by Noah Axler

It is now widely recognized in the blockchain community that a distinction should be drawn between “utility” tokens and “security” tokens. Tokens, whether utility or security, are generally digital assets created and issued over a blockchain. A utility token allows its owner access to some system or service. Security tokens, in contrast, represent an interest in a separate asset or business as to which the token holder has a right to realize revenue without any effort on her part, much like dividends on a stock. Indeed, the security token is like a stock certificate. This conception of a security token comes, not surprisingly, from U.S. securities law. It is important to note, however, that whether a token is a utility or security token is a fact-based analysis and should be resolved on a case-by-case basis.

That said, where a token represents an investment in a separate asset (for example, a real estate project, a movie, or a solar farm) and is to be offered to U.S. investors, it is safe to conclude that the token is a security token and will likely have to be registered with the SEC or comply with one of the exemptions which U.S. law provides for issuing private, unregistered securities.

But what about the ICOs or initial coin offerings of the past, 2015-2017? Many of these coins were, it is now apparent, security tokens which may not have been issued in compliance with U.S. law. The SEC is in the process of investigating many of these offerings and has already taken action against several of the issuers.

This raises the interesting question of how many regulatory-compliant security tokens have actually been issued. Surprisingly, a number of articles claim that dozens of security tokens have been issued. This seems unlikely, given the barriers to compliance with SEC exemptions from registration, specifically Regulations A+, CF, and D, even though market participants have been moving quickly to address the challenges of security token offerings.

For instance, one such article lists more than a hundred security token offerings between October 2017 and January 2019 classified as “Form D” offerings. Apparently, the writer and his organization, Canary Data, searched for SEC Form D filings by token issuers. The filing of a Form D is required when seeking exemption from registration under Regulation D. But the Form D is simply that – a requirement for claiming the exemption. It is far from conclusive evidence that an offering actually met the requirements of Regulation D.

It also doesn’t say anything about the tokens themselves – were any of the compliance requirements of Regulation D encoded “on chain,” e.g. issuer, restriction on transfer (1 year under Regulation D), and jurisdiction? Or were the tokens simply issued after the other requirements of Regulation D had presumably been met by the issuer, making the tokens nothing more than a follow-on to a traditional Regulation D offering, with no compliance functionality or any characteristics which would otherwise distinguish them from any other type of token? Further research, including an examination of the tokens themselves, is necessary to answer these questions.

One thing is certain. Until a standard is developed for security tokens, different issuers will likely have different approaches to -and interpretations of- what is needed to issue a regulatory compliant security token.