What happens if crypto tokens are classified as securities by the SEC?

Jason Fan
4 min readSep 27, 2022
Disclaimer: I am neither a lawyer nor a financial advisor, and none of the following should be taken as legal or financial advice!

What’s a security anyway?

Securities are financial instruments that are fungible and hold monetary value. The classic example and what people often have in mind when referring to “securities” are company shares, but ETFs, private equity, and bonds are also securities. All securities are regulated by the SEC, which is why the classification of certain tokens as securities is such a contentious issue today.

An offering has to meet 4 criteria to be considered a security, known as the Howey test

  • The offering involves an investment of money
  • The money is invested in a “common enterprise”
  • There is a reasonable expectation of profits
  • The profits are derived from the efforts of others (non-investors)

For example, the SEC has confirmed their stance that Bitcoin is not a security because Bitcoin is not a common enterprise. However, Gary Gensler has been pushing a narrative that Ethereum could be considered a security after the recent PoS merge, because “staking and validating” could be considered a form of “common enterprise”.

Why is this important?

Despite the 2022 crash, the global crypto market is still up almost 3x over the last two years. This rapid growth was only possible because of the ambiguous regulatory environment, particularly around defi. Unlike heavily regulated traditional financial service companies, defi services typically do not require KYC or any form of identity verification.

If Ethereum and other tokens get classified as securities, it could drastically slow down the growth of the industry. On the other hand, it may also eliminate much of the rampant fraud plaguing the industry.

This is one of the core issues under debate — is it more important to protect and nurture the growth of a nascent industry with the potential to create a more just and equitable economy? Or is it more important to protect less sophisticated investors who are being victimized at record rates?

What happens if Ethereum (or any token) is officially classified as a security?

SEC Registration

Tokens will need to be registered with the SEC, unless they file Form D to get exempted under one of the following regulations.

Reg A

  • Basically a mini-IPO, still need to submit audits and reports annually, which means some centralized entity must be formed to manage the token.
  • Investors cannot put more than 10% of their net worth into the token

Reg D

  • Does not require regular audits and reports, but has limits on who can invest. Non-accredited investors can be accepted under the 506(b) safe harbour provision, but doing so will restrict the token issuer from general solicitation, which mean they can’t promote or talk about the token at all, even online.
  • In order to qualify as an accredited investor, individuals must show proof that they have income over $200k, or a net worth over $1M
  • There are other ways to meet this requirement as well such as getting a professional certification from an accredited institution, but income and net worth are the main ways the vast majority of individuals qualify

For most tokens, the Reg D 506(c) exemption is probably the best option. it allows them to market and talk about the token to the general public, but requires that they only sell them to accredited investors. This is also the most popular option with $1.5 trillion being raised under Reg D exemptions in 2019 vs $1.5 billion for Reg A exemptions.

Reg A is also possible, but due to the reporting requirements basically requires a centralized entity to be set up to manage the token.

CEX Restrictions

Centralized exchanges (perhaps decentralized exchanges as well) would be prohibited from listing the token until it has registered with the SEC, or until an Executive Officer, Director, or Promoter for the token fills out Form D to qualify for an exemption.

Personal Liability

Someone needs to be accountable for ensuring compliance, which introduces a centralizing force. This is an exceptionally unattractive position to be in for defi because the accountable individual would bear all the responsibility for compliance violations, but lack theauthority to make changes to the protocol that would bring it into compliance. For defi, it’s unclear if this responsibility would fall on the developers of the protocol or someone who needs to be appointed into the role. If developers are on the hook by default, it would set a precedence that will likely have a chilling effect on innovation. Few developers would be willing release software knowing they are legally on the hook for ensuring compliance.

What can token issuers and holders do?

In time, the SEC may introduce new rules specific to crypto, hopefully allowing the broader public access to token-based investments. In the meantime, token issuers (decentralized or otherwise) may find it valuable to introduce features to verify the investor status of their customers, ideally without forcing users to dox themselves.

Triton is like Stripe for crypto compliance. We help companies and DAOs navigate complex regulatory requirements with just a few lines of code, and we do so without compromising on the values core to web3 — privacy, security and accessibility

Our product allows startups to add accredited investor verification to their onboarding flow in 15 minutes : npm install, import Triton, paste API key, load into view.

Triton supports configurable privacy and PII disclosure settings, and full government ID-based KYC as an optional add-on for protocols with heavy integration into traditional financial markets.