2017 ended with a Russian holidaying in Greece being extradited to the US, on money laundering charges. BTC-e, his virtual currency exchange which has handled more than USD $4 billion (GBP £3 billion) of bitcoin, has allegedly been used for money-laundering for people involved in crimes ranging from computer hacking to drug trafficking.
FinCEN, the US regulator responsible for enforcing money-laundering compliance, assessed a USD $100 million penalty to BTC-e. Although BTC-e denied all links with Vinnik in a translated Bitcointalk post, he was charged with another USD $12 million personally.
Vinnik had done some things to try to keep himself out of the arms of US law enforcement:
- BTE-e was owned by Seychelles registered Canton Business Corporation;
- BTC-e domain names were owned by firms around the world;
- BTC-e banked through Cyprus and Latvia.
However, BTC-e used at least one US-based web hosting service (raided by the FBI), and its main domain name was registered with ICANN (based in the US). It also boasted numbers of US customers and was accessible from the US (including to US investigators).
This last sentence was enough to bring Vinnik under US legal jurisdiction. And it’s enough to bring all those Initial Coin Offerings and Simple Agreements for Tokens whose websites are accessible in the US, or whose tokens are available through virtual currency exchanges accessible in the US, within US jurisdiction.
Is my IPO subject to US securities law?
Unless you have IP-blocked the USA, pre-screened all investors for US passports and addresses (and eliminated them), and then gone back to filter out all accounts linked to US IBANs, your IPO is subject to US securities law as well as US money laundering requirements, including those applicable to money transmitting businesses.
Using a virtual currency exchange as your distributor is no help either. If they have US clients, they are in scope. And your token has just made them unregistered brokers/dealers, so almost certainly an unregistered national securities exchange.
But the CFTC said that virtual currencies are commodities, you reply. The only thing that isn’t a commodity for the purposes of the CFTC is an onion (people must love your regulatory anecdotes at dinner parties).
Well, the CFTC also said that it has no power to regulate spot markets in commodities; and ICOs weren’t such a big deal when it made that determination. So now it’s the SEC’s turn.
The SEC is a small regulator (in terms of employee size, not coverage). So it prioritises two things: obvious frauds, and virtual currency exchanges.
Cryptonomy clients have come to us asking for opinions, requested on tight deadlines, by the US-based exchanges on which they are listed. US lawyers with whom we have spoken have reported that the SEC has been aggressively approaching exchanges, asking whether they are certain that none of their listed coins or tokens is a security. Cue lots of post-listing due diligence, and furious mugging up on the Howey Test, Munchee, and the DAO (the latter two, SEC cease and desist order recipients).
Is my token at risk?
Now you might be asking yourself: Is my token a security? Can it be a commodity? What if it is a payment system? What if it is ethereum-like?
Let’s take these in turn.
The Howey test is hugely subjective.
The SEC’s Munchee case looked at advertising, what raised capital would be spent on, whether the eco-system was complete, whether it had a central management team, and whether an investor could reasonably assume from their Facebook adverts, blog, twitter feed, and Bitcointalk thread, that if they invested, they’d make a profit once it was listed on an exchange.
Commodities cannot have any voting rights attached (even if you’re running a DAO). They must be stores of value, almost exactly like Litecoin and Bitcoin in characteristic. Any additional features could bring them right back into the security space.
If you’ve decided you are most like a payment system, and that is your defence, you must be registered at state level (that does mean all the US states in which you have wallet holders) as a money transmitting business, and with FinCEN at the federal level, as well as have KYC checks in place, a suspicious transaction monitoring procedure that you use, and a transaction monitoring system that flags suspicious behaviour for analysis. And some people investigating those alerts.
You do know who all your wallet holders are, right? And you have verified their identities and addresses? And source of funds where a transaction was above USD $10,000? What does a suspicious transaction look like based on your wallet population?
The Ethereum case
Jay Clayton, SEC Chair, in a brief interview following a November 2017 speech, remarked:
“When you depart from the bitcoin or the ethereum, and you get into the tokens, the hallmarks become pretty clear”.
Except they don’t.
Ethereum ran an ICO in 2014. And if expectation of profit can, as was interpreted in Munchee, arise from an expectation of a profit following a listing on an exchange, or many exchanges, then Ethereum might be required to make rescission in the US. Its coin would be null and void, all monies returned to original investors, any subsequent transactions between ICO subscribers and the secondary market rendered void.
The evidence is right there on the Ethereum blog: “Ether will be purchasable directly through our website at https://ethereum.org.” There are a number of documents providing more details on the sale as well, including a development plan (DEV PLAN), roadmap, Intended Use of Revenue document (own emphasis), Terms and Conditions of the Ethereum Genesis Sale, Ether Product Purchase Agreement, and updated White Paper and Yellow Paper.
The intended use of revenue element is especially Howey-like: they need capital to enable a team of specialists to develop a coin that may reasonably be expected to, in the future, have greater value than your initial investment. Remember, the fact that it happened in Switzerland is no defence against US jurisdiction. BTC-e was in the Seychelles (linked to a phone number in Russia). The DAO was registered in Germany.
How can I protect myself?
Now you may ask: can I just retroactively file an SEC S1, and become a registered security, with all the benefits of that? The answer is no. A lawyer personally recommended by a former SEC commissioner told me so. You get one chance, and that’s before you sell your tokens.
So how can you live or go on holiday in countries with US extradition treaties, and still sleep soundly?
That is simple: don’t commit fraud. Don’t break US anti-money laundering laws. Know your customer. Verify their ID and address. Or get out of the US, if you don’t like the sound of using that information to identify all US customers, and give them their money back, where those investors have already sold their stake to someone else in the secondary market.
Get an expert opinion on Howey, and your token. Know that if you use a US law firm, they will have one eye on their reputation with the SEC, and so what you will get will be heavily caveated.
Cryptonomy can help you figure out what you need to do, and how to operationalize it. We’ve chosen outsourced AML service vendors on behalf of clients, and found the best US lawyers for Howey opinions. Our team has experience on policy writing, monitoring and testing, and analysing complex customer transaction datasets. What that means is that we can tell you what to set up, and set it up for you.
Failure to comply with the laws and regulations of the countries in which your coin is being marketed, or in which it is available via exchanges, leaves you open to regulatory penalties, criminal charges (for instance for money laundering breaches), asset freezing injunctions, law enforcement investigations, and class action law suits (not least for consumer law breaches).