Daily Fintech Conversations

A self-regulatory code of conduct for ITO (Initial Token Offering) and ICO

I Am Not A Lawyer, but just in case I will borrow the disclaimer that lawyers use.

Disclaimer: The following analysis is for informational purposes only and does not constitute legal advice. You should contact an attorney for advice with respect to any particular issue or problem. Use of and access to this post does not create any attorney-client relationship between the author and the user or reader.

Read on, plenty of lawyers involved in making this happen.

This document outlines:

❏ Why ITOs are difficult to understand

❏ Why ITOs could be very valuable

❏ Why ITOs are dangerous

❏ Why the conventional regulatory approach won’t work

❏ One approach to the global jurisdictional problem

❏ The people behind this initiative

❏ The process from here

Why ITOs are difficult to understand
Is it a bird, is it a plane, is it a…
It is a new paradigm, yet all of us (entrepreneurs, investors and regulators) seek a simple analogy from traditional finance. Is it a:

● Currency (ICO) like another Altcoin?
● Equity (IEO) with a fixed supply (max = 100%)?
● Bond (IBO) with a fixed income?
● ANO Asset (IAO) (like property, art, wine)?
● Something entirely new where none of the old analogies quite work? This could be something technical like a database right or access right.

We use the term Initial Token Offering because “token” is neutral. A token represents value and that value could be a currency, equity shares, a fixed income bond or any other asset. However we also recognise that ICO is used by most people in the market.

These are new concepts and none of the old analogies fit. Different market participants see it in different ways and some promote that view out of self interest. These competing viewpoints from interested parties make understanding even harder.

Why ITOs could be very valuable
The old saw is “if it ain’t broke, don’t fix it”.
The corollary is “if it is broke, find a way to fix it”.
The innovation capital business is broken for both parties:

  • Entrepreneurs need an easier way to raise the capital that they need to get a product/service built and into the market. The end result is a product/service, capital is simply a tool to that end. The problem is that investors, even those who claim to be early stage, want evidence of traction to avoid the chasm that so many ventures fall into before achieving Product Market Fit (PMF). This pushes more risk to founders and their friends/families. The IPO window keeps getting harder to get through, leaving a dwindling number of acquirers, making investors even more risk averse.

  • Investors need a chance to get in early but also to get liquidity. By the time most investors get a chance at IPO (when they have liquidity), the best returns have often already been taken by private investors. Yet if they try to get into private rounds most investors are at a disadvantage to the top tier VC funds and they have to accept their capital being locked up with no control over liquidity. This is hard for even the HNWI and UHNWI investors, but it is doubly hard for smaller investors who are sometimes legally prohibited or have to pay a big % in legal expenses.

ITOs – done right – could help both parties because there is liquidity, which allows some investors/traders to take a short term view if they want to (and these speculators provide liquidity). ITOs also have some of the advantages of rewards based crowdfunding services like Kickstarter, because the investors in ITOs are often also the users. They use the tokens on the network/service. So they help get the venture to PMF. It is their passion and knowledge that drives the process.

Why ICO/ITO is dangerous
It is very simple to raise money via an ITO (ICO). This will bring out honest entrepreneurs who are fed up with the current way of raising capital. It will also bring out crooks. It already has. So far early investors have been people playing with “found money”. For example if you invested in Bitcoin in 2009-2011, putting some of those profits into Ether in 2014 seemed pretty easy, even if you follow it up by losing it on the DAO in 2016. It is quite different when Josephine Q Public is investing from earnings that took 40 years to accumulate and which she is banking on for a comfortable retirement. If ITO scales, more crooks and more Josephine Q Public actors get involved.
The words Initial and Offering make one think of IPO and that is beguiling for both entrepreneurs and investors and that can make them blind to the downside.

The Howey test (from an SEC legal case from 1946) is basically – if it looks and acts like an equity it probably is. Many ICOs fail this test, putting them in the regulatory cross hairs.
This is a problem for both parties:

  • Honest Entrepreneurs get “tarred with the same brush” from scams and lousy offerings and will face a heavy regulatory backlash.

  • Investors will face scammers who are very skillful both technically and in obfuscation and marketing.

Why the conventional regulatory approach won’t work

Two end results will be bad:

  • Unregulated scamsters discredit the whole ITO concept, causing investors to shun them.
  • A regulatory backlash kills the potential of ITOs for both entrepreneurs and investors by being too heavy handed.

Lots of vested interests in the capital markets (such as big VC funds and investment bankers) will be hurt if ITOs go mainstream. So we can expect many well reasoned calls for strict regulation.

One very powerful feature of ITOs is that they are totally global and permissionless - like bitcoin. Josephine Q. Public can invest in an ITO without permission from any commercial or government institution no matter where she is based and no matter where the entrepreneur is based and no matter how much money she has. Yet regulation works on a sovereign jurisdictional basis and in many jurisdictions there are competing agencies involved in any single transaction. If we let one big powerful jurisdiction define the rules (say USA or EU or China), there are too many complex conflicts of interests and many other jurisdictions will want to add their local nuance. Then we will have a complex overlapping set of regulations that will kill the agility/simplicity that entrepreneurs and investors like about ITOs.

Sovereign jurisdiction still does matter. Smart Contracts are great until there is a dispute and even in a well designed smart contract there are exceptions that the designers never anticipated. That is when old fashioned courts, judges, juries (in some countries) and lawyers are needed.

One approach to the global jurisdictional problem

Digital communication is permissionless. I don’t need permission to send an email/text to somebody in another country. Money is different - bits don’t stop at borders but money has to show its passport.

One approach is to keep it simple by defining three different sovereign jurisdiction locations:

❏ Where the entity is located. This will encourage jurisdictional competition. Jurisdictions will have to get the balance right between meeting the needs of both entrepreneurs and investors. Too far in one direction will not be sustainable. Examples of jurisdictions that may want to innovate like this are Switzerland, Malta, Iceland, Estonia, UK, Delaware, Hong Kong, Singapore.

❏ Where the token buyer is located. This is where the rules can vary from country to country. We may also eventually see the securitization of tokens, which would allow a token buyer to decide whether they want to go through an onshore or offshore vehicle. In this scenario, feeder funds will emerge and compete in major jurisdictions.

❏ Where the founding team, directors/officers are located. In todays world this can be multiple locations and separate from Entity location, but investors should be able to see in which jurisdiction they are in case it all goes wrong and the investors want to take them to court.

The objective of the ITO Self Regulatory Code of Conduct is simple. We want an Issuer to say “we abide by the ITO Self Regulatory Code of Conduct”. Our aim is to offer simple tools to compare any offer to this Self Regulatory Code of Conduct.

The people behind this initiative



The process from here

To start with we are inviting public comments on the mission. Then we will create a model code of conduct and invite comments on that.

If you would like to get more involved please tell us in comments. We want people who have the rare combination of expertise in a subject that few people understand without having too much conflict of interest.


Switzerland is the country of CryptoValley and there are many experts and seasoned enterpreuners that should be invited to share their knowledge here. I will start a list here and share the conversation. Please, feel free to add more names:

  • Johann Gevers - Founder and CEO of Monetas & Founder and CEO of The Digital Finance Compliance Association (DFCA) which is spearheading the development of a business-friendly regulatory framework for the cryptofinance industry. And founder of the Crypto Valley and Bitcoin association in Zug.
  • Mona El Isa, co-Founder of Melonport, recent ICO (MLN); active in the ecosystem and passionate about sharing best practices.
  • Dr. Luka Müller, legal practice MME, the cutting edge legal practice advising on ICOs etc…
  • Bitcoin Suisse, is assisting in preparing ICOs - i.e. best practices.

Disclosure: I am advising a venture during their pre-ICO positioning (public announcement in a few weeks).

thanks @Efi that is a good selection of people, I have reached out to those I found on Twitter. We are looking right now for a small core group who will get seriously stuck in and draft documents and a larger group as an advisory board who will occasionally help guide our efforts with insights and comments on drafts.

The main problem with ICOs seems to be that the only motivation which prevents token issuers from running away with ITO proceeds is their reputation. This code of conduct should find ways to increase the chances of an investor to realize the capital gain that the issuers promised during the ITO. However, to draw mainstream attention I believe ITOs should be regulated (in against of decentralization). In other words, without any legal definition of tokens as equity, bond etc. investors’ right cannot be protected without the good intentions of issuers. Perhaps, independent institutions (like credit rating agencies) which grade ITOs based on a universally accepted code of conduct may help the transition period and help investors to distinguish between a scam and a real value proposition.


Thanks @Consultant you make some good points.

Regarding reputation, one way to promote this may be to promote real identity for issuers. If the issuers real ID is visible, they will do more to protect that reputation. That of course is only one peg in the ground, but it is a critical one and solvable with technology.

Regarding some equivalent of credit rating agencies, we should learn from the global financial crisis and ensure that the company doing the rating is paid for by the investor not the issuer.

Regulation does not prevent scams - witness Madoff, Enron, etc, etc, etc. The aim of a self regulatory code of conduct is to aspire to a level of transparency that goes beyond what you get in a regulated market. Technology makes this possible. Issuers and the jurisdictions should compete to offer better value to investors. That sort of free market approach should beat bureaucratic regulation (which can be gamed and captured).

I believe each jurisdiction should be regulated and an issuer chooses a jurisdiction. Then an investor can weigh the jurisdiction in their decision. If an investor sees a jurisdiction that is a haven for scammers they can pass. Jurisdictional competition is a good thing IMHO.

Here is the first ICO rating agency, powered by Ambisafe.

Read about them in the news
Ambisafe Inc. and ICOrating Partner to Form “Moody’s” of ICO Investing

It is in beta testing.
Here is an example of a rated ICO (Stable rating) for Humaniq
An example of a Risky rating for Mainstreet
An example of a Negative rating for Kibo lotto

@Efi ICO Rating is a great find. I hope that an ICO/ITO that adheres to a good Code of Conduct will get a better rating i.e. it will be one of the signals that they track

I came across Smith and Crown.


@BernardLunn I understand that there are major scams even in regulated areas but when hearing such a statement I cannot help myself thinking about the consequences if there were no regulations. I accept that regulated systems also fail and I am also a keen individual about decentralization but in my opinion giving investors a legal protection for their investments in ICOs should not necessarily kill innovation.

Just like what @Efi gives as an example, ICO rating agencies could be very useful for ordinary investors to assess risks. At this point, the compentency of the agency comes into question. The proposed code of conduct should also suggest minimum skill set/conflict of interest rules that an agency has to offer/comply. In the long view this might create a chance for regulators to effectively regulate the ICO sector. Yes it is difficult to regulate all types of ICOs across different jurisdictions but any government could regulate rating agencies based on the code of conduct.


In a post from last November, I covered the ICO ecosystem resources I had found at that time. See
Golem and the ICO ecosystem

For example,
ICOO is a place to go, to track pre-launch crowdfunding ICO deals and to be able to trade them immediately thereafter, on the Open Ledger platform.

The ICO/ITO momentum is in full throttle and many who advocate for this form or raising capital see the need to SELF REGULATE before regulators step in and destroy it.

In Crowdfunding it was SELF REGULATE that got the ball rolling and look at it now is growing and growing.


The discussions and post keep on coming

Yes, the need for a self regulatory code of conduct keeps getting more apparent with each passing day.

In short, “time is of the essence”.

One way to look at this is that a self regulatory code of conduct is a like an agile startup approach - MVP to PMF to Scale vs the traditional regulatory approach which is like the waterfall method of software development.

The calls for “it should be regulated” miss how long this takes and how much the world will have changed by the time the regulators will have finished. The other big problem with a traditional regulatory approach is that we live in an increasingly multi-polar world. Which jurisdiction should be be the regulator? America? China? Europe? Will all other jurisdictions - such as Canada, India, Singapore, UK, Switzerland, simply adopt whatever America or China or Europe decides? This is a recipe for years of doing nothing and thus a lot more scams.

The genie is out of the bottle. Now the genie needs to obey our wishes.

The three big things that are good about ITOs which a self regulatory code of conduct needs to protect are:

  1. Permissionless

  2. Transparency

  3. Liquidity

The big value of regulation should be to make it easier to spot scams. That is all about transparency. Give people the data to make informed decisions. The NYSE/NASDAQ stock markets are fully regulated but investors can still get burned.

The big danger of a self regulatory code of conduct is that it becomes “good housekeeping seal of approval” exploited by scammers. They slap our logo on (when we have one) and naive investors are fooled. This is like buying bitcoin, there are safe ways to do it (an emerging body of best practices) but there is no stopping somebody doing something stupid (e.g. leaving millions on a mobile wallet).

At some point we can have an auto compare feature - compare this ITO issue to the self regulatory code of conduct. It is not hard, it could be as simple as a Track Changes using Word. But we must also have a big warning sign - like going off piste/off trail in the mountains - “you are entering dangerous territory, be careful and do your own research”.

From Ripple’s regulatory efforts, an interesting aspect of XRP has been identified as a regulatory enabler, is that each jurisdiction can choose how it regulates the token, be it property, currency, debt, equity, etc.

Thinking out loud… Where the servers are located matters, can be in many jurisdictions.

I think the “point of origin” would be where the Entrepreneur is located, and that jurisdiction’s laws would set precedence for the Investor’s jurisdiction to observe regarding the token classification.

The nature of the utility value of the token should also have influence. This depends on the purpose of the network or ledger. Are we talking about a token used to pay for CPU cycles, achieve FX, run a smart contract, or what?

Why all this effort being done should be a key starting point for regulators.

This is very good as an intro from an investor perspective

@KarmaCoverage Where servers are located should be irrelevant in a decentralized network. Are you thinking about something like super nodes in Skype?

This is a critical issue, as servers can be shut down by regulators. One peg in the ground is that a critical server should be in country of juridiction, so that regulators can shut down scams.

Thanks @KarmaCoverage useful input.

Good read on the positive side of the ledger ie why ITOs can be a force for good as well as a haven for scammers:

SEC first public announcement re ICO/ITO TAKE CARE OF INVESTORS. First warning

strong text http://mobile.reuters.com/article/idUSKBN18K05Q

1 Like

Sorry to be a bit late for this, Bernard. I would consider myself a serious student of ICOs and cognitive biases (like ICO ratings). I will be happy to help if I can. I think it’s an admirable goal, but I also think there is such a wide variety of projects and ways of seeking funding that it will be difficult to put hard should/shouldn’t rules in place. But I’ll certainly help if I can.

Here is something about the SAFT agreement: https://www.ethnews.com/calling-all-attorneys--the-saft-project-aims-to-create-the-perfect-ico-legal-framework

And a discussion from Token Summit last week: https://www.ethnews.com/legal-experts-at-token-summit-struggle-to-agree-on-how-to-advise-in-the-grey-areas-of-blockchain-law

1 Like

Hi @davids welcome to the party. It is not when you arrive but what you say that counts. Both links are interesting, thanks.

The SAFT initiative is great.

I love that they declare Y Combinator’s SAFE as the inspiration. That is an inspiration that we share. It changed the game, I also love that IPFS is behind this as IPFS is a very credible open source initiative.

The report on the panel is great but shows the limitation of snapshot discussions limited by time/place. Token Summit did a great job assembling some of the most credible people to discuss this. Ethnews did a great job reporting on it. Our mission at Fintech Genome is to be the place where thematic conversations like this are unconstrained by time and place. That great discussion at Token Summit did not need to end when the Summit ended.

One direction being discussed there that should be vigorously discussed is the idea of Accredited Investor. That seems like a bureaucratic construct that we should be wary of while respecting the objective of safeguarding investors who can least afford to take a loss. A key feature of the whole cyber world is that it is permissionless, like the Internet. If somebody chooses to invest early, I think caveat emptor should rule.

When done right, ITO can be a totally new approach to funding early stage technology risk.

Think of Ethereum. Lots of technical risk during their ITO in summer 2014. With conventional funding, Ethereum would never have seen the light of day. With conventional funding, investors would have sought advice from developers and would still not have understood the technical risk. In the Ethereum ITO, those developers put their money where their mouth was. They did not need investors because they were the investor - classic disintermediation.

Issuers should declare what stage they are at:

Stage 1: Technical risk. White paper only, maybe some early code on Github.

Stage 2: Market risk. Prototype/MVP.

Stage 3: Scale risk. Where big funds and ibankers like to play.

When the market is developers (as it is with many ITOs), let the developers assess technical risk. If they take a positive view, that it is technically feasible and vote with their capital (whether cash or intellectual) that is the best technical feasibility study - better than peer reviewed papers as there is skin in the game.

You are right in saying this is hard – like erecting a tent in a storm. The only way I know how to do that is to put some pegs in the ground. Next post will be those pegs in the ground by defining a few Should Do constraints for Issuers who want to say they are part of this self-regulatory code of conduct.