A Corporate Crypto Conduct Code for ICOs and businesses in this space and some starting points for regulators and Financial Market Authorities to think about ICO regulations – a mere market response to overregulation

Regulations and governance measures generally struggle to keep up with technological advancements. The rise of cryptocurrencies and Initial Coin Offerings (hereinafter “ICOs”) are changing the way companies raise funds.

In a typical ICO, a company (generally the issuing entity) receives fiat currencies, such as US dollars or Euro, or crypto-assets, such as Bitcoin or Ether, in exchange for certain rights embodied in crypto-assets(whose nature and treatment are generating controversy among Financial Market Authorities around the world). Contrary to traditional Initial Public Offerings (hereinafter “IPOs”), crypto-assetstypically do not represent an ownership interest (or dividend right) in the issuing entity.

Currently, main entities conducting ICOs are:

(i) Venture entities. Issuers are small venture companies with limited access to incumbent capital market, or venture capitals, while potential purchasers are investors who are looking for high-risk, high-return investment opportunities other than common equities.

(ii) Ecosystem entities. Issuers are companies (or alliances of companies) that are making concerted efforts to form a new market through an ecosystem, while potential purchasers are companies that wish to participate in an ecosystem when the market is formed (companies which own tokens are entitled to receive an option to participate in the ecosystem with advantageous terms).

(iii) Large entities. Issuers are companies that operate high-risk businesses for which feasibility is difficult to evaluate, or those that try to find ways to vitalize buried in-house assets such as technologies, while potential purchasers are investors who expect to receive special offer from companies or those who want to express their support or sympathy for projects.

ICOs are still in their infancy and there are no industry practices yet. Appropriate rules must be set to enable ICOs to obtain public trust and to expand as a sound and reliable financing method.

This analysis discusses how a proactive self-regulation, ethical human behaviors, rigorous due diligence, improved governance, disclosure, investors protectionand accountability measures could be applied to lead to better quality ICOs, a more sustainable fundraising environment for all the parties involved and mitigate risks due to regulatory uncertainty. At the same time this article tries to propose a Corporate Crypto Conduct Code for businesses in this space and some starting points for regulators to think about ICO regulations.

The reality is that while no measure (self-regulatory or not) will ever entirely stamp out bad actors, or the risk of projects failing due to any number of often uncontrollable factors, in any industry, a Corporate Crypto Code can be a step in the right direction. In order to maintain investor confidence, an adult environment, and, as a consequence, a healthy financial system, ICO issuers must proactively self-regulate and engage in responsible practices until a regulatory framework is in place in the most important jurisdictions. ICOs, in fact, are an additional channel for entrepreneurs to access to finance – andbetter financial systems drastically improve the probability of successful innovation (thereby accelerating economic growth). La Porta, Lopez-de-Silances, Shleifer and Vishny argue that investors protection in particular determines the development of the capital market. In this regard, it has been noted many times that most financial problems are caused by unethical human behaviors (that are not going to be solved by technology).Therefore, investors protection can lead to a larger and healthier ICO environment.

1. Legal nature of the crypto-assets among regulators.

As Van Valkenburgh says, “[cryptocurrencies] present an arrangement of technological components that is so novel as to defy categorization as any traditional asset, commodity, security, or currency”.

In practice, the regulatory status of crypto-assets largely depends on the rights associated with the crypto-assets and the jurisdiction of the issuance.

For example:

(i) In 2015 the US Commodity Futures Trading Commission (hereinafter “CFTC”) qualified Bitcoin as commodity (this qualification does not apply to other crypto-assets, in relation to which an individual analysis is needed). In 2017 the US Securities and Exchange Commission (hereinafter “SEC”) qualified the crypto-assets of an unincorporated organization called The DAO as securities in application of the Howey Test pattern. US Financial Crimes Enforcement Network (hereinafter “FinCEN”) regards developers as well as exchanges of ICO crypto-assets as “money transmitters” for the purposes of the US Bank Secrecy Act, and so crypto-assets as money.

(ii) Canadian’s Financial Market Authorities concluded that many crypto-assets, including crypto-assets sales through ICOs, are to be qualified as securities.

(iii) The European Securities and Markets Authority (hereinafter “ESMA”) stated that crypto-assets, depending on their structure, may be classified as transferable securities or financial instruments. Despite the high harmonization of EU financial markets regulations, the legal qualification of crypto-assets differs among EU member states:

(iii)(a) In France whether (and if so, how) crypto-assets would be deemed a “financial instrument” or an “other regulated asset”, and therefore fall within the scope of French financial regulations, needs to be considered on a case-by-case basis.

(iii)(b) The German Financial Supervisory Authority (hereinafter “BaFin”) qualified crypto-assets as units of account and thus considered them financial instrument.

(iii)(c) In 2017 the United Kingdom Financial Conduct Authority (hereinafter “FCA”) held that, depending on the structure of the individual crypto-asset, it may fall into the regulatory perimeter. Crypto-assets that grant a holder some or all of the rights that would typically be enjoyed by a shareholder (for example, entitlements to dividends declared, profits or the proceeds of the assets of an insolvent company), a bondholder (for example, a right to the repayment of a sum of money), or a participant in a fund (for example, to profits or income from the acquisition, holding, management or disposal of the fund property), are likely to be considered “specified investments”.

(iv) In the United Arab Emirates the Abu Dhabi Global Markets Financial Services Regulation Authority (hereinafter “ADGM FSRA”) has backed the commodity-categorization of crypto-assets, while individual crypto-assets, issued in connection with ICOs, may be regarded as securities, depending on the specific structure of such crypto-assets. The ADGM FSRA has, however, indicated that where crypto-assets do not have the features and characteristics of “securities” such as shares, debentures or units in a fund, the trading of such crypto-assets is unlikely to constitute a regulated activity.

(v) In Singapore and Australia, crypto-assets are qualified as securities, provided that the crypto-assets feature additional rights, as ownership or voting rights.

2. A new taxonomy: speculative and non-speculative crypto-assets.

“Digital currency” is a term commonly employed by regulators. Since the vast majority of fiat currencies (like the US dollar) are held and transmitted digitally, the US dollar could be today defined as digital currency. At the same time, while some crypto-assets are designed explicitly as currencies, their real nature more closely aligns with property or a scarce asset like gold. Crypto-assets basically do not circulate, but their ownership does. There are finite numbers in circulation. Therefore, their exchange rate is a function of scarcity. Crypto-assets are programmable. Crypto-currency (or even better crypto-assets) is then a better definition than digital currency. However, as highlighted, the majority of crypto-currencies are neither designed nor function as currencies. Burniske and Tatar categorize those crypto-assets (as just said crypto-currencies that are neither designed nor function as currencies) into crypto-commodities and crypto-tokens. Crypto-commodities are the value units of blockchain providing basic digital goods, such as compute power, storage capacity, and network bandwidth (easily compared to physical commodities like gasoline or corn). Ether in theory is a crypto-commodity. Crypto-tokens are tokens connected to “finished product” digital networks. These tokenized finished goods include tokens like AGI (token incentivizing participation in an AI network). The division between crypto-commodities and crypto-tokens is a grey area, though. Crypto-assets like Ether and AGI have the same basic structure based on the relation buy a token/participate in a decentralized network. Thus, we believe it makes more sense to categorize crypto-assets only into non-speculative crypto-assets (crypto-assets with real intrinsic usage) and speculative crypto-assets. Speculative crypto-assets are issued speculatively (with little backing, no community backing, and no viable product, often by un-transparent teams, with corporate structures in tax havens) and represent significant risks for non-sophisticated investors (investors with no depth of experience and market knowledge). Currently the vast majority of the crypto-assets are speculative crypto-assets. Speculative crypto-assets, regardless of any possible intrinsic usage, should be treated as securities (until when regulated properly), because investors protection can lead to a larger and healthier ICO environment on the long term.

3. ICOs regulatory environments.

Below a quick analysis of the current regulatory environment for some of the most important jurisdictions.


The Australian Securities and Investment Commission (hereinafter “ASIC”) has provided general guidance for determining whether its Corporations Act applies to ICOs and crypto-assets. If a crypto-asset falls under the Corporations Act, additional disclosures are triggered. For instance, an ICO might trigger a disclosure requirement if the ICO is a managed investment scheme. A few other possible triggers of the Corporations Act involve, for instance, whether the ICO is being offered as a share of a company, as a directive, or as a non-cash payment. Australia has also implemented an Innovation Hub to help blockchain companies comply with and navigate the regulatory world.


The Canadian Securities Administration (hereinafter “CSA”) is the relevant regulatory authority in Canada. The CSA applies a four-factor test in determining whether a crypto-asset should be qualified as a security. The factor test considers substance over form when considering: (i) soliciting a broad base of investors, including retail investors; (ii) using the internet, including public websites and discussion boards, to reach a large number of potential investors; (iii) attending public events, including conferences and meetups, to actively advertise the sale of the crypto-asset; and (iv) raising a significant amount of capital from a large number of investors. The CSA has also developed a regulatory sandbox specifically for blockchain companies to stay in compliance.


In September 2017, the Chinese government declared ICOs to be illegal in China and asked all related fundraising activities to be halted immediately.Shortly thereafter, cryptocurrency exchange platforms were ordered to discontinue operations. The ban of crypto-assets and ICOs may only be temporary until the Chinese government passes specific regulation, which is currently being discussed. Officially, individuals are still allowed to hold crypto-assets.


The Autorite Des Marchés Financiers (hereinafter “AMF”) is France’s regulatory authority on the matter of crypto-assets. ICO regulations will be drafted in 2019. The proposed regulation would introduce a new chapter to Book V, Title V of the French Monetary and Financial Code (hereinafter “CMF”), which will be renamed “Intermediaries in Miscellaneous Property and Token Issuers”. Chapter 2 of Title V will be titled “Token Issuers”, will detail the rules applicable to ICOs and in particular will provide a definition of tokens, indicating that a token is intangible property representing, in numerical form, one or more rights that can be issued, registered, conserved or transferred using a shared electronic registration mechanism that facilitates the identification, directly or indirectly, of the owner of said property. It also will define an ICO as any offer to the public, in any shape or form, to purchase tokens. However, it will exclude offers made to a small number of buyers. Under the proposed legislation, the issuer should notify token buyers of the status of the project the ICO funds were used to finance, and of the establishment of any secondary market for the tokens. The AMF will be authorized to approve ICOs, but AMF approval will be not necessary to proceed. The AMF may simply require heightened disclosure, so investors may make a more informed decision.


While Italy was the first European country to create legislation for crypto-assets through defining the virtual currency exchanger – the legislative decree on the 25th March 2017that implement the IV directive of European anti-money laundering came into effect on the 4th July in 2017 and has introduced the concept of cryptocurrencies into Italian legislation, classifying in particular those who habitually use cryptocurrencies for work purposes – it does not currently have a specific law regulating the issuance of ICOs. Hence, depending on the characteristics of the offer, it may constitute a regulated activity that must be carried out according to regulations on financial investments (the Prospectus Directive, MiFID, AIFMD and the Anti-Money Laundering Directive).


ICOs are covered by the applicable regulatory requirements depending on the configuration of the crypto-asset, and assessed by BaFin on a case-by-case basis with respect to the language of the statutory provisions under securities law. Hence, the BaFin determines the applicability of the German Banking Act (Kreditwesengesetz), the German Securities Prospectus Act (Wertpapierprospektgesetz), the German Capital Investment Code (Kapitalanlagegesetzbuch), the German Capital Investment Act (Vermögensanlagengesetz) and the Payment Services Supervisory Act (Zahlungsdiensteaufsichtsgesetz) on individual basis. A prospectus for the marketing of the crypto-assets may be required where crypto-assets resemble participation rights which might be classified as securities under the German Securities Prospectus Act (Wertpapierprospektgesetz) or capital investments under the German Capital Investment Act (Vermögensanlagengesetz). Any act of trading, including an arrangement for acquisition, sale or purchase of tokens, when qualified as units of account, would, as a general rule, require a license by the BaFin.

United Kingdom

In September 2017 the FCA stated that many ICOs could fall outside the scope of existing regulation. Additionally, it recognized lack of jurisdiction when the ICO is based overseas, although its objective is to regulate the outcome rather than the process. Therefore, it is required a case-by-case analysis of facts.Consequently, an ICO could be considered as deposit-taking, e-money issuance, contract for difference, derivative or a collective investment scheme. For instance, the FCA issued a statement that firms conducting regulated activities in crypto-assets derivatives must comply with all applicable rules in the FCA’s Handbook and any relevant provisions in directly applicable European Union regulations. Crypto-assets that grant a holder some or all of the rights that would typically be enjoyed by a shareholder (for example, entitlements to dividends declared, profits or the proceeds of the assets of an insolvent company), a bondholder  (for example, a right to the repayment of a sum of money), or a participant in a fund (for example, to profits or income from the acquisition, holding, management or disposal of the fund property), fall with the regulatory perimeter as “specified investments”.

European Union

The ESMA took the view that depending on how the ICO is structured, the crypto-asset could, potentially, fall within the definition of a transferable security. The ESMA has also warned that certain crypto-assets may constitute financial instruments. An ICO with crypto-assets that can be considered to be transferable securities would require compliance with the following regimes and obligations:

(i) Prospectus Directive: publication of an approved prospectus when securities are offered to the public with exceptions for offers (a) to qualified investors (as defined in the Prospectus Directive), (b) to fewer than 150 natural or legal persons, (c) of at least EUR 100,000 per investor and (d) with a minimum denomination of EUR 100,000.

(ii) Markets in Financial Instruments Directive, as amended: licensing requirements, product governance rules, pre- and post-trading transparency requirements, requirements for adequate systems and controls, organizational requirements for trading platforms, requirements for companies active in algorithmic and/or high frequency trading, among others.

(iii) Alternative Investment Fund Manager Directive: licensing requirements, conduct of business and transparency requirements, prospectus and disclosure requirements, mandatory appointment of depositories and custodians, restrictions on the use of leverage, among others.

(iv) The 4th Anti-Money Laundering Directive: due diligence on customers and ongoing monitoring of customer relationships, requirements regarding systems and controls and record-keeping, reporting on suspicious activities and co-operation with any investigations by relevant public authorities.

Russian Federation

The Central Bank of the Russian Federation has indicated that regulation of the technology is premature. In the last months, however, several Russian ministries have brought forth regulations pertinent to the space. The Ministry of Finance has presented a draft of the Digital Assets Regulation Bill which contains a proposal for defining and establishing a regulatory system for cryptocurrencies, ICOs, mining, and trading, while the Ministry of Communications and Mass Media has published a document establishing the licensing rules for ICO projects.


In August of 2017, the Monetary Authority of Singapore (hereinafter “MAS”) released guidance on how it plans to approach regulation of crypto-assets. MAS stated that it regulates crypto-assets if they fall under the Securities and Futures Act (hereinafter “SFA”). Crypto-assets fall under SFA when linked to an ownership or security interest in the issuer’s assets or property. If this is the case the issuer must register with MAS, unless exempted, and there is a triggering of conduct rules which concern fair dealing.


The Swiss Financial Market Supervisory Authority (hereinafter “FINMA”) has published market guidance in September 2017. Depending on the structure of an ICO, FINMA determined, among others, that supervisory regulations, collective investment scheme legislation and banking law provisions may be applicable to specific ICOs. Notably, FINMA determines the applicability of regulation to crypto-assets on a case-by-case basis, focusing on the “economic function and purpose of the tokens”. The key factors are the underlying purpose of the crypto-assets and whether they are already tradeable or transferable. FINMA outlined three categories of crypto-assets – while acknowledging that hybrids are possible – and set out the likely regulatory stance for each as follows. These include “payment tokens”, “utility tokens” and “asset tokens”. Payment tokens are synonymous with crypto-currencies and have no further functions or links to other development projects (these crypto-assets may in some cases only develop the necessary functionality and become accepted as a means of payment over a period of time). For ICOs where the crypto-asset is intended to function as a means of payment and can already be transferred, FINMA will require compliance with anti-money laundering regulations. Utility tokens are crypto-assets intended to provide digital access to an application or service. These crypto-assets do not qualify as securities only if their sole purpose is to confer digital access rights to an application or service and if the utility token can already be used in this way at the point of issue. If a utility token functions solely or partially as an investment in economic terms, FINMA will treat such tokens as securities (i.e. in the same way as asset tokens). Asset tokens represent crypto-assets such as participations in real physical underlyings, companies, or earning streams, or an entitlement to dividends or interest payments. In terms of their economic function, these crypto-assets are analogous to equities, bonds or derivatives, which means that there are securities law requirements for trading in such tokens, as well as civil law requirements under the Swiss Code of Obligations (e.g. prospectus requirements).

United States

The applicability of federal securities laws to ICOs depends on the classification of the crypto-assets. The SEC determined that crypto-assets may be qualified as securities as a result of the Howey Test.

The DAO investigation report (hereinafter “the DAO report”) indicates, how we are going to see in detail, that crypto-assets offered in connection with an ICO should be classified as securities if the ICO, implicitly or explicitly, is presented to purchasers as an investment opportunity. The DAO was an example of a decentralized autonomous organization, a term used to describe a virtual organization embodied in computer code and executed on a distributed ledger or blockchain. The DAO operated as a for-profit entity to create and hold Ether (hereinafter “ETH”) through the sale of DAO tokens, which ETH would then be used to fund projects. The holders of DAO tokens were to share in earnings from these projects by voting on the projects and earning rewards. They could also re-sell DAO tokens on a number of web-based platforms. In the DAO Report, the SEC analyzing the DAO tokens under the Howey Test, found that they were a form of investment contract, and thus securities. An investment contract is an investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others. The SEC determined that: (i) investors in The DAO invested money in the form of ETH, which constituted a contribution of value as contemplated by Howey; (ii) investors who purchased the DAO tokens were investing in a common enterprise and reasonably expected to earn profits through that enterprise (the SEC stresses that the promotional materials informed prospective purchasers that the DAO was a for-profit entity the objective of which was to fund projects in exchange for a return on investment, and the DAO token holders stood to share in potential profits from those projects); (iii) investors’ profits were to be derived from the managerial efforts of others. The SEC’s analysis focused on the latter point. The SEC concluded that investors in the DAO, whose expectations were primed by the marketing of the DAO tokens, reasonably expected the founders (as well as the pre-selected curators who were charged with identifying projects to put up for a vote of the DAO token holders) to provide significant managerial efforts after the DAO’s launch. While the DAO platform was created and operated on a blockchain, there was no true decentralization in the operation of the DAO (the participants in the DAO ecosystem were not given full control over any investment decision). The DAO tokens were effectively securities and it was relatively easy for the SEC to conclude that. However, it is possible that the SEC would have reached a different conclusion had the platform operated on a truly decentralized basis.

In December 2017, the SEC issued an accompanying order regarding Munchee Inc (hereinafter “Munchee”). Munchee was in the process of conducting an ICO of MUN tokens (hereinafter “MUN Tokens”). The MUN tokens were available for purchase worldwide. They were described as utility tokens that would represent the right to use or access Munchee’s services. Munchee was seeking $15 million to improve an existing iPhone app centered on restaurant meal reviews and to create an ecosystem in which Munchee and others would buy and sell goods and services using the MUN tokens. The SEC’s summary of Munchee’s activities focuses largely on the promotional activities of Munchee and associated persons. In particular, Munchee and such persons heavily promoted the potential for the MUN tokens to increase in value. Such promotion included, among other things: (i) indications in the MUN whitepaper that MUN tokens would increase in value as a result of increased participation in the Munchee “ecosystem”; (ii) statements by Munchee and its agents (in the whitepaper, on the Munchee website and elsewhere) emphasizing that Munchee would run its business in ways that would cause MUN tokens to rise in value; (iii) statements by Munchee that it would work to ensure that MUN holders would be able to sell their MUN tokens on secondary markets and that Munchee would buy or sell MUN tokens using its retained holdings in order to ensure there was a liquid secondary market in the tokens. The SEC concluded that the MUN tokens were investment contracts, and therefore securities, under Howey. This time SEC focused on investor expectations of profits to be derived from the efforts of others and noted that: (i) purchasers of MUN tokens had a reasonable expectation of profits from their investment in the Munchee enterprise (the proceeds were intended to be used by Munchee to build an ecosystem that would create demand for MUN tokens and make them more valuable and Munchee highlighted that it would ensure that a secondary market for MUN tokens would be available shortly after completion of the offering and prior to the creation of the ecosystem); (ii) investors’ profits were to be derived from the significant entrepreneurial and managerial efforts of others – specifically Munchee and its agents – who were to revise the Munchee app, create the ecosystem that would increase the value of the MUN tokens and support secondary markets. Munchee may ultimately prove not to be the best precedent for two reasons, though: (i) in relation to the investor expectations of profits, it has to be noted that the fact that a purchased asset has the possibility of increasing in monetary value over time does not necessarily indicate that the purchaser’s primary motive is the realization of profit; (ii) the mere fact that an issuer of crypto-assets facilitates secondary trading markets for the crypto-asset should not be a deciding factor, because although the existence of an active secondary market for tokens is likely to increase their value by creating improved opportunities for liquidity, there are other valid reasons for secondary markets (efforts of issuers to secure secondary markets for crypto-assets should not end the analysis, in case of absent factors that demonstrate that the purpose of securing a secondary market is to provide purchasers with profit opportunities from an investment in the crypto-assets).

Crypto-assets resembling securities may not be lawfully sold without SEC registration or an exemption therefrom, such as under Regulation D or Regulation S. Indeed, crypto-assets to be qualified as securities do not necessarily mean that the ICO must be done on a registered basis. An ICO that is a security can be structured so that it qualifies for an applicable exemption from registration. On the contrary, the public offering of crypto-assets that qualify as securities necessitates a registration statement and a SEC-approved prospectus to comply with US securities laws.

On March 6 2018, Judge Jack Weinstein of the US District Court for the Eastern of New York ruled that crypto-assets can constitute “commodities” for federal commodities law purposes. This was not surprising since the CFTC has openly defined virtual currencies as commodities for federal regulatory purposes as far back as 2015. Indeed, in October 2017, the CFTC indicated that there is no inconsistency between the SEC’s analysis that ICO tokens may be securities and the CFTC’s determination that crypto-assets may be commodities or derivatives contracts depending on the particular facts and circumstances.

More surprising was the unofficial statement from the FinCEN that indicated that it regards developers as well as exchanges of ICO coins or tokens as “money transmitters” for the purposes of the US Bank Secrecy Act. As such, they would be required to register with FinCEN, collect information about their customers and take steps to combat money laundering and terrorist financing.

The combined result is that ICOs can potentially fall within at three regulatory buckets and the jurisdiction of at least three federal regulators in the US, namely: the SEC – on the basis that crypto-assets may be securities; the CTFC – on the basis that crypto-assets may be commodities; and FinCEN and the Bank Secrecy Act – on the basis that crypto-assets may be money.

4. Any law other than that of the jurisdiction of incorporation?

A question frequently asked is whether any law other than that of the jurisdiction of incorporation of the entity generating or offering the crypto-assets needs to be considered in relation to an ICO.

The short answer is yes. In addition to the laws of the jurisdiction in which the entity issuing or generating the crypto-assets is incorporated or established, the laws of each jurisdiction within which the crypto-assets could be considered to be offered or sold, or in which a regulated activity may be deemed to be carried out, will also be relevant.

The international reach of ICOs, which frequently is an inevitable consequence of the application of blockchain technology, has likely prompted a number of national regulators to step up oversight of the ICO market. Transactions on the blockchain are immutable, frequently do not involve any intermediary subject to regulation by a national or other governmental authority and do not recognize any kind of political border.

In addition, it should be noted that while crypto-assets transactions are a global phenomenon, a huge fraction of startups, founders, institutional participants, investors, developers, and exchange volume is based in the US. This exposes the industry to US securities laws. US regulators and law enforcement are not afraid to exert their influence on a global basis. Decisions made by the SEC tend to have global knock-on effects. Therefore, US securities law should be taken in serious account when dealing with ICO.

5. Strong Corporate Governance and Ethics count.

Corporate governance refers to the structures and processes in place to direct and control companies (or other large, complex institutions), including relationships between stakeholders, oversight and supervision of the company, the rights of investors, risk mitigation and ethical behavior. It is intended to increase the company’s transparency and to balance powers between founders, investors and the wider applicable community.

The origins of corporate governance can be found in the first companies that were formed sometime around the 1600s, namely companies trading with India [East India Company]. As a complex, multi-party organization, they implemented the first trifecta of corporate governance layers – the three main levels of authority – which included:

(i) The participants– individuals that funded the building of a ship in the company. They would be compensated by the returns made on a trade voyage. Today these are the shareholders.

(ii) The governors – a group of individuals chosen by the participants to represent their interests and ensure profitable trade when they arrived at their destination. Today the board of directors.

(iii) The captain – who steers the ship, who manages a crew and gets the ship from A to B. Today it’s the CEO.

For most corporations today the basic governance structure is this: shareholders vote for, and hence empower, a board of directors, who then have a fiduciary responsibility to look out for shareholders’ interests. The board hires a CEO, who is accountable to the board. The CEO (sometimes with input from the board) hires a management team, and so on. At each step, there is a flow of power down the chain (from shareholders through to front-line employees), and a flow of accountability back up that chain. And there are all sorts of rules — including various policies and principles of good governance — that establish how that power and accountability is to be implemented. There will be internal rules, for example (partly determined by relevant corporate law), about how board elections are to be carried out. There are also governance principles that apply to things like the inclusion of external, independent directors on the board.

Ethics have an important role in governance. Complex corporate structures and opaque corporate governance have led to headline-grabbing scandals (think Enron) in our recent history of business. The company’s reputation demands the highest ethics from the people who lead an organization. Therefore, the corporate governance should be out-and-out a matter of ethics. The primary objective of a corporation is to increase shareholder value. Successful corporations must operate within society; to that end, they must maintain the values and norms of the society in which they operate.  And governance is also legal matter (for example, the Sarbanes-Oxley Act of 2002 includes a number of requirements about corporate governance). Governance is properly a legal matter because (at least arguably) shareholders need protection from unscrupulous or merely lazy boards of directors and executives, and because the public interest is at stake when large companies are mis-governed. Enron used to be the prime example of poor governance practices having a devastating effect on shareholders and the broader public. The law and ethics are not one and the same, however. Although the law can guide ethical behavior by laying out a framework, the law should be thought of as the bare minimum of an ethical framework. Complying with the law and behaving ethically are not necessarily synonymous.

In ICOs the governance is often centralized, nothing is explicitly disclosed and it is not clear where the money is going. Thinks about financials, that are closely held. The vast majority of white papers has unstated governance structures. Projects with stated governance generally grant crypto-assets holders limited rights, but ultimately vest control power with founders. Many projects have made promises about assigning rights to stakeholders; few have delivered. Almost no ICOs have offered blockchain-based equityin their companies. Instead, crypto-assets are either a pre-sold access key to a future service, or investments tied in some nebulous way to the success of the platform. Crypto-assets, in the vast majority of cases, do not imply ownership of the platform or a claim to cash-flows of the underlying. Founders can promise some capital-return mechanisms to crypto-assets holders, but these are in practice barely enforceable (the most basic principle of law – pacta sunt servanda, agreements must be respected – is not very effective here). Thus, most ICOs are structured not as equity purchases (as developers rarely seek to register with local securities regulators), but rather as contributions or donations, often to a foundation.

Crypto-assetsholders very often are speculative investors into a crypto-asset whose value is still yet undetermined. Adding this layer into the trifecta of corporate governance is no simple task. Anyway,meritocratic, non-hierarchical, reputation-based, stakeholders open corporate governance systems should be applied, not only to lead to better post ICOs’ entities and protect investors, but also because governance decentralization is one means of avoiding being qualified a security. In the DAO report, the [decentralized] Bitcoin protocol and the Ethereum distributed computing platform were considered not to be securities. Indeed distributed, not centrally-controlled platforms such as Bitcoin and Ethereum do not easily fit the definition of a regulated security, in contrast with centrally-organized and questionably marketed crypto-assets.

6. Cons of fully open decentralized networks in terms of corporate structure, IP and acquisitions.

Fully open decentralized networks, lacking corporate structure and binding developer agreements, cannot be acquired. Intellectual property is generally nonexistent, aside from open-source licensing constraints. The vast majority of fully open decentralized projects boasts no physical assets. Fully open decentralized networks are managed in many cases by foundations. Therefore, acquisitions are largely foreign to the space. Since these fully open decentralized networks projects generally focus around incentivizing a network to adopt their platform, they are poorly transferable. Acquisitions do occasionally occur, labeled coin swaps. The difference between a coin swap and a codebase hard fork is subtle – the former is done with the asset of the token holders being acquired, the latter involves copy-pasting existing code and attempting to coax an existing community to the new project. Swaps generally involve maintaining the existing blockchain, while “repository forks” take existing code and relaunch it under a new name, with the crypto-assets holders receiving no preferential treatment. Given the difficulty involved in benignly commandeering an existing community or crypto-asset, repository forks are more common than coin swaps.

7. A Corporate Crypto Conduct Code for ICOs.

As noted, decisions and regulations made by the SEC tend to have global knock-on effects, as the financial regulators of the most important jurisdictions often imitate US regulations, and this connection is stronger in relation to ICOs. Hence, it is highly recommended that ICOs, regardless of the jurisdiction of incorporation of the entity generating or offering the crypto-assets, disclose a condensed version of the SEC form to potential investors, even if (and especially when) not required to comply with SEC or local securities regulations. The disclosure should cover details such as the nature of the business, properties, contributors or founders, budgets, plans for distribution and running of the ICO, and governance details (bylaws, disclosure to auditors, etc.). The issuers should also state clearly that no-one of the key people has experienced disqualifying events, such as being convicted of, or subject to court or administrative sanctions for security, financial and white-collar frauds and crimes.

Typically, companies seeking to raise money are subject to securities laws. In the US, the Securities Act of 1933 requires all offers and sales of security financial instruments to be registered unless an exemption from registration is available. If no such exemption exists, private companies planning to offer stock to the public must first comply with the IPO requirements set forth by the SEC. In 2015, the SEC adopted Regulation Crowdfunding, an exemption from registration for certain crowdfunding transactions. Crowdfunding focuses on the size and number of investors who back a project, allowing for the use of small amounts of capital from a large number of individuals to finance a new business venture. In order to fall under this exemption, a company issuing securities must have a maximum offering amount of usd 1 million and cap individual contributions based on his/her net worth or annual income. This regulatory structure allows for small businesses and startups to raise funds for their new innovations, while still protecting investors from unethical or illegal practices.

For private companies looking to register an IPO, the SEC requires: (i) a description of the company’s business, properties, and competition; (ii) a description of the risks of investing in the company; (iii) a discussion and analysis of the company’s financial results and financial condition as seen through the eyes of management; (iv) the identity of the company’s officers and directors and their compensation; (v) a description of material transactions between the company and its officers, directors, and significant shareholders; (vi) a description of material legal proceedings involving the company and its officers and directors; (vii) a description of the company’s material contracts; (viii) a description of the securities being offered; (ix) the plan for distributing the securities; (x) the intended use of the proceeds of the offering; (xi) important facts about its business operations, financial condition, results of operations, risk factors, and management; (xii) audited financial statements; (xiii) copies of material contracts.

For crowdfunding falling under the Securities Act exemption, the SEC requires: (i) information about officers, directors, and owners of 20 percent or more of the issuer; (ii) a description of the issuer’s business and the use of proceeds from the offering; (iii) the price to the public of the securities or the method for determining the price; (iv) the target offering amount and the deadline to reach the target offering amount; (v) whether the issuer will accept investments in excess of the target offering amount; (vi) certain related-party transactions; (vii) a discussion of the issuer’s financial condition and financial statements.

A reasonable balance that provides investors with necessary disclosure while not placing excessive burdens on smaller ICO issuers seeking to innovate could be something in the middle. Therefore, a goodwhitepaper should be very clear and structured as follow: (i) a description of the entity’s business, properties, and competition; (ii) a description of the corporate structure (e.g. separation between ICO issuing entity and OpCo? Foundation or corporation?)and the reasons behind the adoption of the jurisdiction(s); (iii) a description of the risks of investing in the project; (iv) the identity of the entity’s key people and management; (v) the statement that no-one of the key people has experienced disqualifying events; (vi) a description of legal proceedings involving the entity and its key people; (vii) a description of the crypto-assets being offered; (viii) the plan for distributing the crypto-assets; (ix) the intended use and handling of the proceeds of the offering and the purchaser’s return on investment.

At the same time ICO issuers should avoid complex (and sometimes shady) corporate structures, as they should avoid the jurisdiction shopping. We underline that ICO issuers must comply with the laws of each jurisdiction within which the crypto-assets could be considered to be offered or sold, or in which a regulated activity may be deemed to be carried out, in addition to the laws of the jurisdiction in which the entity issuing or generating the crypto-assets is incorporated or established. Therefore, except in case of effective grounds, visiting the Swiss city of Zug to set up a foundation, create a Malta corporation to benefit from attracting local rules and adopt the jurisdiction of Cayman Islands and other smaller nations who are trying to attract the best companies while promising amazing tax benefits or whatever they can come up with, not only is a nonsolution that makes all the project opaque and adds an additional layer of uncertainty, but probably is also going to be viewed as sketchy by investors.

At present, the regulatory environment is uncertain internationally, with regulators still assessing how to regulate ICOs if needed. Some of the highlighted points likely conflict with the promise of decentralization and anonymity in blockchain, and will require discretional judgement on a case-by-case basis. Nevertheless, there are good reasons why similar measures have arisen in the wider corporate world over time – to ensure a sustainable ecosystem with resources directed at better quality projects, to ensure that bad actors are (to the extent possible) eliminated, and to ensure that legal and professional risks are mitigated by a better balance between the interests of all stakeholders. Hence, we believe that adopting in the meantime as form of self-regulation the approach above when ICO issuers are not clearly required to comply with SEC or local securities regulations (for example in case of non-speculative crypto-assets with real intrinsic usage) could helpto mitigate commercial and legal risks for both crypto-assets issuers and purchasers. For the wider industry, it is vital to put pressure on ICO issuers to adopt these disclosure standards and code of conduct, and ensure bad players and fraudulent practices are publicly identified end exposed (ideally before they create any harm). Unfortunately, the blockchain industry and its gatekeepers have largely failed to police against bad actors (without the intervention of regulators). The fundamental idea underpinning blockchain technology – replacing a trusted third party with a consensus based on cryptographic proof – has not yet fully come to fruition in real world applications. Disparity in information and technological sophistication make it difficult to achieve true decentralization. These factors also contribute to a high possibility of fraud and other bad acts on the part of promoters and operators of platforms.

8. A starting point for regulators to think about ICO regulations. How to regulate a mere market response to overregulation.

A research conducted by Brian Bushee and Christian Leuz on the effects of legislations that required small firms on the over-the-counter bulletin board (hereinafter “OTCBB”) to register with the SEC found that the new rules had a “crowding out” effect on stocks, with nearly 75 percent of the shares targeted by the rules moving off the OTCBB to avoid the SEC registration. The result shows that overregulation ends up pushing many companies further off the grid, where funding may be less available. According to a piece from the Heritage Foundation, not only do these regulations overburden predominantly small and start-up companies, but too much disclosure can also obfuscate rather than inform. The surfeit of information can be overwhelming to investors and hide red flags.

In addition, the cost of centralized financial market regulations likely outweighs potential benefits, as compliance costs are far from trivial. The SEC estimates that the average initial cost of complying with its regulations for stock offerings is usd 2.5 million, with ongoing annual compliance costs of usd 1.5 million. These costs could be prohibitive for many firms, especially small startups.

The rapid rise of ICOs is nothing else than a mere market response to overregulation.

ICOs, anyway, involve high asymmetries of information existing between crypto-assets holders and issuers (due to the complexity of the technology), the risk of irrational behavior (as a result of the market euphoria that is characterizing the crypto market), and the lack of governance mechanisms to protect crypto-assets holders, subject to the risk of opportunism by issuers (due to the lack of corporate law rules usually in place to protect shareholders). Therefore, ICOs should be regulated properly.

While we think that regulations of ICOs are necessary, it has to be noted anyway that:

(i) overregulation could kill innovation at birth, economic liberty, dynamism andoutweigh potential benefits;

(ii) many modern innovations are being created to get around what seem like protectionist and inhibiting regulations;

(iii) regulations should be technologically neutral, and in order to become so, address the actors and not the products themselves;

(iv) far too often (non-accredited, non-qualified, non-sophisticated) investors are denied the opportunity to invest in new and promising technologies and in new companies — all which undermine productive capital formation and economic growth.

Hence, we believe that a light touch regulatory approach is to prefer. Whole, the regulatory approach should be based on addressing primarily actors and behaviors, rather than the very technical matters, and more resources should be spent to investigate fraudulent issuance of tokens.

First of all, we propose a definition of the crypto-assets based on the legal nature, categorizing betweennon-speculative (crypto-assets with real intrinsic usage) and speculative crypto-assets. Speculative crypto-assets are issued speculatively (with little backing, no community backing, and no viable product) and could represent significant risks for non-accredited, non-qualified, non-sophisticated investors (investors with no depth of experience and market knowledge).We argue that the legal classification of the crypto-assetsshould be based on a test that puts substance over form when considering: (i) soliciting a broad base of investors, including retail investors; (ii) using the internet, including public websites and discussion boards, to reach a large number of potential investors; (iii) attending public events, including conferences and meetups, to actively advertise the sale of the crypto-assets; and (iv) raising a significant amount of capital from a large number of investors. This test should be self-assessed by ICO issuers – other than used by regulators – and disclosed in the whitepaper (hereinafter the “speculative crypto-assets test”).

Second, regulators should promote a system of non-excessively burdensome disclosures. As a matter of fact, a system of smart disclosure and the imposition of some minimum requirements for whitepapers– in relation to which regulators should establish a legal presumption stating that any ambiguous provision in the whitepaper should be interpreted in favor of non-speculative crypto-assets – could protect crypto-assets holders, while avoiding excessive costs and bureaucracy. On the contrary, a more traditional empowerment of crypto-assets holdersis not the best option, because it could lead to detrimental governance problems, such as the risk of crypto-assets holders becoming as actual directors if they were given strong rights to make key managerial decisions.

Hence, ICOs, regardless of the legal nature of the crypto-asset, should be required to file electronically a light offering statement to Financial Market Authorities. The filing should have the purpose to disclose and facilitate the collection of information about ICOs and to runex postfraud controls by the Financial Market Authorities.

The filing of ICOs issuing non-speculative crypto-assets(hereinafter “Non-speculative ICOs”) to raise a maximum aggregate amount of usd 1,500,000 in a 12-months period should require the submission of a summary of the following key information (and a whitepaper containing them extensively): (i) a description of the entity’s business; (ii) a description of the risks of purchasing the crypto-assets; (iii) the identity of the project’s key-people with thestatement that no-one of the them has experienced disqualifying events; (iv) the self-assessment of the speculative crypto-assets testand a description of the legal nature of the crypto-assets being offered; (v) the intended use of the proceeds of the offering. The purchaser’s purchase should be limited to usd 3000 if the purchaser is a non-accredited,non-qualified, non-sophisticatedinvestor. There should be no restriction on the resale after a (30 days) “cooling off” period that allows non-accredited, non-qualified, non-sophisticatedinvestors to return the crypto-assets without cost. The purchase of crypto-assets in Non-speculative ICOsshould be prohibited to pension funds and commercial banks, since they invest money from the general public and a potential failure could have consequences for the stability of the financial system.

The filing of ICOs issuing speculative crypto-assets(hereinafter “Speculative ICOs”) to raise a maximum aggregate amount of usd 20,000,000 in a 12-month period or Non-speculative ICOs exceeding the limit of usd 1,500,000 in a 12-months period or the purchaser’s purchase limit of usd 3000 should require the submission of a summary of the following key information (and a whitepaper containing them extensively): (i) a description of the entity’s business, properties, and competition; (ii) a description of the corporate structureand the reasons behind the adoption of the jurisdiction; (iii) a description of the risks of investing in the project; (iv) the identity of the entity’s key people and management; (v) the statement that no-one of the key people has experienced disqualifying events; (vi) a description of legal proceedings involving the company and its key people; (vii) a description of the crypto-assets being offered; (viii) the plan for distributing the crypto-assets; (ix) the intended use and handling of the proceeds of the offering and the investor’s return on investment. The purchaser’s purchase should be limited to usd 10000 if the purchaser is a non-accredited, non-qualified, non-sophisticatedinvestor. There should be no restriction on the resale after a (30 days) “cooling off” period that allows non-accredited, non-qualified, non-sophisticatedinvestors to return crypto-assets without cost. The purchase of crypto-assets in Speculative ICOsshould be prohibited to pension funds and commercial banks.

Speculative ICOs looking to raise a maximum aggregate amount greater than usd 20,000,000 in a 12-months period should be subject, in addition to the filing above, to: (i) a control ex anteby the Financial Market Authority; (ii) the filing of additional biannual progress updates; (iii) the filing of annual reports. The purchaser’s purchase limit should be set by the Financial Market Authority. The purchase of crypto-assets in Speculative ICOsby pension funds and commercial banks could be possible if permitted by theFinancial Market Authority.The Financial Market Authorities could impose “cooling off” periods that allow crypto-asset holders to return crypto-assets within a given period and without cost.

Third, Know Your Customer (KYC) is a universal concept that’s broadly understood in global finance. Know Your Customer/Anti-Money Laundering is a due diligence process by which a company can verify the identity of its customers, making sure that the money they wish to move was acquired legitimately and that the customer is not a part of a sanctioned list, a criminal, a terrorist, or a corrupt organization. While the unnecessary collection of personal information should be avoided, comply with new ICO’s customized but effective KYC / AML light controls (to be introduced) should be required to any ICO.

Fourth, regulators should impose a conduct regulation – i.e. standards of behavior aiming to prevent expropriation by founders and incentivize to do the business in a responsible and transparent way, and do not engage in practices which would be potentially or factually damaging to the image and interests of the ecosystem. The adoption of industry-wide minimum standards on token listings, and the restriction of unfair trade practices like insider trading should also be adopted.

To finish, regulators should pay attention to the valuation of crypto-assets. Otherwise, we might observe unexpected declines that may undermine the stability of the financial system.

PDF version of the article here.