Skip to main content

Beaches and Bitcoin: Remarks before the Medici Conference

Los Angeles, CA

May 2, 2018

Thank you, Vince [Molinari], for that kind introduction. I appreciate the opportunity to be here today. I must start with the standard disclaimer that my comments today reflect my own opinions and not necessarily those of the Commission or my fellow Commissioners.

Back in Washington, DC, there has been a lot of talk about regulatory sandboxes. A number of forward-looking regulators, both here and abroad, have created regulatory sandboxes. In the United Kingdom, for example, the Financial Conduct Authority operates a regulatory sandbox that “allows businesses to test innovative products, services, business models and delivery mechanisms in the real market, with real consumers.”[1] Abu Dhabi’s RegLab was launched in late 2016 to allow an innovator “to develop and test its FinTech proposition in a safe environment while not putting undue regulatory burden on the participant.”[2]  The Monetary Authority of Singapore similarly is using a sandbox to “encourage[e] more FinTech experimentation so that promising innovations can be tested in the market and have a chance for wider adoption, in Singapore and abroad.”[3] Under Chairman Chris Giancarlo, our sister agency—the Commodity Futures Trading Commission—has launched Lab CFTC, which “is designed to be the hub for the agency’s engagement with the FinTech innovation community.”[4] And moving a bit closer to this coast, Arizona recently launched the first state-level regulatory sandbox for fintech with the objective of allowing people “to test innovative products, services, business models, and delivery mechanisms in the real market without incurring the regulatory costs and burdens that would otherwise be imposed.”[5] 

The motivating notion behind a regulatory sandbox is that the regulator in a sense sits in the sandbox with the innovator.[6] Not only is she right there to make sure that nobody gets hurt, but she has a front-row seat on the innovative process. She sits at the entrepreneur’s shoulder as he thinks through how to address structural and aesthetic weaknesses in his sandcastle.

Talk of sandboxes is welcome, and my fellow regulators’ sandboxes have already yielded great dividends. Given that we are in Los Angeles, however, I would rather talk about beaches.[7] On a beach, the lifeguard watches over what is happening, but she is not sitting with sandcastle builders monitoring their every design decision. From her perch on the lifeguard stand, she can spot dangerous activity and intervene with a blow of the whistle or, if necessary, a direct intervention. She always stands ready to answer questions about the rules of the beach. She puts up the red flag to warn of dangerous riptides or sharks.

In the world of securities regulation, what does a beach look like? The regulator monitors the landscape, steps in to stop violations when they occur, and stands ready to answer interpretive questions as people seek to understand how the rules apply to their situation. Engagement with the regulator is welcomed, but the regulator leaves ample room for innovators to develop their ideas without the regulators sitting at their shoulder taking part in each creative decision.

Innovation is always a challenge for regulators. We are used to the way things have been done. Our rules have grown up in response to past technologies. Figuring out whether and how they apply to new ideas is difficult. Technology’s promise is too great, however, for us to bury our heads in the sand. I am here today to ask you and others to help us learn more about the technology so that we are able to think about the regulatory obstacles that may stand in the way of crypto-technology’s ability to improve our lives.  How can I, in a sense, be a better lifeguard?

I have much to learn, but I am an eager student.

I have to be a diligent student because understanding some of the concepts in this area requires me to re-think things I thought I understood. I used to think, for example, that I knew what a token was.  It was a coin—metal, that clinked when you had a few in your hand.  You used it to ride the subway.  Or kids used tokens for rides at Chuck E. Cheese, or to play Space Invaders at the arcade.  We know what those tokens are.  They look like money, and to a kid at Chuck E. Cheese certainly feel a lot like money, but they aren’t actually money.

Or are they?  They can be exchanged for a ride or a game.  They’re a means of storing value, a marker representing a certain amount of purchasing power that are almost worthless in themselves, but have value within the system that issued them, as long as others honor them.  In form, no, they aren’t “money.”  But in function, they have very clear money-like characteristics.

In everyday speech, money has a particular meaning that we all understand even if it takes several forms.  In the US, by “money” we typically mean Federal Reserve notes issued in dollar denominations.  A dollar bill.  A twenty.  But even that very quotidian concept isn’t so simple.  Because when we say “money” we can also mean dollar-denominated, short term, revolving loans accessible through a credit card transaction.  “Money” means, yes, those crumpled bills some of us still carry.  But it also means any number of ways of storing and redeeming value.[8] It’s money not because of its form, but because of its function. 

The idea that a thing can have many forms but still represent the same function, and therefore be subject to the same regulation, is just the beginning.  The inverse is also true in the financial world.  A thing might seemingly have one form but in fact support many functions, each requiring a different regulatory regime.  A mortgage can be a loan, but also an income stream to be used to fund a collateralized debt obligation.  Gold is an asset, but gold futures are derivatives.  Creating and deploying new ways of holding and trading assets and their attendant risks is the creative heart of the financial world.  Given our federal system’s considerable array of financial regulators, defining the function of a product or transaction is always essential to determining its proper regulatory regime.

Such an analytical approach—defining an instrument by its function not its form—can be useful when we’re confronted with something that seems entirely new and difficult to categorize.  Like, for example, tokens.  I’m not here, as you might have guessed, to give a speech about arcade tokens.  The tokens we’re all so interested in these days aren’t metal and don’t clink.  Instead they are…what, exactly? In metaphysical terms, they are sometimes talked about as if they are the gateway to a future that challenges well-established past norms. In physical terms they’re a set of code.  In functional terms, well, it depends.  And that’s the challenge.

There are, for example, cryptocurrencies like bitcoin.  These function perhaps like money. Some of their creators and certainly some of their early adopters may have intended them to function that way, even though technological and regulatory barriers can make it tough for cryptocurrencies to serve as currency.[9] They may be currency, commodities, or something else, but it is unlikely that, on their own, they’re actually securities.

Then there are utility tokens that are designed to function much differently, at least at some point in their lifecycle.  These tokens may function as a means of executing a transaction, as a way to get access to a product or service or participate in a community, or in any number of ways that have yet to be dreamed up.   

And then there are tokens or coins used in initial coin offerings, or ICOs.  These look the most like securities.  Their creator sells them as a means of raising funds.  In one potential example, the issuer may want to build an environment in which the coins can be used—potentially as a medium of exchange, potentially as a means of executing or tracking exchanges—and sells the coins before the environment is built. The proceeds from the sales of tokens are used to build the system in which they will one day function. A coin that has no functionality at the time of sale will likely be cheaper to buy than one that offers entry into a fully realized environment.  After all, which would you pay more for: a token for an arcade that is laid out in broad terms in a white paper, or a token for an arcade where you can play Space Invaders right now?  The actual token—its form—would be no different, whether the arcade was built or not, but the functionality certainly would be.

That leads us to the burning question: what are these coins, the ones used in ICOs?  Are they securities?  Are ICOs offerings of securities?  To comply with the law, do offerings have to be registered with the SEC or qualify for an exemption?  Does the Securities Exchange Act govern trading in the coins after they have been sold by their creator? 

There is a way of figuring this out.  Although ICOs as a concept are extremely young, the old ways of determining whether they qualify as a security still apply.  At its heart, the question is a very basic legal one.  We still look to the 1946 Supreme Court decision in SEC v. Howey, which defined a security, among other things, as an investment in a common enterprise with the expectation of profits solely through the efforts of another.[10]  The assumption underlying this test is that we look to function, not form when determining whether something is a security.  In that case, the investment at issue was a set of contracts for an orange grove.  Although the Court in 1946 hardly could have foreseen the development of ICOs 70 years later, the facts of Howey show that this is not the first time the SEC has had to grapple with the fundamental question of what, functionally, is a security. 

This question, while rudimentary, is also extremely important and has ramifications beyond matters of regulatory compliance.  The world of tokens and ICOs is still in its infancy.  Determining the appropriate regulatory regime also will mean determining the shape these transactions will take as they mature.  If the coins offered in ICOs are designated as securities, for example, their development and the development of their offerings will track the contours established by the relevant securities laws and regulations.  They will, over time, come to look more and more like securities and securities offerings.  Innovations that might otherwise have occurred that don’t fit within that “security” framework may never come to fruition. 

While it’s tempting to envision what might come to pass if these concepts were free to develop in whatever way the market dictated, without being pinned down with a label such as “security” or, as “commodity,” “currency,” “asset,” “forward contract,” there comes a point where regulatory uncertainty is a greater roadblock than confinement within a particular regulatory regime.[11] 

And there are aspects of certain tokens and ICOs that seem to fit well inside the “security” definition.  To the extent that an ICO involves the sale of tokens to investors seeking to realize a profit from the increased value of their coins once the environment is created, it starts to look like a securities offering. At least some ICOs, or aspects of some ICOs, would seem to fall under the SEC’s jurisdiction.

This is not to say that all ICOs must be deemed securities offerings.  Given the undeveloped nature of this area, I am wary of any blanket designation for all ICOs.  Instead, the best path forward, at least for the time being, is to evaluate the facts and circumstances of each offering. 

Designating certain ICOs securities offerings does not end the inquiry once and for all.  What, for example, are the coins once the environment is completed?  Are they still securities, subject to all the regulations that follow securities into the secondary market?  Or are they something else?  A commodity? A currency?  Something in the nature of a Chuck E. Cheese token? When do they change into something new?  When the environment is minimally functional?  What if its developers make substantial upgrades to its functionality such that the value of the coins increases with the increased access to the new functionality?  These are tough questions that still need answers.  They are questions that turn on facts and circumstances, but we should strive to provide some guidance.

For those ICOs and tokens that do come under the SEC’s jurisdiction, it will fall to us to devise an appropriate regulatory structure for these new types of deals.  This is no easy task, and there are many traps for regulators along the way. Several come to mind.

First, while the SEC has considerable expertise in applying the Howey test, the first step in applying that test properly is understanding to what we are applying it.  As I mentioned, I have had to put my student hat back on as I have worked to comprehend what tokens and distributed ledger technologies are and what their potential is.  We have staff who are much better versed than I am in blockchain technology and the coding principles that underlie it, but for many of us in the lifeguard station there is a steep learning curve ahead. 

Second, we must be careful not to let our lack of familiarity with new technology breed anxiety and therefore bad regulation.  There is a risk, when something truly innovative comes along, that regulators will focus only on the harms the innovation may bring and miss entirely the opportunity it presents to improve people’s lives.  New technology does often bring with it risks; it can take time and experience for developers to build in the proper safeguards.  For example, we have seen lots of crypto currency thefts.[12]

However, undue focus on potential harm can result in an agency’s leading with its enforcement powers, and ultimately setting itself up as the industry’s adversary.  While a regulator should not be too chummy with the industry it regulates, creating a hostile relationship carries its own risks.  Industry participants may be afraid to ask necessary questions and may avoid—rather than speak frankly with—the regulator.  The regulator itself then risks becoming blind to the needs of the market, while also potentially missing significant wrongdoing.

Third, even if the agency side-steps this trap, it may fall into another. The regulator may insert itself inappropriately into the creative process.  The regulator should be careful not to try to control the development of new technologies.  Not only is it outside the regulator’s proper function, but such micromanagement can result in the regulator forcing new technology to fit existing—and familiar—regulatory frameworks regardless of whether those frameworks are appropriate.  The law deserves respect, but technological progress should not be bound by the limits of the regulator’s lawyerly imagination.

In addition to thinking about the potential risks of new technology, the regulator may feel compelled to assess its commercial value. For regulators, the temptation to substitute their own judgment for that of consumers and investors is powerful. Regulators do not need to take on the impossible task of deciding what products and services will win over consumers. The market is efficient at signaling which products and services people want in their lives and which they would rather do without.

My fear that regulators will grab hold of the shovels and buckets is why I am often wary of so-called regulatory sandboxes.  I am entirely in favor of finding ways to make appropriate regulatory allowances that clear the way for innovation to flourish.  What troubles me about sandboxes, however, is that the regulator is typically sitting right there next to the entrepreneurs.  The regulator is facilitating and hosting the sandbox.  In a rapidly shifting environment, such as the one surrounding ICOs, it is entirely appropriate for innovators to provide ongoing information to the relevant regulators.  This interchange of ideas helps the regulators to understand what is happening, and therefore to feel comfortable exercising proper forbearance as new methods develop.  A spirited back-and-forth also helps the regulators do their job better.  That job includes evaluating new and existing regulations in light of market changes to ensure those rules are still well-suited to their intended purpose and do not unnecessarily stifle growth. 

That sort of open communication between innovator and regulator can occur without a government-sponsored sandbox.  To be clear, I am not categorically opposed to such solutions if they work to open the path for new developments.  They seem to be working very well for some regulators. That said, I am mindful of the fact that a regulator’s mere presence can change the tenor of a fruitful conversation. Hence, the beach, not the sandbox, is my preferred approach.

The best path forward is for regulators to approach ICOs and tokens with intense curiosity. We must put in the effort to learn about these new technologies and employ the staff necessary to support our understanding.  It is unfortunate that, to date, most of the communications from the SEC on the topic have come from our Division of Enforcement.  Don’t get me wrong; it is absolutely essential that we address securities law violations, in particular fraud, that occur in any market under our jurisdiction.  To that end, I encourage anyone who is aware of fraud in this space to notify the SEC so that we can ensure this market isn’t tainted by bad actors.[13]  Chairman Clayton has rightly emphasized that we will pursue retail fraudsters, regardless of whether they use pre-Revolutionary Chinese bonds[14] or post-millennial ICOs.[15]

At the same time, I would much rather market participants who are not using the ICO label as an alluring way to steal money first meet us in a more neutral space. I encourage anyone with concerns or questions about the regulation of ICOs and distributed ledger technology to meet with the staff in the Division of Corporation Finance. The CorpFin staff, with the active engagement of our excellent CorpFin director Bill Hinman, has been looking hard at ICOs and related issues. They are trying to fully understand the technologies and to evaluate how an apt regulatory framework might look.  As appropriate, staff in the Division of Corporation Finance can point you to other regulatory divisions, which are also looking at these technologies and thinking about the regulatory questions they raise.

To further these efforts, and for the benefit of all of us at the SEC working on these issues, I recommend that the SEC set up a web page devoted to questions and comments about ICOs, tokens, distributed ledger, and other crypto concepts.[16]  We already have an email address——that folks can use to contact SEC staff for the purpose of discussing their fintech projects and regulatory options. A website would be easier for innovators to find. Unlike many other innovations in the financial world, much of this development is being done—not by financial firms, which are steeped in our regulatory environment—but by firms in the technology space, which may be unfamiliar not only with the SEC’s regulations, but also with the agency itself.  It is important therefore to ensure that people who are looking for answers can find them easily.   A crypto web page would be a modest first step to putting some helpful guideposts in place. 

Another benefit of an easily accessible webpage is the opportunity to open-source answers to some of the challenges in this space. Recently, for example, the Division of Investment Management issued a letter that put the brakes on registered funds that seek to hold cryptocurrencies, pending satisfactory answers to a long list of questions.[17] I would love to provide people the opportunity to post public responses to these thought-provoking, important questions and react to one another’s responses. This kind of interactive conversation about challenges in the crypto-space, such as custody and valuation, would be valuable for me and, I suspect, for others at the Commission as well.

 I have enjoyed meetings at my office with people who are working in this space.  My staff and I have learned an enormous amount from these meetings. I can’t do my job if I don’t know what the market needs.  While I can do my share of reading and learning from the experts within the SEC, that knowledge is incomplete without insight from those who are actually on the ground, those whose ideas may transform our futures.         

I hope more people come to talk to me.  I still have questions.  For example, I understand that some issuers are conducting ICOs as private placements under Reg D.  Does that approach work?  Is there anything about our regulation of private placements that just doesn’t work with tokens?  Should Reg D be revised in any way?  Are other exemptions being used?  How are those working?  Where are the pain points?  What can we do differently? How can we think through when a token that starts out as a security turns into something else? How should our thoughts on that question affect trading platforms? How should governance structures affect how we look at ICOs? What are some potential applications of distributed ledger technology in the securities space?

The SEC is not the only regulator interested in providing regulatory clarity for cryptocurrencies, ICOs, and other applications of distributed ledger technology. Our colleagues at the CFTC, for example, have been very engaged in this space. Treasury plans to release a report on fintech in the coming months. Financial regulators are working together domestically and internationally to understand and respond to fintech developments.

My hope is that we can navigate these new waters collaboratively. The SEC’s role is not to hand out permission slips for innovation. Innovation happens—organically through private decisions and irrepressible human creativity. We at the Commission have a role to play in protecting investors and market integrity by deterring and punishing fraud and setting clear rules. As we sit atop our lifeguard’s stand and survey the beach, however, let’s not lose sight of the benefits new technology can provide in the area of capital formation, market efficiency, economic growth, and overall societal well-being. Thank you.


[1] UK Financial Conduct Authority, Regulatory Sandbox, (updated Feb. 14, 2018), available at

[2] Abu Dhabi Global Market, “ADGH Launches Its FinTech RegLab” (Nov. 2, 2016), available at

[3] Monetary Authority of Singapore, FinTech Regulatory Sandbox (Jan. 9, 2017), available at

[4] U.S. Commodity Futures Trading Commission, Lab CFTC available at

[5] Office of the Attorney General of Arizona, “Arizona Becomes First State in U.S. to Offer FinTech Regulatory Sandbox” (Mar. 22, 2018), available at

[6] Khushboo Agarwal, Playing in the Regulatory Sandbox, N.Y.U. J. L. & Bus. Online (Jan. 8, 2018), available at (“Product launches into actual marketplaces are certainly not a game, especially in “FinTech” (technological innovations in the financial services sector) where sandboxes are currently most used, but the analogy with a child’s sandbox is apt. Regulatory sandboxes encourage innovation by improving access to financing, minimizing legal uncertainty, and allowing entrepreneurs to experiment and fine-tune business models in a controlled testing environment. Such playgrounds allow regulators to stay abreast of new business ideas and products, and to learn where they might need to update or fill in gaps in existing regulatory frameworks.”).

[7] I am not alone in contrasting sandboxes with beaches in fintech regulation. See, e.g., Ingle, Laurence, “Why Build a Sandbox on a Beach?  An Analysis of Fintech Regulation in New Zealand,” Victoria University of Wellington Legal Research Paper (Apr. 4, 2018), available at

[8] Beckworth, David, “William A. Barnett on Divisia Aggregates and Measuring Money in the Economy,” Macro Musings, Mercatus Original Podcast (Dec. 4, 2017), available at

[9] See, Knight, Brian R., “Federalism and Federalization on the Fintech Frontier,” 20 Vand. J. Ent. & Tech. L. 129 (Fall 2017), (discussing the various applications of crypto and distributed ledger technology and the regulatory barriers such innovations face), available at

[10] S.E.C. v. Howey, 328 U.S. 293, 301 (1946).

[11] See, Knight, Brian R., “Modernizing Regulation to Encourage Fintech Innovation,” Testimony before the House Committee on Financial Services, Subcommittee on Financial Institutions and Consumer Credit Examining Opportunities and Challenges in the Financial Technology (“Fintech”) Marketplace (Jan. 30, 2018), (discussing the challenges presented when firms face uncertainty among federal financial regulators), available at

[12] See, e.g., U.S. Securities and Exchange Commission Release No. 81207, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO (Jul. 25, 2017) (reporting investigation of the DAO and the theft of its digital coins worth an estimated $53 million) available at; Shane, Daniel, “$530 Million Cryptocurrency Heist May be Biggest Ever,” CNN Tech (Jan. 29, 2018) (reporting on theft at Coincheck), available at

[13] To learn more about reporting suspected fraud to the SEC, please visit our dedicated web page at

[14] U.S. Securities and Exchange Commission, “SEC Charges Prominent Pastor, Financial Planner in Scheme to Defraud Elderly Investors” (Mar. 30, 2018), available at

[15] See, e.g., U.S. Securities and Exchange Commission, “SEC Halts Fraudulent Scheme Involving Unregistered ICO” (Apr. 2, 2018), available at; U.S. Securities and Exchange Commission, “SEC Emergency Action Halts ICO Scam” (Dec. 4, 2017), available at

[16] The SEC could simply build out its existing fintech webpage, FinTech, The Evolving Financial Marketplace (Jan. 24, 2017), available at

[17] U.S. Securities and Exchange Commission, Staff Letter: Engaging on Fund Innovation and Cryptocurrency-related Holdings (Jan. 18, 2018), available at

Return to Top