Introduction 212 I. The Traditional Corporate Analog: Liability and Insurance for IPO Companies 217 II. Mapping onto the ICO Context 220 A. Do Digital Coins/Tokens Qualify as Securities? 220 B. What Potential Liability Does a Company Conducting an ICO Face? 224 C. Which Parties May Face Liability Following an ICO? 225 III. The Case for d&O Insurance for ICO Companies 229 A. Underwriting Criteria 232 B. Risk-Based Pricing 233 C. Contract Design 235 D. Education and Risk Management 236 Conclusion 237 INTRODUCTION
We are in the midst of a revolution in financial markets, as cryptocurrencies based on blockchain technology promise a smart, decentralized, secure, and flexible means of conducting transactions. Since Bitcoin was introduced in 2009, cryptocurrencies have been steadily gaining in prominence and economic significance, shifting from fringe instruments linked to illicit drug marketplaces and money laundering (1) to mainstream financial products used across the globe to store wealth, facilitate marketplaces, and provide platforms that support the development of new technologies. Bitcoin can now be readily converted to cash through a growing network of "Bitcoin ATMs," (2) can be hedged against using Bitcoin Futures that trade on derivatives markets, (3) and is forcing major banks to adapt through direct investments in blockchain technologies (4) and policies regarding the use of their funds in consumer cryptocurrency investments. (5)
The year 2016 brought major changes to the cryptocurrency market, including the rise to prominence of utility-focused blockchain applications that offer greater functionality such as the operation of smart contracts. (6) The most prominent of these, Ethereum (and its currency "Ether"), has become the second most widely traded cryptocurrency, with a market capitalization of approximately $53 billion (as compared to Bitcoin's $117 billion) as of June 2018. (7)
Around this time the industry also saw the rise of Initial Coin Offerings (ICOs), funding mechanisms that resemble a hybrid of crowdfunding and venture capital (VC) financing, in which a set number of "coins" or "tokens" in a new crypto venture are offered for sale to the public. Individuals can then buy in using fiat currency or other cryptocurrencies such as Bitcoin and Ether. While in 2015 an exceptionally successful ICO might have raised only a few million dollars, in 2016 ICO raises of $150 million or more began appearing, (8) conducted by what were essentially seed-stage companies that would have been unlikely to raise more than a few million dollars from venture capital firms or angel investors (the typical fundraising sources for such companies). (9) In 2017, total ICO funding topped $3 billion, exceeding the total amount of VC investment in early stage Internet companies for the year. (10)
However, despite the meteoric rise of ICOs as the funding method of choice for cryptocompanies, ICOs have been afflicted by a number of problems, including regulatory hurdles, fraudulent activity and negative public perception. While reliable estimates are lacking, informed observers have repeatedly warned that many ICOs are fraudulent; (11) with nothing but "a swanky website and an official-looking whitepaper," (12) dozens of ICOs have raised money for what have later turned out to be Ponzi schemes or fake companies whose owners steal the money and disappear. (13) There are a number of factors that have contributed to these concerning circumstances. The decentralized nature of the technology means that large amounts of money can flow through ventures without a central financial institution present to act as a guarantor. (14) The targeting of ordinary people, rather than sophisticated VC firms or wealthy individuals, (15) means that few investors have the expertise or the financial incentive to engage in costly due diligence to ensure the veracity of a firm's claims. The absence--until very recently--of significant regulatory oversight has meant that the ICO process is largely nonstandardized, giving firms significant latitude to include false or misleading information in their investment solicitation materials or to omit important information. Finally, the frothiness of the cryptomarket has meant that investors have at times been willing to accept significant risk of being defrauded in return for the potential for astronomical returns. (16)
Since mid-2017, the SEC has adopted an increasingly aggressive stance in regulating ICO activity, including announcing a new Cyber Unit--whose roles include combating "[v]olations involving distributed ledger technology and initial coin offerings" (17)--and bringing a number of enforcement actions against companies for securities fraud and unregistered offerings of securities. (18) There has been significant uncertainty as to whether cryptoassets like coins and tokens (19) actually qualify as securities and are therefore subject to SEC oversight. In a July 2017 enforcement against an organization called The DAO, the SEC articulated its view that tokens with strong equity-like characteristics are in fact securities, (20) but did not extend its analysis to more borderline cases such as utility-based coins. (21) SEC Chairman Jay Clayton has taken a broad view of what qualifies as a security, opining that "[b]y and large, the structures of initial coin offerings that I have seen promoted involve the offer and sale of securities and directly implicate the securities registration requirements... of our federal securities laws." (22) However, it remains to be seen exactly what types of coins or tokens will be caught in the SEC's dragnet.
Given the current state of the ICO market--fraught with fraudulent activity, lacking in industry norms and best practices, and regulated by an incomplete and highly uncertain regulatory framework--there is significant latitude for alternative regulatory influence from what I term "pseudoregulators"--nongovernmental bodies who exert regulatory influence over an industry by nature of their relationship with that industry rather than by any statutorily granted authority. For example, stock exchanges such as the NYSE promote industry best practices through rules and listing requirements, which were particularly important prior to the creation of the SEC in 1933. (23)
An entity with one of the greatest potentials for exerting pseudoregulatory influence on the ICO market is the directors' and officers' (D&O) insurer. D&O insurance aimed specifically at cryptocompanies only became available beginning in early 2018, and the available coverage options are extremely limited. (24) The development of a more robust and accessible market for this insurance could play an important role in altering the characteristics of ICO companies. (25) D&O insurers have played a well-documented role in regulating the risky activities of their insureds and of their target markets more generally through measures like underwriting criteria, risk-based pricing, intelligent contract design, and engagement with education and public regulation. (26) In the ICO context, the availability of D&O insurance--an important risk-reducing measure for a company's managers and shareholders--could prompt firms to comply with insurers' underwriting and pricing criteria, thereby moving towards more standardized and legitimate corporate activities that would promote the long-term success of the financial technology industry.
This Comment will proceed as follows. In Part I, I begin by discussing securities liability and the D&O insurance that covers it in the context of traditional public corporations that have recently completed an initial public offering (IPO).
In Part II, I apply these concepts to cryptocompanies that are considering doing or have recently undergone an initial coin offering (ICO). I first examine whether cryptoassets like coins and tokens are even subject to securities regulations, then proceed by discussing what types of liability a post-ICO company might be subject to and which individuals affiliated with such a company could be targeted for such liability.
Finally, in Part III, I apply concepts from traditional D&O insurance as well as cyber insurance to the ICO context, examining how D&O insurance for post-ICO companies might function. Specifically, I examine four ways that insurers could have a positive impact on the structure and governance of the ICO industry.
THE TRADITIONAL CORPORATE ANALOG: LIABILITY AND INSURANCE FOR IPO COMPANIES
Because an ICO is the initial offering of a security-like instrument to the public, an IPO is the most analogous transaction for which there is sufficient information on the attendant legal risks. Therefore, despite marked differences in the mechanisms by which ICOs operate as compared to previously available funding methods, it is useful to first examine the IPO to gain a baseline understanding of the liability and insurance issues attendant to this type of transaction.
Shareholder litigation represents the most significant source of D&O risk to public corporations. (27) In 2017, 8.4% of public companies listed on the NASDAQ and NYSE were the subject of securities class action lawsuits, (28) with average market capitalization losses of $667 million from such suits. (29) The most prevalent liability provisions in these suits are Rule 10b-5 of the Securities Exchange Act of 1934 ("Rule iob-5"), and sections 11 and 12(2) of the Securities Act of 1933 ("section 11" and "section 12"); roughly half of the 2017 filings contained allegations related to these provisions. (30) Collectively, these provisions provide private rights of action that can be asserted against a seller of securities for false or misleading representations or material omissions related to the purchase or sale of securities. More specifically, sections 11 and 12 impose strict liability on an issuer of securities for misrepresentations or omissions made in securities...