The Architecture of U.S. Securities Law

The '33 Act governs primary offerings—when issuers first sell securities to investors.

Section 2(a)(1): The Definition of Security

This is where everything starts for crypto classification. Section 2(a)(1) lists instruments that constitute "securities":

"any note, stock, treasury stock, security future, security-based swap, bond, debenture, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement, collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, fractional undivided interest in oil, gas, or other mineral rights, any put, call, straddle, option, or privilege on any security..."

For crypto, "investment contract" is the battleground. Digital tokens aren't stocks, bonds, or notes in the traditional sense. But the SEC argues many are "investment contracts" under the Howey test—a 1946 Supreme Court interpretation of this 1933 statutory language.

Section 5: The Registration Requirement

Section 5 is the operative prohibition:

"Unless a registration statement is in effect as to a security, it shall be unlawful for any person, directly or indirectly—
(1) to make use of any means or instruments of transportation or communication in interstate commerce or of the mails to sell such security..."

• "Unless a registration statement is in effect" — Registration isn't optional; it's required unless an exemption applies
• "Any person, directly or indirectly" — Not just issuers; anyone involved in the sale
• "Interstate commerce or of the mails" — Interpreted extremely broadly; virtually all transactions qualify
• "Sell such security" — Includes offers to sell, not just completed sales

For digital assets, if a token is a security, Section 5 means the issuer must register with the SEC or qualify for an exemption. Most ICOs did neither, which is why the SEC has brought dozens of enforcement actions.

Section 4: The Exemptions

Section 4 creates exemptions from Section 5's registration requirement:

• Section 4(a)(1): Transactions by persons other than issuers, underwriters, or dealers. This allows ordinary secondary market trading.
• Section 4(a)(2): Transactions not involving a public offering. This is the statutory basis for private placements.
• Section 4(a)(5): Offers to accredited investors up to $5 million (rarely used; Regulation D is more common).
• Section 4(a)(6): Crowdfunding exemption (added in 2012).

These exemptions are crucial because registration is expensive and time-consuming. Most legitimate capital raising uses exemptions rather than full registration.

Sections 11 and 12: Liability Provisions

Section 11 creates strict liability for material misstatements in registration statements. Everyone who signed—including directors—is liable unless they can prove due diligence.

Section 12 creates liability for selling unregistered securities (12(a)(1)) and for material misstatements in any prospectus or oral communication (12(a)(2)).

These provisions create the enforcement teeth for the disclosure regime. Executives, directors, and underwriters face personal financial exposure, creating incentives for careful, truthful disclosure.

The '34 Act governs secondary markets—exchanges, broker-dealers, and ongoing disclosure.

Section 10(b) and Rule 10b-5: The Antifraud Catch-All

Section 10(b) prohibits using any "manipulative or deceptive device" in connection with securities transactions. Rule 10b-5, adopted by the SEC in 1942, operationalizes this:

"It shall be unlawful for any person...
(a) To employ any device, scheme, or artifice to defraud,
(b) To make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made... not misleading, or
(c) To engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person,
in connection with the purchase or sale of any security."

This is the broadest antifraud provision in securities law. Unlike Section 11, it requires proving scienter (intent or recklessness), but it applies to all securities transactions—registered or not, primary or secondary.

For crypto, 10b-5 provides authority for the SEC to pursue fraud even when registration status is uncertain. The SEC can argue: "We don't need to prove this is a security requiring registration; we just need to prove fraud in connection with buying or selling."

Section 5: Exchange Registration

Section 5 of the '34 Act (different from Section 5 of the '33 Act) requires securities exchanges to register with the SEC. Registered exchanges must:

• Have rules preventing fraud and manipulation
• Enforce compliance by members
• Provide fair and orderly markets
• Submit to SEC oversight

The SEC has argued that crypto platforms facilitating trading in securities must register as exchanges. Coinbase, Binance, and others have faced enforcement based on this theory. The central dispute: Are the assets traded on these platforms securities?

Section 15: Broker-Dealer Registration

Broker-dealers must register with the SEC and join a self-regulatory organization (FINRA). Requirements include:

• Net capital rules (maintaining financial cushion)
• Customer protection rules (segregating customer funds)
• Recordkeeping requirements
• Supervision obligations
• Suitability and best execution duties

If crypto platforms are deemed to be broker-dealers—facilitating transactions in securities—they face these extensive requirements. Most crypto platforms have avoided registration by arguing their tokens aren't securities.

Sections 13 and 15(d): Continuous Disclosure

• 10-K: Annual report with audited financials
• 10-Q: Quarterly reports
• 8-K: Current reports for material events
• Proxy statements: For shareholder votes

These requirements extend the disclosure philosophy beyond initial offerings. Investors can make ongoing decisions based on current information.

For crypto, if tokens are securities, issuers might face continuous disclosure obligations. But most token issuers haven't complied, and the SEC has generally focused on initial offering violations rather than ongoing reporting.

Investment Company Act of 1940

This statute regulates investment companies—entities primarily in the business of investing in securities. Mutual funds, ETFs, and other pooled investment vehicles must register and comply with extensive requirements.

• Crypto funds may need to register as investment companies
• Bitcoin and Ether ETFs required SEC approval under this act
• Decentralized protocols that pool capital face potential investment company status

Investment Advisers Act of 1940

Investment advisers who advise on securities must register and comply with fiduciary duties. This affects:

• Crypto hedge funds and advisers
• Platforms providing personalized investment recommendations
• Robo-advisers incorporating crypto

Sarbanes-Oxley Act of 2002

Post-Enron reforms added criminal penalties for securities fraud, enhanced disclosure requirements, and CEO/CFO certification requirements. These primarily affect public companies but reinforce the accountability framework.

JOBS Act of 2012

• Regulation A+ (mini-IPO for up to $75 million)
• Regulation Crowdfunding
• "Emerging growth company" reduced requirements

Some token projects have used Regulation A+ (like Blockstack's historic 2019 offering), though most have avoided registration entirely.

The SEC is led by five commissioners, appointed by the President and confirmed by the Senate, serving staggered five-year terms. No more than three commissioners can be from the same political party.

The Chair, designated by the President, sets the agency's agenda and serves as chief executive officer. The Chair's priorities significantly influence enforcement focus, rulemaking agenda, and public positioning.

The Chair's philosophy significantly affects how securities law applies to crypto. Same statutes, different emphasis.

Division of Corporation Finance

• Would review token registration statements (rare)
• Issues comment letters on filings
• Provides guidance on disclosure requirements

Division of Trading and Markets

• Jurisdiction over whether crypto platforms are exchanges
• Broker-dealer registration questions
• Alternative trading system issues

Division of Investment Management

• Crypto ETF applications
• Investment company status questions
• Investment adviser registration

Division of Enforcement

• ICO enforcement actions
• Fraud cases
• Platform enforcement (exchange, broker-dealer theories)

Division of Economic and Risk Analysis

• Market data analysis
• Quantitative support for enforcement
• Policy impact assessment

The SEC can adopt rules implementing the securities statutes. This is how we get:

The Rulemaking Process:

1. Proposed Rule: SEC publishes proposal with request for comments
2. Comment Period: Public submits comments (typically 60-90 days)
3. Final Rule: SEC considers comments and adopts final rule
4. Effective Date: Usually 30-60 days after publication
5. Challenge: Rules can be challenged in court

For crypto, significant rulemaking has been limited. The SEC has relied primarily on enforcement actions applying existing rules rather than adopting crypto-specific rules. This enforcement-led approach has been controversial—critics argue the SEC is making law through litigation rather than transparent rulemaking.

Below formal rules, the SEC issues guidance:

• No-action letters: Staff states it won't recommend enforcement against specific conduct
• Staff bulletins: Informal guidance on positions
• Speeches: Officials explain views (not legally binding)
• Framework documents: Organized guidance (like the 2019 Digital Asset Framework)

The 2019 "Framework for 'Investment Contract' Analysis of Digital Assets" is the most comprehensive SEC guidance on crypto classification. But it's staff guidance, not a rule—helpful for understanding SEC thinking, not legally binding.

Full SEC registration is expensive ($2-5 million for an IPO), time-consuming (typically 4-6 months), and requires ongoing compliance costs. Most capital raising uses exemptions:

The Exemption Landscape:

SECURITIES OFFERING PATHWAYS

┌───────────────────────┐
│ Registered IPO │
│ (Full SEC review) │
│ ($2-5M+, 4-6 months) │
└───────────────────────┘
│
┌──────────────────────────┼──────────────────────────┐
│ │ │
┌───▼───────────┐ ┌────────▼────────┐ ┌───────────▼──────┐
│ Regulation D │ │ Regulation A+ │ │ Regulation S │
│(Private Place)│ │ (Mini-IPO) │ │ (Offshore) │
└───────────────┘ └─────────────────┘ └──────────────────┘
│ │ │
│ │ │
┌───▼───────┐ ┌───▼───────┐ │ ┌──────────▼──────────┐
│Rule 506(b)│ │Rule 506(c)│ │ │No US person sales │
│No general │ │General │ │ │Flowback restrictions│
│solicit. │ │solicit. OK│ │ └─────────────────────┘
└───────────┘ └───────────┘ │
│
┌──────────────┼──────────────┐
│ │ │
┌──────▼─────┐ ┌─────▼──────┐ ┌────▼─────┐
│ Tier 1 │ │ Tier 2 │ │Reg CF │
│($20M max) │ │($75M max) │ │($5M max) │
└────────────┘ └────────────┘ └──────────┘
```

Regulation D is the most common exemption for raising capital without full registration.

Why Crypto Projects Struggled with Reg D:

1. They involved general solicitation (public token sales, marketing)
2. They sold to non-accredited investors (retail buyers worldwide)
3. They didn't take steps to verify accredited status
4. The "private" offering was actually quite public

Some projects used Regulation D successfully (private token sales to accredited investors), but the typical ICO model—public sale to anyone—couldn't qualify.

Regulation A allows smaller public offerings with reduced requirements:

• Up to $20 million in 12 months

• SEC review required

• No ongoing reporting requirements

• State blue sky compliance required

• Up to $75 million in 12 months

• SEC review required

• Ongoing semi-annual and annual reports

• State blue sky preempted

• Investment limits for non-accredited investors

Reg A+ for Crypto:

Blockstack (Hiro Systems) completed the first SEC-qualified Regulation A+ token offering in 2019—a genuine milestone. The process took about a year, cost millions in legal fees, and required extensive disclosure.

• Cost and time (significant but not prohibitive)
• Disclosure requirements reveal business information
• Many projects want global, not just US, distribution
• Philosophical objections to SEC jurisdiction
• Uncertainty about what qualifies

Regulation S exempts offerings made outside the United States to non-U.S. persons:

The Crypto Application:

• Conduct token sale offshore
• Exclude US persons from purchase
• Use geographic blocking and attestations

The Problem:

• Tokens may flow back to US secondary markets
• US persons may buy on foreign exchanges
• Regulation S flowback restrictions are hard to enforce with crypto

The SEC has challenged Regulation S defenses in several cases, arguing that projects knew tokens would reach US markets regardless of initial exclusion.

Regulation Crowdfunding (Reg CF) allows raising up to $5 million through SEC-registered intermediaries:

Crypto Application:

• $5 million limit is small for most projects
• Requires using registered intermediary
• Still involves SEC compliance costs

Recognizing that existing exemptions don't fit crypto well, various safe harbor proposals have emerged:

Commissioner Peirce's Token Safe Harbor (2.0):

• Three-year grace period for token development
• Network must "mature" (become decentralized)
• Disclosure requirements (initial and ongoing)
• Exit reporting when safe harbor ends
• Must be filed with SEC initially

The safe harbor would allow token projects to develop without immediate securities classification, provided they meet disclosure requirements and eventually achieve decentralization or comply with securities law.

Status: Proposal only. Not adopted. Requires SEC vote or congressional action.

Congressional Proposals:

• FIT21 (Financial Innovation and Technology for the 21st Century Act)
• Lummis-Gillibrand proposals
• Other market structure bills

These would create clearer pathways for token offerings, potentially with CFTC rather than SEC jurisdiction for certain tokens.

The SEC's Division of Enforcement investigates and prosecutes securities violations.

Investigation Process:

1. Preliminary inquiry: Staff reviews tips, referrals, surveillance
2. Formal investigation: Commission authorizes subpoena power
3. Wells notice: Staff informs target of likely enforcement recommendation
4. Wells submission: Target's response arguing against enforcement
5. Commission decision: Vote on whether to authorize action
6. Filing: Court complaint or administrative proceeding

Remedies Available:

• Injunction: Court order prohibiting future violations
• Disgorgement: Return of ill-gotten gains plus prejudgment interest
• Civil penalties: Additional monetary penalties (can be substantial)
• Officer/director bar: Prohibition on serving as corporate officer
• Cease-and-desist order: Administrative order to stop violations
• Industry bars: Prohibition from securities industry participation

SEC v. Ripple Remedies:

• Reduced civil penalty (~$125 million, less than SEC sought)
• Injunction against future violations
• No disgorgement (SEC's request was largely rejected)

The SEC can bring actions in two forums:

• Before SEC administrative law judges

• SEC controls the forum and procedures

• Limited discovery compared to federal court

• Appeal to full Commission, then federal appeals court

• Before federal district judges

• Full discovery available

• Jury trial possible

• Standard federal court procedures

The SEC often prefers administrative proceedings (more control), but post-2018 Supreme Court decisions limited the SEC's ability to choose administrative forum for certain defendants. Ripple was filed in federal court.

The SEC cannot bring criminal charges. Only the Department of Justice can prosecute securities crimes.

Parallel Proceedings:

The SEC and DOJ often coordinate. An SEC investigation may generate DOJ referral. Defendants may face simultaneous civil and criminal proceedings.

• FTX/Sam Bankman-Fried (fraud, multiple convictions)
• Terraform/Do Kwon (fraud charges pending)
• Various ICO fraud cases

Private lawsuits supplement SEC enforcement:

Class Actions:

• Section 10(b) claims for fraud
• Section 11 claims for registration statement misstatements
• Section 12 claims for unregistered sales

Individual Suits:

Investors can sue individually, though smaller claims may not be economical without aggregation.

Derivative Suits:

Shareholders can sue corporate boards on behalf of the company for breach of fiduciary duty.

The Private Securities Litigation Reform Act (PSLRA):

• Lead plaintiff requirements
• Heightened pleading standards
• Stay of discovery during motion to dismiss
• Limits on joint and several liability

These reforms reduced frivolous suits but also made legitimate claims harder to pursue.

Crypto Class Actions:

Multiple class actions have been filed against crypto projects, exchanges, and promoters. Results have been mixed—many settle, some are dismissed, litigation is ongoing.

The fundamental question: Is a digital asset a security (SEC jurisdiction) or a commodity (CFTC jurisdiction)?

The Gap:

There's a regulatory gap for spot commodity markets. The CFTC has limited authority over spot commodity trading—it can pursue fraud but doesn't regulate the market comprehensively. This means:

• If Bitcoin is a commodity (generally accepted), spot Bitcoin trading is lightly regulated
• If XRP is not a security, spot XRP trading may fall in the regulatory gap
• Exchanges trading commodity tokens don't need to register as securities exchanges

The Overlap:

• A security when first sold (investment contract)
• A commodity in secondary trading (decentralized asset)

This creates uncertainty and potential for inconsistent treatment.

State securities regulators retain authority under blue sky laws:

• Broad fraud authority

• No scienter requirement

• NY Attorney General has used it aggressively

• Applies to transactions with NY nexus

• Active in crypto enforcement

• Cease-and-desist authority

• Multiple actions against crypto projects

• Separate from securities law

• Requires licenses for money transmission

• Applies to crypto exchanges, wallets

• State-by-state compliance required

Congress could clarify jurisdictional questions but hasn't acted definitively:

• Passed House in May 2024

• Creates clearer SEC/CFTC jurisdictional split

• Pathway for tokens to move from SEC to CFTC jurisdiction

• Uncertain Senate prospects

• Lummis-Gillibrand (comprehensive framework)

• Stablecoin-specific bills

• Various market structure proposals

Until Congress acts, the jurisdictional questions will continue to be resolved through enforcement, litigation, and inter-agency maneuvering.

Different digital assets map differently to this architecture:

• Generally accepted as commodity

• Not an investment contract (no issuer, no efforts of others)

• Spot trading: Minimal federal regulation

• Futures: CFTC regulated (CME futures since 2017)

• ETFs: SEC approved spot Bitcoin ETFs (January 2024)

• Commodity per CFTC and Hinman speech

• Pre-merge may have been different (staking centralizing?)

• ETFs: SEC approved spot Ether ETFs (2024)

• Some uncertainty remains

• Programmatic sales: Not investment contracts

• Institutional sales: Investment contracts (in that context)

• Current secondary trading: Not clear securities enforcement theory

• ETFs: Approved (late 2025)

• Status: Functional clarity without formal declaration

• Most SEC enforcement treated as unregistered securities

• Typically met Howey test at time of sale

• Secondary trading status unclear after settlement

• Not typically treated as securities (value-stable, not investment)

• But yield-bearing stablecoins could be securities

• Subject to potential stablecoin-specific legislation

• State money transmitter laws apply

Beyond individual assets, platforms face classification questions:

• SEC position: If they trade securities, yes

• Coinbase position: Our tokens aren't securities

• Ongoing litigation will resolve

• If facilitating securities transactions, potentially yes

• Requires registration, compliance infrastructure

• Most platforms deny trading securities

• Lesser registration than full exchange

• Some platforms exploring ATS registration

• Still requires securities on platform

✅ The statutory framework is clear. The '33 Act, '34 Act, and related statutes define what requires registration, what's prohibited, and what remedies are available. These aren't ambiguous.

✅ The SEC has broad authority. Investment contracts, antifraud provisions, exchange and broker-dealer regulation—the SEC's jurisdictional claims have statutory basis.

✅ Exemptions exist but have requirements. Regulation D, Regulation A+, Regulation S provide pathways, but each has conditions that most ICOs didn't meet.

✅ Enforcement has been substantial. Dozens of ICO enforcement actions, major platform cases, individual prosecutions. The SEC has demonstrated willingness to pursue crypto cases.

⚠️ Where the SEC/CFTC line falls. The jurisdictional boundary remains unclear for many assets. Legislative clarity is possible but not imminent.

⚠️ How secondary market trading is treated. Torres distinguished primary from secondary context, but this framework hasn't been universally adopted.

⚠️ Whether existing exemptions work for crypto. Safe harbors tailored to digital assets have been proposed but not adopted.

⚠️ How enforcement priorities will evolve. New administration, new Chair, new priorities. The aggressive enforcement posture may change.

U.S. securities law is a comprehensive, interlocking system designed for traditional securities markets. Digital assets can fit within this system—as securities, through exemptions, or as non-securities—but the fit is often awkward. Understanding the architecture helps you understand why certain arguments succeed or fail, why certain structures are chosen, and where uncertainty remains.

Assignment: Create a comprehensive flowchart that a crypto project could use to determine its legal pathway for token distribution to U.S. investors.

Requirements:

The flowchart should address these decision points:

1. Is the token a security?

2. If a security, what are the options?

3. For each exemption pathway:

4. Decision factors:

• Visual flowchart format (can be hand-drawn, digital tool, or described in structured text)

• Each decision point clearly labeled

• Outcomes/pathways clearly indicated

• Accompanying key (1-2 pages) explaining the flowchart logic

• Comprehensiveness (30%): Does it cover the major pathways?

• Accuracy (30%): Are the legal requirements correctly stated?

• Usability (25%): Could a project actually use this?

• Clarity (15%): Is it understandable?

Time Investment: 2 hours
Value: This exercise forces you to operationalize legal knowledge into practical decision-making. Understanding when exemptions apply—and when they don't—helps you evaluate token projects' legal structures and risks.

1. Section 5 of the '33 Act:

A crypto project conducts a token sale through public marketing, selling to anyone who wants to buy regardless of accredited status. Which statement is TRUE?

A) This is automatically legal because tokens are not listed in Section 2(a)(1)
B) This likely violates Section 5 if the tokens are investment contracts, because no exemption covers public sales to non-accredited investors with general solicitation
C) Regulation D 506(c) would exempt this sale because general solicitation is permitted
D) The SEC has no authority over token sales conducted online

Correct Answer: B
Explanation: Section 5 requires registration unless an exemption applies. If tokens are investment contracts (securities), this sale pattern—public marketing to anyone—doesn't fit available exemptions. Reg D 506(b) prohibits general solicitation. Reg D 506(c) allows general solicitation but requires all purchasers to be verified accredited investors. Reg A+ allows non-accredited purchasers but requires SEC qualification. A public sale to anyone doesn't fit any exemption. Option A is wrong—"investment contract" is in Section 2(a)(1). Option C is wrong—506(c) requires verified accredited investors only. Option D is wrong—SEC authority extends to online transactions in interstate commerce.

2. SEC Division Responsibilities:

Which SEC division would be primarily involved in reviewing a Regulation A+ token offering?

A) Division of Enforcement
B) Division of Corporation Finance
C) Division of Trading and Markets
D) Division of Investment Management

Correct Answer: B
Explanation: The Division of Corporation Finance reviews registration statements and offering circulars, including Regulation A+ filings. Division of Enforcement (A) investigates violations but doesn't review offerings for compliance. Division of Trading and Markets (C) handles exchanges and broker-dealers. Division of Investment Management (D) handles investment companies and advisers. Regulation A+ offerings—as small public offerings—fall under Corporation Finance.

3. Private Placement Requirements:

A token project wants to use Regulation D Rule 506(b) for a private placement. Which of the following would disqualify the offering?

A) Selling tokens to 25 accredited investors
B) Raising $50 million in a single offering
C) Purchasing advertisements in a crypto publication promoting the token sale
D) Not filing a Form D with the SEC

Correct Answer: C
Explanation: Rule 506(b) prohibits general solicitation and general advertising. Purchasing advertisements promoting the token sale is general solicitation—this disqualifies the exemption. Option A is allowed—506(b) permits unlimited accredited investors. Option B is allowed—506(b) has no maximum amount. Option D is technically a violation (Form D should be filed), but failure to file doesn't necessarily disqualify the exemption itself—it's a procedural violation, not a substantive exemption requirement.

4. SEC vs. CFTC Jurisdiction:

Under current regulatory understanding, which statement best describes the SEC/CFTC jurisdictional divide for digital assets?

A) The SEC has exclusive jurisdiction over all digital assets
B) The CFTC has exclusive jurisdiction over all digital assets
C) Bitcoin is generally a commodity (CFTC), tokens sold as investment contracts are securities (SEC), and many assets fall in disputed territory between the agencies
D) Congress has definitively resolved the jurisdictional question through legislation

Correct Answer: C
Explanation: The jurisdictional picture is nuanced: Bitcoin is generally accepted as a commodity (CFTC jurisdiction, with CME futures and SEC-approved ETFs). Tokens sold as investment contracts are securities (SEC jurisdiction). But many assets have disputed status, and the agencies sometimes assert overlapping or conflicting jurisdiction. Options A and B overstate either agency's exclusive authority. Option D is wrong—Congress has not passed definitive legislation (though bills have been proposed).

5. Enforcement Architecture:

A crypto project is under investigation by both the SEC and DOJ. What are the key differences between potential SEC civil enforcement and DOJ criminal prosecution?

A) There are no differences; the SEC and DOJ bring identical charges with identical consequences
B) SEC civil enforcement requires proof beyond reasonable doubt; DOJ criminal prosecution only requires preponderance of evidence
C) SEC civil enforcement can result in disgorgement, penalties, and injunctions; DOJ criminal prosecution can result in imprisonment; civil cases have a lower burden of proof
D) The SEC can imprison executives, but DOJ can only impose fines

Correct Answer: C
Explanation: SEC civil enforcement results in monetary penalties (disgorgement, civil penalties), injunctions, and industry bars—but not imprisonment. DOJ criminal prosecution can result in imprisonment as well as fines. The burden of proof is also different: civil cases require preponderance of evidence; criminal cases require proof beyond reasonable doubt. Option A is wrong—the consequences are very different. Option B reverses the burden of proof standards. Option D is wrong—only DOJ/courts can impose imprisonment.

For Next Lesson:
Lesson 3 takes a deep dive into the Howey test—going beyond the Course 28 introduction to examine each element's evolution, circuit court variations, and limitations when applied to digital assets.

End of Lesson 2

Total words: ~6,400
Estimated completion time: 60 minutes reading + 2 hours for deliverable