How to Do a Security Token Offering: SEC Compliance and Best Practices

Key Takeaways:

• Security Token Offerings (STOs) are regulated offerings where digital tokens represent ownership in an asset and are subject to securities laws.
• The SEC applies the Howey Test to determine whether a token is classified as a security.
• Companies can avoid SEC registration by using exemptions such as Regulation D, Regulation A+, and Regulation S.
• Tokenization of assets allows for fractional ownership and increased liquidity, but regulatory compliance is essential.
• Compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations is mandatory for STOs.
• Smart contracts play a role in automating compliance, but legal oversight is still necessary.
• The SEC has enforced strict penalties on companies that fail to comply with securities laws.
• Seeking legal counsel before launching an STO is crucial to ensure compliance with U.S. federal securities laws.

If you’re thinking about raising money for your startup by selling tokens, you should first be familiar with the regulatory requirements. Depending on the circumstances, your token offering may be considered a security.

If that’s the case, the offering will be subject to federal securities laws. In this article, we’ll explain the laws that are relevant to token offerings and how the SEC decides whether they apply to an initial coin offering (ICO).

When is a Token a Security?

There is some confusion about what sorts of tokens constitute securities. For example, some cryptocurrency websites claim that a token designed to provide a functional benefit places the offering outside the Securities and Exchange Commission’s jurisdiction. But the SEC states that even tokens of this sort, known as “utility tokens,” may be securities. 

Some sites claim that through an ICO, in contrast to a security token offering, companies can sell tokens without registering with the SEC. But tokens sold through ICOs may be considered securities. The SEC made this clear in its 2017 DAO Report of Investigation. In 2018, the agency filed enforcement actions against two companies for non-compliant ICOs.

Understanding the Difference Between Utility and Security Tokens

Tokens are generally classified as either utility tokens or security tokens, but the distinction is not always clear-cut.

• Utility Tokens: Designed for specific platform access or services and are not primarily investment vehicles.
• Security Tokens: Represent ownership in an underlying asset, such as equity in a company or a share of real estate.

Even if a token is marketed as a utility token, the SEC may still consider it a security if it meets the Howey Test criteria. To avoid misclassification, companies must structure their offerings carefully and seek legal advice before launching.

The Consequences of Failing to Register With the SEC

Airfox raised $15 million to develop an app through which users could earn tokens and redeem them for mobile data. Paragon raised $12 million to fund the development of a “decentralized solution for the cannabis industry.”

The SEC imposed $250,000 penalties on each company. It also required them to register their tokens as securities and compensate harmed investors. After filing for bankruptcy, Paragon and its founders and executives were found liable for over $12 million in a civil suit.

Since 2014, the SEC has brought 41 enforcement actions against other companies and individuals for offering unregistered securities in the form of digital assets or ICOs. 

SEC Enforcement Actions and Legal Precedents

The SEC has taken action against numerous companies that failed to register their token offerings as securities. Some notable cases include:

• Telegram (TON ICO): Raised $1.7 billion but was forced to refund investors after the SEC deemed it an unregistered securities offering.
• Kik Interactive: The company’s $100 million Kin token sale was ruled an unregistered security offering, leading to a $5 million fine.
• Ripple (XRP): The SEC filed a lawsuit claiming that XRP tokens were unregistered securities, leading to ongoing legal battles.

These cases underscore the importance of compliance with federal securities laws. Companies should conduct a legal assessment before launching an STO to prevent costly enforcement actions.

What is a Security?

The Securities Act of 1933 defines a security as:

"The term ‘‘security’’ means any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, … or, in general, any interest or instrument commonly known as a ‘‘security’’, or any certificate of interest or participation in, temporary or interim certificate for, receipt for, guarantee of, or warrant or right to subscribe to or purchase, any of the foregoing.”

The applies the Howey test to determine whether a token meets that definition. The test comes from the 1946 Supreme Court decision in SEC v. W.J. Howey Co. According to the test, a token is an investment contract if it is "a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party."

What Kind of Token Offerings Need to Be Registered?

The SEC offers a framework to give companies guidance on whether U.S. federal securities laws apply to their token offering. There are three elements to consider:

1. Was there an investment of money?
2. Were the parties engaged in a common enterprise?
3. Did the purchaser have a reasonable expectation of profits derived from the efforts of others?

Token offerings generally meet the first and second elements. In the DAO report, the SEC said, “[i]n determining whether an investment contract exists, the investment of “money” need not take the form of cash.” There is an investment because something of value is exchanged for the digital asset. 

The parties will likely be found to be engaged in a common enterprise as well because “the fortunes of digital asset purchasers have been linked to each other or to the success of the promoter's efforts.

Since the first two elements are typically met, the SEC’s primary consideration is whether the purchaser have a reasonable expectation of profits derived from the efforts of others. Two of the key factors are whether the expectation is reasonable and the efforts significant. 

While that’s the basic framework, there are many other considerations based on a large body of case law that will continue to evolve as the courts hear new cases against companies that raise money through token offerings.

For that reason, it’s important to seek legal counsel before holding a token offering. New pitfalls will arise as blockchain technology advances and courts interpret the laws in new situations. An attorney who is familiar with the relevant federal laws and how the courts have interpreted them can help you avoid an enforcement action.

SEC Exemptions for Security Token Offerings

Businesses conducting a security token offering may qualify for an SEC exemption to avoid full registration. Some commonly used exemptions include:

1. Regulation D (Rule 506(b) and 506(c)
   • Allows fundraising from accredited investors.
   • Rule 506(c) permits general solicitation, but issuers must verify accredited investor status.
2. Regulation A+ (Tier 1 and Tier 2)
   • Tier 1: Allows up to $20 million in fundraising with fewer requirements.
   • Tier 2: Allows up to $75 million but requires financial disclosures.
3. Regulation S (For Foreign Investors)
   • Applies to offerings made outside the U.S.
   • Companies using this exemption must ensure compliance with local regulations in investor jurisdictions.

Choosing the right exemption depends on the target investor base, fundraising goals, and regulatory strategy. Consulting an attorney is essential for determining the most suitable exemption.

How to Hold a Compliant Token Offering

When a token is a security, the offering must be registered with the SEC or the offering company must file for an exemption with the SEC. SEC regulations contain ten capital-raising exemptions with different requirements and restrictions.

Three common exemptions are:

1. Rule 506(b) of Regulation D. Under this exemption, a company can raise money from an unlimited number of accredited investors and up to 35 “sophisticated but non-accredited investors in a 90 day period.” The company cannot advertise the offering.
2. Rule 506(c) of Regulation D. Under this exemption, a company can raise money from an unlimited number of accredited investors and must take “reasonable steps” to ensure that all investors are accredited. The company can advertise the offering.
3. Regulation A: Tier 1. Under this exemption, a company can raise up to $20 million from any investors. “Testing-the-waters” through advertising and general solicitation is permitted.
4. Regulation A: Tier 2. Under this exemption, a company can raise up to $75 million from any investors, but non-accredited investors are subject to investment limits. “Testing-the-waters” through advertising and general solicitation is permitted.

Key Compliance Requirements for Security Token Offerings

Conducting a compliant Security Token Offering (STO) requires adherence to multiple regulatory requirements:

• Know Your Customer (KYC) & Anti-Money Laundering (AML): Issuers must verify investor identities to prevent illicit activities.
• Accredited Investor Verification: If relying on Regulation D 506(c), issuers must take "reasonable steps" to verify accredited investors.
• Smart Contract Governance: Security tokens often utilize programmable smart contracts to enforce compliance rules.
• Ongoing Reporting Obligations: Regulation A+ and some exemptions require periodic disclosures to investors and regulators.

A structured compliance strategy is critical to ensuring that the STO adheres to U.S. securities laws and avoids penalties.

FAQs

1. What is a Security Token Offering (STO)? A Security Token Offering (STO) is a blockchain-based method of raising capital where digital tokens represent ownership in a real-world asset and are subject to securities regulations.

2. How does the SEC determine if a token is a security? The SEC applies the Howey Test, which assesses whether an asset involves an investment of money in a common enterprise with an expectation of profits derived from the efforts of others.

3. What are the risks of an STO? Risks include regulatory scrutiny, SEC enforcement actions, market volatility, and legal complexity. Companies must comply with federal securities laws to avoid fines and lawsuits.

4. Can a company legally raise funds through an STO without registering with the SEC? Yes, companies can use SEC exemptions such as Regulation D, Regulation A+, and Regulation S, but each has its own compliance requirements.

5. Where can I find legal assistance for launching an STO? UpCounsel connects businesses with experienced attorneys who specialize in securities law and STO compliance. Consulting a legal professional can help navigate regulatory challenges.

Each exemption has different rules and required filings, so we recommend getting professional advice from an attorney to determine which exemption you should seek, if any.

If you need help with a Security Token Offering, you can post your legal need on UpCounsel's marketplace. UpCounsel accepts only the top 5 percent of lawyers to its site. Lawyers on UpCounsel come from law schools such as Harvard Law and Yale Law and average 14 years of legal experience, including work with or on behalf of companies like Google, Menlo Ventures, and Airbnb.