Are You Even Accredited, Bro?

avatar of @josephsavage
6 min read

U.S. regulations affect you, no matter where you live

The overhanging threat of U.S. security regulations, and potential SEC enforcement actions can impact the entire cryptoverse. It’s helpful to have an understanding, no matter where you live. To my normal disclosures I should add that I’m not a lawyer; this is not legal advice, and you should probably have a lawyer if you plan to do business in the U.S. or have any U.S. customers.

Image by Steve Buissinne from Pixabay

Competing Agencies

The most complicating factor of regulation in the United States comes from the complexity of its design. There are state regulations and federal regulations. At the state level, states can choose to enact ‘Uniform Code’ which gives them all the same laws, or they can opt for more stringent or more lenient laws on almost anything. Any financial product that is trying for full regulatory compliance has to comply with local regulations in every state where they want to do business.

At the federal level, there is a whole alphabet of three-letter agencies with differing responsibilities and claims to jurisdiction. This enabled crypto to grow in the shadows, as it took time for agencies to become aware of it, and then even longer for them to claim jurisdiction. Since Defi enables so many different types of financial constructs, it now means that many different agencies are claiming jurisdiction. Projects need to be aware of all potential jurisdiction claims, and what the enforcement tools are for the different agencies. The gorilla in the room is the SEC, so that’s where I’m going to focus.

SEC: Everything in crypto is a security

The law gives the Securities and Exchange Commission (SEC) the authority to write the rules for securities and exchanges. They can bring enforcement actions against anyone doing business with U.S. citizens. That means lawsuits and court cases. If a project has anybody based in the U.S. they can be served (ordered to appear in court) and be arrested if they fail to appear.

Since the SEC has jurisdiction over securities, they have to start by proving jurisdiction. In practice, they prove jurisdiction to themselves and then act accordingly. If you disagree (like in the XRP case), you start by making the case that you’re not actually a security. If you can prove that, then they don’t have jurisdiction and the rest of their case goes away… as long as there is no fraud or other elements that other agencies will pick up instead.

The framework for identify whether something is a security is based on a court case from 1946 that interprets wording from the Securities Act of 1933. Innovation in the 21st century is governed by a 75-year old interpretation of 88-year old laws.

Under the Howey Test, a transaction is an investment contract if:

It is an investment of money

There is an expectation of profits from the investment

The investment of money is in a common enterprise

Any profit comes from the efforts of a promoter or third party

A project has to “pass” all four parts of the test, and if it does then it’s a security! On my initial reading of this, I thought that this would mean, ironically, that in claiming jurisdiction the SEC could only begin enforcement in DeFi by conceding that cryptocurrencies are money. This conflicts with the IRS determination that cryptocurrencies are definitely NOT money. Thanks to a hodge-podge of badly written laws it’s possible for them to both be right. In a later review, I realized that the SEC focuses on 'substance over form' and they have successfully expanded the first point to include investment of anything of value, not just money.

"Expectation of profits" is where the focus on “security tokens” versus “utility tokens” comes from. If the issuing entity only talks about the utility of their token and never mentions that it could go up 1000x, are they in the clear? Since Gary Gensler thinks that everything is a security, probably not. I anticipate a lot of defenses to depend on this point.

Common enterprise basically means that investor pool their money. So this is every DAO and most other protocols, but maybe not NFTs? Unless the NFT raises money for a DAO and gives voting rights in the DAO. What if the NFT was “free” to mint but a DAO forms around it and is funded by secondary market transactions on the NFTs issued? Still lots of room for interpretation here.

Efforts of a promoter or third party… If a DAO is small enough that every ‘owner’ is actively involved, then it might be defensible on this one. If it’s large enough that the majority of owners don’t do anything other than hold the governance token, it would probably still pass.

The SEC focuses on the substance (the underlying economic realities), rather than the form (how you carefully structured it or avoided certain words/phrases). They claim that everything they see is a security, but they can only enforce using the U.S. courts. If a project is truly decentralized and has an anonymous team then enforcement is more of a challenge.

SEC: The Rich Play by Different Rules

Finally, the SEC mandate is originally preventing harm to American citizens. To that end, they created a parallel rule-set called “accreditation”. When something is clearly a security, it can play by less restrictive rules by only accepting investment from “Accredited Investors”. Until last year, accreditation only meant rich. The theory is that if you have a high enough income or net worth, then you are less vulnerable to being ‘preyed upon’ by unruly security issuers. Even if you invest stupidly and lose everything, you’re more likely to have a safety net in place of some kind.

In 2020, the definition was expanded to include ‘qualified persons’ — you can now become accredited by getting the right credentials. But the only credentials that count are certain FINRA licenses in good standing. These come from working for TradFi brokers that sponsor you for licensing. You cannot get a FINRA license on your own; there has to be a sponsor! It’s a tiny step in a positive direction, but there needs to be a much broader process that allows you to become accredited independently.

Limiting the Playing Field

Many DeFi projects have chosen to limit their legal exposure by avoiding the U.S. DYDX uses geo-fencing to exclude anybody from the U.S. from using their protocol. Gods Unchained limits the IMX airdrop to non-U.S. persons. Uniswap delisted ‘synthetic assets’. Other DeFi projects accept that they are securities and enforce accreditation. RealT only allows whitelisted addresses to interact with their tokens.

These attempts at compliance can come across as heavy-handed, and make Defi more complicated for everyone involved. They have also had the result of “protecting” U.S. citizens from receiving some very valuable airdrops. There is a general perception that enforcement actions are not actively protecting anybody!

Risk Management

I don’t love the SEC approach, or the elitism of their accreditation. They choose to enforce old laws using the biggest sticks, instead of providing clarity and letting projects know when they might be okay. It casts a heavy shadow over all of crypto, because it’s impossible to know whether a project is actually ‘legal’ or not. You may stick with the most obviously ‘non-security’ projects out there, and still find that they lose massive value at some point because the SEC brings an enforcement action.

A more common approach to regulatory risk is diversification. If every project could potentially be targeted by the SEC, but they don’t have the resources to target everyone, then investing in a wide range of projects limits your exposure to individual enforcement actions.


U.S. regulation is complicated, confusing, and outdated. The biggest enforcer is the SEC, but they follow old frameworks and mandates and refuse to provide clarity. Instead they claim total jurisdiction (“everything is a security”). Until they lose some landmark cases, there is unlikely to be additional clarity. The rich play by different rules, and effective risk management around SEC threat is challenging.

I waffled back and forth around whether this should be a “summary” or a “conclusion”. When it comes to U.S. federal regulations, you can’t safely summarize because it’s too complicated, There are no conclusions because the SEC won’t provide clarity and Congress has other priorities.

The best you can do is try to manage your risk. But that’s what finance is all about, right? Be safe out there!

This post was initially published on Savage Corner. To never miss a new post, subscribe for free! Joseph Savage is the Founder of Hive SBI.

Not financial, legal, or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This newsletter is not legal or tax advice. Hire professional advice. Do your own research.

*Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Savage Corner writers hold crypto assets and actively trade in certain markets.

Posted Using LeoFinance Beta