Addison Cameron-Huff, Cryptocurrency Lawyer

Part three of this series looked at the historical origins of the modern approach to interpreting what a security is. Now that we know how the courts have decided the fundamental issue for orange groves and bags of coins, we can look at how regulators have applied this to digital assets. (If any of the terms below are unfamiliar, please go back and read part three and this will make more sense).

Below is a complex dive into regulatory guidance. Keep in mind what all of this shows: the OSC has never said that all crypto is a security, and they have consistently referred to tokens in reference to raising capital, which few disagree is a regulated activity. The guidance isn't wrong, it's the interpretation of that guidance that is. Furthermore, in the application of this guidance, there isn't one decided case to point to that says whether any non-stablecoin token is a security, other than in connection with an investment/fraud scheme. But there is a 2024 CMT decision that suggest the OSC has pushed beyond the bounds of the law in their characterization of tokens.

Staff Notices: The OSC's Primary Means Of Expressing Views

OSC Staff Notices are the main regulatory instrument that securities lawyers point to when discussing the legality of crypto under the Ontario Securities Act. The views of other provincial securities regulators differ, but since Ontario is 3/4 of capital activity in Canada and the OSC is the largest regulator (which regularly works with the others to align views), we can simplify the discussion by just looking at Ontario.

The OSC issues staff notices that are non-binding guidance and views expressed in a staff notice do not necessarily represent the views of the Commission. And yet, these are treated as law, because the OSC regularly refers to its own views, and it tells everyone that's what the law is. Technically, policies may not be prohibitive or mandatory in character.

Funds, Platforms, and Tokens

The OSC has three streams of work: regulation of investment funds (which is undoubtedly within the domain of the OSC), regulation of platforms that have chosen to register with the OSC (i.e. companies willingly agreed to follow the specified rules), and then rules of general application. Again, technically staff notices aren't rules, but since they function as rules, they'll continue to be referred to as that. Platforms are companies that offer crypto exchange/dealer services and which have submitted extensive paperwork with the OSC and agreed to a great many rules. Funds are investment funds, which may want to buy crypto. Neither of these two categories are of interest to this series because they concern registrants. Our real interest is in companies that have not registered, and have not signed up for a special regulatory system. That said, a few of the staff notices about platforms have comments that reveal the OSC's view on crypto in general.

The OSC's First Public Announcement: 2014 Fraud Warnings

The OSC is not proud of their first announcement about crypto. They've deleted it from their website. It only lives on in the form of quotes on a third-party website, and in my memory. This announcement warned people about buying crypto because of fraud risk and notes that there's uncertainty about what crypto is, noting that maybe it's a security, maybe it's money, or something else. They were right to warn about frauds and ponzis, and they were right to keep an open mind about what crypto is.

2017/2018 ICO Era: CSA Staff Notice 46-307

By the summer of 2017 crypto markets were beginning another rise, and interest was growing. And where there's public interest, there's regulators. In CSA Staff Notice 46-307 the OSC told everyone what it thinks: Many of these cryptocurrency offerings involve sales of securities.

The OSC says maybe they're securities or maybe they're derivatives. Or, maybe they're securities and derivatives.

Every ICO/ITO is unique and must be assessed on its own characteristics. For example, if an individual purchases coins/tokens that allow him/her to play video games on a platform, it is possible that securities may not be involved. However, if an individual purchases coins/tokens whose value is tied to the future profits or success of a business, these will likely be considered securities.

The guidance provides no statutory references or case law, and just says that they've considered the relevant case law. That's hardly a legal opinion. The footnote: The Supreme Court of Canada's decision in Pacific Coast Coin Exchange v. Ontario (Securities Commission), [1978] 2 S.C.R. 112; as well as the various judicial and administrative decisions that have been issued subsequent to that case.

This is really just a reference back to Pacific Coin, which provides only a framework for thinking about these problems, rather than an answer. The OSC provides no further details on how anyone would decide whether a token is a security or not, but the overall document provides a major hint: Cryptocurrency offerings can provide new opportunities for businesses to raise capital and for investors to access a broader range of investments. In other words: if it's raising capital, it's a security. The focus is on that angle.

Follow up guidance in 2018 said that the 2017 guidance was about things that are investment contracts or are otherwise securities. This is the same regulatory strategy the OSC pursued 50 years earlier with Pacific Coin, and which was never resolved then either, since only the investment contracts portion went to the Supreme Court.

Exchange Regulation: Consultation Paper 21-402

In 2019 the OSC and other securities regulators sought comments on their regulatory scheme for exchanges. (Later, they ignored basically all of the comments and went forward with their plan.) Now that the 2017/2018 ICO boom was over, the regulators moved their attention to the latest term of art: utility tokens. This term was invented by US lawyers to try to say that tokens aren't securities, because they were seeing the same view in the US as Canadians were dealing with locally. The guidance document explains the term as: an industry term often used to refer to a token that has one or more specific functions, such as allowing its holder to access or purchase services or assets based on blockchain technology.

Again, the OSC comes back to the idea of raising capital. This is the most fundamentally misunderstood point about the OSC's views on securities, because it's obviously true that they regulate raising capital, but that doesn't mean they regulate tokens in general:

We have seen many businesses offering tokens to raise capital for the development of their software, online platform or application. In many of these cases, the offering will involve securities despite the fact that the tokens have one or more utility functions.

In other words: mixing raising capital with something else doesn't mean the something else isn't caught up in the raising capital problem. The guidance then goes on to refer to investors, which is actually a legal conclusion, because they're only an investor if there's a security. Then they throw in a bit about how the real purpose here is to guard against risk of loss, but that's not helpful at all because plenty of things people buy have a high chance of loss. The person who drives a new Ferrari off the lot loses 1/3 of their purchase, but the risk of loss on buying Ferraris is very much not an OSC issue. This is a reference to the US and Canadian Supreme Court's obiter on the subject, which basically is that if there's a high chance of loss the government should be more concerned, and maybe what wouldn't be a security might become one just because of this, but that wasn't a part of the actual decisions of either case. The OSC knows this, and quickly moves on to just talking about the four issues from Pacific Coin. They say they've reviewed a lot of submissions from potential token launches and ...we have found that most of the offerings of tokens purporting to be utility tokens that we have reviewed to date have involved the distribution of a security, namely an investment contract..

Then the OSC puts forward a paragraph-long set of caveats before listing some examples that they think might be relevant to determining what is or isn't a security under Pacific Coin when it comes to tokens. Most of the examples are contrived, and explained only in terms of a maximal view of what is a security. But, the factors that are relevant to the legal test are below, with the quoted explanations:

[Positive] The proposed function of the token is to use software or an online platform or application, or to purchase goods and services...&rdquo.

[Negative] Token is for software that does not exist yet: because management's efforts are still needed to develop or deliver the software, online platform or application or goods and services

[Negative] The buyer doesn't get the tokens in their hands when they pay: ...the purchaser's reliance on management to deliver the tokens...

Management makes statements suggesting that the tokens will appreciate in value, or compares them to other cryptocurrencies that have increased in value.: this is only relevant if the expectation is significantly linked to management's performance. But, no one should be making price predictions anyway, if only because no one knows the future of a market.

Buying To Make A Profit By Selling: A Non-Factor

The OSC, and many other securities regulators, have invented an interesting spin on the investment contract test: is someone buying so that they can sell on a secondary market? The OSC specifically mentions this in the 2018 guidance: Although some purchasers may be purchasing the token for the utility function, many purchasers may be purchasing the token in order to sell it on a cryptoasset trading platform or otherwise in the secondary market.

This is just not a factor in the Supreme Court case, or any other case about what is or isn't a security. The OSC is wrong to bring it up. Buying and selling are the essence of the economy, and the speculative intent of a buyer does not tell us whether the thing they are buying is a security or not. The lifeblood of Canada's economy is people buying low and selling high, typically by buying in bullk and selling in smaller quantities, or by finding a buyer that the original seller couldn't. Strangely, the OSC considers bulk buying to go towards expectation of profit, but personal use purchases do not. There is no support for this in the case law, or the underlying statute. Shoes bought for wearing and shoes bought to sell in my shoe store are always just shoes.

Wholesale trading, retail, mining, and every other industry, all of which are not securities businesses, engage in this everyday and there's absolutely nothing wrong with it. The speculative intent to make a profit by buying and selling may be relevant to taxes, but not to securities. Buying something to make a profit later is not illegal and is not regulated, unless a special law makes it so. The only relevance here is that it goes to the factor in Pacific Coin of an expectation of profit, but the expectation of profit in that case is with respect to the efforts of management. The Supreme Court said it was obvious and didn't look further at the profit factor, but the case makes clear that they were following the American precedent: solely from management's efforts. In the dissent, the Chief Justice says perhaps substantially in brackets. The decision actually incorporates a US watering down of the term solely: the undeniably significant ones, those essential managerial efforts which affect the failure or success of the enterprise.

The real rule in Pacific Coin is expressed as:

If Pacific does not properly invest the pooled deposit, the purchaser will obtain no return on his investment regardless of the prevailing value of silver; there is nothing that the customer can do to avoid that result.

In other words: the customer hands over the money to management, and if they fail to buy the silver then all will be lost. A strange judicial interpretation of solely but here we are. And the OSC in 2018 translated this into To come significantly from the efforts of others. It is not the speculative intent that matters, it's whether the results of the speculation are wholly/significantly/perhaps substantially dependent on the management efforts with nothing the customer can do to avoid that result. In other words: speculative intent is not what matters. Intention to resell a thing later is not a factor either, and, if the person can resell without the involvement of the company, it strongly indicates that there is not a situation like with Pacific Coin's silver buying.

The OSC though wants it both ways. They claim in the 2018 guidance that the existence of a secondary market (where prices are determined solely by market participants) is an indicator of an expectation or profit from the efforts of management, because it would be management that gets the token listed on the secondary market. But even where there is no active steps taken to do this, the OSC says that's irrelevant as to whether purchasers expect a profit.

Non-User Purchases: A Non-Factor

The 2018 OSC guidance, the original Howey case before the Supreme Court, and the original Kansas Blue Sky law all view purchases from far away people as being negative. In Kansas, the concern was non-resident promoters selling people on opportunities in other places. In Howey, it was selling orange groves to tourists. In the OSC's guidance it was an offering of a token that permits holders to use an existing application is marketed in Canada, but Canadian residents cannot use the product, service or application.

The OSC interprets the above as being about whether or not someone has a subjective intent to make use of the thing. In Howey, the court was concerned that the buyers had little knowledge of oranges. This is the protection angle, and the idea that the law should be interpreted to protect clueless people from being preyed upon. It's a great instinct, but it's not actually the law in Canada, it's only a guiding principle from s. 1.1(a): to provide protection to investors from unfair, improper or fraudulent practices. Although that is a statutory purpose, it is only with respect to securities. The Securities Act is not a law of general application that is intended to stop fraud. There's already such a law: the Criminal Code of Canada. And there's other consumer protection laws too. This purpose is only with respect to securities, and the law cannot go beyond the bounds of securities just because there's something unfair, improper or fraudulent going on. The OSC's guidance is mixing this up.

Buying video games to resell them is fine. Buying video game codes that allow people to download video games, and then reselling those? Also fine. The digital nature of this makes no difference. The subjective intent to sell for more makes no difference. The buyers lack of personal use for 6000 copies of some video game is also not relevant. At best, the non-use by the buyer is only a factor in stretching the law, not in telling us what is covered or not.

The Negative View Of The OSC

How conservative is the OSC's 2018 guidance? They're not even willing to concede that tokens given away for free don't involve an investment of money! The distribution of tokens for free will likely not involve an investment of money. In fairness to the OSC, they do say that the concern is that maybe it's linked to something else that isn't free. But still, the hostility is clear here. And the reason for that is the institutional nature of the OSC and their role in protecting investors from unscrupulous people who prey on them. That said, the actual reality of this guidance and the OSC's enforcement is that they did almost nothing about the thousands and thousands of frauds and capital-raising token projects that were launched from foreign jurisdictions.

Non-Securities: They Exist!

By January of 2020, the OSC was narrowing their view on what's a security:

In some cases, the crypto asset is clearly a security, for example, a tokenized security that carries rights traditionally attached to common shares such as voting rights and rights to receive dividends. In other cases, the crypto asset is a derivative, for example a token that provides an option to acquire an asset in the future.

Few would disagree with the above. It's a lot less broad than their earlier guidance seemed to be.

In 2021 guidance to platform operators, page 1 shows the reality of the regulation of tokens as securities: if crypto assets that are securities and/or derivatives are traded. If the OSC thought every crypto asset was a security then they would say so, but they don't. And they never have. The OSC has actually issued guidance that's quite accurate, but it's been misread.

The 2021 guidance focuses almost exclusively on crypto exchanges. The OSC published a report the year before about a large exchange that failed, and for which they received flak for not doing anything about it, despite complaints about fraud, money laundering, etc. The OSC realized that the right angle was not to go after the creators of tokens but rather to go after the platforms where these things are bought on sold. They did this by applying a novel argument: if a platform doesn't immediately transfer crypto to the user then it's created a security/derivative for that user of the underlying crypto. Other countries did not follow this model. But it doesn't matter, because companies signed up to be platforms and they agreed to those rules.

What's the implication of the exchange focus? It's that the OSC implicitly acknowledges that much or all of what's traded on crypto asset platforms is not actually a security, and that's why they reached for the argument that it was about immediate delivery, not the thing being delivered. That view was entirely driven by a desire to regulate platforms like the failed QuadrigaCX, but in this view we see the idea emerge that a lot fewer tokens are securities than they were previously letting on. This is partly a shift in the regulator's stance, and partly a shift in the token landscape as the ICO boom was now well in the rear view mirror.

And at this point, the OSC generally lost interest in publishing more guidance. Perhaps because almost everyone started launching tokens through offshore platforms or anonymously, or perhaps because they realized that they weren't going to be able to push harder on the definition of security.

Changing The Statutory Definition Of A Security: 2021

In 2021, the Ministry of Finance in Ontario published a draft law to replace the Securities Act with one that would have added crypto asset as a new enumerated type of security. This would have given the OSC authority over whatever crypto assets were designated. The OSC thought this would give them discretion to basically do whatever they want:

These powers would need to be exercised selectively. While there may be a benefit from OSC regulatory oversight of certain financial assets such as crypto assets that are not already securities or derivatives, there could be other assets or business models that raise fewer investor protection concerns and would not warrant regulatory oversight by the OSC.&rdquol

The Capital Markets Act was not passed. The law was not changed. The term security does not include crypto assets. And if the OSC, and the Ministry of Finance's lawyers, thought that the law didn't already include crypto assets then why include the change? For one, this would have made the entirely discretionary Restricted Dealer system have a statutory basis. Two, it would have given clear authority to regulate. Surely the OSC asked for this, knowing that the current law is not as broad as they'd previously been suggesting (but not saying - I think the OSC's staff notices were confusing but not actually wrong).

2025: What's A Crypto Asset?

In guidance issued to funds, the OSC clarified that when they're talking about crypto assets they're talking about:

the Canadian securities regulatory authorities will generally consider a crypto asset to include any digital representation of value that uses cryptography and distributed ledger technology, or a combination of similar technology, to record transactions.

This is based on the PCMLTFA definition explained in part two of this series. Here the OSC (and other regulators) are going with an exceedingly broad definition that's aimed at anything that involves databases running on many computers. Arguably it captures essentially every type of digital thing that has value. Strictly speaking, it should just be something that is a digital representation of value but that's not how FINTRAC views it, and it's probably not how the OSC views it either. In any event, it's not important because what the OSC and CSA think about their own made up term has no relevance, since the Capital Markets Act was not passed and no similar law has been passed elsewhere in Canada. What matters is only the definition of security, and it does not include crypto asset as an explicit category. The OSC's views on crypto assets are certainly relevant to funds, which are regulated by the OSC, but not to people who make tokens outside of a funds context.

Side Note: Stablecoins

The OSC has issued guidance on stablecoins, and anyone who wants to launch a stablecoin should pay attention to that and carefully think about it. Not only because there's special considerations, but also because the OSC regulates the platforms where the stablecoin would be sold. If the OSC tells its registrants they can't buy or sell a certain stablecoin then they probably can't, even if that stablecoin isn't a security.

Putting It Together: What Have We Learned?

The OSC never said all tokens are securities. At the height of the 2017/2018 boom, they said most of what they were seeing was unlawful raising of capital. They've certainly issued a lot of other guidance that wasn't positive, and they've taken enforcement actions (and sent a lot of letters that didn't lead to enforcement). But it's simply untrue that they've ever said tokens are securities. They've always said that raising money using a token is unlawful unless rules are followed, and in that, they are correct, because the law says that. Substituting paperwork for a token doesn't change the nature of it. But it's not correct to say that selling something is the same as raising capital and this is where people have gone wrong in understanding regulatory pronouncements.

Crypto enthusiasts have always wanted an explanation from the OSC (and other regulators) about what is or isn't a security, but that isn't their job. The OSC's job is to enforce the Ontario Securities Act and it's not to tell people what doesn't qualify as a security.

What About Enforcement?

Guidance is not the only means by which the OSC expresses itself. It has also launched many enforcement actions but almost of them were about frauds, not genuine, honest token sales. Which ones weren't frauds?

BCZero: Who doesn't want to buy a token for an off-road truck racing team in Czechia? Although the case settled in 2019, the token lives on, with the last transfer having happened in August of last year. CoinLaunch Corp. through them under the bus by conceding that it was a security, but BCZero's creators were never present and don't seem to have participated in any way. The OSC concluded it was an investment contract, but this was not a contested matter, and the two sides (one of which was also the OSC) agreed to say that it was a security, as part of a settlement with CoinLaunch, a company that helped market BCZero. CoinLaunch paid $50k to the OSC to settle the matter - they weren't interested in fighting about whether BCZero was a security or not. They said it was an investment for raising equity. Even worse? The other token they marketed was a security token, so even winning on the BCZero battle wouldn't have won the war for CoinLaunch. Because if you call something a securities token, and it's for raising funds for a resort in Portugal, and it's a fractional interest in the resort's profits, then you're probably going to get in trouble.

Cryptobontix: page 40 of the whitepaper contains the probably honest and very legally unhelpful statement that Raised investor contributions shall be under the custody and use of Cryptobontix Inc.. This was some sort of gold, crypto mining, and who-knows-what investment system. Interestingly, the Capital Markets Tribunal did not find the tokens to be investment contracts but the way they were sold plus the characteristics of the tokens made the whole thing an investment contract (demonstrating nuance thinking by the tribunal). The OSC referenced the BCZero case here, but the tribunal pointed out that was a settlement. They conclude that, but for the representations made (which were terribly done, quite problematic, and surely not guided by counsel), there would have not been an investment contract. The key part of the decision is below (although other parts are more questionable). In the end, this is a fraud case also, and that colours the whole thing.

So far as I can tell, every case decided by the CMT or the OSC has been a fraud case or it's the (settled) BCZero case, in which the actual project wasn't before the tribunal.

Summing Up

The case law is thin. It's mostly frauds, and one settlement. There's nothing to say a token that isn't sold as part of a capital raising scheme is unlawful. This is consistent with OSC guidance, and the law, but it's inconsistent with the prevailing view of tokens in Canada. The next part of this series will explain where people have gone wrong in their views on the above materials.