Statement on Security Token Offerings Published by Hong Kong’s SFC
Hong Kong’s Securities and Futures Commission (SFC) issued a Statement on Security Token Offerings on 28 March 2019, reminding market participants of the regulatory requirements applicable to security token offerings, generally known as STOs. The statement also reiterates the SFC’s earlier warnings to the public of the potential risks involved in investing in digital assets such as initial coin offering (ICO) tokens and security tokens.
Security tokens are being heralded in some quarters as the “next big megatrend” in the blockchain revolution. Market exuberance for ICOs has waned given the sharp drop in crypto values since their December 2017 heyday. Whereas ICOs sought to position themselves outside the securities regulatory framework, STOs are trying to bring themselves within the regulatory net in a bid to distinguish themselves from some of the bad actors seen in the ICO market and improve investor confidence and hopefully pricing.
The reality in Hong Kong, however, is that STOs are not happening, at least not yet.
Part of the reason for that, as discussed below, is that even with the SFC’s latest statement, there remains considerable uncertainty as to how Hong Kong’s regulatory framework applies to security token offerings, and more fundamentally, as to the characteristics which make a digital token a security token in the first place.
A further shortcoming of the latest guidance is that while it provides welcome guidance for example on the issues of due diligence and responsibility for accuracy of whitepaper information, the SFC does not make clear who it regards as an “intermediary”. Unlike typical securities offerings, digital token offerings are decentralised and operate without traditional intermediaries such as brokers. The UK FCA’s January Consultation Paper recognises this as one area where the use of distributed ledger technology potentially raises novel issues that need to be considered in determining how existing regulation applies to token offerings. The FCA notes specifically that it uses the term “issuers of tokens” to cover a number of entities “including developers, designers, firms who issue tokens and certain intermediaries, since determining precisely who the issuer or issuers are is not always easy or possible”. Since traditional intermediaries like securities brokers are not typically involved in the ICO and STO markets, consideration might need to be given as to how investor protection concerns can best be met without over-burdening token issuers and stifling the market.
What are security tokens?
In its statement, the SFC describes security tokens as digital assets which have the same features as traditional securities, including tokens which represent economic rights such as a share of profits or revenue. Hence a token which is essentially a tokenised share (e.g. entitling holders to a share of profits in the form of a dividend or to participate in the distribution of the issuer’s assets on winding up) will be a security token, and thus a security under Hong Kong law. Likewise, as specified in the SFC’s first statement on initial coin offerings in September 2017, a token which has the features of a debt or liability owed by the issuer will likely be a “debenture” for the purposes of Hong Kong’s securities laws.
The SFC’s latest statement also provides that a token representing ownership of assets, such as gold or real estate, would amount to a security token, although the SFC does not elaborate on why this should be the case.
It may be that the SFC is alluding here to what is essentially a tokenised real estate or gold fund – where money raised from a token offering is invested in gold or real estate on the understanding that token holders will receive a share of the future proceeds of sale of the gold/real estate when sold at a profit. In that case, the tokens would likely constitute securities as interests in a collective investment scheme under the Securities and Futures Ordinance (SFO). Alternatively, the SFC could be suggesting that tokens whose value/price is somehow linked to the value/price of an underlying commodity such as gold or real property constitute either “regulated investment agreements” or “structured products” under the SFO definitions.
Structured products are defined broadly and include any product where all or part of the return or amount due (or both), or the settlement method, is determined by reference to any one or more of:
changes in the price, value or level (or within a range) of securities, commodities, indices, property, interest rates, currency exchange rates or futures contracts, or any combination or basket of any of these; or
the occurrence or non-occurrence of any specified event(s) other than an event relating only to the issuer and/or the guarantor of the product.
The SFC statement suggests that, depending on how the tokens are structured, tokens representing an underlying asset could constitute structured products subject to Hong Kong’s securities laws. It is not however clear what the “return” would be in the context of a token representing an interest in gold for example. Would a token holder be regarded as receiving a return “determined by reference” to a change in value of the gold if he will receive the cash equivalent of the gold’s market value or physical possession of a now more valuable commodity on a future redemption of the token?
The difficulty here is that, at the date of the issue/ offer of the tokens when the regulatory categorisation of the tokens as securities or non-securities must be made, there is no way of knowing whether the underlying assets, and hence the tokens, will increase or drop in value in the future. Moreover, whether or not individual token holders will receive a “return” (i.e. a profit) on a future cashing-out will vary among holders depending on when they redeem their tokens and the prevailing state of the market. Tokens linked to an asset such as gold, or to a fiat currency such as the US dollar, are typically termed “stable coins”, the aim of which is to minimise a token’s volatility, a characteristic of most cryptocurrencies. Even the most widely held cryptos such as Bitcoin and Ether are not immune from high volatility and commonly rise or fall between 10 and 20 per cent within a day. If the SFC were to take the view that a token which at the date of offer has the mere potential to rise in value is a security subject to its requirements for securities offerings, the way to avoid this would be to fix the value of the gold at the date of offer, potentially depriving the token of its rationale.
Further, unlike the United States, Hong Kong does not regulate commodities such as gold. It is therefore nonsensical that a token representing a commodity, which is more akin to a deposit slip than a security, would be regarded as a security subject to the full force of Hong Kong’s securities regulatory regime.
Regulated investment agreements
The definition of a regulated investment agreement is an agreement, the purpose or effect (or pretended purpose or effect) of which is to provide to any party to the agreement a profit, income or other return calculated by reference to changes in the value of any property (e.g. equity-linked deposits) (but does not include a collective investment scheme). Again, unless a security token offering is essentially a tokenised fund offering (as in the DAO case in the United States) which should be regulated as a collective investment scheme, there seems to be little support for the SFC’s statement that tokens representing digital ownership of assets such as gold or real estate constitute securities under the SFO. Further guidance on this from the SFC would be welcome.
Regulatory implications of STOs being “securities” under the SFO
SFC authorisation requirements
The SFC statement notes that security tokens are typically offered only to professional investors. In that sense they differ from ICO tokens where the primary market is retail. An offer of security tokens only to professional investors as defined in the SFO has the advantage of being exempt from the requirement for SFC authorisation of any advertisement or invitation issued in relation to an offer of securities (under section 103 SFO) where the security tokens are offered to more than 50 persons in Hong Kong.
Where STO tokens constitute interests in a collective investment scheme, an exemption is also available from the requirement to obtain SFC approval of the collective investment scheme itself, which in turn requires compliance with the stringent requirements of the SFC’s Code on Unit Trusts and Mutual Funds. These requirements – in particular the fund manager requirements and investment restrictions – would make it impractical to carry out a retail offering of security tokens in Hong Kong. In particular, the Code of Conduct probits authorised retail funds from investing in real estate.
Licensing requirements for intermediaries marketing / distributing security tokens
Where tokens are “securities” under the SFO, any intermediary which markets and distributes the security tokens must be licensed or registered with the SFC for Type 1 regulated activity (dealing in securities), and each of its staff members involved in their marketing must be a Type 1 licensed representative accredited to the Type 1 licensed entity.
Conduct requirements for licensed intermediaries
STO suitability for intermediaries’ customers
Intermediaries which market and distribute security tokens must comply with the conduct provisions of the SFC’s Code of Conduct for Persons Licensed by or Registered with the SFC (Code of Conduct), in particular the requirement under paragraph 5.2 to ensure that customer recommendations and solicitations with respect to security tokens are reasonably suitable for the particular customer, given the information about the particular customer of which the intermediary is or should be aware through the conduct of due diligence. Intermediaries should also refer to the SFC’s Suitability FAQs and FAQs on Triggering the Suitability Obligations. Although not referred to in the SFC statement, all licensed intermediaries are also under an obligation to conduct customer due diligence and anti-money laundering checks on their customers and these apply irrespective of the type of product being recommended or the subject of a customer solicitation.
Online distribution of STOs
The SFC regards security tokens as “complex products” as defined under new paragraph 5.5 of the Code of Conduct which will come into effect in July 2019. Paragraph 5.5 will impose additional obligations on licensed intermediaries which make recommendations or solicit investors with respect to complex products. In particular, licensed intermediaries and their licensed staff will have to ensure that:
the security token is suitable for the client in all the circumstances;
the client is provided with sufficient information on the key nature, features and risks of the security token to understand it before making an investment decision; and
the client is provided with clear warning statements about the security token’s distribution.
Intermediaries’ due diligence obligations
The SFC’s latest statement mentions the need for intermediaries who market or distribute security tokens to conduct proper due diligence on the offering which should cover (among others):
the background and financial soundness of the management, development team and the issuer of the security token; and
the existence of and rights attached to the assets which back the security token.
Licensed intermediaries should also study security tokens’ whitepapers and all relevant marketing materials and other published information. The SFC’s latest statement also notes intermediaries’ obligation to ensure that information provided to their customers in respect of an STO is accurate and not misleading. This is the first time the SFC has raised the issue of the standard of due diligence it expects in relation to security token offerings and intermediaries responsibility for the accuracy of information.
Information to be provided to customers
Intermediaries should provide their customers with clear and comprehensible information on STOs which should include prominent warning statements alerting potential investors to the risks associated with digital assets. The SFC reminds licensed intermediaries to implement adequate systems and controls to ensure compliance with their regulatory obligations prior to engaging in security token distribution.
Requirement to notify the SFC before dealing in security tokens
The SFC also requires licensed intermediaries to notify it in advance prior to conducting any business in security tokens.
The SFC warns investors that they should exercise caution in relation to digital assets, reiterating the principal risks of digital assets which include illiquidity, volatility, opaque pricing, hacking and fraud and apply equally to security token offerings. The SFC statement notes that security token offerings are an emerging form of fundraising and that investors should thus exercise care when making an investment decision particularly given the risk of significant financial loss.
As discussed above, security token offerings are yet to take off in Hong Kong. It is hoped that this will give the SFC time to provide more detailed guidance on the grey areas highlighted above. In particular, greater clarity would be welcome on the circumstances in which tokens representing commodities (e.g. gold) or real estate would fall within the definition of a security and whether this is restricted to tokenised funds.
The professionals’ only exemption is one means of taking token offerings outside CWUMPO’s prospectus regime and the SFC’s requirements for collective investment schemes under the SFO and Code of Conduct. The ICO market has however been primarily targeted at retail rather than professional investors, although that has changed with increasing numbers of crypto exchanges now providing over-the-counter trading for large block trades only.
The downside of the SFC statement’s proposed approach to regulating security token offerings is that the investor protection driven measures of the Code of Conduct (the obligation to ensure the suitability of investment products for individual clients, anti-money laundering and counter-terrorist financing obligations etc.) will apply only where a traditional intermediary is involved. The Code of Conduct does not apply to issuers of securities and thus, on a typical security token offering, there is no obligation on the issuer to ensure the accuracy of the information provided in its marketing documents nor to assess the suitability of its tokens for prospective purchasers.
Add to this the fact that token issuers and their designers and developers are typically based offshore, outside the regulatory remit of the SFC, protection for Hong Kong investors against fraudulent or incompetent issuers will be scant. The SFC Code of Conduct requirements referred to in the SFC’s latest statement will only ever apply where a Hong Kong intermediary is engaged to market the tokens to Hong Kong investors. Under the SFO, security tokens, in the same way as traditional securities, cannot be marketed to Hong Kong investors except by an SFC Type 1 licensed entity. However, if security tokens are not “actively marketed” to the Hong Kong public, there is nothing to prevent Hong Kong investors from subscribing for tokens via an offshore platform and in this situation, none of the Code of Conduct’s investor protection mechanisms will apply. Further, if the offering turns out to be a scam, Hong Kong investors have no means of redress other than a contractual claim or common law action against the token issuer. Given that whitepapers generally do not even contain the issuer’s legal name and registered address, this route to recovering losses will not be straightforward.
These issues are of course by no means unique to Hong Kong and regulators from the major jurisdictions such as the UK, Australia and Canada are currently consulting on how to regulate tokens. In some ways, the SFC and other major regulators are to be commended for their “wait-and-see” approach to crypto regulation which is allowing the market to develop. Moreover, there is undoubtedly a second mover advantage for regulators in avoiding knee-jerk regulation in the crypto space.