2016 Review  •  Features

Regulating ICOs: Striking a Balance in 2017

(@ilianaOV) | Published on December 16, 2016 at 11:57 BST
Feature

Iliana Oris Valiente is a finance professional (CPA, CA) leading Rubix, a Deloitte-backed blockchain venture.

In this CoinDesk 2016 in Review feature, Valiente discusses how blockchain technology is impacting venture capital – and why that brings both cause for excitement and pause heading into 2017.

Please note the views reflected are those of the author, not their employer. The below is not meant to be construed as legal or financial advice.

coindesk-2016-review

gymnast

ICOs, or initial coin offerings, have garnered substantial attention in the past few months and unsurprisingly the majority of the analysis to date has centered on the debate over whether a particular coin or token should be considered a security, and the technical considerations for setting up such an investment vehicle.

In the midst of this, notably absent are the regulatory bodies to provide appropriate guidance in demystifying the treatment of ICOs and carrying out their role as stewards of the public interest.

Here's the simple explanation as to why this topic should be at the forefront of regulatory discussions: ICOs allow anyone in the world with a computer and an Internet connection to invest in projects, initiatives or ventures anywhere in the world by means of digital token purchases.

This is fundamentally disruptive and a tremendous feat to bring much needed innovation to the world of traditional investment vehicles; the closest analogy to existing financial mechanisms would be a blend between an IPO and an equity crowd-funding raise.

The ICO process brings up more questions that are not being adequately covered:

  • Who are the investors?
  • Where are the funds coming from?
  • Who are the people behind the ICO?
  • How is the consumer being made aware of the suitability of the investment according to their risk profile?

These are all questions the regulators should be asking, although there are no clear answers since it’s neither an IPO nor an equity crowd-funding raise, and it may or may not be a security.

In fact, there may not even be an active role for the regulator to play in a world where the ICO phenomenon is occurring in a completely decentralized fashion outside of the traditional jurisdictional boundaries and prior financial infrastructures.

Complexity in the eye of the beholder

What is clear is that ICOs introduce complexities for three distinct groups of stakeholders:

Issuers

As an issuer, the onus is there to be proactive in understanding the few rules that do exist and self-comply with emerging best practices.

From a technology perspective, open-source guidance such as ERC 20 provide the basis for standardizing key token functions; these guidelines are focused more on aligning on interfaces and software security, not necessarily with end-investor protection in mind.

In the absence of regulator input, industry players Coinbase and others have taken the initiative to create a legal framework to catalogue the main considerations that issuers should be aware of to help them determine if their token is likely to be treated as a security.

The goal behind the framework was to create a decision matrix to help developers incorporate design decisions that are less likely to land them in legal trouble down the line.

Investors

As an investor, caveat emptor is still in effect – significant research and taking on the risk of failure are still required.

The role that VCs typically play in vetting and reviewing startups or projects is now in the hands of the retail investor. And unlike traditional investments available to consumers, there are no existing safeguards.

For the time being, the old words of wisdom still apply: if it sounds too good to be true, it probably is; if you can’t afford to lose all of that money tomorrow, don’t invest.

Regulators

Regulators certainly have their work cut out for them. What’s perhaps most unsettling from their perspective is that with or without their active involvement, ICOs have proven a new model that will continue to evolve and perhaps outside of the regulatory reach to a certain extent.

Yet the implications for consumer protection, and the broader market stability implications are too significant to ignore; another DAO-style raise of $160 million and subsequent hack could shake the trust in the blockchain ecosystem, hindering future investments while also having a devastating effect on consumers.

Overwhelming challenge

The precarious legal position of the issuers and the potential exposure to risk of the retail investor is precisely the reason that this needs to be a priority on the regulatory agenda.

To their credit, regulators worldwide are taking steps in the right direction. The UK, Singapore, and Hong Kong have all moved to set up sandboxed environments for blockchain-based companies to experiment.

The state of Delaware and the state of Illinois have both been pro-active in declaring their jurisdictions as forward-looking to promote blockchain adoption, having taken a close look at the lessons learned from the New York State Department of Financial Services BitLicense regulatory framework from 2015.

Despite these positive developments, very little is publicly available as it pertains to the view of the regulators on the ICO subject specifically. I suspect that’s in part due to the overwhelming challenge of staying on top of the rapid pace of change in the blockchain space.

For the regulators tasked with overseeing a diverse number of portfolios or potential issues at a 30,000-foot view, it’s possible that the ICO wave has yet to hit their radar.

Why do we need a regulator’s input?

As much as the blockchain community can be portrayed as relying solely on the decentralized nature of the technology and proclaiming that the future lies in self-governing smart contract code, the reality is that code is not yet considered to be law, VCs are waiting for this technology to leave the grey zone of ambiguity, and consumers may in fact need and want additional protection.

In an ideal world, all would end well if:

  1. Technology standards are created and ratified by the community and adopted by prospective ICO issuers
  2. Investors are sophisticated and understand the difference between investing in tokens to fund a centrally organized distributed entity (CODE), a decentralized autonomous organization DAO, or a new platform all together
  3. Investors select the ICOs that match their unique risk profile and are part of a well-diversified portfolio
  4. The teams behind the ICOs deliver on their promises, roadmap objectives are clearly communicated and met according to plan
  5. Investors have a long and happy set of interactions with the entity behind the raise, long-term value is created and dispute resolution is never required.

Unfortunately, the reality is that this is unchartered territory. And if we use the example of the DAO, there are over 20,000 investors, at least a fraction of whom would have arguably been unfamiliar with the nuances of wallets, key management best practices, how to convert out of the DAO holdings, and so on.

In fact, the only way that an investor would become aware that anything was wrong with The DAO was through the media coverage. For the blockchain community, which has already gotten into the daily habit of catching up on all crypto-news from a few sources, this may appear to be a non-issue.

Yet traditional investors have grown to rely on the intermediaries that manage their portfolios for them, making changes in holdings as new information becomes available, and sending alerts as appropriate – all under the auspice of a watchful regulator making sure that the rights of the investors are held up as being of paramount importance.

The risks of blockchain investments are magnified for newcomers to the blockchain space who have a hard time deciphering important nuances that should in fact drive their decisions.

So what's a regulator to do?

As it relates to this specific topic, there are a few suggested courses of action:

Learn and engage with the community

As an example, a few weeks ago, the Ontario Securities Commission (OSC) ran the first ever hackathon by a Canadian regulator.

The problem statement was simple:

“The financial services regulatory environment is becoming increasingly complex. Solutions that help streamline the regulatory environment are beneficial not only for regulators, but also for the regulated organizations and even for the economy as a whole. Bring your strategists, subject matter experts, developers and UX designers together for three days of purposeful interaction, and make your mark contributing to a more efficient Canadian regulatory ecosystem.”

And the OSC encouraged the use of blockchain technology to address some of these issues, going as far as to include a blockchain SME, Ethan Wilding, on the judging panel.

The results must have been surprising to the organizers, given that more than half of the teams ultimately pitched blockchain-affiliated solutions and two of the teams introduced the ICO concept. The first team suggested that the role of the OSC could evolve to provide technology reviews and automated testing of ICO code, potentially taking on some of the responsibilities that a VC would typically perform as part of a technical due diligence.

The team I was on built a prototype for a voluntary registration program for ICO issuers, a smart contract template for issuers to implement a hypothetical OSC-standard ICO, leading to an OSC-branded investor portal to help consumers compare multiple ICOs and select from a list curated by a neutral party that has no vested financial interest in promoting a specific investment.

In both of the previous scenarios, the traditional role of a regulator such as the OSC would evolve to undertake functions not typically in their purview.

Also likely is that regulators will be required to create new standards and issue new guidance, ideally preceded with close collaboration with the ecosystem players who would be impacted. Even if this topic is on their radar, the software at hand is very low-level and it’s not obvious how a non-specialist would figure out what’s going on in isolation.

This brings us to the second point of what the regulators could be doing...

Design next steps appropriately, taking due care to do no harm

I think the regulators will be pleasantly surprised to find that embedded in the ethos of the blockchain community is the desire to self-regulate and achieve consensus in community-driven ways.

That has given rise to the efforts already underway to create technology standards and best practices that many ICO issuers are keen to abide by, and the guidance issued by prominent investors in this space outlining key things to consider in evaluating ICOs.

Yet industry observer William Mougayar made the sensible comment:

“[If] we don’t self-govern to higher standards, the regulators will come and put a damper on this journey.”

In support of a measured approach to regulation

When it comes to ICOs, it will take time to see how these various initiatives will go, and we can only hope to avoid another DAO-scale breakdown. But, in the meanwhile, I think that regulators would be well advised to take steps to investigate ways to improve the protection of the investing public.

In anticipation of the counter argument that the rights and obligations of the investors or shareholders are included in the underlying code of the project and therefore regulator involvement is not needed, my take is that it’s only consolation if the investors at hand are both:

  1. Financially literate and capable of understanding complex investment options with information presented in a wide array of formats and with non-standardized data points
  2. Technically proficient to understand the underlying code to go and verify claims made by the team behind an investment ICO proposal.

That’s a high bar to set, given that with any new technology there will be asymmetric knowledge and varying levels of understanding, and, in the blockchain world specifically, there is a disconnect between the “business level” explanations behind how something works and the ability to appreciate the complex technical workings under the hood at the developer level.

Thinking creatively

Until such time that issuers and curators of ICO projects and investors have applied tried and true information sharing, risk management and governance models that evolve to capture all sorts of edge-cases, there will continue to be a knowledge gap.

And that’s where regulators typically step in – to protect consumers and provide operational certainty to the ecosystem of participants to facilitate efficient markets.

Yet the fact that ICOs do not neatly fall into any of the traditional categories of investments, will make the process of expanding the regulatory parameter to include ICOs and token trading, and applying measured regulation inherently difficult.

On the bright side, this provides an opportunity for the blockchain community to come together with the regulatory world and flex some critical thinking muscles, keeping in mind that we’re at a crossroads and should look at this as a chance to think about the “spirit” of the law, when the letter of the law is not applicable.

And the first step to accomplishing that must be the acknowledgement that technology cannot and should not exist in a vacuum.

Have an opinion on blockchain in 2016? A prediction for the year ahead? Email [email protected] to learn how you can contribute to our series.

Disclaimer: The views expressed in this article are those of the authors and do not necessarily represent the views of, and should not be attributed to, CoinDesk.

Balance beam image via Shutterstock

Blockchain TechnologyEthereumICOsVenture Capital

Don't miss a single story

Load Comments