March 14, 2018
Statement of Chris Brummer
Nonresident Senior Fellow, Global Business and Economics, Atlantic Council

Committee on House Financial Services
Subcommittee on Capital Markets, Securities, and Investment

March 14, 2018

Chairman Huizenga, Ranking Member Maloney, and Members of the
Subcommittee: Thank you for inviting me to testify at this
hearing. My name is Chris Brummer. I am the Agnes N. Williams
Research Professor of Law at Georgetown University Law Center,
and the Faculty Director of the Institute of International
Economic Law, where I teach courses in securities law and
international financial regulation, among other topics.1 I am
here today solely in my academic capacity and am not testifying
on behalf of any entity.

The rising popularity of Initial Coin Offerings and an
accompanying spate of fraud and market volatility has prompted an
important debate here in Washington, D.C., and indeed around the
world, about proper government responses to ICOs and
cryptocurrencies more generally.2 Some of the most pressing
questions involve the appropriate division of authority between
the CFTC and SEC, and whether their authority should reach deep
into the heart of the cryptocurrency ecosystem, the spot market.3
Still others contemplate whether or not an entirely new or
alternative regulatory regime is needed for cryptocurrency and
token fundraises, not only here but also in Europe and
elsewhere.4

My task today is a comparably more modest venture. Given the
complexity and heterogeneity of ICOs, and the limitations of our
time, I believe it`s important to start with the basics, and
contemplate just what kind of informational features, backstops
and rigor one would like to see in an ICO fundraise, and then
reflect on the sufficiency of existing regulatory tools.

With that in mind, my written comments below focus on disclosure.
Evidence of fraud is rife in many ICOs, necessitating welcome
responses by regulators,5 but an awareness of the need for better
policing of these markets is not in itself sufficiently
instructive as to what one would like to see affirmatively
disclosed in ICOs, whatever the overlying regulatory
architecture. And this is a critical issue for this subcommittee,
and the greater regulatory community. Disclosure has long been
the bedrock of U.S. securities laws, which have relied on
information to serve as the primary tool with which to empower
investors to make appropriate, informed risks with their life
savings, and by extension allocate capital efficiently in the
economy.

The disclosure system embodied in the Securities Act of 1933 is
largely one where promoters share, among other things, material
information publicly about their company, management, and
securities being offered, as well as their intended use of
proceeds. This information is then filed with the Securities and
Exchange Commission. Most ICO disclosures, by contrast, are
facilitated via currently unregulated ``white papers`` focusing
largely on the existing technology or technology under
development or to be financed via the offering.6 There is, as a
result, a large gap between the disclosures required in an S-1
(and arguably Form 1-A) and that which is provided in most white
papers.

For our purposes today, I would like to highlight some of the key
disclosures one would expect, and likely need to have for buyers
of ICO tokens whether they are investors seeking to profit or
technology users seeking to support and participate in an
innovative product to make a purchase in an informed manner.7
These disclosures are especially relevant, I believe, as ICOs
transition from technical expert ecosystems to the distribution
of instruments that are ever more likely to attract everyday
investors and the retail public:

-- Promoter`s Location and Contact Information

-- Problem and Proposed Technology Solution

-- Description of Token

-- Qualifications of Technical Team

-- Industry Risk Factors

Promoter`s Location. At least one academic study has noted that
in roughly 32% of ICOs, it is not possible to identify the
issuing entity`s or promoter`s origin.8 This creates serious
information asymmetries on the part of the investor. Without
knowing the issuing entity`s or promoter`s origins, it becomes
impossible to know or identify what rules and legal protections
might be afforded to investors. Further, investors have few means
by which to contact relevant public authorities in case of fraud,
theft or loss. ICO white papers should, therefore, set out a
detailed statement (beyond a simple P.O. box) of where the issuer
as well as its key management are located. Without a verifiable
geographical address, ICO white papers should not be permitted
for use in raising funds.

Problem and Proposed Technology Solution. For most of the history
of U.S. Securities law, no information was more important for
investors than the issuer`s financial statements. By being able
to scrutinize balance sheets, cash flow- and income statements,
investors could evaluate a company`s past performance, make
informed guesses about its future performance and profitability,
and make an estimation of the value of a company`s securities.
And precisely because of the centrality of financial statements
in securities offerings, an entire ecosystem of third party
auditors, accountants and credit rating agencies were developed
and relied on to ensure the accuracy of financial statements and
their compliance with best practices.

ICOs tend to serve a different purpose from most traditional
IPOs. Instead of funding industrial companies transitioning into
a more mature cycle of development, ICOs involve products
developed by startups identifying technology-based problems (like
limited or volatile cloud storage needs) and proposing the sale
or financing of technology-based ``solutions`` (like a peer-to-
peer platform for buying and selling cloud storage space). In
return for financing, promoters offer coins with varying
currency, utility or securities features.

For most of these offerings, it is not a company`s past
performance, or even financial statements, that are the window
through which value is perceived, but more the venture`s
technology proposition. Consequently, ensuring that investors
(including retail buyers) understand the basic contours of the
underlying technology solution is paramount as ICOs become more
popular means of fundraising.

To that end, an optimal disclosure system for ICOs would require
to the extent possible a ``plain English`` description of the
technology problem and solution.9 Furthermore, for larger
fundraises, the more technical parts of the white paper would
ideally be subject to a system of third party validation (what I
will term a ``technology audit``) confirming that the solution
disclosed in the white paper complies with sound engineering and
mathematical principles. ICO promoters could be required to
disclose just what if any third party audit of their solution was
conducted (and if there was no such audit, then this, would be
affirmatively disclosed), the material features of that auditing
system, and the results of the audit. Meanwhile, all code,
regardless of the size of the fundraise, would be posted to a
public code repository, such as Github, so potential buyers can
either diligence the code itself or other proxies for the
strength of the code.

Promoters should avoid hyperbole when describing their solutions,
an endemic problem in white papers and should also be required to
identify an objective basis for all forward-looking statements.
Along these lines, disclosures should be made as to whether post-
ICO financial statements will be provided to token holders.

Description of the Token. Just as a clear description of the
technology should be required, so should an adequate description
of the token. Tokens can have a variety of different qualitative
and economic features.10 With such variety, token descriptions
should indicate the intended use of the coins issued in the
offering, their quantity, when and whether the founders or
advisors will hold reserve coins, and how they may choose to
liquidate them (including whether there are any restrictions on
their ability to sell). If the tokens will be based on a
technological format that must comply with certain rules, such as
the ERC20 standard, the disclosures should clarify what that
means to a typical holder. If special efforts will be made to
list a token on a regulated exchange or alternative trading
system (or ATS), or if there are trading restrictions on the
security, those facts should be disclosed in a manner that is
clear to the prospective token holder. Finally, promoters should
be required to disclose the IP/ownership of the company`s
protocol (including which elements have been borrowed from
elsewhere), as well as detail with specificity what legal rights
holders of the tokens enjoy.



Blockchain Governance. Investors should be informed as to how the
supporting infrastructure operates, and how it will impact the
governance of the token. Along these lines, the consensus
mechanism for a virtual currency`s blockchain should be
disclosed, along with an overview of how governance decisions and
other decisions effecting the network (e.g., software upgrades)
will be coordinated among the various stakeholders (e.g.,
developers, users, miners).

Qualifications of the technical team. Information about the
business experience of executive officers and directors is a
common disclosure requirement in registered offerings.11 They
give investors a sense of the quality of management, and likely
success of the company once a company goes public. In ICOs, where
firms have limited histories and the technology at issue may be
exotic, similar information about the offering`s technical team
can be especially valuable. Coders have varying backgrounds, with
some more (and much less) qualified, credentialed or experienced
than others. In order to provide investors with some sense as to
the expertise and credibility of the white paper, founders should
be required to provide all material information relating to key
engineering experience, skills, qualifications and other relevant
attributes. Where relevant, developers should also be required to
provide links to their previous work on a public code repository.

Risk factors. ICOs should include disclosures concerning the most
significant risk factors affecting token holders in the offering
document. Although most investors likely realize that even
successful ventures might be later disintermediated by more
efficient upstarts, a token holder may be surprised to find that
the product does not yet function as intended or may develop a
new use or purpose altogether depending on the development of the
technology or, perhaps even less predictably, the wishes of the
participants in the ecosystem. Holders should also understand the
larger sectoral risks as well, including changes in the industry
that could relegate some blockchain designs to more niche roles
in the sector, and render many tokens worthless. Critically,
buyers must be made fully aware of their potential vulnerability
to hacking, data-loss, and disruption, as well as legal issues
like privacy concerns and data portability across borders.12

I want to stress that there are undoubtedly additional, somewhat
more technical disclosure requirements that would make sense
under U.S. securities laws, though I believe it useful to start
with the most obvious first as a basis of our discussion today. I
appreciate your time and look forward to your questi