2018 was the highwater mark for initial coin offerings (ICOs), when 1,253 new coins raised $7.8 billion. In 2019, this “Wild West” market went from boom to bust. Dollars raised in ICOs plummeted 95% compared to 2018, and the Securities and Exchange Commission (SEC) continues to announce new actions against various ICO players for fraud and unregistered issuances. The sheriff has come to town.
Regulation, my old friend
It’s no consolation to investors who lost millions in ICO scams, but they were part of a natural market evolution. The laws governing traditional securities were also originally inspired by bad actors like “bucket shops” that emerged as another new technology, the telegraph, was changing financial markets. The SEC’s decision to crack down on digital assets and apply those same laws to blockchain securities is good news for market participants.
Blockchain securities have the potential to increase efficiency, lower costs, provide greater transparency and mitigate risk. However, the financial industry can’t fully realize the potential of blockchain securities without a public market and regulated ecosystem to support their full lifecycle. That means fully compliant issuing, investing, trading, settlement and custody.
Governments around the globe are working to establish the necessary frameworks in their own jurisdictions. This is lowering the risk of investing in blockchain securities by introducing investor protections associated with traditional markets. Although different jurisdictions have different requirements for regulated entities, investors, traders and users, there are four common areas being addressed:
- Distribution – how are security tokens created and why, and how are they delivered to their owners?
- Custody – where is the ultimate record of ownership kept and by whom?
- Reporting and Record Keeping – what additional regulatory requirements are placed on participants such as transfer agent services?
- Specific Processes – what additional processes are required, for example, in order to move security tokens between personal and master wallets?
The SEC and the Financial Industry Regulatory Authority (FINRA) have established guidance in all four areas through a series of communications including the report on The DAO and a joint statement on broker-dealer custody of digital assets. The necessary U.S. framework is finally in place to allow regulated, public trading of blockchain securities to blossom.
If the juice don’t look like this
In parallel with these regulatory developments, companies have rushed to create the necessary market infrastructure. Critical components are in place and more are coming this year. The question for those considering whether to participate: is the juice from this 2.0 version of digital assets worth the squeeze? The answer will be yes if the blockchain securities market looks like an upgrade of traditional markets, which would require that it offers two key benefits to investors and companies looking to raise money.
The first is efficiency. Blockchain securities need to eliminate the cumbersome data systems and manual paper-based processes of traditional securities trading. The potential is there but execution is everything as the saying goes. Implemented correctly, blockchain can efficiently support the entire lifecycle of digital assets from issuance and investing through trading, settlement and custody.
The second benefit is smart oversight. To be viable over the long term, the blockchain securities market needs to be fully compliant not only to satisfy regulators, but to create liquidity. It needs to supply investors with convenient access to transparency, account safeguards, and regulated trading. This will require integration with traditional brokerage accounts as well as intuitive user interfaces.
I’ve become so numb
I was hoping to get through this article without using “disruption” because I know we are all numb to the concept. Unfortunately, I keep hearing that blockchain securities will disrupt financial markets. I’ve said it myself! But the reality is that blockchain securities are an evolution not a revolution. The same year that ICOs peaked at $7.8 billion, the traditional US securities industry raised $2.4 trillion. For blockchain securities to become a mainstream asset class, they can’t remain on the island of personal wallets. They need to be bought, held and sold by retail investors, institutions, and advisors through traditional trading systems and brokerage accounts. That could happen as early as this year.
HODL Your Hoopla Over SEC Changes For Exempt Offerings – Thought Leaders
Last week the The U.S. Securities and Exchange Commission released a proposal – that has yet to become regulation – to simplify how exempt offerings are done. Shortly thereafter, a flurry of articles and newsletters made their way through the digital asset industry – many of which suggested their platforms were already being modified to fit the new rules. While the SEC has proposed changes, time will tell whether the proposal is adopted – and if so, whether there will be changes to the final draft that will be published to the Federal Register.
The US exempt offering framework includes tools such as Reg D, Reg A, crowdfunding (a.k.a. Reg CF) – essentially everything that is not a public or retail offering. This framework has seen little in the way of changes or modernization since the Securities Exchange Act of 1934. There has been significant public criticism of the current rules for exempt offerings, largely because they reserve access for only the wealthiest Americans to invest in private funds, companies, and other offerings.
If passed, the proposed changes could allow for the average person to invest in earlier stage deals – such as Uber or WeWork – before they reach their lofty valuations and dumped into the public markets. Enabling SPV (special purpose vehicles) and harmonized reporting (ie combing Reg D and Reg CF into one, not two reports), and increasing the total amount that can be raised would help streamline compliance for issuing firms. Additionally, the changes could also enable crowdfunding to become a viable capital formation tool for investing in such asset classes as real estate.
Currently, US offering exemptions such as Regulation CF (crowdfunding) are quite restrictive, limiting the total amount you can raise to $1.07M USD per 12 month period and includes significant restrictions per investor. The US SEC appears to be following the lead of other jurisdictions such as Canada where regulators proposed similar changes, or Europe where regulations were updated last year, increasing the limits for the EGP (European Growth Prospectus) to €8M EUR, a little over $9M USD. According to the new proposal, companies would be able to raise up to $5M USD. While $5M is still a relatively small amount of capital, it does allow early stage companies to build their tribe with a broader investor base.
The SEC proposed similar changes to Reg A, increasing the upper limit to $75M USD. This could make Reg A viable for many later stage companies where larger Series B, C, or even D rounds demand more capital than what is currently available in Reg A.. This also opens up these investment opportunities to the retail investor, previously these deals were only available to the wealthiest corporate venture firms, private equity shops, and high net worth individuals.
Further changes include allowing accredited investors to participate in crowdfunding. Previously, if you used a crowdfunding exemption, you could not accept funds from accredited investors and would actually have to use another exemption, such as Reg D, simultaneously. This typically forces companies into more paperwork, legal fees, and an increased risk of getting something wrong – which could result in regulatory or civil actions. The proposed changes would enable companies to combine accredited and retail investors into one offering.
Aside from accredited investors, the changes also open the doors to institutional and corporate investors, including the SPV (Special Purpose Vehicle).
An SPV is a corporate entity created for a specific purpose – usually for reasons such as limiting liability, tax efficiency, investment, or capital formation. For example: In order to tokenize a piece of real estate, you might form an SPV, and transfer the deed to the real estate into this company. The purpose of that company/vehicle is to hold the deed of this real estate and maintain a accurate record of who the owners are, SPVs are commonly used for investment funds as well.
Combined, SPVs, corporate investors, accredited investors, and major institutional investors can move large amounts of capital. However, they weren’t able to invest in crowdfunding offerings in the US. This created an interesting paradox for companies raising capital, if you could get the big fish interested, you would avoid the crowd – but, if your offering didn’t look good enough for professional investors, your last resort may be crowdfunding. The crowdfunding industry as a whole has faced a lot of criticism from professional investors for low returns and low deal quality, this is likely to change when retail investors have access to the same deals as larger institutions.
Finally, the new crowdfunding regulations propose several major changes to how much each investor can put into any one offering. Currently, investors who do not meet the accreditation thresholds were limited on how much they could invest based on the lower of their income or net worth. The new regulations would change this to the greater of those two. These changes are expected to not only fuel innovation, they are likely to bring in a lot of smart money as well.
For example, an investor with a net worth of $750,000 and an income of $150,000 couldn’t qualify as an accredited investor. This person has a Phd in bioscience and finds a startup with a revolutionary innovation in the field of bioscience – they are not qualified as an accredited investor and barred from investing. Ironically, they can be an advisor to any institutional investor on why this particular startup is so hot – but under the current rules, they are not qualified to risk their own money.
While these changes are welcomed by most market participants, they are not a sure thing. This proposal for a new exempt offering framework is not yet regulation, it still has to make it’s way through the government and be entered into the Federal Register. Looking back at the proposals for crowdfunding in the US we can see how different a proposal can be from the regulation – and there are still a lot of lobbying dollars that want to see the status quo maintained. It is important to not make important business decisions based on this proposal – rather, look at these changes as a larger trend among securities regulators globally.
We’re seeing securities regulators trying to make easier for distributed capital formation. Crowdsales and crowdfunding are actually becoming something that the regulators across around the world are working together to harmonize their frameworks. By combining the crowdfunding regulations from jurisdictions around the world, early stage companies would be able to access global capital and build a global investor base, without being forced to break the rules like most of the ICO and STO issuers are doing today.
Perhaps the most exciting thing about the SEC’s proposed changes is how they demonstrate a very coordinated effort among securities commissions globally. As this new era of capital formation emerges, businesses will be able to combine and leverage the regulatory frameworks of multiple countries. That being said, for US based offerings, we still have to wait for the new regulations before knowing what they will look like, or their impact on the digital securities industry.
Why EU blacklisting the Cayman Islands matters for the STO industry – Thought Leaders
On February 18th the European Union added the Cayman Islands to its tax haven blacklist. While this has not made the news in the security token industry, it has had major implications. Due to the strict demands of AML & KYC in many jurisdictions, regulators are focusing more resources on beneficial ownership, tax transparency, and enforcement.
For companies raising capital, the blacklisting means you should not take money from a Cayman fund if you’re a European issuer. In the EU, a lot of the investment in security tokens, real estate, and private equity comes from or through Cayman fund structures. Cayman is also where a large portion of American VC funds are domiciled.
The current tax haven blacklist also includes American Samoa, Fiji, Guam, Oman, Palau, Panama, Samoa, Trinidad and Tobago, US Virgin Islands, Vanuatu, and Seychelles.
Any company taking funds from a Cayman domiciled fund, or working with a platform/issuer/bank in that market should be aware that being associated with a blacklisted country could create significant new risk exposure for your project, and possibly yourself. These changes are effective immediately. Until recently, most firms could fly under the radar but the EU is also rolling out a public registry of corporate ownership. This will not only make non-compliance much easier to spot but also increases the ability for regulators in the EU to investigate and enforce.
The regulation could impact people working at (including directors, officers, or significant shareholders) a company that received funding from a Cayman source after the blacklist date. Enforcement severity changes by country but can include criminal charges, company seizure, and known associates may end up on a variety of sanctions and watch lists. Not to mention the reputational damage.
This is a good example of why a good AML program does not only consist of face matching a document and pinging an API to name match a sanctions list – you are opening up your venture, and most likely yourself, to massive liability. Your legal and regulatory obligation is to take a risk based approach. What that looks like can change by country, transaction value, activity history, etc., so AML program needs to be dynamic, robust, and comprehensive enough to catch things like narrative sanctions.
For example: The most popular security token platforms today only use KYC for digital onboarding of natural persons – not corporate entities. However, when you look at the investors in their previous token issuances you can see that most of the funds are coming from corporate accounts, corporation owned wallets, but the on-chain transaction and KYC is done by an individual. These platforms are missing the technical capabilities to spot transactions coming through blacklisted jurisdictions such as Grand Cayman.
iComply recently helped a virtual asset exchange pass the audits needed to offer their users the ability to spend virtual assets, such as Bitcoin and Ethereum, with a Visa card. This process involved independent audits from Visa, their banks, and regulators – each wanted to see the client demonstrate how they would be able to identify these risks and fulfill the requirements of a whole web of regulations.
Now that they have passed the audit, they are first to market with a very compelling offer compared to their competition who still have months of development on their AML systems before their applications will go through. Using iComply to get ahead of the regulations has also put them ahead of their competition.
We can expect the same for the security token market. Token issuers need to pay close attention to their AML compliance – Telegram had to refund over $1B USD over AML, has spent millions in court with the SEC, and the OCC has not even started with them yet…after that, how many of their “not investors” will be ready to jump onto an investor class action lawsuit? We have already seen this with the recent OCC case against MYSB in New York, or with the SEC and AirFox in Boston.
Under Scrutiny: How to Pass Due Diligence as a Blockchain Project – Thought Leaders
Every business is destined to undergo multiple assessments. Regulators granting licenses and permissions, potential partners, investment advisors and investors – each of them has a set of filters that a tech project should pass to be considered viable. The task gets more tricky for deep tech startups utilizing blockchain, AI and other cutting-edge technologies.
This article is structured as a list of questions for a startup to check its investment readiness and prepare for a due diligence process, grouped in three broad categories: 1) technical, 2) legal, and 3) business. Starting with generic ones, we are diving deeper into industry-specific questions with particular examples in the tech part to illustrate nuances and pitfalls a project might face, especially fueled by high competition in the space.
Is the proposed solution technically possible?
This might sound obvious – but many founders neglect this question while chasing the visionary technological dream, especially in deeptech areas like AI/ML, brain-computer interfaces, biotech, or blockchain. If your project exists only as a concept yet (especially if you’re not the tech guy and will do external hiring), make sure that it is possible to develop before you pitch.
If the solution is not technically possible at the moment, how much time and effort is needed for research and development (R&D)? Are these estimates aligned with time and funding limitations, if there are any?
In some cases, a tech team is strong and the idea is very promising, but it might take full five or ten years to develop and be adopted – like quantum computing for solving enterprise-grade problems in the pharmaceutical industry.
You have to be honest – and realistic – about the timing and expenses. You will certainly get this question. Here you need to distinguish between research and common software development costs: the research stage is inventing algorithms to build something that previously hasn’t been possible due to technological limitations, with uncertain results and timelines. The software development stage is building a well-understood solution, which only requires a certain period of time.
Clearly enough, investments at the research stage are much less predictable. However, development can also take much longer than team plans originally, trying to impress investors and overestimating capacity. Make sure you don’t.
In the case of a software product, does the project really need proprietary software and not a white-label solution or SaaS?
Reinventing the wheel might be seductive. However, in some cases, spending resources for the development of a new in-house technical solution can be a waste of time. If you as a startup do not suggest a software innovation, it might be easier and cheaper to purchase a ready technical part and customize it to the particular business needs.
What are the external dependencies (e.g. libraries)? How is external software maintained?
No software is written totally by the company in-house team. Every project in the world uses multiple external databases and code libraries, often open-source, maintained by global communities of developers or by corporations. The resilience of the project depends on the timely update of external software for security and efficiency.
If you’re doing an AI project, what is the source of data? Is it sufficient? Is it available?
The viability of AI projects is extremely dependent on data quality. Algorithms may be inefficient when there is not enough data. Also, inherent biases in the data (e.g. racial) will impact the final algorithm. Furthermore, there may be a chicken-and-egg problem if the customers are a source of data and, at the same time, the main value is delivered using the AI/ML. If the data is not free, its cost should be considered vs potential value compared to using less advanced methods.
If you’re doing an AI project, how is the context-dependence addressed?
Even if there is plenty of data available, it may be gathered in a specific context, often being non-applicable in another. For example, if the network was able to distinguish cats and dogs indoors, it may be unable to do so outdoors.
If you’re doing a blockchain project, why the database should be distributed, in other words, why do you need blockchain?
Many problems that are claimed to be solved with the blockchain can be solved with a simpler cryptographically protected database with a robust permission management system that can also utilize public-key cryptography if needed.
In the case of the original concept of blockchain, the database is distributed among multiple participants with all of them being able to make an input. This is not always needed. For example, an enterprise may need a database to store and process its internal data, in which case it shouldn’t be distributed. Or it may be a database of a governmental body, to which everyone should have access but only the government should be able to validate input data.
If it makes sense for a database to be distributed, does blockchain have to be public?
Blockchains can be generally divided into public and private. Public (permissionless) blockchains are the ones in which anyone can host a node, thus having access to all data recorded and validate database updates. In private (permissioned) blockchains only certain participants can have access to data and validate input.
Public chains significantly reduce the control over the business as the state of the database is now controlled by multiple people scattered across multiple countries. This also means an increased regulatory uncertainty, especially in the case of heavily regulated industries or the ones that are of systemic importance. For these reasons, the case for public chains must be really strong. In many cases, a private blockchain is enough to satisfy business requirements. For example, transaction processing requires only financial institutions participating in the blockchain, sharing medical history data requires only hospitals participation.
If you’re doing a blockchain project, what are the incentives of participants to act for the benefit of the system? What are the ways to break these incentives and how are they addressed?
As blockchain, especially the public one, is maintained by common efforts, and the quality of data, the transaction costs depend on the participants, incentives should be designed in a due way to ensure that the system is sustainable.
An example of where it is problematic is the Tezos blockchain that utilizes the so-called Liquid Proof of Stake (LPoS) consensus algorithm. A consensus algorithm is a way in which validators agree on the new state of the ledger. In LPoS consensus participants can stake a certain amount of a blockchain native token to get a right to either validate transactions themselves or select another trusted person that would do that instead, who would validate a transaction and distribute the reward. Although such algorithms have multiple benefits, the common point of criticism is that incentives for participants to become validators are questionable as they can select someone else, and still receive a significant chunk of reward because of the competition among potential validators, while not spending time and computational resources on network maintenance and governance. This creates a risk of blockchain centralization and various types of attacks.
How is the cybersecurity ensured?
Cybersecurity is a primary feature of any IT infrastructure. Especially for a regulator, who’s main concern is protecting customers.
If you’re doing a hardware business, how is the quality of supplies ensured?
While software businesses are dependent on external libraries, hardware businesses depend on supplies providers for the quality of their solutions.
Assessing legal implications of a project, compliance costs and limitations arising from legal requirements.
Does the company need licenses to operate legitimately, and which ones?
This point is especially important for heavily regulated industries, such as fintech. Almost any financial services require some kind of licensing, and some of them – such as MiFID II in Europe – can take up to two years or more to acquire.
Also note that in most cases you need a separate license in every country where you intend to operate and provide services, although there may be various arrangements between competent authorities, especially between the EU Member States, that allow facilitated transfer of license.
All clients need to be identified, especially in the financial services industry, as well as the origin of their funds so that the business is not used as a means for money-laundering. However, making customers confirm their identity may not be a great and engaging UX, negatively impacting conversion rates. The proportionality principle should be applied – the higher the risk, the stricter measures.
Who holds the custody of the funds?
This question will be asked to any business that allows clients to deposit their funds, such as investment management. Holding clients’ money and assets also requires licensing, and the project should consider a partnership with an applicable license holder institution.
Who is liable for failures?
This happens to be one of the most neglected matters. Even if you will suffer eventual reputation damage, you can still protect itself from legal liability by building corresponding arrangements with service providers. For example, if client data is stored on third-party servers, they should be responsible for the data safekeeping. Note, though, that such arrangements will increase service costs. Sometimes providing a service for which a liability may be taken is a core business of a company. Although it is impossible to avoid liability completely in such case, it can still be reduced, for example, if employees are liable, and not a company, or if limits are imposed on the amount of liability.
Founders of blockchain projects, especially of decentralized ones, tend to consider that they hold no liability, as they don’t control the network. However, regulatory authorities may have another view as the legislation is built on the premise of a liable service provider who has the responsibility to ensure that the system operates in a due manner. Thus, the project team may become subject to claims in case of failures.
Being poorly managed, taxes can significantly reduce company profits, especially in the case of unfavourable double taxation regime between countries the company operates in. Furthermore, taxation issues can make the company much less attractive as an investment opportunity. A proper optimization should be undertaken in order to mitigate these problems.
What is the intellectual property of the company? Is it protected? Does the company violate any IP?
There are three main points to it.
Firstly, a company may at some point become a target for patent trolls, so it should get patents and copyrights for all its relevant assets.
Secondly, in order to make an MVP startups may violate someone’s intellectual property in some cases, for example, use protected images, design, UX, etc. It is unlikely to be problematic at the initial stage but may be when the company grows bigger. Especially if the IP violated belongs to direct competitors.
Thirdly, IP is an asset that increases valuation, that may be used for tax optimization.
In recent years GDPR became an increasingly pressing issue. Basic privacy setup goes far beyond cookies disclaimers and should include proper storage of personal data, hijacking of which may result in significant lawsuits, proper data management, such as not giving to third parties without consent, the possibility of erasure, etc.
The blockchain may often store sensitive personal and financial data, which are strictly protected on the regulatory level. They can sometimes be contradictory to the nature of the technology, such as the right to be forgotten or the obligation to store data on the server of the country where the person resides. It is advisable to consider not storing personal data on the public blockchains at all, which enables more control over them.
What problem does the project solve?
Emerging technologies are sometimes called “a solution looking for a problem” – not unjustly. Behind the engaging narrative and brilliant technological thought, it can be easy to lose the most important question: who is your target audience, and why it will use the proposed solution?
Check if the stated problem does exist, confirmed by the potential clients. Customer surveys and test can help a project make sure that you are moving in the right direction. If a project operates in a vacuum with no direct contact with its target audience – it is a red flag for investors, as it risks meeting no demand once it goes live.
Sometimes a problem is not pressing enough for it to require a separate solution.
How is the problem currently solved? How is the proposed solution better?
In order to be adopted, a project has to offer a very clear benefit to its customers – saving someone’s time or money, fulfilling a particular need or simply providing positive emotions.
If the benefit is marginal, clients are unlikely to pay more or bother switching to a new service at all – so make sure a project has to lead a competitive analysis and found its clearly defined niche in the market.
We once had a discussion with a project building a network of supercomputers in different countries that would solve the AI problems with built-in algorithms so that customers would only input data and choose algorithms. The problem was that in cloud computing they were competing with Amazon and Microsoft, and in AI software – with IBM. No chance they would win.
What are the core assumptions on which the business model is based? How are they validated or are going to be validated?
How actually the company is going to make money? What metrics in such cases determine the profits? Are the revenue predictions realistic?
For example, if transaction fees are the main source of revenue, certain transaction volumes are expected and should be justified by market analysis.
What is the place of a company in the industry value chain? Who are other participants the company is working with? How supply chain sustainability is managed?
No company delivers its value to end customers independently, it is always working together with multiple other actors. It is critical to identify the exact added value the company provides. All other companies in the value chain are external dependencies that may pose risk and should be managed, for example, by diversification.
How does the unit economics of the company work? Can it be profitable at all?
That is, does a single customer bring more money than it costs, including processing and acquisition costs.
In the case of broken unit economics, is the increased revenue per customer possible, or they will not pay more? Is it possible to cut costs in the future with significant investments, for example, software that reduces operational expenses, or marketing that raises the credibility, reducing acquisition cost?
In other words, investors will look at the factors that will make the investment justified.
What is the growth strategy? How is the growth engine validated? Does it suit the business model?
To make the investment feasible, a project should have a certain growth potential that matches the risk. For an operational profitable business growth expectation is lower compared to a startup. The company with the potential of viral growth prospects differ significantly from the B2B company that should employ sales department.
Who are the direct competitors? What is the competitive advantage, if any? If there are none, what are the possible options to gain some and the expected investments? If there are some, how are they sustained?
A business does not necessarily need a competitive advantage at every point of time if the demand on the market is significantly higher than supply. However, this is not a sustainable situation, and the competition will increase. Thus, if there is no competitive advantage, you should focus on getting one. If you do have one – make sure you’re able to sustain it and adapt to the ever-changing market conditions.
Did the company use debt funding? What is the debt to earnings ratio?
Indebtedness of the company creates additional risks for anyone engaging in business with it, resulting in less favourable collaboration or a lack thereof.
Who are the major company shareholders? How will they impact company direction? Do they support profitability or growth? Do they participate in operational management?
Shareholders are a source of information about the business that will be looked upon. In the financial industry or when offering securities to the public, major shareholders and directors should pass fitness and properness checks. The company should be cautious and make its due diligence when accepting investments not only regarding the legal background of the investor but also the broader impact it will have on the company’s strategy.
If a project is looking into engaging serious partners, attracting significant funding round or raising public and media awareness, it will definitely become a subject to thorough scrutiny that will target not only superficial financial parameters and the quality of the idea, but also the non-sexy things, such as taxes, intellectual property, cybersecurity, and supply chain resilience. Answering those questions in advance makes you not only well-prepared for the due diligence, but also more able to succeed in the fierce competition on the market, and should be undertaken as early as possible.
Due diligence requires asking hard questions. But it is critical to ensure that we devote our time and money to what will have a real impact on the world.