On December 20, 2018, Representatives Warren Davidson (OH-8) and Darren Soto (FL-9) introduced bipartisan bill H.R. 7356 to enact the Token Taxonomy Act (the “Act”), which would make important changes to U.S. federal securities law concerning the treatment of digital tokens. This legislative effort is significant for two reasons: it signals that Congress recognizes the importance of digital tokens as an emerging instrument of global commerce and finance; and it aims to provide much-needed clarity as to the treatment of cryptographic digital tokens under federal securities laws. Further, the legislation should be welcomed by regulated securities intermediaries, as it would make clear that they can comply with applicable customer custody regulations by engaging pioneering third-party custodians to provide digital asset-related custodial services.
SEC Regulatory Action under the Howey Test
In a series of enforcement actions and regulatory pronouncements in 2017 and 2018, the Securities and Exchange Commission (“SEC”) made clear that digital tokens issued to raise capital to fund development of the digital token ecosystem amount to an offer and sale of securities subject to regulation under the Securities Act of 1933, as amended (the “Securities Act”). The SEC relies on the Supreme Court’s seminal decision interpreting what constitutes an “investment contract” in SEC v. W.J. Howey Co., 328 U.S. 293 (1946) (“Howey”). In Howey, the Court held that whether something constitutes an investment contract and, therefore, a “security,” depends on “whether the scheme involves an investment of money in a common enterprise with profits to come solely from the efforts of others.” Many initial coin offering (“ICO”) issuers have conducted their token sales at a stage when the network and ecosystem are still subject to development, or further development, and at the time of sale, the tokens are not able to be used in the ecosystem as designed. In the typical ICO, the capital raised from the token offering is used to fund this development activity, which can be fairly interpreted as “effort of others” under the Howey test.
Left unanswered in the SEC’s recent regulatory actions is whether, and under what circumstances, a digital token intended ultimately to function with a utility in an ecosystem can transition to status as a non-security, which would remove the token from federal securities law and regulation. In a widely read speech given at the June 14, 2018 San Francisco Yahoo All Markets Summit: Crypto conference, the Director of the SEC’s Division of Corporation Finance, William H. Hinman, responded positively to the rhetorical question he presented at the outset of his speech: “Can a digital asset that was originally offered in a securities offering ever be later sold in a manner that does not constitute an offering of a security?” Director Hinman “emphasize[d] that the analysis of whether something is a security is not static and does not strictly inhere to the instrument.” He then volunteered a list of seven factors to be considered to “establish a case that a token is not being offered as a security.” These factors focus on the decentralization and functioning of the network and the use of the tokens in the ecosystem, as distinguished from secondary market trading and investment speculation. While many in the digital token community welcomed the confirmation that following an ICO a token designed to function with a utility could transition to the status of a non-security, given the substance of the factors listed by the Director, token issuers still confront uncertainty as to when it is appropriate to make such determination, leading many to treat their tokens as a security for indeterminate periods of time.
Treatment of Digital Tokens under the Token Taxonomy Act
The Act would formally amend the definitions of the term “security” within the Securities Act and the Securities Exchange Act of 1934, as amended (“Exchange Act”), to remove the newly defined term “digital token” from the statutory definition of the term “security.” This way, the offer, sale, and trading of digital tokens would not be governed by the federal securities laws and would be outside the SEC’s jurisdiction. Notably, the bill would not preempt state blue sky securities laws, so as a regulatory compliance matter, dealings in digital tokens would remain subject to state securities laws. This anomalous regulatory treatment may be rectified through federal preemption as the bill makes its way through Congress.
The Act would define “digital token” as a:
[D]igital unit (i.e., a representation of economic, proprietary, or access rights that is stored in a computer-readable format) that—
(A) is created—
(i) in response to the verification or collection of proposed transactions;
(ii) pursuant to rules for the digital unit’s creation and supply that cannot be altered by a single person or group of persons under common control; or
(iii) as an initial allocation of digital units that will otherwise be created in accordance with clause (i) or (ii);
(B) has a transaction history that—
(i) is recorded in a distributed, digital ledger or digital data structure in which consensus is achieved through a mathematically verifiable process; and
(ii) after consensus is reached, cannot be materially altered by a single person or group of persons under common control;
(C) is capable of being traded or transferred between persons without an intermediate custodian; and
(D) is not a representation of a financial interest in a company, including an ownership or debt interest or revenue share.
By excluding tokens that represent a financial interest in a company, the proposed definition by default captures what are commonly known as utility tokens. Tokens that provide an equity interest or entitle the holder to dividends, profits, and revenues or rights in respect of underlying assets or cash flows would remain within the statutory definition of the term security. On the other hand, tokens that are designed with a specific use case within an ecosystem would not be treated as securities.
To qualify as a statutory digital token excluded from the definition of “security,” the token must represent economic, proprietary, or access rights and employ distributed public ledger (i.e. blockchain) technology to record transaction history on a “trustless” basis (without the use of any intermediary). Transactions must be recorded through the use of a mathematical consensus protocol. The ledger must also be immutable (i.e., transactions cannot be altered by a single person or group once validated through the consensus mechanism). The digital token definition requires the token to be issued either in response to the verification or collection of proposed transactions (e.g. to miners through a “proof of work” or “proof of stake” system) or pursuant to the rules set for creation and supply that cannot be altered by any individual or group, or as an initial allocation of tokens to be created in accordance with the foregoing. The definition clearly contemplates Bitcoin and many of the altcoins that were based on Bitcoin’s underlying distributed ledger technology and consensus protocol. The definition would also cover the hundreds of application tokens that are designed for use within a specified ecosystem (such as payment for cloud storage with the Filecoin (FIL) token).
A plain reading of the text of the proposed definition, particularly the words “digital unit . . . that — (A) is created . . . (B) has a transaction history that— (i) is recorded in a distributed, digital ledger or digital data structure in which consensus is achieved . . . [and] (C) is capable of being traded or transferred between persons . . . ,” suggests that the tokens must be capable of creation and transactions must be capable of being validated and recorded on a ledger pursuant to the consensus protocol rules for an already-developed and functional ecosystem. If the text is to be interpreted differently to qualify a pre-release and pre-functional token that is intended in the future to possess the requisite attributes following the development of the ecosystem, the Supreme Court’s Howey investment contract decision would no longer be relevant to token presales and public sales undertaken to raise the capital to fund the development of token project and ecosystem. It does not seem that the legislation intends to remove capital raising offerings of pre-functional tokens from the ambit of the federal securities laws.
In effect, the digital token definition does not consider as germane to determining the statutory status of the token such factors as the structure of the token offering, how the tokens were marketed, subsequent token trading, the use of token sale proceeds, and allocations of the tokens to the sponsor or otherwise. In this way, the definition departs from the approach advanced by Director Hinman, notably omitting the list of factors he delineated in his Yahoo All Markets Summit speech. Hence, the key to satisfying the definition turns on whether the ecosystem has been developed and is functional, such that blocks are being added to the ledger pursuant to the consensus protocol rules. This legislative approach brings more certainty and positions the token issuer to make the ultimate determination within a definite period of time tied to the completion of the development and functioning of the token ecosystem.
Qualification as a digital token within the meaning of the new definition does not require any approval or other official action by the SEC, and in this sense the new law will be self-executing (although the SEC can disagree with a sponsor’s determination, as discussed below). There is no requirement for a sponsor to file a notice with the SEC as to its decision to treat its token as a digital token under the legislation. Investor protection interest groups are likely to raise concerns over the lack of an SEC notice requirement.
The legislation does not make similar amendments to the definitions of the term “security” contained in the Investment Company Act of 1940, as amended (the “Investment Company Act”), and the Investment Advisers Act of 1940, as amended (the “Advisers Act”). It is unclear as to whether, as a policy matter, this inconsistent regulatory treatment is intended. This inconsistency may be addressed as the bill makes its way through Congress.
SEC Role in Policing Issuer Determinations
The Act contemplates a role for the SEC in which it could disagree with a determination that a particular token qualifies as a digital token within the meaning of the statutory definition. The legislation would add a new subsection (a)(8) to Section 4 of the Securities Act to provide a registration exemption for:
Transactions involving the development, offer, or sale of a digital unit if—(A) the person developing, offering, or selling the digital unit has a reasonable and good faith belief that such digital unit is a digital token; and (B) within ninety days following a written notification from the Commission to such person that such digital unit has been determined by the Commission to be a security, posts public notice of such notification and takes reasonable efforts to cease all sales and return all proceeds from any sales of such digital unit, excluding funds reasonably spent on the development of technology associated with the digital unit.
If the sponsor is wrong in its determination that its token qualifies as a digital token, prior offers and sales of the token would not violate the registration requirements as long as the sponsor’s determination was based on a reasonable and good faith belief, and as long as it ceases sales and returns unspent proceeds to purchasers following notice from the SEC. The legislation does not specify a standard for the SEC to apply in connection with a determination that a particular sponsor’s token is a security, and presumably such decisions will be subject to judicial review under the “arbitrary and capricious” standard contained in the Administrative Procedure Act. Unlike Section 8(d) of the Securities Act with respect to stop orders, the legislation does not provide for notice and an opportunity to be heard prior to the SEC’s determination that the token is a security. It is possible that this procedural deficiency will be eliminated as the bill makes its way through Congress. The legislation suggests that the SEC’s authority to determine that a token is a security is open-ended, without any time limit as to when it can be exercised, although statute of limitations provisions will still apply to the extent the SEC believes the sponsor has failed to meet the reasonable and good faith belief standard.
If the sponsor fails to satisfy the reasonable and good faith belief standard, the new exemption provided by the Act will be lost, and in the absence of another available registration exemption, offers and sales of the token will have violated Section 5 of the Securities Act. In such case, the sponsor will be subject to civil actions for rescission under Section 12(a)(1) of the Securities Act. The statute of limitations contained in Section 13 of the Securities Act requires such rescission actions be commenced within one year after the violation and, if there is equitable tolling, no more than three years after the security was bona fide offered to the public. Nothing in the bill overrides these civil remedy and statute of limitation provisions. It bears noting that a plain reading of the text of proposed Section 4(a)(8) suggests that an investor could directly commence a civil action under Section 12(a)(1) to challenge the sponsor’s reasonable and good faith belief without any prior determination by the SEC that the token is a security. The SEC can also bring enforcement actions for injunctive and disgorgement relief and penalties under Section 20 of the Securities Act if it believes the sponsor did not meet the reasonable and good faith belief standard. Under prevailing legal precedent, such actions are subject to the five-year statute of limitations contained in the U.S. Code (28 U.S.C. §2462 (Judiciary and Judicial Procedure))
Proposed Section 4(a)(8) provides a path to preserve the exemption from registration (and avoid Section 5 violations) in cases where it is determined the sponsor has incorrectly treated its token as a qualifying digital token but has done so with a reasonable and good faith belief. However, the preservation of the registration exemption does not remove the offer and sale of a non-qualifying token from the application of other federal securities laws. For example, offers and sales of the mistakenly treated token would be subject to the anti-fraud provisions of Section 17(a) of the Securities Act and Rule 10b-5 under the Exchange Act.
The SEC may resist the policing role contemplated by the Act and seek an alternative solution that requires a utility token issuer to obtain an opinion from an independent expert who applies a recognized assurance or attestation standard to certify that the token qualifies as a statutory digital token. The SEC may prefer a solution that requires a utility token issuer to obtain such an independent opinion as a condition to the exemption to conserve agency resources and substantially obviate the need to scrutinize the status of every utility token in the market.
Federal Regulation of Digital Tokens
The ongoing offer, sale, and trading of a token that qualifies as a statutory digital token will not be subject to federal securities laws and, if federal preemption is included in the bill, state securities laws as well. Thus, trading in such tokens will only be subject to consumer protection regulation by the Federal Trade Commission and the equivalent state consumer protection agencies. The Commodities Future Trading Commission (“CFTC”) treats non-security tokens as commodities, and therefore the trading of digital tokens will remain subject to the CFTC’s “spot market” anti-fraud and anti-manipulation regulations. These regulations do not provide for any required trade reporting or market surveillance by the CFTC.
The legislation does not address bad actors. Given the self-executing nature of the legislation, investor protections concerns are likely to arise concerning the potential for bad actor abuse.
Custody and Good Control Location
The Act would also amend the Exchange Act, the Investment Company Act, and the Advisers Act to make clear that broker-dealers, investment advisers, and investment companies can maintain custody of digital assets on behalf of customers through third-party custodians that are regulated as trust companies under state law. Questions have arisen as to whether the pioneering state-regulated trust companies that have entered the market to provide cutting-edge digital asset custodial services meet the statutory definition of the term bank and thus may serve as qualified custodians under the Investment Company Act and the Advisers Act, and as good control locations for broker-dealers pursuant to Rule 15c3-3 under the Exchange Act. In the case of broker-dealers, the legislation would amend Section 3(a)(6)(C) of the Exchange Act in two important respects, by inserting into the definition of bank the words “or trust company” and “or providing custodial services” as follows:
[A]ny other banking institution or savings association, as defined in section 2(4) of the Home Owners’ Loan Act or trust company, whether incorporated or not, doing business under the laws of any State or of the United States, a substantial portion of the business of which consists of receiving deposits, providing custodial services, or exercising fiduciary powers similar to those permitted to national banks under the authority of the Comptroller of the Currency pursuant to the first section of Public Law 87-722 (12 U.S.C. 92a), and which is supervised and examined by State or Federal authority having supervision over banks or savings associations, and which is not operated for the purpose of evading the provisions of this title (emphasis added).
The amended language would make clear that the term “bank” as defined includes state-regulated trust companies providing custodial services. In the case of investment companies and investment advisers, the term “bank” as defined in Section 2(a)(5) of the Investment Company Act and Section 202(a)(2) the Investment Advisers Act already references state-regulated trust companies; however, the Act would also make parallel changes to the definitions, so that a trust company that provides custodial services is specifically referenced within the relevant definitions. With these legislative changes, state-regulated trust companies that provide digital asset custodial services would qualify as qualified custodians and good control locations, as applicable, for purposes of the Investment Company Act, the Advisers Act, and Rule 15c3-3 under the Exchange Act.
 The legislation would also change the tax treatment of transactions in digital tokens under U.S. federal income tax laws, which we will address in a forthcoming Stay Current client alert as the bill makes its way through Congress.
 Director Hinman’s seven factors are as follows:
1. Is token creation commensurate with meeting the needs of users or, rather, with feeding speculation?
2. Are independent actors setting the price or is the promoter supporting the secondary market for the asset or otherwise influencing trading?
3. Is it clear that the primary motivation for purchasing the digital asset is for personal use or consumption, as compared to investment? Have purchasers made representations as to their consumptive, as opposed to their investment, intent? Are the tokens available in increments that correlate with a consumptive versus investment intent?
4. Are the tokens distributed in ways to meet users’ needs? For example, can the tokens be held or transferred only in amounts that correspond to a purchaser’s expected use? Are there built-in incentives that compel using the tokens promptly on the network, such as having the tokens degrade in value over time, or can the tokens be held for extended periods for investment?
5. Is the asset marketed and distributed to potential users or the general public?
6. Are the assets dispersed across a diverse user base or concentrated in the hands of a few that can exert influence over the application?
7. Is the application fully functioning or in early stages of development?
 Section 706(2)(A) of the Administrative Procedure Act instructs courts reviewing agency regulation to invalidate any agency action found to be “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.”
 Section 8(d) provides in relevant respect:
If it appears to the Commission at any time that the registration statement includes any untrue statement of a material fact or omits to state any material fact required to be stated therein or necessary to make the statements therein not misleading, the Commission may, after notice by personal service or the sending of confirmed telegraphic notice, and after opportunity for hearing (at a time fixed by the Commission) within fifteen days after such notice by personal service or the sending of such telegraphic notice, issue a stop order suspending the effectiveness of the registration statement.
 28 U.S.C. § 2462 (Judiciary and Judicial Procedure) provides that, “an action, suit or proceeding for the enforcement of any civil fine, penalty, or forfeiture, pecuniary or otherwise, shall not be entertained unless commenced within five years from the date when the claim first accrued.” See Gabelli v. Securities and Exchange Commission, 568 U.S. 442 (2013); see also Kokesh v. Securities and Exchange Commission, 137 S. Ct. 1635 (2017) and SEC v. Cohen et al., 17-cv-430 (E.D.N.Y.) (July 12, 2018).
 Investment Advisers Act Rule 206(4)-2 requires registered investment advisers to maintain client funds and securities with a “qualified custodian,” which in relevant respect is defined as a bank as defined in Section 202(a)(2) of the Investment Advisers Act. Similarly, Investment Company Act Rule 17f-2 requires investment companies to maintain securities and similar investments in the custody in relevant respect of a bank, a term that is not separately defined in the rule, but is defined in Section 2(a)(5) of the Investment Company Act. Rule 15c3-3(c)(5) under the Exchange Act provides that, for purposes of maintaining physical possession or control of customer fully-paid and excess margin securities: “[s]ecurities under the control of a broker or dealer shall be deemed to be securities which . . . [a]re in the custody or control of a bank as defined in section 3(a)(6) of the [Exchange] Act.”