Digital Assets: A Brief Summary of the Current Legal Landscape

Since Bitcoin’s creation in 2009, cryptocurrency and digital assets have skyrocketed in both popularity and value. Today, the global cryptocurrency market cap is roughly $2.78 Trillion.[1] This quick growth has led to people and entities attempting to fraudulently enter the market and perform illegal activities under the guise of a mysterious new asset class. As such, these currencies have received considerable attention from administrative agencies such as the SEC, CFTC, and FTC.

Relevant Supreme Court Cases Relied Upon by the SEC

The 75-year-old Howey test guides courts’ inquiry into allegations of the Securities and Exchange Acts when the SEC finds questionable behavior.[2] Under Howey, an investment contract exists when there is: (1) the investment of money (2) in a common enterprise (3) with a reasonable expectation of profits (4) to be derived from the efforts of others. This test is flexible and may apply to any contract, scheme, or transaction, regardless of whether it has any characteristics of traditional securities.

The Reves test aids Howey in digital asset litigation. Unlike Howey, where clear prongs must be met for an investment contract to be present, Reves lays out factors to balance while considering whether notes are securities. When applying the Reves test, courts “begin with a presumption that every note is a security. From there, the analysis turns on four factors: (1) the motivations of the parties; (2) the plan of distribution of the instrument; (3) the reasonable expectations of the investing public; and (4) whether some factor such as the existence of another regulatory scheme significantly reduces the risk of the instrument.”[3] The SEC has applied this test several times in cease-and-desist orders and has relied on it in recent litigation involving digital assets. Like Howey, Reves is a Supreme Court decision released decades before the emergence of crypto and digital assets.

The SEC acknowledges that tokens, in and of themselves, are not securities. Thus, the appropriate question becomes whether transactions, in which a particular token is implicated, qualify as investment contracts.

Recent and Unfolding Developments

Last year, separate lawsuits brought by the SEC—involving Ripple Labs, Inc. (“Ripple”)[4] and Terraform Labs PTE Ltd (“Terraform”)[5]—resulted in, unsurprisingly, inconsistent results. In Ripple, the Southern District of New York analyzed three types of sales: institutional, programmatic, and “other distributions under written contracts.” The court held that institutional sales of XRP, a cryptocurrency, were investment contracts, and therefore subject to securities regulations. Programmatic sales, however, did not meet the third Howey prong, because it was not certain that buyers had an expectation of profits from Ripple’s efforts. The “other distributions” were given to employees in exchange for consideration other than money, so the court could not find the first Howey prong.

Terraform saw the Southern District of New York rule that three separate currencies were securities based on Terraform’s conduct while advertising the currencies, promised profits, and were responsible for developments that would play a large role in the currencies’ future value. Terraform, decided a few days after Ripple, expressly rejects Ripple’s distinction between secondary markets and direct sales, saying Howey makes no such distinction. The clear divide between courts within the same District is yet another example of how the SEC’s regulation by enforcement is not conducive to innovation or growth within the digital assets market.

The SEC has attempted to strike while the Iron is hot post-Terraform, commencing actions against prominent cryptocurrency platforms Binance, Coinbase and Kraken over the last year. These suits are still unfolding, with hearings set throughout 2024.

Looking at one of the actions brought in the wake of the Ripple and Terraform decisions, the Southern District of New York recently held that the SEC’s action against, among others, Coinbase, Inc. (“Coinbase”) may, for the most part, proceed.[6] The SEC had charged Coinbase with acting as a national securities exchange, a broker, and a clearing agency with respect to transactions in 13 identified crypto assets, which the SEC contended were securities, and of offering and selling securities without a registration statement. Coinbase moved for judgment on the pleadings, arguing that the SEC’s claims should be dismissed, as even if the SEC’s allegations as pleaded were true, they fail to give rise to an entitlement to relief. The Court found that “the SEC has sufficiently pleaded that Coinbase operates as an exchange, as a broker, and as a clearing agency under the federal securities laws, and, through its Staking Program, engages in the unregistered offer and sale of securities.”[7] The Court followed Terraform in not refusing to accept a distinction between secondary markets and direct sales stating,

with specific regard to the Crypto-Assets at issue here, there is little logic to the distinction Defendants attempt to draw between the reasonable expectations of investors who buy directly from an issuer and those who buy on the secondary market. An investor selecting an investment opportunity in either setting is attracted by the promises and offers made by issuers to the investing public. Accordingly, the manner of sale has no impact on whether a reasonable individual would objectively view the issuers’ actions and statements as evincing a promise of profits based on their efforts.[8]

Thus, for now, there remains no clear answer on the status of secondary markets. While this does not mean that the SEC will ultimately be successful in proving the merits of its claims, it does mean that the SEC overcame a huge initial hurdle.

Key Considerations for Developers

While Ripple and Terraform provide thorough inquiries into digital assets as securities, neither are binding precedent nor have they brought clarity to the market. With this in mind, the Howey test remains instructive to assets in the digital assets class, with factual distinctions serving as helpful guides on how an asset may fall within or outside of the definition of a security.

Tangible and definable. The Court’s decision holding Ripple’s “other distributions” fell outside of the realm of a security rested squarely on its failure to satisfy the first prong of the Howey test, as Ripple provided its token in exchange for nonmonetary contributions. Ripple is a rare case where the first Howey element is not met. Providing money in exchange for a currency, though, is usually a straightforward inquiry and typically met.

Commonality of enterprise. Commonality can be found through either horizontal or vertical commonality. Horizontal commonality exists when there is a pooling of assets, usually combined with the pro-rata distribution of profits. Vertical commonality is present when the fortunes of investors are linked with those of promoters. The common theme here is that funds from investors are linked to the company providing the currency itself. On the other hand, Bitcoin and Ethereum are not regulated by securities laws because they do not possess the requisite centralization and are sold exclusively through secondary markets.

Setting expectations of profits. Leading investors to expect financial gain typically comes through the advertising campaign and how the currency is marketed to investors. Guaranteeing a specific return on investment with no hedging language (think “may” return a certain percentage as opposed to “will” return a certain percentage), speaking to how much better a currency is than others, and similar behavior are key cues that lead the average investor to expect a return on investment, likely making the currency a security.

Active participation. A party to the transaction bearing responsibility for the continued development of an asset or exercising continued management or promotion of a network contributes to a reasonable investor’s expectation of a profit derived from the profits of others. This can be important both at the time of investment and after the investment. An investment will be reevaluated at a later date depending on how important the continued efforts are to the asset’s value.

Attachment to an investment. Coins themselves are not securities. They need to be tied to something that may appreciate over time. Additionally, buying something purely for consumptive value may lead to its falling outside of securities laws’ purview.

Companies considering launching digital assets through initial coin offerings or on a decentralized finance platform should be mindful of the factors courts have weighed in recent cases. This area of law is evolving rapidly, and it is essential to stay abreast of developments in current cases and in changes to the regulatory framework. Pastore LLC has securities lawyers with expansive experience in securities litigation, aiding broker-dealers, investment banks, and investment advisers, and can be effective counsel advising clients on digital assets and cryptocurrencies’ status as securities.

[1] Digital Assets, Forbes, https://www.forbes.com/digital-assets/crypto-prices/?sh=1c9647f62478 (last visited Mar. 30, 2024).

[2] Framework for “Investment Contract” Analysis of Digital Assets, U.S. Securities & Exchange Commission, https://www.sec.gov/corpfin/framework-investment-contract-analysis-digital-assets (last visited Mar. 30, 2024).

[3] SEC v. Genesis Glob. Capital, LLC, No. 23-cv-00287 (ER), 2024 U.S. Dist. LEXIS 44372, at *25-26 (S.D.N.Y. Mar. 13, 2024) (internal quotation marks omitted) (citing Reves v. Ernst & Young, 494 U.S. 56, 65-67 (1990)).

[4] SEC v. Ripple Labs, Inc., 2023 U.S. Dist. LEXIS 120486 (S.D.N.Y. July 13, 2023).

[5] SEC v. Terraform Labs Pte. Ltd., No. 23-cv-1346 (JSR), 2023 U.S. Dist. LEXIS 132046 (S.D.N.Y. July 31, 2023).

[6] SEC v. Coinbase, Inc., 2024 U.S. Dist. LEXIS 56994 (S.D.N.Y. Mar. 27, 2024).

[7] Id. at *105.

[8] Id. at *68 (citing Terraform I, 2023 WL 4858299, at *15).

SEC Proposes Change to Cybersecurity Reporting Requirements for Public Companies

With the threat of irrevocable reputational harm and damage to consumer trust brought on by data breaches to public companies, the United States Security and Exchange Commission (“SEC”) recently proposed new cybersecurity reporting requirements. In March, SEC Chair Gary Gensler noted these new amendments will, “strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting.”[1] If the proposed amendments pass, it would impose new requirements on board of directors, including management reporting, organization, and board composition.[2]

The proposals aim to promote incident disclosure and increase risk management, strategy, and governance disclosure of data breaches.[3] One amendment would require a company to notify shareholders and the SEC within four business days when a material cybersecurity incident occurs.[4] The SEC would also require standardized disclosure of a company’s cybersecurity risk management and strategy, management’s role in implementing cybersecurity policies, and the board of directors’ cybersecurity expertise.[5]

As the SEC signals the necessity of new disclosure policies, companies should assess their current cyber reporting practices and procedures. The proposals aim to bridge the gap between business executives and security executives to ensure cybersecurity is included in their everyday business conversations and reporting practices.[6] In preparation of these proposals, companies can educate their board on their policies and procedures regarding cyber security risks. It is no longer the sole job of the chief information security officer to translate technology risk to business risk.[7]

[1] SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, SEC (Mar. 9, 2022), https://www.sec.gov/news/press-release/2022-39

[2] Id.

[3]  Public Company Cybersecurity, Proposed Rules, https://www.sec.gov/files/33-11038-fact-sheet.pdf (last visited Sep. 22, 2022).

[4] Id.

[5] Id.

[6] Insight Report, World Economic Forum Global Cybersecurity Outlook (January 2022), https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2022.pdf.

[7] Bob Ackerman, New SEC Cybersecurity Reporting Requirements: Three Things Companies Need To Do Now, Forbes (May 25, 2022) https://www.forbes.com/sites/forbesfinancecouncil/2022/05/25/new-sec-cybersecurity-reporting-requirements-three-things-companies-need-to-do-now/?sh=2d78e01e6f05.

New York State Department of Financial Services Issues Consent Order Against Robinhood Crypto, LLC

As interest in cryptocurrencies (“crypto”) continues to rise, businesses and investors are left wondering what regulations they must follow. While a broad regulatory framework is still nonexistent for the crypto industry, the New York State Department of Financial Services (“DFS”) recently imposed a $30 million fine on Robinhood Crypto, LLC (“Robinhood”), a wholly-owned crypto trading unit of Robinhood Markets Incorporated, for failing to comply with New York anti-money laundering (“AML”) and cybersecurity regulations.[1] This is the first time DFS has taken enforcement action against a crypto company. In making the announcement, the Superintendent of DFS, Adrienne Harris, stated, “[a]ll virtual currency companies licensed in New York State are subject to the same anti-money laundering, consumer protection, and cybersecurity regulations as traditional financial services companies.”[2] Superintendent Harris made it clear that while this may be the first such action against a crypto company, it will not be the last.[3] DFS expects crypto companies to invest in compliance programs like traditional financial institutions.

In the DFS Consent Order, DFS took issue with several aspects of Robinhood’s compliance program[4] Specifically, Robinhood failed to devote sufficient funds and resources to its compliance program,[5] its Chief Compliance Officer lacked “commensurate experience to oversee a compliance program such as [Robinhood’s]” and did not participate adequately in the implementation of Robinhood’s automate software compliance program, [6] and Robinhood overly relied on the compliance program of its parent and affiliate despite those compliance programs were not compliant with New York State’s regulations.[7] Moreover, Robinhood failed to adequately evaluate “potentially suspicious transactions in order to determine whether a [Suspicious Activity Report] should be filed.”[8] DFS noted that as of October 26, 2020, Robinhood had a backlog of 4,378 potentially suspicious transaction alerts.[9]

While Robinhood may have had a compliance program on paper, DFS made it clear that it is focused on the execution of such programs. One thing is clear: the DFS Consent Order indicates that regulatory and enforcement agencies are starting to take action against the crypto industry. Common sense, sound legal advice, and diligence will help any business or investor navigate this market as state and federal agencies begin to enforce traditional financial services regulations on the industry.

[1] In the Matter of Robinhood Crypto, LLC, Dep’t of Fin. Servs. (Aug. 1, 2022), https://www.dfs.ny.gov/system/files/documents/2022/08/ea20220801_robinhood.pdf.

[2] DFS Superintendent Harris Announces $30 Million Penalty on Robinhood Crypto for Significant Anti-Money Laundering, Cybersecurity & Consumer Protection Violations, Dep’t of Fin. Servs., https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202208021 (last visited Sept. 19, 2022).

[3] Id.

[4] Id.

[5] Id. at ¶¶ 36-41.

[6] Id. at ¶ 36.

[7] Id. at ¶ 6.

[8] Id. at ¶ 37.

[9] Id.

Is the SEC kicking Crypto when it is down?

Coinbase Global Inc. (“Coinbase”) is facing an SEC probe into whether it improperly allowed trading of digital assets that should have been registered as securities. Although there have been several court rulings and position statements by the SEC regarding digital assets, it has not halted the trading on crypto exchanges. While the SEC scrutiny of Coinbase has increased since the platform expanded the number of tokens, in which it offers trading, no meaningful regulatory action has occurred with respect to Coinbase.

The drumbeat in Washington for US regulators to do more to oversee crypto has grown louder as digital currencies have tumbled from all-time highs, erasing hundreds of billions of dollars in market value. SEC Chair Gary Gensler has homed in on trading platforms and argued that the SEC should do more to protect “retail investors”.

To determine if a digital asset is a security, the SEC applies a legal test from the 1946 U.S. Supreme Court decision. Generally, the SEC considers monies under its purview if the funding is made with the intention of profiting from the efforts of the issuer. The SEC Commissioner has suggested publically that “many” cryptocurrencies come under the definition. The SEC has not indicated which “coins” are “securities”, and instead has allowed exchanges to decide for themselves.

In the absence of clear guidance this regulatory approach, seems like a game of “gotcha”. Crypto is a young industry and it deserves clear and accurate rules so that its participants can navigate the path forward. The SEC should either test its approach in court, and perhaps it is with Coinbase, or stand down. Ultimately, the U.S. Supreme Court will likely decide the question of how to determine whether crypto coins or tokens are securities. Either way, crypto can thrive if its coins generate enough investor interest, but the rules for regulation and investor protection should be made clear at this point.

Federal Jury Rules Four Cryptocurrency products are not Securities

A recent decision in the United States District Court for the District of Connecticut appears to be the first of its kind in the nation. In the case Audet et al v. Garza et al, a federal jury recently weighed in on whether cryptocurrency products were considered securities.[1] The jury held that four digital-asset products linked to cryptocurrency were not securities.[2]

In the case, a class of customers brought an action against GAW Miners LLC (“GAW Miners”) and ZenMiner LLC (“ZenMiner”) for running a cryptocurrency Ponzi scheme.[3] When GAW Miners and ZenMiner were faced with demands from customers for the physical cryptocurrency mining equipment which they could not meet, GAW Miners and ZenMiner turned to Hashlets, Hashpoints, Paycoin and HashStakers (collectively the “Digital Assets”). [4]  These Digital Assets provided customers with a portion of the computing power without owning the physical hardware.[5] Moreover, the Digital Assets served as virtual wallets for the promissory notes and virtual currency of GAW Miners and ZenMiner.[6] The plaintiffs argued that these Digital Assets were investment contracts and therefore were unregulated securities.[7]

The plaintiffs asked Judge Michael Shea to rule as a matter of law that the Digital Assets were securities under the Howey test. [8] The Supreme Court in Howey stated an investment contract exists when “a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.” [9] However, in an unusual decision, Judge Shea declined to rule as a matter of law that the Digital Assets were securities.[10] Instead, the judge left the issue of how to classify the Digital Assets for the jury.[11] Despite the SEC previously referring to one of the Digital Assets, Hashlets, as a security in a case against one of the former defendants in this case,[12] the jury ruled that the Digital Assets were not investment contracts, and therefore, they were not securities.[13]

The issue of how to define cryptocurrencies is an ongoing debate, and the federal jury’s ruling in this case does not settle it.

[1] Elise Hansen, Crypto Mining-Linked Products Weren’t Securities, Jury Finds, Law360 (Nov. 2, 2021), https://www.law360.com/articles/1436790/crypto-mining-linked-products-weren-t-securities-jury-finds.

[2] Id.

[3] HHR Wins Groundbreaking Jury Verdict in Crypto Fraud Trial, HHR (Nov. 3, 2021), https://www.hugheshubbard.com/news/hhr-wins-groundbreaking-jury-verdict-in-crypto-fraud-trial.

[4] Id.

[5] Hansen, supra note 1.

[6] Id.

[7] Id.

[8] Alison Frankel, In apparent first, Conn. class action jury finds crypto products are not securities, Reuters (Nov. 3, 2021), https://www.reuters.com/legal/transactional/apparent-first-conn-class-action-jury-finds-crypto-products-are-not-securities-2021-11-03/.

[9] SEC v. W. J. Howey Co., 328 U.S. 293, 298­–99 (1946).

[10] Id.

[11] Id.

[12] HRR, supra note 3.

[13] Hansen, supra note 1.