Latest posts by Thijs Maas (see all)
- SEC Doubles Down On Hinman Test: A Legal Analysis - March 13, 2019
- The SEC is wrong! Ethereum is a Security. - September 19, 2018
- United States Is Cracking Down On ICO Fraud — Operation Cryptosweep Has Begun - May 24, 2018
William Hinman, the Director of the SEC’s Division of Corporate Finance, gave a controversial speech last September. In this speech, he indicated that crypto tokens like Ethereum and Bitcoin might no longer be deemed a security under US law as they are ‘sufficiently decentralized’. Named after the Director, this ‘Hinman Test’ has sparked great debate among crypto lawyers and academics alike. Yesterday, SEC Chairman Clayton doubled down on this test in a letter to Coincenter. I have written on why I believe the SEC is wrong (in the context of Ethereum). Now, it is time to dive into the Hinman test with some deeper legal analysis.
This article largely consist of an excerpt of my LLM thesis titled ‘Initial Coin Offerings: When Are Tokens Securities in the EU and US?’
The Hinman Test
In his speech, Director Hinman stated that:
“If a network on which the token or coin is to function is sufficiently decentralized — where purchasers would no longer reasonably expect a person or group to carry out essential managerial or entrepreneurial efforts — the assets may not represent an investment contract. Moreover, when the efforts of the third party are no longer a key factor for determining the enterprise’s success, material information asymmetries recede. As a network becomes truly decentralized, the ability to identify an issuer or promoter to make the requisite disclosures becomes difficult, and less meaningful.”
Many of us lawyers with an interest in crypto thought this was just a rogue statement that did not necessarily reflect the stance of the SEC. To our surprise, we were wrong. Yesterday, on March 12, SEC Chairman Jay Clayton responded to a letter from CoinCenter, in which he was asked to give his opinion on the matter.
“Your letter also asks whether I agree with certain statements concerning digital tokens in Director Hinman’s June 2018 speech. I agree that the analysis of whether a digital asset is offered or sold as a security is not static and does not strictly inhere to the instrument. A digital asset may be offered and sold initially as a security because it meets the definition of an investment contract, but that designation may change over time if the digital asset later is offered and sold in such a way that it will no longer meet that definition. I agree with Director Hinman’s explanation of how a digital asset transaction may no longer represent an investment contract if, for example, purchasers would no longer reasonably expect a person or group to carry out the essential managerial or entrepreneurial efforts. Under those circumstances, the digital asset may not represent an investment contract under the Howey framework.”
‘Solely from the efforts of others’
Let’s start at the beginning. The debate at hand is related to the fourth prong of the Howey test, which is used to determine whether or not a sale qualifies as an ‘investment contract’, and therefore a security. We know from past case law that a ‘possible enhancement in value at resale is not within the Securities Act, where the essential element of reliance on the managerial, operational or developmental efforts of others is not present.’ Moreover, it is well settled that the word ‘solely’ is not to be taken literally. In fact, the term is also interpreted to include ‘significant or essential managerial or other efforts necessary to the success of the investment’. In both Glenn Turner and in Aldrich, the test was whether the efforts made by those other than the investor are the undeniably significant ones; the essential managerial efforts which affect the failure or success of the enterprise.
Although courts employ a variety of formulations of this prong of Howey, the core of the test is concerned with the degree of reliance of the investor on the efforts of the issuer.
Now, for blockchain tokens, decentralization is often spouted as a unique value proposition. A blockchain-based token is, for its functioning and value dependent on a large number of actors besides the issuer. Think for example of the role played by nodes, miners, stakers, third parties building on top of a protocol and the decentralized nature of open-source development. Seen in this light, the SEC’s stance makes sense in theory: Why would an investor need information disclosures about an issuer that no longer has any essential influence on the investment which is acquired? However, when can we speak of a protocol that is, in Hinman’s words, ‘sufficiently decentralized’? If we use ‘decentralization’ as a legal standard, the question should be asked decentralization even means.
When we talk about decentralization in context to the Hinman test, what do we refer to? Do we refer to the amount of developers involved in a project? To the amount of nodes? Amount of miners? Is it about the degree of influence the issuer has on the governance and future development of a project? Do we talk about the degree in which a token’s value is derived from businesses building on top of a protocol?
In practice, it will be difficult to determine the degree of decentralization needed for investors to no longer meaningfully rely on the issuer of the token. Even for Bitcoin, often regarded as the most decentralized project in the crypto-space, discussions can be had on the actual degree of decentralization in different areas, especially when considering that more than 90% of nodes on the Bitcoin network run the same client codebase. And what about that time when a small group of developers decided to quickly implement a fix for a critical bug that would have allowed anyone to create Bitcoin’s out of thin air?
A number of observations can be made with regards to the factors which are of importance for a ‘sufficiency-of-decentralization-test’ or Hinman Test. First, decentralization should be measured on a gradual scale. Decentralization is not binary, but instead a multidimensional concept that is a function of many factors, each of which has its own gradual scale of decentralization. This is perhaps best exemplified by the first factor which will be examined in this analysis into the variables that should be considered in a possible ‘sufficiency-of-decentralization-test’: governance.
For a great overview of how clueless we are about what decentralization means in the legal sense, and how weird it is to use it as a legal concept, see ‘Deconstructing Decentraliation, Exploring the Core Claim of Crypto Systems’ by Angela Walch.
Blockchain governance is a complex and crucial component of any permissionless blockchain project. After all, blockchain protocols are still in their infancy, with new capabilities being developed over time. New updates can shape the future success of the network, but could also lead to crucial security issues, which could potentially decimate the value of an investors tokens within a few days. As such, when examining whether a protocol is decentralized, it is important to determine the degree of control the issuer has over the future direction of the protocol. To discuss the role of the issuer in a blockchain protocol’s governance, it is necessary to have a solid understanding of how blockchain governance takes place.
For many blockchains, governance is comprised of a system of checks and balances. An analogy can be drawn with Montesquieu’s three branches of government, where governance powers are divided across three branches: the legislative, executive and judicial branch. Although it is by no means a perfect 1:1 analogy, it helps to think of blockchain governance in three branches as well. The ‘legislative’ branch in blockchain governance is comprised of those parties that can propose updates to the blockchain’s codebase. Each blockchain has a core software repository that holds the code for the main implementation of the protocol. Whoever has effective control over that software repository has the power of the legislative branch: the power to propose updates to the protocol. It should be mentioned that anyone can submit code to the software repository. However, only those in control of the software repository can include the code into the repository (by merging pull requests), thereby proposing it to the network.
Proposed updates are subsequently implemented by what we will call the ‘judicial’ branch: the network’s nodes. Not only do the nodes check whether new blocks added to the chain are in accordance with the rules of the network, they also implement updates proposed by the legislative branch by updating their software. Only when the network’s nodes update their software, an update is implemented. When a subset of nodes does not update their software out of disagreement, a contentious fork takes place, out of which two different chains (with two different codebases) emerge. As such, while the ‘legislative’ branch can make as many updates (or laws) as they want, the ‘judicial’ branch can choose not to implement those updates if it finds them to be ‘unlawful’ or incompatible with their own future vision. In case of a contentious fork, the ‘judicial’ branch can reject an update, thereby creating its own new jurisdiction. Nodes that participate in the mining or staking process arguably play a more important role than regular full nodes, as the security they provide to the network can provide for more leverage in the public discussion around the implementation of updates. For an inquiry into the issuer’s control over the judiciary branch of blockchain governance, one would therefore have to analyze the ‘voting power’ of the issuer, measured by the amount of nodes controlled, as compared to the total number of nodes and voting power. Special attention should be given to the amount of issuer-controlled mining (i.e. hashpower) in PoW-based systems in relation to the network’s total hashpower. In PoS-based systems, additional attention should be given to the amount of tokens staked by the issuer, as compared to the total number of staked tokens. Another factor of relevance here is the degree of dominance of the issuer in terms of client-codebase implementations run by nodes.
Finally, the ‘executive’ branch in blockchain governance is often comprised by the issuer itself, and commonly, an affiliated Foundation that manages the funds raised in case the token was sold through an ICO. This foundation not only reimburses the network’s core developers, but additionally forms initial policy recommendations in the form of future roadmaps, focuses on brand awareness and funds parties in the ecosystem as a whole. Such parties can include start-ups that build third-party client implementations, developer tools or applications on top of the protocol. Again, the issuer’s control over the executive branch is to be analyzed, as well as its impact on the legislative and judicial branch and its impact on the development and success of the entire ecosystem. For example, if the main success of the network can be ascribed to an issuer-controlled executive branch, it would be difficult to argue that the protocol is decentralized to such a degree that investors no longer rely on the efforts of the issuer.
Still, there is a last way in which investors can (and do) exercise governance: through the fourth branch of government. This branch is usually understood as comprising the people, press and interest groups. In relation to tokens this is not substantially different. The voice of communities of token-holders that have formed around blockchain projects is of vital importance for blockchain governance. After all, as compared with traditional government, a people’s revolt in the blockchain is very easy: investors can just sell their tokens. If the legislative branch and executive branch want to implement an update that is hated by a majority of a project’s community, this will therefore be reflected in the price of the token. As the goal of all stakeholders in a token’s ecosystem (including the issuer) is to have the token appreciate in value, the community’s voice is of real importance. The judicial branch, comprising of nodes, might (in part) opt to not implement an update due to the unpopularity thereof amongst the fourth branch of government. Still, the fourth branches’ control is exercised through market forces and applicable on a macro scale. On a micro scale, the single investor does have the ability to completely opt out of his reliance on the issuer at any time by selling his tokens.
An analysis into the decentralization of blockchain governance is complex to say the least. In which ways should governance be in the hands of other parties than the issuer? How much control should the issuer no longer retain?
An analogy to general/limited partnerships.
For additional guidance as to the required amount of effective control in the hands of investors (i.e. the amount of required decentralization of governance), we can examine how the concept of control is formulated with regards to the concept of effective control in general partnership interests. Of course, a general partnership interest is not completely similar to token holdings. However, the relevant case law does provide valuable insight into how US courts approach the concept of control.
Case law has shown that limited partnership interests are presumed to be securities unless the limited partners exercises effective control over the enterprise. General partnership interests on the other hand are clearly not investment contracts as the general partner takes an active part in the managerial efforts of the partnership. In Williamson v. Tucker it was decided that a general partnership interest is presumed not to be an investment contract because of the control exercised by the general partner, therefore constituting a lack of reliance on the efforts of others. However, if a general partner in fact retains little ability to control the profitability of his investment, his partnership is more akin to a limited partnership interest, which is presumed to be an investment contract. In its judgment, the court recognized three (non-exhaustive) situations in which this would be the case, the presence of any of which would render a general partnership interest into a limited partnership interest due to reliance on the efforts of the issuer.
The first scenario is when an agreement among parties leaves so little power in the hands of the partner or venturer that the arrangement in fact distributes power as would a limited partnership. This ‘power’ can be related to the degree of control exercised by the token issuer across the different branches of blockchain governance as explained above. If the issuer has effective control over the legislative branch but not over the other branches, does this make the token’s governance sufficiently decentralized? Or is a lack of control across each of the branches required?
The second scenario painted in Williamsson is where the partner or venturer (read: token holder) is so inexperienced and unknowledgeable in business affairs that he is incapable of intelligently exercising his partnership or venture power. This scenario is about the actual control exercised by the investor, instead of the potential, theoretical ability to exercise control. It is safe to assume that most token holders are not able to influence the legislative branch. Even though blockchain projects generally allow anyone to develop and propose code to the project’s legislative branch, the average investor is not capable hereof. In relation to the judiciary branch, most investors are likely capable of running a node, as this does not require much technical proficiency. As such, the investor is able to participate in the judiciary branch, although the question remains as to whether investors are knowledgeable enough to even have a preference in terms of voting on network upgrades. Of course, blockchain protocols are open-source, and the information required by the investor to intelligently exercise his control in the judicial branch is always available. Still, technical ineptness might nevertheless prove too big a barrier for most investors, despite the efforts of many commentators within blockchain communities trying to write informative content which makes decisions on updates as easy as possible to understand. Investors willing to run a node, inform themselves and vote on updates can exercise their control over the judiciary branch, but the amount of investors that actually do so is extremely low. The question remains whether this is enough to state that investors are in a position to intelligently exercise their control. Projects with very active communities that actively try to provide guidance to their token holders and subsequently have higher governance participation rates might have an advantage over communities that don’t. Meanwhile, the executive branch generally lies outside of the token holder’s reach of control, although exceptions exist.
A third scenario that would indicate the lack of control of investors on the profitability of their investment given in Williamson recognizes the situation where the partner or venture (read: investor) is so dependent on some unique entrepreneurial or managerial ability of the promoter or manager that he cannot replace the manager of the enterprise. If the investor is not in a situation where he can potentially replace the issuer, he is reliant on their efforts for his profits. This is where the fourth branch of crypto-governance is relevant. As mentioned, if a large part of a project’s community disagrees with, for example, a controversial update to the blockchain’s codebase, the fourth branch of blockchain governance can influence the ‘judicial branch’ to not update their nodes. In doing so, they create a fork of the blockchain, thereby creating a separate network, with a separate code repository, separate node implementation, and, most importantly, a separate token. In other words, the issuer can be replaced in their roles across all branches at the same time. When analyzing the viability of this option, the question becomes whether there is a realistic alternative to the efforts of the issuer. As such, if there are multiple active third-party developer subcommunities within a project, the option to replace the issuer in his roles is far more realistic than when this is not the case.
While the issuer’s role in blockchain governance is of crucial importance, and the existence of any of the scenarios in Williamsson should be examined, governance is just one factor that should be examined in a possible sufficiency-of-decentralization test. Another factor that should be examined on a stand-alone basis, is the reliance on the executive branch, or the issuer’s foundation and funds, for the success of the project. After all, the foundation often plays a major role in terms of brand awareness, the development of the ecosystem in a broader sense and the funding of third-party developers building applications on top of the protocol. If a majority of the biggest applications and use cases built on the protocol have all been funded by the issuer, this could be an indicator of reliance and a lack of ‘decentralization’. After all, the investor is then arguably reliant on the foundation for the profitability of his investment. A fork can of course be executed, but if the success of the protocol is largely reliant on the funding efforts of the issuer into applications built by third-party developers, the replacement of the issuer might not be a viable option. As such, the third scenario painted in Williamson would be applicable. Other relevant factors might include the advisory positions maintained by issuers within the entire ecosystem and the degree to which the value of tokens is reliant on other efforts by the issuer, such as networking, the organization of the community (e.g. the governance over the major online fora in which the community gathers and the organization of events) and efforts in terms of attracting new businesses to adopt the protocol. If it is realistically not viable for the project to continue without the efforts of the issuer, it will be difficult to argue that the network is decentralized to such a degree that the bar in the sufficiency-of-decentralization-test is met.
Conclusions on the Hinman test
In practice, I believe that if there is indeed a possibility that, following a possible Hinman test, sufficient decentralization might lead to a token not passing the fourth prong of the Howey test, there are barely any tokens in which this is the case, with exception of perhaps a few projects,. A token can likely not be sufficiently decentralized during, and the first years after its ICO, as the role of the issuer is crucial to the success of the protocol in the early stages. Only when a project’s ecosystem and community grows large enough for the role of the issuer to be of little importance for the development, governance and the success of a token’s value; and when the issuer can be realistically replaced, a token can be deemed sufficiently decentralized. A token that initially passed the Howey test would, at a later date, not pass the test anymore. This would mean that the legal nature of a the token would likely “transform” from a security into a commodity. A quite challenging conception for the way we traditionally think of securities, but one that also been recognized by Brian Quintenz, commissioner of the Commodities and Futures Trading Commission (CFTC):
“ [ICOs or tokens] may start their life as a security from a capital-raising perspective but then at some point — maybe possibly quickly or even immediately — turn into a commodity.”
 William Hinman, ‘Digital Asset Transactions: When Howey Met Gary (Plastic)’ (SEC transcribed speech, 14 June 2018) https://www.sec.gov/news/speech/speech-hinman-061418 accessed 25 December
 Held in McConathy v Dal Mac Commercial Real Estate, Inc.  545 S.W.2d 871 based upon earlier case law, such as Polk v. Chandler  276 Mich. 527, 268 N.W. 732; Wardowski v. Guardian Trust Co.,  262 Mich. 422, 247 N.W. 908 ; Busch v. Noerenberg  278 N.W. 34
 SEC v. The International Mining Exchange, Inc.  515 F.Supp 1062, 1067 (D. Colo.); see also Crowley v. Montgomery Ward & Co.  570 F.2d 877 (10th Cir.); Hector v. Wiens  533 F.2d 429, 433 (9th Cir.);
 SEC v. Koscot Interplanetary, Inc.  497 F.2d 473 (5th Cir.)
 Glenn Turner (n. 133) 478 and Aldrich (n. 153) 1038
 6 CVE‐2018‐17144 Full Disclosure, BITCOINCORE (Sept. 20, 2018), https://bitcoincore.org/en/2018/09/20/notice/ (providing a description of the bug disclosure and resolution process). For news coverage of the event, see Jordan Pearson, A Major Bug In Bitcoin Software Could Have Crashed the Currency, MOTHERBOARD (Sept. 19, 2018)
 However, this does not have to be the case, as seen from the block-size wars in Bitcoin, where developers and users on the one hand and miners on the other disagreed over the best way to scale Bitcoin. In this case, the community of users and developers ‘won’, eventually leading to a contentious hard fork in which a number of miners ‘forked off ‘ from the main chain to create a Bitcoin version that implemented bigger block-sizes: Bitcoin Cash.
 Stephen Jung Choi and Adam C. Pritchard, Securities Regulation Cases and Analysis (Fourth edition, University Casebook Series 2015) 30
 Williamson v. Tucker  645 F.2d 404, 422 (5th Cir.)
 Williamson (n. 174) 422)
 At the time of writing, there are 8762 nodes on the Ethereum network, while there are almost 57 million unique Ethereum addresses. Of course, not nearly all unique public keys represent unique investors, but even if only 1% of those addresses are unique investors, it would indicate that only 1.5% of investors participate run a node (assuming each node is represents a unique node owner). Data from Etherscan https://etherscan.io/chart/address and Ethernodes https://www.ethernodes.org/network/1, accessed 8 February 2019
compare data from total amount of eth nodes to total estimation of amount of investors
 There are some projects that provide investors the ability to decide over the usage of funding by the executive branch, such as Decred and Tezos.
 Choi & Pritchard (n. 173) 136
 Jerry Brito, ‘CFTC commissioner: tokens that start as securities may “transform” into commodities.’’ (20 October 2017) https://coincenter.org/link/cftc-commissioner-tokens-that-start-as-securities-may-transform-into-commodities accessed 16 December 2018