6 Key Differences Between Security and Utility Tokens

7 min read

Bitcoin Logo

It’s not an overstatement to say that initial coin offerings (ICOs) have thoroughly transformed the fundraising landscape for early-stage blockchain companies around the world. Last year saw more than $4 billion being raised through such events, easily outstripping the amount blockchain start-ups raised through the more traditional channel of venture capital. Indeed, many would call 2017 the year of the token.

But the lack of adequate regulation has led to many scams and questionable fundraising practices to emerge within the space. In response, the Securities & Exchange Commission (SEC) is now intensifying its scrutiny of ICOs to ensure that such offerings are in compliance with the rules, especially federal securities laws. The US regulator is now leading the charge in terms of ICO regulation, and it is expected that many other countries around the world will then follow in its footsteps.

At the heart of the SEC’s efforts is the attempt to deduce whether tokens have an inherent utility, or whether they are simply being provided for investment purposes. The financial watchdog is now specifically zeroing in on ICOs, seeking to verify whether such events involve the sale of unregistered securities, and whether any materially misleading statements have been made by the hosting company to the investing public leading up to the event.

On December 11th, for instance, the SEC issued a cease-and-desist orderagainst Munchee, a tech company which hosted a $15 million ICO earlier in the year, and which aims to create a restaurant meal review ‘ecosystem’. Its app enables users to write reviews and post photographs of meals served at restaurants. And the Munchee token (‘MUN’) was marketed by the company as an integral part of this ecosystem, with MUNs due to be made available to users to buy advertisements and write reviews.

According to Munchee’s white paper, the very fact that MUNs would be used within the application justified their classification as “utility” tokens, rather than “securities.”  The SEC disagreed.

The importance of distinguishing between ‘Utility’ and ‘Security’

The distinction between ‘utility’ and ‘security’ matters to regulators. From the perspective of securities law, the sale of tokens and other items that offer utility such as real estate and precious metals are largely excluded from being regulated as securities, despite the fact that a buyer may purchase such items at least in part for the purposes of investment. Indeed, this is precisely why companies such as Munchee aim to avoid having their tokens classified as securities, as this would require the appropriate licensing, which can prove to be expensive and complicated to obtain. Consequently, they aim to market their tokens as utility tokens when hosting their ICOs, which involves considerably less onerous regulatory compliance.

But should the token in question represent a security, then the company becomes subject to federal securities law, as the SEC first concluded in July after its watershed investigation into the DAO token offering, which took place on the Ethereum platform. At the time, the SEC concluded that the tokens sold by the DAO were securities and should thus be subject to federal securities laws. But what they did also ascertain is that while DAO tokens are securities, Ether is not. As Devebois & Plimpton observed, “The Report seems to distinguish between Ether, labelled a virtual currency, and DAO Tokens, labelled a security. Market participants may take comfort in this distinction, as it supports the view that not all blockchain tokens are securities under the U.S. Federal Securities Laws.”

The easiest way to think about utility tokens is that they are the ‘fuel’ used to power the successful operation of the system. They are primarily not designed to be investments, either now or in the future, and thus are not subject to the country’s laws governing securities. This perhaps explains why projects that intend to supply utility tokens prefer their ICOs to be called token offerings, or token generation events, so as not to confuse them with initial public offerings (IPOs) from the equities world, and thus not draw undue attention from regulators. Indeed, Ether could arguably be considered a utility token, seeing as it represents the ‘Gas’ that makes the network run and its primary function is to enable the fair execution of smart contracts and to facilitate the building of applications on the network. By executing code and smart contracts, Ethereum miners are rewarded with Gas, as represented by the value of Ether. The record-breaking Filecoin is another example – its ICO raised $257 million and sold tokens that will provide users with access to its decentralized cloud storage platform.

Security Tokens, on the other hand, are more akin to financial trading instruments. They can usually be observed when they are used as investment in a new start-up, or give out a share of the profits/losses of the company. Ultimately, accompanying the security token is the expectation of future profits that will be at least partly derived from the efforts of others (usually the founders of the company itself), and an increase in the value of the investment.

But how does the SEC actually go about making the distinction? Thus far, the most effective tool at its disposal has been the Howey Test, a Supreme Court finding that has formed the basis as the leading definition of an investment contract. The test stipulates that an investment contract is “a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.”

So, on the basis of the Howey Test threshold, the SEC concluded that Munchee issued securities that were disguised as a utility. The investors’ expectations of profits depended on the efforts of others; specifically, the company’s efforts to create the ecosystem, as well as the fact that a secondary trading market for MUN tokens would be created. What’s more, Munchee’s whitepaper itself emphasised that the company would run its business in ways that would cause MUN tokens to rise in value.

SEC Chairman Jay Clayton has made the distinction between the two categories decidedly clear, moreover, asserting that “Merely calling a token a ‘utility’ token or structuring it to provide some utility does not prevent the token from being a security.” If the token also places a degree of emphasis on the potential for investors to make profits at some point down the line based on “the entrepreneurial or managerial efforts of others”, then the authorities are going to also deem the token as a security.

security tokens

How to identify if a company is issuing security tokens

As an investor looking to participate in ICOs, you should be aware of whether the issuing company is trying to sell security tokens masquerading as utility tokens, as part of your overall due diligence. With further regulation from the SEC clearly on the horizon, navigating the ICO landscape from a legal standpoint will become ever-more important. With that in mind, what follows is some practical guidance to help investors (and the issuing companies themselves) with such an endeavour:

  1. Look at the functionality of the token: Can you utilize the token in accordance with its stated purpose? Although the project may only be in ‘testing’ mode, the platform should strongly indicate at the very least that it can be used by token buyers as intended. And this should ideally be determined prior to the launch of the ICO.
  2. What is the company’s marketing effort focused on? Is a significant chunk of its online literature (for example, in forums, Facebook and on its website) directed at investors and the crypto-community? If so, this should raise concerns that the token is a security, and regulatory intervention is likely to be just around the corner. But if the company is instead focused on trying to attract people to use its platform, is not using wording focused on earning profits, and instead discusses the functionality of the token, then the project’s legitimacy is likely to be more convincing.
  3. Don’t rely on a SAFT framework: A Simple Agreement for Future Tokens (SAFT) is an investment contract provided by the project’s developers to accredited investors. The framework aims to assert that when tokens are issued to investors in an ICO, they have utility such that they are not considered securities and can thus be sold to investors in the secondary cryptocurrency market. But investors should not simply assume that having a SAFT in place makes the company compliant. In the Munchee case, the SEC concluded, “Even if MUN tokens had a practical use at the time of the offering, it would not preclude the token from being a security. Determining whether a transaction involves a security does not turn on labelling – such as characterizing an ICO as involving a ‘utility token’ – but instead requires an assessment of ‘the economic realities underlying a transaction.”
  4. Beware of companies seeking to put tokens on exchanges: If a company purports to issue a utility token, but is also making clear efforts to eventually post their token on an exchange either by themselves or through a third party, this should raise a red flag. As Clayton remarked in the wake of the SEC’s Munchee order, having tokens on exchanges and marketing their transferability strongly implies that such tokens are securities.
  5. Does published content state or suggest that investors can earn a profit? Online content from the company posted on blogs, forums, social media platforms, or endorsing other third-party content (such as cryptocurrency ‘pundits’ on YouTube) suggesting that gains can be realized from purchasing the company’s tokens, should concern investors. Indeed, Munchee published a blog post which stated that “As more users get on the platform, the more valuable your MUN tokens become.” The company also posted a link to a YouTube video which encouraged investors to participate early in the ICO as they would make a profit.
  6. Regulators can intervene at any time: Just because a token sale has commenced does not mean that regulators won’t shut down the event at a later stage. Again, Munchee provides an ideal illustration of this point, with the SEC issuing its cease-and-desist order one day after the token sale had commenced.


The Munchee case – and others such as BitConnect–  have raised several important questions surrounding the nature of tokens being issued by new blockchain-based companies. According to Stephanie Avakian, co-director of the SEC’s Enforcement Division, the regulator “will continue to scrutinize the market vigilantly for improper offerings that seek to sell securities to the general public without the required registration or exemption”.

But it should also be stressed that the SEC does not appear to be trying to abjectly close down ICOs or unnecessarily suppress the potential of blockchain / cryptocurrency companies. If formulated and executed correctly, then token generation events will continue to represent an innovative, revolutionary channel for new projects to raise funding. However, should the tokens meet the criteria of being securities, then as Clayton clearly states, they “must be accompanied by the important disclosures, processes and other investor protections that our securities laws require.”

That all being said, the process continues to evolve at a fairly brisk pace, and according to some of the SEC’s latest pronouncements, “federal securities laws apply regardless of whether the offered security…is labelled a ‘coin’ or ‘utility token’ rather than a stock, bond or investment contract.” Although many have made the case that a clear distinction between utility and security should be made, and that utility tokens require considerably less regulatory oversight, it would appear that the recent comments from Messrs Clayton and Giancarlo strongly suggest that less of a distinction will be made between the two classes going forward, and that more projects will require compliance with securities laws.

If this is the ultimate direction the US takes, then much of the world will follow. And in turn, this should help global investors receive the appropriate protections when participating in an ICO, as well as provide the space with the legitimacy it sorely needs to mature and develop.

Dr Justin Chan Dr Chan founded DataDrivenInvestor.com (DDI) and is the CEO for JCube Capital Partners. Specialized in strategy development, alternative data analytics and behavioral finance, Dr Chan also has extensive experience in investment management and financial services industries. Prior to forming JCube and DDI, Dr Chan served in the capacity of strategy development in multiple hedge funds, fintech companies, and also served as a senior quantitative strategist at GMO. A published author at professional journals in finance, Dr. Chan holds a Ph.D. degree in finance from UCLA.

Leave a Reply

Your email address will not be published.