0x Legal Guide
The wide variety of projects that can be built integrating 0x means that there are no uniform legal standards applicable to all projects. That being said, there are certain legal regimes that are more likely than others to impact the projects being built on 0x. This document surveys some of the relevant laws and regulations that developers should be aware of and potentially seek qualified and individualized legal advice on to ensure compliance.
The information below is not legal advice. This is general legal information intended as a resource to the 0x ecosystem. To understand how this information may impact your project specifically, hire a good lawyer.
How all of the laws intersect with the exchange of crypto assets possible through 0x is still an evolving issue and demands careful consideration. For additional resources, check out the 0x Legal Library that contains links to important cases, statements from regulators, and other legal commentary specific to the crypto asset industry.
In the U.S., a complex web of laws and regulations apply to activities involving financial instruments that meet the legal definition of a security. There are laws addressing everything from how and where securities can be sold, who can own certain types of securities, and what must be disclosed to securities investors. As a result, an important threshold question that must be answered by anyone working with crypto assets is which transactions involve securities.
So what is a security? Unfortunately, as even federal courts have recognized, the definition of a security is "broad and ambiguous." Consequently, it is difficult to layout a bright line rule by which a security can easily be distinguished from a non-security. Instead, courts have designed a flexible test that is intended to "to meet the countless and variable schemes devised by those who seek the use of money of others on the promise of profits."
In particular, the U.S. Supreme Court has outlined a four-part test for determining whether a transaction qualifies as a form of a security called an “investment contract." Originally set forth in SEC v. W.J. Howey Co., the Court has explained that a transaction is an “investment contract” when it involves (1) an investment of money (2) in a common enterprise (3) with an expectation of profit (4) to be derived from the efforts of others.
There is a long history of cases interpreting whether various financial instruments meet this definition of a security, covering everything from bank certificates of deposits to interests in whiskey barrels. Some of the most influential cases have been compiled here. However, there are many more cases analyzing various elements of the Howey test, each hinging on the specific facts of the particular transaction.
As proof of the inherent difficulty in defining a clear border between what is and is not a security, there have been numerous instances of courts applying the Howey test to seemingly similar transactions and coming to different results. For example, there are several cases holding certain real estate leases to be securities when offered in a particular manner. Likewise, there are numerous cases addressing when the sale of a tangible product like the sale of beavers may be offered as part of a securities transaction. These cases demonstrate that courts place less of a premium on the nature of the underlying product being sold and more on the manner in which it was sold.
It is important to understand that the primary way the law develops in the U.S. is through the application of existing legal precedent by courts to cases that present new fact patterns not previously contemplated. As of early 2019, very few U.S. courts have wrestled with how to apply the Howey test to crypto asset transactions, so it is still unclear how certain lines will be drawn to delineate securities from non-securities. There are a handful of cases pending in front of courts that may result in decisions that directly address this issue, and inevitably there will be future cases so long as certain teams use the sale of crypto assets as a way to promise future profits to third parties. For now, though, most agree that there is a lack of clarity for developers building projects in this industry.
Moreover, there is significant confusion even among lawyers as to how Howey should apply in the context of secondary market transactions in which the original token issuer is not directly involved. Even if an initial sale of a token had some of the hallmarks of a securities offering, it is unclear whether a subsequent transaction by a token holder to, for example, trade the token for a cryptokitty is somehow also a securities transaction. This confusion stems in part from the fact that virtually every historical case applying Howey deals with a transaction in which a promoter is promising some form of financial return to the counterparty.
In the context of this unclear regulatory environment, developers integrating 0x are left to make good faith attempts at trying to comply with the securities law. For many offering a portal or platform for customers to trade crypto assets, this generally should involve conducting an analysis of each token and its underlying network before listing the asset on the platform. Some helpful factors to analyze include:
- How was the initial token sale or distribution conducted, including what did the development team represent to prospective tokens purchasers?
- How is the token designed to operate within the network being created, including whether the design is meant to confer specific financial returns to the token holder or instead be used in some consumptive manner?
- What is the current status of development on the underlying network or project, and is their interest and involvement from those other than the team that issued the tokens?
This suggested framework is not meant to be comprehensive, and depending on the nature of the project being developed, it may be helpful to work directly with lawyers to design a process that provides adequate protection.
The Securities and Exchange Commission (SEC), the primary regulator of the securities market in the US, has been active in voicing its opinion about certain activities in the crypto asset industry. The SEC's first major foray in the industry came in July 2017 in the form of a report stating that sale of tokens by "The DAO" constituted the sale of securities. The SEC has since reached settlements with several industry participants and also issued several statements about when certain activity within the industry may be subject to securities regulations. A complete listing of those documents can be found here. Notably, some members of the SEC have said that they believe that the vast majority of tokens sold as part of a fundraising effort (so called "ICOs") were securities offerings.
In March 2019, the SEC's Strategic Hub for Innovation and Financial Technology (aka FinHub) issued a framework intended to help those within the crypto asset industry evaluate which assets may be viewed by the Staff of the SEC as securities. The FinHub framework identifies numerous factors to consider when analyzing whether the sale of a crypto asset meets the final two prongs of the Howey test, i.e., whether there is an expectation of profit based on the efforts of a third party. The framework places a strong emphasis on factors used to determine whether an "Active Participant" exists that provides "essential managerial efforts that effect the success of the enterprise, and investors reasonably expect to derive profits from those efforts."
Currently, one of the largest areas of debate relating to the SEC's position on the crypto asset industry is how it plans to apply securities law to the secondary market trading of tokens that may have initially been sold as part of a securities offering. The SEC's own Director of Corporate Finance has opined that "strictly speaking, the token – or coin or whatever the digital information packet is called – all by itself is not a security." Instead, the Director appropriately noted that "a careful and fact-sensitive legal analysis" of secondary market trading is necessary, focused on how the token is offered and sold, including the reasonable expectations of purchasers. The Director offered one standard for determining when a token is not a security based on whether the network upon which a token exists is "sufficiently decentralized." In a speech proposing this standard, the Director also laid out several factors that could be considered to determine whether a token is "sufficiently decentralized." The more-recent FinHub framework also addresses this issue but does not use the term "sufficiently decentralized." Instead, the framework lays out several factors to be analyzed around whether the value of the asset is still dependent on the efforts of the "Active Participants" and to what extent the underlying network technology is fully functional.
The primary takeaway from these statements is that the SEC has recognized that a crypto asset previously sold in a securities offering can later be sold on the secondary market in a non-securities transactions under certain circumstances. However, there are still many questions to be answered about the standard the SEC will use to distinguish between securities and non-securities transactions of crypto assets. Furthermore, despite advocating for a nuanced analysis of each token's network to make such a determination, the SEC has not actively engaged with this concept in the enforcement actions it has brought against certain industry participants. Instead, the SEC has issued orders in settled cases involving secondary market participants in which it has alleged without further explanation that the tokens themselves are the securities. Therefore, it is unclear exactly what analysis is currently actually being applied as it relates to secondary market transactions of crypto assets.
There has been significant debate about the SEC's general position relative to the crypto asset industry. Many have called on the SEC to provide greater clarity to the industry and to avoid regulating by enforcement. Most notably, for the first time ever, a crypto project in the SEC's crosshairs has decided not to settle and instead litigate against the SEC in court. The SEC filed a complaint in federal court that alleges that Kik Interactive conducted an unregistered securities offering when it sold Kin tokens for approximately $100 million dollars in other assets. Kik's submission to the SEC arguing that it should not be sued was released to the public, and together these two documents present the stark difference in opinion that some within in the industry have aboue the SEC's current approach to crypto assets.
The Kik case will play out in court and could potentially result in judicial decisions that provide further clarity as to how securities law will apply. However, there have also been efforts outside the judicial realm, and even some early legislative bills in Congress, calling for the creation of standards defining the line between securities and non-securities more clearly.
Important sidenote: All statements from the SEC, such as the speeches cited in this section as well as all SEC orders that result from settlements with alleged wrongdoers, do not constitute binding law and should generally be interpreted as merely reflecting the position of the SEC. To what extent courts applying the law will agree or disagree with the SEC's positions remains to be seen.
Most of the securities law discussion in the industry to date has focused on the threshold question of what is a security. This makes sense because there is no need to look at other aspects of the securities laws if a transaction does not involve a security. But so long as the question of which crypto assets may be securities remains unclear, it is also important to consider a few of these other areas of securities law.
For projects integrating 0x, one area of focus should be what constitutes a securities exchange. A securities exchange is defined as "any organization, association, or group of persons that: (1) brings together the orders of multiple buyers and sellers; and (2) uses established non-discretionary methods (whether by providing a trading facility or by setting rules) under which such orders interact with each other, and the buyers and sellers entering such orders agree to the terms of the trade." Any platform meeting the definition of a securities exchange generally must register with the SEC and follow a number of restrictive rules.
The current rule adopted by the SEC relating to exchanges was modernized in 1998 in response to market participants incorporating technology that the existing "regulatory framework, designed more than six decades ago, did not envision." Obviously, the pace of technological development has only increased since 1998, and some of the concepts set forth in the SEC's formal interpretation of the rule are difficult to apply, particularly to concepts presented by blockchain technologies.
In November 2018, the SEC settled an action with the founder of a trading platform called EtherDelta on the basis that the platform was an unregistered securities exchange. In its settlement order, the SEC alleged that some of the 500 tokens listed on EtherDelta were securities although it did not identify which ones. The SEC then alleged that EtherDelta operated as an exchange because:
"EtherDelta brought together orders by receiving and storing orders in tokens in the EtherDelta order book and displaying the top 500 orders (including token symbol, size, and price) as bids and offers on the EtherDelta website. EtherDelta provided the means for these orders to interact and execute through the combined use of the EtherDelta website, order book, and pre-programmed trading protocols defined in the EtherDelta smart contract. These established non-discretionary methods allowed Users to agree upon the terms of their trades in tokens on EtherDelta during the Relevant Period."
As explained above, settlement orders like this are not binding law. Moreover, every case is fact-dependent such that this order cannot answer how the SEC would view marketplaces where the various functions operate differently, are distributed among different parties, or where all tokens are not indiscriminately offered to users. However, this provides the first practical insight into which issues the SEC is focusing on when analyzing trading platforms and should be closely considered by any trading platform.
When we think about commodities, historically this term has been used to refer to agriculture products like wheat, corn and sugar. However, U.S. law has evolved to define a commodity extremely broadly to also include "all services, rights, and interests . . . in which contracts for future delivery are presently or in the future dealt in.” As a result, almost anything (except onions) can constitute a “commodity” under the definition.
The Commodities Futures Trading Commission (CFTC) is the primary regulator of "commodities interests". The CFTC has taken the position that some virtual currencies like Bitcoin are commodities, and there have already been court cases that agree with this position. Based on the broad definition discussed above, it is possible that virtually every crypto asset can be legally defined as a commodity. From a practical perspective, it seems that the CFTC is taking a deliberate approach to the crypto asset industry, and is not actively extending its jurisdiction where, for example, the SEC may first want to identify an asset as a security. Moreover, it remains to be seen whether the CFTC will identify some limit to the definition of a commodity for assets like non-fungible tokens and crypto collectibles.
Commodities are regulated very differently than securities. Indeed, just because something is a commodity does not mean that it is subject to specific rules such as the requirements around securities governing who can purchase them, how they must be offered, etc. This is due to the fact that, historically, the spot market for trading commodities has been considerably smaller than the market for trading derivatives of commodities. Most people do not trade actual stalks of corn for cash. Instead, most people trade contracts based on the future price of corn (or other commodities) - i.e., futures contracts. However, with crypto assets, much of the exchange activity occurs in the spot market.
There are no laws directly regulating spot market transactions for commodities (i.e., transactions that involve the full payment of the purchase price and contemporaneous delivery of commodity at the time the transaction is entered by the parties). The CFTC has limited authority to police the spot markets for fraud and manipulation, but cannot adopt rules that directly control how spot market participants transact.
U.S. law does set forth detailed restrictions for a wide range of non-spot market transactions, including those involving commodities derivatives, future delivery or financing, leverage, or margin. As a result, the CFTC has been actively regulating nascent futures markets in commodities like Bitcoin. Additionally, the CFTC has been monitoring smart contract applications closely and has put out statements explaining that certain actors must comply with applicable regulations when using smart contracts to facilitate regulated transactions in commodities interests, such as forwards, futures, options and swaps.
At a high level, a CFTC-regulated transaction can only be conducted over regulated exchanges, which include, depending on the type of transaction, Designated Contract Markets (“DCMs”) and Swap Execution Facilities (“SEFs”). Exceptions to this requirement may apply, but broadly speaking, these exceptions are only available to certain sophisticated market participants or high-net-worth individuals. In addition, the CFTC directly regulates the intermediaries that facilitate CFTC-regulated transactions, including introducing brokers, futures commission merchants, swap dealers, commodity pool operators, or commodity trading advisors. The application process to become a DCM, SEF, or regulated intermediary is costly and difficult, and regulated exchanges and intermediaries are subject to extensive ongoing regulatory oversight by the CFTC.
The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) maintains a list of people that U.S. persons are not permitted to transact with in any manner. The list can generally be broken down into two categories: 1) People from specific embargoed countries and geogpraphic areas such as Iran, North Korea, and Syria; and 2) people on the Specially Designated Nationals (SDN) list, which is comprised of select individuals responsible for particularly bad behavior like human trafficking or government corruption.
Unlike most other U.S. financial laws that establish process-based rules that must be followed, OFAC sanctions simply prohibits certain activity - i.e., doing business with people on the sanctions list. Relatedly, sanctions laws impose strict liability, meaning there is no legal defense for someone who tried to do the right thing. That being said, historically, the consequences for those who purposefully evade or ignore sanctions laws are much more severe than for those who attempt to avoid transacting with a sanctioned person. Indeed, consequences can be as severe as criminal prosecution and jail time.
In practice, most companies implement risk-based processes custom tailored to their business in order to avoid sanctions violations. The convenience store in Michigan faces virtually no risk of conducting significant business with sanctioned individuals and thus likely does not need a "know your customer" (KYC) program. On the other hand, a U.S. affiliated bank operating in countries that rank high in corruption will likely need to be able to conduct thorough background checks on customers to ensure compliance.
OFAC sanctions is one of the legal regimes that does not suffer from a significant lack of clarity when applied to most crypto asset projects. For any U.S. person operating such a project, they are potentially liable if a sanctioned individual uses their service. For more information, OFAC has included some frequently asked questions about virtual currencies on its website. Notably, OFAC states that it may identify certain virtual currency wallet addresses belonging to individuals on the SDN list so that U.S. persons can block transactions with that address. The first instance of this practice occured in November 2018, 2h3n OFAC identified bitcoin wallet addresses belonging to two individuals added to the SDN list.
The extent of the risk of exposure to sanctioned individuals and countries can vary widely based on the specific project, and may be influenced by such variables as the type of assets being offered, the volume of transactions being facilitated, the areas in which the service is available. Ultimately, there is no one-size-fits-all to OFAC sanctions compliance but it is an issue that each project should consider.
U.S. law requires certain intermediaries in the financial system to assist in detecting and preventing money laundering activity and terrorist financing. Specifically, the Bank Secrecy Act (BSA) requires certain “financial institutions” to assist the U.S. government by, for example, implementing risk-based anti-money laundering (AML) programs and filing reports with the government when suspicious transactions are identified by those programs.
The types of financial institutions covered by the BSA range broadly and include everything from banks to casinos. Importantly, for developers working with crypto assets, the BSA applies to “money services businesses,” a category that is further subdivided to include “money transmitters.” The Financial Crimes Enforcement Network (FinCEN), which is the primary federal regulator responsible for enforcing the BSA, has interpreted certain businesses involved in crypto assets to fall under the definition of money transmitters such that they must comply with the BSA.
So what is a money transmitter? A money transmitter is defined as anyone involved as a business in “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission . . .to another location or person by any means.” When adopting this language, FinCEN confirmed that the reference to “other value that substitutes for currency” was intended to capture informal value systems that do not involve the transfer of fiat currency. The BSA regulations make the determination of whether someone is a money transmitter explicitly based on the specific “facts and circumstances,” which is a signal in the legal world that the definition is meant to be broad and flexible.
In 2013, FinCEN issued guidance directed in part at the crypto asset industry delineating when FinCEN considered certain crypto businesses to be money transmitters. Specifically, FinCEN differentiated between three categories of people involved with so-called "convertible virtual currencies". As a preliminary matter, FinCEN defines convertible virtual currency as a "medium of exchange" that "either has an equivalent value in real currency, or acts as a substitute for real currency."
It should be evident from this broad definition that most of the current tokens widely available on the market likely meet this definition, particularly most ERC-20 tokens. However, we can also look to the other end of the spectrum and see how a non-fungible token in the form of a cryptocollectible may not meet this definition as it is hard to imagine how we could use something like cryptokitties as a medium of exchange despite each potentially having some discoverable value in fiat.
Where the line is between what is and is not a convertible virtual currency is not well defined yet. There have only been a few court cases addressing which tokens meet the definition of a convertible virtual currency. A handful of cases have confirmed that bitcoin is a convertible virtual currency. Separately, Ripple settled a case brought by the government that was premised on XRP being a convertible virtual currency. But with respect to the ever-increasing number of tokens available on the market, the only source of guidance is the language of the definition and statements by FinCEN that indicate that they interpret the term broadly to cover many tokens.
For now, let's assume we are dealing with a token that meets the definition of a convertible virtual currency. The guidance describes certain activities involving convertible virtual currencies that constitute money transmission. Specifically, FinCEN created the following categories:
- User - A user is defined as someone who obtains convertible virtual currency in order to purchase goods or services. In subsequent statements from FinCEN, this definition has been broadened somewhat to include someone who purchases convertible virtual currency as investment for his or her own account.
- Exchanger - An exchanger is defined as someone engaged in the business of exchanging virtual currency for real currency, funds, or another virtual currency by either 1) accepting and transmitting a convertible virtual currency or 2) buying and selling a convertible virtual currency for any reason.
- Administrator - An administrator is defined as someone engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency. As most crypto assets are issued without an ability to mandate redemption, this definition is generally not that relevant for our purposes.
Since issuing its initial guidance in 2013, FinCEN has clarified these definitions in subsequent "Administrative Rulings." In one of these administrative rulings, FinCEN clarified that a person who exchanges virtual currency for their own account as not as a business service to third parties is considered a user and not an exchanger. In another ruling, FinCEN stated "[t]he production and distribution of software, in and of itself, does not constitute acceptance and transmission of value, even if the purpose of the software is to facilitate the sale of virtual currency. "
For teams developing on 0x, there is a strong argument that the definition of exchanger does not apply to someone who does not take custody of another person's virtual currency. As explained thoughtfully in this report from Coin Center:
"A non-custodial exchange is probably not an exchanger or a money transmitter. If, like Craigslist or any other online classified advertising service, the business merely helps individual buyers and sellers find and communicate with each other, then it is never “accepting and transmitting” tokens or bitcoins for its users, nor is it “buying or selling” tokens or bitcoins. It may be commonly understood as an exchange because it deals in exchange-related information (e.g. order-books, offers, acceptances, communications between buyers and sellers) but it, as a company, is never doing the actual currency conversion or handling the actual tokens or money; that all happens peer-to-peer. Another way to characterize what these companies do is: development of a web-based software tool (e.g. a website) that facilitates peer-to-peer exchange. As we discussed earlier, FinCEN’s Software and Investment Ruling describes mere software development and distribution as outside the scope of BSA regulation."
The facts and circumstances of any particular project built on 0x may impact this analysis. As with this entire primer, the above is just intended as a legal resource and for actual legal advice on any particular project or situation, you should hire a lawyer.
Regarding Crypto Assets
Important Howey Test Cases
- Proposed framework from SEC's FinHub as to how to analyze whether the sale or offering of a digital asset constitutes a security in the form of an investment contract.
- Statement on Digital Asset Securities Issuance and Trading (Nov. 16, 2018)
- Statement from multiple SEC divisions highlighting recent enforcement actions and providing some guidance on the SEC's interpretation about the intersection of securities law and token offerings and trading.
- SEC Settlement Order re: TokenLot (Sept. 11, 2018)
- Settlement based on allegations that TokenLot operated as an unregistered broker-dealer by soliciting investors to participate in ICOs and facilitating secondary market trading of tokens that were securities.
- Digital Asset Transactions: When Howey Met Gary (Plastic): William Hinman - SEC Director of Division of Corporate Finance (June 14, 2018)
- Speech by SEC official opining that ETH in its current form is not a security and laying out factors fow when a sufficiently decentralized digital asset may not be a security.
- Statement from multiple SEC divisions regarding regulatory issues and consumer risks related to trading tokens on exchanges, particularly tokens that meet the definition of a security.
- Report alleging that DAO token sale constituted sale of unregistered securities and that DAO tokens were securities.
- Comprehensive guidance from FinCEN on the application of the Bank Secrecy Act to various crypto asset business models, including those involved in decentralized exchange.
- FinCEN Administrative Rulings
- Traditional centralized exchange model involving matching buyers and sellers directly constitutes money transmission despite argument that the exchange does not sit in the middle of a transaction.
- Company that exchanges virtual currency for fiat in order to facilitate payment for vendors interested in accepting virtual currency is a money transmitter.
- Rental of computer system for third party to mine virtual currency does not constitute money transmission when all virtual currency goes directly to third party's wallet and no virtual currency is exchanged
- (1) The production and distribution of software alone is not sufficient to constitute money transmission and (2) buying and selling virtual currencies solely for one's own account is not money transmission.
- A bitcoin miner is not a money transmitter when converting bitcoin to fiat for its own purposes and not as a business service for the benefit of others.
- Initial guidance from FinCEN addressing who within the virtual currency industry is considered a money transmitter.