Crypto Classification: Security vs. Commodity

Jake Ryan
6 min readAug 2, 2018

There’s been a big debate going on in the crypto markets about how to classify cryptoassets and which regulatory body does it fall under. Are cryptoassets securities and therefore governed by the SEC or are they commodities and therefore regulated by the CFTC? In 2017, many in the market started to declare the idea of a utility token and distinguishing it from a security token. Broadly speaking, a security token represents a tokenized version of a financial security. You can think of real estate or equities that are tokenized assets being a security token. Thus, a utility token is a token used to power a blockchain network. Many protocol coins and tokens use a utility token to transact on their network. An example might be the basic attention token (BAT) which is used with the Brave web browser which monetizes attention.

Photo by Luca Bravo on Unsplash

Howey Test

The basic framework used to figure out whether something is a security or not is called the Howey Test. The Howey Test refers to a court case between the SEC v. W.J. Howey Co. It consists of 3 questions:

  1. Is there an investment of money with the expectation of future profits?
  2. Is the investment of money in a common enterprise?
  3. Do any profits come from the efforts of a promoter or third party?

Securities produce a return to a common enterprise which I think can be argued a central organization. The spirit of the law is to capture an agreement, “I’ll give you some money for a percentage of the potential profit the enterprise generates.” It’s ownership in the enterprise’s capital structure whether that’s equity or debt.

That is not what’s happening with most crypto utility tokens. Crypto tokens are not generating a return that is then divided by the owners via dividends or share repurchase. Though some tokens do split returns generated from fees. Most expectation of future returns are generated by scarcity of supply and demand. There may be an expectation of profit, but that’s where it gets tricky.

Consideration — Similar Analog Assets

There are plenty of assets that people buy with this expectation of a return. Most of them revolve around scarcity of the asset playing into a tight market of supply and demand. This is, coincidentally, how most participants expect to generate profit with their cryptoassets. Some examples include:

  • Tickets for Concerts
  • Numismatic Coins
  • Precious Metals
  • Collectibles
  • Rare Art

None of these property or assets are considered securities. All 3 factors of the Howey Test need to be considered collectively.

Commodities — Looking at “The What”

Commodities are goods, property or assets that can be bought or sold on an exchange. They are typically raw materials or agricultural products. Commodities don’t produce a return from a common enterprise. They are goods or property that get mined or grown where their value is intrinsic based on market supply and demand. This distinguishes commodities from securities.

Photo by Andre Francois on Unsplash

Cryptoassets — the “What” and the “How”?

If you just evaluated a functioning cryptoasset, like a cryptocurrency or a utility token, it would generally be classified as a commodity. Where there becomes an issue is in how a cryptoasset project comes into existence. It’s much more about the “how” than the “what”.

If a cryptoasset comes into existence via an initial coin offering (ICO) or a token-generated event (TGE) where the offering is a token in exchange for money up front before a working network or product yet exists and where the investor expects to make a return, then there’s a problem. Anything that falls into this category is most likely going to be classified as a security and it’s going to have to follow securities laws.

I like to think of risk as a continuum. It’s important to assess where you are with your project or cryptoasset, as an entrepreneur or as an investor, on this continuum. I used a set of factors for consideration.

Photo by Steve Johnson on Unsplash

7 Factors to Consider

These are the 7 factors to consider when I evaluate regulatory risk for any particular cryptoasset:

  1. Is it a coin or token?
  2. If coin, is it mineable?
  3. If coin, is it decentralized?
  4. Is it functioning in production?
  5. Was there an ICO/TGE?
  6. Was it offered in the U.S. in a public or private sale?
  7. If public in the U.S., was there KYC/AML completed?

Okay, so let’s evaluate answers to these questions and see where we land in the continuum of regulatory risk. The least risky cryptoasset is a mineable coin running on a functioning decentralized blockchain network. A coin is slightly less risky than a token, generally speaking. This is because it’s running its own blockchain and network. If the coin is mineable, it’s got different economics than if people bought it in an ICO (or other means) because, in this case, miners received coins for work. This notion came out when the SEC announced that Bitcoin is not a security. This makes it less risky than coins that have been pre-mined. If the project is decentralized, it’s going to be much less risky because it can be argued it’s not a common enterprise.

If a coin is pre-mined and centralized, it’s the most risky type of coin. There are good chances it has high regulatory risk of being classified as a security. (One particular coin comes to mind.)

Now, if it’s a token instead of a coin, then the first question — is its network functioning? If the token has a functioning network, protocol, utility or product, then it’s less risky. This notion came out when the SEC announced that Etheruem is not a security. If it is not currently functioning, then it bears much more regulatory risk.

The last set of questions revolve around how the cryptoasset came into existence. Was there an ICO? If so, there’s more risk. If it was airdropped or came into existence another way, then there’s less risk. If there was a public sale in the U.S., then it’s riskier than a private sale. If that public sale did not do KYC/AML, that’s much more risky than if they did. If you have a token that did an ICO and it’s not currently functioning and you did a public ICO in the U.S. with no AML/KYC, then you have the most regulatory risk and you will most likely have to deal with the SEC in some way.

I hope this helps you evaluate the regulatory risk of your cryptoasset(s) as an entrepreneur or investor. The SEC is going after bad actors not people who are trying to do the right thing. If you’re on the least risky side of the spectrum, I wouldn’t worry too much. If you’re on the most risky side of the spectrum, then there’s work to be done.

Happy Hunting,


Disclaimer: The above references an opinion and is for information purposes only. It is not intended to be investment advice. Please do your own homework.

Jake Ryan is the founder / GP of Tradecraft Capital, a crypto hedge fund. He is also a startup advisor, an angel investor & a writer on investing. If you enjoyed this article “clap” to help others find it! For more, join us on Facebook, Twitter.

#crypto #cryptocurrency #bitcoin #investing #blockchain #tradecraft



Jake Ryan

CIO at Tradecraft Capital & Author of CRYPTO DECRYPTED & Crypto Investing in the Age of Autonomy, published by Wiley