I cannot recall something that was labeled as a non-fungible token (NFT) being treated as a security by U.S. regulators previously. According to the U.S. Securities and Exchange Commission (SEC), this case is the first.
With that in mind, it’s important to revisit first principles on selling crypto-critters in the United States. One thing which I see a lot of, all the time, is when developers start out with something that is unregulated and gradually mission-creep their way into something regulated.
Preston Byrne, a CoinDesk columnist, is a partner of Brown Rudnick’s Digital Commerce Group. He advises software, internet and fintech companies.
Given how powerful cryptocurrency tech is, these mistakes are shockingly easy to make. This is because cryptocurrency, particularly the smart contract variety like Ethereum, is capable of “captur[ing] unlimited richness in flows of actions and events; computer scientists might prefer to recognise this as a state machine with money,” as computer scientist Ian Grigg writes.
A state machine with money, of course, is capable of performing virtually any function normally performed by the financial technology stack because it automates and secures the “money” portion of it programmatically in a manner which in TradFi needs to be secured by a human authenticator.
Grigg’s essay “Financial Cryptography in 7 Layers” – which predates crypto-as-we-know-it by nine years and Ethereum-style smart contracts by 15 years – neatly disaggregates the wet-code concepts which are factored by a human authenticator which most crypto developers, frequently unknowingly, attempt to program into their smart contract applications, compressed into a single layer as they try to implement a particular specification.
“Legal,” of course, pervades all of these layers. Or to paraphrase Jean-Jacques Rousseau “most crypto projects are born free, yet everywhere they are in chains.”
Designing a basic protocol application and the act of hashing a proof-of-work genesis block is not, generally speaking, a regulated activity anywhere in the world. It is the stuff protocol engineers do afterwards such as creating incentives to use the chain and bring in new users (items five through seven on the above framework).
Last week, for example, we saw the Tornado Cash indictment come down. There were howls of dissent from much of the crypto community over this due to the perception that the U.S. government was seeking to censor code and suppress open-source developers.
Without prejudice to the constitutional presumption of innocence to which all criminal defendants are rightly entitled, having read the indictment, it seems there was a lot of post-instantiation development of the Tornado Cash platform the devs in hindsight might have preferred to avoid.
Leaving protocols published on GitHub without choosing to then embark on associated altcoin launches or management of the protocol as a going concern might be a recipe for protocol failure and obsolescence. It’s also a way to hew much more closely to the First Amendment and cases like Bernstein v. United States, which challenged restrictions on the export of cryptography.
Similarly, one thing I see often enough, and increasingly in the wake of Gary Gensler crackdown on more “traditional” financial products, is the recharacterization of certain crypto-asset securities as “non-fungible tokens” or NFTs.
Impact Theory, the L.A.-based entertainment company that drew the SEC’s ire, basically issued “NFTs” in three tranches. As the SEC summarized in its case filing:
Further, the SEC writes: “In advance of the offering, Impact Theory publicly stated that it would deliver ‘tremendous value’ to KeyNFT purchasers. Impact Theory also stated that it would use the offering proceeds for ‘development,’ ‘bringing on more team,’ and ‘creating more projects.'” The company sold NFTs, condensed those proceeds into a single wallet and used the funding to pay vendors and service providers, the SEC added.
It bears reminding that the Howey Test, the gauge the SEC uses to determine whether something is an investment contract that can be regulated as a security, “embodies a flexible, rather than static, principle.” The test is designed to look towards the substance of the transaction or sale or offering and not how it is labeled when determining whether something is or isn’t a security.
The NFT space, which is relatively new, is no different. If a non-fungible token is sold in exchange for an investment of money in a common enterprise, with an expectation of profit arising from the efforts of a promoter or a third party, it is just as liable to be a security as a fungible token sold in the same manner and with the same expectations.
Mind you, Impact Theory seems, at least from the settlement, to have been very far on the wrong side of the line, a dissent from SEC Hester Commissioners Pierce and Mark T. Uyeda notwithstanding. As users on the project’s Discord wrote, “It’s like investing 10k with a 300k upside, for a small risk,” and “Everyone here is an early adopter! Buying a founders [sic] key is Like [sic] investing in Disney, Call of Duty and YouTube all at once.” Another said investing in the Impact Theory team is like “handing $20 to Mark Zuckerberg in his dorm room.”
In other words if the sellers were selling a literal rock attached to those promises, to say nothing of an NFT, I could make out the case that they were selling securities. But there is no reason why this same regulatory mistake is also one that could be fairly easily, and entirely honestly, committed by inexperienced founders or otherwise legitimate projects who are stacking on additional functionality to please their users.
Just as an unstoppable blockchain app ignores the law, the unstoppable law ignores the blockchain. Labels and choice of data structures are part of the regulatory puzzle but are not dispositive. Substance is.
Infinitely expressive “state machines with money” (i.e. blockchains) tempt developers to build things that people will want to buy, and make it trivially easy to do so. But writing the code for the machine is one thing which happens fairly low down on the conceptual seven-layer stack; operating the machine as a going concern is quite another and lives at the top of the stack, where the laws are most active too.
Understanding that different regulatory regimes apply to different layers is a basic prerequisite to providing good legal advice in this area. Just as a token labelled a “utility token” has been assessed as problematic by U.S. regulators, so too can a token labelled a “non-fungible token,” even if the data structure utilized by that token does in fact make it non-fungible. Proceed accordingly.