July 25, 2017
Seven Takeaways from the SEC DAO Reportreading the tea leaves of the Commission's first major ICO report
The Securities and Exchange Commission released a Report of Investigation of The DAO. Here are a few takeaways, in the first twenty four hours. I hope and expect my views will change as I think more on this.
The Commission won’t take Slock.it’s heads.
The United States Securities and Exchange Commission’s (“Commission”) Division of Enforcement (“Division”) has investigated whether The DAO, an unincorporated organization; Slock.it UG (“Slock.it”), a German corporation; Slock.it’s co-founders; and intermediaries may have violated the federal securities laws. The Commission has determined not to pursue an enforcement action in this matter based on the conduct and activities known to the Commission at this time. [Emphasis mine, in this and other quotes—KEM]
This is the major hard-news item of the report. The Commission decides who it pursues. It has decided not to pursue the folks behind The DAO.
It’s always hard to say why the Commission does or doesn’t bring any specific enforcement action. The Commission doesn’t help. The rest of the report sets up a case against The DAO, its organizers, its Curators, and even the exchange sites that offered its tokens. The report all but comes right out and says they done broke securities laws.
That doesn’t mean The DAO saga is over. The Commission isn’t the only one that can make legal trouble under the securities laws. Aggrieved private parties—especially investors—could bring private suits. And they’d find the Commission’s report very handy in doing so.
The Commission will keep its headsmen on call.
Courtesy of the SEC, a highest-level summary of United States securities regulation. A shorter-than-short course, if you will:
The Commission deems it appropriate and in the public interest to issue this report of investigation (“Report”) pursuant to Section 21(a) of the Exchange Act[Note 2] to advise those who would use a Decentralized Autonomous Organization (“DAO Entity”), or other distributed ledger or blockchain-enabled means for capital raising, to take appropriate steps to ensure compliance with the U.S. federal securities laws. All securities offered and sold in the United States must be registered with the Commission or must qualify for an exemption from the registration requirements. In addition, any entity or person engaging in the activities of an exchange must register as a national securities exchange or operate pursuant to an exemption from such registration.
This Report reiterates these fundamental principles of the U.S. federal securities laws and describes their applicability to a new paradigm—virtual organizations or capital raising entities that use distributed ledger or blockchain technology to facilitate capital raising and/or investment and the related offer and sale of securities. The automation of certain functions through this technology, “smart contracts,”[Note 3] or computer code, does not remove conduct from the purview of the U.S. federal securities laws.[Note 4] This Report also serves to stress the obligation to comply with the registration provisions of the federal securities laws with respect to products and platforms involving emerging technologies and new investor interfaces.
Had the Commission simply announced that it would not pursue The DAO people, full stop, the news story would have played out very differently, and not in a way preferred by the Commission. Instead, the Commission pads the news in a detailed, but not overly-lengthy report setting out securities laws fundamentals and making clear that noncompliance continues to make risk for fundraising scofflaws.
At the same time, the Commission could have sent the same message without going into as much detail as it did. There is more here.
The obvious “security” conclusion, now straight from the horse’s mouth.
Right up top:
The investigation raised questions regarding the application of the U.S. federal securities laws to the offer and sale of DAO Tokens, including the threshold question whether DAO Tokens are securities. Based on the investigation, and under the facts presented, the Commission has determined that DAO Tokens are securities under the Securities Act of 1933 (“Securities Act”) and the Securities Exchange Act of 1934 (“Exchange Act”).[Note 1]
The DAO, an unincorporated organization, was an issuer of securities, and information about The DAO was “crucial” to the DAO Token holders’ investment decision.
Because DAO Tokens were securities, The DAO was required to register the offer and sale of DAO Tokens, unless a valid exemption from such registration applied.
Moreover, those who participate in an unregistered offer and sale of securities not subject to a valid exemption are liable for violating Section 5.
The Commission comes right out and says DAO tokens are securities under both major securities laws. This aligns with my own view, and the views of all the colleagues I’ve spoken to privately. Among savvy lawyers, The DAO was not a hard case. But it means something to have the prevailing conclusion in black and white from the regulator.
The Commission’s conclusions are highly influential on other legal decision makers, which gives them a level of importance over and above affecting when and against whom the Commission brings enforcement actions. But even the Commission ultimately answers to the courts, whence comes the Howey test in the first place. I hope and expect that we will see a Howey analysis of a harder-to-call blockchain-token case in a court opinion soon.
The Commission knows whereof it speaks.
In typical legal fashion, part II of the report summarizes the history of The DAO, who was behind it, how they promoted it, how it was meant to work, what went wrong, and what was done about it. This sets up part III, which applies the law to the facts. Facts plus law equals consequences. Except, in this case, there are no direct consequences.
The Commission’s summary might be the best summary of the The DAO that I’ve seen to date. It deploys the lingo of the industry like a native speaker, skillfully eliding the marketing slop and wide-eyed futurism slathered over so many whitepapers and trade publications these days. They cite Szabo. They cite FATF. They cite the DAO whitepaper. They apparently watch Epicenter and know their way around EtherScan.
Of course, they also know their legal cant, and how to season raw facts for good cooking. Sprinkled throughout the summary are terms of legal art—“representation”, “offer and sale”, “communicate to the public”—as well as linchpin facts, stated in legal terms, that situate the DAO offering, uncomfortably, in various securities law contexts. Offer and sale of securities. Public offering. Common federal exemption requirements, like sophistication screening. They also take care to lay out, right in a row, the facts from which so many of us synthesized the same conclusion: That The DAO looked for all the world like one of the most complicated, circuitous paths to seed funding for a start-up company—Slock.it—in living memory.
Demonstrating this analytic capability goes hand-in-hand with stress on the breadth of their regulatory jurisdiction. It’s one thing to say the Commission minds more than just the Securities Act of 1933. It’s another to demonstrate ready capacity to pick apart facts, cut through to substance, and recognize every structure and party they can fit into a regulatory category they oversee. The SEC can read your whitepaper and your blog. They can understand the meat of it, and can tell when you’re blowing smoke.
The Commission hammered on managerial control in its analysis.
The Commission spends a grand total of three relatively short paragraphs addressing the exchange-of-value and expectation-of-profit factors of the Howey test. They pull no punches:
Investors in The DAO used ETH to make their investments, and DAO Tokens were received in exchange for ETH. Such investment is the type of contribution of value that can create an investment contract under Howey. See SEC v. Shavers, No. 4:13-CV-416, 2014 WL 4652121, at *1 (E.D. Tex. Sept. 18, 2014) (holding that an investment of Bitcoin, a virtual currency, meets the first prong of Howey); Uselton, 940 F.2d at 574 (“[T]he ‘investment’ may take the form of ‘goods and services,’ or some other ‘exchange of value’.”) (citations omitted).
And on expected profits, subsuming “common enterprise”:
Investors who purchased DAO Tokens were investing in a common enterprise and reasonably expected to earn profits through that enterprise when they sent ETH to The DAO’s Ethereum Blockchain address in exchange for DAO Tokens.
After a quick tap on each of those bases, the Commission fills four pages on management—whether the profits DAO token investors expected would be derived from the managerial efforts of others. That analysis ties together more facts and themes from the summary than any other part of the analysis. The Commission concedes that DAO tokens afforded some extent of control, via the voting mechanism, but makes a case that the power of the vote was not sufficient to avoid investment-contract security classification.
The Commission starts by emphasizing the public statements of Slock.it and others behind The DAO. The website. The forums. Representations about their expertise. All to the effect of cultivating public confidence in their ability to play the important roles—too important, says the SEC—they’d engineered for themselves.
The Commission then turns to various structural features of The DAO, including the prebaked nature of the protocols, the curator mechanism, and the choice of curators, that took The DAO’s governance model away from one of direct tokenholder voting control. The Commission likes this line of reasoning so much that, after briefly mentioning the facts that show Slock.it and co-founders did in fact act as managers, it returns to the curator structure, recasting the facts directly in the language of the case law. This is the most legally rigorous, brief-like portion of the report.
The back half of this in-depth analysis is a bit of a curve ball.
Second, the pseudonymity and dispersion of the DAO Token holders made it difficult for them to join together to effect change or to exercise meaningful control.
The proof in the pudding, as the Commission sees it, was the tokenholders’ apparent inability to address the security breach without the assistance of the organizers.
This point interests me for two reasons.
First, I think it makes space for new work—technical and regulatory—on the automation of governance, securities ownership, and other administrivia of business structure. The recent legislation in Delaware, for example.
Interest groups have rushed to summarize the Commission’s report in maximally enabling terms: “not all tokens are securities”. That’s a fair contrapositive reading of the report’s major conclusion, that one particular token was a security, and it’s worth going into why. At the same time, it does substantial, if predictable, rhetorical abuse to the emphasis of the report and the direction of its conclusions. No securities-savvy attorney with whom I’ve talked shop has argued a hard-line reading of the rules to make all tokens securities, just because they are tokens. I wouldn’t expect the Commission to take that kind of hard-line stance, either, even as headline-grabbing and gold-rush dynamics drown out work on the state of the art with the buzz of thinly disguised speculative investment runs. And I wouldn’t expect the Commission to pick a not-a-security case for its first big Report of Investigation.
Second, pseudonymity and dispersion are inherent properties of global, public, broad-market blockchain tokens as we know and see them today. Building robust authentication and access control mechanisms on top of either Bitcoin or Ethereum would be technically and procedurally difficult, as well as counter to common ethos—technical and ideological—binding the strands of the blockchain community together. I’ll be thinking a lot in the coming weeks about whether this line of reasoning adds up to an inherent structural disadvantage for current blockchain designs under Howey. Whether novel, blockchain-token-tracked relationships even with smaller organizations might look more like public stock ownership, and therefore securities, because of it.
In the case of The DAO specifically, the Commission framed the tokenholder coordination problem diametric to the value and power of the organizers and curators. Tokenholders were structurally disorganized and uncoordinated, ergo the organizers and curators took up managerial slack, ergo tokenholders were reliant upon others—the organizers and curators—to manage to profits. The Commission does not directly address any hypothetical token without curators, which would afford total voting control of operational decision making. In many ways, that hypothetical token is more “pure”, more in the spirit of community aspirations and ideology. Could other tokenholders be the “others” in “derived from the managerial efforts of others”? That’s a question I’ll take along back into the case law.
The Commission begs to remind of its extensive regulatory arsenal.
The Howey test is not the SEC’s only game. Not by far. They can’t help pointing this out. In long-established lawyer fashion, they reserve the right to draw more than one gun in a gunfight, down in the footnotes:
Note 1: This Report does not analyze the question whether The DAO was an “investment company,” as defined under Section 3(a) of the Investment Company Act of 1940 (“Investment Company Act”), in part, because The DAO never commenced its business operations funding projects. Those who would use virtual organizations should consider their obligations under the Investment Company Act.
Note 38: Because, in part, The DAO never commenced its business operations funding projects, this Report does not analyze the question whether anyone associated with The DAO was an “[i]nvestment adviser” under Section 202(a)(11) of the Investment Advisers Act of 1940 (“Advisers Act”). See 15 U.S.C. § 80b-2(a)(11). Those who would use virtual organizations should consider their obligations under the Advisers Act.
The Investment Company Act of 1940 applies to many companies that take investment to make investment and share returns. The Investment Advisors Act of 1940 applies to many professionals who advise on investment decisions by others. Funds, fund managers, and investment advisors learn to play by these rules.
Part of maximizing your jurisdiction—the natural reflex of all regulatory bodies—is to claim new territory at the borders of your authority. Part of it is ceding no old ground, even as you seize new. The SEC is major league, on offense and on defense.
The Commission put platforms on notice.
In addition, DAO Token holders could monetize their investments in DAO Tokens by re-selling DAO Tokens on a number of web-based platforms (“Platforms”) that supported secondary trading in the DAO Tokens.
Note the broad, circular definition of Platforms: “web-based platforms … that supported secondary trading in DAO Tokens”. This is not the Commission trying to give clarity. It’s the Commission trying to make more kinds of actors aware of and concerned about its attention.
The Platforms that traded DAO Tokens appear to have satisfied the criteria of Rule 3b16(a) [the definition of regulated “exchange”—KEM] and do not appear to have been excluded from Rule 3b-16(b) [exemption from registration as an exchange—KEM]. As described above, the Platforms provided users with an electronic system that matched orders from multiple parties to buy and sell DAO Tokens for execution based on non-discretionary methods.
“Satisfying” sounds good. So does “not being excluded”. But it’s all bad news, made to sound nice. You have the ‘34 Exchange Act, and the Commission, to worry about.
Your thoughts and feedback are always welcome by e-mail.
more articles — revision history — back to top