As any founder knows, operating in the blockchain space requires navigating a myriad of regulatory regimes. While every product and token are different, below are 6 key questions that any founder should ask themselves as they launch their product or token:
- Are you advertising to the public? If a company advertises to the public, anti-fraud and consumer protection laws are relevant. Regulators in the U.S. from the Federal Trade Commission and the Consumer Financial Protection Bureau, along with state attorneys-general, enforce rules to ensure advertisements and public statements do not contain (among other things) statements or promises that are false, misleading, or deceptive. Companies should screen public messages with their counsel before publishing them.
- Where do you plan to launch your product or token? Companies should be aware of sanctions programs in jurisdictions in which they plan to operate. In the U.S., the Office of Foreign Asset Control (“OFAC”) enforces compliance with U.S. sanctions programs. Conducting transactions with sanctioned persons or in a sanctioned jurisdiction is an offense and OFAC may impose penalties on a “strict liability standard.” This means that OFAC can hold violators civilly liable regardless of whether they knew they participated in a transaction with a sanctioned person or entity. Many companies have policies and internal controls (e.g., customer screening and IP address blocking) meant to prevent prohibited transactions.
- Would a person reasonably rely on the Company’s efforts to profit from their purchase? If a blockchain company issues or plans to issue tokens or other digital assets, it is imperative that the company complies with securities laws. The lodestar for determining whether a token is an “investment contract” (one type of security) is the Howey Test. In short, pursuant to the Howey Test, a token is a security if a purchaser could reasonably depend on the efforts of a third party (i.e., the company) to generate a profit. While the interpretation of the Howey Test is more nuanced than that, understanding how consumers are going to think about your token is important in assessing the level of risk that launching the token might impose. The actual application of the Howey Test is fact intensive, and therefore requires comprehensive review and application of the token and the Company’s distribution plans.
- Will employees have access to sensitive information that could impact prices? If a company’s employees will have access to material, non-public information regarding prices of the company’s publicly traded digital asset or any other asset trading on a platform controlled by the company, the company should implement policies to prevent employees or other insiders from profiting off of that information (by implementing, for example, insider trading policies). These policies should dictate how and when an employee, consultant, or director is allowed to buy and sell the company’s digital assets or any other asset trading on the company’s platform.
- Will the Company transmit someone’s money? Blockchain companies acting as an “administrator” or “exchanger” of “convertible virtual currency” (“CVC”) may be deemed a money transmitter under federal law. In short, if a company has the authority or power to issue, remove, or exchange a cryptocurrency or virtual currency, the company may be required to register as a “money services business” under the federal Bank Secrecy Act, which requires companies to assist the U.S. government in detecting and preventing money laundering. In addition, 49 states also have “money transmission laws.” Each state has different laws with respect to CVC, so a state-by-state analysis will be required to determine where the company should file for money transmission licenses.
- Will the Company collect customer information? Consumer data protection has received a sizable amount of attention from both legislatures and regulators over the past several years, including the implementation of GDPR in the EU and the CCPA in California (just to name a couple prominent laws). Any company that is collecting, storing, or transmitting consumer information should review its online privacy policy and terms of use, as well as its internal policies around how that information is stored and where that information is transmitted. Even if still under the control of the company, data transferred from one jurisdiction to another may violate applicable data privacy laws.
The 6 questions above will help frame some of the more common regulatory issues that companies in the blockchain space need to pay attention to, but that list is certainly not exhaustive. With an increased focus on blockchain companies by regulatory agencies, it’s important that founders operate within and understand existing regulations, and also make a plan for how they will adapt as those regulations change.