Deep dive: Kendall Almerico on lessons learned from the AirFox ICO debacle
Companies that held ICOs in the United States have been receiving subpoenas from the U.S. Securities and Exchange Commission (SEC) for months, and uncertainty surrounding what penalties might be coming have had a stifling effect on the crypto offering market. Recently, some clarity has come as the SEC brought their regulatory hammer down on several ICO-related companies, including Carriereq, Inc., d/b/a AirFox, a U.S. company that sells mobile technology that allows prepaid mobile phone customers to earn free or discounted airtime or data by interacting with ads on their smartphones. They held a $15 million ICO in 2017. The SEC handed down severe penalties to AirFox for holding an unregulated ICO and issued an 11-page order filled with legalese.
I reached out to Kendall Almerico, one of the country’s top security token offering attorneys, to help interpret what the SEC’s rulings in the AirFox case mean for the ICO market
Kendall, let’s start with the basics. What did AirFox do that got the SEC’s attention?
In late 2017, AirFox sold blockchain-issued digital tokens called AirTokens in an ICO and raised about $15 million to create a new international business. AirFox told potential ICO investors that the new ecosystem would include the same functionality of AirFox’s existing U.S. business (allowing prepaid mobile users to earn airtime or data by interacting with ads) and would also add new features such as the ability to transfer AirTokens between users, peer-to-peer lending, credit scoring, and eventually using AirTokens to buy and sell goods and services other than mobile data. AirFox also told investors in the ICO that AirTokens would potentially increase in value as a result of AirFox’s efforts, and that AirFox would provide investors with liquidity by making AirTokens tradeable in secondary markets.
Sounds like many of the ICOs out there.
Exactly. AirFox did what most unregulated ICOs had done so successfully for the last few years. They went online, sold tokens to the general public, and raised a lot of money. They followed the same blueprint that most ICOs did: create a website, put out a white paper, take in money and provide tokens to the purchasers.
So, what is the problem?
According to the SEC, and any attorney who practices securities law, what AirFox did is clearly selling securities, and anyone who sells securities must follow securities laws. AirFox did not follow any securities laws in selling their AirTokens.
Can you expound on that?
Sure. Let’s start with the Howey test, which we know is a major part of how the SEC is going to review any token offering to determine if securities are being sold. SEC v. Howey is a U.S. Supreme Court case from 76 years ago that defines what is and what is not a security. In a nutshell, the Howey Test determines that a company is selling a security if a person who buys what the company is selling (a) invests money (b) in a common enterprise and is (c) led to expect profits (d) solely from the efforts of the company.
In the AirFox case, it is very clear to the SEC that AirTokens are securities under the Howey test because people buying the tokens were (a) investing money (b) in a common enterprise (the AirFox business) and were (c) led to expect profits (AirFox represented the tokens would be traded on an exchange and inferred that they would be profitable) and (d) solely from the efforts of the company (AirFox was taking the money and building their international business).
Because AirTokens are securities, everything AirFox did to sell them failed to follow securities laws.
If AirTokens were so clearly securities, why did AirFox go ahead with their ICO without following securities laws?
That’s a question that their lawyers and advisors need to answer. Any advisor who even has a basic understanding of securities law would look at AirTokens and say “Hey, AirFox, you are selling securities. You are selling tokens to the general public, that you are alluding to an increase in value, to finance a new business.” Apparently, AirFox’s either didn’t bother to Google “what is a security?” or AirFox ignored their advice.
What are the lessons to be learned for companies who want to sell coins or tokens at this point?
If you want to touch the U.S. market in any way, either follow securities laws, or don’t hold an offering. Despite all the recent warnings and negative publicity, I still have ICO companies contacting me wanting to use these same methods, particularly arguing “But I’m selling a utility token!”, that got AirFox in trouble. Two things are very obvious after the AirFox SEC enforcement action. You can’t call what you are selling a “utility token” and have securities laws magically not apply to your offering and unless you can definitively prove what you are selling is not a security, you need to follow securities laws in your offering.
Let’s talk about that utility token issue. How can you tell if a token is a utility token or a security?
One of the biggest lessons learned from the SEC’s ruling in AirFox provides some guidance for companies on this issue, so let’s look at exactly what AirFox did.
The terms of AirFox’s ICO required purchasers to agree that they were “buying AirTokens for their utility as a medium of exchange for mobile airtime, and not as an investment or a security.” In other words, AirFox assumed they could agree with their token purchasers that they were selling a “utility token” and not a security. We learn that the SEC doesn’t look at it that way. Calling something a “utility token” and saying it “is not a security” is meaningless to the SEC.
The SEC also noted that at the time of the ICO, the utility function being promised had not been created yet, so the functionality was not available. The AirFox app, at the time of the ICO, was a prototype that only enabled users to earn and redeem loyalty points, which could be exchanged for mobile airtime. AirFox themselves even said the prototype was really just for the ICO and just for investment purposes so people know how it was going to work and didn’t have any real users at the time of the ICO. So, it is clear that the Howey test, which calls something a security if it is being sold to finance the creation of a business or ecosystem, applies here. Something can’t be a utility token if it does not yet have utility, and if it is being sold to finance creating that promised utility.
On that point, the SEC also said, “investors purchased AirTokens based upon anticipation that the value of the tokens would rise through AirFox’s future managerial and entrepreneurial efforts.” That makes it pretty clear people were buying the AirTokens as an investment, and that the money would be used by AirFox to make the company, and the tokens, more valuable.
Exactly! This is a text book case of a token being sold that is so clearly a security under the Howey Test, that it would be nearly impossible to argue otherwise with a straight face. I think this is one of the reasons the SEC picked AirFox. They provide a good, clear example of what not to do. Some other tokens sold in ICOs are not as clearly securities, so this ruling gives us some easy rules to follow moving forward.
I look at the SEC’s ruling and see it in a positive light for future ICOs in one way. I think the SEC seems to have cracked the door open a little. The SEC specifically set out several reasons why the AirTokens are securities and not “utility tokens” but what if those reasons did not exist? What if this ICO had taken place later in the company’s existence, and at the time of the ICO, the tokens’ functionality was available, the app was a not a prototype but was fully functional, the app had real users at the time, the tokens were being used only as a medium of exchange, and purchasers of the tokens had no anticipation that the value of the tokens would rise through the company’s future managerial and entrepreneurial efforts, because the tokens were not allowed to be traded on an exchange or otherwise?
If those facts had been in place, I have a feeling the SEC would not as easily have defined AirTokens as securities. Of course, the marketplace for those tokens would not likely be a $15 million market, but I believe the SEC might entertain characterizing tokens in that scenario as not being subject to securities laws, if it ever happens.
What penalties did the SEC impose on AirFox for selling securities without following the laws and regulations?
It started with the SEC instituting “cease and-desist proceedings” against AirFox. This means the SEC told AirFox to stop breaking the law because the SEC is about to come in, and effectively shut their company down with penalties. As a result, AirFox negotiated a settlement with the SEC so they could have some hope of continuing in business.
The settlement requires AirFox to pay a $250,000 fine, inform each person that purchased AirTokens of their right to get their money back if they still own the tokens or if they can show they sold them for a loss, issue a press release notifying the public of the SEC’s order and containing a link to a claim form for investors to get their money back, and to file the appropriate paperwork with the SEC to register the AirTokens as a class of securities — this means the AirFox now must follow all securities regulations and ongoing reporting requirements as to these tokens — an extremely expensive requirement.
Sounds like the SEC imposed millions of dollars of penalties and did not pull any punches.
They dropped the hammer, and clearly wanted to send a message to everyone in the ICO community. The SEC made AirFox pay a large fine, forced them to return up to $15 million back to investors, and be subject to a ton of time-consuming and expensive paperwork – things like publicly disclosing audited financial records. This is not a one-time penalty, but rather an ongoing huge expense for AirFox. I seriously doubt most companies that held an unregistered ICO could stay in business after such a hammering.
For companies considering an ICO, what lessons are learned from AirFox?
If you sell tokens that are securities, you have to either (a) register the securities with the SEC or (b) qualify for one of the well-known exemptions from registration such as Regulation D or Regulation A when you sell the tokens. In other words, follow existing securities laws.
I think most ICO companies, but very few securities lawyers like myself, will be surprised to learn that the SEC is going to read and review everything about your offering, They are going to read your “white paper” and review everything they can find online or otherwise. With AirFox, the SEC reviewed blog posts and YouTube videos of the AirFox founders and used comments made on both to satisfy prongs of the Howey test of what constitutes a security. AirFox’s white paper informed investors that 50 per cent of the proceeds of the offering would be used for engineering and research and development expenses and proposed a potential timeline of development milestones. This also helped satisfy the Howey test by explaining that the company was going to use the funds from the token sale to fulfill their business plan.
The SEC also looked at something else I found interesting. After the ICO, AirFox attempted to list AirTokens on a crypto exchange, and the SEC even reviewed the crypto exchange application AirFox filled out. One application question asked, “Why would the value (of AirTokens) increase over time?” AirFox’s response was “As time lapses the features and utility of AirToken will go up as we continue to build the platform. As of today, the people are able to download our browser to earn and purchase AirTokens to redeem mobile data and airtime across 500 wireless carriers. Over the next two years, the utility of the token will expand and therefore, more people across the world will need to have AirTokens in their possession to participate on our platform and ecosystem.”
Again, the company’s own words, on an application form to a third-party company, came back to haunt them by providing more evidence of meeting the Howey test.
It seems ICO companies need to be extremely careful that everything they do or say is compliant with securities laws. In other words, do what companies who raised capital selling securities for years have had to do.
Yes. Without question. And, because the magic words “blockchain” or “token” or “cryptocurrency” are being used in the offering, expect the SEC to take an even closer look at every single detail.
The SEC also mentioned something about AirFox having too many investors in the ICO. Can you explain that?
In its ICO, AirFox sold more than one billion AirTokens to more than 2,500 investors. The number of investors is important. A company selling securities is required to register their equity securities under “Rule 12(g)” if the class of securities was held of record by more than 2,000 persons and more than 500 of those persons were not accredited investors.
In other words, if you sell securities to 2,001 total investors, or 501 non-accredited investors, you have to be registered with the SEC. Registered with the SEC means a lot of paperwork and ongoing reporting and a lot of expense. With more than 2,500 investors, AirFox is subject to these expensive registration requirements, because their tokens were considered to be securities.
The lesson here is to watch the number of investors in your offering. Even when you are selling tokens that are clearly securities, you must pay attention to the rules surrounding how many investors you are allowed based on the laws applicable to your offering. There are exceptions to this rule, most notably if you use Regulation A to raise the capital in a security token offering, where you can have far more investors than Rule 12(g) allows with some limitations.
You mentioned earlier that if an ICO company wants “to touch the U.S. market in any way, either follow securities laws, or don’t hold an offering.” Do the lessons learned in AirFox apply to non-U.S. companies or those who do not sell to the U.S. market?
That’s a complicated question but let me give you the basics. Keep in mind, this varies dramatically based on every individual fact pattern. As a general rule, if a company does business in the U.S., or wants to sell to the U.S. investor market, they need to follow U.S. securities laws. If a company is not a U.S. company, and do not sell or market at all to U.S. investors, then U.S, securities laws may not apply at all. But, securities laws of other countries will apply, and those laws have to be followed.
AirTokens were available for purchase by individuals in the United States and worldwide through websites controlled by AirFox. The company is based in the United States. The websites selling the tokens in the U.S. were controlled by the company. This all subjected AirFox to the jurisdiction of U.S. laws and the SEC.
Also, I hear this one a lot, so let me address it. Companies come to me and say “We are not subject to U.S. law. We set up a company in the Virgin Islands (or Malta, or somewhere else). Without getting too technical, if you are a New York City based company, with offices and employees in Manhattan, who sets up a shell company in the Virgin Islands that has no office or employees and you run that company out of New York, you are not being clever and avoiding the fact that the SEC is probably still going to consider you a U.S. company. All you have done is sent up a red flag.
Prior to their ICO, AirFox told prospective investors that it planned to list the tokens on token exchanges to ensure secondary market trading. Obviously, liquidity in any investment is a huge part of the investment decision by a purchaser. How did this play into the SEC’s order?
AirFox made it clear, as do most unregulated ICOs, that their tokens would be traded on crypto exchanges, so buyers could sell them and potentially make a profit. This satisfies the “investment” arm of the Howey test. If investors have a reasonable expectation of profit from being the tokens, the tokens are very likely securities.
Interestingly, in the middle of their ICO, AirFox announced that it was reducing the token supply from 150 billion to 1.5 billion without changing the anticipated market cap to “alleviate concerns raised by many current and potential token holders and token exchanges who prefer each individual token to be worth more.”
Imagine a traditional initial public offering of stock, where the IPO company suddenly changed the number of shares of stock available but kept the valuation of the company the same. “Hey, those shares you first-in buyers got for $20 are now worth $2000 each because we decided to sell 1/100thof the number of shares.” This kind of market manipulation would likely end of with a few people in federal prison. Changing the material terms of a securities offering in the middle of it is a very bad idea.
AirFox also had a bounty program, something common in ICOs. What was the SEC’s take on that?
Let me explain AirFox’s bounty program first. AirFox provided free AirTokens to people like crypto advisors who helped the company’s marketing efforts. AirFox had more than 400 people promote the ICO and receive AirTokens in exchange for things like touting the ICO on internet message board posts, articles, YouTube videos, and social media posts. They also paid one crypto advisor, who had previously led similar ICO promotions by other companies, a percentage of the AirTokens issued in the ICO in exchange for his services.
While the SEC didn’t specifically address this point in their ruling, I wouldn’t be surprised to see some regulatory or legal investigation undertaken against some of these crypto advisors and those who were paid bounties. If any of these crypto advisors or others conducted illegal broker-dealer activities, or advertising and marketing rules of securities which are highly regulated, it’s possible we may see some further SEC action against these people.
Speaking of advertising and marketing, the SEC made a point of bringing up how AirFox marketed their ICO.
Great point. The SEC noted that AirFox aimed its marketing efforts for the ICO at digital token investors rather than the anticipated users of AirTokens. AirFox promoted the offering in forums aimed at people investing in Bitcoin and other digital assets, even though the ultimate users of AirTokens were supposed to be overseas, not in the U.S. AirFox’s principals were interviewed by individuals focused on digital token investing. In a blog post, AirFox wrote that an AirToken presale was directed at sophisticated crypto investors, angel investors and early backers of the AirToken project.
Bottom line is that AirFox claimed to be selling a utility token but made no effort to market the tokens to the anticipated users of tokens — individuals with prepaid phones in developing countries. Instead, AirFox marketed the ICO to investors who viewed the AirTokens as an investment. The SEC felt this was a very good indication that these “utility tokens” really did not have an “utility” if they were not being sold to the people who would use them
The obvious lesson here is that if you are going to claim you are selling utility tokens in an offering, you should sell those tokens to the ultimate users of the tokens. If you do not, you are likely selling securities to speculating investors, and your argument of selling utility tokens falls apart very quickly.
Any last words for the ICO community?
I’ve been talking to, and in some cases actually representing, token and crypto companies ever since the SEC’s DAO decision in 2017 when the floodgates opened to companies realizing that the only safe way in the U.S. to issue a digital asset, token or coin is to follow securities laws.
It’s not that hard. Every mistake AirFox made was avoidable, and everything they did to violate well-established securities laws could have been avoided if they had received good advice. Selling investments to U.S. citizens is one of the most highly regulated industries in the world. To think a company can avoid following these well-established laws and regulations just because of a new technology, and because “everyone else is doing it,” is ridiculous.
Can I start openly selling cocaine online to anyone who wants to buy it because I keep the records of the sales on a distributed ledger and track each kilo on a blockchain? No, and nobody would be so stupid to try.
This is not that difficult. If you want to sell tokens without following securities laws to the U.S. market, you need to be 100 per cent certain they are not securities, and that is going to be very difficult to do in most cases. If you and your advisors are not 100 per cent certain that what you plan to sell is not a security, get advice from reputable securities counsel before you do anything.
Once last thing: if you find yourself creating arguments to get around parts of the Howey Test rather than being able to definitively prove your tokens do not fit the Howey definition of a security, then the SEC is most likely going to disagree with you and deem your tokens to be securities.
Editor’s note: AirFox did not admit or deny guilt to the SEC. The text has been amended.