SEC: No fine for self-reported unregistered ICO
On February 20, the SEC announced a cease-and-desist order with a cybersecurity startup for conducting an unregistered Initial Coin Offering (ICO), which the company self-reported. According to the order, in late 2017, the startup conducted an unregistered ICO, which raised approximately $12.7 million in digital assets. The money was used to finance the startup’s plan to “develop a network in which participants could rent spare bandwidth and storage space on their computers and servers to others for use in defense against certain types of cyberattacks.” The SEC noted that the tokens offered and sold were considered securities because a purchaser would have a reasonable expectation of obtaining a future profit from the investment. The startup did not register the ICO nor did it qualify for an exemption to the registration requirements. The SEC did not impose a monetary penalty because, according to the order, in the summer of 2018 the startup self-reported the unregistered ICO and offered to take prompt remedial actions. The order requires the startup to return the funds to investors who purchased the tokens and register the tokens as securities.