Skip to main content

SEC v Coinbase—the Black Knight, Bosses, and the Limits of Regulation by Enforcement

by: Tom Brown

Tom has been an attorney in the financial services industry for more than two decades. He began his career as an antitrust litigator and was part of the team that defended Visa against antitrust attacks. He then went in-house at Visa where he kicked started the company’s reorganization. After returning to private practice, he won important cases for eBay/PayPal, received the first-ever no-action letter from the CFPB, and made the case for consumer permissioned access to financial information under Section 1033 of Dodd-Frank. In addition to his role at Nyca, he remains an advisor to Paul Hastings and Restive Ventures. He is a member of the American Law Institute and the Editorial Board of the ABA’s Antitrust Law Journal. He graduated from the University of Chicago Law School and has an undergraduate degree from Columbia University.



Judge Failla handed down her opinion on Coinbase’s motion to dismiss the SEC’s complaint in late March. Crypto enthusiasts, the FinTwit crowd, and even industry analysts paid little attention. The continuing saga of supervision of sponsor banks and the settlement of the injunctive class in the decades-long interchange litigation dominated the week’s agenda. I think the opinion merits more attention than it received. It sends an important signal of the limit of the SEC’s effort to regulate the digital asset industry. It also provides an opportunity to discuss the downsides of the use of enforcement to achieve regulatory objectives. 

For those interested in the what rather than the how, here are the key takeaways:

  1. Half of the current crypto market cap sits outside the scope of the securities laws. Bitcoin, non-yield generating, fully reserved stable coins (e.g., USDT and USDC), and meme coins such as Dogecoin are not at issue. Whatever happens with this case, the SEC’s effort to regulate the crypto space via enforcement will not apply to at least half of the total market cap.
  2. Self-custody is the big winner. The decision holds that software that manages the keys associated with digital assets and that connects users to places where they can buy and sell digital assets for a fee is not subject to US securities laws. Coupled with the implicit concession that bitcoin and fully reserved stablecoin assets are not securities, the decision regarding self-custody solutions provides a road map for the construction of a digital asset ecosystem that the U.S. Securities laws will not reach
  3. Coinbase faces a difficult road. The decision concludes that an “investment contract” exists where the promoter of a project pools funds from the initial sale of a token and encourages others to buy the token for investment purposes. Although Coinbase has arguments about the legitimacy of the SEC’s actions that it can revive on appeal, the standard adopted by the Coinbase Court leaves Coinbase little room to prevail at the trial court level.

Beyond those specifics, the decision is a reminder of the risks that agencies face when they use litigation rather than rule-making to regulate activities that do not fall clearly within existing statutory regimes. The SEC has ample rule-making authority. It could have used that authority to create a comprehensive framework for the digital asset ecosystem at any point since Satoshi dropped the original Bitcoin whitepaper in 2008. Judge Failla’s decision signals that the SEC’s effort to regulate by enforcement will result in a patchwork that leaves vast portions of the digital asset ecosystem outside the scope of the SEC’s existing authority. 

  1. Regulation By Enforcement Reverses The General Order of Operation (i.e., Rules First and then Penalties for Breaking Them).

To understand why, it helps to back up a bit and understand what “regulation via enforcement” means. The phrase is a subtle dig at the SEC and other agencies that have a penchant for going to court to achieve outcomes that could be accomplished through rule-making or legislation. The Constitution, as Hamilton pointed out in advocating for its ratification, grants the federal government a limited set of powers. Those powers are expressly enumerated in the Constitution. And where no Federal law exists to govern a particular issue, the Federal government has no authority. 

The core structure of our Federal government, one of the express powers subject to express Constitutional authorization, has clear implications for enforcement activity: enforcement ordinarily follows the creation of clear rules. The primary issue with regulating through enforcement is fairness to affected parties. Whatever one thinks of Congress or the notice and comment rulemaking process, the creation of rules through ordinary processes necessarily involves some degree of debate and provides notice to affected parties. That notice enables affected parties to order their behavior around the new rules, which is the point of having rules. 

There are clear benefits from an agency perspective to regulating through enforcement. To the extent that courts tolerate the slow creep of agency authority, agencies can penalize conduct after it takes place (or as lawyers like to say ex-post). The fact that enforcement takes place after the fact enables agencies to avoid monitoring new patterns of behavior and deciding in advance whether that behavior needs to be regulated and, if so, how. Agencies can also avoid having to justify the creation of new rules to a sometimes skeptical public or Congress. The audience in any given case, at least at the trial court level, is a single judge. 

Litigation is, of course, unpredictable. Relative to other civil litigants, however, agencies have considerable advantages. They bring the prestige of the Federal government into play. When an agency lawyer stands up in court, he or she represents the people of the United States. Like other plaintiffs, agencies can pick the court in which they initiate an action. They can create a sort of common law by initiating cases and then settling them. By applying a litigation tax on certain conduct, an agency can dissuade private parties from engaging in certain activities even if the agency ultimately loses the case. And, perhaps most importantly, unlike other civil litigants, the doctrine of issue preclusion does not apply to a federal agency. If a Federal agency loses an issue in one case before one court, it can relitigate that same issue against another defendant in another court. But there are limits. Courts do not like to upset settled expectations. 

None of this denies the role of case-by-case adjudication in law. The common law developed over centuries through case-by-case decision-making. Some general standards, e.g., reasonableness, take on meaning from a specific factual context. And when courts are called upon to render specific decisions under vague standards, there can be merit, as Cass Sunstein has noted, in leaving certain things undecided. Those considerations do not apply in the context of deciding whether to apply an existing regulatory regime to a broad category of conduct. 

  1. The Decision Signals the Limit of the SEC’s Effort to Regulate Crypto through Enforcement

Although the decision on Coinbase’s motion to dismiss represents the views of one judge at a preliminary of one case, it signals where the SEC’s effort to regulate the crypto industry will end. The SEC will not succeed in regulating the full scope of the digital asset industry through enforcement. 

The SEC, under the Biden Administration, has harbored an ambitious agenda regarding digital assets. The current Chairman, Gary Gensler, has labeled the crypto ecosystem as the “Wild West” and described it as “rife with fraud, scams, and abuse … .” Under his watch, the Agency has opposed the creation of a Bitcoin ETF, imposed significant capital requirements on regulated entities’ custody or trading of digital assets, and signaled that the existing securities law applies to any entity that enables users to buy, sell, and hold any digital asset. The decision on Coinbase’s motion to dismiss undermines this agenda.

The SEC’s complaint attacks three elements of Coinbase’s business: (1) the brokering of transactions involving certain digital assets; (2) Coinbase’s staking program, which enables users to generate yield through the lending of tokens; and (3) the Coinbase wallet, which, unlike the traditional Coinbase app, enables users to engage in the direct purchase and sale of tokens. The decision gives each side a partial victory. It sustains the SEC’s complaint on the many claims attacking Coinbase as an unregistered exchange and the claim challenging Coinbase’s staking service. The decision dismisses the complaint regarding Coinbase’s wallet product. Although the decision represents a victory for the SEC with regard to Coinbase, the decision on the Coinbase wallet poses a setback for the SEC in its campaign against digital assets generally.

The decision allows the core claims leveled by the SEC against Coinbase in its capacity as a broker-dealer of digital assets to proceed. As in the SEC’s largely unsuccessful effort against Ripple, the claims against Coinbase as an intermediary for transactions involving certain digital assets boil down to whether those digital assets are unregistered securities. In its complaint, the SEC alleges that two facts transform bits of code into securities: (1) that sponsors of a token pool earn proceeds from the initial sale of tokens; and (2) that sponsors of a token make statements about plans to use proceeds from the initial sale of their tokens to create demand for those tokens. The only real difference in the cases is the role played by Ripple and Coinbase. Ripple promoted, distributed, and sold a token. It also pooled the proceeds of initial sales of the token. Coinbase acts as a broker-dealer of such tokens. The Ripple decision rejects the claim that such statements transform computer code into a security absent allegations of a direct purchase of the assets and, thus, reliance on such statements by the purchaser. The Coinbase decision concludes that such statements are sufficient to transform the underlying code into a security even in the absence of a direct purchase. 

The decision also sustains the SEC’s claim challenging Coinbase’s staking program. Coinbase argued that the asset staking program did not meet the first and third elements of the Howey test, an investment of money and expectation of profit based on the work of others. The decision disagrees. On the first issue, the decision notes that users transfer control of their assets and face various risks while Coinbase controls those assets, including the risk of loss of the assets themselves. On the second, the decision concludes that the returns derived from the program turn entirely on Coinbase’s ability to manage the many tasks necessary to collect rewards from the various blockchains.

The decision, however, gives Coinbase a victory on the claim directed at the Coinbase wallet program. Per the SEC’s complaint, the Coinbase wallet, unlike the legacy service, operates on a self-custody basis. The wallet enables users to manage the private keys associated with various blockchains. When a user seeks to initiate a transaction through the wallet, e.g., purchasing a crypto token, the wallet service connects the user to an exchange and then enables the user to initiate the transaction directly. Coinbase charges 1% of each transaction. In dismissing the complaint, the decision concludes that the service does not implicate many of the functions that traditionally identify a broker. The decision notes that per the allegations in the complaint, the wallet service does not direct a transaction to a particular exchange nor does it “negotiate[] terms for the transaction, make[] investment recommendations, arrange[] financing, hold[] customer funds, process[] trade documentation, or conduct[] independent asset valuations.”

  1. Even in the SEC’s Primary Victory, There is Risk

Although the decision gives the SEC a clear victory on the core claims, even that aspect of the decision presents risk to the SEC. Taking the allegations in the complaint as true, it concludes that at least two of the tokens listed are securities for purposes of Federal securities law. But the decision does not confront the broader implications of the SEC’s position, making it vulnerable if and when reviewed by a higher court.

The doctrinal challenge with bringing any asset within the scope of the Federal securities laws arises from the text of the Federal securities laws. The securities laws do not prohibit the creation, promotion, and sale of assets for investment purposes. They prohibit the sale and brokerage of unregistered “securities.” The ‘33 Act contains a specific definition of a security. That definition takes the form of a laundry list of specific assets that had been defined as securities at the state law level prior to the enactment of the Federal securities laws. The list includes one catch-all—“investment contract.” Almost from the day the ‘33 Act was enacted, the Securities and Exchange Commission has been litigating what types of arrangements constitute “investment contract[s]” within the meaning of the ‘33 Act.

At this point, anyone with even a passing interest in the digital asset economy can identify the name of the case that defines the test for whether an asset constitutes an “investment contract,” Howey v. SEC, and the elements of that test, “(1) an investment of money in (2) a common enterprise with (3) profits to come (4) solely from the efforts of others.” The early cases challenging investment opportunities as “investment contracts” did not present the question of whether a contract existed. Almost all of those cases involved something to do with real estate, and in all, a contract in the legal sense existed (i.e., a promise supported by consideration between parties in direct contact with one another). Howey, for example, involved the purchase of a partial interest in an orange grove and a service contract to harvest and process the oranges. United Housing Foundation v. Forman involved the purchase of a condominium in New York’s Co-op City. The Supreme Court concluded that the former was a security but the latter was not. (And, yes, it seems odd that an open-ended test from the 1940s remains the state of the art for determining the scope of the nation’s securities laws.)

Coinbase sought to deflect the SEC’s core claims with the argument that some kind of contractual relationship must exist between the purchaser of a digital asset and the sponsor of the underlying program is front and center in the various cases claiming that such assets are securities. The Coinbase decision evaluates the issue under the second of the Howey elements, the common enterprise question. It concludes that the complaint alleges enough to establish a common enterprise. It notes that the sponsors of at least two of the programs identified in the complaint promised initial purchasers of their tokens that proceeds “would be pooled to further develop the tokens’ ecosystems and promised that these improvements would benefit all token holders by increasing the value of the tokens themselves.” Citing various cases challenging digital assets as securities, the decision holds that these statements are sufficient to render tokens securities.

The decision does not grapple with Coinbase’s argument or the implications of the SEC’s effort to defeat it. The SEC asserts that statements by a project sponsor about what they plan to do to increase the value of assets tied to a project are sufficient to bring those assets within the scope of the securities laws. In seeking to bring digital assets within the scope of the Federal securities laws, the SEC faces a line-drawing problem. It has to explain why some things fall within the definition and other things do not. The facts on which the SEC relies in the Coinbase case—that funds from the sale of digital assets are pooled and that promoters communicate to direct purchasers a plan to use those proceeds, at least in part, to increase the value of the asset—apply to many, many assets in the economy. The most obvious example is real estate, but the same claims can be made about virtually any collectible, including art, wine, and baseball cards. 

The weakness of the decision on the issue of how, other than tangibility, bits of code differ from real estate and collectibles creates risk for the SEC. The decision uses two rhetorical tricks to avoid confronting the broader implications of the SEC’s position. First, it creates a strawman. It characterizes Coinbase’s defense as an effort to “categorically exclude[]” crypto assets from the securities laws. Courts tend to frown on “categorical exclusions,” and the opinion dispenses with the strawman by pointing to the policy interests that motivated the adoption of the Federal securities laws, namely preventing fraud and manipulation. It sees “little logic” in creating a categorical exclusion for digital assets. It also resorts to what lawyers label ipse dixit—i.e., an expression of opinion without proof. As noted above, many assets in the economy involve both the pooling of sales proceeds and trace value back to the efforts of the others, including real estate. The opinion distinguishes digital tokens from land with the assertion that “real estate has ‘inherent value.’” 

Future courts might look for something more than an assertion of the conclusion to distinguish bits of code from tangible assets that have little value, e.g., subdivided but unimproved lots of land in the California desert. The phrase through which the SEC seeks to define the digital assets at issue in the case as “securities” includes two words “investment” and “contract.” Even conceding the “investment” component, the second word in the phrase has meaning as well. The canonical definition of contract, per the Second Restatement of Law, Contracts § 1, is a “promise … for which the law gives a remedy.” Future courts might see the absence of a direct connection between the promoters of a given digital asset and subsequent buyers of a digital asset as negating the existence of the “promise” on which the existence of a contract turns. 

  1. Coinbase and the SEC Could Both Lose the Battle and the War.

Even if the decision leaves open for future litigants the question of whether a digital asset is a “security,” it represents a defeat for Coinbase. The Complaint identifies thirteen tokens that it claims are or at some point have been securities. As to each, the complaint alleges that the sponsors of the token pooled proceeds from initial sales and made statements about plans to use proceeds to build demand. The decision concludes that those facts, standing alone, are sufficient to transform tokens into securities. Under that standard, many, many of the tokens available for purchase and sale through Coinbase will ultimately be deemed to be securities. Although Coinbase has legal arguments to defeat those claims, the district court rejected the primary arguments in its decision. Coinbase will almost certainly revive those arguments on appeal, but any appeal is likely years away. 

Although the SEC can claim a victory over Coinbase, the opinion hands the SEC a major defeat in the campaign against crypto generally. The opinion carves out a path for the digital asset industry to operate without tripping over the securities laws. Since the publication of the Bitcoin whitepaper, digital assets have promised an alternative to a financial system premised on disintermediation. Banks, broker-dealers, and the other major institutions with which firms and households engage to safeguard money, make payments, and buy, sell, or merely hold stocks sit between their customers and the networks or exchanges that actually enable the things that firms and households want to do. The Bitcoin protocol enables firms and households to engage in transactions directly without requiring an intermediary. 

In rejecting the SEC’s effort to bring the Coinbase wallet within the scope of the securities laws, the decision limits the impact of an SEC “win.” At this point, software can manage the core user experience that Coinbase has historically supported: connecting users to the digital asset ecosystem, enabling them to evaluate different digital assets, and allowing them to buy, sell, or hold them. Creating code to help users manage the private keys necessary to engage in those activities is far removed from the activities that have typically brought firms within the scope of the securities law—e.g., providing investment advice, intermediating transaction flows, safeguarding the records of investments, issuing securities, etc. Code may, of course, connect a user to a project that would meet the test for a security, but the communication layer is no more engaged in regulated activity than the browsers and APIs that millions of people use every day to trade traditional securities or, before that, the cars people drove to their stock broker’s offices.

The court’s approach to the core securities claims also limits the scope of the SEC’s enforcement authority. The court identifies two allegations as critical to the securities analysis: pooling proceeds from the initial sale of tokens and making forward-looking statements about how the sponsors intend to use those proceeds to foster demand for the asset. That both facts are necessary suggests how people and firms looking to launch token-based ecosystems might do so without running afoul of the securities laws. 

The obvious path, and the one taken by the designers of the Bitcoin protocol, is to avoid pooling of proceeds from the sale of tokens. The Bitcoin protocol provides a reward for confirming transactions. That reward is not pooled among all of the people and entities that validate transactions (the activity known as mining). Instead, the reward goes to the operator of the node that successfully creates a new work in the Markov chain which is the Bitcoin ledger. Very, very few token sponsors have tried to follow the Bitcoin blueprint, but it remains a possibility. 

Sponsors of a token can also avoid making statements about how they plan to use proceeds from the initial sale of the token or disclaim any intent to do anything with those proceeds. This is the approach taken by the sponsors of Doge coin. Billy Markus has always discouraged people from buying Doge, explaining that the project is simply a parody of other digital assets. Sponsors of so-called meme coins have largely followed this approach. And it should be available to creators of NFTs as well, as long as they avoid claims about utility or use of proceeds to promote the value of the NFTs they create.

It may even be possible to navigate a path in which tokens are treated as securities for a time but then cease to be securities. This is not a new idea in the digital asset space. Then SEC Chairman Jay Clayton suggested such an approach with his famous laundry token analogy

If I have a laundry token for washing my clothes, that’s not a security. But if I have a set of 10 laundry tokens and the laundromats are to be developed and those are offered to me as something I can use for the future and I’m buying them because I can sell them to next year’s incoming class, that’s a security. What we find in the regulatory world is that the use of a laundry token evolves over time. The use can evolve toward or away from a security.

The SEC has never explained how it or courts would judge when a security token becomes useful enough to lose its status as a security or how a token could become useful if it were a security given the limitations on distribution and custody of securities. But the possibility remains. 

All of this brings to mind one of the famous bits from Monty Python and the Holy Grail. Early in the film, King Arthur, played by Graham Chapman, crosses paths with the Black Knight. The Black Knight refuses to let King Arthur pass. In the ensuing fight, Arthur dismembers the knight, one limb at a time. The knight refuses to yield, dismissing the cuts as mere “flesh wounds.” Arthur decides not to waste the energy necessary to dispatch him and moves on down the trail. The SEC’s effort to regulate the crypto industry through enforcement has a similar feel. In trying to win cases, the SEC has made strategic concessions regarding bitcoin, non-yield-bearing stablecoins, and even meme coins. It has also lost cases and claims. The net result is that although the SEC has refused to yield, it may look up one day to find that the crypto industry has simply passed it by.

Of course, other endings are possible too. In this way, the SEC resembles a boss character from a video game. The SEC, as noted above, does not have to accept the decisions of lower courts or even Circuit Courts as conclusive. It can continue to litigate the questions of when a digital asset constitutes a security and when a bit of software that links a user to the digital asset ecosystem falls within the scope of the securities laws. But whatever the final outcome, it is from a social perspective a poor substitute for regulation via rulemaking or legislation, particularly where geo-political rivals are creating functional regulatory frameworks through legislation.

All opinions expressed by the writers are solely their current opinions and do not reflect the views of, TET Events.