Web3 project token issuance compliance guide: decentralization is the key

Written by:

Will Awang, investment and financing lawyer, crypto researcher.

Chris Chuyan is a crypto lawyer, former senior product manager at an exchange, and on-chain data researcher.

The ultimate goal of most Web3 projects is to issue their own tokens, especially in the crypto bull market. As token prices rise, FOMO sentiment spreads. The road in the pursuit of "freedom" is bumpy, and there may be alarms from the unknown dark forest, severe ambushes by law enforcement officers, and even jail time at any time.

How to issue tokens legally and in compliance with regulations is the top priority that Web3 projects need to clarify, but this is far from the end. The end is to achieve decentralization of the project. Decentralization will not only bring the next step of healthy development to the project, but also bring more compliance space for the project.

Therefore, this article will explain why decentralization is necessary and why decentralization will bring about compliance space from the perspective of Web3 legal practitioners and a series of articles by a16z on decentralization and token issuance, and provide some compliance strategies, aiming to provide a preliminary compliance framework for the issuance of Web3 project tokens.

1. Why do we need to achieve decentralization?

The Web1 Internet was once considered the greatest tool for liberation, until the Web2 platform gradually transformed the Internet into a promoter of authoritarianism. The relationship between network participants and platforms changed from cooperation to competition, and the collective consensus on the Internet became a single consensus of the Internet platform. The former digital utopia turned into a digital cage until the dawn of decentralized encrypted networks appeared.

As a result, the word "decentralization" has been given too many antidote-like meanings, whether it is the non-violent confrontation plan proposed in "Cypherpunks" to resist government surveillance and censorship, or the order consensus reached by programmers through Code is Law, or the political proposition of advocating network liberalism. However, these are not the main reasons why decentralization is so important for Web3 projects.

（A Cypherpunk's Manifesto）

The crypto network is a decentralized network built on the Internet. On the one hand, it uses consensus mechanisms such as blockchain to maintain and update the network status (Web3's collective consensus v.s. Web2 platform's single consensus). On the other hand, it uses cryptocurrencies to incentivize consensus participants and other network ecosystem participants to share, create, and build together (Web1's non-profit and non-ownership v.s. Web3 network participants' incentives and ownership).

Decentralization is a key feature of crypto networks, which can transfer power on the Web2 Internet platform from closed and controlled corporate organizations to open and permissionless networks. Truly decentralized crypto networks are more like public infrastructure (Public Goods) rather than proprietary technologies, and require strict authorization and licensing for use.

This open, decentralized paradigm shift has the potential to rebuild the Internet in a way that promotes competition, guarantees freedom, protects privacy, and provides fair incentives, and can, under the right conditions, attract the joint collaboration of global network participants, allowing the network ecosystem to grow exponentially. This consensus is one of the main reasons why crypto assets such as Bitcoin and Ethereum continue to defy skepticism and thrive.

In short, decentralization means that the crypto network returns the data ownership and governance rights that should belong to the network participants to individuals (Ownership), allowing them to work towards a collective and common goal - the development of the network ecology and the improvement of the utility of tokens.

2. Decentralization brings room for compliance

Decentralization can not only build collective consensus for the project, enable members to collaborate globally, and enable the ecological flywheel development, but also bring more space for the project in terms of legal compliance. We start from the starting point of SEC regulation of token issuance, and compare decentralized ICOs with centralized IPOs to see how decentralization can bring compliance space to Web3 projects.

2.1 The starting point of SEC regulation

The biggest "enemy" of the crypto industry is undoubtedly the U.S. Securities and Exchange Commission (SEC), which believes that almost all tokens are "securities" and should be registered under U.S. securities laws. Since the outbreak of initial coin offerings (ICOs) in 2017, tens of thousands of projects have sought to raise funds (including Ethereum) based on the promise of achieving important technological breakthroughs, but few projects have actually put the funds to good use.

The SEC seeks to apply securities laws to this simple fund-raising exercise because ICOs often meet all of the requirements of the SEC’s Howey Test for securities designation: a contract, scheme, or transaction in which funds are invested in a common undertaking with a reasonable expectation of profits based on the entrepreneurial efforts of managers or others.

The simplest example is token financing in the primary market (i.e., token issuers publicly sell tokens to investors). This type of public fundraising will be considered securities.

In SEC v.s. Ripple’s private placement financing in the primary market, financing for professional investors (Institutional Sales) can also fall under the SEC’s securities classification: (1) investment of money; (2) common cause, that is, Ripple uses investors’ funds for its network operations, and investors’ expected benefits are closely related to the construction of Ripple; (3) obtaining expected benefits through the efforts of others, that is, investors expect to obtain expected benefits through Ripple’s efforts. The expected benefits here include interest, income, and the increase in the value of the investment target (the Increased Value of the iInvestment).

In fact, Ripple also uses public publicity in the market to inform investors that investing in its XRP tokens may make profits in the future, or to link the value of XRP to Ripple's own efforts.

Despite this stance, the SEC and network participants share the fundamental goal of eliminating information asymmetries and creating a fair and open playing field.

The responsibility of Web3 network participants is to prove that the methods of the encrypted network are feasible and can meet regulatory requirements, such as creating a fair competition environment for a wider range of participants (developers, investors, users, etc.) in a decentralized manner, using open and transparent ledgers, eliminating single centralized control, and reducing dependence on the work of management teams.

2.2 Centralized IPO vs. Decentralized ICO

Let’s first look at a simple comparison between a centralized project IPO and a decentralized project ICO token issuance, and then look at how encrypted networks can meet regulatory requirements.

The essence of an IPO is to publicly offer a small portion of equity to raise funds, with the funds raised being used for the benefit of a small group of shareholders of the company.

As shown in the equity structure of Coinbase at the time of its IPO, the founding team and investors hold at least 70% of the shares, and the rise and fall of the stock has nothing to do with the users who use Coinbase for transactions all day. To be more realistic, if you use Coinbase for transactions all day and contribute to Coinbase's performance, what benefits does Coinbase give you?

The essence of ICO token issuance is to publicly issue and circulate most of the tokens (it can be fundraising, or it can be airdropped, etc.), so that the Web3 project can distribute control throughout the community instead of concentrating it in the hands of the management team, thereby decentralizing and promoting the development of the ecosystem.

The Web3 project development team/management team only holds a small portion of the token share, and the vast majority of tokens will be used to build the project ecosystem and incentivize network participants such as early contributors, DApp/protocol users, etc. As shown in the above figure, during the Uniswap ICO, the development team and investors only retained a small portion, and the remaining 60% of the tokens were used for the construction of the Uniswap ecosystem and governance. To be more realistic, we can get token incentives for providing liquidity in Uniswap, get token incentives for participating in transactions, get Grants for participating in ecosystem construction, and so on.

It is crucial for Web3 projects to clarify that the essence of token issuance is to achieve decentralization. Otherwise, the project party will fall into the sickle logic of "dealer selling" and the project will not be able to develop in the long run.

2.3 Decentralization brings room for compliance

From the perspective of the decentralization of token issuance, the application of the SEC’s Howey test is now more difficult: (1) monetary investment - token airdrops or other means do not involve monetary investment; (2) management team efforts - truly decentralized projects do not rely on the efforts of the management team; (3) profit expectations - secondary market investors do not necessarily need to rely on the efforts of the management team to get returns.

At the same time, decentralization can also achieve one of the purposes of the SEC - information disclosure. When decentralized projects distribute control throughout the community rather than concentrating it in the hands of the management team, it can ensure that information can reach everyone fairly.

In June 2018, SEC official William Hinman proposed the concept of "Sufficient Decentralization" in a speech, stating: "If the token or the operating network behind it is sufficiently decentralized, that is, investors no longer expect individuals (or groups) to make the necessary management and operating efforts, such assets do not constitute investment contracts." Based on this logic, Hinman believes that Ethereum does not constitute securities sales because the current Ethereum network is sufficiently decentralized.

It can be seen that decentralization is important to US regulation.

（Variant Fund, Sufficient Decentralization, A Playbook for web3 Builders and Lawyers）

III. Token Issuance Compliance Guidelines

3.1 The degree of centralization determines the size of the project compliance risk

Although decentralization can bring compliance space to projects, the SEC still released the "Digital Asset Issuance Framework" in April 2019, which keeps pace with the times, and continues to expand the jurisdiction of crypto assets through regulation by enforcement (such as regulation by enforcement of Coinbase, Binance, Ripple, Uniswap, etc.).

In any case, in order to avoid trouble from the SEC as much as possible, Web3 projects must try to work within the guidance provided by the SEC to create more room for compliance (Mitigate Risks).

Similarly, no matter in which jurisdiction, Web3 projects also need a law firm to issue a legal opinion before the exchange token issuance (IEO), stating that this is a "non-securities" token issuance in order to circumvent the supervision of securities laws in relevant jurisdictions.

It can be seen that the compliance risk of a project depends on its degree of decentralization. Bitcoin, which is fully decentralized, is the only crypto asset that has been excluded from securities by the SEC, and Ethereum is being tested.

In this regard, Miles Jennings, head of policy, legal and compliance at a16z, made it clear that decentralization is the only path a project can take to help eliminate the risks that securities laws are designed to address. Decentralization is the North Star that provides ultimate guidance for the project, and other path strategies are stopgap measures.

Of course, not all projects can be decentralized right from the start. Most Web3 projects require a process of “progressive decentralization”.

3.2 Excluding any US factors

Most projects do not have the ability to be fully decentralized when issuing tokens, so their tokens themselves are theoretically likely to be identified as securities by the SEC. For example, in the case where the SEC sued Binance and Coinbase, we saw more than a dozen "security tokens" listed by the SEC. In addition, the public issuance of tokens will also be identified as the sale of securities by the SEC.

Therefore, the direct way to avoid US regulation (especially the SEC) is to exclude any US factors and make US regulation have no jurisdiction.

Similarly, this exclusion method also applies to Chinese jurisdictions.

Therefore, when compliance capabilities are yet to be improved, whether in the financing of the private placement stage in the primary market, the TGE stage of the public issuance of tokens, or the secondary market trading stage of tokens, US factors (such as the US public and US investors) should be avoided as much as possible.

Possible paths include:

A. Early airdrop incentive stage: Web3 project owners can geo-block/VPN block US users, making them unable to participate in airdrops, token incentives, and most importantly, token public sale fund raising;

B. Private placement: If it involves privately issuing tokens to U.S. investors or employees, Web3 projects can still operate under the exemption of SEC Regulation S;

C. Public offering and listing: issuing tokens through entities located outside the United States, and giving up IEO listing on crypto trading platforms located in the United States such as Coinbase, Gemini and Kraken in the early stage.

In practice, most offshore foundations (such as Cayman, BVI, and Singapore) will become the main body of token issuance. That is, the tokens are decentralized, so the decentralized project governance rights will be managed by non-profit foundations. The foundation is an isolated entity without shareholders, there is no conflict of interest, and it is committed to the development of the project ecosystem.

Essentially, if a project does not offer its tokens to Americans, even if it is not “sufficiently decentralized,” the risk of SEC enforcement is greatly reduced. So any public offering of tokens for the purpose of raising funds for U.S. factors should be avoided as much as possible.

3.3 Restrictions on project operations

Although some of the above strategies can solve the regulatory issues of token financing to a certain extent (such as excluding the US factor), since Web3 projects are born for the global market and most of them are operated online, Web3 project parties especially need to follow some restrictions in their daily operations, especially when talking about the value of tokens (such as on social channels such as Discord, Twitter, Telegram, texts and emails, etc.), to avoid falling into regulatory traps. These activities include:

1. Protocol Development

2. Business Development

3. Marketing curation

4. Intellectual Property

5. Governance Decisions

3.3.1 Decentralized transformation of project owners’ identities

（Variant Fund, Sufficient Decentralization, A Playbook for web3 Builders and Lawyers）

Web3 project owners should avoid several situations before issuing tokens and after issuing tokens when the project enters the decentralized stage:

A. Avoid discussing or quoting the value of your tokens before launching a public sale. This includes potential airdrops, token distributions, or token economics. We have seen the SEC block Telegram’s token offering before;

B. Avoid discussing the price or potential appreciation of the tokens, or presenting them as investment opportunities, at any time. This includes any mention of expectations that may lead to appreciation of the tokens (such as mechanisms such as programmatic “burning” of tokens to achieve pricing targets or stability), and any promise to use private capital to continue to fund the development and success of the project;

C. After the token is issued, the project enters the decentralized stage, and the startup team or management team (including founders, development companies, foundations and DAOs) should clarify their positioning.

Web3 project owners need to use "initial development team" to replace the previous "core development team" or "main development team", and use "core contributor/contributor" to replace the individual's previous company title. Members of the foundation and DAO should define themselves as non-profit contributors who promote the development and growth of the protocol/DApp/DAO.

At this point, it’s easy for Web3 projects to fall into the language of centralization, even when the project is extremely decentralized, especially when they are used to talking about achievements, milestones, and other releases in the first person. These self-positioning traps include:

• Avoid suggesting that you have ownership or control over the protocol/DApp/DAO (e.g. “As the CEO of the protocol…” “Today, we turned on feature X of the protocol…”);

• Avoid making promises or guarantees about ongoing work in your protocol/DApp/DAO, and avoid treating ongoing work as being of undue importance to the ecosystem;

• Avoid highlighting efforts that have promoted or will promote greater decentralization;

• Give the project’s DAO or foundation its own independent voice to avoid confusion. A better approach is to distinguish the project development company Labs from the subsequent foundation Foundation (such as Ondo Finance and Ondo Foundation, Uniswap Labs and Uniswap DAO) to avoid confusing third parties, or simply make it not share the name with the protocol;

• Ultimately, everything anyone communicates should reflect the principles of decentralization, especially in public. Communication needs to be open and designed to prevent any one individual or group from generating significant asymmetric information.

The change of identity is particularly important. You must be careful about what you say and understand that you are no longer a CEO with great power.

3.3.2 Public channels for obtaining information

In addition to the matters that need to be paid attention to in the daily operation of the project, the Web3 project party should disclose the progress and operation of the project to the public as much as possible, which is exactly the information disclosure required by the SEC. For example, it is necessary to use simple and practical public communication methods, such as public Notion pages, Discord channels, governance proposal voting forums, weekly summary meetings, etc.

In a decentralized crypto network, since the project codes are all open source, the key to the success of a decentralized project is how to execute, not how to hold "secrets". If a project retains "confidential information" and does not disclose it, it is unfair to investors and will also aggravate the securities attributes of the token.

3.3.3 Token Lock-Up Period

In addition, Miles Jennings also mentioned the need to always extend the token lock-up period, at least one year after the token is launched. The SEC has previously successfully used the lack of a one-year lock-up period to literally prevent Web3 projects from issuing tokens. This approach can help mitigate the above-mentioned legal compliance risks, as well as reduce the downward pressure on token prices caused by token selling pressure, and demonstrate confidence in the long-term viability of the project.

Once decentralized, no individual or company is the spokesperson for the project anymore. The project's ecosystem is its own, independent and unique.

4. Model of decentralized projects

However, it is difficult to have a standard in the market to define whether a project is completely decentralized, but we can still provide guidance by observing the decentralized paths of some relatively compliant European and American projects in the market.

As the most successful decentralized exchange, Uniswap’s growth path is worth learning from, especially when it comes to sensitive cryptocurrency trading business and the opaque regulatory environment in the United States. Moreover, compliance is a top priority for Fintech companies.

We have sorted out the compliance path of Uniswap Labs after the divestiture of the protocol, which provides a regulatory-friendly decentralization sample for Web3 projects. The purpose of such divestiture is to achieve progressive decentralization on the one hand, and to gain more wiggle room at the regulatory compliance level on the other.

A. Decentralized Non-Securities Tokens

The Uniswap protocol runs autonomously on the chain and is governed by the Uniswap DAO to achieve decentralization. The single-function token UNI is its governance token. This model avoids the SEC's securities determination and brings favorable court rulings.

B. DAO Legal Package Members’ Limited Liability

Uniswap DAO established the legal entity of Uniswap Foundation as the legal packaging of DAO. On the one hand, it guarantees the limited liability of DAO members, and on the other hand, it can interact with the Web2 world and expand its influence.

C. Labs Independent operation Flexible front-end development

The Uniswap Labs team, which previously developed and maintained the protocol, has become a major contributor to the protocol as a separate legal entity. On the one hand, it has freed itself from the restrictions of the protocol, and on the other hand, it has been able to build and maintain front-end products by calling back-end protocols to achieve sustainability, such as the Uniswap DApp that previously started a charging model.

D. Regulate applications rather than protocols

As a16z advocates for regulatory principles, decentralized on-chain protocols are merely codes that are difficult to be compatible with regulation, while the front-end applications developed by Labs are fully capable of complying with regulatory requirements, allowing the team and the product itself to escape possible regulatory risks. Like any other app, the front-end application can include KYC/AML/CTF verification according to regulatory requirements, remove tokens that have been warned by regulators at any time, and apply for license qualifications, etc.

Although Uniswap Labs received a Wells Notice from the SEC on April 10, 2024, informing the SEC that it might take regulatory enforcement actions such as litigation against Uniswap Labs, it was more about the SEC's characterization of the nature of its crypto trading business itself rather than the non-compliance of the decentralized legal structure.

V. Regulatory barriers in Chinese jurisdictions

The above token issuance compliance strategy is a summary of the compliance experience of some leading projects, especially involving the United States, a jurisdiction that is relatively open to crypto assets. For China, a jurisdiction that prohibits any crypto asset activities, token issuance is bound to be accompanied by great risks.

In fact, the essence of supervision in the two jurisdictions is the same. Imagine that in the gray area, the project party made glittering gold through gray means, and it happened to be seen by some people, and they happened to "have" the power of law enforcement. The United States attaches more importance to the rule of law and will use more legal means to deal with you, while China's one-size-fits-all attitude shows everything.

Therefore, any reason that could lead to enforcement should be avoided as much as possible.

5.1 Criminal risks that may be involved in the token issuance process

As we all know, decentralization is a major feature of the Web3 industry, but the project owners behind decentralized projects and the actual controllers of the addresses on the chain are always citizens subject to legal supervision and constraints, so the project owners need to avoid violating China's legal red lines as much as possible during the token issuance process. In the process of token issuance and financing, project owners often attract users to invest with high returns, promote projects online through public media channels such as Twitter and Telegram, and cooperate with offline promotion teams to attract non-specific groups of people to promote their projects. This token financing and issuance model is very likely to constitute the crime of illegally absorbing public deposits.

The founding team of the Web3 project raised huge amounts of assets through token issuance in a short period of time. Due to the lack of necessary supervision and its own management of the project's financial status, the disclosure of fund handling is not transparent, which can easily lead to the project party using the funds for its own purposes, such as core team members buying luxury cars and luxury homes or converting the funds into their own funds for cryptocurrency trading, ultimately causing the funds raised to be squandered and unable to be returned to the construction of the ecological project, thus constituting the crime of fundraising fraud.

In addition, as mentioned above, in the process of token promotion and publicity, in order to achieve a high user growth in a short period of time, it is usually necessary to cooperate with local promotion teams and KOLs to attract users to purchase the project's hardware equipment and cloud computing power to obtain profits, and adopt the form of recommendation development and tiered rebates to reward user fission during the user growth process. This model is very likely to constitute the crime of organizing and leading pyramid selling activities.

5.2 Beware of the harm of profit-seeking law enforcement to Web3 projects

At present, local governments in some remote areas are under tremendous financial pressure. In judicial practice, profit-seeking law enforcement against Web3 projects is severe. Technology companies are investigating clues to the source of the case and cooperating with public security organs to arrest and investigate project executives and core members who hold private keys in the country, and forcibly transfer project tokens or other cryptocurrencies held by the persons involved to addresses controlled by public security organs for disposal and cashing out.

Normally, all fines and confiscations should be turned over to the state treasury, but in judicial practice, a few local governments will return part or all of the fines and confiscations to the investigating agencies as case handling funds, so that the cooperating technology companies will also receive a technical service fee.

This is a business model that threatens Web3 projects.

In the above-mentioned law enforcement activities, the core members of the project were investigated by the regulatory authorities for being involved in the case, which would inevitably cause panic and lack of security among the project community members. The disposal and realization of the project tokens by the investigating authorities through the secondary market would also cause sharp fluctuations in the price of the project tokens. After the entire project is investigated by the investigating authorities, regardless of whether the final conclusion is suspected of illegal crimes, it will be difficult for the project to continue to operate in the future, and the community developers, loyal users and investors will pay for all this in the end.

Therefore, for Web3 project parties, in the face of the damage that profit-seeking law enforcement may cause to investors and ecological participants, it is necessary to arrange for core project members such as products and technologies, as well as multi-signature managers of project addresses, to work overseas. Multi-signature management of project financial addresses can be performed to avoid single-point risks and be responsible for the asset security of users.

6. Final Thoughts

The above framework provides a preliminary compliance path for token issuance for Web3 projects. Of course, different projects will have different compliance points that need to be added, such as the data compliance requirements of DePIN and DeAI projects, the financial compliance requirements of RWA and payment projects, etc., which will not be expanded here. Before the project is implemented, please consult your own lawyer, Not Your Lawyer, Do Your Own Research.

This framework aims to help Web3 project parties more confidently explore token economics, ecological development, and promote project decentralization without having to bear the risks of owning tokens.

Of course, not every project will be suitable for Web3 projects. It takes time for the project to achieve decentralization, and compliance also requires a corresponding price. The project party must develop a well-thought-out script to carry out decentralized operations.

Reference:

[1] Why Decentralization Matters

https://a16zcrypto.com/posts/article/why-decentralization-matters/

[2] 5 rules for token launches

https://a16zcrypto.com/posts/article/5-rules-for-token-launches/

[3] How to navigate token launch risks

https://a16zcrypto.com/posts/article/navigating-token-launch-risks/

[4] How to launch a token: Operational guidelines from creation to custody

https://a16zcrypto.com/posts/article/token-launch-operational-guidelines/

[5] Progressive decentralization: a high-level framework

https://a16zcrypto.com/posts/article/progressive-decentralization-a-high-level-framework/

[6] Sufficient Decentralization, A Playbook for web3 Builders and Lawyers

https://variant.fund/articles/sufficient-decentralization/