Compliant Decentralization?: Exploring an Approach to Utility Token Distribution

By Connor Spelliscy

“And putting aside the fundraising that accompanied the creation of Ether, based on my understanding of the present state of Ether, the Ethereum network and its decentralized structure, current offers and sales of Ether are not securities transactions.”

– William Hinman; SEC Director, Division of Corporate Finance (June 14th, 2018)¹

William Hinman’s recent statements at the Yahoo Finance All Markets Summit provide some guidance for token projects intending to sell tokens as non-securities in the United States. The statements suggest that staff of the Division of Corporate Finance at the U.S. Securities and Exchange Commission (SEC) may treat a token as a non-security should (among other factors) a project’s network become sufficiently decentralized over time.² However, the process for becoming sufficiently decentralized may result in a bit of a regulatory Catch-22.

Ethereum’s success in becoming a decentralized network over time is attributable — in part — to “fundraising that accompanied the creation of Ether” (i.e., the initial sale and subsequent secondary market transfers of Ether).³ By explicitly omitting to discuss the initial Ether offering, Hinman may be implying that the Ether ICO was an offering and sale of securities under US securities law. So how could a token project decentralize through an initial token distribution while complying with US securities laws?

The answer may lie in a two-step process:

Step 1 — Limited Distribution Outside the U.S.

A project distributes tokens in a manner compliant with securities laws either in the U.S. and/or internationally (including in reliance on an exemption from registration) which would render the tokens to be restricted securities subject to transfer restrictions.

During this stage, projects will only permit sales and/or transfers of tokens that are in reliance on an exemption from registration in compliance with securities laws. This limitation must be enforced on an ongoing basis (not just at the project’s initial distribution) to prevent tokens from illegal transfers in secondary markets or “flowing back” to the U.S. without relying on an exemption.

Step 2 — Potential U.S. Distribution

Based on Hinman’s statements and non-exhaustive list of criteria (see below) — which may be used by the SEC to determine whether a token is or is not a security — a project may be more likely to have its tokens deemed non-securities after the sort of limited distribution described above.⁴

Some of Hinman’s criteria focus on whether a project’s network is sufficiently decentralized. Although meeting Hinman’s criteria is not necessarily determinative, the token may be more likely to be considered a security in the U.S. if the questions below are answered in the affirmative. Ultimately, the SEC will likely classify a project’s token on a case by case basis ,and consider a range of factors broader than those identified in Hinman’s comments.

  • Is there a person or group that has sponsored or promoted the creation and sale of the digital asset, the efforts of whom play a significant role in the development and maintenance of the asset and its potential increase in value?
  • Is the promoter (or project) the only one to exert substantial influence on the token?
  • Are promoters (or projects) influencing trading instead of allowing independent actors to set price?
  • Are the digital assets concentrated in the hands of a few users rather than a diverse base?

Related to the above, the four-factor Howey test will likely continue to play a prominent role in the security analysis of a token. See the full list of Hinman’s criteria here.

Note that Hinman’s criteria are not regulations and do not necessarily represent the SEC’s views. They do not provide a clear test for a project to use in determining whether its token is no longer a security. The SEC has not yet provided enough information for a project to make any such determinations. Further, decentralization is one of several criteria that the SEC is likely to consider in deeming a token a security. Thus, token projects should consult with their lawyers (and likely the SEC and relevant regulators) to determine whether their tokens are securities.⁵

Limiting distribution of your token using the TPL

We are not recommending that projects take any particular path. We are instead flagging one of the instances in which projects may want to control the transfer of their tokens after initial distribution. We have completed an initial release candidate for a protocol called the Transaction Permission Layer (the “TPL”) that will allow blockchain projects to control the ways in which their native digital assets are transferred on an ongoing basis. The TPL protocol enables projects to set prerequisites for a successful token transfer — ensuring that transfers comply with the rules set by the project. Projects could use the TPL to control the ways in which their tokens are transferred prior to being deemed non-securities.

The TPL protocol allows for the creation of digital jurisdictions with rules that are administered and regulated on-chain by one or more crypto stakeholder(s). Projects can establish digital jurisdictions that ensure transactions within the jurisdiction comply with stipulated requirements. These requirements can be anything capable of being validated and recorded in a registry and are not necessarily related to securities.

Parties authorized by the Project (“Validators”) certify and monitor the digital jurisdiction ensuring that participating parties and their transactions are compliant. Validators can be any trusted organization (including the project developers themselves); they will provide validation services to participants in exchange for a fee (e.g., Verisign) or for free (e.g., Lets Encrypt).

Our progress

The above is an exploration of one potential use case for the TPL but we are already collaborating with projects on several other use cases including: transfers in particular geo-spatial locations, compliant transfers in decentralized exchanges, transfers between participants in a VC DAO, etc.

If you are working on a token project and are interested in limiting the distribution of your tokens (or have any other questions), we would love to hear from you and see how we can help. Let us know here!

The content above is for informational purposes only. It should not be taken as legal, business, or investment advice. Projects considering a token distribution should consult their attorneys and regulators in relevant jurisdictions.

Thanks to Demi Brener, 0age, Josh Mendelsohn, Ryón Nixon, and Adon Moss for feedback and conversations which contributed to this post.


[1] Digital Asset Transactions: When Howey Met Gary (Plastic), online: <>

[2] The SEC is the only regulator discussed and considered in this article. The SEC has the exclusive jurisdiction over securities products. If something is considered a non-security product by the SEC, other regulators will respect the SEC’s determination. However, other regulators will likely be involved in regulating tokens and their transfer. For example, a token that is not a security may be a commodity or consumer product falling within the CFTC’s jurisdiction or the Consumer Financial Protection Bureau’s jurisdiction.

Hinman also provided that “over time, there may be other sufficiently decentralized networks and systems where regulating the tokens or coins that function on them as securities may not be required.” Operating systems (like ZeppelinOS) allow projects to update their smart contracts to enable a broader distribution of their tokens subsequent to their initial launch.

[3] Digital Asset Transactions: When Howey Met Gary (Plastic), online: <>

[4] If a project does not meet the other criteria then its decentralization may be irrelevant for purposes of a security analysis. When it comes time for the SEC to make determinations about a token as a security, the factors it considers may be completely different than those suggested by Hinman. Decentralizing outside the U.S. may ultimately have negative consequences for a project if the project is perceived to have attempted to subvert the SEC’s rules (even if it is trying to comply with them).

[5] Hinman also encouraged projects to work with the SEC to determine whether their token is or could become a non-security:

“We are happy to help promoters and their counsel work through these issues. We stand prepared to provide more formal interpretive or no-action guidance about the proper characterization of a digital asset in a proposed use… We understand that market participants are working to make their services compliant with the existing regulatory framework, and we are happy to continue our engagement in this process.”