Why This Analysis Matters
In my practice representing crypto projects and trading platforms, the single most consequential legal question I encounter is: "Is this token a security?" The answer determines everything - from registration requirements to criminal liability for the founders.
The framework for answering this question comes from a 1946 Supreme Court case about Florida orange groves. The SEC v. W.J. Howey Co. decision created a test that the SEC now applies to every token offering. Understanding this test is essential for anyone building, trading, or listing digital assets.
The Stakes Are High
Getting this wrong isn't just a civil matter. Selling unregistered securities can result in criminal prosecution, disgorgement of all profits, and permanent bans from the securities industry. The SEC has brought over 100 enforcement actions against crypto projects since 2017.
The Howey Test: Four Prongs Explained
Under SEC v. W.J. Howey Co., 328 U.S. 293 (1946), an "investment contract" exists when there is:
1 Investment of Money
The investor must provide something of value. In the crypto context, this includes:
- Fiat currency - USD, EUR, or any government-issued currency
- Cryptocurrency - BTC, ETH, or other digital assets (confirmed in SEC v. Shavers)
- Services or labor - In some cases, contributing work in exchange for tokens
- Airdrops? - This remains unsettled; the SEC has suggested even "free" tokens can satisfy this prong if recipients provide value (like personal data or network effects)
My take: This prong is almost always satisfied. I've never successfully defended a case on the basis that there was no "investment of money."
2 Common Enterprise
Courts apply different tests for "common enterprise," which creates significant jurisdictional variation:
Horizontal Commonality (Majority View)
Investors pool their funds, and each investor's fortune is tied to the success of the overall venture. This is satisfied when:
- Funds from multiple investors are commingled
- Profits are distributed pro rata
- All investors share in the risks and rewards
Vertical Commonality (Minority View)
The investor's fortune is tied to the promoter's efforts. Two sub-types:
- Broad vertical: Investor success depends on promoter's expertise (9th Circuit)
- Strict vertical: Promoter's financial success must be tied to investor success (5th Circuit)
My take: For token offerings, the SEC typically argues horizontal commonality based on the pooling of ICO/token sale proceeds. This prong is usually easy for the SEC to establish.
3 Expectation of Profits
Purchasers must buy with an expectation of profit. The SEC looks at:
- Marketing materials: Did promoters emphasize potential returns?
- Economic reality: Why would a rational person buy this token?
- Secondary market focus: Is the main draw trading potential rather than utility?
- Price appreciation promises: Discussions of token value increasing
Key distinction: Profits must be capital appreciation or participation in earnings, not merely the utility value of the token itself.
My take: This is where most token cases are won or lost. If I can demonstrate genuine consumptive intent (people buy to use, not to profit), my client has a fighting chance.
4 Derived from Efforts of Others
The expected profits must come primarily from the entrepreneurial or managerial efforts of others. Critical factors:
- Development dependence: Does the network's value depend on the team's ongoing work?
- Marketing control: Who drives adoption and token demand?
- Decision-making: Does a central party make key decisions about the protocol?
- Information asymmetry: Does the team have significant knowledge advantages?
My take: This prong is where the "decentralization defense" lives. If I can show the network is truly decentralized, this prong fails, and the token is not a security.
SEC Framework for Digital Assets (2019)
In April 2019, the SEC's Strategic Hub for Innovation and Financial Technology (FinHub) released its "Framework for 'Investment Contract' Analysis of Digital Assets." This guidance operationalizes the Howey test for crypto.
Key Factors the SEC Considers
Factors Weighing Toward Security Classification
- Active Participant (AP) retains a stake in the network (tokens, equity, or similar interest)
- AP controls development decisions and roadmap
- Token price correlates with AP's announcements or actions
- AP creates or supports secondary trading markets
- Token sold in amounts exceeding reasonable consumption needs
- AP controls key elements like token supply or access to the network
- Marketing emphasizes potential for profit or AP's expertise
- Tokens are transferable or tradeable
Factors Weighing Against Security Classification
- Network is fully functional at time of sale
- Token can be immediately used for its intended purpose
- Token's value is correlated with the utility it provides, not speculation
- Token is designed to be stable or pegged (not appreciating)
- Purchasers have the ability to use the token for its intended function
- Economic benefits are incidental to obtaining the right to use the token
- No AP or highly decentralized network
- Marketing focuses on functionality, not investment potential
The Framework Is Guidance, Not Law
While the SEC Framework is influential, it's not legally binding. Courts are not required to follow it, and I've seen judges depart from its analysis. However, it does signal how the SEC will approach enforcement.
Utility Token vs. Security Token
Utility Token Characteristics
- Functional at launch: Can be used immediately
- Consumptive purpose: Bought to use, not to profit
- Fixed or stable value: Price tied to utility, not speculation
- Decentralized network: No central party controlling value
- Marketing focus: Functionality and use cases
- Transfer restrictions: May limit transferability
- Purchase limits: Tied to expected usage
Security Token Characteristics
- Pre-functional sale: Network not yet built
- Investment purpose: Bought for appreciation
- Variable value: Price determined by market speculation
- Centralized control: Team drives value
- Marketing focus: Returns, appreciation, "moon"
- Freely tradeable: Emphasis on liquidity
- No purchase limits: Buy as much as you want
The "Utility Token" Label Is Meaningless
I can't count how many clients have told me, "But it's a utility token!" as if that label provides legal protection. It doesn't. The SEC looks at economic reality, not labels. A token called a "utility token" can absolutely be a security if it meets the Howey test.
Case Law: From Orange Groves to Crypto
Foundational Cases
SEC v. W.J. Howey Co. (1946)
The case that started it all. Howey sold parcels of Florida citrus groves to investors who had no farming experience. Howey then offered a service contract to cultivate the groves and distribute profits. The Supreme Court found this was an investment contract because investors expected profits solely from Howey's efforts.
Outcome: Security (Investment Contract)
United Housing Foundation v. Forman (1975)
Residents purchased "stock" in a cooperative housing project. The Court held these were NOT securities because the primary motivation was acquiring a place to live, not investment returns. This case established that the "economic reality" of the transaction controls, not the label.
Key quote: "The touchstone is the presence of an investment in a common venture premised on a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others."
Outcome: Not a Security
Crypto-Era Cases
SEC v. Shavers (2013)
One of the first crypto securities cases. Trendon Shavers ran a Bitcoin Ponzi scheme. The court held that Bitcoin investments could constitute "money" for Howey purposes, and the scheme was an investment contract.
Significance: Established that cryptocurrency can satisfy the "investment of money" prong.
Outcome: Security
SEC v. Telegram (2020)
Telegram raised $1.7 billion selling "Grams" tokens before the TON network launched. The court granted the SEC's preliminary injunction, finding that the entire scheme (including future delivery of tokens) was a single integrated offering that constituted a securities offering.
Key holding: Courts look at the "economic reality" of the entire offering, not just the token itself. Pre-functional token sales are particularly vulnerable.
Outcome: Security (Offering Halted)
SEC v. Kik Interactive (2020)
Kik sold Kin tokens to fund development of a messaging ecosystem. Despite Kik's arguments about utility, the court found the offering was a securities offering because purchasers expected profits from Kik's efforts to develop the ecosystem.
Key holding: Utility alone doesn't save you. If purchasers primarily buy expecting appreciation from the issuer's efforts, it's a security.
Outcome: Security ($5M penalty)
Key SEC Enforcement Actions
SEC v. Ripple Labs (XRP)
The Landmark XRP Case
Filed in December 2020, this case became the most significant crypto securities case in history. The SEC alleged that Ripple's sales of XRP constituted unregistered securities offerings totaling $1.3 billion.
Key Holdings (July 2023):
- Institutional Sales = Securities: Direct sales to institutional investors (who signed contracts and received discounts) were investment contracts
- Programmatic Sales (Exchanges) = NOT Securities: Sales on exchanges to retail buyers who didn't know they were buying from Ripple were NOT securities
- Other Distributions: Distributions to employees and developers as compensation were not securities
Outcome: Mixed - Partial victory for both sides
What Ripple Means for My Practice
The programmatic sales ruling was groundbreaking. It suggests that how a token is sold matters as much as the token itself. Secondary market sales where buyers don't know the seller may not be securities transactions. However, the SEC has appealed, so this is not final law.
SEC v. LBRY
The LBRY Credits (LBC) Case
LBRY operated a decentralized content platform. The SEC alleged that LBRY's sales of LBC tokens were unregistered securities offerings.
Key Holdings (November 2022):
- The court found LBC was offered as a security based on LBRY's promotional statements emphasizing investment potential
- The court rejected LBRY's "fair notice" defense (claiming unclear SEC guidance)
- Importantly, the court noted this didn't mean LBC is always a security - just that LBRY's offerings were
Outcome: Security - LBRY lost and later shut down
SEC v. Coinbase (Staking)
The Staking Services Case
In June 2023, the SEC sued Coinbase alleging (among other things) that its staking-as-a-service program constituted unregistered securities offerings.
SEC's Staking Theory:
- Users "invest" crypto by staking through Coinbase
- Common enterprise exists through pooled staking programs
- Users expect profits (staking rewards)
- Profits derive from Coinbase's node operation efforts
Status: Case ongoing. The court denied Coinbase's motion to dismiss, allowing the SEC's staking claims to proceed.
Outcome: Pending
SEC v. Terraform Labs
The Terra/LUNA Collapse Case
Following the catastrophic collapse of UST and LUNA in May 2022, the SEC charged Terraform Labs and Do Kwon with fraud and unregistered securities offerings.
Key Holdings (July 2023):
- LUNA was offered and sold as an investment contract (security)
- UST (the algorithmic stablecoin) was NOT a security
- wLUNA (wrapped LUNA) was a security
- MIR (Mirror Protocol token) was a security
April 2024: Jury found Terraform Labs and Do Kwon liable for fraud. The court ordered $4.5 billion in disgorgement and penalties.
Outcome: Securities fraud liability, massive penalties
When Tokens "Transform": Security to Utility (and Back)
One of the most nuanced questions in my practice is whether a token's legal status can change over time. The answer is yes - both directions.
Security to Utility Transformation
A token sold as a security can potentially become a non-security if:
Network Becomes Fully Functional
The platform launches and tokens have genuine utility that purchasers can immediately use.
Decentralization Achieved
Control transfers from the founding team to a distributed community of users and validators.
No More "Essential Efforts"
The network's value no longer depends on the efforts of any identifiable group or person.
Consumption Becomes Primary Use
Users buy tokens primarily to use them, not to speculate on price appreciation.
The Ether Example
In 2018, SEC Director William Hinman stated that Ether was not a security, despite ETH's ICO likely being a securities offering. The reasoning: Ethereum had become "sufficiently decentralized" such that no single entity's efforts were driving its value. This is the template for token transformation.
Utility to Security Transformation (Reverse)
A token that starts as a utility can become a security if:
- Re-centralization: A foundation or team takes control of development
- Staking programs: The token is pooled with promises of returns (see Coinbase staking)
- New marketing: Promoters start emphasizing investment returns
- Burn/buyback mechanisms: Creating value accrual mechanisms tied to team efforts
Transformation Risk Assessment
Analysis: Relying on transformation to avoid securities registration is risky. The SEC may still pursue enforcement for the original offering, and there's no bright-line test for when transformation occurs.
The Decentralization Defense
The most powerful argument for avoiding securities classification is demonstrating that a network is "sufficiently decentralized." This concept comes from Director Hinman's 2018 speech and the SEC Framework.
What "Sufficiently Decentralized" Means
No single definition exists, but I look at these factors:
| Factor | Centralized | Decentralized |
|---|---|---|
| Development Control | Single team controls roadmap | Multiple independent contributors |
| Token Distribution | Team holds large % of supply | Widely distributed, no dominant holders |
| Governance | Decisions made by founders | On-chain voting, community governance |
| Infrastructure | Nodes run by team/affiliates | Thousands of independent validators |
| Marketing | Official channels, branded messaging | Organic community growth |
| Information | Team has asymmetric information | Everything public and transparent |
Decentralization Theater
I've seen projects claim to be decentralized while a foundation controls the treasury, the core team can upgrade smart contracts, and five wallets hold 60% of the supply. The SEC sees through this. Genuine decentralization requires actual distribution of control, not just marketing claims.
Building Toward Decentralization
For clients launching new tokens, I recommend a "progressive decentralization" roadmap:
- Phase 1: Launch with clear centralization, but avoid public token sales
- Phase 2: Distribute tokens through usage rewards, not sales
- Phase 3: Transfer governance to token holders
- Phase 4: Dissolve or minimize the role of the founding entity
- Phase 5: Achieve independent development and validation
Practical Token Design to Avoid Securities Classification
Based on my experience with successful token launches and SEC enforcement patterns, here are concrete design principles:
Pre-Launch Checklist
- Functional network at TGE: Token must be usable on day one
- Genuine utility: Clear use case beyond speculation
- Consumption focus: Design for users, not investors
- Purchase limits: Cap purchases at reasonable usage amounts
- No profit emphasis: Marketing focuses on utility only
- Transfer restrictions: Consider lock-ups or use-it-or-lose-it mechanisms
- No investment language: Audit all communications
- Fixed or stable pricing: Avoid price discovery at launch
Token Economics Red Flags
- Burn mechanisms tied to usage: Can create investment expectations
- Revenue sharing: Direct profit participation is a major red flag
- Buyback programs: Team purchases signal investment focus
- Staking rewards: Especially with pooling, resembles securities
- Governance tokens: If tied to protocol revenue, may be securities
Case Study: A Successful Utility Token Launch
I advised a client launching a decentralized storage network. Instead of an ICO, we structured the launch as:
- No token sale - tokens distributed only to storage providers and users
- Functional network at launch with real storage capacity
- Token pricing tied to storage costs (pegged to $/GB)
- Marketing focused entirely on storage features and costs
- No secondary market creation or exchange listings by the team
Result: Three years operating without SEC issues
International Comparison: How Other Jurisdictions Classify Tokens
| Jurisdiction | Approach | Key Distinctions |
|---|---|---|
| Switzerland (FINMA) | Principles-Based | Three categories: payment, utility, asset tokens. Utility tokens with pure functionality are not securities. |
| Singapore (MAS) | Functional Approach | Security tokens under Securities and Futures Act. Payment tokens under Payment Services Act. Utility tokens may be unregulated. |
| EU (MiCA) | Comprehensive Framework | MiCA creates dedicated crypto regulation. Asset-referenced tokens, e-money tokens, and other crypto-assets have distinct regimes. |
| UK (FCA) | Case-by-Case | Security tokens regulated under existing securities law. Utility tokens generally unregulated unless providing rights. |
| Japan (FSA) | Detailed Taxonomy | Crypto-assets (payments), electronically recorded transferable rights (security-like), and utility tokens (unregulated). |
| UAE (VARA/DFSA) | Crypto-Specific | VARA in Dubai provides comprehensive crypto regulation. DFSA in DIFC requires analysis under traditional securities law. |
| Hong Kong (SFC) | Securities-Focused | Tokens representing shares, debentures, or CIS interests are regulated. Pure utility tokens may be unregulated. |
Jurisdictional Arbitrage Risk
I caution clients against "jurisdiction shopping." If your token is offered to U.S. persons or affects U.S. commerce, U.S. law applies regardless of where the entity is incorporated. The SEC has pursued enforcement actions against companies based in Switzerland, Singapore, and elsewhere.
Risk Assessment Framework for Trading Platforms
For exchanges and trading platforms deciding whether to list a token, I recommend this analytical framework:
Level 1: Categorical Analysis
| Token Type | Risk Level | Recommendation |
|---|---|---|
| BTC, ETH (major established assets) | Low | Generally safe to list |
| Stablecoins (USDC, USDT) | Low-Medium | Monitor regulatory developments |
| Established L1s (SOL, ADA, etc.) | Medium | Review SEC positions, conduct analysis |
| Governance/DeFi tokens | Medium-High | Detailed Howey analysis required |
| New token launches | High | Enhanced due diligence essential |
| Tokens from recent ICOs | Very High | Presume security until proven otherwise |
Level 2: Individual Token Analysis
For each token under consideration, evaluate:
Investment of Money
Almost always satisfied. This prong rarely provides defense.
Common Enterprise
Was there a token sale? Were proceeds pooled? Usually satisfied.
Expectation of Profits
Review marketing materials. Why do people buy this token?
Efforts of Others
Key battleground. Assess actual decentralization, not claims.
Level 3: Platform-Specific Considerations
- Staking services: Offering staking creates additional securities risk
- Lending services: Interest-bearing products may be securities
- Margin trading: Additional regulatory considerations
- Geographic restrictions: Consider blocking U.S. users for high-risk tokens
- Disclosure requirements: What do you tell users about token risks?
Exchange Liability
If an exchange lists an unregistered security, it may be liable as an unregistered broker-dealer or exchange. The SEC's Coinbase lawsuit explicitly targets token listings. This is existential risk for trading platforms.
Conclusion: My Practical Advice
After years of advising crypto projects and trading platforms, here's what I tell clients:
- Assume the worst: Start with the assumption that your token is a security and work backward. It's easier to launch compliantly than to unwind a non-compliant offering.
- Substance over form: Labels don't matter. "Utility token" stamped on a security is still a security. Focus on the economic reality of your offering.
- Build first, sell later: The strongest defense is a fully functional network before any token sale. Build the utility, then distribute the tokens.
- Decentralization is real or it isn't: Don't pretend to be decentralized. Either build genuine decentralization into your protocol, or accept that you're centralized and plan accordingly.
- Marketing matters enormously: Every Discord message, blog post, and tweet can be used against you. Train your entire team on what not to say.
- The Ripple case helps, but it's not a shield: Secondary market trading may be safer, but this doesn't protect the original issuer from liability for the initial offering.
- International launch doesn't avoid U.S. law: If U.S. persons can access your token, the SEC can reach you.
The Path Forward
Despite the regulatory uncertainty, there are compliant paths to token launches. Tokens with genuine utility, functional networks, and decentralized governance can avoid securities classification. The key is thoughtful design from day one, not hoping to fix problems later.