The Securities and Exchange Commission (“SEC”) recently moved to sanction an ICO-related business for post-DAO-Report misconduct, charging blockchain entrepreneur Nikolay Evdokimov and his cryptocurrency-based startup ICOBox with orchestrating an illegal $14.6 million securities offering and running an unregistered brokerage firm that oversaw the sale of over $650 million in securities. The 25-page complaint (“Complaint”), which details both ICOBox’s business model and the myriad ways in which it potentially violated federal securities law, offers several key factors to be considered by companies considering a token launch or reevaluating prior token distributions in light of continuing SEC actions.
ICOBox promised big returns and a global company reach
ICOBox, founded in early 2017 and operated by Evdokimov ever since, promised investors that it would become a one-stop-shop for cryptocurrency businesses seeking to raise funds by selling proprietary startup-specific digital assets commonly known as either “tokens” or “coins,” depending on the asset’s particular characteristics and functions. Its customers have the option of purchasing one of several “packages” that provide ICO-related support services, such as marketing, legal advice, escrow accounts, and software support. ICOBox issued its own coin, ICOS, in a 2017 offering that raised $14.6 million. ICOBox and Evdokimov promised investors that they would be able to trade ICOS tokens purchased during the sale for future tokens issued by startups through ICOBox at a one-to-four ratio, essentially creating an “ICO discount pass.”
In its promotional materials, ICOBox touted lofty goals to investors, including promising that ICOBox would run 100 ICOs a month, and that the company would become the go-to global ICO brokerage firm and launch platform. Cornering the market, Evdokimov promised, would materially increase the value of the ICOS tokens on third-party cryptocurrency exchanges.
ICOBox was offering unregistered securities
As the SEC’s Complaint notes, “ICOBox’s results turned out to be less rosy than its promotional materials forecast.” In two years, ICOBox has overseen just 35 token offerings, the ICOS token has plummeted to 1/30th its initial value, and the company is now facing two potential securities violations.
The crux of those allegations stem from the fact that ICOBox developed, promoted, and sold tokens that the SEC alleges were “securities” as defined in the Securities Act of 1933. Applying the test first enunciated in Howey, the Complaint argues that both the ICOS tokens and the other tokens promoted on by ICOBox were securities. The SEC specifically alleges that:
- By actively soliciting cash purchases of the ICOS token, ICOBox and Evdokimov sought investments of money without registering their token as a security, “exposing thousands of investors to risky investments without providing the necessary information and protections required by the federal securities laws.”
- Because ICOBox and Evdokimov promised that the ICOS token could be exchanged at a 4x ratio for other tokens, and that the ICOS token’s value would increase in trading price, investors had a reasonable expectation of profits from their investments in the company.
- Investors were pooling their cash in ICOBox, a common enterprise.
- Because the value of the ICOS tokens and the tokens offered through ICOBox platform relied on the skill, connection, and strategies of Evdokimov and the rest ICOBox team, investors were reliant on the efforts of others.
What the ICOBox Complaint tells us about the SEC’s enforcement focus
While the Complaint’s application of the Howey test should not come as a shock to practitioners, the Complaint provides some insight into the SEC staff’s current thinking on enforcement and exposes some potential pitfalls to bear in mind, including:
- Token sales subsequent to DAO Report are subject to enhanced scrutiny: The SEC prominently noted in the Complaint that ICOBox’s token offering and broker-dealer activities began just weeks after the DAO Report “put the digital asset industry on notice that many digital assets such as the ICOS tokens are securities.” Citing a particular interview in which Evdokimov discussed (and largely dismissed) the DAO Report, the Complaint indicates that the DAO Report and other recent SEC pronouncements on digital assets should be considered binding even though such SEC actions have not gone through the customary rule-making requirements.
- SEC will look beyond the “four corners” of any offering materials: While experienced counsel customarily flyspecks token offering documents (i.e. a white paper, sales contracts, website, etc.), the Complaint cites heavily to both the company’s and Evdokimov’s posts on Twitter, Telegram, Medium, and other social media sites. With many token sales now being conducted under the auspices of Regulation D, counsel must ensure that the offeror’s entire team understands the parameters around communication with potential investors. Also, with many issuers out-sourcing KYC/AML and other services to third-parties, service provider communications should be closely monitored as well.
- Self-serving statements will not save the token offering from scrutiny: The SEC was particularly unimpressed with ICOBox’s affirmative statements to prospective investors that its ICOS token was not a security. The Complaint quotes the following Telegram post from an ICO team member: “Our tokens are not securities. They are a product which has its purpose and functions. Because ICOS token is not a security, its sale does not require registration.” More artful disclaimers set forth in token sale agreements or delineated as risk factors are not enough to shield the offeror from liability for the unregistered sale of digital assets. A statement by the issuer or some minimal functionality is not enough to render a token a “product” or “utility. To pass muster under the Howey test’s third prong, such digital asset must “fully developed and operational.”
- While Reg D may be an option for token issuers, issuers must comply with all rules applicable to exempt offerings: In the Complaint, the SEC refused to distinguish between initial coin offerings and “security token offerings” (STOs), alleging that ICOBox and Evdokimov were liable for the unregistered sale of both because they did not limit the offering to accredited investors or otherwise comply with Reg D. Even though the SEC has not barred the door to STOs, in the Complaint and other venues, the agency has laid down an important marker that compliance with Regulation D is critical for token issuers. Indeed, in its annual enforcement report, the agency wrote that “[w]e also have recommended enforcement actions for conduct ranging from registration violations, to unregistered broker-dealer activity, to instances in which the purported use of blockchain-related technology is merely a veneer for outright fraud.”
- Companies facing SEC investigations should consider modifying their behavior: Assuming that ICOBox knew it was under investigation by the SEC, the Complaint does not evidence that the company took any action to lessen its potential liability. As of October 24, 2019, its website still solicited customers and boasted “$650M+ collected for our clients, and counting” by “the first and biggest new generation Blockchain Growth Promoter and Business Facilitator for companies seeking to sell their products via ICO/STO crowdsales.” In contrast, Nebulous, Inc. cited its compliance efforts subsequent to the commencement of SEC action in its successful application for waiver from the “bad boy” prohibitions under Rule 506(d)(2)(ii). Obviously, each fact pattern is unique but recent SEC orders indicate that the agency may be willing to reach accommodations with token issuers which provide for settlement of past violations without imposing a “death penalty” on the issuer.
What’s next for the blockchain space after the ICOBox complaint
Recent SEC no-action letters in the digital asset space have provided little solace to token issuers seeking to develop truly distributed networks (as opposed to the closed systems contemplated by TurnKey Jet, Inc. and Pocketful of Quarters, Inc.). Even though the DAO Report, the SEC’s April 2019 “Framework for ‘Investment Contract’ Analysis of Digital Assets” and other agency statements and actions have started to add some clarity, important questions remain unresolved. The ICOBox complaint coupled with actions against Kik Interactive and Telegram mean that federal courts will soon have the chance to determine whether digital assets should continue to be viewed under the same lens as orange groves. A Howey test for 21st century could be on the horizon.