SEC's first crypto-exchange enforcement action dodges a key question

On November 8, 2018, the Securities and Exchange Commission (SEC) entered into a consent order with Zachary Coburn, the founder of EtherDelta, in its first-ever enforcement action against a cryptocurrency platform for operating as an unregistered securities exchange ("Order"). EtherDelta is an online platform for secondary market trading of Ether and ERC20 tokens, which are cryptocurrencies based on the Ethereum blockchain protocol. Many of the tokens traded on EtherDelta were launched during the 2017 rush of initial coin offerings (ICOs), but the SEC avoided identifying which tokens on the exchange are securities.

The SEC found that EtherDelta connected buyers and sellers of digital asset securities by providing access to the EtherDelta order book, displaying orders on its website, validating order messages, executing paired orders, and updating the appropriate blockchains to reflect a completed trade.

The Order states that approximately 92% of 3.6 million orders on EtherDelta were executed after the SEC issued its DAO Report. In that report, the SEC advises that a platform operating as an exchange for the trading of digital assets that are securities is required to register as a national securities exchange, unless it is otherwise exempt from registration. EtherDelta did not register or operate pursuant to an exemption, in violation of section 21C of the Securities Exchange Act of 1934 ("Exchange Act"). Without admitting or denying the findings, Coburn agreed to settle with the SEC by consenting to cease and desist from further violations and by paying disgorgement of $300,000 with $13,000 in pre-judgment interest and a $75,000 civil money penalty.

Of course, there cannot be a securities exchange—registered or otherwise—without securities. In the Order, the SEC states that the "tokens [exchanged on EtherDelta] included securities as defined by Section 3(a)(10) of the Exchange Act" (emphasis added) without analysis of any particular token. In the time since it issued the DAO Report, when it first applied SEC v. W.J. Howey Co. to ICOs (i.e., the Howey test), the SEC has given no clear indication of how many tokens and coins issued through ICOs are securities. EtherDelta listed dozens of tokens, and the Order's general statement suggests the SEC made no effort to determine which listed tokens are securities. Considering that SEC staff believe Ether—the primary token listed on EtherDelta—is not a security, the Order cannot be understood as determining every listed token to be a security. Instead, it appears the SEC simply assumed that at least one of the tokens on EtherDelta would meet the Howey test, and it dodged the difficult task of analyzing the facts and circumstances of each relevant ICO.

The SEC's settlement with Mr. Coburn is likely the first of many enforcement actions against crypto-exchanges. The same tokens exchanged on EtherDelta are traded on numerous other platforms. Until the SEC provides more guidance, those other platforms cannot be certain that they are not unregistered national securities exchanges. The one thing that is clear, however, is the SEC's strong signal that it prefers every crypto-exchange to register under the Exchange Act.