Keyword: securities

The Token Taxonomy Act: A Fatal Drafting Ambiguity

As we’ve previously written, the Token Taxonomy Act (TTA) is an ambitious and potentially impactful piece of legislation that, by exempting digital tokens from the securities laws, might remove regulatory inhibitions from the maturing digital token industry. The bill is not without fault, however. As it stands, the language of the bill requiring that a digital token’s consensus be inalterable is ambiguously written and the SEC could use a strict interpretation to preclude many digital assets from qualifying as digital tokens.

The proposed additional language of Section 2(a)(20)(B) of the Securities Act of 1933 reads that to qualify for the exemption, a digital token:

(i) must be recorded in a distributed, digital ledger or digital data structure in which consensus is achieved through a mathematically verifiable process; and

(ii) after consensus is reached, cannot be materially altered by a single person or group of persons under common control.

In other words, a digital token must use an inalterable and objectively verifiable process. This language is designed to include in the definition only those digital tokens that are or will be in widespread enough use so that no one single party can influence the nature of the outstanding tokens in a way that adversely affects digital token holders.

The proposed language creates the possibility that the SEC could strictly apply the requirement that a token “cannot” be materially altered. As it stands, proof-of-work and even proof-of-stake digital assets are susceptible to a 51% attack, which could alter the digital token’s consensus. “Proof-of-work” and “proof-of-stake” refer to different systems used to verify and process transactions on a blockchain.

A “51% attack” is an event in which a party takes control of the requisite computer power underlying a token’s blockchain such that the party can control the token platform’s operation. Typically, a party seeking such control needs to possess 51% of the outstanding tokens, but the threshold amount can be lower for individual digital assets. A party that has successfully executed a 51% attack can change the ledger history so that it can, for example, double-spend tokens.

The SEC could negate the potential application of the TTA because the recent 51% attack against Ethereum Classic shows that the risk of attack against proof-of-work digital assets, especially those with a low market capitalization, is real. And although the proof-of-stake system makes a 51% attack prohibitively expensive, the SEC could justifiably claim that it is theoretically possible. An irrational, non-economic actor could still stage a 51% attack against a proof-of-stake digital asset with an intent to destroy it rather than to make profit.

In the end, the ambiguity in the bill’s language might not have a deleterious effect. It is hoped that a regulator would not strictly interpret the bill’s language to exclude the intended beneficiaries because of a hypothetical possibility of a 51% attack. So, too, the digital asset industry will likely continue to innovate new and more secure protocols that could potentially eliminate the threat of 51% attacks, making potential exclusion from the bill’s benefits a moot point. Nonetheless, as the TTA undergoes revision, the potential ambiguity in the proposed language should be remedied.

FCA Proposes Guidance on Cryptoassets, but Questions Remain

In January, the UK’s Financial Conduct Authority (FCA) released a consultation on potential guidance on cryptoassets that provides useful direction on how cryptoassets fall within the current regulatory regime. This consultation, one of the publications resulting from the Cryptoasset Taskforce’s October 2018 final report, does not drastically alter the current regulatory landscape, but rather provides clarity on the FCA’s current regulatory perimeter. The consultation also references a consultation by Her Majesty’s Treasury (HMT) that is expected in early 2019, which will explore legislative changes and potentially broaden the FCA’s regulatory remit on cryptoassets.

The FCA consultation on guidance asks for responses to the questions it poses by April 2019. The FCA does not intend to publish its final guidance until this summer; the guidance noted in this consultation paper is subject to change and should not be considered the FCA’s definitive position. However, subject to the feedback that is received, the consultation gives a good indication of the FCA’s thinking with regards to the regulation and classification of cryptoassets. Some of the points highlighted in the consultation are discussed below.

Exchange Tokens / Anti-Money Laundering

The FCA has confirmed that exchange tokens, such as Bitcoin, Litecoin or Ether, do not fall within the regulatory perimeter. This had already been expressed in the Cryptoasset Taskforce’s report, but it is useful to have it repeated here.

However, exchange tokens will be caught (along with other cryptoassets) by the 5th Anti-Money Laundering Directive (5AMLD), which will be transposed into UK law by the end of 2019. HMT will formally consult on this, but the FCA expects that 5AMLD will catch exchange between cryptoassets and fiat currencies or other cryptoassets, transfer of cryptoassets, safekeeping or administration of cryptoassets and provision of financial services related to an issuer’s offer and/or sale of cryptoassets. Being caught by the 5AMLD does not, by itself, mean the cryptoasset will be subject to FCA regulation.

Security Tokens

The FCA’s discussion on the classification of security tokens is arguably the most anticipated part of its guidance on cryptoassets. The discussion makes clear that cryptoassets that fall within the definition of a security will be treated as such. However, given that cryptoassets can provide a range of rights and other characteristics, it can be difficult to determine whether they do fall within such definition. While noting that it can be difficult to categorize tokens, the guidance describes the most relevant traditional forms of specified investments that security tokens may fall into. The guidance also notes that products that derive their value from or reference cryptoassets, such as options, futures, contracts for difference and exchange-traded notes, are likely to fall within the regulatory perimeter, even if the underlying cryptoasset does not.

The FCA states in its guidance that tokens that are issued in exchange for other cryptoassets, and not for fiat currency, will not necessarily be exempt from the regulatory regime if they are considered security tokens.

Issuing of one’s own security tokens does not require the issuing company to have a regulatory licence, in the same way that issuing one’s own shares does not require a licence. However, authorization must be obtained by any exchanges in which the tokens are traded, advisers and brokers, and the financial promotions regime will need to be complied with.

Shares / Debt instruments

According to the consultation, if a cryptoasset has the features of a share then it will be considered a specified investment and certain activities involving it will require authorization or exemption. In determining whether a cryptoasset is classed as a share, the FCA has noted that a separate legal personality, and a body which survives a change of member, are significant but not determinative factors in classifying the cryptoasset. Other factors include whether the cryptoasset provides voting rights, control, ownership, access to a dividend based on the performance of the company or rights to distribution of capital on liquidation. Interestingly, the FCA has noted that the definition is dependent on company and corporate law.

There is a trend for token offerings to be packaged as “security token offerings” and promoted in accordance with security requirements, as ICOs are no longer attractive to investors. However, many of these “security token offerings” do not give equity rights. Calling a token a “security token” will not change the nature of the token itself. The FCA has not been clear on this subject, but arguably a security token that does not meet the company law and corporate law definition of a share can be treated as a utility token and not require the trading platform, broker or advisers to be licensed.

A cryptoasset that represents money owed to the token holder will be considered a debt instrument, and therefore will be considered a security token.

If the cryptoasset is considered a share or debt instrument, and is capable of being traded on the capital market, it will be considered a transferable security under the Markets in Financial Instruments Directive (MiFID), and the MiFID regime will apply. As with traditional securities, this does not require the security to be listed. If the cryptoasset is able to be transferred from one person to another in such a way that the transferee will acquire good legal title, it is likely a transferable security. It is important to note that a cryptoasset may be considered a share under the UK law, but not a transferable security under MiFID.

Warrants, certificates representing certain securities and rights and interests in investments

Warrants may be issued as cryptoassets in situations where an issuing entity issues A tokens, which will provide the token holder the right to subscribe for B tokens at a later date. If the B tokens represent shares or debentures (or other specified investments), then the A tokens will be considered warrants and therefore specified investments. It is important to note that for the A tokens to be warrants, the B tokens will need to be new cryptoassets issued by the issuing entity. If the A tokens provide a right to purchase B tokens from a secondary market, the A tokens will not be considered warrants.

Similarly, A tokens that provide the token holder with a contractual or property right over other investments (either in cryptoasset or traditional form) will be considered certificates representing certain securities. Cryptoassets which represent a right to or interests in other specified investments are also classified as securities.

Units in collective investment schemes

Certain cryptoassets may be considered units in a collective investment scheme, notably tokens that allow investors to invest in assets such as art or property. Provided the investments in the cryptoassets are pooled, and the income or profits that the cryptoasset holders receive are also pooled, it will likely be considered a unit in a collective investment scheme. Importantly, if the token holders have day-to-day control of the management of the investment, it will fall outside this definition.

Utility Tokens

Tokens that represent rewards, such as reward-based crowdfunding, or the access to certain services, will be considered utility tokens. Utility tokens do not have the features of securities, and therefore fall outside the regulatory perimeter. The FCA has noted that the ability to trade utility tokens on the secondary market will not affect the classification of the token – even though this may mean individuals purchase these as investments.

Payment Services and Electronic Money

The guidance confirms that the use of cryptoassets is not covered by the payment services, unless the cryptoasset is considered electronic money. However, where cryptoassets act as a vehicle for money remittance (i.e. the transfer of money from one account to another, perhaps with a currency exchange) then the fiat sides of the exchange will be caught by the payment services regulations.

While cryptoassets do not fall within the payment services regime, they may fall within the e-money one. To the extent that the cryptoasset is issued on receipt of funds (i.e. fiat currency, not other cryptoassets) and the cryptoasset is accepted by a person other than the electronic money issuer, it may be considered electronic money (unless it is excluded). This would include cryptoassets that are issued on receipt of GBP and are pegged to that currency, as long as the cryptoasset is accepted by a third party. Therefore, stablecoins that meet the definitions set out above may fall within the definition of electronic money.

Issues Outstanding

None of the guidance’s declarations is new, but the guidance does provide useful clarification. What is not clear is how utility or payment tokens wrapped in a security token wrapper but not containing traditional security/equity rights will be treated. In our view, if the token is a utility token dressed in a security token wrapper, it should not necessarily be treated as a security, for UK regulatory purposes including requiring an authorized multilateral trading facility (MTF) to carry out secondary trading. The FCA says nothing here conflicting with this, but it would be useful to have clarity in this regard.

SEC and FINRA Confirm Digital Assets a 2019 Examination Priority

Recently, the Staffs of the SEC and FINRA announced their annual examination and regulatory priorities: the SEC’s Office of Compliance, Inspections and Examinations (OCIE) issued its 2019 Examination Priorities just before its employees were sent home on furlough, and FINRA issued its 2019 Risk Monitoring and Examination Priorities Letter last week, several weeks later than its usual first-of-the-year release. The high points and overlap of the two releases are covered in an Orrick Client Alert, but for purposes of On the Chain, we will briefly discuss the two regulators’ not-surprising designation of digital currency as one of their priorities.

The priorities letters clearly telegraph both regulators’ intentions to examine firms’ participation in the digital assets marketplace. OCIE flags digital assets as a concern because of the market’s significant growth and risks. OCIE indicates that it will issue high-level inquiries designed first to identify market participants offering, selling, trading, and managing these assets, or considering or actively seeking to offer these products. Once it identifies those participants, OCIE will then assess the extent of their activities and examine firms focused on “portfolio management of digital assets, trading, safety of client funds and assets, pricing of client portfolios, compliance, and internal controls.”

For its part, FINRA treats digital assets under the heading of “Operational Risks,” and encourages firms to notify it if they plan to engage in activities related to digital assets, even, curiously, “where a membership application is not required.” In this context, FINRA references its Regulation Notice 18-20, July 6, 2018, which is headlined “FINRA Encourages Firms to Notify FIRNA If They Engage in Activities Related to Digital Assets.” These initiatives provide a partial explanation for the long-expected delays in FINRA granting member firms explicit authority to effect transactions in digital assets.

FINRA also states its intention to review these activities and assess firms’ compliance with applicable securities laws and regulations and related supervisory, compliance and operational controls to mitigate the risks associated with such activities. FINRA states that it will look at whether firms have implemented adequate controls and supervision over compliance with rules related to the marketing, sale, execution, control, clearance, recordkeeping and valuation of digital assets, as well as AML/Bank Secrecy Act rules and regulations. These issues are addressed in detail in FINRA’s January 2017 report on “Distributed Ledger Technology: Implications of Blockchain for the Securities Industry.”

The SEC and FINRA clearly will seek to align their concerns about firms participating in the digital asset markets and the compliance and supervision standards to which they will hold them. The regulators’ jurisdiction overlaps, but the SEC’s is broader – it extends to all issuers, while FINRA would be limited only to those issuers that are member broker-dealer firms. The SEC also has jurisdiction over investment advisers, while FINRA again is limited to those advisers who are members. And because the SEC effectively owns the definition of security, FINRA also states its intention to coordinate closely with the SEC in considering how firms determine whether a particular digital asset is a security. At the same time, FINRA has jurisdiction over any activities engaged in by broker-dealers with respect to its customers, even those that do not involve a security, meaning that a member firm’s transactions in or custody of, for example, bitcoin – declared by the SEC not to be a security – still will implicate FINRA’s oversight.

The regulators’ coordination on their digital currency reviews will likely not diminish regulatory attention, but at least it will provide industry participants some comfort that coordinated thought is being given to how best to regulate this emerging area.

Transactors in Digital Tokens – New Bill Offers Hope

On December 20, 2018, Representatives Warren Davidson (R-Ohio) and Darren Soto (D-Fla) offered some early holiday hope to digital token issuers by introducing the “Token Taxonomy Act” (the TTA). If passed, the TTA would exclude “digital tokens” from the federal securities laws and would undoubtedly have profound effects for the U.S. digital token economy. The TTA is an ambitious piece of legislation that faces an uncertain future. Nevertheless, Representatives Davidson and Soto should be commended for attempting to provide some regulatory relief and certainty to an industry that has been yearning for it.

In addition to exempting digital tokens from the securities laws, the TTA would amend the Internal Revenue Code and classify the exchange of digital tokens as like-kind exchanges under Section 1031, and allow digital tokens to be held by retirement accounts.

The TTA would also amend language in the Investment Advisers Act of 1940 and the Investment Company Act of 1940 so that state-regulated trust companies, which include broker dealers, investment advisors and investment companies, would be able to hold digital assets for customers.

According to the TTA’s authors, the intention behind the bill is to provide much-needed regulatory certainty to digital token issuers and to ensure the U.S. remains competitive against other countries like Switzerland, where blockchain startups are thriving.

However, the TTA’s benefits are hypothetical at this point, since it is likely to be opposed by the SEC. On November 30, 2018, SEC Chairman Jay Clayton opined at a New York Times-hosted event that SEC rules were made by “geniuses” and “have stood the test of time.” He stated that he did not foresee changing rules “just to fit a technology.” While he was not referring specifically to the TTA, these comments indicate an unwillingness by the SEC to change its longstanding rules to accommodate a nascent technology.

Even if the bill is passed, it would permit the SEC to determine whether a particular digital unit qualifies as a security and therefore is subject to the SEC’s regulation. The SEC thus would have the power to halt an offering and force compliance with the applicable securities laws. The TTA would spare issuers from any penalties if they have acted in good faith and take reasonable steps to cease sales. But with an unclear, and a potentially costly or lengthy, appeals process, the SEC could discourage issuers from taking the risk of attempting to qualify and sell digital tokens from the start. This provision would blunt the intended deregulatory impact of the TTA.

Although its future is uncertain, the TTA shows that there are government leaders that are listening to the concerns of the digital token issuers. If the TTA is introduced in the 116th Congress, it will be a piece of legislation worth tracking. Even if this particular bill is not enacted, it might point the way to other legislation whose passage might provide some regulatory relief to those who transact in digital tokens.

Dragged to the U.S. Courts (Part 3): The Importance of a Valid Forum-Selection Clause

We have said it in both part 1 and part 2 of this series: for a U.S. court to exercise its powers over a foreign defendant, it must have personal jurisdiction. But even if the court finds that it has jurisdiction, the defendant can request the court to transfer the case to an alternative forum, even to a different country, under the common law doctrine forum non conveniens. In In re Tezos Securities Litigation, the Swiss defendant Tezos Foundation failed in its attempt to transfer the action to Switzerland because of the operation of its forum-selection clause. In this final part of our series discussing jurisdictional questions for blockchain and cryptocurrency companies, we address two crucial factors that non-U.S. companies should consider when crafting a forum-selection clause.

Once a defendant moves to transfer the case by implicating forum non conveniens, the court will undertake a fact-intensive balancing of private and public factors, such as the location of witnesses and evidence, the enforceability of any judgment, avoidance of unnecessary conflicts of law, and administrative congestion. Generally, courts give great deference to the plaintiff’s choice of forum and transfer the case only if the balance of factors “strongly favors” the defendant. But this analysis changes when the parties have agreed to a valid forum-selection clause. As many courts have noted, and Judge Seeborg repeated in In re Tezos, “Because a valid forum-selection clause is bargained for by the parties and embodies their expectations as to where disputes will be solved, it should be given controlling weight in all but the most exceptional cases.”

In the Tezos case, the Swiss defendant argued that there were no exceptional circumstances preventing the court from giving controlling weight to its forum-selection clause, which stated that “[t]he applicable law is Swiss law [and] any dispute . . . shall be exclusively and finally settled in the courts of Zug, Switzerland.” This forum non conveniens motion, however, failed because the court found that the plaintiff had not been put on notice of the forum-selection clause and thus could not have consented to it.

While forum selection is a complex subject, the Tezos decision demonstrates one necessary requirement for any binding forum-selection clause, dispute-resolution clause, or indeed even contract – consent. Below are two factors from In re Tezos and other cases relating to online businesses that blockchain and cryptocurrency companies should consider if they want their forum-selection clauses to bind their website users:

  1. Choose clickwrap over browsewrap: A clickwrap or clickthrough agreement requires the user to engage with the website, usually by checking an “I agree” or “I accept” box. A browsewrap agreement attempts to bind users of the website by inferring assent to the terms and conditions. Generally, it is easier to prove notice and consent where a clickwrap agreement has been used, since the user is required to take affirmative action to show agreement to the terms and conditions. A browsewrap agreement may also bind the user, but this requires either (i) a showing that the plaintiff had actual knowledge of the agreement, or (ii) the website putting a reasonably prudent user on “inquiry notice” of the terms. The Contribution Terms of the Tezos ICO did not include a clickwrap agreement for the forum-selection clause. And, as discussed next, the browsewrap agreement itself was poorly executed.
  2. When using a browsewrap agreement, make the forum-selection clause visible: The question of whether a user has notice of the terms is likely to depend on the design and content of the website. If a link to a website’s terms of use (which includes the forum-selection clause) is “buried at the bottom of the page or tucked away in obscure corners of the website where users are unlikely to see it,” the courts are likely to refuse to enforce the browsewrap agreement (see Nguyen v. Barnes & Noble Inc., 763 F.3d 1171 (9th Cir. 2014)). Similarly, some courts have found that browsewrap agreements were not enforceable where the link to the terms and conditions was not visible without scrolling down to the bottom of the page, which was not necessary to do to complete the purchase (see Specht v. Netscape Commun’ns Corp, 306 F.3d 17 (2d Cir. 2002)).

A fundamental problem with the Tezos ICO Contribution agreement was that it did not actually include the forum-selection clause but instead had a single sentence, on page ten of the twenty-page agreement, directing users to “refer to the legal document that will be issued by the Foundation for more details.” Adding to the problems, the court noted that the relevant website did not even hyperlink to this legal contract with the forum-selection clause. Finally, Judge Seeborg added that even if Tezos Foundation had added hyperlinks and some language indicating a user’s “purported agreement,” the browsewrap agreement might still be held unenforceable, particularly against individual consumers.

After finding that the terms of the ICO did not provide sufficient notice that the plaintiff had agreed to Switzerland as the forum, the court applied the traditional forum non conveniens analysis and dismissed the transfer motion. Judge Seeborg added, however, that if discovery later shows that the plaintiff was, in fact, aware of the forum-selection clause, then he may consider dismissal or transfer of the case to the courts of Switzerland.

Despite Alleged Fraud, Judge Denies SEC’s Preliminary Injunction Request Based on Howey

Despite evidence of egregious fraud in the marketing of tokens, a judge in the U.S. District Court for the Southern District of California recently held the line against the SEC and denied its request for a preliminary injunction. In doing so, the court reaffirmed that in order for an injunction to be issued, the SEC must make a compelling showing that the tokens qualify as securities under the Howey test.

In Securities and Exchange Commission v. Blockvest, LLC et al., Judge Curiel of the U.S. District Court for the Southern District of California ruled on November 27, 2018, on a request by the SEC for a preliminary injunction against Blockvest, LLC and its principal Reginald Ringgold. The SEC’s request for a preliminary injunction came six weeks after the court granted a temporary restraining order in the SEC’s favor.

To obtain a preliminary injunction, the SEC bore the burden of showing that Blockvest and Ringgold committed a prima facie case of a securities law violation, and that such violation would likely repeat.  Specifically, the SEC alleged that Blockvest and Ringgold had engaged in an unregistered securities offering when selling proprietary BLV tokens to 32 individuals. The SEC argued that under the Howey test, these tokens qualified as securities because Blockvest and Ringgold engaged in a marketing campaign to induce purchasers to believe that, based on the efforts of Ringgold and Blockvest’s employees, the tokens would appreciate in value. Blockvest’s and Ringgold’s wrong would allegedly repeat because Ringgold demonstrated disregard for the SEC’s enforcement efforts in the days immediately after the initial delivery of its complaint.

Compounding the SEC’s case was the allegedly egregious fraud perpetrated by the Defendants. Ringgold represented that his offering was endorsed by the SEC, CFTC, and Deloitte Touche, as well as a fictional regulatory agency called the “Bitcoin Exchange Commission” that had the same address as the SEC and a seal modelled upon the seal of the SEC.

Despite the strong allegations of fraud, Judge Curiel denied the preliminary injunction because he gave credence to the Defendants’ rebuttals, and because the SEC had failed to make a compelling case. For instance, the court considered Ringgold’s assertion that the alleged 32 token purchasers were simply testers who had no expectation of profit; indeed, the pre-sale program through which the purchasers obtained the tokens had not yet even been cleared by the company’s compliance officer and the website where the purchases allegedly occurred was not operational.

All told, the court found that the SEC could not show that under the Howey test, any purchase based on an expectation of profit had actually occurred.  Likewise, the court concluded that the SEC could not show a reasonable likelihood of repetition of the wrong because no wrong had occurred in the first place, and Ringgold demonstrated intent to comply with securities laws going forward.

Dragged to the U.S. Courts (Part 2): Avoiding Personal Jurisdiction as a Non-U.S. Blockchain Company

Without personal jurisdiction over a defendant, a court cannot exercise its powers. And when it comes to non-U.S. companies who want to avoid being dragged to court in the U.S., Alibaba Group Holdings Limited v. Alibabacoin Foundation, No. 18-CV-2897 (S.D.N.Y.) and In re Tezos Securities Litigation, No. 17-CV-06779-RS (N.D. Cal.) show that the traditional jurisdictional analysis applies to blockchain technologies as much as to traditional companies. To further minimize the risks of U.S. litigation, blockchain-related companies should also heed the lessons derived from case law related to online businesses – other creatures of the modern age. This is the second part of our series discussing jurisdictional questions for blockchain and cryptocurrency companies. The first part, which can be read here, focused on how the location of the blockchain nodes may affect the court’s analysis.

U.S. courts can exercise personal jurisdiction over a foreign defendant who has either a continuous and systematic presence in the state (general jurisdiction) or “minimum contacts” with the state such that the exercise of jurisdiction “does not offend traditional notions of fair play and substantial justice” (specific jurisdiction). “General” or “all purpose” jurisdiction permits a court to hear all claims against the defendant, while “specific” or “case-linked” jurisdiction permits only those claims which stem from the defendant’s forum-related contacts (see Walden v. Fiore, 571 U.S. 277 (2014)). While some states have adopted additional long-arm statutes, the federal due process requirements must always be satisfied.

Most courts analyze the “minimum contacts” for specific jurisdiction in a three-part inquiry: (1) Does the claim arise out of the defendants’ forum-related contacts? (2) Did the defendant purposefully avail itself of the forum’s laws? and (3) Is exercising jurisdiction reasonable? We will now look at the second prong of the test and the steps that non-U.S. companies setting up operations can take to avoid purposeful availment.

In both Alibabacoin and In Re Tezos, the courts found that a foreign blockchain company with few physical contacts with the United States had purposefully availed itself of the U.S. laws. These cases conform with the principles found in case law related to online businesses. Following is a list of the relevant factors that courts have found showing purposeful availment by Belarus and Dubai defendants in Alibabacoin, by a Swiss defendant in In Re Tezos, and by various other online companies in other cases:

  1. An interactive website accessible in the U.S.: The courts in both Alibabacoin and Tezos agreed that an interactive website available in the U.S., alone, is not sufficient for personal jurisdiction. But the more functional the website, the more likely a court is to find personal jurisdiction (with additional factors present). For example, in Alibabacoin, the court found it relevant that the defendants’ website allowed a user to (1) register a cryptocurrency wallet, (2) access and download content about the Alibabacoin cryptocurrency and white paper, and (3) interact and contact sales representatives with questions.
  2. Using U.S. servers: If the claims brought against a foreign defendant stem from its online activity, the location of the servers can be relevant. In the Tezos case, the court found that the Swiss defendant’s use of Arizona servers was relevant to the securities law claims and personal jurisdiction (although insufficient on its own to establish jurisdiction). And in Alibabacoin, a trademark case, the court stated that “whether Alibabacoin’s Wallet website is actually hosted on servers physically located in New York may also be relevant to the personal jurisdiction inquiry.”
  3. Blocking IP address or providing notice to U.S. viewers: A very recent U.S. appellate court case noted that to avoid purposeful availment of U.S. laws, online businesses should consider blocking U.S. IP addresses (Plixer International, Inc. v Scrutinizer GmbH, 2018 WL 4357137 (1st Cir. 2018)). Even if the technical solution does not keep out all U.S. visitors, the Plixer court stated that the blocking attempt shows intent to avoid U.S. customers and is thus relevant to the jurisdictional analysis. If blocking is too aggressive a business strategy, foreign companies can try to avoid jurisdiction by adding notices on the website that their services or products are not available and intended to be used in the U.S.
  4. Marketing and advertising in the U.S.: Avoiding U.S.-specific media and U.S.-specific discussions can further improve a company’s chances in the jurisdictional analysis. In the Tezos case, the court found that the Swiss defendant using a “de facto U.S. marketing arm” and mostly marketing the ICO in the U.S. showed purposeful availment. The same was illustrated in the Alibabacoin case by the finding that over one thousand New Yorkers visited the defendants’ website and at least one New York resident purchased the tokens.
  5. Employees or agents working in the U.S.: If possible, non-U.S. companies should avoid moving their employees to the U.S., hiring in the U.S., or using U.S. agents. This was an important issue in the Tezos case: the court noted that the defendant “kept at least one employee or agent in the United States,” and this was “responsive” to the purposeful availment test.
  6. Working with U.S. service providers: Although for any contacts in question to create jurisdiction, they must give rise to the claims at issue (step 1 in the “minimum contacts” test), limiting reliance on contacts with U.S. service providers outright can lower the jurisdictional risk. In In re Tezos, the Swiss defendant’s use of a “de facto marketing arm in the U.S.” was an important factor in the court’s analysis. In Alibabacoin, the non-U.S. defendant had dealings with a U.S. company (Digital Ocean), which hosted the Alibabacoin website. But, in contrast to Tezos, because the plaintiff had not showed that Digital Ocean had an “active role” in administering the website or that Digital Ocean’s servers were hosted in New York, the court did not rely on this relationship as a basis for finding jurisdiction. Moreover, contacts with U.S. businesses can overlap with the previous point on marketing. For example, if a company used Google Ad Words to target areas of the U.S., it might increase the chances of the courts finding jurisdiction.
  7. Voluntary sales to the U.S.: Depending on the facts, claims and the state’s long-arm statute, even a few intentional sales into the U.S. may prove purposeful availment. For example, in Alibabacoin, the court highlighted that the plaintiff “presented evidence that at least one New York resident ha[d] purchased Alibabacoin on three occasions.” And in In Re Tezos, the court stated that a “significant portion” of the 30,000 ICO contributors were in the U.S. Similarly, after analyzing the federal case law on this issue, the Plixer court held that a German cloud computing company which “voluntarily service[d] the U.S. market” and made around $200,000 should have “reasonably anticipated being haled into U.S. court.” That court also noted that the Oregon Supreme Court had found jurisdiction over an out-of-state defendant that had sold over 1000 battery chargers totalling about $30,000 (Willemsen v. Invacare Corp., 352 Or. 191 (2012) (en banc)), while a district court in New Jersey did not exercise specific jurisdiction over a defendant who had made fewer than 10 in-state sales totalling $3,383 (Oticon, Inc. v. Sebotek Hearing Sys., LLC, 865 F.Supp.2d 501 (D. N.J. 2011)). Accordingly, voluntary and intentional sales to the U.S. should not be made and, if sales occur, blocking U.S. website visitors, or at least providing clear notice, becomes crucial.

When analyzing specific personal jurisdiction, the courts generally examine these factors together, and it is difficult to rank them in order of importance. The U.S. Supreme Court is expected in the coming years to decide on when online contacts are sufficient to create specific personal jurisdiction. Until then, In Re Tezos, Alibabacoin, and case law on online businesses serve as good guidance for non-U.S. blockchain companies.

Dragged to the U.S. Courts (Part 1): Jurisdiction and the Location of Blockchain Nodes

Following the 2017 ICO boom and the more recent declines in cryptocurrency prices, blockchain-related litigation has substantially increased. U.S. courts have seen most of that action: American regulatory agencies have been more aggressive than their foreign counterparts (the SEC alone has over 200 open investigations), and private parties regularly bring individual suits and class actions. Altogether, close to 100 cases have been filed.

In two recent cases, the courts—for the first time—ruled on jurisdictional questions related to foreign companies by considering the technical aspects of blockchain technology. The opinions in In Re Tezos Securities Litigation and Alibaba Group v. Alibabacoin Foundation illustrate the following three points:

  1. The physical location of the verifying nodes can affect the court’s jurisdictional analysis.
  2. On personal jurisdiction, existing case law related to foreign online businesses serves as useful guidance for blockchain companies seeking to avoid U.S. litigation.
  3. Strategic dispute resolution and forum selection clauses can save the day.

Considering the importance of these issues for avoiding U.S. litigation and the space required to provide enough legal background to meaningfully discuss them, each issue will be addressed in a separate On the Chain post. Today we will address the first point: location of the nodes (the individual devices part of the larger data structure maintaining a copy of the blockchain and, in some cases, processing transactions).

****************************

The physical location of the verifying nodes can affect the court’s jurisdictional analysis

When a foreign defendant is sued in a U.S. court, the court must determine that the U.S. laws in question can be fairly applied and the court has personal jurisdiction over the foreign party. While well-developed legal principles continue to govern the analysis, when a party is a company that uses blockchain and distributed ledger technologies, its reliance on multiple nodes that are physically located across the world raises unique jurisdictional questions. The following two cases tackle this issue.

In re Tezos Securities Litigation, No. 17-CV-06779-RS (N.D. Cal. Aug. 7, 2018)

In In re Tezos, Judge Seeborg addressed whether U.S. securities laws apply extraterritorially to a foreign company that sold tokens to U.S. residents in an ICO. As the readers are probably aware, the Tezos ICO was one of the largest to date, raising over $230 million in July 2017. Tezos Foundation, a Swiss defendant, argued that the sale of the security was not a “domestic transaction” and therefore the Exchange Act did not apply. The Court then posed the question, “where does an unregistered security, purchased on the internet, and recorded ‘on the blockchain,’ actually take place?”

Although the Contribution Terms of the Tezos ICO stated that Alderney (an English Channel Island) was the “legal site” of the transactions and the place where the “contribution software” resided, the Court held that the transaction occurred in the U.S. for the following reasons: (1) the plaintiff participated in the ICO from the U.S. (paying in Ether), (2) payment was made through interactive website that was hosted on an Arizona server, (3) the website was primarily run by an American co-defendant located in California, and (4) plaintiff’s contribution of Ether to the ICO “became irrevocable only after it was validated by a network of global ‘nodes’ clustered more densely in the United States than in any other country.”

Alibaba Group Holdings Limited v. Alibabacoin Foundation, No. 18-CV-2897 (S.D.N.Y. Oct. 22, 2018)

But not all judges give this much weight to the location of the nodes. In Alibaba v. Alibabacoin, Judge Oetken also addressed questions of jurisdiction and the location of blockchain nodes. In Alibabacoin, a trademark case, the Dubai- and Belarus-based defendant (Alibabacoin) argued that the Court lacked personal jurisdiction over it because its ICO sales did not occur in the U.S., since the transactions “consist of ledger entries made in Minsk, Belarus, following observation of changes in ‘blockchain data’ outside the United States.”

In asserting U.S. jurisdiction, Judge Oetken did not buy this argument. The Court held that the place where the transaction is put on the ledger is not relevant, comparing this situation to an everyday online purchase: “it would constrain common usage to say that the transaction occurs at the potentially remote location of the servers that process the buyer’s banking activities and not at location where the buyer clicks the button that commits her to the terms of sale.” The Court concluded that the plaintiff had demonstrated with reasonable probability that personal jurisdiction over Alibabacoin existed, based on other factors, which will be addressed in the next post.

In the future, the courts are likely to continue to focus on blockchain data structure

In Re Tezos appears to be the first time the courts have considered the location of the nodes to be relevant for jurisdictional analysis. But the cases also show that the courts are only beginning to wrestle with this issue.  Jurisdictional analysis will always depend on individual facts and the claims asserted. For example, when focusing only on the fourth factor of Judge Seeborg’s analysis (the location of the nodes), all projects using ERC-20 tokens, which depend on the same cluster of Ethereum nodes, could be considered to operate to some extent in the U.S. Furthermore, the importance of the nodes in jurisdictional analyses is likely to rise because the cases currently in courts are mostly ICO-related. That is, most of the ongoing litigation does not stem from the operation of the blockchain technology but is related to fraud, trademark disputes, and failures to register with various regulatory agencies.

Soon when more blockchain projects become operational and disputes arise in relation to such issues as on-chain transactions, hacking, security failures, and disputes over the governing of the networks, the importance of the data structure of these networks will increase. As a result, the influence of nodes as a factor in the courts’ analyses is also expected to increase, and many foreign blockchain companies that are avoiding the U.S. may, nevertheless, be dragged to U.S. courts.

As will be discussed in the upcoming posts, there are steps a company can take to avoid litigating in U.S. courts, including the set-up of its operations, drafting of its contracts with customers and partners, and litigation strategies pursued in court.

Cryptoassets Taskforce: Cryptoasset Regulation May Be Coming

The regulation of cryptoassets is a question that has been troubling lawmakers and regulators across the globe. This new phenomenon has had a small but significant effect on how financial services function and facilitate new opportunities, but that has also brought risks and regulatory challenges. Currently, cryptoassets (a term preferred over cryptocurrency by regulators) are not, in themselves, regulated. Some cryptoassets will fall within the regulatory regime by way of representing or acting as traditional securities or other regulated financial instruments.

In October, the Cryptoasset Taskforce published its long-awaited report. The report sets out an overview of cryptoassets and the underlying technology before assessing their current, and potential future, role in the financial system as well as the risks and potential benefits. The report concludes with recommendations and ‘next steps’.

By way of background, the Cryptoasset Taskforce was launched by the Chancellor of the Exchequer in March 2018 and is made up of representatives from the Financial Conduct Authority (FCA), HM Treasury and the Bank of England.

In general, the report found that particular risks would need to be dealt with, but provides few concrete regulatory recommendations, and tends to focus on consultation, clarification of existing regulation and increasing awareness of the risks. It is important to note that this is not necessarily a bad thing and the overall message appears to be positive, particularly for those thinking about issuing cryptoassets (for example by way of an initial coin offering (ICO)). The Cryptoasset Taskforce seems less nervous of cryptoassets than other bodies, particularly the UK’s Treasury Committee (see our take on the UK’s Treasury Committee’s report here).

The report divides recommendations into distinct areas, explaining where regulatory action should be taken and where a ‘wait and see’ approach is more suitable.

Preventing financial crime

This is one of the few areas where action will be, and has been, taken. The concern over the use of cryptoassets for financial crime and in particular the transfer of criminal proceeds is often the cornerstone to any discussion on cryptoasset regulation. The report acknowledges that the use of cryptoassets for criminal activity is low, although increasing.

The Fifth Anti-Money Laundering Directive (5MLD) will require firms to bring certain activities relating to cryptocurrency within the scope of anti-money laundering regulation, for example fiat-to-crypto exchange firms. However, the UK government plans to go further and will consult on proposed actions in early 2019. Part of this consultation will be whether firms based outside the UK will be required to comply with AML obligations when providing services to UK consumers.

Regulating financial instruments that reference cryptoassets

From 1 August 2018, there has been a restriction on the sale of contracts for difference (CFDs) that reference cryptoassets. This is part of a European effort, led by ESMA. The restriction, although renewed on 1 November 2018, is only temporary until the FCA implements a domestic solution. The FCA is expected to consult on derivatives referencing exchange tokens and whether there should be a prohibition on the sale of these to retail investors by the end of 2018. This prohibition would not include those derivatives that reference cryptoassets that qualify as securities.

The FCA has also stated that it will not authorize or approve the listing of a transferable security or a fund that references exchange tokens unless it is confident in the integrity of the underlying market and that the other regulatory criteria are met. The FCA also confirmed that it has not approved the listing of any exchange-traded products with exchange tokens as the underlying asset.

Clarifying the regulation of security tokens

Tokens which represent securities or that have the same features of securities (‘security tokens’), fall within current regulation. However, it is not always clear whether certain tokens fall into this category, and there is not much guidance on this.

The FCA will consult by the end of this year on new perimeter guidance on the way regulation applies to security tokens. This additional clarity will be useful for helping token issuers understand whether, and to what extent, the tokens they issue fall within the regulatory regime and what, if any, authorization or permission is needed. However, it is important to note that this will not extend the regime. Security tokens are currently caught by regulation while other tokens remain outside it; this will not change. The FCA consultation will relate to further guidance on how to identify whether tokens are security tokens.

Consulting on extending the regulatory perimeter for ICOs

While the guidance noted above will not affect the regulatory status of any tokens, the FCA will also consider whether there needs to be any changes to the regulatory perimeter when it comes to cryptoassets. Notably, the FCA is concerned about when tokens may be comparable to security tokens but structured in such a way that they are not security tokens and therefore unregulated.

A consultation in early 2019 will consider whether such cryptoassets exist and whether an extension of the regulatory regime is required.

Addressing the risks of exchange tokens

Early 2019 will see a consultation on whether and how exchange tokens should be regulated. These tokens do not currently fall within the regulatory perimeter. It is not clear whether the clarification of the current regulatory regime, and how it applies to cryptoassets, or the extension of the regulatory perimeter for tokens which act like security tokens, will be sufficient to allay the regulators’ fears.

Ensuring a coordinated international approach

The Cryptoasset Taskforce acknowledges that an international approach is essential to mitigate the risks for consumers. There is continuous conversations with different international organizations, and the report outlines that the UK intends to take a role advocating for international bodies to address these issues.

Improving consumer awareness

The report reiterates messages from regulatory and governmental bodies that consumers should be cautious when purchasing cryptoassets. The authorities will continue to improve public awareness of the risks of purchasing cryptoassets.

Maintaining financial stability

The Cryptoasset Taskforce does not currently believe that cryptoassets pose a material threat to financial stability, either in the UK or globally. However, it acknowledged that this is a developing and growing area and that risks could emerge. This will continue to be monitored by the Bank of England.

In a subsequent speech, Christopher Woolard, Executive Director of Strategy and Competition at the FCA, hoped that ‘if someone in 10 years’ time was to pause on the world in 2018, they would see our taskforce work as a further step along our journey of encouraging beneficial innovation to thrive in the UK, but in a context in which financial crime is combatted, market integrity is safeguarded and consumers are adequately protected from harm’.

The important point to note here is that the taskforce is a step in the journey. While the report infers that regulation is coming, it does not have any immediate effect on the regulatory sphere. Assuming consultations are released in late 2018/early 2019, one can expect that any formal regulation is still a way off. However, this is no bad thing. The Cryptoasset Taskforce’s insistence on an international approach is encouraging; inconsistent regulation across jurisdictions will be less effective for an instrument which, by its very nature, is borderless. Nevertheless, guidance on the current regulatory regime, and how it applies to cryptoassets, will be welcomed as soon as possible by issuers and those who work in this world.

Learn more from this Blockchain alert.

A Foreboding View of Smart Contract Developer Liability

At least one regulator is attempting to provide clarity regarding the potential liability of actors who violate regulations through the use of smart contracts. On October 16, 2018, Commissioner Brian Quintenz of the Commodity Futures Trading Commission explained his belief that smart contract developers can be held liable for aiding and abetting CFTC rule violations if it was reasonably foreseeable that U.S. persons could use the smart contract they created to violate CFTC rules. As is typical, the Commissioner spoke for himself, but it seems likely that his views reflect the CFTC’s philosophy.

Generally speaking, smart contracts are code-based, self-executing contractual provisions. Smart contracts that run on top of blockchain protocols, like ethereum, are increasingly being used by companies in a wide variety of businesses to create autonomous, decentralized applications. Some of these applications might run afoul of CFTC regulations if they have the features of swaps, futures, options, or other CFTC-regulated products, but do not comply with the requisite regulatory requirements. The fact that smart contracts support disintermediated markets – a departure from the market intermediaries traditionally regulated by the CFTC – does not change the CFTC’s ability to extend its jurisdiction to them.

To identify where culpability might lie, Commissioner Quintenz identified the parties he believes to be essential to the functioning of the smart contract blockchain ecosystem:

  1. the core developers of the blockchain software;
  2. the miners that validate transactions;
  3. the developers of the smart contract applications; and
  4. users of the smart contracts.

Commissioner Quintenz dismissed the core developers and the miners as potential culpable parties by reasoning that while they both play a vital role in creating or administering the underlying blockchain code, they have no involvement in creating the smart contracts. He also limited the possibility of the CFTC pursuing enforcement against individual users because, as he explained, although individual users are culpable for their actions, “going after users may be an unsatisfactory, ineffective course of action.”

That leaves the developers of the smart contract code. Commissioner Quintenz stated that to ascertain the culpability of the smart contract code developers, the “appropriate question is whether these code developers could reasonably foresee, at the time they created the code, that it would likely be used by U.S. persons in a manner violative of CFTC regulations.” If such a use is foreseeable, Commissioner Quintenz believes that a “strong case could be made that the code developers aided and abetted violations of CFTC regulations.”

Commissioner Quintenz expressed that he would much rather pursue engagement than enforcement, “but in the absence of engagement, enforcement is the only option.” The Commissioner recommended that smart contract developers engage and collaborate with the CFTC prior to releasing their code to ensure that the code will be compliant with the law. The Commissioner even suggested that the CFTC is willing to rethink its existing regulations or provide regulatory relief, depending on the technology in question.

As blockchain and smart contract technology matures, we expect decentralized and disintermediated applications to come to market in increasing volumes. In his speech, Commissioner Quintenz provided valuable insight into how one regulator is thinking about applying existing laws to this new market. His remarks will be especially valuable if they influence other regulators, such as the Securities and Exchange Commission or the Financial Crimes Enforcement Network, to take a similar approach.