Initial coin offerings by Russell McVeagh

Initial Coin Offerings

Â© Russell McVeagh 2017

Initial Coin Offerings Initial coin offerings (ICOs) are not immune from the law, despite being a novel and still-developing form of capital raising. As the world of cryptofinance continues to develop, in this article we consider whether New Zealand’s Financial Markets Conduct Act 2013 (FMCA) could apply to the issue of digital tokens issued in an ICO. We conclude that tokens issued in an ICO may be regulated by the FMCA if the offer is received by a person in New Zealand (for example if the ICO is published online without restricting access to New Zealanders). In particular, “The DAO” could be regulated under the FMCA as a managed investment scheme, and the tokens issued in the ICO undertaken by The DAO regulated as managed investment products. This conclusion follows that made by the United States’ Securities and Exchange Commission (SEC), which determined that the tokens issued by The DAO were securities for the purposes of federal securities laws and therefore subject to certain regulatory requirements. Whether the FMCA will be engaged by any particular ICO must be determined by reference to the facts and circumstances of that ICO. For each ICO, it is necessary to qualitatively evaluate the rights conferred by the tokens issued in the ICO and evaluate those rights against the definitions of each of the financial products regulated by the FMCA. It is entirely possible that a token issued in an ICO could be classified as any one of the financial products regulated by the FMCA, or alternatively fall outside the scope of the FMCA. Where a token falls outside the scope of the FMCA, the Financial Markets Authority (FMA) may nevertheless use its designation power to declare a product is a financial product if the circumstances warrant such a designation. The wide territorial scope of the FMCA, which may subject a significant number of ICOs to New Zealand regulatory requirements raises significant questions for the FMA about the how these legal obligations can or will be enforced (particularly in respect of ICOs based outside New Zealand).

Russell McVeagh

INITIAL COIN OFFERINGS

Introduction On 25 July 2017, the SEC released a report (Report) considering whether The DAO, an unincorporated virtual organisation, and certain other associated persons (Slock.it, a German corporation and its founders, together the “Promoters”) violated US federal securities laws by failing to produce and file with the SEC a “registration statement” in respect of tokens issued by The DAO (DAO Tokens) without qualifying for an exemption from those registration requirements.1 If the DAO Tokens were “securities” for the purposes of federal securities laws, then the obligations in relation to producing and filing registration statements would be applicable. The Report concluded that the DAO Tokens were securities and, therefore, obligations under federal securities laws did apply. In this case, the SEC decided not to pursue enforcement action against the relevant parties for non-compliance. However, the Report “stress[ed] the obligation to comply with the registration provisions of federal securities laws with respect to products and platforms involving emerging technologies and new investor interfaces.”2 The Report also concluded that:3 [The requirements to comply with federal securities laws] apply to those who offer and sell securities in the United States, regardless whether the issuing entity is a traditional company or a decentralized autonomous organization, regardless whether those securities are purchased using U.S. dollars or virtual currencies, and regardless whether they are distributed in certificated form or through distributed ledger technology.

What is an ICO? On a basic level, an ICO (or “token sale”) is a fundraising tool that is an increasingly popular method of raising capital. Despite bearing a similar name to the traditional initial public offering (or IPO), no shares are issued in an ICO. Indeed, as was the case with The DAO’s ICO, the organisation issuing the tokens may not be a legal entity capable of issuing shares.

1 Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO (Securities and Exchange Commission, Release No. 81207, 25 July 2017) [SEC Report]. 2 At 2. 3 At 18.

INITIAL COIN OFFERINGS

Russell McVeagh

Rather than issuing shares, organisations conducting an ICO issue tokens on a type of digital ledger known as a blockchain. The tokens issued in an ICO can confer a variety of different rights on the purchaser, which may not include rights traditionally associated with shares (such as rights to participate in governance and to receive a share of the organisation’s residual profits). Smith + Crown has categorised the rights typically associated with tokens issued in an ICO into the following broad (and non-exclusive) groups: 4 • Profit or revenue rights – entitles holders to a portion of fees or profits derived from users of the network or application; • Governance rights – entitles holders to influence the direction of the network or application; • Block creation rights – entitles holders to validate and create new blocks for the blockchain underpinning the network or application; • Contribution rights – entitles holders to play some kind of role in maintaining the network or application that doesn’t involve creating blocks for a blockchain; • Payment rights – provides holders the means of making payment within a network or application (for example, in-game currency); and • Access rights – entitles holders to participate in or access a network or application. Organisations may favour an ICO to raise capital for a number of reasons including: • the ability to customise the rights associated with the tokens issued (and confer fewer or less costly rights on an investor than a share would); • the perceived lack of regulatory compliance obligations compared with a traditional IPO; and • the ability to raise capital without diluting the founders’ ownership stake in the organisation. As of March 2017, fewer than 25% of ICOs involved issuing tokens that confer rights associated with share ownership (profit and governance rights).5 4 Smith + Crown “Token Rights: Key considerations in crypto-economic design” (30 March 2017) <https://www.smithandcrown.com/token-rights/>. Smith + Crown describes itself as a research group focused on technologies in the emerging field of crypto-finance. 5 Ibid.

Russell McVeagh

INITIAL COIN OFFERINGS

The SEC Report What was The DAO? A DAO entity (or decentralised autonomous organisation) can be thought of as a digital alternative to a traditional incorporated company. It is a virtual organisation governed by the rules contained in so-called “smart contracts”, stored and implemented in a blockchain (for example, Ethereum). A person who wishes to participate in a DAO entity does so by sending certain specified crypto-currency to the Ethereum account associated with the DAO smart contract and is, in return, issued with a digital token. The DAO was the first major implementation of a DAO entity, deployed on the Ethereum blockchain in May 2016. As part of the ICO, investors contributed approximately 12 million Ether (the transactional token used in the Ethereum network), worth roughly US$150 million at the time, to The DAO. The purpose of The DAO was to allow a decentralised group of investors to contribute funds (Ether), for future investment in projects that would generate returns for the holders of the DAO Tokens. The DAO Tokens gave holders the right to participate in votes governed by the smart contract underpinning The DAO, including votes to determine what projects The DAO would fund. Soon after the conclusion of the ICO, vulnerabilities were discovered in the code that represented the smart contract underpinning The DAO. While efforts were made to patch the vulnerability identified, in June 2016 the vulnerability was exploited and approximately one third of The DAO’s Ether was siphoned to another Ethereum account. After considering multiple options, the Ethereum community took the controversial decision to “hard fork” the Ethereum blockchain, which unwound the attack and enabled investors to withdraw their initial investment. Did federal securities laws apply? The Report considered whether provisions of the Securities Act of 1933 had been breached. It provides that unless a registration statement is in effect it is unlawful for any person, directly or indirectly, to offer or sell a security in interstate commerce. It also provides that unless a registration statement has been registered it is illegal to offer to buy or offer to sell a security. To determine whether these obligations applied to the issue of DAO Tokens, it

INITIAL COIN OFFERINGS

Russell McVeagh

had to be established that the DAO Tokens were securities. For the purposes of the relevant legislation a “security” includes an “investment contract”, which is not defined in the legislation but has been judicially defined (and that meaning has been endorsed by the United States’ Supreme Court).6 The Report summarised the definition of an investment contract as “an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others”. The requirement that investors invest “money” does not require that the investment take the form of cash. Investors in The DAO used Ether to make their investment, which the Report concludes is the “type of contribution of value” that is sufficient to create an investment contract. The next requirement is that there is a reasonable expectation of profit. This was satisfied in respect of the DAO Tokens because The DAO was marketed as a for-profit enterprise; money raised would be invested in various projects and any profits from those projects would be reinvested in other projects or distributed to the holders of DAO Tokens. The final requirement that needed to be satisfied in order to classify DAO Tokens as an investment contract was for the profits of the enterprise to be derived from the managerial efforts of others. The Report concluded that this criterion was satisfied for two broad reasons. First, while holders of DAO Tokens did have voting rights which could be exercised to make various decisions affecting The DAO (including voting on which projects to approve), those voting rights were structured in such a way so as to minimise the influence of holders of DAO Tokens in the making of important decisions. For example, holders of DAO Tokens could only vote on projects that had been pre approved by so-called “curators”, who were individuals chosen by the Promoters. As such, the actual influence holders of DAO Tokens had to choose which projects would be funded by The DAO was constrained by decisions made by external individuals. Second, this disempowerment of holders was compounded by the fact that there were many thousand holders of DAO Tokens, none of whom were personally identifiable. This dispersion of DAO Tokens among anonymous holders meant that it was difficult for individual holders to act together and advocate positions as a group. 6 SEC v Edwards 540 US 389 (2004).

Russell McVeagh

INITIAL COIN OFFERINGS

The Report concludes that a DAO Token comprised an investment contract and, therefore, a security for the purposes of federal securities laws. As such, The DAO was under a legal obligation to meet federal securities laws’ registration requirements by producing and filing a registration statement in respect of the DAO Tokens.

The New Zealand Position Territorial scope of the FMCA The FMCA governs disclosure obligations for persons making a “regulated offer” of a “financial product”. The obligations apply to offers of financial products in New Zealand, regardless of where the issue occurs or the issuer is based. An offer is deemed to have been offered in New Zealand if it is received by a person in New Zealand (unless the issuer can demonstrate that it has taken all reasonable steps to ensure that persons in New Zealand to whom disclosure would otherwise be required may not accept the offer). In practice, therefore, an offer to participate in an ICO (including the issuance of DAO Tokens) will be within the scope of the FMCA if it is published online without restricting access to New Zealanders. In order for the disclosure obligations in the FMCA to apply (which include the preparation of a product disclosure statement (PDS) and lodgement of the PDS with the Registrar of Financial Service Providers (Registrar)), the ICO must constitute a regulated offer, which in turn requires an offer of a financial product. Section 7 of the FMCA defines a financial product as being one of the following four products, (i) a debt security, (ii) an equity security; (iii) a managed investment product, or (iv) a derivative. We consider below whether DAO Tokens are a financial product such that the issuance of DAO Tokens could have been a regulated offer for the purposes of the FMCA.7 Debt Security In order for a product to constitute a debt security it must confer on the holder “a right to be repaid money or paid interest on money that is, or is to be, deposited with, lent to, or otherwise owing by, any person”. 7 Applying the current provisions of the FMCA as if they were the provisions in force at the time the DAO Tokens were issued.

INITIAL COIN OFFERINGS

Russell McVeagh

For the purposes of the definition of a debt security, the definition of money does not include money’s worth. Any repayment to investors would be in Ether, which is not, for the purposes of this definition, money. As such, DAO Tokens could not be debt securities under the FMCA. Equity Security The definition of equity security is narrowly defined in the FMCA as a share (i) in a company, (ii) in an industrial and provident society or (iii) in a building society. While the DAO Tokens gave holders rights that are traditionally associated with equity (ie, certain profit and governance rights), they could not be equity securities because The DAO is not one of the three types of entity listed in the definition. Managed Investment Product A managed investment product is (broadly) defined as an interest in a “managed investment scheme”, which is defined in turn as follows:

managed investment scheme means a scheme to which each of the following applies: (a) the purpose or effect of the scheme is to enable persons taking part in the scheme to contribute money, or to have money contributed on their behalf, to the scheme as consideration to acquire interests in the scheme; and (b) those interests are rights to participate in, or receive, financial benefits produced principally by the efforts of another person under the scheme (whether those rights are actual, prospective, or contingent, and whether they are enforceable or not); and (c) the holders of those interests do not have day-to-day control over the operation of the scheme (whether or not they have the right to be consulted or to give directions).

The definition of managed investment scheme overlaps significantly with the definition of investment contract in the context of the federal securities laws considered in the Report. Indeed, The DAO would appear to satisfy the criteria listed above such that it may be classified as a managed investment scheme for the purposes of the FMCA,

Russell McVeagh

INITIAL COIN OFFERINGS

applying each of the limbs of the definition as follows: a) the purpose of The DAO was to enable participants to contribute money (which, in the definition of managed investment scheme includes money’s worth – in this case Ether) in exchange for DAO Tokens; b) the DAO Tokens gave holders the right to receive a proportional interest in any distribution of profits derived from investments made by The DAO. The Report concludes that any such profits were derived from the managerial efforts of the Promoters (who created The DAO and provided advice about how to vote and otherwise participate in The DAO) and the curators (who were responsible for vetting proposed projects before they could be voted on by holders of DAO Tokens); and c) the holders of DAO Tokens did not have day-to-day control over the operation of The DAO despite having the ability to vote on certain decisions. The Report summarises the role of the Promoters and curators as follows: 8 The expertise of [the Promoters] and Curators was critical in monitoring the operation of The DAO, safeguarding investor funds, and determining whether proposed contracts should be put for a vote. Investors had little choice but to rely on their expertise. […] [The Promoters] did, in fact, actively oversee The DAO. They monitored The DAO closely and addressed issues as they arose, proposing a moratorium on all proposals until vulnerabilities in The DAO’s code had been addressed and a security expert to monitor potential attacks on The DAO had been appointed. When the Attacker exploited a weakness in the code and removed investor funds, [the Promoters] stepped in to help resolve the situation. If the characterisation of The DAO as a managed investment scheme is correct then it follows that DAO Tokens, as the interest that gives holders rights to participate in, or receive, financial benefits under The DAO, are managed investment products for the purposes of the FMCA. Derivative The definition of derivative excludes instruments that are classified as managed investment products, therefore we do not consider in detail whether the DAO Tokens would otherwise satisfy the legislative criteria for a derivative. 8 SEC Report, above n 1, at 12-13.

INITIAL COIN OFFERINGS

Russell McVeagh

The Consequences The consequences of classifying The DAO as a managed investment scheme and a DAO Token as a managed investment product are significant. First, as a managed investment product, a DAO Token is a financial product. In general under the FMCA, certain disclosure obligations must be complied with in order to issue financial products to investors (subject to certain exceptions). If the offer of financial products is made to at least one investor who is not exempt from the requirements to have disclosure provided to them (for example, if one of the investors is a “retail” investor), then the offer will be a regulated offer. The FMCA provides that a person must not make a regulated offer unless the issuer has prepared a PDS for the offer and lodged that PDS with the Registrar, and has prepared an online register with prescribed information. Second, in addition to complying with disclosure requirements in relation to the issue of DAO Tokens, there are significant additional governance requirements imposed on the underlying managed investment scheme (ie, The DAO). These requirements include: a) registering the scheme with the Registrar; b) complying with reporting and governance requirements; and c) requiring the appointment of a licensed manager and licensed independent supervisor, each of which owe statutory duties of care to investors. Failure to comply with these disclosure, governance and operational obligations imposed by the FMCA may constitute offences under the FMCA. Persons who commit these offences are liable to significant civil or criminal liability and penalties. If The DAO is a managed investment scheme under the FMCA, the additional governance requirements will apply. However, the reality is that The DAO (and DAO entities in general) could not fully comply. For example, one of the functions of the manager of a managed investment scheme is to manage the scheme property and investments. This requirement is not compatible with the concept of a DAO entity where the scheme property is “held” in the Ethereum account associated with the DAO smart contract. If there were a manager who had overall control over this account, a DAO entity would no longer be decentralised and autonomous, and would therefore be a different type of organisation altogether. Given this contradiction, this may be an example of where the FMA could use its designation powers to treat interests in DAO entities as being a financial

Russell McVeagh

INITIAL COIN OFFERINGS

product other than a managed investment scheme. For example, if the FMA were to designate such interests as equity securities, the issuer would still be required to provide disclosure to investors, but would not be subject to the prescriptive governance obligations described above. Alternatively, the FMA could exempt such entities from some of the provisions that would otherwise apply to managed investment schemes. It may also be the case that jurisdictions other than New Zealand apply regulatory requirements on ICOs. If the FMA and regulatory bodies of other jurisdictions do not take a pragmatic approach to regulating ICOs, there is a real risk that ICOs either (i) are conducted without regard to applicable regulatory requirements, or (ii) cease to occur given the requirement to comply with many separate and potentially inconsistent regulatory regimes.

Conclusion Our conclusions in this article raise profound questions as to how any legal obligations imposed under the FMCA can or will be enforced. These questions are particularly poignant given that regulatory oversight and compliance is, in many cases, anathema to the entities undertaking ICOs. Issues that confront the FMA include: a) how best to allocate its resources to undertake the significant work necessary to determine the regulatory classification of tokens issued in ICOs; b) determining when it is necessary or desirable to exercise its designation powers under the FMCA to ensure that inappropriate regulatory obligations are not imposed as a result of particular tokens fitting poorly within the existing classifications of financial products; c) how to enforce provisions of the FMCA on an even-handed basis such that entities undertaking an ICO can have confidence in how the FMCA will be enforced; and d) how and when to pursue enforcement procedures when the entities undertaking an ICO may be based overseas and may be unaware of their obligations under New Zealand law (or otherwise unwilling to comply with those obligations). The answers to these issues are well beyond the scope of this article but there is no doubt that regulators in New Zealand (and around the world) will be grappling with their role in the new world of crypto-finance.

10 INITIAL COIN OFFERINGS

Russell McVeagh

Contacts Deemple Budhia

Tom Hunt

PARTNER

EMAIL: deemple.budhia@russellmcveagh.com

EMAIL: tom.hunt@russellmcveagh.com

DDI: +64 9 367 8335

DDI: +64 4 819 7519

Guy Lethbridge

Dan Jones

PARTNER

EMAIL: guy.lethbridge@russellmcveagh.com

EMAIL: dan.jones@russellmcveagh.com

DDI: +64 4 819 7329

DDI: +64 9 367 8410

Mei Fern Johnson

Michael Taylor

PARTNER

SENIOR SOLICITOR

EMAIL: meifern.johnson@russellmcveagh.com

EMAIL: michael.taylor@russellmcveagh.com

DDI: +64 4 819 7378

DDI: +64 9 367 8279

Chris Curran

Hamish Journeaux

PARTNER

SOLICITOR

EMAIL: chris.curran@russellmcveagh.com

EMAIL: hamish.journeaux@russellmcveagh.com

DDI: +64 4 819 7507

DDI: +64 9 367 8037

Russell McVeagh

INITIAL COIN OFFERINGS

AUCKLAND

WELLINGTON

Vero Centre, 48 Shortland Street PO Box 8, Auckland 1140 New Zealand

Dimension Data House, 157 Lambton Quay, PO Box 10-214, Wellington 6143 New Zealand

P +64 9 367 8000

P +64 4 499 9555

For more information on the Russell McVeagh team and our recent work please visit our website www.russellmcveagh.com.