Initial Coin Offerings (ICOs) and Initial Token Offerings (ITOs) are recent innovations for companies to raise capital outside of traditional securities markets and funding sources (e.g., venture capital and angel investors). These “alt-offerings” also represent an avenue for innovation in financial crime and, in turn, require innovation in regulatory response.

What are they?

The names ICO and ITO are not accidental choices; they are intended to make a potential investor think of Initial Public Offerings (IPOs). Alt-offerings are thus very simple: A company raises capital by selling its own proprietary virtual currency to the public instead of shares of stock or debt offerings like bonds. These proprietary coins or tokens are typically purchased with other virtual currencies, such as Bitcoin or Ether. However, some better-financed firms provide traditional alternatives, such as credit card purchases.

Websites that list current ICOs, such as ico-list.com or coinschedule.com, show that the majority of these companies do roughly the same thing: take a business process and re-imagine it by using blockchain technology. These include sales of apps, in-app goods and digital goods used in gaming; employer/contractor management systems; lottery systems; affiliate marketing; B2B commerce; social networks; and platforms for managing virtual currencies.

However, all of these companies seem to have one thing in common: they are pre-revenue and the platforms they are marketing are in early stages of development. Similarly, the level of detail of what the company does or, more accurately, will do, is limited. In addition to a website for the alt-offering and about the company, there is typically a white paper explaining what the proposed platform will do and how the coins/tokens will be used by the company and ecosystem.

For example, PerksCoin is a virtual currency that will be used by cannabis companies to advertise on the CannaSOS social network, and by users to buy goods and services from those companies, among other uses. Despite selling 16 billion tokens, with a total capitalization of over $20 million, the PerksCoin website notes that the transaction platform has yet to be developed.

What are the concerns?

There are two big red flags in terms of financial crime risk with ICOs and ITOs. First, since these offerings bypass traditional securities markets, companies do not file the same type of disclosures they would need to if issuing typical equity or debt securities. That leaves a distinct gap in terms of consumer and fraud protections—a fact which a number of regulators have highlighted. Even if the principals of a firm issuing an ICO or ITO are not trying to defraud their investors, the lack of detail in a typical ICO/ITO filing, coupled with the fact that the offering is being made pre-revenue, significantly lengthens the odds of such a venture succeeding.

It is worth pointing out that such concerns are not merely theoretical. Last September, the U.S. Securities and Exchange Commission (SEC) charged a businessman for issuing ICOs for two of his companies and making fraudulent claims about the firms’ operations and ICO subscription levels. In addition, another case involving ICO fraud resulted in charges in December.¹

The scariest risk of ICOs/ITOs — and one for which there are few, if any, references to by regulators—is that ICOs/ITOs make excellent substitutes for transit accounts

However, the scariest risk of ICOs/ITOs—and one for which there are few, if any, references to by regulators—is that ICOs/ITOs make excellent substitutes for transit accounts. Someone wishing to launder large amounts of funds can do so fairly safely as long as they do not get too greedy and as long as they can put together a credible online veneer of a viable alt-offering. Once set up, a network of smurfs (confederates who have access to the proceeds of the predicate crime and are tasked with the placement of those funds into the financial system) can purchase the alt-offering. The ringleaders of the scheme can then, as they see fit, cash out the non-proprietary virtual currency (e.g., Bitcoin or Ether) received from the purchases. Finally, after the announced rounds of token pre-sales are concluded, at some convenient point, the front company can then go out of business, while others are being set up. Such a scheme appears more legitimate than using virtual currencies to transfer large amounts of virtual currency, since there is an appearance of a defensible business reason for the transfers. After all, if billions of PerksCoins can be successfully marketed and sold, what will stop a narcotics trafficker or fraudster from doing so as well?

What are governments doing about this?

Currently, most countries have not addressed the regulation of ICOs and ITOs in any way. Of those which have, there are three basic responses. First, in China (with South Korea expected to follow suit), these funding mechanisms have been banned. On the other end of the spectrum, the Isle of Man has issued what they refer to as “permissive” regulations, which require companies wishing to offer an ICO or ITO to register with the government. The government also subjects cryptocurrency exchanges to anti-money laundering (AML) program requirements. In addition, Estonia is even thinking about issuing its own ICO for its proposed estcoin, which would be a currency used by members of its E-Residency “digital nation” for entrepreneurs who wish to start and manage digital businesses without physically residing in Estonia.²

In the middle are jurisdictions such as the U.S., Canada and Australia. In these places, ICOs/ITOs may be considered one of a number of financial products, such as securities or derivatives, and subject to the same requirements. In the U.S. and Canada, the Howey Test³ is used to determine whether or not something is considered a security. If the coin or token offered represents “an investment of money in a common enterprise with an expectation of profits predominantly from the efforts of others,” then it is deemed a security. The Australian Securities & Investment Commission has a more complex regime of standards⁴ that determines which regulations are applicable to ITOs and ICOs, if any. In addition, AUSTRAC, the Australian financial intelligence unit (FIU), is only now planning on imposing AML program requirements on virtual currency exchanges (as both Canada and the U.S. had done previously), which would help identify parties depositing or withdrawing funds in the virtual currency ecosystem.

But the offering may also be free from financial services regulation, most notably when the coin or token has use in the platform being developed and when that is the sole thrust of the marketing of that offering. For example, PerksCoin will be used to make purchases of goods and services in the planned network, and is not touted for its potential for capital appreciation or revenue generation (e.g., as in loyalty payments for continued membership or transaction volumes). This makes PerksCoin a “utility token,” which may not require all the disclosures and registration a token or coin deemed a security does. In contrast, CoinMetro touts “the most comprehensive Bonus Structure available,” among other offers of income and profit, which would likely cause it to be deemed a security under the definitions promulgated by these countries.

The real question is, if government regulates such offerings, how enforceable are those regulations? For example, the U.S. Securities and Exchange Commission notes that not a single ICO or ITO has registered with them. Since the only footprints of such an offering may be at virtual currency exchanges and the firms that provide the infrastructure for the offering website, tracking down an offering firm, legitimate or fraudulent, may be exceedingly challenging.

Reducing the Risks

As previously noted, even ignoring that the majority of countries have not decided on the regulatory road forward, the patchwork quilt of national regulation and guidance regarding ICOs and ITOs stands in stark contrast to the relative uniformity of AML regulations. To date, there are no international standards or guidance regarding these funding mechanisms.

While the Financial Action Task Force (FATF) did produce guidance regarding virtual currencies in 2015, revised guidance covering ICOs and ITOs has not been published as of yet. Given the potential abuses of these mechanisms, it would make sense for promulgation of a regulatory standard, incorporation into FATF’s Recommendations and into its Mutual Evaluation process.

More broadly, while international standards help provide guidance for how ITOs and ICOs should be treated by regulators, they do not actually do anything to reduce the potential money laundering (much less the fraud). To do that, we must follow the money to the virtual currency exchanges, which allow the integration of the laundered funds into the “real-world” economy. Regulating virtual currency exchanges as money services businesses, requiring them to adhere to AML program requirements, and subjecting them to regular program reviews, might make a dent in the criminal gold rush this technological innovation seems to invite.

Finally, since the 2015 FATF guidance on virtual currencies was merely that—a guidance document that was produced subsequent to the last revision to the FATF Recommendations in 2012—FATF might want to consider updating the Recommendations and the Mutual Evaluation process to specifically address virtual currency risks and regulatory frameworks more broadly than just their use in alt-offerings. While the guidance document does demonstrate how the current set of Recommendations might be applied to virtual currencies, being more prescriptive could help prevent the next Silk Road or Liberty Reserve criminal enterprises from abusing these technological innovations to avoid detection of their illicit activities. Such additional standards should hopefully also address the recent rumors⁵ that Venezuela and Russia are contemplating creating virtual currencies in order to bypass economic sanctions.

The two recent SEC ICO fraud cases ably demonstrate that the public has discovered the financial crime capabilities of alt-offerings that regulators have highlighted. It is only a matter of time, if not already occurring, before regulators discover the abuse of alt-offerings as part of a money laundering scheme. Knowing the potential for abuse, as well as the limitations in detection and enforcement, should spur appropriate regulatory reforms to address the threat.

Eric A. Sohn, CAMS, director of business product, Dow Jones Risk & Compliance, New York, NY, USA, eric.sohn@dowjones.com

To learn more about how to understand virtual currencies and blockchain technology and how to mitigate the risks, please visit: http://www.acams.org/virtual-currency-and-blockchain-training/.

1. Michelle Price, “U.S. SEC’s Cyber Unit Files Charges in Alleged Initial Coin Offering Fraud,” Reuters, December 4, 2017,
   https://www.reuters.com/article/us-usa-sec-cyberfraud/u-s-secs-cyber-unit-files-charges-in-alleged-initial-coin-offering-fraud-idUSKBN1DY1SN
2. https://e-resident.gov.ee/
3. “What is the Howey Test?,” FindLaw, http://consumer.findlaw.com/securities-law/what-is-the-howey-test.html
4. “Initial Coin Offerings,” ASIC, http://asic.gov.au/regulatory-resources/digital-transformation/initial-coin-offerings/
5. Nathaniel Popper, Oleg Matsnev and Ana Vanessa Herrero, “Russia and Venezuela’s Plan to Sidestep Sanctions: Virtual Currencies,” The New York Times, January 3, 2018, https://www.nytimes.com/2018/01/03/technology/russia-venezuela-virtual-currencies.html?_r=0