The SEC continues to send messages to the nascent cryptocurrency market. The agency has recently brought enforcement actions and issued a public statement that illustrate the agency’s views on how the federal securities laws apply to crypto or digital asset trading platforms. In the latest enforcement action, the SEC in U.S. District Court, Southern District of New York alleging that a bitcoin trading platform functioned as an unregistered exchange, facilitated unregistered offerings and trading of securities, and defrauded investors by failing to disclose a cyberattack on the platform. The SEC’s Divisions of Enforcement and Trading and Markets also issued a joint public statement on digital asset trading platforms. These latest developments provide insight into the SEC’s views on key issues participants in the digital or crypto asset market face, especially those participants currently operating or seeking to operate a crypto asset trading platform or exchange.
The SEC’s Enforcement Action
On February 21, the SEC filed an action against BitFunder and its founder in federal district court alleging violations of the federal securities laws. The SEC’s key allegations are as follows:
- BitFunder is an unincorporated entity founded by its operator, Jon E. Montroll, in October 2012 and operated out of Montroll’s home in Texas. BitFunder was an online bitcoin fund raiser and trading platform, on which users could create, offer, buy, and sell shares in various virtual currency-related enterprises (referred to as “Assets” and “Asset Shares” on the BitFunder website), using bitcoin as the form of payment.
- BitFunder required users to register with an Australian virtual currency exchange, WeExchange, and deposit bitcoins into a single digital wallet maintained by WeExchange in order to trade on BitFunder. Users’ bitcoins were commingled in the wallet and Montroll had control over WeExchange and the wallet maintained by WeExchange.
- Users on BitFunder’s platform could buy and sell Asset Shares in initial and follow-on offerings by listing Asset Shares on the platform. Users also could buy and sell Asset Shares in secondary market trading. In exchange for the trading services it offered, BitFunder charged a transaction-based fee whenever a user sold Asset Shares. Montroll manually calculated how much BitFunder was owed in accrued transaction fees and withdrew those fees from the WeExchange wallet from time to time.
- Separately, in July 2013, Montroll individually offered and sold certain securities, called Ukyo Notes or Ukyo Loans, on BitFunder’s platform as one of the platform’s listed Assets and represented that he would use the proceeds from the offering for private investment purposes, including Bitcoin related activities and “offline business opportunities,” and promised to pay investors certain daily interest.
- Shortly after the beginning of the Ukyo Notes offering in July 2013, BitFunder’s platform suffered a cyberattack over the course of five weeks, which resulted in the theft of approximately two-thirds of the bitcoins in the wallet maintained with WeExchange, which had a value of approximately US$775,000 at the time of the theft. As early as the first week of the cyberattack, and during the offering of the Ukyo Notes, Montroll knew of the cyberattack and the bitcoin theft. Yet, Montroll did not restore the wallet to its previous bitcoin balance prior to the theft or inform BitFunder users of the theft. He also did not disclose the cyberattack to Ukyo Notes investors.
- After the cyber theft of bitcoins, Montroll continued to operate BitFunder and solicit new users and accept their bitcoin deposits, earn transaction fees, and raise funds from Ukyo Notes investors. When BitFunder users had problems withdrawing their bitcoins because of the bitcoin deficit caused by the theft, Montroll claimed that the delays arose from technical issues with BitFunder’s platforms. Montroll also withdrew bitcoins from the WeExchange Wallet and converted them to fiat currency to pay personal expenses. The bitcoin deficit ultimately caused Montroll to shut down BitFunder by November 2013.
The SEC’s charges fall into four categories:
- Unregistered Exchange: The SEC alleges that BitFunder violated the exchange registration requirement in Section 5 of Securities Exchange Act of 1934 (Exchange Act) for acting as a securities exchange and effecting transactions in securities without being registered as a national securities exchange or exempted from such registration.
- Securities Fraud: The SEC alleges that, BitFunder and Montroll violated Section 10(b) of the Exchange Act and Rule 10b-5 thereunder, and Section 17(a) of the Securities Act of 1933 (Securities Act) (with respect to Montroll only), for misrepresenting the use of money raised from the offering of the Ukyo Notes, failing to disclose the cyberattack and the resulting bitcoin theft to Ukyo Notes purchasers and continuing to operate and solicit and accept bitcoin deposits from new users, and defrauding purchasers of the Ukyo Notes and users of BitFunder.
- Unregistered Securities Offering: The SEC alleges that Montroll violated Section 5 of the Securities Act by offering and selling unregistered securities (Ukyo Notes) without filing a registration statement with the SEC.
- Control Person Liability: The SEC charged Montroll as a “control person” liable under Section 20(a) of the Exchange Act, alleging that he controlled BitFunder and was a “culpable participant” in BitFunder’s failure to register as a securities exchange.
Public Statement of Divisions of Enforcement and Trading and Markets on Online Trading Platforms
On March 7, 2018, the SEC Divisions of Enforcement and Trading and Markets (Staff) issued a joint public statement on digital asset trading platforms. The Staff pronounced that many of these platforms may be required to register with the SEC as a national securities exchange or be exempt from registration. The Staff alerted investors that the SEC did not review the standards for picking digital assets for trading or the trading protocols used by the trading platforms and that these standards or protocols should not be equated to, or assumed to meet, the standards of an SEC-registered national securities exchange. In addition, although many online digital asset trading platforms appear to perform exchange-like functions, investors using these platforms should not believe that the pricing and execution data offered by the online digital asset trading platforms would have the same integrity as that provided by national securities exchanges.
What the Latest Developments Mean to Crypto Market Participants
The SEC’s charges in the BitFunder case and the Staff’s statement on digital asset trading platforms send several important messages to crypto market participants:
- Crypto asset trading platforms may need to register with the SEC as an exchange or as an Alternative Trading System or ATS (described below).
The BitFunder complaint is the first time the SEC filed charges against a digital or crypto asset trading platform using bitcoin as the payment currency, alleging that BitFunder operated as an unregistered securities exchange. The SEC did not allege that bitcoin is a security. Rather, the driver of the SEC’s unregistered exchange charge is the allegation that the Assets and Asset Shares traded through BitFunder were themselves securities. By characterizing the Assets as securities, the SEC could analyze BitFunder’s operations in light of the legal definition of an “exchange.” Under the Exchange Act, any organization, association or group of persons that maintains or provides a market place or facilities for bringing together buyers and sellers of securities or otherwise performing the functions commonly performed by a stock exchange would fall within the definition of an exchange, and would be required to register with the SEC.
To assess whether registration as an exchange is necessary, operators of digital and crypto asset trading platforms should first determine whether any of the digital or crypto assets traded on their platforms are securities. Jay Clayton, the SEC’s Chairman, recently emphasized that whether a token is a security is a matter of substance, not form. Chairman Clayton stated that many tokens denominated “utility tokens” are, in substance, securities. The test for whether tokens are securities is whether token purchasers invested in a common enterprise with reasonable expectations of profits generated through the efforts of others. The SEC recently determined that an initial coin offering (ICO) for so-called utility tokens was a securities offering since, among other attributes the ICO promoters emphasized the secondary market trading potential of the tokens.
If crypto assets traded on a platform are securities, the platform should consider whether it engages in the “activity of a national securities exchange.” To fall within the definition of an exchange, a crypto asset trading platform must operate a system that both:
- Brings together the orders of multiple buyers and sellers for securities
- Uses established, non-discretionary methods (whether by providing a trading facility or by setting rules) under which the orders interact with each other, and the buyers and sellers entering the orders agree to the terms of a trade
Trading platform operators should consider how the SEC determined that BitFunder operated as an unregistered exchange. In BitFunder, the SEC found that the system BitFunder operated met the criteria described above because:
- BitFunder used an electronic system that allowed multiple users to post bids and offers for listed Assets that users obtained in an initial offering.
- Users could buy or sell Asset Shares by entering limit orders or market orders on the platform on an anonymous basis, which would then match against orders resting on the system from other users according to pre-programmed order interaction protocols based on price and time priority that Montroll established.
- Upon a match, BitFunder would automatically execute the orders.
- BitFunder publicly displayed all its quotes, trades, and daily trading volume in all of its listed Assets on its website. It did not receive orders for any Asset Shares from anyone other than its users and it did not route its users’ orders to any other trading venue.
If the operators of a digital or crypto asset trading platform determine that the platform meets the criteria described above, the platform is required to be registered with the SEC as a national securities exchange unless it can rely on an exemption from registration. Practically speaking, this means that the platform must either register as an exchange or rely on the exemption from exchange registration available to an alternative trading system (ATS) pursuant to Regulation ATS. Under Regulation ATS, an ATS must register as a broker-dealer and file Form ATS with the SEC to provide non-public notice of the ATS’ operations prior to commencement of its operation.
- A crypto asset trading platform should consider disclosing material cybersecurity breaches to users.
The BitFunder case makes clear that the SEC believes cyber theft is material to investors in tokens deemed securities that are traded on a crypto platform. The SEC expects prompt disclosure to investors of all material facts related to their investments, which includes disclosure of cyber theft.
- Operators of crypto platforms that permit trades in securities need to assess the quality of their current systems and risk management and determine whether the systems and governance of risk management need to be enhanced to come into compliance with the regulatory requirements under the US securities laws.
Market infrastructure entities like securities exchanges and ATS are subject to extensive regulation, including a host of requirements related to cybersecurity. The regulatory requirements for exchanges and certain ATS impose system requirements regarding capacity, integrity, resiliency, security, and compliance. These requirements may be unfamiliar territory to the existing crypto asset trading platforms, as none of the platforms are yet registered as a national securities exchange or are operating as an ATS. As a result, crypto platforms may not yet be compliant with technology systems requirements imposed by the securities regulations. Since the blockchain technology that creates and enables crypto assets is nascent, the crypto trading market currently lacks a resilient market infrastructure similar to the securities market infrastructure. The current securities market infrastructure includes a central securities depository for immobilized and dematerialized securities, and clearing banks and clearing agencies for making payments and delivering securities. The developing technology used by crypto trading platforms also appears to be vulnerable to cyber attacks and other operational risks that can expose digital wallets used to custody securities tokens and bitcoins to theft and misappropriation, resulting in loss of investor funds. In addition, if the platform’s user on-boarding requirements do not encompass a robust “know-your-customer” and operational risk management process, the crypto asset trading platform and the custody of crypto assets are exposed to open entry points, which, if breached, would pose a security threat to the trading platform and custodian of crypto assets, and subject the assets to theft. This was essentially what happened to BitFunder.
- Individuals who control crypto asset trading platform may have personal liability for the platform’s violations of the US securities laws.
The SEC illustrated its commitment to “individual accountability” in enforcement actions by suing BitFunder’s operator as a control person liable for the platform’s violations of the US securities laws. Under the Exchange Act, a person who directly or indirectly controls an entity liable under any provision of the Exchange Act, or the SEC’s rules promulgated under the Exchange Act, may be liable jointly and severally with, and to the same extent as, the entity under such person’s control, unless the controlling person acted in good faith and did not directly or indirectly induce the controlled entity’s violation. Therefore, the individual operators of crypto platforms should be aware of their potential personal liability if the trading platform violates the US securities laws.
The SEC’s latest action and statements make clear that the agency will apply the existing securities regulatory framework to the crypto market and will not hesitate to use the agency’s enforcement power to hold platforms and the individuals who operate them accountable under the federal securities laws. Operators of crypto trading platforms need to be aware of the SEC’s regulatory framework and take steps to ensure compliance with the federal securities laws.
 See Securities and Exchange Commission against Jon E. Montroll and BitFunder, 1:18-cv-01582, filed February 21, 2018, available at https://www.sec.gov/litigation/complaints/2018/comp-pr2018-23.pdf.
 See Statement on Potentially Unlawful Online Platforms for Trading Digital Assets, March 7, 2018, available at https://www.sec.gov/news/public-statement/enforcement-tm-statement-potentially-unlawful-online-platforms-trading.
 See Sections 3(a)(1) and 5 of the Exchange Act, 15 U.S.C. §§ 78c(a)(1) and 78e.
 See SEC Chairman Jay Clayton Statement on Cryptocurrencies and Initial Coin Offerings, December 11, 2017, available at https://www.sec.gov/news/public-statement/statement-clayton-2017-12-11.
 See Rule 3b-16(a) under the Exchange Act, 17 CFR 240.3b-16(a).
 Rule 3a1-1(a)(2), 17 CFR 240.3a1-1, exempts from the definition of “exchange” under Section 3(a)(1) an ATS that complies with Regulation ATS. Therefore, an ATS that operates pursuant to the Rule 3a1-1(a)(2) exemption and complies with Regulation ATS would not be subject to the registration requirement of Section 5 of the Exchange Act.
 Section 20(a) of the Exchange Act, 15 U.S. C. § 78t.
This post comes to us from Latham & Watkins. It is based on the law firm’s client alert, “SEC’s Recent BitFunder Charges and Statement on Digital Asset Trading Platforms — What They Mean to Crypto Market Participants,” dated March 12, 2018, and available here.