ICO Compliance: AML, KYC, SEC & FINRA – What You Need to Know Before You Launch an ICO
Initial coin offerings (“ICOs”) are riddled with compliance obligations, reporting requirements, and continuous monitoring and recordkeeping responsibilities. Implementing a robust compliance policy that contains clear anti-money laundering (“AML”) and know-your-customer (“KYC”) procedures is critical. Many companies that have already completed an ICO or that are considering launching an ICO are finding themselves subject to new laws and regulations.
Federal authorities such as the Securities and Exchange Commission (“SEC”), Commodity Futures Trading Commission (“CFTC”), Financial Crimes Enforcement Network (“FinCEN”), and Financial Industry Regulatory Authority (“FINRA”) are especially eager to investigate individuals and companies seeking to raise money through an ICO. If conduct indicative of criminal activity is revealed, agencies such as the Federal Bureau of Investigation (“FBI”) and the Department of Justice (“DOJ”) will also get involved. While the SEC and FINRA have been the most active in scrutinizing recent ICOs, these agencies will waste no time referring cases over to other federal departments for criminal prosecution. Individuals should respond proactively by hiring an attorney with experience dealing with federal agency investigations, their rules and regulations, and ICO planning and defense.
ICOs: Definition, Compliance, and Regulatory Issues
ICOs are a popular method for raising capital that use cryptocurrency and blockchain technology. They are being used more often by start-ups for immediate fundraising. The coin/token is created to provide for this fundraising. Individuals who are interesting in participating in the ICO can purchase the coin/token with the expectation and hope that their investment will increase in value.
ICOs create many compliance obligations. For instance, even though cryptocurrency transactions are a recent phenomenon, licensing and AML/KYC laws could still be required under the Bank Secrecy Act (“BSA”). Further, federal agencies such as the SEC continue to face multiple regulatory burdens when deciding how, when, and to what extent ICOs should be regulated. The SEC has, however, definitively stated that ICOs may be deemed securities offerings under many circumstances and subject the company issuing the coin/token to registration obligations under the federal securities laws.
AML/KYC Laws under the Bank Secrecy Act (BSA) and the PATRIOT Act
AML/KYC laws aim to protect financial institutions such as banks from being used to perpetrate financial crime such as money laundering. Various requirements are imposed predominately by the Bank Secrecy Act and the PATRIOT Act. The Bank Secrecy Act requires banks and other financial institutions to maintain reports on their customer’s transactions and activities. The BSA is very specific on compliance. It requires establishing internal controls for the entity’s compliance including compliance training and testing.
The PATRIOT Act requires banks and other financial institutions to follow more verification and compliance obligations. Some of these obligations include gathering customer ID information, SSNs, tax information as well as verification of these details. Additional obligations are extensive recordkeeping requirements and notification procedures for suspicious activities, collection policies, verification, and so on.
ICOs and the SEC/FINRA
The SEC has been following ICOs for some time. Because the coin/token issued during the ICO may be a “security” in the eyes of the SEC, the individual or entity responsible for issuing it to the public must comply with the federal securities laws. The first and primary obligation under the securities laws is that every security offered to the public must be registered with the Commission or fall under an applicable exemption. Thus, if the coin/token is considered a security and the individual does not want it registered, it must be exempt to avoid liability. Regulation D is one of the most common exemptions from SEC registration, which has both obligations and limitations such as an accredited investor limitation. Its purpose is to allow start-ups to raise capital via a public offering without having to worry about the substantial costs of registering their offering. This is true too where the public offering involves coins or tokens—an ICO. In any event, a challenge has been verifying whether certain investors are accredited investors since many ICOs are pseudonymous—their names are not revealed. This has and continues to present a significant challenge for federal agencies.
As a private self-regulatory organization that mainly regulates brokerage firms, broker-dealers, and markets, FINRA remains committed to issuing investor alerts on ICOs. Its investor alerts focus on informing investors of the uncertainty surrounding ICOs, risks, verification challenges, risks of fraud, market manipulation, and volatility.
Considerations Before Launching ICO
If you are thinking about launching an ICO for your start-up to raise capital or are thinking about participating in an ICO as an investor, there are several important considerations:
- The coin/token to be offered may be a security and therefore subject to the federal securities laws. If this applies to the coin or token in the offering, then the coins or tokens must be registered with the SEC.
- If the coin/token is a security, consider whether the issuing firm needs to be licensed or registered. Sometimes the investment firm, advisers, or investment professionals have to be registered in addition to the securities.
- Online platforms and “exchanges” are not SEC registered exchanges. Online trading platforms—even if they call themselves “exchanges”—are not registered or regulated entities.
- A clear business plan should be present before an ICO is launched. Details should include what investor money will be used for, what rights the investors will have, whether the investors will be able to get their money back, whether there are resale possibilities, remedies, and so forth.
- Assess the fraud, theft, and hacking risks associated with the coin/token. Because the coins/tokens in an ICO are virtual currencies, they are susceptible to fraud, malware attacks, and hacking. Working to keep the coins/tokens secure is the utmost priority.
- Make sure the coin/token is sufficiently differentiated from other coins/tokens issued in ICOs. There are many ICOs being carried out today. Investors therefore have many options of coins/tokens to invest in. An important task is working on differentiating your coin/token.
- Think through all development, programming, and technology issues. These issues include blockchain creation versus blockchain forks, public versus private blockchain, strong coding process, and collaborating with miners.
- Understand that ICOs offer little investor protection. Many ICOs are offered without following all federal regulatory guidelines and do not provide the same disclosures as would a typical public stock offering. Because of this, recourse available to investors is extremely limited.
- ICO compliance will need continuous updating and improving. Obligations do not stop after the ICO. After the coin/token is introduced into the market and investors, continuous improvements will be needed.
- ICO valuations and fluctuations in price are not due to reliable market conditions but based on the “fear of missing out” (“FOMO”). ICO volatility is based largely on investor fear of missing out on large profits and not based on reliable factors such as market conditions, audited financial statements, company disclosures, and risk profile.
ICOs are novel fundraising events that introduce a new coin/token to the public. The company or individual responsible for organizing the ICO is seeking to raise capital quickly while the investors who purchase such coins/tokens are hoping to receive a windfall. Together with banking obligations such as AML/KYC policies, federal agencies are starting to react very aggressively to the exponential increase and prominence in ICOs. The SEC, for instance, is considering many of these offerings to be unregistered securities and therefore subject to several penalties. If fraud, crime, theft, or any other misconduct is discovered within the ICO, federal agencies have also expressed willingness to bring criminal prosecutions at times. If you are considering launching an ICO or are seeking to participate in an ICO, consulting an experienced ICO attorney would be a good defense tactic.