Addison Cameron-Huff, Cryptocurrency Lawyer

A Canadian token creator needs to know one rule: No ROI From Management. This is the true rule of Pacific Coin and Howey. Token creators in Canada have to take this rule to heart, and they have to think of this rule as they make their systems, because if they obey the rule, they can likely launch their token in Canada without accidentally stepping into the danger zone of securities laws.

Repeat after me: No ROI From Management.

The Actual Rule Of Pacific Coin

NRFM covers off the legal test for an investment contract, which is the #1 category that token creators run afoul of (although there's other categories - see part 6). It's a formulation of the actual rule of Pacific Coin that is much easier to understand than the four part test, which has been stretched by regulators and courts beyond the actual decision (part 4). Unlike the constitution, Supreme Court judgements are not a living tree, and they mean the same today as they meant 50 years ago. Pacific Coin is still relevant, and still the leading case in Canada. A proper reading of the case is essential to understanding what securities laws mean in Canada.

The Pacific Coast Coin Exchange of Canada Ltd. got in trouble when they offered margin, not just bags of silver, because now management's risk management, ability to obtain financing, and market access become relevant to the buyer (part 5). The return in Howey was 10% a year, and the return in Pacific Coin was based off the 35% deposit of the purchase price (i.e. margin). In both cases it is obvious that the return to the investor is based on management's work.

March 2026 Guidance From SEC & CFTC

The recent American guidance (part 7) makes it clear that there's often a degree of dependence on the creator of a product but the question isn't whether there's a manager, or whether there's a promoter. The correct test is whether they: undertake essential managerial efforts from which a purchaser would reasonably expect to derive profits.

What is an essential managerial effort? This is something more than Apple supporting their smartwatches, or improving the operating system of iPhones over time. It's more than simply offering iCloud to make phones more useful. Amazon sells licenses to e-Books that can only be exercised in relation to their Kindle readers but there's no ROI (return on investment). That's what people have missed about these legal tests, because they've been reading the vague test from Howey and trying to imagine how broadly the words can be construed. This is a misreading.

The guidance makes it clear what these cases are about, and why many classes of tokens are excluded from the definition. Even if someone could stretch the words to make them fit. The American guidance is actually the best explanation of the Canadian legal position, even though it's for a foreign country. The test in Canada literally is just the American test, and although there's some minor deviation in how the law has developed, the core of the law is identical. The concern (at least when it comes to tokens) is always about the ROI from management.

How NRFM Covers The Categorical Views

Tokenized stocks, interests, dividends, and leverage all are related to ROI from management. Tokenized stocks because the underlying stock's securities character doesn't disappear when it's tokenized, interest/dividends because that's an obvious financial return delivered by management, and leverage because that's a service that depends on management (to achieve a higher return to the person who gets the leverage).

An on-chain crypto lending system like Morpho allows someone to achieve leverage, but not through the managerial efforts of Morpho. Because there's no ROI from Morpho this system is not leverage in the same sense as in Pacific Coin. It is not the existence of greater risk/reward that matters, it's the role of management.

Where there is no management, because there is no business, but rather only a computer program running on a decentralized network, there will often not be an ROI from management. Accordingly, it would be a very tough battle for any regulator to try to win in court on the argument that the existence of subjective intent to achieve leverage makes Morpho an investment contract system like Pacific Coin's was. That is not what securities laws are intended to regulate. They are not about the intentions of the buyer, or about the system of amplifying risks. The Ontario Securities Act is not aimed at regulating business practices writ large, it's aimed at regulating things in the world. If it is not a security, it is not in scope.

The simplest examples are the native units of a blockchain network. Something like SOL isn't a security because the creators of SOL don't provide any kind of financial return to holders. The fact that Solana actively markets that people can earn yield/returns on SOL staking is also not financial return from management, because the rewards come from the technical system itself emitting more SOL (for validating transactions). This is technical staking, and it's explicitly endorsed by the SEC/CFTC in the latest guidance. A Canadian court would almost certainly come to the same conclusion as the SEC, if the case were well-argued, because although the creators of the system even frame it as a return, what matters is whether that return comes from management's work.

With SOL staking, management's role was merely in setting up a system to allow people to do it, and they do not actively take part in the system or manage it today. All work is the result of humans, and the human touch at the beginning does not forever and always taint the activities as being an investment contract.

Protocol Fee Tokens

The US guidance doesn't touch on what I call Protocol Fee Tokens, such as RAY or UNI, in which a smart contract system automatically buys the token, effectively transferring part of the economic value of trading to the owners of the tokens. The question to ask with FPTs is the same as for all others: is there an ROI from management? The existence of ROI, even on a calculable basis (i.e. trading volume x Z% fee take) isn't sufficient. Was the money (or equivalent) somehow earned by managerial efforts? Or was it a computer program that did it?

Some projects lie about how their systems work, or they have a centralized aspect that undermines the argument, but in general, if there's no management that's factoring into the returns, then there's not going to be a security. In a truly decentralized system there is no management. And the ideal time for people to obtain the tokens is when management's role has disappeared from the system, which the SEC guidance explicitly endorses as a possibility. It's not simply the case that just because a person was once involved that their managerial efforts in the past will lurk as a shadow forever over the securities classification of the token they helped to make.

New Units Of A Thing

The SEC has too many categories. They could have simplified to NRFM as the expression of the rule, but they wanted to provide people with a more understandable ontology. But by providing categories they make it seem like the categories have something to do with the conclusions - they don't.

Bitcoin isn't a security because there's no ROI from management. The fact that some people have earned a return by speculating/gambling is irrelevant in the same way every other good in the economy works!

People buy limited edition Beanie Babies today, or collectible trading cards, and their desire to flip for a profit is irrelevant to what the thing is. Even if the trading card company is promoting the cards or promising not to release similar ones in the future, it is not their managerial efforts that earn a return for the buyer. Trading or speculative intent, or use in gambling, are irrelevant attributes of a thing. Or, if they are relevant, they're generally relevant to the thing not being a security, contrary to the instinct most people have about this.

If a person is intending to gamble using a thing then that strongly suggests the return is not from management. People buy all kinds of junk meme coins, and they may hope to make a fortune on pump and dump schemes, but that doesn't mean the meme coins are securities. The SEC explicitly recognizes that meme coins are not ever going to be securities.

This is the same logic as for a bare ERC-20 token. The error/illegality/scam part is where buyers are promised to receive something later that will be done with the revenue, in the nature of a financial benefit. It's at this point that we see that just about anything can be transformed into an investment scheme. Nike might hype up their chief shoe designer and let me buy whatever they'll make in 6 months, and give me a rebate based on shoes sold, etc. At some point, even things far from the world of securities can enter back into it. Orange groves have nothing to do with securities, but Howey and his company managed to make them into an investment system.

The Underlying Material Of Investment Contracts: Singh v. Trump, 2016 ONCA 747

Howey's orange groves were a long time ago, but people to this day are regularly transforming non-securities into investment contracts. A Toronto condo investment scheme involving Donald Trump and various companies was the subject of a 2016 ONCA decision that shows how real estate (clearly not a security) can be transformed into an investment contract.

Too many people have been distracted by the similarities between crypto and stocks to see that the real rule is not about the underlying subject matter but rather in how an investment system is designed around a non-security. Investment contracts based on these sorts of systems are easy to avoid, and sellers of tokens should be scrupulous in avoiding the sorts of things that went on with Trump's condo investment scheme in downtown Toronto back in the mid-2000s. It's worth noting that the OSC explicitly blessed that scheme as not being a security, but that didn't change the actual nature of the scheme (which was an investment contract).

NRFM: Presales Of Tokens

It is at this point that a careful reader will probably be wondering why this discussion so far hasn't talked about one of the biggest securities enforcement risks: preselling tokens.

Presales are common in business. Video games are regularly sold weeks or months in advance of launch. Tesla took deposits years before delivering cars. But in all normal commercial contexts, the buyers are merely promised the thing. There may be a roadmap, and it may be explained by management, but what is being sold must be the thing.

Presales have always been a tricky subject for crypto, and often the focus of litigation by securities regulators, because it is obvious that this is the point where there's the greatest dependence on management. A presale that's too long in advance of the product is a bad idea because it might be the case that management is taking the money from the purchasers to not just make the thing the purchasers are buying but rather to invent it.

Any time money is going into R&D, that's probably investment. But, this is only where R&D is a part of the sale. Normal companies do R&D, and that's good, but they don't tell people when they buy things that some of their money will go to R&D. Similarly, they don't tell people how the purchase price will be allocated internally to various streams of development (marketing, staff, profits for management, etc.)

Presales, when done right, are fine. They're an ordinary commercial activity. But there has to be close proximity in time between the purchase, and there has to be a clearly identifiable character of the thing being purchased. It's also best if presale buyers are in the same shoes as later stage buyers (albeit with a discount).

NRFM: The One Rule

ROI is something more than delivering the thing that's purchased. ROI is a process by which management involves itself in the affairs and that managerial effort generates a return.

Anyone making a token should consider whether they're going to be providing any return on investment (ROI) to token buyers/holders. This is not the same as asking whether value will be provided. This doesn't mean not following through on the development roadmap. Too many people (and courts, tribunals and regulators) have gotten sidetracked by trying to consider whether management's efforts must be solely, significantly, or some other strong degree of relationship. For a token creator, the ideal state is to have high value but not ROI from management. This is feasible and actually quite common with tokens launched in the last few years. The SEC guidance lists many examples of tokens that they think are totally fine, and that's not because the tokens are all meme coins with no value (and even there, the artistic value, community value, or entertainment value may be significant to the people who buy it even if it's not apparent to the rest of us).

So what kinds of value can management deliver, in relation to a thing they sold?

As the US guidance points out (part 7): an artist has an ongoing relationship with their art, and the value of it, but that relationship is not in the nature of a financial return. Ironically, many people in crypto have gone wrong by making clear what they should have made vague.

It's simple to provide financial returns (it's the easiest type of return to do, especially with crypto where every unit has value and transfers are what blockchain systems are for), and almost always the wrong choice. By adopting a law-aware development stance projects can usually make a legal token. When people do the simple and easy thing, without any regard to securities laws, it is quite easy to accidentally make a security. This is a rather unique aspect of blockchain systems that isn't found in other technologies. But, with the rise of LLMs being used for legal advice, probably more and more companies will be able to better navigate around the danger zone of securities laws.

Revisiting The Canadian Experience

Despite the abundance of information requests that the OSC and other provincial securities regulators have sent out over the last decade (thousands?), the enforcement record is relatively slim when it comes to non-frauds (part 4). A close examination of the law (part 5), the history of it (part 3), and what it means, shows that tokens that obey the NRFM rule are very likely to not be securities. No law was ever passed in Canada, since Bitcoin began, that has expanded the definition of security to include tokens that don't have a return on investment from management (although one was proposed in 2021).

Too many people have been afraid to launch tokens because they believe that all tokens are securities. This view mostly stems from the 2017/2018 ICO boom, when tokens were being sold as investments, and often in connection with frauds. People misread the OSC's statements, where they told people most of what was coming to them was investment contracts. Of course that's what was coming their way! But that doesn't mean all tokens are that, or even that most tokens are. The OSC's concern always has been with investment schemes (and particularly, illegal ones), which is a mandate that goes back to the first Blue Sky laws in the American midwest in the early 20th century (part 3).

The Accidental Security

Too many people have accidentally made investment contracts by offering financial returns and by promising that management would make it happen. Management should restrict themselves to making products and accurately describing them. If people think they can buy low and sell high - that's great. If people think they can make use of it - that's great. If people think a token will be popular in the future - that's great. What's not great is if they think there will be a financial return based on their purchase, and that return is from management's work. This is the similar test for securities, where courts will ultimately rule that if it's similar to a stock (or other well-established categories of securities, whether explicitly mentioned in legislation or not) then it's going to be a security also. But if the similarity to a stock is merely the similarity to how stock markets work, and that the token can be traded 24/7 on various sites/DEXs/wherever, that's not the right kind of similarity. The existence of a broad market is not what makes something a security.

Superficially Similar Markets Do Not Change The Character Of The Thing Being Exchanged

StockX is a website for selling shoes (e.g. Jordan Jumpman Jack TR). It shows prices with graphs that look a bit like a stock market. It has stock in the name of the site. And it's operated for years in the United States and Canada because it's clearly not selling stocks or marketing stocks. The superficial resemblance to stock trading is intentional and legally irrelevant.

NRFM: Just Do It

Canadians that don't want to follow securities laws are always welcome to start their business in another jurisdiction (Cayman + BVI is a popular combo that I'm a fan of). Other places have other laws. But, the securities laws in Canada apply when people sell to Canadians. And the same for the US, France, Japan, etc. Most countries have securities laws that are more or less the same as Canada and the US (but often with less active regulators), so by complying in Canada companies are ensuring that their tokens are complying in almost every place. That means that dealers and exchanges can carry their token all over the world, which achieves the global liquidity and usefulness that makes blockchains interesting. When a token doesn't follow the NRFM rule then it is generally limited to being sold in the exempt market (i.e. accredited investors AKA the top 1-5% of earners). Some small changes to how a project is run and how it markets its tokens can make a big difference. Typically this is done by changing the design/business practices, rather than by trying to obtain an opinion that a thing is not a security.

Lawyers can't make a security into a non-security (because substance triumphs over form), but they can help teams to make a different token that isn't a security. And the way to do that is to follow the rule: NRFM. It's taken about 19000 words to get to this point, but it's a simple point, and it's one that's practical. Far more tokens are permitted in Canada than people know.