation) Programme at the University of Hong Kong and a Director of Keel Consulting. He has undertaken senior management roles regulated by the SFC and The Stock Exchange of Hong Kong, been engaged for expert work by Hong Kong’s statutory regulators, and has been an influential voice in shaping high profile regulatory matters that have been referenced in LegCo and the Court of Appeal. He is a member of the SFC’s Fintech Advisory Group since its 2016 formation.