On February 20, the Securities and Exchange Commission (the “SEC” or “Commission”) issued a cease-and-desist order against Gladius Network LLC (“Gladius”) concerning its 2017 initial coin offering (“ICO”). The SEC found that the Gladius ICO violated the Securities Act of 1933’s (“Securities Act”) prohibition against the public offer or sale of any securities not made pursuant to either an effective registration statement on file with the SEC or under an exemption from registration. While this is far from the first time that the SEC has found that a particular ICO token meets the definition of a “security” under the Securities Act, this is notably the first action involving an ICO token issuer that self-reported its potential violation. Due to this, and Gladius’s cooperation throughout the investigation, the SEC stopped short of imposing any civil monetary penalties among its ordered remedial measures.
This resolution reflects a continued indication that where ICO token issuers cooperate with the Commission, the SEC may be more likely to tailor its remedial measures solely those designed to (a) bring the tokens into compliance with securities laws, and (b) protect investors against any losses caused by their purchase of the illegally offered, unregistered securities—a position that SEC officials have taken publicly.Background
The SEC has maintained since the release of its DAO Report in July 2017 that cryptoasset tokens—particularly those offered through ICOs—can meet the definition of a “security.” Since then, the Commission has brought enforcement actions against numerous ICO token issuers. In many cases, these enforcement actions alleged fraud on the part of the token issuers. In others, as was the case in Gladius, the SEC issued cease-and-desist orders against issuers merely for violations of the prohibitions against unregistered offers and sales of securities under the Securities Act.
Most recently, the SEC entered into two settlement agreements with ICO token issuers—Airfox and Paragon Coin—that were each required to register their already issued tokens and to subsequently file periodic reports with the Commission. As Steven Peikin, the Co-Director of the SEC’s Division of Enforcement indicated at the time, “these orders provide a model for companies that have issued tokens in ICOs and seek to comply with federal securities laws.” Despite such signaling by the SEC, Gladius is the first ICO issuer known to have self-reported such a potential violation.The Gladius Order
In its order, the SEC found that the Gladius ICO presented a fairly straightforward case of an illegal, unregistered public offer and sale of a “security” under the test laid out in SEC v. W.J. Howey, because Gladius offered purchasers the opportunity to make (1) an investment of money; (2) in a common enterprise; (3) with a reasonable expectation of profits; (4) from the managerial or entrepreneurial efforts of others. Gladius publicly released a White Paper on its website in late September 2017, and advertised the opportunity to invest in GLA tokens through various blogs, message boards, and on social media websites—detailing how all funds raised would be pooled together to support the building of Gladius’s proposed network of blockchain-enabled cybersecurity services.
Furthermore, purchasers of Gladius’s “GLA tokens” would have a reasonable expectation of profits from Gladius’s efforts based on both its public representations and acts subsequent to the offering. Gladius asserted that investors would see GLA tokens increase in value as the platform developed and demand increased for the coin. Further, Gladius would work to ensure this by attempting to convince digital asset trading platforms to support trading in GLA tokens. Finally, Gladius conducted its public token sale from October 13-December 13, 2017, raising roughly $12.7 million from approximately 1,700 persons.
In August 2018, Gladius acknowledged its actions potentially violated U.S. securities laws, and reached out to the SEC to self-report its potential violation with an eye to “taking prompt remedial steps” and bringing its tokens into compliance going forward. In light of Gladius’s actions, the SEC determined it would accept Gladius’s offer to (1) register the GLA tokens under Section 12(g) of the Exchange Act; (2) provide those persons who purchased GLA tokens prior to December 31, 2007 with the means to obtain a refund; and (3) satisfy established recordkeeping and reporting requirements concerning customer refund proceedings. Notably, owing to its “decision to self-report and its extensive cooperation with the Staff’s subsequent investigation,” Gladius will not be required to either pay a civil monetary penalty or publicly admit or deny any of the SEC’s findings.
The Gladius order presents further evidence of the need for ICO token issuers to consider the implications of U.S. securities laws; both when conducting their ICOs and on an ongoing basis. This is particularly true as to token issuers, like Gladius, that offer and sell ICO tokens that—in the SEC’s view—clearly meet the definition of a “security.” However, perhaps more notably, the order demonstrates the SEC’s continued commitment to bringing ICO token issuers who have already conducted illegal, unregistered securities offerings into compliance.
As the SEC first demonstrated in November 2018 with its Airfox and Paragon Coin orders, prior issuers of ICO tokens that meet the definition of a “security,” who did not do so with a registration statement on file with the Commission or subject to an exemption, can be brought into compliance through Section 12(g) registration. Now, with the Gladius order, the SEC appears to be demonstrating that previous ICO token issuers that failed to satisfy their registration obligations can reasonably expect such a remedial requirement in subsequent settlement orders.
Finally, the SEC’s explicit acknowledgment that it would not levy a civil monetary penalty on Gladius due to its self-reporting and cooperation should encourage ICO token issuers who are aware that their previously unregistered token offering may have violated the law to consider doing the same. Although the SEC will not waive its investor protection obligations, and will thus require remedial measures that include repaying initial investors their funds plus interest, it demonstrated that such cooperation may spare token issuers of costly additional financial penalties. Thus, the SEC indicated the value of assertive compliance with U.S. securities laws by ICO token issuers—both before and after the offering has been conducted.
 Securities Act Sections 5(a), (c).
 Securities Act Section 2(a)(1) lists a number of enumerated instruments that qualify as a “security,” including an “investment contract.”
 The SEC previously did so in In the Matter of Munchee SEC Release No. 33-10445 (2017). While the token issuers in the Munchee order had not yet delivered any tokens to ICO purchasers (thus, removing a need to register any already issued tokens in the market), the SEC indicated that the token issuers actions to promptly repay investors and cooperate with SEC staff when notified of their potential violation led the Commission to forego imposing any civil monetary penalty.
 The ICO issuers in the Airfox and Paragon Coin orders were required to register their tokens under Securities Exchange Act of 1934 (“Exchange Act”) Section 12(g).
 It is worth noting that some courts that have evaluated the SEC’s claims against a token issuer have held that the question of whether a particular instrument is a “security” remains a factual question, even in the case of ICOs. In one case recently, a court even refused to grant a preliminary injunction the SEC sought against an ICO token issuer as the Commission had not yet fully demonstrated how the particular token met the definition of a “security”—providing an important reminder to the SEC of its burdens when bringing charges against an individual issuer.
 328 U.S. 293 (1946). Instruments that satisfy this four prong test issued by the Supreme Court qualify as “investment contracts,” and thus have been held to meet the definition of a “security” under Section 2(a)(1) of the Securities Act.
 In the Matter of Gladius Network LLC, SEC Release No. 33-10608 (2019) at 6.